kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix schema doc tool, fix schema errors, regenerate schema docs (#3524)

Browse Source
This commit is contained in:
Ludovico Magnocavallo
2025-11-12 08:50:52 +01:00
committed by GitHub
parent e44b23111e
commit 5270586a8e
47 changed files with 3474 additions and 341 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
fast/addons/2-networking-test/schemas/instance.schema.md
View File

@@ -12,7 +12,7 @@
- ⁺**subnet_id**: *string*
- **image**: *string*
- **metadata**: *object*
*additional properties: String*
<br>*additional properties: string*
- **name**: *string*
- **tags**: *array*
- items: *string*

60
fast/stages/0-org-setup/schemas/cicd.schema.md
View File

@@ -6,6 +6,32 @@
*additional properties: false*
- **workflows**: *object*
<br>*additional properties: false*
- **`^[a-z-][a-z0-9-]+$`**: *object*
<br>*additional properties: false*
- ⁺**provider_files**: *object*
<br>*additional properties: false*
- ⁺**apply**: *string*
- ⁺**plan**: *string*
- ⁺**repository**: *object*
<br>*additional properties: false*
- ⁺**name**: *string*
- ⁺**type**: *string*
<br>*enum: ['github', 'gitlab']*
- **apply_branches**: *array*
- items: *string*
- ⁺**service_accounts**: *object*
<br>*additional properties: false*
- ⁺**apply**: *string*
- ⁺**plan**: *string*
- **tfvars_files**: *array*
- items: *string*
- ⁺**workload_identity**: *object*
<br>*additional properties: false*
- ⁺**pool_id**: *string*
- **audiences**: *array*
- items: *string*
- **workload_identity_federation**: *object*
<br>*additional properties: false*
- ⁺**pool_name**: *string*
@@ -21,36 +47,10 @@
- **audiences**: *array*
- items: *string*
- **jwks_json_path**: *string*
- **issuer**: *string*
<br>*enum: ['github', 'gitlab', 'terraform']*
- **workflows**: *object*
<br>*additional properties: false*
- **`^[a-z-][a-z0-9-]+$`**: *object*
<br>*additional properties: false*
- **output_files**: *object*
<br>*additional properties: false*
- **files**: *array*
- items: *string*
- ⁺**providers**: *object*
<br>*additional properties: false*
- ⁺**apply**: *string*
- ⁺**plan**: *string*
- ⁺**storage_bucket**: *string*
- **repository**: *object*
<br>*additional properties: false*
- ⁺**name**: *string*
- **branch**: *string*
- **service_accounts**: *object*
<br>*additional properties: false*
- **apply**: *string*
- **plan**: *string*
- **template**: *string*
<br>*enum: ['github', 'gitlab']*
- **workload_identity_provider**: *object*
<br>*additional properties: false*
- **audiences**: *array*
- items: *string*
- ⁺**id**: *string*
- **okta**: *object*
<br>*additional properties: false*
- **organization_name**: *string*
- **auth_server_name**: *string*
## Definitions

1
fast/stages/0-org-setup/schemas/defaults.schema.json
View File

@@ -455,6 +455,7 @@
}
},
"email_addresses": {
"type": "object",
"additionalProperties": {
"type": "string"
}

84
fast/stages/0-org-setup/schemas/defaults.schema.md
View File

@@ -9,16 +9,6 @@
- **global**: *object*
<br>*additional properties: false*
- ⁺**billing_account**: *string*
- **locations**: *object*
<br>*additional properties: false*
- **bigquery**: *string*
<br>*default: eu*
- **logging**: *string*
<br>*default: global*
- **pubsub**: *array*
- items: *string*
- **storage**: *string*
<br>*default: eu*
- ⁺**organization**: *object*
<br>*additional properties: false*
- **customer_id**: *string*
@@ -42,6 +32,11 @@
<br>*additional properties: false*
- **`^[a-z0-9_-]+$`**: *array*
- items: *string*
- **locations**: *object*
<br>*additional properties: false*
- **bigquery**: *string*
- **logging**: *string*
- **storage**: *string*
- **metric_scopes**: *array*
- items: *string*
- **parent**: *string*
@@ -68,24 +63,28 @@
- **network_users**: *array*
- items: *string*
- **service_agent_iam**: *object*
*additional properties: Array*
<br>*additional properties: array*
- **service_agent_subnet_iam**: *object*
*additional properties: Array*
<br>*additional properties: array*
- **service_iam_grants**: *array*
- items: *string*
- **network_subnet_users**: *object*
*additional properties: Array*
- **storage_location**: *string*
<br>*additional properties: array*
- **tag_bindings**: *object*
*additional properties: String*
<br>*additional properties: string*
- **service_accounts**: *object*
*additional properties: Object*
<br>*additional properties: object*
- **universe**: *object*
<br>*additional properties: false*
- ⁺**domain**: *string*
- **forced_jit_service_identities**: *array*
- items: *string*
- ⁺**prefix**: *string*
- **unavailable_service_identities**: *array*
- items: *string*
- **vpc_sc**: *object*
- ⁺**perimeter_name**: *string*
- **is_dry_run**: *boolean*
- **logging_data_access**: *object*
*additional properties: Object*
- **bigquery_location**: *string*
- **overrides**: *object*
<br>*additional properties: false*
- **billing_account**: *string*
@@ -98,27 +97,60 @@
- items: *string*
- **deletion_policy**: *string*
<br>*enum: ['PREVENT', 'DELETE', 'ABANDON']*
- **locations**: *object*
<br>*additional properties: false*
- **bigquery**: *string*
- **logging**: *string*
- **storage**: *string*
- **parent**: *string*
- **prefix**: *string*
- **service_encryption_key_ids**: *object*
<br>*additional properties: false*
- **`^[a-z0-9_-]+$`**: *array*
- items: *string*
- **storage_location**: *string*
- **tag_bindings**: *object*
*additional properties: String*
<br>*additional properties: string*
- **service_accounts**: *object*
*additional properties: Object*
<br>*additional properties: object*
- **universe**: *object*
<br>*additional properties: false*
- ⁺**domain**: *string*
- **forced_jit_service_identities**: *array*
- items: *string*
- ⁺**prefix**: *string*
- **unavailable_service_identities**: *array*
- items: *string*
- **vpc_sc**: *object*
- ⁺**perimeter_name**: *string*
- **is_dry_run**: *boolean*
- **logging_data_access**: *object*
*additional properties: Object*
- **bigquery_location**: *string*
- **context**: *object*
<br>*additional properties: false*
- **custom_roles**: *object*
<br>*additional properties: string*
- **email_addresses**: *object*
<br>*additional properties: string*
- **folder_ids**: *object*
<br>*additional properties: string*
- **kms_keys**: *object*
<br>*additional properties: string*
- **iam_principals**: *object*
*additional properties: String*
<br>*additional properties: string*
- **locations**: *object*
<br>*additional properties: string*
- **notification_channels**: *object*
<br>*additional properties: string*
- **project_ids**: *object*
<br>*additional properties: string*
- **service_account_ids**: *object*
<br>*additional properties: string*
- **tag_keys**: *object*
<br>*additional properties: string*
- **tag_values**: *object*
<br>*additional properties: string*
- **vpc_host_projects**: *object*
<br>*additional properties: string*
- **vpc_sc_perimeters**: *object*
<br>*additional properties: string*
- **output_files**: *object*
<br>*additional properties: false*
- **local_path**: *string*

27
fast/stages/0-org-setup/schemas/folder.schema.md
View File

@@ -25,6 +25,31 @@
- **iam_project_roles**: *reference([iam_project_roles](#refs-iam_project_roles))*
- **iam_sa_roles**: *reference([iam_sa_roles](#refs-iam_sa_roles))*
- **iam_storage_roles**: *reference([iam_storage_roles](#refs-iam_storage_roles))*
- **autokey_config**: *object*
<br>*additional properties: false*
- **project**: *string*
<br>*pattern: ^(projects/|\$project_ids:|\$project_numbers:)*
- **contacts**: *object*
<br>*additional properties: false*
- **`^(\S+@\S+\.\S+|\$email_addresses:\S+)$`**: *array*
- items: *string*
<br>*enum: ['ALL', 'BILLING', 'LEGAL', 'SECURITY', 'PRODUCT_UPDATES', 'SUSPENSION', 'TECHNICAL']*
- **data_access_logs**: *object*
<br>*additional properties: false*
- **`^([a-z][a-z-]+\.googleapis\.com|allServices)$`**: *object*
<br>*additional properties: false*
- **ADMIN_READ**: *object*
<br>*additional properties: false*
- **exempted_members**: *array*
- items: *string*
- **DATA_READ**: *object*
<br>*additional properties: false*
- **exempted_members**: *array*
- items: *string*
- **DATA_WRITE**: *object*
<br>*additional properties: false*
- **exempted_members**: *array*
- items: *string*
- **factories_config**: *object*
<br>*additional properties: false*
- **org_policies**: *string*
@@ -78,7 +103,7 @@
- **iam_bindings_additive**: *reference([iam_bindings_additive](#refs-iam_bindings_additive))*
- **force_destroy**: *boolean*
- **labels**: *object*
*additional properties: String*
<br>*additional properties: string*
- **location**: *string*
- **managed_folders**: *object*
<br>*additional properties: false*

55
fast/stages/0-org-setup/schemas/organization.schema.md
View File

@@ -9,8 +9,25 @@
- **id**: *string*
- **contacts**: *object*
<br>*additional properties: false*
- **`^[^@\s]+@[^@\s]+\.[^@\s]+$`**: *array*
- **`^(\S+@\S+\.\S+|\$email_addresses:\S+)$`**: *array*
- items: *string*
<br>*enum: ['ALL', 'BILLING', 'LEGAL', 'SECURITY', 'PRODUCT_UPDATES', 'SUSPENSION', 'TECHNICAL']*
- **data_access_logs**: *object*
<br>*additional properties: false*
- **`^([a-z][a-z-]+\.googleapis\.com|allServices)$`**: *object*
<br>*additional properties: false*
- **ADMIN_READ**: *object*
<br>*additional properties: false*
- **exempted_members**: *array*
- items: *string*
- **DATA_READ**: *object*
<br>*additional properties: false*
- **exempted_members**: *array*
- items: *string*
- **DATA_WRITE**: *object*
<br>*additional properties: false*
- **exempted_members**: *array*
- items: *string*
- **iam**: *reference([iam](#refs-iam))*
- **iam_bindings**: *reference([iam_bindings](#refs-iam_bindings))*
- **iam_bindings_additive**: *reference([iam_bindings_additive](#refs-iam_bindings_additive))*
@@ -54,8 +71,9 @@
- **expression**: *string*
- **location**: *string*
- **title**: *string*
- **pam_entitlements**: *reference([pam_entitlements](#refs-pam_entitlements))*
- **tags**: *object*
*additional properties: Object*
<br>*additional properties: object*
## Definitions
@@ -96,3 +114,36 @@
- **`^(?:\$[a-z_-]+:|domain:|group:|serviceAccount:|user:|principal:|principalSet:)`**: *array*
- items: *string*
<br>*pattern: ^(?:roles/|\$custom_roles:)*
- **pam_entitlements**<a name="refs-pam_entitlements"></a>: *object*
<br>*additional properties: false*
- **`^[a-z][a-z0-9-]{0,61}[a-z0-9]$`**: *object*
<br>*additional properties: false*
- ⁺**max_request_duration**: *string*
- ⁺**eligible_users**: *array*
- items: *string*
- ⁺**privileged_access**: *array*
- items: *object*
<br>*additional properties: false*
- ⁺**role**: *string*
- **condition**: *string*
- **requester_justification_config**: *object*
<br>*additional properties: false*
- **not_mandatory**: *boolean*
- **unstructured**: *boolean*
- **manual_approvals**: *object*
<br>*additional properties: false*
- ⁺**require_approver_justification**: *boolean*
- ⁺**steps**: *array*
- items: *object*
<br>*additional properties: false*
- ⁺**approvers**: *array*
- items: *string*
- **approvals_needed**: *number*
- **approver_email_recipients**: *array*
- items: *string*
- **additional_notification_targets**: *object*
<br>*additional properties: false*
- **admin_email_recipients**: *array*
- items: *string*
- **requester_email_recipients**: *array*
- items: *string*

96
fast/stages/0-org-setup/schemas/project.schema.json
View File

@@ -267,52 +267,56 @@
"additionalProperties": false,
"patternProperties": {
"^[a-z][a-z0-9-]+[a-z0-9]$": {
"destroy_scheduled_duration": {
"type": "string"
},
"rotation_period": {
"type": "string"
},
"iam": {
"$ref": "#/$defs/iam"
},
"iam_bindings": {
"$ref": "#/$defs/iam_bindings"
},
"iam_bindings_additive": {
"$ref": "#/$defs/iam_bindings_additive"
},
"purpose": {
"type": "string",
"default": "ENCRYPT_DECRYPT",
"enum": [
"CRYPTO_KEY_PURPOSE_UNSPECIFIED",
"ENCRYPT_DECRYPT",
"ASYMMETRIC_SIGN",
"ASYMMETRIC_DECRYPT",
"RAW_ENCRYPT_DECRYPT",
"MAC"
]
},
"version_template": {
"type": "object",
"additionalProperties": false,
"required": [
"algorithm"
],
"properties": {
"algorithm": {
"type": "string"
},
"protection_level": {
"type": "string",
"default": "SOFTWARE",
"enum": [
"SOFTWARE",
"HSM",
"EXTERNAL",
"EXTERNAL_VPC"
]
"type": "object",
"additionalProperties": false,
"properties": {
"destroy_scheduled_duration": {
"type": "string"
},
"rotation_period": {
"type": "string"
},
"iam": {
"$ref": "#/$defs/iam"
},
"iam_bindings": {
"$ref": "#/$defs/iam_bindings"
},
"iam_bindings_additive": {
"$ref": "#/$defs/iam_bindings_additive"
},
"purpose": {
"type": "string",
"default": "ENCRYPT_DECRYPT",
"enum": [
"CRYPTO_KEY_PURPOSE_UNSPECIFIED",
"ENCRYPT_DECRYPT",
"ASYMMETRIC_SIGN",
"ASYMMETRIC_DECRYPT",
"RAW_ENCRYPT_DECRYPT",
"MAC"
]
},
"version_template": {
"type": "object",
"additionalProperties": false,
"required": [
"algorithm"
],
"properties": {
"algorithm": {
"type": "string"
},
"protection_level": {
"type": "string",
"default": "SOFTWARE",
"enum": [
"SOFTWARE",
"HSM",
"EXTERNAL",
"EXTERNAL_VPC"
]
}
}
}
}

