From 602e1731c9aabbfb0ef51038383d73bf083f578f Mon Sep 17 00:00:00 2001 From: Ludovico Magnocavallo Date: Tue, 11 Nov 2025 11:57:51 +0100 Subject: [PATCH] Replace leftover schema links with actual files (#3522) * replace schema links with schemas * vpc-sc stage --- .../1-vpcsc/schemas/access-level.schema.json | 112 +++++++++++- .../1-vpcsc/schemas/egress-policy.schema.json | 102 ++++++++++- .../schemas/ingress-policy.schema.json | 94 +++++++++- .../folder/schemas/org-policies.schema.json | 77 +++++++- .../schemas/budget.schema.json | 170 +++++++++++++++++- .../project/schemas/custom-role.schema.json | 19 +- .../project/schemas/org-policies.schema.json | 77 +++++++- modules/project/schemas/tags.schema.json | 156 +++++++++++++++- 8 files changed, 799 insertions(+), 8 deletions(-) mode change 120000 => 100644 fast/stages/1-vpcsc/schemas/access-level.schema.json mode change 120000 => 100644 fast/stages/1-vpcsc/schemas/egress-policy.schema.json mode change 120000 => 100644 fast/stages/1-vpcsc/schemas/ingress-policy.schema.json mode change 120000 => 100644 modules/folder/schemas/org-policies.schema.json mode change 120000 => 100644 modules/project-factory/schemas/budget.schema.json mode change 120000 => 100644 modules/project/schemas/custom-role.schema.json mode change 120000 => 100644 modules/project/schemas/org-policies.schema.json mode change 120000 => 100644 modules/project/schemas/tags.schema.json diff --git a/fast/stages/1-vpcsc/schemas/access-level.schema.json b/fast/stages/1-vpcsc/schemas/access-level.schema.json deleted file mode 120000 index 57c2f3717..000000000 --- a/fast/stages/1-vpcsc/schemas/access-level.schema.json +++ /dev/null @@ -1 +0,0 @@ -../../../../modules/vpc-sc/schemas/access-level.schema.json \ No newline at end of file diff --git a/fast/stages/1-vpcsc/schemas/access-level.schema.json b/fast/stages/1-vpcsc/schemas/access-level.schema.json new file mode 100644 index 000000000..22a30820d --- /dev/null +++ b/fast/stages/1-vpcsc/schemas/access-level.schema.json @@ -0,0 +1,111 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "title": "VPC-SC access level", + "type": "object", + "additionalProperties": false, + "properties": { + "combining_function": { + "type": "string" + }, + "conditions": { + "type": "array", + "items": { + "type": "object", + "additionalProperties": false, + "properties": { + "device_policy": { + "type": "object", + "required": [ + "require_admin_approval", + "require_corp_owned" + ], + "additionalProperties": false, + "properties": { + "allowed_device_management_levels": { + "type": "array", + "items": { + "type": "string" + } + }, + "allowed_encryption_statuses": { + "type": "array", + "items": { + "type": "string" + } + }, + "require_admin_approval": { + "type": "boolean" + }, + "require_corp_owned": { + "type": "boolean" + }, + "require_screen_lock": { + "type": "boolean" + }, + "os_constraints": { + "type": "array", + "required": [ + "os_type" + ], + "items": { + "type": "object", + "additionalProperties": false, + "properties": { + "os_type": { + "type": "string" + }, + "minimum_version": { + "type": "string" + }, + "require_verified_chrome_os": { + "type": "boolean" + } + } + } + } + } + }, + "ip_subnetworks": { + "type": "array", + "items": { + "type": "string" + } + }, + "members": { + "type": "array", + "items": { + "type": "string" + } + }, + "negate": { + "type": "boolean" + }, + "regions": { + "type": "array", + "items": { + "type": "string" + } + }, + "required_access_levels": { + "type": "array", + "items": { + "type": "string" + } + }, + "vpc_subnets": { + "type": "object", + "additionalProperties": false, + "patternProperties": { + "^//compute.googleapis.com/projects/[^/]+/global/networks/[^/]+$": { + "type": "array", + "items": { + "type": "string" + } + } + } + } + } + } + } + } +} diff --git a/fast/stages/1-vpcsc/schemas/egress-policy.schema.json b/fast/stages/1-vpcsc/schemas/egress-policy.schema.json deleted file mode 120000 index 4949e03ee..000000000 --- a/fast/stages/1-vpcsc/schemas/egress-policy.schema.json +++ /dev/null @@ -1 +0,0 @@ -../../../../modules/vpc-sc/schemas/egress-policy.schema.json \ No newline at end of file diff --git a/fast/stages/1-vpcsc/schemas/egress-policy.schema.json b/fast/stages/1-vpcsc/schemas/egress-policy.schema.json new file mode 100644 index 000000000..9f4a3856a --- /dev/null +++ b/fast/stages/1-vpcsc/schemas/egress-policy.schema.json @@ -0,0 +1,101 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "title": "VPC-SC egress policy", + "type": "object", + "required": [ + "from", + "to" + ], + "additionalProperties": false, + "properties": { + "title": { + "type": "string" + }, + "from": { + "type": "object", + "additionalProperties": false, + "properties": { + "access_levels": { + "type": "array", + "items": { + "type": "string" + } + }, + "identity_type": { + "type": "string", + "enum": [ + "IDENTITY_TYPE_UNSPECIFIED", + "ANY_IDENTITY", + "ANY_USER_ACCOUNT", + "ANY_SERVICE_ACCOUNT", + "" + ] + }, + "identities": { + "type": "array", + "items": { + "type": "string", + "pattern": "^(?:serviceAccount:|user:|group:|principal:|\\$identity_sets:)" + } + }, + "resources": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "to": { + "type": "object", + "additionalProperties": false, + "properties": { + "external_resources": { + "type": "array", + "items": { + "type": "string" + } + }, + "operations": { + "type": "array", + "items": { + "type": "object", + "required": [ + "service_name" + ], + "additionalProperties": false, + "properties": { + "method_selectors": { + "type": "array", + "items": { + "type": "string" + } + }, + "permission_selectors": { + "type": "array", + "items": { + "type": "string" + } + }, + "service_name": { + "type": "string" + } + } + } + }, + "resources": { + "type": "array", + "items": { + "type": "string" + } + }, + "roles": { + "type": "array", + "items": { + "type": "string" + } + } + } + } + } +} \ No newline at end of file diff --git a/fast/stages/1-vpcsc/schemas/ingress-policy.schema.json b/fast/stages/1-vpcsc/schemas/ingress-policy.schema.json deleted file mode 120000 index 4741a4230..000000000 --- a/fast/stages/1-vpcsc/schemas/ingress-policy.schema.json +++ /dev/null @@ -1 +0,0 @@ -../../../../modules/vpc-sc/schemas/ingress-policy.schema.json \ No newline at end of file diff --git a/fast/stages/1-vpcsc/schemas/ingress-policy.schema.json b/fast/stages/1-vpcsc/schemas/ingress-policy.schema.json new file mode 100644 index 000000000..952a24f5f --- /dev/null +++ b/fast/stages/1-vpcsc/schemas/ingress-policy.schema.json @@ -0,0 +1,93 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "title": "VPC-SC ingress policy", + "type": "object", + "required": [ + "from", + "to" + ], + "additionalProperties": false, + "properties": { + "title": { + "type": "string" + }, + "from": { + "type": "object", + "additionalProperties": false, + "properties": { + "access_levels": { + "type": "array", + "items": { + "type": "string" + } + }, + "identity_type": { + "type": "string", + "enum": [ + "IDENTITY_TYPE_UNSPECIFIED", + "ANY_IDENTITY", + "ANY_USER_ACCOUNT", + "ANY_SERVICE_ACCOUNT", + "" + ] + }, + "identities": { + "type": "array", + "items": { + "type": "string" + } + }, + "resources": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "to": { + "type": "object", + "additionalProperties": false, + "properties": { + "operations": { + "type": "array", + "items": { + "type": "object", + "required": [ + "service_name" + ], + "properties": { + "method_selectors": { + "type": "array", + "items": { + "type": "string" + } + }, + "permission_selectors": { + "type": "array", + "items": { + "type": "string" + }, + "service_name": { + "type": "string" + } + } + } + } + }, + "resources": { + "type": "array", + "items": { + "type": "string" + } + }, + "roles": { + "type": "array", + "items": { + "type": "string" + } + } + } + } + } +} \ No newline at end of file diff --git a/modules/folder/schemas/org-policies.schema.json b/modules/folder/schemas/org-policies.schema.json deleted file mode 120000 index 3a18ee3b5..000000000 --- a/modules/folder/schemas/org-policies.schema.json +++ /dev/null @@ -1 +0,0 @@ -../../organization/schemas/org-policies.schema.json \ No newline at end of file diff --git a/modules/folder/schemas/org-policies.schema.json b/modules/folder/schemas/org-policies.schema.json new file mode 100644 index 000000000..6c29331ec --- /dev/null +++ b/modules/folder/schemas/org-policies.schema.json @@ -0,0 +1,76 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "title": "Organization Policies", + "type": "object", + "additionalProperties": false, + "patternProperties": { + "^[a-z-]+[a-zA-Z0-9\\.]