kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add support for the Assured Workloads in the project factory (#3666)

Browse Source 
* Add support for the Assured Workloads in the project factory

* Fix test after requiring organization as a var
This commit is contained in:
lopezvit
2026-01-23 14:21:48 +02:00
committed by GitHub
parent 6e776238d9
commit 6db25b1a08
23 changed files with 620 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
modules/project-factory/README.md
View File

File diff suppressed because one or more lines are too long

30
modules/project-factory/folders.tf
View File

@@ -64,10 +64,11 @@ module "folder-1" {
org_policies = try(each.value.factories_config.org_policies, null)
scc_sha_custom_modules = try(each.value.factories_config.scc_sha_custom_modules, null)
}
org_policies = lookup(each.value, "org_policies", {})
pam_entitlements = lookup(each.value, "pam_entitlements", {})
tag_bindings = lookup(each.value, "tag_bindings", {})
context = local.ctx
org_policies = lookup(each.value, "org_policies", {})
pam_entitlements = lookup(each.value, "pam_entitlements", {})
tag_bindings = lookup(each.value, "tag_bindings", {})
assured_workload_config = lookup(each.value, "assured_workload_config", null)
context = local.ctx
}
module "folder-1-iam" {
@@ -110,9 +111,10 @@ module "folder-2" {
org_policies = try(each.value.factories_config.org_policies, null)
scc_sha_custom_modules = try(each.value.factories_config.scc_sha_custom_modules, null)
}
org_policies = lookup(each.value, "org_policies", {})
pam_entitlements = lookup(each.value, "pam_entitlements", {})
tag_bindings = lookup(each.value, "tag_bindings", {})
org_policies = lookup(each.value, "org_policies", {})
pam_entitlements = lookup(each.value, "pam_entitlements", {})
tag_bindings = lookup(each.value, "tag_bindings", {})
assured_workload_config = lookup(each.value, "assured_workload_config", null)
context = merge(local.ctx, {
folder_ids = merge(local.ctx.folder_ids, {
for k, v in module.folder-1 : k => v.id
@@ -164,9 +166,10 @@ module "folder-3" {
org_policies = try(each.value.factories_config.org_policies, null)
scc_sha_custom_modules = try(each.value.factories_config.scc_sha_custom_modules, null)
}
org_policies = lookup(each.value, "org_policies", {})
pam_entitlements = lookup(each.value, "pam_entitlements", {})
tag_bindings = lookup(each.value, "tag_bindings", {})
org_policies = lookup(each.value, "org_policies", {})
pam_entitlements = lookup(each.value, "pam_entitlements", {})
tag_bindings = lookup(each.value, "tag_bindings", {})
assured_workload_config = lookup(each.value, "assured_workload_config", null)
context = merge(local.ctx, {
folder_ids = merge(local.ctx.folder_ids, {
for k, v in module.folder-2 : k => v.id
@@ -218,9 +221,10 @@ module "folder-4" {
org_policies = try(each.value.factories_config.org_policies, null)
scc_sha_custom_modules = try(each.value.factories_config.scc_sha_custom_modules, null)
}
org_policies = lookup(each.value, "org_policies", {})
pam_entitlements = lookup(each.value, "pam_entitlements", {})
tag_bindings = lookup(each.value, "tag_bindings", {})
org_policies = lookup(each.value, "org_policies", {})
pam_entitlements = lookup(each.value, "pam_entitlements", {})
tag_bindings = lookup(each.value, "tag_bindings", {})
assured_workload_config = lookup(each.value, "assured_workload_config", null)
context = merge(local.ctx, {
folder_ids = merge(local.ctx.folder_ids, {
for k, v in module.folder-3 : k => v.id