73
fast/stages/0-org-setup/schemas/project.schema.md
View File

@@ -31,8 +31,31 @@
- **buckets**: *reference([buckets](#refs-buckets))*
- **contacts**: *object*
<br>*additional properties: false*
- **`^[a-z0-9_-]+$`**: *array*
- **`^(\S+@\S+\.\S+|\$email_addresses:\S+)$`**: *array*
- items: *string*
<br>*enum: ['ALL', 'BILLING', 'LEGAL', 'SECURITY', 'PRODUCT_UPDATES', 'SUSPENSION', 'TECHNICAL']*
- **data_access_logs**: *object*
<br>*additional properties: false*
- **`^([a-z][a-z-]+\.googleapis\.com|allServices)$`**: *object*
<br>*additional properties: false*
- **ADMIN_READ**: *object*
<br>*additional properties: false*
- **exempted_members**: *array*
- items: *string*
- **DATA_READ**: *object*
<br>*additional properties: false*
- **exempted_members**: *array*
- items: *string*
- **DATA_WRITE**: *object*
<br>*additional properties: false*
- **exempted_members**: *array*
- items: *string*
- **datasets**: *object*
<br>*additional properties: false*
- **`^[a-z0-9_]+$`**: *object*
<br>*additional properties: false*
- **friendly_name**: *string*
- **location**: *string*
- **deletion_policy**: *string*
<br>*enum: ['PREVENT', 'DELETE', 'ABANDON']*
- **factories_config**: *object*
@@ -47,6 +70,39 @@
- **iam_bindings**: *reference([iam_bindings](#refs-iam_bindings))*
- **iam_bindings_additive**: *reference([iam_bindings_additive](#refs-iam_bindings_additive))*
- **iam_by_principals**: *reference([iam_by_principals](#refs-iam_by_principals))*
- **iam_by_principals_additive**: *reference([iam_by_principals](#refs-iam_by_principals))*
- **kms**: *object*
<br>*additional properties: false*
- **autokeys**: *object*
<br>*additional properties: false*
- **`^[a-z][a-z0-9-]+[a-z0-9]$`**: *object*
<br>*additional properties: false*
- ⁺**location**: *string*
- ⁺**resource_type_selector**: *string*
- **keyrings**: *object*
<br>*additional properties: false*
- **`^[a-z][a-z0-9-]+[a-z0-9]$`**: *object*
<br>*additional properties: false*
- ⁺**location**: *string*
- **iam**: *reference([iam](#refs-iam))*
- **iam_bindings**: *reference([iam_bindings](#refs-iam_bindings))*
- **iam_bindings_additive**: *reference([iam_bindings_additive](#refs-iam_bindings_additive))*
- **keys**: *object*
<br>*additional properties: false*
- **`^[a-z][a-z0-9-]+[a-z0-9]$`**: *object*
<br>*additional properties: false*
- **destroy_scheduled_duration**: *string*
- **rotation_period**: *string*
- **iam**: *reference([iam](#refs-iam))*
- **iam_bindings**: *reference([iam_bindings](#refs-iam_bindings))*
- **iam_bindings_additive**: *reference([iam_bindings_additive](#refs-iam_bindings_additive))*
- **purpose**: *string*
<br>*default: ENCRYPT_DECRYPT*, *enum: ['CRYPTO_KEY_PURPOSE_UNSPECIFIED', 'ENCRYPT_DECRYPT', 'ASYMMETRIC_SIGN', 'ASYMMETRIC_DECRYPT', 'RAW_ENCRYPT_DECRYPT', 'MAC']*
- **version_template**: *object*
<br>*additional properties: false*
- ⁺**algorithm**: *string*
- **protection_level**: *string*
<br>*default: SOFTWARE*, *enum: ['SOFTWARE', 'HSM', 'EXTERNAL', 'EXTERNAL_VPC']*
- **labels**: *object*
- **pam_entitlements**: *reference([pam_entitlements](#refs-pam_entitlements))*
- **log_buckets**: *object*
@@ -88,11 +144,11 @@
- ⁺**quota_id**: *string*
- ⁺**preferred_value**: *number*
- **dimensions**: *object*
*additional properties: String*
<br>*additional properties: string*
- **justification**: *string*
- **contact_email**: *string*
- **annotations**: *object*
*additional properties: String*
<br>*additional properties: string*
- **ignore_safety_checks**: *string*
<br>*enum: ['QUOTA_DECREASE_BELOW_USAGE', 'QUOTA_DECREASE_PERCENTAGE_TOO_HIGH', 'QUOTA_SAFETY_CHECK_UNSPECIFIED']*
- **parent**: *string*
@@ -149,7 +205,7 @@
<br>*additional properties: false*
- **`^[a-z0-9_-]+$`**: *string*
- **tags**: *object*
*additional properties: Object*
<br>*additional properties: object*
- **universe**: *object*
<br>*additional properties: false*
- **prefix**: *string*
@@ -162,12 +218,6 @@
- **vpc_sc**: *object*
- ⁺**perimeter_name**: *string*
- **is_dry_run**: *boolean*
- **datasets**: *object*
<br>*additional properties: false*
- **`^[a-z0-9_]+$`**: *object*
<br>*additional properties: false*
- **friendly_name**: *string*
- **location**: *string*
## Definitions
@@ -176,12 +226,13 @@
- **name**: *string*
- **create**: *boolean*
- **description**: *string*
- **encryption_key**: *string*
- **iam**: *reference([iam](#refs-iam))*
- **iam_bindings**: *reference([iam_bindings](#refs-iam_bindings))*
- **iam_bindings_additive**: *reference([iam_bindings_additive](#refs-iam_bindings_additive))*
- **force_destroy**: *boolean*
- **labels**: *object*
*additional properties: String*
<br>*additional properties: string*
- **location**: *string*
- **managed_folders**: *object*
<br>*additional properties: false*

2
fast/stages/0-org-setup/schemas/tags.schema.md
View File

@@ -15,7 +15,7 @@
- **iam_bindings_additive**: *reference([iam_bindings_additive](#refs-iam_bindings_additive))*
- **values**: *object*
<br>*additional properties: false*
- **`^[a-z-][a-z0-9-]+$`**: *object*
- **`^[a-z-][^\\'"/]+$`**: *object*
<br>*additional properties: false*
- **name**: *string*
- **description**: *string*

68
fast/stages/1-vpcsc/schemas/defaults.schema.md Normal file
View File

@@ -0,0 +1,68 @@
# Bootstrap Defaults
<!-- markdownlint-disable MD036 -->
## Properties
*additional properties: false*
- **global**: *object*
<br>*additional properties: false*
- **stage_name**: *string*
<br>*default: 1-vpcsc*
- **context**: *object*
<br>*additional properties: false*
- **iam_principals**: *object*
<br>*additional properties: string*
- **identity_sets**: *object*
<br>*additional properties: array*
- **project_numbers**: *object*
<br>*additional properties: string*
- **resource_sets**: *object*
<br>*additional properties: array*
- **service_sets**: *object*
<br>*additional properties: array*
- **output_files**: *object*
<br>*additional properties: false*
- **local_path**: *string*
- **storage_bucket**: *string*
## Definitions
- **iam**<a name="refs-iam"></a>: *object*
<br>*additional properties: false*
- **`^(?:roles/|\$custom_roles:)`**: *array*
- items: *string*
<br>*pattern: ^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:||\$iam_principals:[a-z0-9_-]+)*
- **iam_bindings**<a name="refs-iam_bindings"></a>: *object*
<br>*additional properties: false*
- **`^[a-z0-9_-]+$`**: *object*
<br>*additional properties: false*
- **members**: *array*
- items: *string*
<br>*pattern: ^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|\$iam_principals:[a-z0-9_-]+)*
- **role**: *string*
<br>*pattern: ^(?:roles/|\$custom_roles:)*
- **condition**: *object*
<br>*additional properties: false*
- ⁺**expression**: *string*
- ⁺**title**: *string*
- **description**: *string*
- **iam_bindings_additive**<a name="refs-iam_bindings_additive"></a>: *object*
<br>*additional properties: false*
- **`^[a-z0-9_-]+$`**: *object*
<br>*additional properties: false*
- **member**: *string*
<br>*pattern: ^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|\$iam_principals:[a-z0-9_-]+)*
- **role**: *string*
<br>*pattern: ^(?:roles/|\$custom_roles:)*
- **condition**: *object*
<br>*additional properties: false*
- ⁺**expression**: *string*
- ⁺**title**: *string*
- **description**: *string*
- **iam_by_principals**<a name="refs-iam_by_principals"></a>: *object*
<br>*additional properties: false*
- **`^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|\$iam_principals:[a-z0-9_-]+)`**: *array*
- items: *string*
<br>*pattern: ^(?:roles/|\$custom_roles:)*

1
fast/stages/2-networking/schemas/defaults.schema.json
View File

@@ -466,6 +466,7 @@
}
},
"email_addresses": {
"type": "object",
"additionalProperties": {
"type": "string"
}

199
fast/stages/2-networking/schemas/defaults.schema.md Normal file
View File

@@ -0,0 +1,199 @@
# Bootstrap Defaults
<!-- markdownlint-disable MD036 -->
## Properties
*additional properties: false*
- **global**: *object*
<br>*additional properties: false*
- **folder_name**: *string*
<br>*default: networking*
- **stage_name**: *string*
<br>*default: 2-networking*
- **projects**: *object*
<br>*additional properties: false*
- **defaults**: *object*
<br>*additional properties: false*
- **billing_account**: *string*
- **bucket**: *object*
<br>*additional properties: false*
- **force_destroy**: *boolean*
- **contacts**: *object*
<br>*additional properties: false*
- **`^[a-z0-9_-]+$`**: *array*
- items: *string*
- **deletion_policy**: *string*
<br>*enum: ['PREVENT', 'DELETE', 'ABANDON']*
- **labels**: *object*
<br>*additional properties: false*
- **`^[a-z0-9_-]+$`**: *array*
- items: *string*
- **locations**: *object*
<br>*additional properties: false*
- **bigquery**: *string*
- **logging**: *string*
- **storage**: *string*
- **metric_scopes**: *array*
- items: *string*
- **parent**: *string*
- **prefix**: *string*
- **project_reuse**: *object*
<br>*additional properties: false*
- **use_data_source**: *boolean*
- **attributes**: *object*
<br>*additional properties: false*
- ⁺**name**: *string*
- ⁺**number**: *number*
- **services_enabled**: *array*
- items: *string*
- **service_encryption_key_ids**: *object*
<br>*additional properties: false*
- **`^[a-z0-9_-]+$`**: *array*
- items: *string*
- **services**: *array*
- items: *string*
- **shared_vpc_service_config**: *object*
<br>*additional properties: false*
- ⁺**host_project**: *string*
- **iam_bindings_additive**: *reference([iam_bindings_additive](#refs-iam_bindings_additive))*
- **network_users**: *array*
- items: *string*
- **service_agent_iam**: *object*
<br>*additional properties: array*
- **service_agent_subnet_iam**: *object*
<br>*additional properties: array*
- **service_iam_grants**: *array*
- items: *string*
- **network_subnet_users**: *object*
<br>*additional properties: array*
- **tag_bindings**: *object*
<br>*additional properties: string*
- **service_accounts**: *object*
<br>*additional properties: object*
- **universe**: *object*
<br>*additional properties: false*
- ⁺**domain**: *string*
- **forced_jit_service_identities**: *array*
- items: *string*
- ⁺**prefix**: *string*
- **unavailable_service_identities**: *array*
- items: *string*
- **vpc_sc**: *object*
- ⁺**perimeter_name**: *string*
- **is_dry_run**: *boolean*
- **overrides**: *object*
<br>*additional properties: false*
- **billing_account**: *string*
- **bucket**: *object*
<br>*additional properties: false*
- **force_destroy**: *boolean*
- **contacts**: *object*
<br>*additional properties: false*
- **`^[a-z0-9_-]+$`**: *array*
- items: *string*
- **deletion_policy**: *string*
<br>*enum: ['PREVENT', 'DELETE', 'ABANDON']*
- **locations**: *object*
<br>*additional properties: false*
- **bigquery**: *string*
- **logging**: *string*
- **storage**: *string*
- **parent**: *string*
- **prefix**: *string*
- **service_encryption_key_ids**: *object*
<br>*additional properties: false*
- **`^[a-z0-9_-]+$`**: *array*
- items: *string*
- **tag_bindings**: *object*
<br>*additional properties: string*
- **service_accounts**: *object*
<br>*additional properties: object*
- **universe**: *object*
<br>*additional properties: false*
- ⁺**domain**: *string*
- **forced_jit_service_identities**: *array*
- items: *string*
- ⁺**prefix**: *string*
- **unavailable_service_identities**: *array*
- items: *string*
- **vpc_sc**: *object*
- ⁺**perimeter_name**: *string*
- **is_dry_run**: *boolean*
- **vpcs**: *object*
<br>*additional properties: false*
- **auto_create_subnetworks**: *boolean*
- **delete_default_route_on_create**: *boolean*
- **mtu**: *number*
<br>*default: 1500*
- **context**: *object*
<br>*additional properties: false*
- **cidr_ranges_sets**: *object*
<br>*additional properties: array*
- **custom_roles**: *object*
<br>*additional properties: string*
- **email_addresses**: *object*
<br>*additional properties: string*
- **folder_ids**: *object*
<br>*additional properties: string*
- **kms_keys**: *object*
<br>*additional properties: string*
- **iam_principals**: *object*
<br>*additional properties: string*
- **locations**: *object*
<br>*additional properties: string*
- **project_ids**: *object*
<br>*additional properties: string*
- **storage_buckets**: *object*
<br>*additional properties: string*
- **tag_keys**: *object*
<br>*additional properties: string*
- **tag_values**: *object*
<br>*additional properties: string*
- **vpc_sc_perimeters**: *object*
<br>*additional properties: string*
- **output_files**: *object*
<br>*additional properties: false*
- **local_path**: *string*
- **storage_bucket**: *string*
## Definitions
- **iam**<a name="refs-iam"></a>: *object*
<br>*additional properties: false*
- **`^(?:roles/|\$custom_roles:)`**: *array*
- items: *string*
<br>*pattern: ^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:||\$iam_principals:[a-z0-9_-]+)*
- **iam_bindings**<a name="refs-iam_bindings"></a>: *object*
<br>*additional properties: false*
- **`^[a-z0-9_-]+$`**: *object*
<br>*additional properties: false*
- **members**: *array*
- items: *string*
<br>*pattern: ^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|\$iam_principals:[a-z0-9_-]+)*
- **role**: *string*
<br>*pattern: ^(?:roles/|\$custom_roles:)*
- **condition**: *object*
<br>*additional properties: false*
- ⁺**expression**: *string*
- ⁺**title**: *string*
- **description**: *string*
- **iam_bindings_additive**<a name="refs-iam_bindings_additive"></a>: *object*
<br>*additional properties: false*
- **`^[a-z0-9_-]+$`**: *object*
<br>*additional properties: false*
- **member**: *string*
<br>*pattern: ^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|\$iam_principals:[a-z0-9_-]+)*
- **role**: *string*
<br>*pattern: ^(?:roles/|\$custom_roles:)*
- **condition**: *object*
<br>*additional properties: false*
- ⁺**expression**: *string*
- ⁺**title**: *string*
- **description**: *string*
- **iam_by_principals**<a name="refs-iam_by_principals"></a>: *object*
<br>*additional properties: false*
- **`^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|\$iam_principals:[a-z0-9_-]+)`**: *array*
- items: *string*
<br>*pattern: ^(?:roles/|\$custom_roles:)*

28
fast/stages/2-networking/schemas/dns-response-policy-rules.schema.md Normal file
View File

@@ -0,0 +1,28 @@
# DNS Response Policy Rules Factory
<!-- markdownlint-disable MD036 -->
## Properties
*additional properties: false*
- **project_id**: *string*
- **networks**: *array*
- items: *string*
- **rules**: *object*
<br>*additional properties: false*
- **`^[a-z0-9-]+$`**: *object*
<br>*additional properties: false*
- **dns_name**: *string*
- **behavior**: *string*
- **local_data**: *object*
<br>*additional properties: false*
- **`^(?:A|AAAA|CAA|CNAME|DNSKEY|DS|HTTPS|IPSECVPNKEY|MX|NAPTR|NS|PTR|SOA|SPF|SRV|SSHFP|SVCB|TLSA|TXT)$`**: *object*
<br>*additional properties: false*
- **ttl**: *number*
- **rrdatas**: *array*
- items: *string*
## Definitions

43
fast/stages/2-networking/schemas/dns.schema.md Normal file
View File

@@ -0,0 +1,43 @@
# DNS Zone configuration
<!-- markdownlint-disable MD036 -->
## Properties
*additional properties: false*
- ⁺**project_id**: *string*
- **description**: *string*
- **force_destroy**: *boolean*
- **domain**: *string*
- **iam**: *reference([iam](#refs-iam))*
- **recordsets**: *reference([recordsets](#refs-recordsets))*
- **private**: *reference([private_zone](#refs-private_zone))*
- **peering**: *reference([peering_zone](#refs-peering_zone))*
- **forwarding**: *reference([forwarding_zone](#refs-forwarding_zone))*
## Definitions
- **iam**<a name="refs-iam"></a>: *object*
<br>*additional properties: false*
- **`^(?:roles/|\$custom_roles:)`**: *array*
- items: *string*
<br>*pattern: ^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:||\$iam_principals:[a-z0-9_-]+)*
- **recordsets**<a name="refs-recordsets"></a>: *object*
<br>*additional properties: object*
- **private_zone**<a name="refs-private_zone"></a>: *object*
<br>*additional properties: false*
- **service_directory_namespace**: *string*
- ⁺**client_networks**: *array*
- items: *string*
- **peering_zone**<a name="refs-peering_zone"></a>: *object*
<br>*additional properties: false*
- ⁺**peer_network**: *string*
- ⁺**client_networks**: *array*
- items: *string*
- **forwarding_zone**<a name="refs-forwarding_zone"></a>: *object*
<br>*additional properties: false*
- **forwarders**: *object*
- **`^.*$`**: *string*
- ⁺**client_networks**: *array*
- items: *string*

58
fast/stages/2-networking/schemas/firewall-policy.schema.md Normal file
View File

@@ -0,0 +1,58 @@
# Network Firewall Policy
<!-- markdownlint-disable MD036 -->
## Properties
*additional properties: false*
- **parent_id**: *string*
- **attachments**: *object*
<br>*additional properties: false*
- **`^[a-z0-9-]+$`**: *string*
- **name**: *string*
- **ingress_rules**: *reference([rules](#refs-rules))*
- **egress_rules**: *reference([rules](#refs-rules))*
## Definitions
- **rules**<a name="refs-rules"></a>: *object*
<br>*additional properties: false*
- **`^[a-z0-9_-]+$`**: *reference([rule](#refs-rule))*
- **rule**<a name="refs-rule"></a>: *object*
<br>*additional properties: false*
- ⁺**priority**: *number*
- **action**: *string*
<br>*enum: ['allow', 'deny', 'goto_next', 'apply_security_profile_group']*
- **description**: *string*
- **disabled**: *boolean*
- **enable_logging**: *boolean*
- **security_profile_group**: *string*
- **target_resources**: *array*
- items: *string*
- **target_service_accounts**: *array*
- items: *string*
- **target_tags**: *array*
- items: *string*
- **tls_inspect**: *boolean*
- **match**: *object*
<br>*additional properties: false*
- **address_groups**: *array*
- items: *string*
- **fqdns**: *array*
- items: *string*
- **region_codes**: *array*
- items: *string*
- **threat_intelligences**: *array*
- items: *string*
- **destination_ranges**: *array*
- items: *string*
- **source_ranges**: *array*
- items: *string*
- **source_tags**: *array*
- items: *string*
- **layer4_configs**: *array*
- items: *object*
<br>*additional properties: false*
- **protocol**: *string*
- **ports**: *array*