+$": { + "type": "object", + "additionalProperties": false, + "properties": { + "inherit_from_parent": { + "type": "boolean" + }, + "reset": { + "type": "boolean" + }, + "rules": { + "type": "array", + "items": { + "type": "object", + "additionalProperties": false, + "properties": { + "allow": { + "$ref": "#/$defs/allow-deny" + }, + "deny": { + "$ref": "#/$defs/allow-deny" + }, + "enforce": { + "type": "boolean" + }, + "condition": { + "type": "object", + "additionalProperties": false, + "properties": { + "description": { + "type": "string" + }, + "expression": { + "type": "string" + }, + "location": { + "type": "string" + }, + "title": { + "type": "string" + } + } + }, + "parameters": { + "type": "string" + } + } + } + } + } + } + }, + "$defs": { + "allow-deny": { + "type": "object", + "additionalProperties": false, + "properties": { + "all": { + "type": "boolean" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + } + } + } +} diff --git a/modules/project-factory/schemas/budget.schema.json b/modules/project-factory/schemas/budget.schema.json deleted file mode 120000 index 618778222..000000000 --- a/modules/project-factory/schemas/budget.schema.json +++ /dev/null @@ -1 +0,0 @@ -../../billing-account/schemas/budget.schema.json \ No newline at end of file diff --git a/modules/project-factory/schemas/budget.schema.json b/modules/project-factory/schemas/budget.schema.json new file mode 100644 index 000000000..61a97730a --- /dev/null +++ b/modules/project-factory/schemas/budget.schema.json @@ -0,0 +1,169 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "title": "Budget", + "type": "object", + "additionalProperties": false, + "required": [ + "amount" + ], + "properties": { + "amount": { + "type": "object", + "additionalProperties": false, + "properties": { + "currency_code": { + "type": "string" + }, + "nanos": { + "type": "number" + }, + "units": { + "type": "number" + }, + "use_last_period": { + "type": "boolean" + } + } + }, + "display_name": { + "type": "string" + }, + "filter": { + "type": "object", + "additionalProperties": false, + "properties": { + "credit_types_treatment": { + "type": "object", + "additionalProperties": false, + "properties": { + "exclude_all": { + "type": "boolean" + }, + "include_specified": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "label": { + "type": "object", + "additionalProperties": false, + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + } + }, + "period": { + "type": "object", + "additionalProperties": false, + "properties": { + "calendar": { + "type": "string" + }, + "custom": { + "type": "object", + "additionalProperties": false, + "properties": { + "start_date": { + "$ref": "#/$defs/date" + }, + "end_date": { + "$ref": "#/$defs/date" + } + } + } + } + }, + "projects": { + "type": "array", + "items": { + "type": "string" + } + }, + "resource_ancestors": { + "type": "array", + "items": { + "type": "string" + } + }, + "services": { + "type": "array", + "items": { + "type": "string" + } + }, + "subaccounts": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "threshold_rules": { + "type": "array", + "items": { + "type": "object", + "additionalProperties": false, + "required": [ + "percent" + ], + "properties": { + "percent": { + "type": "number" + }, + "forecasted_spend": { + "type": "boolean" + } + } + } + }, + "update_rules": { + "type": "object", + "additionalProperties": false, + "patternProperties": { + "^[a-z0-9_-]+$": { + "type": "object", + "additionalProperties": false, + "properties": { + "disable_default_iam_recipients": { + "type": "boolean" + }, + "monitoring_notification_channels": { + "type": "array", + "items": { + "type": "string" + } + }, + "pubsub_topic": { + "type": "string" + } + } + } + } + } + }, + "$defs": { + "date": { + "type": "object", + "additionalProperties": false, + "properties": { + "day": { + "type": "number" + }, + "month": { + "type": "number" + }, + "year": { + "type": "number" + } + } + } + } +} \ No newline at end of file diff --git a/modules/project/schemas/custom-role.schema.json b/modules/project/schemas/custom-role.schema.json deleted file mode 120000 index 473497179..000000000 --- a/modules/project/schemas/custom-role.schema.json +++ /dev/null @@ -1 +0,0 @@ -../../organization/schemas/custom-role.schema.json \ No newline at end of file diff --git a/modules/project/schemas/custom-role.schema.json b/modules/project/schemas/custom-role.schema.json new file mode 100644 index 000000000..d7526482c --- /dev/null +++ b/modules/project/schemas/custom-role.schema.json @@ -0,0 +1,18 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "title": "Custom Role", + "type": "object", + "additionalProperties": false, + "properties": { + "name": { + "type": "string" + }, + "includedPermissions": { + "type": "array", + "items": { + "type": "string", + "pattern": "^[a-zA-Z-]+\\.[a-zA-Z-]+\\.