92
modules/project-factory/schemas/folder.schema.json
View File

@@ -349,6 +349,9 @@
"pam_entitlements": {
"$ref": "#/$defs/pam_entitlements"
},
"assured_workload_config": {
"$ref": "#/$defs/assured_workload_config"
},
"parent": {
"type": "string",
"pattern": "^(?:folders/[0-9]+|organizations/[0-9]+|\\$folder_ids:[a-z0-9_-]+)$"
@@ -767,6 +770,95 @@
"additionalProperties": false
}
}
},
"assured_workload_config": {
"type": "object",
"additionalProperties": false,
"properties": {
"compliance_regime": {
"type": "string",
"enum": [
"ASSURED_WORKLOADS_FOR_PARTNERS",
"AU_REGIONS_AND_US_SUPPORT",
"CA_PROTECTED_B",
"CA_REGIONS_AND_SUPPORT",
"CJIS",
"COMPLIANCE_REGIME_UNSPECIFIED",
"EU_REGIONS_AND_SUPPORT",
"FEDRAMP_HIGH",
"FEDRAMP_MODERATE",
"HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS_US_SUPPORT",
"HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS",
"HIPAA",
"HITRUST",
"IL2",
"IL4",
"IL5",
"IRS_1075",
"ISR_REGIONS_AND_SUPPORT",
"ISR_REGIONS",
"ITAR",
"JP_REGIONS_AND_SUPPORT",
"KSA_REGIONS_AND_SUPPORT_WITH_SOVEREIGNTY_CONTROLS",
"REGIONAL_CONTROLS",
"US_REGIONAL_ACCESS"
]
},
"display_name": {
"type": "string"
},
"location": {
"type": "string"
},
"organization": {
"type": "string"
},
"enable_sovereign_controls": {
"type": "boolean"
},
"labels": {
"type": "object",
"additionalProperties": {
"type": "string"
}
},
"partner": {
"type": "string",
"enum": [
"LOCAL_CONTROLS_BY_S3NS",
"PARTNER_UNSPECIFIED",
"SOVEREIGN_CONTROLS_BY_CNTXT_NO_EKM",
"SOVEREIGN_CONTROLS_BY_CNTXT",
"SOVEREIGN_CONTROLS_BY_PSN",
"SOVEREIGN_CONTROLS_BY_SIA_MINSAIT",
"SOVEREIGN_CONTROLS_BY_T_SYSTEMS"
]
},
"partner_permissions": {
"type": "object",
"additionalProperties": false,
"properties": {
"assured_workloads_monitoring": {
"type": "boolean"
},
"data_logs_viewer": {
"type": "boolean"
},
"service_access_approver": {
"type": "boolean"
}
}
},
"violation_notifications_enabled": {
"type": "boolean"
}
},
"required": [
"compliance_regime",
"display_name",
"location",
"organization"
]
}
}
}

19
modules/project-factory/schemas/folder.schema.md
View File

@@ -90,6 +90,7 @@
- **location**: *string*
- **title**: *string*
- **pam_entitlements**: *reference([pam_entitlements](#refs-pam_entitlements))*
- **assured_workload_config**: *reference([assured_workload_config](#refs-assured_workload_config))*
- **parent**: *string*
<br>*pattern: ^(?:folders/[0-9]+|organizations/[0-9]+|\$folder_ids:[a-z0-9_-]+)$*
- **tag_bindings**: *object*
@@ -227,3 +228,21 @@
- items: *string*
- **requester_email_recipients**: *array*
- items: *string*
- **assured_workload_config**<a name="refs-assured_workload_config"></a>: *object*
<br>*additional properties: false*
- ⁺**compliance_regime**: *string*
<br>*enum: ['ASSURED_WORKLOADS_FOR_PARTNERS', 'AU_REGIONS_AND_US_SUPPORT', 'CA_PROTECTED_B', 'CA_REGIONS_AND_SUPPORT', 'CJIS', 'COMPLIANCE_REGIME_UNSPECIFIED', 'EU_REGIONS_AND_SUPPORT', 'FEDRAMP_HIGH', 'FEDRAMP_MODERATE', 'HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS_US_SUPPORT', 'HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS', 'HIPAA', 'HITRUST', 'IL2', 'IL4', 'IL5', 'IRS_1075', 'ISR_REGIONS_AND_SUPPORT', 'ISR_REGIONS', 'ITAR', 'JP_REGIONS_AND_SUPPORT', 'KSA_REGIONS_AND_SUPPORT_WITH_SOVEREIGNTY_CONTROLS', 'REGIONAL_CONTROLS', 'US_REGIONAL_ACCESS']*
- ⁺**display_name**: *string*
- ⁺**location**: *string*
- ⁺**organization**: *string*
- **enable_sovereign_controls**: *boolean*
- **labels**: *object*
*additional properties: String*
- **partner**: *string*
<br>*enum: ['LOCAL_CONTROLS_BY_S3NS', 'PARTNER_UNSPECIFIED', 'SOVEREIGN_CONTROLS_BY_CNTXT_NO_EKM', 'SOVEREIGN_CONTROLS_BY_CNTXT', 'SOVEREIGN_CONTROLS_BY_PSN', 'SOVEREIGN_CONTROLS_BY_SIA_MINSAIT', 'SOVEREIGN_CONTROLS_BY_T_SYSTEMS']*
- **partner_permissions**: *object*
<br>*additional properties: false*
- **assured_workloads_monitoring**: *boolean*
- **data_logs_viewer**: *boolean*
- **service_access_approver**: *boolean*
- **violation_notifications_enabled**: *boolean*

15
modules/project-factory/variables-folders.tf
View File

@@ -34,6 +34,21 @@ variable "folders" {
location = optional(string)
}))
})), {})
assured_workload_config = optional(object({
compliance_regime = string
display_name = string
location = string
organization = string
enable_sovereign_controls = optional(bool)
labels = optional(map(string), {})
partner = optional(string)
partner_permissions = optional(object({
assured_workloads_monitoring = optional(bool)
data_logs_viewer = optional(bool)
service_access_approver = optional(bool)
}))
violation_notifications_enabled = optional(bool)
}), null)
name = optional(string)
parent = optional(string)
deletion_protection = optional(bool)