42
fast/stages/2-networking/schemas/firewall-rules.schema.md Normal file
View File

@@ -0,0 +1,42 @@
# Firewall Rules
<!-- markdownlint-disable MD036 -->
## Properties
*additional properties: false*
- **egress**: *object*
<br>*additional properties: false*
- **`^[a-z0-9_-]+$`**: *reference([rule](#refs-rule))*
- **ingress**: *object*
<br>*additional properties: false*
- **`^[a-z0-9_-]+$`**: *reference([rule](#refs-rule))*
## Definitions
- **rule**<a name="refs-rule"></a>: *object*
<br>*additional properties: false*
- **deny**: *boolean*
- **description**: *string*
- **destination_ranges**: *array*
- items: *string*
- **disabled**: *boolean*
- **enable_logging**: *object*
<br>*additional properties: false*
- **include_metadata**: *boolean*
- **priority**: *number*
- **source_ranges**: *array*
- items: *string*
- **sources**: *array*
- items: *string*
- **targets**: *array*
- items: *string*
- **use_service_accounts**: *boolean*
- **rules**: *array*
- items: *object*
<br>*additional properties: false*
- **protocol**: *string*
- **ports**: *array*
- items: *(integer|string)*
<br>*pattern: `^[0-9]+(?:-[0-9]+)?$`*

213
fast/stages/2-networking/schemas/folder.schema.md Normal file
View File

@@ -0,0 +1,213 @@
# Folder
<!-- markdownlint-disable MD036 -->
## Properties
*additional properties: false*
- **automation**: *object*
<br>*additional properties: false*
- **prefix**: *string*
- ⁺**project**: *string*
- **bucket**: *reference([bucket](#refs-bucket))*
- **service_accounts**: *object*
<br>*additional properties: false*
- **`^[a-z0-9-]+$`**: *object*
<br>*additional properties: false*
- **description**: *string*
- **iam**: *reference([iam](#refs-iam))*
- **iam_bindings**: *reference([iam_bindings](#refs-iam_bindings))*
- **iam_bindings_additive**: *reference([iam_bindings_additive](#refs-iam_bindings_additive))*
- **iam_billing_roles**: *reference([iam_billing_roles](#refs-iam_billing_roles))*
- **iam_folder_roles**: *reference([iam_folder_roles](#refs-iam_folder_roles))*
- **iam_organization_roles**: *reference([iam_organization_roles](#refs-iam_organization_roles))*
- **iam_project_roles**: *reference([iam_project_roles](#refs-iam_project_roles))*
- **iam_sa_roles**: *reference([iam_sa_roles](#refs-iam_sa_roles))*
- **iam_storage_roles**: *reference([iam_storage_roles](#refs-iam_storage_roles))*
- **autokey_config**: *object*
<br>*additional properties: false*
- **project**: *string*
<br>*pattern: ^(projects/|\$project_ids:|\$project_numbers:)*
- **contacts**: *object*
<br>*additional properties: false*
- **`^(\S+@\S+\.\S+|\$email_addresses:\S+)$`**: *array*
- items: *string*
<br>*enum: ['ALL', 'BILLING', 'LEGAL', 'SECURITY', 'PRODUCT_UPDATES', 'SUSPENSION', 'TECHNICAL']*
- **data_access_logs**: *object*
<br>*additional properties: false*
- **`^([a-z][a-z-]+\.googleapis\.com|allServices)$`**: *object*
<br>*additional properties: false*
- **ADMIN_READ**: *object*
<br>*additional properties: false*
- **exempted_members**: *array*
- items: *string*
- **DATA_READ**: *object*
<br>*additional properties: false*
- **exempted_members**: *array*
- items: *string*
- **DATA_WRITE**: *object*
<br>*additional properties: false*
- **exempted_members**: *array*
- items: *string*
- **factories_config**: *object*
<br>*additional properties: false*
- **org_policies**: *string*
- **pam_entitlements**: *string*
- **scc_sha_custom_modules**: *string*
- **iam**: *reference([iam](#refs-iam))*
- **iam_bindings**: *reference([iam_bindings](#refs-iam_bindings))*
- **iam_bindings_additive**: *reference([iam_bindings_additive](#refs-iam_bindings_additive))*
- **iam_by_principals**: *reference([iam_by_principals](#refs-iam_by_principals))*
- **name**: *string*
- **org_policies**: *object*
<br>*additional properties: false*
- **`^[a-z]+\.`**: *object*
- **inherit_from_parent**: *boolean*
- **reset**: *boolean*
- **rules**: *array*
- items: *object*
<br>*additional properties: false*
- **allow**: *object*
<br>*additional properties: false*
- **all**: *boolean*
- **values**: *array*
- items: *string*
- **deny**: *object*
<br>*additional properties: false*
- **all**: *boolean*
- **values**: *array*
- items: *string*
- **enforce**: *boolean*
- **condition**: *object*
<br>*additional properties: false*
- **description**: *string*
- **expression**: *string*
- **location**: *string*
- **title**: *string*
- **pam_entitlements**: *reference([pam_entitlements](#refs-pam_entitlements))*
- **parent**: *string*
<br>*pattern: ^(?:folders/[0-9]+|organizations/[0-9]+|\$folder_ids:[a-z0-9_-]+)$*
- **tag_bindings**: *object*
<br>*additional properties: false*
- **`^[a-z0-9_-]+$`**: *string*
## Definitions
- **bucket**<a name="refs-bucket"></a>: *object*
<br>*additional properties: false*
- **name**: *string*
- **description**: *string*
- **iam**: *reference([iam](#refs-iam))*
- **iam_bindings**: *reference([iam_bindings](#refs-iam_bindings))*
- **iam_bindings_additive**: *reference([iam_bindings_additive](#refs-iam_bindings_additive))*
- **force_destroy**: *boolean*
- **labels**: *object*
<br>*additional properties: string*
- **location**: *string*
- **managed_folders**: *object*
<br>*additional properties: false*
- **`^[a-zA-Z0-9][a-zA-Z0-9_/-]+$`**: *object*
<br>*additional properties: false*
- **force_destroy**: *boolean*
- **iam**: *reference([iam](#refs-iam))*
- **iam_bindings**: *reference([iam_bindings](#refs-iam_bindings))*
- **iam_bindings_additive**: *reference([iam_bindings_additive](#refs-iam_bindings_additive))*
- **prefix**: *string*
- **storage_class**: *string*
- **uniform_bucket_level_access**: *boolean*
- **versioning**: *boolean*
- **iam**<a name="refs-iam"></a>: *object*
<br>*additional properties: false*
- **`^(?:roles/|\$custom_roles:)`**: *array*
- items: *string*
<br>*pattern: ^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|\$iam_principals:)*
- **iam_bindings**<a name="refs-iam_bindings"></a>: *object*
<br>*additional properties: false*
- **`^[a-z0-9_-]+$`**: *object*
<br>*additional properties: false*
- **members**: *array*
- items: *string*
<br>*pattern: ^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|\$iam_principals:)*
- **role**: *string*
<br>*pattern: ^(?:roles/|\$custom_roles:)*
- **condition**: *object*
<br>*additional properties: false*
- ⁺**expression**: *string*
- ⁺**title**: *string*
- **description**: *string*
- **iam_bindings_additive**<a name="refs-iam_bindings_additive"></a>: *object*
<br>*additional properties: false*
- **`^[a-z0-9_-]+$`**: *object*
<br>*additional properties: false*
- **member**: *string*
<br>*pattern: ^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|\$iam_principals:)*
- **role**: *string*
<br>*pattern: ^(?:roles/|\$custom_roles:)*
- **condition**: *object*
<br>*additional properties: false*
- ⁺**expression**: *string*
- ⁺**title**: *string*
- **description**: *string*
- **iam_by_principals**<a name="refs-iam_by_principals"></a>: *object*
<br>*additional properties: false*
- **`^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|\$iam_principals:)`**: *array*
- items: *string*
<br>*pattern: ^(?:roles/|\$custom_roles:)*
- **iam_billing_roles**<a name="refs-iam_billing_roles"></a>: *object*
<br>*additional properties: false*
- **`^[a-z0-9-]+$`**: *array*
- items: *string*
- **iam_folder_roles**<a name="refs-iam_folder_roles"></a>: *object*
<br>*additional properties: false*
- **`^[a-z0-9-]+$`**: *array*
- items: *string*
- **iam_organization_roles**<a name="refs-iam_organization_roles"></a>: *object*
<br>*additional properties: false*
- **`^[a-z0-9-]+$`**: *array*
- items: *string*
- **iam_project_roles**<a name="refs-iam_project_roles"></a>: *object*
<br>*additional properties: false*
- **`^[a-z0-9-]+$`**: *array*
- items: *string*
- **iam_sa_roles**<a name="refs-iam_sa_roles"></a>: *object*
<br>*additional properties: false*
- **`^[a-z0-9-]+$`**: *array*
- items: *string*
- **iam_storage_roles**<a name="refs-iam_storage_roles"></a>: *object*
<br>*additional properties: false*
- **`^[a-z0-9-]+$`**: *array*
- items: *string*
- **pam_entitlements**<a name="refs-pam_entitlements"></a>: *object*
<br>*additional properties: false*
- **`^[a-z][a-z0-9-]{0,61}[a-z0-9]$`**: *object*
<br>*additional properties: false*
- ⁺**max_request_duration**: *string*
- ⁺**eligible_users**: *array*
- items: *string*
- ⁺**privileged_access**: *array*
- items: *object*
<br>*additional properties: false*
- ⁺**role**: *string*
- **condition**: *string*
- **requester_justification_config**: *object*
<br>*additional properties: false*
- **not_mandatory**: *boolean*
- **unstructured**: *boolean*
- **manual_approvals**: *object*
<br>*additional properties: false*
- ⁺**require_approver_justification**: *boolean*
- ⁺**steps**: *array*
- items: *object*
<br>*additional properties: false*
- ⁺**approvers**: *array*
- items: *string*
- **approvals_needed**: *number*
- **approver_email_recipients**: *array*
- items: *string*
- **additional_notification_targets**: *object*
<br>*additional properties: false*
- **admin_email_recipients**: *array*
- items: *string*
- **requester_email_recipients**: *array*
- items: *string*

26
fast/stages/2-networking/schemas/ncc-hub.schema.md Normal file
View File

@@ -0,0 +1,26 @@
# NCC Hub Configuration
<!-- markdownlint-disable MD036 -->
## Properties
*additional properties: false*
- ⁺**name**: *string*
- ⁺**project_id**: *string*
- **description**: *string*
- **export_psc**: *boolean*
- **preset_topology**: *string*
- **groups**: *reference([groups](#refs-groups))*
## Definitions
- **groups**<a name="refs-groups"></a>: *object*
<br>*additional properties: false*
- **`^[a-zA-Z0-9_-]+$`**: *reference([group](#refs-group))*
- **group**<a name="refs-group"></a>: *object*
<br>*additional properties: false*
- **description**: *string*
- **labels**: *object*
- **auto_accept**: *array*
- items: *string*

41
fast/stages/2-networking/schemas/nva.schema.md Normal file
View File

@@ -0,0 +1,41 @@
# NVA Configuration
<!-- markdownlint-disable MD036 -->
## Properties
*additional properties: false*
- ⁺**project_id**: *string*
- ⁺**name**: *string*
- ⁺**region**: *string*
- **auto_instance_config**: *reference([auto_instance_config](#refs-auto_instance_config))*
- **ilb_config**: *reference([ilb_config](#refs-ilb_config))*
## Definitions
- **auto_instance_config**<a name="refs-auto_instance_config"></a>: *object*
- **image**: *string*
- **instance_type**: *string*
- **tags**: *array*
- items: *string*
- **nics**: *array*
- items: *reference([nic](#refs-nic))*
- **nic**<a name="refs-nic"></a>: *object*
- ⁺**network**: *string*
- ⁺**subnet**: *string*
- **routes**: *array*
- items: *string*
- **masquerade**: *boolean*
- **ilb_config**<a name="refs-ilb_config"></a>: *object*
- **health_check**: *object*
- **instance_groups**: *object*
- **`^[a-z]$`**: *reference([instance_group](#refs-instance_group))*
- **forwarding_rules**: *array*
- items: *reference([forwarding_rule](#refs-forwarding_rule))*
- **instance_group**<a name="refs-instance_group"></a>: *object*
- **auto_create_instances**: *number*
- **attach_instances**: *object*
- **forwarding_rule**<a name="refs-forwarding_rule"></a>: *object*
- ⁺**network**: *string*
- ⁺**subnet**: *string*

96
fast/stages/2-networking/schemas/project.schema.json
View File

@@ -267,52 +267,56 @@
"additionalProperties": false,
"patternProperties": {
"^[a-z][a-z0-9-]+[a-z0-9]$": {
"destroy_scheduled_duration": {
"type": "string"
},
"rotation_period": {
"type": "string"
},
"iam": {
"$ref": "#/$defs/iam"
},
"iam_bindings": {
"$ref": "#/$defs/iam_bindings"
},
"iam_bindings_additive": {
"$ref": "#/$defs/iam_bindings_additive"
},
"purpose": {
"type": "string",
"default": "ENCRYPT_DECRYPT",
"enum": [
"CRYPTO_KEY_PURPOSE_UNSPECIFIED",
"ENCRYPT_DECRYPT",
"ASYMMETRIC_SIGN",
"ASYMMETRIC_DECRYPT",
"RAW_ENCRYPT_DECRYPT",
"MAC"
]
},
"version_template": {
"type": "object",
"additionalProperties": false,
"required": [
"algorithm"
],
"properties": {
"algorithm": {
"type": "string"
},
"protection_level": {
"type": "string",
"default": "SOFTWARE",
"enum": [
"SOFTWARE",
"HSM",
"EXTERNAL",
"EXTERNAL_VPC"
]
"type": "object",
"additionalProperties": false,
"properties": {
"destroy_scheduled_duration": {
"type": "string"
},
"rotation_period": {
"type": "string"
},
"iam": {
"$ref": "#/$defs/iam"
},
"iam_bindings": {
"$ref": "#/$defs/iam_bindings"
},
"iam_bindings_additive": {
"$ref": "#/$defs/iam_bindings_additive"
},
"purpose": {
"type": "string",
"default": "ENCRYPT_DECRYPT",
"enum": [
"CRYPTO_KEY_PURPOSE_UNSPECIFIED",
"ENCRYPT_DECRYPT",
"ASYMMETRIC_SIGN",
"ASYMMETRIC_DECRYPT",
"RAW_ENCRYPT_DECRYPT",
"MAC"
]
},
"version_template": {
"type": "object",
"additionalProperties": false,
"required": [
"algorithm"
],
"properties": {
"algorithm": {
"type": "string"
},
"protection_level": {
"type": "string",
"default": "SOFTWARE",
"enum": [
"SOFTWARE",
"HSM",
"EXTERNAL",
"EXTERNAL_VPC"
]
}
}
}
}