[a-zA-Z-]+$" + } + } + } +} \ No newline at end of file diff --git a/modules/project/schemas/org-policies.schema.json b/modules/project/schemas/org-policies.schema.json deleted file mode 120000 index 3a18ee3b5..000000000 --- a/modules/project/schemas/org-policies.schema.json +++ /dev/null @@ -1 +0,0 @@ -../../organization/schemas/org-policies.schema.json \ No newline at end of file diff --git a/modules/project/schemas/org-policies.schema.json b/modules/project/schemas/org-policies.schema.json new file mode 100644 index 000000000..6c29331ec --- /dev/null +++ b/modules/project/schemas/org-policies.schema.json @@ -0,0 +1,76 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "title": "Organization Policies", + "type": "object", + "additionalProperties": false, + "patternProperties": { + "^[a-z-]+[a-zA-Z0-9\\.]+$": { + "type": "object", + "additionalProperties": false, + "properties": { + "inherit_from_parent": { + "type": "boolean" + }, + "reset": { + "type": "boolean" + }, + "rules": { + "type": "array", + "items": { + "type": "object", + "additionalProperties": false, + "properties": { + "allow": { + "$ref": "#/$defs/allow-deny" + }, + "deny": { + "$ref": "#/$defs/allow-deny" + }, + "enforce": { + "type": "boolean" + }, + "condition": { + "type": "object", + "additionalProperties": false, + "properties": { + "description": { + "type": "string" + }, + "expression": { + "type": "string" + }, + "location": { + "type": "string" + }, + "title": { + "type": "string" + } + } + }, + "parameters": { + "type": "string" + } + } + } + } + } + } + }, + "$defs": { + "allow-deny": { + "type": "object", + "additionalProperties": false, + "properties": { + "all": { + "type": "boolean" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + } + } + } +} diff --git a/modules/project/schemas/tags.schema.json b/modules/project/schemas/tags.schema.json deleted file mode 120000 index e647f3143..000000000 --- a/modules/project/schemas/tags.schema.json +++ /dev/null @@ -1 +0,0 @@ -../../organization/schemas/tags.schema.json \ No newline at end of file diff --git a/modules/project/schemas/tags.schema.json b/modules/project/schemas/tags.schema.json new file mode 100644 index 000000000..682ea7fe8 --- /dev/null +++ b/modules/project/schemas/tags.schema.json @@ -0,0 +1,155 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "title": "Resource Manager Tags", + "type": "object", + "additionalProperties": false, + "properties": { + "name": { + "type": "string" + }, + "description": { + "type": "string" + }, + "id": { + "type": "string" + }, + "network": { + "type": "string" + }, + "iam": { + "$ref": "#/$defs/iam" + }, + "iam_bindings": { + "$ref": "#/$defs/iam_bindings" + }, + "iam_bindings_additive": { + "$ref": "#/$defs/iam_bindings_additive" + }, + "values": { + "type": "object", + "additionalProperties": false, + "patternProperties": { + "^[a-z-][^\\\\'\"/]+$": { + "type": "object", + "additionalProperties": false, + "properties": { + "name": { + "type": "string" + }, + "description": { + "type": "string" + }, + "id": { + "type": "string" + }, + "iam": { + "$ref": "#/$defs/iam" + }, + "iam_bindings": { + "$ref": "#/$defs/iam_bindings" + }, + "iam_bindings_additive": { + "$ref": "#/$defs/iam_bindings_additive" + } + } + } + } + } + }, + "$defs": { + "iam": { + "type": "object", + "additionalProperties": false, + "patternProperties": { + "^roles/": { + "type": "array", + "items": { + "type": "string", + "pattern": "^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|\\$iam_principals:[a-z0-9_-]+)" + } + } + } + }, + "iam_bindings": { + "type": "object", + "additionalProperties": false, + "patternProperties": { + "^[a-z0-9_-]+$": { + "type": "object", + "additionalProperties": false, + "properties": { + "members": { + "type": "array", + "items": { + "type": "string", + "pattern": "^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|\\$iam_principals:[a-z0-9_-]+)" + } + }, + "role": { + "type": "string", + "pattern": "^roles/" + }, + "condition": { + "type": "object", + "additionalProperties": false, + "required": [ + "expression", + "title" + ], + "properties": { + "expression": { + "type": "string" + }, + "title": { + "type": "string" + }, + "description": { + "type": "string" + } + } + } + } + } + } + }, + "iam_bindings_additive": { + "type": "object", + "additionalProperties": false, + "patternProperties": { + "^[a-z0-9_-]+$": { + "type": "object", + "additionalProperties": false, + "properties": { + "member": { + "type": "string", + "pattern": "^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|\\$iam_principals:[a-z0-9_-]+)" + }, + "role": { + "type": "string", + "pattern": "^[a-zA-Z0-9_/]+$" + }, + "condition": { + "type": "object", + "additionalProperties": false, + "required": [ + "expression", + "title" + ], + "properties": { + "expression": { + "type": "string" + }, + "title": { + "type": "string" + }, + "description": { + "type": "string" + } + } + } + } + } + } + } + } +} \ No newline at end of file