361
fast/stages/2-networking/schemas/project.schema.md Normal file
View File

@@ -0,0 +1,361 @@
# Project
<!-- markdownlint-disable MD036 -->
## Properties
*additional properties: false*
- **automation**: *object*
<br>*additional properties: false*
- **prefix**: *string*
- ⁺**project**: *string*
- **bucket**: *reference([bucket](#refs-bucket))*
- **service_accounts**: *object*
<br>*additional properties: false*
- **`^[a-z0-9-]+$`**: *object*
<br>*additional properties: false*
- **description**: *string*
- **iam**: *reference([iam](#refs-iam))*
- **iam_bindings**: *reference([iam_bindings](#refs-iam_bindings))*
- **iam_bindings_additive**: *reference([iam_bindings_additive](#refs-iam_bindings_additive))*
- **iam_billing_roles**: *reference([iam_billing_roles](#refs-iam_billing_roles))*
- **iam_folder_roles**: *reference([iam_folder_roles](#refs-iam_folder_roles))*
- **iam_organization_roles**: *reference([iam_organization_roles](#refs-iam_organization_roles))*
- **iam_project_roles**: *reference([iam_project_roles](#refs-iam_project_roles))*
- **iam_sa_roles**: *reference([iam_sa_roles](#refs-iam_sa_roles))*
- **iam_storage_roles**: *reference([iam_storage_roles](#refs-iam_storage_roles))*
- **billing_account**: *string*
- **billing_budgets**: *array*
- items: *string*
- **buckets**: *reference([buckets](#refs-buckets))*
- **contacts**: *object*
<br>*additional properties: false*
- **`^(\S+@\S+\.\S+|\$email_addresses:\S+)$`**: *array*
- items: *string*
<br>*enum: ['ALL', 'BILLING', 'LEGAL', 'SECURITY', 'PRODUCT_UPDATES', 'SUSPENSION', 'TECHNICAL']*
- **data_access_logs**: *object*
<br>*additional properties: false*
- **`^([a-z][a-z-]+\.googleapis\.com|allServices)$`**: *object*
<br>*additional properties: false*
- **ADMIN_READ**: *object*
<br>*additional properties: false*
- **exempted_members**: *array*
- items: *string*
- **DATA_READ**: *object*
<br>*additional properties: false*
- **exempted_members**: *array*
- items: *string*
- **DATA_WRITE**: *object*
<br>*additional properties: false*
- **exempted_members**: *array*
- items: *string*
- **datasets**: *object*
<br>*additional properties: false*
- **`^[a-z0-9_]+$`**: *object*
<br>*additional properties: false*
- **friendly_name**: *string*
- **location**: *string*
- **deletion_policy**: *string*
<br>*enum: ['PREVENT', 'DELETE', 'ABANDON']*
- **factories_config**: *object*
<br>*additional properties: false*
- **custom_roles**: *string*
- **observability**: *string*
- **org_policies**: *string*
- **quotas**: *string*
- **scc_sha_custom_modules**: *string*
- **tags**: *string*
- **iam**: *reference([iam](#refs-iam))*
- **iam_bindings**: *reference([iam_bindings](#refs-iam_bindings))*
- **iam_bindings_additive**: *reference([iam_bindings_additive](#refs-iam_bindings_additive))*
- **iam_by_principals**: *reference([iam_by_principals](#refs-iam_by_principals))*
- **iam_by_principals_additive**: *reference([iam_by_principals](#refs-iam_by_principals))*
- **kms**: *object*
<br>*additional properties: false*
- **autokeys**: *object*
<br>*additional properties: false*
- **`^[a-z][a-z0-9-]+[a-z0-9]$`**: *object*
<br>*additional properties: false*
- ⁺**location**: *string*
- ⁺**resource_type_selector**: *string*
- **keyrings**: *object*
<br>*additional properties: false*
- **`^[a-z][a-z0-9-]+[a-z0-9]$`**: *object*
<br>*additional properties: false*
- ⁺**location**: *string*
- **iam**: *reference([iam](#refs-iam))*
- **iam_bindings**: *reference([iam_bindings](#refs-iam_bindings))*
- **iam_bindings_additive**: *reference([iam_bindings_additive](#refs-iam_bindings_additive))*
- **keys**: *object*
<br>*additional properties: false*
- **`^[a-z][a-z0-9-]+[a-z0-9]$`**: *object*
<br>*additional properties: false*
- **destroy_scheduled_duration**: *string*
- **rotation_period**: *string*
- **iam**: *reference([iam](#refs-iam))*
- **iam_bindings**: *reference([iam_bindings](#refs-iam_bindings))*
- **iam_bindings_additive**: *reference([iam_bindings_additive](#refs-iam_bindings_additive))*
- **purpose**: *string*
<br>*default: ENCRYPT_DECRYPT*, *enum: ['CRYPTO_KEY_PURPOSE_UNSPECIFIED', 'ENCRYPT_DECRYPT', 'ASYMMETRIC_SIGN', 'ASYMMETRIC_DECRYPT', 'RAW_ENCRYPT_DECRYPT', 'MAC']*
- **version_template**: *object*
<br>*additional properties: false*
- ⁺**algorithm**: *string*
- **protection_level**: *string*
<br>*default: SOFTWARE*, *enum: ['SOFTWARE', 'HSM', 'EXTERNAL', 'EXTERNAL_VPC']*
- **labels**: *object*
- **pam_entitlements**: *reference([pam_entitlements](#refs-pam_entitlements))*
- **log_buckets**: *object*
<br>*additional properties: false*
- **`^[a-z0-9-]+$`**: *reference([log_bucket](#refs-log_bucket))*
- **metric_scopes**: *array*
- items: *string*
- **name**: *string*
- **org_policies**: *object*
<br>*additional properties: false*
- **`^[a-z]+\.`**: *object*
- **inherit_from_parent**: *boolean*
- **reset**: *boolean*
- **rules**: *array*
- items: *object*
<br>*additional properties: false*
- **allow**: *object*
<br>*additional properties: false*
- **all**: *boolean*
- **values**: *array*
- items: *string*
- **deny**: *object*
<br>*additional properties: false*
- **all**: *boolean*
- **values**: *array*
- items: *string*
- **enforce**: *boolean*
- **condition**: *object*
<br>*additional properties: false*
- **description**: *string*
- **expression**: *string*
- **location**: *string*
- **title**: *string*
- **quotas**: *object*
<br>*additional properties: false*
- **`^[a-zA-Z0-9_-]+$`**: *object*
<br>*additional properties: false*
- ⁺**service**: *string*
- ⁺**quota_id**: *string*
- ⁺**preferred_value**: *number*
- **dimensions**: *object*
<br>*additional properties: string*
- **justification**: *string*
- **contact_email**: *string*
- **annotations**: *object*
<br>*additional properties: string*
- **ignore_safety_checks**: *string*
<br>*enum: ['QUOTA_DECREASE_BELOW_USAGE', 'QUOTA_DECREASE_PERCENTAGE_TOO_HIGH', 'QUOTA_SAFETY_CHECK_UNSPECIFIED']*
- **parent**: *string*
- **prefix**: *string*
- **project_reuse**: *object*
<br>*additional properties: false*
- **use_data_source**: *boolean*
- **attributes**: *object*
- ⁺**name**: *string*
- ⁺**number**: *number*
- **services_enabled**: *array*
- items: *string*
- **project_template**: *string*
- **service_accounts**: *object*
<br>*additional properties: false*
- **`^[a-z0-9-]+$`**: *object*
<br>*additional properties: false*
- **display_name**: *string*
- **iam**: *reference([iam](#refs-iam))*
- **iam_self_roles**: *array*
- items: *string*
- **iam_project_roles**: *reference([iam_project_roles](#refs-iam_project_roles))*
- **iam_sa_roles**: *reference([iam_sa_roles](#refs-iam_sa_roles))*
- **service_encryption_key_ids**: *object*
<br>*additional properties: false*
- **`^[a-z-]+\.googleapis\.com$`**: *array*
- items: *string*
- **services**: *array*
- items: *string*
<br>*pattern: ^[a-z-]+\.googleapis\.com$*
- **shared_vpc_host_config**: *object*
<br>*additional properties: false*
- ⁺**enabled**: *boolean*
- **service_projects**: *array*
- items: *string*
- **shared_vpc_service_config**: *object*
<br>*additional properties: false*
- ⁺**host_project**: *string*
- **iam_bindings_additive**: *reference([iam_bindings_additive](#refs-iam_bindings_additive))*
- **network_users**: *array*
- items: *string*
- **service_agent_iam**: *object*
- **`^[a-z0-9_-]+$`**: *array*
- items: *string*
- **service_agent_subnet_iam**: *object*
- **`^[a-z0-9_-]+$`**: *array*
- items: *string*
- **service_iam_grants**: *array*
- items: *string*
- **network_subnet_users**: *object*
- **`^[a-z0-9_-]+$`**: *array*
- items: *string*
- **tag_bindings**: *object*
<br>*additional properties: false*
- **`^[a-z0-9_-]+$`**: *string*
- **tags**: *object*
<br>*additional properties: object*
- **universe**: *object*
<br>*additional properties: false*
- **prefix**: *string*
- **forced_jit_service_identities**: *array*
- items: *string*
- **unavailable_services**: *array*
- items: *string*
- **unavailable_service_identities**: *array*
- items: *string*
- **vpc_sc**: *object*
- ⁺**perimeter_name**: *string*
- **is_dry_run**: *boolean*
## Definitions
- **bucket**<a name="refs-bucket"></a>: *object*
<br>*additional properties: false*
- **name**: *string*
- **create**: *boolean*
- **description**: *string*
- **encryption_key**: *string*
- **iam**: *reference([iam](#refs-iam))*
- **iam_bindings**: *reference([iam_bindings](#refs-iam_bindings))*
- **iam_bindings_additive**: *reference([iam_bindings_additive](#refs-iam_bindings_additive))*
- **force_destroy**: *boolean*
- **labels**: *object*
<br>*additional properties: string*
- **location**: *string*
- **managed_folders**: *object*
<br>*additional properties: false*
- **`^[a-zA-Z0-9][a-zA-Z0-9_/-]+$`**: *object*
<br>*additional properties: false*
- **force_destroy**: *boolean*
- **iam**: *reference([iam](#refs-iam))*
- **iam_bindings**: *reference([iam_bindings](#refs-iam_bindings))*
- **iam_bindings_additive**: *reference([iam_bindings_additive](#refs-iam_bindings_additive))*
- **prefix**: *string*
- **storage_class**: *string*
- **uniform_bucket_level_access**: *boolean*
- **versioning**: *boolean*
- **retention_policy**: *object*
<br>*additional properties: false*
- **retention_period**: *number*
- **is_locked**: *boolean*
- **enable_object_retention**: *boolean*
- **buckets**<a name="refs-buckets"></a>: *object*
<br>*additional properties: false*
- **`^[a-z0-9-]+$`**: *reference([bucket](#refs-bucket))*
- **iam**<a name="refs-iam"></a>: *object*
<br>*additional properties: false*
- **`^(?:roles/|\$custom_roles:)`**: *array*
- items: *string*
<br>*pattern: ^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:||\$iam_principals:[a-z0-9_-]+)*
- **iam_bindings**<a name="refs-iam_bindings"></a>: *object*
<br>*additional properties: false*
- **`^[a-z0-9_-]+$`**: *object*
<br>*additional properties: false*
- **members**: *array*
- items: *string*
<br>*pattern: ^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|\$iam_principals:[a-z0-9_-]+)*
- **role**: *string*
<br>*pattern: ^(?:roles/|\$custom_roles:)*
- **condition**: *object*
<br>*additional properties: false*
- ⁺**expression**: *string*
- ⁺**title**: *string*
- **description**: *string*
- **iam_bindings_additive**<a name="refs-iam_bindings_additive"></a>: *object*
<br>*additional properties: false*
- **`^[a-z0-9_-]+$`**: *object*
<br>*additional properties: false*
- **member**: *string*
<br>*pattern: ^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|\$iam_principals:[a-z0-9_-]+)*
- **role**: *string*
<br>*pattern: ^(?:roles/|\$custom_roles:)*
- **condition**: *object*
<br>*additional properties: false*
- ⁺**expression**: *string*
- ⁺**title**: *string*
- **description**: *string*
- **iam_by_principals**<a name="refs-iam_by_principals"></a>: *object*
<br>*additional properties: false*
- **`^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|\$iam_principals:[a-z0-9_-]+)`**: *array*
- items: *string*
<br>*pattern: ^(?:roles/|\$custom_roles:)*
- **iam_billing_roles**<a name="refs-iam_billing_roles"></a>: *object*
<br>*additional properties: false*
- **`^[a-z0-9-]+$`**: *array*
- items: *string*
- **iam_folder_roles**<a name="refs-iam_folder_roles"></a>: *object*
<br>*additional properties: false*
- **`^[a-z0-9-]+$`**: *array*
- items: *string*
- **iam_organization_roles**<a name="refs-iam_organization_roles"></a>: *object*
<br>*additional properties: false*
- **`^[a-z0-9-]+$`**: *array*
- items: *string*
- **iam_project_roles**<a name="refs-iam_project_roles"></a>: *object*
<br>*additional properties: false*
- **`^(?:[a-z0-9-]|\$project_ids:[a-z0-9_-])+$`**: *array*
- items: *string*
- **iam_sa_roles**<a name="refs-iam_sa_roles"></a>: *object*
<br>*additional properties: false*
- **`^(?:\$service_account_ids:|projects/)`**: *array*
- items: *string*
- **iam_storage_roles**<a name="refs-iam_storage_roles"></a>: *object*
<br>*additional properties: false*
- **`^[a-z0-9-]+$`**: *array*
- items: *string*
- **log_bucket**<a name="refs-log_bucket"></a>: *object*
<br>*additional properties: false*
- **description**: *string*
- **kms_key_name**: *string*
- **location**: *string*
- **log_analytics**: *object*
<br>*additional properties: false*
- **enable**: *boolean*
- **dataset_link_id**: *string*
- **description**: *string*
- **retention**: *number*
- **pam_entitlements**<a name="refs-pam_entitlements"></a>: *object*
<br>*additional properties: false*
- **`^[a-z][a-z0-9-]{0,61}[a-z0-9]$`**: *object*
<br>*additional properties: false*
- ⁺**max_request_duration**: *string*
- ⁺**eligible_users**: *array*
- items: *string*
- ⁺**privileged_access**: *array*
- items: *object*
<br>*additional properties: false*
- ⁺**role**: *string*
- **condition**: *string*
- **requester_justification_config**: *object*
<br>*additional properties: false*
- **not_mandatory**: *boolean*
- **unstructured**: *boolean*
- **manual_approvals**: *object*
<br>*additional properties: false*
- ⁺**require_approver_justification**: *boolean*
- ⁺**steps**: *array*
- items: *object*
<br>*additional properties: false*
- ⁺**approvers**: *array*
- items: *string*
- **approvals_needed**: *number*
- **approver_email_recipients**: *array*
- items: *string*
- **additional_notification_targets**: *object*
<br>*additional properties: false*
- **admin_email_recipients**: *array*
- items: *string*
- **requester_email_recipients**: *array*
- items: *string*

77
fast/stages/2-networking/schemas/subnet.schema.md Normal file
View File

@@ -0,0 +1,77 @@
# Subnet
<!-- markdownlint-disable MD036 -->
## Properties
*additional properties: false*
- **active**: *boolean*
- **description**: *string*
- **enable_private_access**: *boolean*
- **allow_subnet_cidr_routes_overlap**: *boolean*
- **flow_logs_config**: *object*
<br>*additional properties: false*
- **aggregation_interval**: *string*
- **filter_expression**: *string*
- **flow_sampling**: *number*
- **metadata**: *string*
- **metadata_fields**: *array*
- items: *string*
- **global**: *boolean*
- **ip_cidr_range**: *string*
- **reserved_internal_range**: *string*
- **ipv6**: *object*
<br>*additional properties: false*
- **access_type**: *string*
- **ipv6_only**: *boolean*
- **ip_collection**: *string*
- **name**: *string*
- ⁺**region**: *string*
- **psc**: *boolean*
- **proxy_only**: *boolean*
- **secondary_ip_ranges**: *object*
<br>*additional properties: oneof*
- *string*
- *object*
<br>*additional properties: false*
- **ip_cidr_range**: *string*
- **reserved_internal_range**: *string*
- **iam**: *reference([iam](#refs-iam))*
- **iam_bindings**: *reference([iam_bindings](#refs-iam_bindings))*
- **iam_bindings_additive**: *reference([iam_bindings_additive](#refs-iam_bindings_additive))*
## Definitions
- **iam**<a name="refs-iam"></a>: *object*
<br>*additional properties: false*
- **`^roles/`**: *array*
- items: *string*
<br>*pattern: ^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|ro|rw)*
- **iam_bindings**<a name="refs-iam_bindings"></a>: *object*
<br>*additional properties: false*
- **`^[a-z0-9_-]+$`**: *object*
<br>*additional properties: false*
- **members**: *array*
- items: *string*
<br>*pattern: ^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|ro|rw)*
- **role**: *string*
<br>*pattern: ^roles/*
- **condition**: *object*
<br>*additional properties: false*
- ⁺**expression**: *string*
- ⁺**title**: *string*
- **description**: *string*
- **iam_bindings_additive**<a name="refs-iam_bindings_additive"></a>: *object*
<br>*additional properties: false*
- **`^[a-z0-9_-]+$`**: *object*
<br>*additional properties: false*
- **member**: *string*
<br>*pattern: ^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|ro|rw)*
- **role**: *string*
<br>*pattern: ^roles/*
- **condition**: *object*
<br>*additional properties: false*
- ⁺**expression**: *string*
- ⁺**title**: *string*
- **description**: *string*

129
fast/stages/2-networking/schemas/vpc.schema.md Normal file
View File

@@ -0,0 +1,129 @@
# VPC Configuration
<!-- markdownlint-disable MD036 -->
## Properties
*additional properties: false*
- ⁺**project_id**: *string*
- ⁺**name**: *string*
- **description**: *string*
- **auto_create_subnetworks**: *boolean*
- **delete_default_routes_on_create**: *boolean*
- **mtu**: *number*
- **routing_mode**: *string*
<br>*enum: ['GLOBAL', 'REGIONAL']*
- **firewall_policy_enforcement_order**: *string*
<br>*enum: ['BEFORE_CLASSIC_FIREWALL', 'AFTER_CLASSIC_FIREWALL']*
- **create_googleapis_routes**: *reference([create_googleapis_routes](#refs-create_googleapis_routes))*
- **dns_policy**: *reference([dns_policy](#refs-dns_policy))*
- **ipv6_config**: *reference([ipv6_config](#refs-ipv6_config))*
- **network_attachments**: *reference([network_attachments](#refs-network_attachments))*
- **policy_based_routes**: *reference([policy_based_routes](#refs-policy_based_routes))*
- **routes**: *reference([routes](#refs-routes))*
- **routers**: *reference([routers](#refs-routers))*
- **peering_config**: *reference([peering_config](#refs-peering_config))*
- **psa_configs**: *array*
- items: *reference([psa_config](#refs-psa_config))*
- **subnets**: *array*
- items: *reference([subnet](#refs-subnet))*
- **subnets_private_nat**: *array*
- items: *reference([simple_subnet](#refs-simple_subnet))*
- **subnets_proxy_only**: *array*
- items: *reference([proxy_only_subnet](#refs-proxy_only_subnet))*
- **subnets_psc**: *array*
- items: *reference([simple_subnet](#refs-simple_subnet))*
- **nat_config**: *reference([nat_config](#refs-nat_config))*
- **ncc_config**: *reference([ncc_config](#refs-ncc_config))*
## Definitions
- **create_googleapis_routes**<a name="refs-create_googleapis_routes"></a>: *object*
- **directpath**: *boolean*
- **directpath-6**: *boolean*
- **private**: *boolean*
- **private-6**: *boolean*
- **restricted**: *boolean*
- **restricted-6**: *boolean*
- **dns_policy**<a name="refs-dns_policy"></a>: *object*
- **inbound**: *boolean*
- **logging**: *boolean*
- **outbound**: *object*
- **private_ns**: *array*
- items: *string*
- **public_ns**: *array*
- items: *string*
- **ipv6_config**<a name="refs-ipv6_config"></a>: *object*
- **enable_ula_internal**: *boolean*
- **internal_range**: *string*
- **nat_config**<a name="refs-nat_config"></a>: *object*
- **`^[a-z0-9-]+$`**: *object*
- ⁺**region**: *string*
- **ncc_config**<a name="refs-ncc_config"></a>: *object*
- ⁺**hub**: *string*
- **group**: *string*
- **network_attachments**<a name="refs-network_attachments"></a>: *object*
- **`^[a-z0-9-]+$`**: *object*
- **subnet**: *string*
- **automatic_connection**: *boolean*
- **description**: *string*
- **producer_accept_lists**: *array*
- items: *string*
- **producer_reject_lists**: *array*
- items: *string*
- **peering_config**<a name="refs-peering_config"></a>: *object*
- **peer_vpc_self_link**: *string*
- **create_remote_peer**: *boolean*
- **export_routes**: *boolean*
- **import_routes**: *boolean*
- **policy_based_routes**<a name="refs-policy_based_routes"></a>: *object*
- **`^[a-z0-9-]+$`**: *object*
- **psa_config**<a name="refs-psa_config"></a>: *object*
- **deletion_policy**: *string*
- **ranges**: *object*
- **`^[a-z0-9-]+$`**: *string*
- **export_routes**: *boolean*
- **import_routes**: *boolean*
- **peered_domains**: *array*
- items: *string*
- **range_prefix**: *string*
- **service_producer**: *string*
- **routes**<a name="refs-routes"></a>: *object*
- **`^[a-z0-9-]+$`**: *object*
- **description**: *string*
- ⁺**dest_range**: *string*
- ⁺**next_hop_type**: *string*
- ⁺**next_hop**: *string*
- **priority**: *number*
- **tags**: *array*
- items: *string*
- **routers**<a name="refs-routers"></a>: *object*
- **`^[a-z0-9-]+$`**: *object*
<br>*additional properties: false*
- ⁺**region**: *string*
- ⁺**asn**: *number*
- **custom_advertise**: *object*
- **all_subnets**: *boolean*
- **ip_ranges**: *object*
- **`.*`**: *string*
- **simple_subnet**<a name="refs-simple_subnet"></a>: *object*
- ⁺**name**: *string*
- ⁺**ip_cidr_range**: *string*
- ⁺**region**: *string*
- **description**: *string*
- **subnet**<a name="refs-subnet"></a>: *object*
- ⁺**name**: *string*
- **ip_cidr_range**: *string*
- ⁺**region**: *string*
- **description**: *string*
- **enable_private_access**: *boolean*
- **allow_subnet_cidr_routes_overlap**: *boolean*
- **reserved_internal_range**: *string*
- **proxy_only_subnet**<a name="refs-proxy_only_subnet"></a>: *object*
- ⁺**name**: *string*
- ⁺**ip_cidr_range**: *string*
- ⁺**region**: *string*
- **description**: *string*
- **active**: *boolean*
- **global**: *boolean*

45
fast/stages/2-networking/schemas/vpn.schema.md Normal file
View File

@@ -0,0 +1,45 @@
# VPN Configuration
<!-- markdownlint-disable MD036 -->
## Properties
*additional properties: false*
- ⁺**name**: *string*
- **region**: *string*
- **stack_type**: *string*
<br>*enum: ['IPV4_ONLY', 'IPV4_IPV6']*
- **peer_gateways**: *reference([peer_gateways](#refs-peer_gateways))*
- **router_config**: *reference([router_config](#refs-router_config))*
- **tunnels**: *reference([tunnels](#refs-tunnels))*
- **ncc_spoke_config**: *reference([ncc_spoke_config](#refs-ncc_spoke_config))*
## Definitions
- **peer_gateways**<a name="refs-peer_gateways"></a>: *object*
- **`^[a-z0-9-]+$`**: *reference([peer_gateway](#refs-peer_gateway))*
- **peer_gateway**<a name="refs-peer_gateway"></a>: *object*
- **router_config**<a name="refs-router_config"></a>: *object*
- **asn**: *number*
- **create**: *boolean*
- **name**: *string*
- **tunnels**<a name="refs-tunnels"></a>: *object*
- **`^[a-z0-9-]+$`**: *reference([tunnel](#refs-tunnel))*
- **tunnel**<a name="refs-tunnel"></a>: *object*
- **bgp_peer**: *object*
- **address**: *string*
- **asn**: *number*
- **bgp_session_range**: *string*
- **peer_external_gateway_interface**: *number*
- **shared_secret**: *string*
- **vpn_gateway_interface**: *number*
- **ncc_spoke_config**<a name="refs-ncc_spoke_config"></a>: *object*
- **hub**: *string*
- **description**: *string*
- **labels**: *object*
- **exclude_export_ranges**: *array*
- items: *string*
- **include_export_ranges**: *array*
- items: *string*
- **group**: *string*

1
fast/stages/2-project-factory/schemas/defaults.schema.json
View File

@@ -489,6 +489,7 @@
}
},
"email_addresses": {
"type": "object",
"additionalProperties": {
"type": "string"
}

222
fast/stages/2-project-factory/schemas/defaults.schema.md Normal file
View File

@@ -0,0 +1,222 @@
# Bootstrap Defaults
<!-- markdownlint-disable MD036 -->
## Properties
*additional properties: false*
- **projects**: *object*
<br>*additional properties: false*
- **defaults**: *object*
<br>*additional properties: false*
- **billing_account**: *string*
- **bucket**: *object*
<br>*additional properties: false*
- **force_destroy**: *boolean*
- **contacts**: *object*
<br>*additional properties: false*
- **`^[a-z0-9_-]+$`**: *array*
- items: *string*
- **deletion_policy**: *string*
<br>*enum: ['PREVENT', 'DELETE', 'ABANDON']*
- **labels**: *object*
<br>*additional properties: false*
- **`^[a-z0-9_-]+$`**: *array*
- items: *string*
- **locations**: *object*
<br>*additional properties: false*
- **bigquery**: *string*
- **logging**: *string*
- **storage**: *string*
- **metric_scopes**: *array*
- items: *string*
- **parent**: *string*
- **prefix**: *string*
- **project_reuse**: *object*
<br>*additional properties: false*
- **use_data_source**: *boolean*
- **attributes**: *object*
<br>*additional properties: false*
- ⁺**name**: *string*
- ⁺**number**: *number*
- **services_enabled**: *array*
- items: *string*
- **service_accounts**: *object*
<br>*additional properties: object*
- **service_encryption_key_ids**: *object*
<br>*additional properties: false*
- **`^[a-z0-9_-]+$`**: *array*
- items: *string*
- **services**: *array*
- items: *string*
- **shared_vpc_service_config**: *object*
<br>*additional properties: false*
- ⁺**host_project**: *string*
- **iam_bindings_additive**: *reference([iam_bindings_additive](#refs-iam_bindings_additive))*
- **network_users**: *array*
- items: *string*
- **service_agent_iam**: *object*
<br>*additional properties: array*
- **service_agent_subnet_iam**: *object*
<br>*additional properties: array*
- **service_iam_grants**: *array*
- items: *string*
- **network_subnet_users**: *object*
<br>*additional properties: array*
- **tag_bindings**: *object*
<br>*additional properties: string*
- **universe**: *object*
<br>*additional properties: false*
- ⁺**prefix**: *string*
- **unavailable_service_identities**: *array*
- items: *string*
- **vpc_sc**: *object*
- ⁺**perimeter_name**: *string*
- **is_dry_run**: *boolean*
- **merges**: *object*
<br>*additional properties: false*
- **contacts**: *object*
<br>*additional properties: false*
- **`^[a-z0-9_-]+$`**: *array*
- items: *string*
- **labels**: *object*
<br>*additional properties: false*
- **`^[a-z0-9_-]+$`**: *array*
- items: *string*
- **metric_scopes**: *array*
- items: *string*
- **service_encryption_key_ids**: *object*
<br>*additional properties: false*
- **`^[a-z0-9_-]+$`**: *array*
- items: *string*
- **service_accounts**: *object*
<br>*additional properties: object*
- **services**: *array*
- items: *string*
- **overrides**: *object*
<br>*additional properties: false*
- **billing_account**: *string*
- **bucket**: *object*
<br>*additional properties: false*
- **force_destroy**: *boolean*
- **contacts**: *object*
<br>*additional properties: false*
- **`^[a-z0-9_-]+$`**: *array*
- items: *string*
- **deletion_policy**: *string*
<br>*enum: ['PREVENT', 'DELETE', 'ABANDON']*
- **locations**: *object*
<br>*additional properties: false*
- **bigquery**: *string*
- **logging**: *string*
- **storage**: *string*
- **parent**: *string*
- **prefix**: *string*
- **service_accounts**: *object*
<br>*additional properties: object*
- **service_encryption_key_ids**: *object*
<br>*additional properties: false*
- **`^[a-z0-9_-]+$`**: *array*
- items: *string*
- **services**: *array*
- items: *string*
- **tag_bindings**: *object*
<br>*additional properties: string*
- **universe**: *object*
<br>*additional properties: false*
- ⁺**prefix**: *string*
- **unavailable_service_identities**: *array*
- items: *string*
- **vpc_sc**: *object*
- ⁺**perimeter_name**: *string*
- **is_dry_run**: *boolean*
- **context**: *object*
<br>*additional properties: false*
- **custom_roles**: *object*
<br>*additional properties: string*
- **email_addresses**: *object*
<br>*additional properties: string*
- **folder_ids**: *object*
<br>*additional properties: string*
- **kms_keys**: *object*
<br>*additional properties: string*
- **iam_principals**: *object*
<br>*additional properties: string*
- **locations**: *object*
<br>*additional properties: string*
- **notification_channels**: *object*
<br>*additional properties: string*
- **project_ids**: *object*
<br>*additional properties: string*
- **service_account_ids**: *object*
<br>*additional properties: string*
- **tag_keys**: *object*
<br>*additional properties: string*
- **tag_values**: *object*
<br>*additional properties: string*
- **vpc_host_projects**: *object*
<br>*additional properties: string*
- **vpc_sc_perimeters**: *object*
<br>*additional properties: string*
- **output_files**: *object*
<br>*additional properties: false*
- **local_path**: *string*
- **providers_template_path**: *string*
<br>*default: assets/providers.tf.tpl*
- **storage_bucket**: *string*
- **providers_pattern**: *object*
<br>*additional properties: false*
- ⁺**service_accounts_match**: *object*
<br>*additional properties: false*
- **ro**: *string*
- **rw**: *string*
- ⁺**storage_bucket**: *string*
- **storage_folders_create**: *boolean*
- **providers**: *object*
<br>*additional properties: false*
- **`^[a-z0-9][a-z0-9_-]+$`**: *object*
<br>*additional properties: false*
- ⁺**service_account**: *string*
- **set_prefix**: *boolean*
- ⁺**storage_bucket**: *string*
## Definitions
- **iam**<a name="refs-iam"></a>: *object*
<br>*additional properties: false*
- **`^(?:roles/|\$custom_roles:)`**: *array*
- items: *string*
<br>*pattern: ^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:||\$iam_principals:[a-z0-9_-]+)*
- **iam_bindings**<a name="refs-iam_bindings"></a>: *object*
<br>*additional properties: false*
- **`^[a-z0-9_-]+$`**: *object*
<br>*additional properties: false*
- **members**: *array*
- items: *string*
<br>*pattern: ^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|\$iam_principals:[a-z0-9_-]+)*
- **role**: *string*
<br>*pattern: ^(?:roles/|\$custom_roles:)*
- **condition**: *object*
<br>*additional properties: false*
- ⁺**expression**: *string*
- ⁺**title**: *string*
- **description**: *string*
- **iam_bindings_additive**<a name="refs-iam_bindings_additive"></a>: *object*
<br>*additional properties: false*
- **`^[a-z0-9_-]+$`**: *object*
<br>*additional properties: false*
- **member**: *string*
<br>*pattern: ^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|\$iam_principals:[a-z0-9_-]+)*
- **role**: *string*
<br>*pattern: ^(?:roles/|\$custom_roles:)*
- **condition**: *object*
<br>*additional properties: false*
- ⁺**expression**: *string*
- ⁺**title**: *string*
- **description**: *string*
- **iam_by_principals**<a name="refs-iam_by_principals"></a>: *object*
<br>*additional properties: false*
- **`^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|\$iam_principals:[a-z0-9_-]+)`**: *array*
- items: *string*
<br>*pattern: ^(?:roles/|\$custom_roles:)*

70
fast/stages/2-project-factory/schemas/folder.schema.md
View File

@@ -25,6 +25,36 @@
- **iam_project_roles**: *reference([iam_project_roles](#refs-iam_project_roles))*
- **iam_sa_roles**: *reference([iam_sa_roles](#refs-iam_sa_roles))*
- **iam_storage_roles**: *reference([iam_storage_roles](#refs-iam_storage_roles))*
- **autokey_config**: *object*
<br>*additional properties: false*
- **project**: *string*
<br>*pattern: ^(projects/|\$project_ids:|\$project_numbers:)*
- **contacts**: *object*
<br>*additional properties: false*
- **`^(\S+@\S+\.\S+|\$email_addresses:\S+)$`**: *array*
- items: *string*
<br>*enum: ['ALL', 'BILLING', 'LEGAL', 'SECURITY', 'PRODUCT_UPDATES', 'SUSPENSION', 'TECHNICAL']*
- **data_access_logs**: *object*
<br>*additional properties: false*
- **`^([a-z][a-z-]+\.googleapis\.com|allServices)$`**: *object*
<br>*additional properties: false*
- **ADMIN_READ**: *object*
<br>*additional properties: false*
- **exempted_members**: *array*
- items: *string*
- **DATA_READ**: *object*
<br>*additional properties: false*
- **exempted_members**: *array*
- items: *string*
- **DATA_WRITE**: *object*
<br>*additional properties: false*
- **exempted_members**: *array*
- items: *string*
- **factories_config**: *object*
<br>*additional properties: false*
- **org_policies**: *string*
- **pam_entitlements**: *string*
- **scc_sha_custom_modules**: *string*
- **iam**: *reference([iam](#refs-iam))*
- **iam_bindings**: *reference([iam_bindings](#refs-iam_bindings))*
- **iam_bindings_additive**: *reference([iam_bindings_additive](#refs-iam_bindings_additive))*
@@ -55,6 +85,7 @@
- **expression**: *string*
- **location**: *string*
- **title**: *string*
- **pam_entitlements**: *reference([pam_entitlements](#refs-pam_entitlements))*
- **parent**: *string*
<br>*pattern: ^(?:folders/[0-9]+|organizations/[0-9]+|\$folder_ids:[a-z0-9_-]+)$*
- **tag_bindings**: *object*
@@ -72,7 +103,7 @@
- **iam_bindings_additive**: *reference([iam_bindings_additive](#refs-iam_bindings_additive))*
- **force_destroy**: *boolean*
- **labels**: *object*
*additional properties: String*
<br>*additional properties: string*
- **location**: *string*
- **managed_folders**: *object*
<br>*additional properties: false*
@@ -99,7 +130,7 @@
- items: *string*
<br>*pattern: ^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|\$iam_principals:)*
- **role**: *string*
<br>*pattern: ^roles/*
<br>*pattern: ^(?:roles/|\$custom_roles:)*
- **condition**: *object*
<br>*additional properties: false*
- ⁺**expression**: *string*
@@ -112,7 +143,7 @@
- **member**: *string*
<br>*pattern: ^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|\$iam_principals:)*
- **role**: *string*
<br>*pattern: ^roles/*
<br>*pattern: ^(?:roles/|\$custom_roles:)*
- **condition**: *object*
<br>*additional properties: false*
- ⁺**expression**: *string*
@@ -147,3 +178,36 @@
<br>*additional properties: false*
- **`^[a-z0-9-]+$`**: *array*
- items: *string*
- **pam_entitlements**<a name="refs-pam_entitlements"></a>: *object*
<br>*additional properties: false*
- **`^[a-z][a-z0-9-]{0,61}[a-z0-9]$`**: *object*
<br>*additional properties: false*
- ⁺**max_request_duration**: *string*
- ⁺**eligible_users**: *array*
- items: *string*
- ⁺**privileged_access**: *array*
- items: *object*
<br>*additional properties: false*
- ⁺**role**: *string*
- **condition**: *string*
- **requester_justification_config**: *object*
<br>*additional properties: false*
- **not_mandatory**: *boolean*
- **unstructured**: *boolean*
- **manual_approvals**: *object*
<br>*additional properties: false*
- ⁺**require_approver_justification**: *boolean*
- ⁺**steps**: *array*
- items: *object*
<br>*additional properties: false*
- ⁺**approvers**: *array*
- items: *string*
- **approvals_needed**: *number*
- **approver_email_recipients**: *array*
- items: *string*
- **additional_notification_targets**: *object*
<br>*additional properties: false*
- **admin_email_recipients**: *array*
- items: *string*
- **requester_email_recipients**: *array*
- items: *string*

96
fast/stages/2-project-factory/schemas/project.schema.json
View File

@@ -267,52 +267,56 @@
"additionalProperties": false,
"patternProperties": {
"^[a-z][a-z0-9-]+[a-z0-9]$": {
"destroy_scheduled_duration": {
"type": "string"
},
"rotation_period": {
"type": "string"
},
"iam": {
"$ref": "#/$defs/iam"
},
"iam_bindings": {
"$ref": "#/$defs/iam_bindings"
},
"iam_bindings_additive": {
"$ref": "#/$defs/iam_bindings_additive"
},
"purpose": {
"type": "string",
"default": "ENCRYPT_DECRYPT",
"enum": [
"CRYPTO_KEY_PURPOSE_UNSPECIFIED",
"ENCRYPT_DECRYPT",
"ASYMMETRIC_SIGN",
"ASYMMETRIC_DECRYPT",
"RAW_ENCRYPT_DECRYPT",
"MAC"
]
},
"version_template": {
"type": "object",
"additionalProperties": false,
"required": [
"algorithm"
],
"properties": {
"algorithm": {
"type": "string"
},
"protection_level": {
"type": "string",
"default": "SOFTWARE",
"enum": [
"SOFTWARE",
"HSM",
"EXTERNAL",
"EXTERNAL_VPC"
]
"type": "object",
"additionalProperties": false,
"properties": {
"destroy_scheduled_duration": {
"type": "string"
},
"rotation_period": {
"type": "string"
},
"iam": {
"$ref": "#/$defs/iam"
},
"iam_bindings": {
"$ref": "#/$defs/iam_bindings"
},
"iam_bindings_additive": {
"$ref": "#/$defs/iam_bindings_additive"
},
"purpose": {
"type": "string",
"default": "ENCRYPT_DECRYPT",
"enum": [
"CRYPTO_KEY_PURPOSE_UNSPECIFIED",
"ENCRYPT_DECRYPT",
"ASYMMETRIC_SIGN",
"ASYMMETRIC_DECRYPT",
"RAW_ENCRYPT_DECRYPT",
"MAC"
]
},
"version_template": {
"type": "object",
"additionalProperties": false,
"required": [
"algorithm"
],
"properties": {
"algorithm": {
"type": "string"
},
"protection_level": {
"type": "string",
"default": "SOFTWARE",
"enum": [
"SOFTWARE",
"HSM",
"EXTERNAL",
"EXTERNAL_VPC"
]
}
}
}
}

117
fast/stages/2-project-factory/schemas/project.schema.md
View File

@@ -31,15 +31,80 @@
- **buckets**: *reference([buckets](#refs-buckets))*
- **contacts**: *object*
<br>*additional properties: false*
- **`^[a-z0-9_-]+$`**: *array*
- **`^(\S+@\S+\.\S+|\$email_addresses:\S+)$`**: *array*
- items: *string*
<br>*enum: ['ALL', 'BILLING', 'LEGAL', 'SECURITY', 'PRODUCT_UPDATES', 'SUSPENSION', 'TECHNICAL']*
- **data_access_logs**: *object*
<br>*additional properties: false*
- **`^([a-z][a-z-]+\.googleapis\.com|allServices)$`**: *object*
<br>*additional properties: false*
- **ADMIN_READ**: *object*
<br>*additional properties: false*
- **exempted_members**: *array*
- items: *string*
- **DATA_READ**: *object*
<br>*additional properties: false*
- **exempted_members**: *array*
- items: *string*
- **DATA_WRITE**: *object*
<br>*additional properties: false*
- **exempted_members**: *array*
- items: *string*
- **datasets**: *object*
<br>*additional properties: false*
- **`^[a-z0-9_]+$`**: *object*
<br>*additional properties: false*
- **friendly_name**: *string*
- **location**: *string*
- **deletion_policy**: *string*
<br>*enum: ['PREVENT', 'DELETE', 'ABANDON']*
- **factories_config**: *object*
<br>*additional properties: false*
- **custom_roles**: *string*
- **observability**: *string*
- **org_policies**: *string*
- **quotas**: *string*
- **scc_sha_custom_modules**: *string*
- **tags**: *string*
- **iam**: *reference([iam](#refs-iam))*
- **iam_bindings**: *reference([iam_bindings](#refs-iam_bindings))*
- **iam_bindings_additive**: *reference([iam_bindings_additive](#refs-iam_bindings_additive))*
- **iam_by_principals**: *reference([iam_by_principals](#refs-iam_by_principals))*
- **iam_by_principals_additive**: *reference([iam_by_principals](#refs-iam_by_principals))*
- **kms**: *object*
<br>*additional properties: false*
- **autokeys**: *object*
<br>*additional properties: false*
- **`^[a-z][a-z0-9-]+[a-z0-9]$`**: *object*
<br>*additional properties: false*
- ⁺**location**: *string*
- ⁺**resource_type_selector**: *string*
- **keyrings**: *object*
<br>*additional properties: false*
- **`^[a-z][a-z0-9-]+[a-z0-9]$`**: *object*
<br>*additional properties: false*
- ⁺**location**: *string*
- **iam**: *reference([iam](#refs-iam))*
- **iam_bindings**: *reference([iam_bindings](#refs-iam_bindings))*
- **iam_bindings_additive**: *reference([iam_bindings_additive](#refs-iam_bindings_additive))*
- **keys**: *object*
<br>*additional properties: false*
- **`^[a-z][a-z0-9-]+[a-z0-9]$`**: *object*
<br>*additional properties: false*
- **destroy_scheduled_duration**: *string*
- **rotation_period**: *string*
- **iam**: *reference([iam](#refs-iam))*
- **iam_bindings**: *reference([iam_bindings](#refs-iam_bindings))*
- **iam_bindings_additive**: *reference([iam_bindings_additive](#refs-iam_bindings_additive))*
- **purpose**: *string*
<br>*default: ENCRYPT_DECRYPT*, *enum: ['CRYPTO_KEY_PURPOSE_UNSPECIFIED', 'ENCRYPT_DECRYPT', 'ASYMMETRIC_SIGN', 'ASYMMETRIC_DECRYPT', 'RAW_ENCRYPT_DECRYPT', 'MAC']*
- **version_template**: *object*
<br>*additional properties: false*
- ⁺**algorithm**: *string*
- **protection_level**: *string*
<br>*default: SOFTWARE*, *enum: ['SOFTWARE', 'HSM', 'EXTERNAL', 'EXTERNAL_VPC']*
- **labels**: *object*
- **pam_entitlements**: *reference([pam_entitlements](#refs-pam_entitlements))*
- **log_buckets**: *object*
<br>*additional properties: false*
- **`^[a-z0-9-]+$`**: *reference([log_bucket](#refs-log_bucket))*
@@ -79,11 +144,11 @@
- ⁺**quota_id**: *string*
- ⁺**preferred_value**: *number*
- **dimensions**: *object*
*additional properties: String*
<br>*additional properties: string*
- **justification**: *string*
- **contact_email**: *string*
- **annotations**: *object*
*additional properties: String*
<br>*additional properties: string*
- **ignore_safety_checks**: *string*
<br>*enum: ['QUOTA_DECREASE_BELOW_USAGE', 'QUOTA_DECREASE_PERCENTAGE_TOO_HIGH', 'QUOTA_SAFETY_CHECK_UNSPECIFIED']*
- **parent**: *string*
@@ -96,6 +161,7 @@
- ⁺**number**: *number*
- **services_enabled**: *array*
- items: *string*
- **project_template**: *string*
- **service_accounts**: *object*
<br>*additional properties: false*
- **`^[a-z0-9-]+$`**: *object*
@@ -139,10 +205,16 @@
<br>*additional properties: false*
- **`^[a-z0-9_-]+$`**: *string*
- **tags**: *object*
*additional properties: Object*
<br>*additional properties: object*
- **universe**: *object*
<br>*additional properties: false*
- **prefix**: *string*
- **forced_jit_service_identities**: *array*
- items: *string*
- **unavailable_services**: *array*
- items: *string*
- **unavailable_service_identities**: *array*
- items: *string*
- **vpc_sc**: *object*
- ⁺**perimeter_name**: *string*
- **is_dry_run**: *boolean*
@@ -152,13 +224,15 @@
- **bucket**<a name="refs-bucket"></a>: *object*
<br>*additional properties: false*
- **name**: *string*
- **create**: *boolean*
- **description**: *string*
- **encryption_key**: *string*
- **iam**: *reference([iam](#refs-iam))*
- **iam_bindings**: *reference([iam_bindings](#refs-iam_bindings))*
- **iam_bindings_additive**: *reference([iam_bindings_additive](#refs-iam_bindings_additive))*
- **force_destroy**: *boolean*
- **labels**: *object*
*additional properties: String*
<br>*additional properties: string*
- **location**: *string*
- **managed_folders**: *object*
<br>*additional properties: false*
@@ -252,3 +326,36 @@
- **dataset_link_id**: *string*
- **description**: *string*
- **retention**: *number*
- **pam_entitlements**<a name="refs-pam_entitlements"></a>: *object*
<br>*additional properties: false*
- **`^[a-z][a-z0-9-]{0,61}[a-z0-9]$`**: *object*
<br>*additional properties: false*
- ⁺**max_request_duration**: *string*
- ⁺**eligible_users**: *array*
- items: *string*
- ⁺**privileged_access**: *array*
- items: *object*
<br>*additional properties: false*
- ⁺**role**: *string*
- **condition**: *string*
- **requester_justification_config**: *object*
<br>*additional properties: false*
- **not_mandatory**: *boolean*
- **unstructured**: *boolean*
- **manual_approvals**: *object*
<br>*additional properties: false*
- ⁺**require_approver_justification**: *boolean*
- ⁺**steps**: *array*
- items: *object*
<br>*additional properties: false*
- ⁺**approvers**: *array*
- items: *string*
- **approvals_needed**: *number*
- **approver_email_recipients**: *array*
- items: *string*
- **additional_notification_targets**: *object*
<br>*additional properties: false*
- **admin_email_recipients**: *array*
- items: *string*
- **requester_email_recipients**: *array*
- items: *string*

123
fast/stages/2-security/schemas/certificate-authority.schema.md Normal file
View File

@@ -0,0 +1,123 @@
# Terraform Variable to JSON Schema Conversion
<!-- markdownlint-disable MD036 -->
## Properties
*additional properties: false*
- ⁺**location**: *string*
- ⁺**project_id**: *string*
- **iam**: *reference([iam](#refs-iam))*
- **iam_bindings**: *reference([iam_bindings](#refs-iam_bindings))*
- **iam_bindings_additive**: *reference([iam_bindings_additive](#refs-iam_bindings_additive))*
- **iam_by_principals**: *reference([iam_by_principals](#refs-iam_by_principals))*
- ⁺**ca_pool_config**: *object*
<br>*additional properties: false*
- **create_pool**: *object*
<br>*additional properties: false*
- **name**: *string*
- **enterprise_tier**: *boolean*
- **use_pool**: *object*
<br>*additional properties: false*
- ⁺**id**: *string*
- **ca_configs**: *object*
<br>*additional properties: false*
- **`^[a-z][a-z0-9-]+`**: *object*
<br>*additional properties: false*
- **deletion_protection**: *boolean*
- **is_ca**: *boolean*
- **is_self_signed**: *boolean*
- **lifetime**: *string*
- **pem_ca_certificate**: *string*
- **ignore_active_certificates_on_deletion**: *boolean*
- **skip_grace_period**: *boolean*
- **labels**: *object*
- **gcs_bucket**: *string*
- **key_spec**: *object*
<br>*additional properties: false*
- **algorithm**: *string*
<br>*default: RSA_PKCS1_2048_SHA256*, *enum: ['EC_P256_SHA256', 'EC_P384_SHA384', 'RSA_PSS_2048_SHA256', 'RSA_PSS_3072_SHA256', 'RSA_PSS_4096_SHA256', 'RSA_PKCS1_2048_SHA256', 'RSA_PKCS1_3072_SHA256', 'RSA_PKCS1_4096_SHA256', 'SIGN_HASH_ALGORITHM_UNSPECIFIED']*
- **kms_key_id**: *string*
- **key_usage**: *object*
<br>*additional properties: false*
- **cert_sign**: *boolean*
- **client_auth**: *boolean*
- **code_signing**: *boolean*
- **content_commitment**: *boolean*
- **crl_sign**: *boolean*
- **data_encipherment**: *boolean*
- **decipher_only**: *boolean*
- **digital_signature**: *boolean*
- **email_protection**: *boolean*
- **encipher_only**: *boolean*
- **key_agreement**: *boolean*
- **key_encipherment**: *boolean*
- **ocsp_signing**: *boolean*
- **server_auth**: *boolean*
- **time_stamping**: *boolean*
- **subject**: *object*
<br>*additional properties: false*
- ⁺**common_name**: *string*
- ⁺**organization**: *string*
- **country_code**: *string*
- **locality**: *string*
- **organizational_unit**: *string*
- **postal_code**: *string*
- **province**: *string*
- **street_address**: *string*
- **subject_alt_name**: *object*
<br>*additional properties: false*
- **dns_names**: *array*
- items: *string*
- **email_addresses**: *array*
- items: *string*
- **ip_addresses**: *array*
- items: *string*
- **uris**: *array*
- items: *string*
- **subordinate_config**: *object*
<br>*additional properties: false*
- **root_ca_id**: *string*
- **pem_issuer_certificates**: *array*
- items: *string*
## Definitions
- **iam**<a name="refs-iam"></a>: *object*
<br>*additional properties: false*
- **`^roles/`**: *array*
- items: *string*
<br>*pattern: ^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|[a-z])*
- **iam_bindings**<a name="refs-iam_bindings"></a>: *object*
<br>*additional properties: false*
- **`^[a-z0-9_-]+$`**: *object*
<br>*additional properties: false*
- **members**: *array*
- items: *string*
<br>*pattern: ^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|[a-z])*
- **role**: *string*
<br>*pattern: ^roles/*
- **condition**: *object*
<br>*additional properties: false*
- ⁺**expression**: *string*
- ⁺**title**: *string*
- **description**: *string*
- **iam_bindings_additive**<a name="refs-iam_bindings_additive"></a>: *object*
<br>*additional properties: false*
- **`^[a-z0-9_-]+$`**: *object*
<br>*additional properties: false*
- **member**: *string*
<br>*pattern: ^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|[a-z])*
- **role**: *string*
<br>*pattern: ^[a-zA-Z0-9_/]+$*
- **condition**: *object*
<br>*additional properties: false*
- ⁺**expression**: *string*
- ⁺**title**: *string*
- **description**: *string*
- **iam_by_principals**<a name="refs-iam_by_principals"></a>: *object*
<br>*additional properties: false*
- **`^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|\$iam_principals:[a-z0-9_-]+)`**: *array*
- items: *string*
<br>*pattern: ^(?:roles/|\$custom_roles:)*

195
fast/stages/2-security/schemas/defaults.schema.md Normal file
View File

@@ -0,0 +1,195 @@
# Bootstrap Defaults
<!-- markdownlint-disable MD036 -->
## Properties
*additional properties: false*
- **global**: *object*
<br>*additional properties: false*
- **folder_name**: *string*
<br>*default: security*
- **stage_name**: *string*
<br>*default: 2-security*
- **projects**: *object*
<br>*additional properties: false*
- **defaults**: *object*
<br>*additional properties: false*
- **billing_account**: *string*
- **bucket**: *object*
<br>*additional properties: false*
- **force_destroy**: *boolean*
- **contacts**: *object*
<br>*additional properties: false*
- **`^[a-z0-9_-]+$`**: *array*
- items: *string*
- **deletion_policy**: *string*
<br>*enum: ['PREVENT', 'DELETE', 'ABANDON']*
- **labels**: *object*
<br>*additional properties: false*
- **`^[a-z0-9_-]+$`**: *array*
- items: *string*
- **locations**: *object*
<br>*additional properties: false*
- **bigquery**: *string*
- **logging**: *string*
- **storage**: *string*
- **metric_scopes**: *array*
- items: *string*
- **parent**: *string*
- **prefix**: *string*
- **project_reuse**: *object*
<br>*additional properties: false*
- **use_data_source**: *boolean*
- **attributes**: *object*
<br>*additional properties: false*
- ⁺**name**: *string*
- ⁺**number**: *number*
- **services_enabled**: *array*
- items: *string*
- **service_encryption_key_ids**: *object*
<br>*additional properties: false*
- **`^[a-z0-9_-]+$`**: *array*
- items: *string*
- **services**: *array*
- items: *string*
- **shared_vpc_service_config**: *object*
<br>*additional properties: false*
- ⁺**host_project**: *string*
- **iam_bindings_additive**: *reference([iam_bindings_additive](#refs-iam_bindings_additive))*
- **network_users**: *array*
- items: *string*
- **service_agent_iam**: *object*
<br>*additional properties: array*
- **service_agent_subnet_iam**: *object*
<br>*additional properties: array*
- **service_iam_grants**: *array*
- items: *string*
- **network_subnet_users**: *object*
<br>*additional properties: array*
- **tag_bindings**: *object*
<br>*additional properties: string*
- **service_accounts**: *object*
<br>*additional properties: object*
- **universe**: *object*
<br>*additional properties: false*
- ⁺**domain**: *string*
- **forced_jit_service_identities**: *array*
- items: *string*
- ⁺**prefix**: *string*
- **unavailable_service_identities**: *array*
- items: *string*
- **vpc_sc**: *object*
- ⁺**perimeter_name**: *string*
- **is_dry_run**: *boolean*
- **overrides**: *object*
<br>*additional properties: false*
- **billing_account**: *string*
- **bucket**: *object*
<br>*additional properties: false*
- **force_destroy**: *boolean*
- **contacts**: *object*
<br>*additional properties: false*
- **`^[a-z0-9_-]+$`**: *array*
- items: *string*
- **deletion_policy**: *string*
<br>*enum: ['PREVENT', 'DELETE', 'ABANDON']*
- **locations**: *object*
<br>*additional properties: false*
- **bigquery**: *string*
- **logging**: *string*
- **storage**: *string*
- **parent**: *string*
- **prefix**: *string*
- **service_encryption_key_ids**: *object*
<br>*additional properties: false*
- **`^[a-z0-9_-]+$`**: *array*
- items: *string*
- **tag_bindings**: *object*
<br>*additional properties: string*
- **service_accounts**: *object*
<br>*additional properties: object*
- **universe**: *object*
<br>*additional properties: false*
- ⁺**domain**: *string*
- **forced_jit_service_identities**: *array*
- items: *string*
- ⁺**prefix**: *string*
- **unavailable_service_identities**: *array*
- items: *string*
- **vpc_sc**: *object*
- ⁺**perimeter_name**: *string*
- **is_dry_run**: *boolean*
- **context**: *object*
<br>*additional properties: false*
- **custom_roles**: *object*
<br>*additional properties: string*
- **email_addresses**: *object*
<br>*additional properties: string*
- **folder_ids**: *object*
<br>*additional properties: string*
- **kms_keys**: *object*
<br>*additional properties: string*
- **iam_principals**: *object*
<br>*additional properties: string*
- **locations**: *object*
<br>*additional properties: string*
- **notification_channels**: *object*
<br>*additional properties: string*
- **project_ids**: *object*
<br>*additional properties: string*
- **service_account_ids**: *object*
<br>*additional properties: string*
- **tag_keys**: *object*
<br>*additional properties: string*
- **tag_values**: *object*
<br>*additional properties: string*
- **vpc_host_projects**: *object*
<br>*additional properties: string*
- **vpc_sc_perimeters**: *object*
<br>*additional properties: string*
- **output_files**: *object*
<br>*additional properties: false*
- **local_path**: *string*
- **storage_bucket**: *string*
## Definitions
- **iam**<a name="refs-iam"></a>: *object*
<br>*additional properties: false*
- **`^(?:roles/|\$custom_roles:)`**: *array*
- items: *string*
<br>*pattern: ^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:||\$iam_principals:[a-z0-9_-]+)*
- **iam_bindings**<a name="refs-iam_bindings"></a>: *object*
<br>*additional properties: false*
- **`^[a-z0-9_-]+$`**: *object*
<br>*additional properties: false*
- **members**: *array*
- items: *string*
<br>*pattern: ^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|\$iam_principals:[a-z0-9_-]+)*
- **role**: *string*
<br>*pattern: ^(?:roles/|\$custom_roles:)*
- **condition**: *object*
<br>*additional properties: false*
- ⁺**expression**: *string*
- ⁺**title**: *string*
- **description**: *string*
- **iam_bindings_additive**<a name="refs-iam_bindings_additive"></a>: *object*
<br>*additional properties: false*
- **`^[a-z0-9_-]+$`**: *object*
<br>*additional properties: false*
- **member**: *string*
<br>*pattern: ^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|\$iam_principals:[a-z0-9_-]+)*
- **role**: *string*
<br>*pattern: ^(?:roles/|\$custom_roles:)*
- **condition**: *object*
<br>*additional properties: false*
- ⁺**expression**: *string*
- ⁺**title**: *string*
- **description**: *string*
- **iam_by_principals**<a name="refs-iam_by_principals"></a>: *object*
<br>*additional properties: false*
- **`^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|\$iam_principals:[a-z0-9_-]+)`**: *array*
- items: *string*
<br>*pattern: ^(?:roles/|\$custom_roles:)*

213
fast/stages/2-security/schemas/folder.schema.md Normal file
View File

@@ -0,0 +1,213 @@
# Folder
<!-- markdownlint-disable MD036 -->
## Properties
*additional properties: false*
- **automation**: *object*
<br>*additional properties: false*
- **prefix**: *string*
- ⁺**project**: *string*
- **bucket**: *reference([bucket](#refs-bucket))*
- **service_accounts**: *object*
<br>*additional properties: false*
- **`^[a-z0-9-]+$`**: *object*
<br>*additional properties: false*
- **description**: *string*
- **iam**: *reference([iam](#refs-iam))*
- **iam_bindings**: *reference([iam_bindings](#refs-iam_bindings))*
- **iam_bindings_additive**: *reference([iam_bindings_additive](#refs-iam_bindings_additive))*
- **iam_billing_roles**: *reference([iam_billing_roles](#refs-iam_billing_roles))*
- **iam_folder_roles**: *reference([iam_folder_roles](#refs-iam_folder_roles))*
- **iam_organization_roles**: *reference([iam_organization_roles](#refs-iam_organization_roles))*
- **iam_project_roles**: *reference([iam_project_roles](#refs-iam_project_roles))*
- **iam_sa_roles**: *reference([iam_sa_roles](#refs-iam_sa_roles))*
- **iam_storage_roles**: *reference([iam_storage_roles](#refs-iam_storage_roles))*
- **autokey_config**: *object*
<br>*additional properties: false*
- **project**: *string*
<br>*pattern: ^(projects/|\$project_ids:|\$project_numbers:)*
- **contacts**: *object*
<br>*additional properties: false*
- **`^(\S+@\S+\.\S+|\$email_addresses:\S+)$`**: *array*
- items: *string*
<br>*enum: ['ALL', 'BILLING', 'LEGAL', 'SECURITY', 'PRODUCT_UPDATES', 'SUSPENSION', 'TECHNICAL']*
- **data_access_logs**: *object*
<br>*additional properties: false*
- **`^([a-z][a-z-]+\.googleapis\.com|allServices)$`**: *object*
<br>*additional properties: false*
- **ADMIN_READ**: *object*
<br>*additional properties: false*
- **exempted_members**: *array*
- items: *string*
- **DATA_READ**: *object*
<br>*additional properties: false*
- **exempted_members**: *array*
- items: *string*
- **DATA_WRITE**: *object*
<br>*additional properties: false*
- **exempted_members**: *array*
- items: *string*
- **factories_config**: *object*
<br>*additional properties: false*
- **org_policies**: *string*
- **pam_entitlements**: *string*
- **scc_sha_custom_modules**: *string*
- **iam**: *reference([iam](#refs-iam))*
- **iam_bindings**: *reference([iam_bindings](#refs-iam_bindings))*
- **iam_bindings_additive**: *reference([iam_bindings_additive](#refs-iam_bindings_additive))*
- **iam_by_principals**: *reference([iam_by_principals](#refs-iam_by_principals))*
- **name**: *string*
- **org_policies**: *object*
<br>*additional properties: false*
- **`^[a-z]+\.`**: *object*
- **inherit_from_parent**: *boolean*
- **reset**: *boolean*
- **rules**: *array*
- items: *object*
<br>*additional properties: false*
- **allow**: *object*
<br>*additional properties: false*
- **all**: *boolean*
- **values**: *array*
- items: *string*
- **deny**: *object*
<br>*additional properties: false*
- **all**: *boolean*
- **values**: *array*
- items: *string*
- **enforce**: *boolean*
- **condition**: *object*
<br>*additional properties: false*
- **description**: *string*
- **expression**: *string*
- **location**: *string*
- **title**: *string*
- **pam_entitlements**: *reference([pam_entitlements](#refs-pam_entitlements))*
- **parent**: *string*
<br>*pattern: ^(?:folders/[0-9]+|organizations/[0-9]+|\$folder_ids:[a-z0-9_-]+)$*
- **tag_bindings**: *object*
<br>*additional properties: false*
- **`^[a-z0-9_-]+$`**: *string*
## Definitions
- **bucket**<a name="refs-bucket"></a>: *object*
<br>*additional properties: false*
- **name**: *string*
- **description**: *string*
- **iam**: *reference([iam](#refs-iam))*
- **iam_bindings**: *reference([iam_bindings](#refs-iam_bindings))*
- **iam_bindings_additive**: *reference([iam_bindings_additive](#refs-iam_bindings_additive))*
- **force_destroy**: *boolean*
- **labels**: *object*
<br>*additional properties: string*
- **location**: *string*
- **managed_folders**: *object*
<br>*additional properties: false*
- **`^[a-zA-Z0-9][a-zA-Z0-9_/-]+$`**: *object*
<br>*additional properties: false*
- **force_destroy**: *boolean*
- **iam**: *reference([iam](#refs-iam))*
- **iam_bindings**: *reference([iam_bindings](#refs-iam_bindings))*
- **iam_bindings_additive**: *reference([iam_bindings_additive](#refs-iam_bindings_additive))*
- **prefix**: *string*
- **storage_class**: *string*
- **uniform_bucket_level_access**: *boolean*
- **versioning**: *boolean*
- **iam**<a name="refs-iam"></a>: *object*
<br>*additional properties: false*
- **`^(?:roles/|\$custom_roles:)`**: *array*
- items: *string*
<br>*pattern: ^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|\$iam_principals:)*
- **iam_bindings**<a name="refs-iam_bindings"></a>: *object*
<br>*additional properties: false*
- **`^[a-z0-9_-]+$`**: *object*
<br>*additional properties: false*
- **members**: *array*
- items: *string*
<br>*pattern: ^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|\$iam_principals:)*
- **role**: *string*
<br>*pattern: ^(?:roles/|\$custom_roles:)*
- **condition**: *object*
<br>*additional properties: false*
- ⁺**expression**: *string*
- ⁺**title**: *string*
- **description**: *string*
- **iam_bindings_additive**<a name="refs-iam_bindings_additive"></a>: *object*
<br>*additional properties: false*
- **`^[a-z0-9_-]+$`**: *object*
<br>*additional properties: false*
- **member**: *string*
<br>*pattern: ^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|\$iam_principals:)*
- **role**: *string*
<br>*pattern: ^(?:roles/|\$custom_roles:)*
- **condition**: *object*
<br>*additional properties: false*
- ⁺**expression**: *string*
- ⁺**title**: *string*
- **description**: *string*
- **iam_by_principals**<a name="refs-iam_by_principals"></a>: *object*
<br>*additional properties: false*
- **`^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|\$iam_principals:)`**: *array*
- items: *string*
<br>*pattern: ^(?:roles/|\$custom_roles:)*
- **iam_billing_roles**<a name="refs-iam_billing_roles"></a>: *object*
<br>*additional properties: false*
- **`^[a-z0-9-]+$`**: *array*
- items: *string*
- **iam_folder_roles**<a name="refs-iam_folder_roles"></a>: *object*
<br>*additional properties: false*
- **`^[a-z0-9-]+$`**: *array*
- items: *string*
- **iam_organization_roles**<a name="refs-iam_organization_roles"></a>: *object*
<br>*additional properties: false*
- **`^[a-z0-9-]+$`**: *array*
- items: *string*
- **iam_project_roles**<a name="refs-iam_project_roles"></a>: *object*
<br>*additional properties: false*
- **`^[a-z0-9-]+$`**: *array*
- items: *string*
- **iam_sa_roles**<a name="refs-iam_sa_roles"></a>: *object*
<br>*additional properties: false*
- **`^[a-z0-9-]+$`**: *array*
- items: *string*
- **iam_storage_roles**<a name="refs-iam_storage_roles"></a>: *object*
<br>*additional properties: false*
- **`^[a-z0-9-]+$`**: *array*
- items: *string*
- **pam_entitlements**<a name="refs-pam_entitlements"></a>: *object*
<br>*additional properties: false*
- **`^[a-z][a-z0-9-]{0,61}[a-z0-9]$`**: *object*
<br>*additional properties: false*
- ⁺**max_request_duration**: *string*
- ⁺**eligible_users**: *array*
- items: *string*
- ⁺**privileged_access**: *array*
- items: *object*
<br>*additional properties: false*
- ⁺**role**: *string*
- **condition**: *string*
- **requester_justification_config**: *object*
<br>*additional properties: false*
- **not_mandatory**: *boolean*
- **unstructured**: *boolean*
- **manual_approvals**: *object*
<br>*additional properties: false*
- ⁺**require_approver_justification**: *boolean*
- ⁺**steps**: *array*
- items: *object*
<br>*additional properties: false*
- ⁺**approvers**: *array*
- items: *string*
- **approvals_needed**: *number*
- **approver_email_recipients**: *array*
- items: *string*
- **additional_notification_targets**: *object*
<br>*additional properties: false*
- **admin_email_recipients**: *array*
- items: *string*
- **requester_email_recipients**: *array*
- items: *string*

68
fast/stages/2-security/schemas/keyring.schema.md Normal file
View File

@@ -0,0 +1,68 @@
# KMS Keyring
<!-- markdownlint-disable MD036 -->
## Properties
*additional properties: false*
- ⁺**location**: *string*
- ⁺**project_id**: *string*
- **name**: *string*
- **iam**: *reference([iam](#refs-iam))*
- **iam_bindings**: *reference([iam_bindings](#refs-iam_bindings))*
- **iam_bindings_additive**: *reference([iam_bindings_additive](#refs-iam_bindings_additive))*
- **reuse**: *boolean*
- **keys**: *object*
<br>*additional properties: false*
- **`^[a-z][a-z0-9-]+$`**: *object*
<br>*additional properties: false*
- **destroy_scheduled_duration**: *string*
- **rotation_period**: *string*
- **labels**: *string*
- **purpose**: *string*
<br>*default: ENCRYPT_DECRYPT*, *enum: ['CRYPTO_KEY_PURPOSE_UNSPECIFIED', 'ENCRYPT_DECRYPT', 'ASYMMETRIC_SIGN', 'ASYMMETRIC_DECRYPT', 'RAW_ENCRYPT_DECRYPT', 'MAC']*
- **skip_initial_version_creation**: *boolean*
- **version_template**: *object*
<br>*additional properties: false*
- **algorithm**: *string*
- **protection_level**: *string*
<br>*default: SOFTWARE*, *enum: ['SOFTWARE', 'HSM', 'EXTERNAL', 'EXTERNAL_VPC']*
- **iam**: *reference([iam](#refs-iam))*
- **iam_bindings**: *reference([iam_bindings](#refs-iam_bindings))*
- **iam_bindings_additive**: *reference([iam_bindings_additive](#refs-iam_bindings_additive))*
## Definitions
- **iam**<a name="refs-iam"></a>: *object*
<br>*additional properties: false*
- **`^roles/`**: *array*
- items: *string*
<br>*pattern: ^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|[a-z])*
- **iam_bindings**<a name="refs-iam_bindings"></a>: *object*
<br>*additional properties: false*
- **`^[a-z0-9_-]+$`**: *object*
<br>*additional properties: false*
- **members**: *array*
- items: *string*
<br>*pattern: ^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|[a-z])*
- **role**: *string*
<br>*pattern: ^roles/*
- **condition**: *object*
<br>*additional properties: false*
- ⁺**expression**: *string*
- ⁺**title**: *string*
- **description**: *string*
- **iam_bindings_additive**<a name="refs-iam_bindings_additive"></a>: *object*
<br>*additional properties: false*
- **`^[a-z0-9_-]+$`**: *object*
<br>*additional properties: false*
- **member**: *string*
<br>*pattern: ^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|[a-z])*
- **role**: *string*
<br>*pattern: ^[a-zA-Z0-9_/]+$*
- **condition**: *object*
<br>*additional properties: false*
- ⁺**expression**: *string*
- ⁺**title**: *string*
- **description**: *string*

96
fast/stages/2-security/schemas/project.schema.json
View File

@@ -267,52 +267,56 @@
"additionalProperties": false,
"patternProperties": {
"^[a-z][a-z0-9-]+[a-z0-9]$": {
"destroy_scheduled_duration": {
"type": "string"
},
"rotation_period": {
"type": "string"
},
"iam": {
"$ref": "#/$defs/iam"
},
"iam_bindings": {
"$ref": "#/$defs/iam_bindings"
},
"iam_bindings_additive": {
"$ref": "#/$defs/iam_bindings_additive"
},
"purpose": {
"type": "string",
"default": "ENCRYPT_DECRYPT",
"enum": [
"CRYPTO_KEY_PURPOSE_UNSPECIFIED",
"ENCRYPT_DECRYPT",
"ASYMMETRIC_SIGN",
"ASYMMETRIC_DECRYPT",
"RAW_ENCRYPT_DECRYPT",
"MAC"
]
},
"version_template": {
"type": "object",
"additionalProperties": false,
"required": [
"algorithm"
],
"properties": {
"algorithm": {
"type": "string"
},
"protection_level": {
"type": "string",
"default": "SOFTWARE",
"enum": [
"SOFTWARE",
"HSM",
"EXTERNAL",
"EXTERNAL_VPC"
]
"type": "object",
"additionalProperties": false,
"properties": {
"destroy_scheduled_duration": {
"type": "string"
},
"rotation_period": {
"type": "string"
},
"iam": {
"$ref": "#/$defs/iam"
},
"iam_bindings": {
"$ref": "#/$defs/iam_bindings"
},
"iam_bindings_additive": {
"$ref": "#/$defs/iam_bindings_additive"
},
"purpose": {
"type": "string",
"default": "ENCRYPT_DECRYPT",
"enum": [
"CRYPTO_KEY_PURPOSE_UNSPECIFIED",
"ENCRYPT_DECRYPT",
"ASYMMETRIC_SIGN",
"ASYMMETRIC_DECRYPT",
"RAW_ENCRYPT_DECRYPT",
"MAC"
]
},
"version_template": {
"type": "object",
"additionalProperties": false,
"required": [
"algorithm"
],
"properties": {
"algorithm": {
"type": "string"
},
"protection_level": {
"type": "string",
"default": "SOFTWARE",
"enum": [
"SOFTWARE",
"HSM",
"EXTERNAL",
"EXTERNAL_VPC"
]
}
}
}
}

361
fast/stages/2-security/schemas/project.schema.md Normal file
View File

@@ -0,0 +1,361 @@
# Project
<!-- markdownlint-disable MD036 -->
## Properties
*additional properties: false*
- **automation**: *object*
<br>*additional properties: false*
- **prefix**: *string*
- ⁺**project**: *string*
- **bucket**: *reference([bucket](#refs-bucket))*
- **service_accounts**: *object*
<br>*additional properties: false*
- **`^[a-z0-9-]+$`**: *object*
<br>*additional properties: false*
- **description**: *string*
- **iam**: *reference([iam](#refs-iam))*
- **iam_bindings**: *reference([iam_bindings](#refs-iam_bindings))*
- **iam_bindings_additive**: *reference([iam_bindings_additive](#refs-iam_bindings_additive))*
- **iam_billing_roles**: *reference([iam_billing_roles](#refs-iam_billing_roles))*
- **iam_folder_roles**: *reference([iam_folder_roles](#refs-iam_folder_roles))*
- **iam_organization_roles**: *reference([iam_organization_roles](#refs-iam_organization_roles))*
- **iam_project_roles**: *reference([iam_project_roles](#refs-iam_project_roles))*
- **iam_sa_roles**: *reference([iam_sa_roles](#refs-iam_sa_roles))*
- **iam_storage_roles**: *reference([iam_storage_roles](#refs-iam_storage_roles))*
- **billing_account**: *string*
- **billing_budgets**: *array*
- items: *string*
- **buckets**: *reference([buckets](#refs-buckets))*
- **contacts**: *object*
<br>*additional properties: false*
- **`^(\S+@\S+\.\S+|\$email_addresses:\S+)$`**: *array*
- items: *string*
<br>*enum: ['ALL', 'BILLING', 'LEGAL', 'SECURITY', 'PRODUCT_UPDATES', 'SUSPENSION', 'TECHNICAL']*
- **data_access_logs**: *object*
<br>*additional properties: false*
- **`^([a-z][a-z-]+\.googleapis\.com|allServices)$`**: *object*
<br>*additional properties: false*
- **ADMIN_READ**: *object*
<br>*additional properties: false*
- **exempted_members**: *array*
- items: *string*
- **DATA_READ**: *object*
<br>*additional properties: false*
- **exempted_members**: *array*
- items: *string*
- **DATA_WRITE**: *object*
<br>*additional properties: false*
- **exempted_members**: *array*
- items: *string*
- **datasets**: *object*
<br>*additional properties: false*
- **`^[a-z0-9_]+$`**: *object*
<br>*additional properties: false*
- **friendly_name**: *string*
- **location**: *string*
- **deletion_policy**: *string*
<br>*enum: ['PREVENT', 'DELETE', 'ABANDON']*
- **factories_config**: *object*
<br>*additional properties: false*
- **custom_roles**: *string*
- **observability**: *string*
- **org_policies**: *string*
- **quotas**: *string*
- **scc_sha_custom_modules**: *string*
- **tags**: *string*
- **iam**: *reference([iam](#refs-iam))*
- **iam_bindings**: *reference([iam_bindings](#refs-iam_bindings))*
- **iam_bindings_additive**: *reference([iam_bindings_additive](#refs-iam_bindings_additive))*
- **iam_by_principals**: *reference([iam_by_principals](#refs-iam_by_principals))*
- **iam_by_principals_additive**: *reference([iam_by_principals](#refs-iam_by_principals))*
- **kms**: *object*
<br>*additional properties: false*
- **autokeys**: *object*
<br>*additional properties: false*
- **`^[a-z][a-z0-9-]+[a-z0-9]$`**: *object*
<br>*additional properties: false*
- ⁺**location**: *string*
- ⁺**resource_type_selector**: *string*
- **keyrings**: *object*
<br>*additional properties: false*
- **`^[a-z][a-z0-9-]+[a-z0-9]$`**: *object*
<br>*additional properties: false*
- ⁺**location**: *string*
- **iam**: *reference([iam](#refs-iam))*
- **iam_bindings**: *reference([iam_bindings](#refs-iam_bindings))*
- **iam_bindings_additive**: *reference([iam_bindings_additive](#refs-iam_bindings_additive))*
- **keys**: *object*
<br>*additional properties: false*
- **`^[a-z][a-z0-9-]+[a-z0-9]$`**: *object*
<br>*additional properties: false*
- **destroy_scheduled_duration**: *string*
- **rotation_period**: *string*
- **iam**: *reference([iam](#refs-iam))*
- **iam_bindings**: *reference([iam_bindings](#refs-iam_bindings))*
- **iam_bindings_additive**: *reference([iam_bindings_additive](#refs-iam_bindings_additive))*
- **purpose**: *string*
<br>*default: ENCRYPT_DECRYPT*, *enum: ['CRYPTO_KEY_PURPOSE_UNSPECIFIED', 'ENCRYPT_DECRYPT', 'ASYMMETRIC_SIGN', 'ASYMMETRIC_DECRYPT', 'RAW_ENCRYPT_DECRYPT', 'MAC']*
- **version_template**: *object*
<br>*additional properties: false*
- ⁺**algorithm**: *string*
- **protection_level**: *string*
<br>*default: SOFTWARE*, *enum: ['SOFTWARE', 'HSM', 'EXTERNAL', 'EXTERNAL_VPC']*
- **labels**: *object*
- **pam_entitlements**: *reference([pam_entitlements](#refs-pam_entitlements))*
- **log_buckets**: *object*
<br>*additional properties: false*
- **`^[a-z0-9-]+$`**: *reference([log_bucket](#refs-log_bucket))*
- **metric_scopes**: *array*
- items: *string*
- **name**: *string*
- **org_policies**: *object*
<br>*additional properties: false*
- **`^[a-z]+\.`**: *object*
- **inherit_from_parent**: *boolean*
- **reset**: *boolean*
- **rules**: *array*
- items: *object*
<br>*additional properties: false*
- **allow**: *object*
<br>*additional properties: false*
- **all**: *boolean*
- **values**: *array*
- items: *string*
- **deny**: *object*
<br>*additional properties: false*
- **all**: *boolean*
- **values**: *array*
- items: *string*
- **enforce**: *boolean*
- **condition**: *object*
<br>*additional properties: false*
- **description**: *string*
- **expression**: *string*
- **location**: *string*
- **title**: *string*
- **quotas**: *object*
<br>*additional properties: false*
- **`^[a-zA-Z0-9_-]+$`**: *object*
<br>*additional properties: false*
- ⁺**service**: *string*
- ⁺**quota_id**: *string*
- ⁺**preferred_value**: *number*
- **dimensions**: *object*
<br>*additional properties: string*
- **justification**: *string*
- **contact_email**: *string*
- **annotations**: *object*
<br>*additional properties: string*
- **ignore_safety_checks**: *string*
<br>*enum: ['QUOTA_DECREASE_BELOW_USAGE', 'QUOTA_DECREASE_PERCENTAGE_TOO_HIGH', 'QUOTA_SAFETY_CHECK_UNSPECIFIED']*
- **parent**: *string*
- **prefix**: *string*
- **project_reuse**: *object*
<br>*additional properties: false*
- **use_data_source**: *boolean*
- **attributes**: *object*
- ⁺**name**: *string*
- ⁺**number**: *number*
- **services_enabled**: *array*
- items: *string*
- **project_template**: *string*
- **service_accounts**: *object*
<br>*additional properties: false*
- **`^[a-z0-9-]+$`**: *object*
<br>*additional properties: false*
- **display_name**: *string*
- **iam**: *reference([iam](#refs-iam))*
- **iam_self_roles**: *array*
- items: *string*
- **iam_project_roles**: *reference([iam_project_roles](#refs-iam_project_roles))*
- **iam_sa_roles**: *reference([iam_sa_roles](#refs-iam_sa_roles))*
- **service_encryption_key_ids**: *object*
<br>*additional properties: false*
- **`^[a-z-]+\.googleapis\.com$`**: *array*
- items: *string*
- **services**: *array*
- items: *string*
<br>*pattern: ^[a-z-]+\.googleapis\.com$*
- **shared_vpc_host_config**: *object*
<br>*additional properties: false*
- ⁺**enabled**: *boolean*
- **service_projects**: *array*
- items: *string*
- **shared_vpc_service_config**: *object*
<br>*additional properties: false*
- ⁺**host_project**: *string*
- **iam_bindings_additive**: *reference([iam_bindings_additive](#refs-iam_bindings_additive))*
- **network_users**: *array*
- items: *string*
- **service_agent_iam**: *object*
- **`^[a-z0-9_-]+$`**: *array*
- items: *string*
- **service_agent_subnet_iam**: *object*
- **`^[a-z0-9_-]+$`**: *array*
- items: *string*
- **service_iam_grants**: *array*
- items: *string*
- **network_subnet_users**: *object*
- **`^[a-z0-9_-]+$`**: *array*
- items: *string*
- **tag_bindings**: *object*
<br>*additional properties: false*
- **`^[a-z0-9_-]+$`**: *string*
- **tags**: *object*
<br>*additional properties: object*
- **universe**: *object*
<br>*additional properties: false*
- **prefix**: *string*
- **forced_jit_service_identities**: *array*
- items: *string*
- **unavailable_services**: *array*
- items: *string*
- **unavailable_service_identities**: *array*
- items: *string*
- **vpc_sc**: *object*
- ⁺**perimeter_name**: *string*
- **is_dry_run**: *boolean*
## Definitions
- **bucket**<a name="refs-bucket"></a>: *object*
<br>*additional properties: false*
- **name**: *string*
- **create**: *boolean*
- **description**: *string*
- **encryption_key**: *string*
- **iam**: *reference([iam](#refs-iam))*
- **iam_bindings**: *reference([iam_bindings](#refs-iam_bindings))*
- **iam_bindings_additive**: *reference([iam_bindings_additive](#refs-iam_bindings_additive))*
- **force_destroy**: *boolean*
- **labels**: *object*
<br>*additional properties: string*
- **location**: *string*
- **managed_folders**: *object*
<br>*additional properties: false*
- **`^[a-zA-Z0-9][a-zA-Z0-9_/-]+$`**: *object*
<br>*additional properties: false*
- **force_destroy**: *boolean*
- **iam**: *reference([iam](#refs-iam))*
- **iam_bindings**: *reference([iam_bindings](#refs-iam_bindings))*
- **iam_bindings_additive**: *reference([iam_bindings_additive](#refs-iam_bindings_additive))*
- **prefix**: *string*
- **storage_class**: *string*
- **uniform_bucket_level_access**: *boolean*
- **versioning**: *boolean*
- **retention_policy**: *object*
<br>*additional properties: false*
- **retention_period**: *number*
- **is_locked**: *boolean*
- **enable_object_retention**: *boolean*
- **buckets**<a name="refs-buckets"></a>: *object*
<br>*additional properties: false*
- **`^[a-z0-9-]+$`**: *reference([bucket](#refs-bucket))*
- **iam**<a name="refs-iam"></a>: *object*
<br>*additional properties: false*
- **`^(?:roles/|\$custom_roles:)`**: *array*
- items: *string*
<br>*pattern: ^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:||\$iam_principals:[a-z0-9_-]+)*
- **iam_bindings**<a name="refs-iam_bindings"></a>: *object*
<br>*additional properties: false*
- **`^[a-z0-9_-]+$`**: *object*
<br>*additional properties: false*
- **members**: *array*
- items: *string*
<br>*pattern: ^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|\$iam_principals:[a-z0-9_-]+)*
- **role**: *string*
<br>*pattern: ^(?:roles/|\$custom_roles:)*
- **condition**: *object*
<br>*additional properties: false*
- ⁺**expression**: *string*
- ⁺**title**: *string*
- **description**: *string*
- **iam_bindings_additive**<a name="refs-iam_bindings_additive"></a>: *object*
<br>*additional properties: false*
- **`^[a-z0-9_-]+$`**: *object*
<br>*additional properties: false*
- **member**: *string*
<br>*pattern: ^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|\$iam_principals:[a-z0-9_-]+)*
- **role**: *string*
<br>*pattern: ^(?:roles/|\$custom_roles:)*
- **condition**: *object*
<br>*additional properties: false*
- ⁺**expression**: *string*
- ⁺**title**: *string*
- **description**: *string*
- **iam_by_principals**<a name="refs-iam_by_principals"></a>: *object*
<br>*additional properties: false*
- **`^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|\$iam_principals:[a-z0-9_-]+)`**: *array*
- items: *string*
<br>*pattern: ^(?:roles/|\$custom_roles:)*
- **iam_billing_roles**<a name="refs-iam_billing_roles"></a>: *object*
<br>*additional properties: false*
- **`^[a-z0-9-]+$`**: *array*
- items: *string*
- **iam_folder_roles**<a name="refs-iam_folder_roles"></a>: *object*
<br>*additional properties: false*
- **`^[a-z0-9-]+$`**: *array*
- items: *string*
- **iam_organization_roles**<a name="refs-iam_organization_roles"></a>: *object*
<br>*additional properties: false*
- **`^[a-z0-9-]+$`**: *array*
- items: *string*
- **iam_project_roles**<a name="refs-iam_project_roles"></a>: *object*
<br>*additional properties: false*
- **`^(?:[a-z0-9-]|\$project_ids:[a-z0-9_-])+$`**: *array*
- items: *string*
- **iam_sa_roles**<a name="refs-iam_sa_roles"></a>: *object*
<br>*additional properties: false*
- **`^(?:\$service_account_ids:|projects/)`**: *array*
- items: *string*
- **iam_storage_roles**<a name="refs-iam_storage_roles"></a>: *object*
<br>*additional properties: false*
- **`^[a-z0-9-]+$`**: *array*
- items: *string*
- **log_bucket**<a name="refs-log_bucket"></a>: *object*
<br>*additional properties: false*
- **description**: *string*
- **kms_key_name**: *string*
- **location**: *string*
- **log_analytics**: *object*
<br>*additional properties: false*
- **enable**: *boolean*
- **dataset_link_id**: *string*
- **description**: *string*
- **retention**: *number*
- **pam_entitlements**<a name="refs-pam_entitlements"></a>: *object*
<br>*additional properties: false*
- **`^[a-z][a-z0-9-]{0,61}[a-z0-9]$`**: *object*
<br>*additional properties: false*
- ⁺**max_request_duration**: *string*
- ⁺**eligible_users**: *array*
- items: *string*
- ⁺**privileged_access**: *array*
- items: *object*
<br>*additional properties: false*
- ⁺**role**: *string*
- **condition**: *string*
- **requester_justification_config**: *object*
<br>*additional properties: false*
- **not_mandatory**: *boolean*
- **unstructured**: *boolean*
- **manual_approvals**: *object*
<br>*additional properties: false*
- ⁺**require_approver_justification**: *boolean*
- ⁺**steps**: *array*
- items: *object*
<br>*additional properties: false*
- ⁺**approvers**: *array*
- items: *string*
- **approvals_needed**: *number*
- **approver_email_recipients**: *array*
- items: *string*
- **additional_notification_targets**: *object*
<br>*additional properties: false*
- **admin_email_recipients**: *array*
- items: *string*
- **requester_email_recipients**: *array*
- items: *string*