diff --git a/fast/stages/0-org-setup/schemas/folder.schema.md b/fast/stages/0-org-setup/schemas/folder.schema.md
index d71e11920..846d18c6b 100644
--- a/fast/stages/0-org-setup/schemas/folder.schema.md
+++ b/fast/stages/0-org-setup/schemas/folder.schema.md
@@ -6,6 +6,28 @@
*additional properties: false*
+- **asset_feeds**: *object*
+
*additional properties: false*
+ - **`^[a-z0-9-]+$`**: *object*
+
*additional properties: false*
+ - ⁺**billing_project**: *string*
+ - **content_type**: *string*
+
*enum: ['RESOURCE', 'IAM_POLICY', 'ORG_POLICY', 'ACCESS_POLICY', 'OS_INVENTORY', 'RELATIONSHIP']*
+ - **asset_types**: *array*
+ - items: *string*
+ - **asset_names**: *array*
+ - items: *string*
+ - ⁺**feed_output_config**: *object*
+
*additional properties: false*
+ - ⁺**pubsub_destination**: *object*
+
*additional properties: false*
+ - ⁺**topic**: *string*
+ - **condition**: *object*
+
*additional properties: false*
+ - ⁺**expression**: *string*
+ - **title**: *string*
+ - **description**: *string*
+ - **location**: *string*
- **automation**: *object*
*additional properties: false*
- **prefix**: *string*
@@ -237,7 +259,7 @@
- ⁺**organization**: *string*
- **enable_sovereign_controls**: *boolean*
- **labels**: *object*
- *additional properties: String*
+
*additional properties: string*
- **partner**: *string*
*enum: ['LOCAL_CONTROLS_BY_S3NS', 'PARTNER_UNSPECIFIED', 'SOVEREIGN_CONTROLS_BY_CNTXT_NO_EKM', 'SOVEREIGN_CONTROLS_BY_CNTXT', 'SOVEREIGN_CONTROLS_BY_PSN', 'SOVEREIGN_CONTROLS_BY_SIA_MINSAIT', 'SOVEREIGN_CONTROLS_BY_T_SYSTEMS']*
- **partner_permissions**: *object*
diff --git a/fast/stages/0-org-setup/schemas/organization.schema.md b/fast/stages/0-org-setup/schemas/organization.schema.md
index 093a4021e..b0c6ed0bf 100644
--- a/fast/stages/0-org-setup/schemas/organization.schema.md
+++ b/fast/stages/0-org-setup/schemas/organization.schema.md
@@ -6,6 +6,28 @@
*additional properties: false*
+- **asset_feeds**: *object*
+
*additional properties: false*
+ - **`^[a-z0-9-]+$`**: *object*
+
*additional properties: false*
+ - ⁺**billing_project**: *string*
+ - **content_type**: *string*
+
*enum: ['RESOURCE', 'IAM_POLICY', 'ORG_POLICY', 'ACCESS_POLICY', 'OS_INVENTORY', 'RELATIONSHIP']*
+ - **asset_types**: *array*
+ - items: *string*
+ - **asset_names**: *array*
+ - items: *string*
+ - ⁺**feed_output_config**: *object*
+
*additional properties: false*
+ - ⁺**pubsub_destination**: *object*
+
*additional properties: false*
+ - ⁺**topic**: *string*
+ - **condition**: *object*
+
*additional properties: false*
+ - ⁺**expression**: *string*
+ - **title**: *string*
+ - **description**: *string*
+ - **location**: *string*
- **id**: *string*
- **contacts**: *object*
*additional properties: false*
diff --git a/fast/stages/0-org-setup/schemas/project.schema.json b/fast/stages/0-org-setup/schemas/project.schema.json
index 2488b4fc7..87866ff86 100644
--- a/fast/stages/0-org-setup/schemas/project.schema.json
+++ b/fast/stages/0-org-setup/schemas/project.schema.json
@@ -634,6 +634,12 @@
"iam": {
"$ref": "#/$defs/iam"
},
+ "iam_bindings": {
+ "$ref": "#/$defs/iam_bindings"
+ },
+ "iam_bindings_additive": {
+ "$ref": "#/$defs/iam_bindings_additive"
+ },
"iam_self_roles": {
"type": "array",
"items": {
diff --git a/fast/stages/0-org-setup/schemas/project.schema.md b/fast/stages/0-org-setup/schemas/project.schema.md
index a31495b7e..f4b2057e6 100644
--- a/fast/stages/0-org-setup/schemas/project.schema.md
+++ b/fast/stages/0-org-setup/schemas/project.schema.md
@@ -6,6 +6,28 @@
*additional properties: false*
+- **asset_feeds**: *object*
+
*additional properties: false*
+ - **`^[a-z0-9-]+$`**: *object*
+
*additional properties: false*
+ - **billing_project**: *string*
+ - **content_type**: *string*
+
*enum: ['RESOURCE', 'IAM_POLICY', 'ORG_POLICY', 'ACCESS_POLICY', 'OS_INVENTORY', 'RELATIONSHIP']*
+ - **asset_types**: *array*
+ - items: *string*
+ - **asset_names**: *array*
+ - items: *string*
+ - ⁺**feed_output_config**: *object*
+
*additional properties: false*
+ - ⁺**pubsub_destination**: *object*
+
*additional properties: false*
+ - ⁺**topic**: *string*
+ - **condition**: *object*
+
*additional properties: false*
+ - ⁺**expression**: *string*
+ - **title**: *string*
+ - **description**: *string*
+ - **location**: *string*
- **automation**: *object*
*additional properties: false*
- **prefix**: *string*
@@ -174,6 +196,8 @@
*additional properties: false*
- **display_name**: *string*
- **iam**: *reference([iam](#refs-iam))*
+ - **iam_bindings**: *reference([iam_bindings](#refs-iam_bindings))*
+ - **iam_bindings_additive**: *reference([iam_bindings_additive](#refs-iam_bindings_additive))*
- **iam_self_roles**: *array*
- items: *string*
- **iam_project_roles**: *reference([iam_project_roles](#refs-iam_project_roles))*
diff --git a/fast/stages/2-networking/schemas/folder.schema.md b/fast/stages/2-networking/schemas/folder.schema.md
index 52c48b342..846d18c6b 100644
--- a/fast/stages/2-networking/schemas/folder.schema.md
+++ b/fast/stages/2-networking/schemas/folder.schema.md
@@ -6,6 +6,28 @@
*additional properties: false*
+- **asset_feeds**: *object*
+
*additional properties: false*
+ - **`^[a-z0-9-]+$`**: *object*
+
*additional properties: false*
+ - ⁺**billing_project**: *string*
+ - **content_type**: *string*
+
*enum: ['RESOURCE', 'IAM_POLICY', 'ORG_POLICY', 'ACCESS_POLICY', 'OS_INVENTORY', 'RELATIONSHIP']*
+ - **asset_types**: *array*
+ - items: *string*
+ - **asset_names**: *array*
+ - items: *string*
+ - ⁺**feed_output_config**: *object*
+
*additional properties: false*
+ - ⁺**pubsub_destination**: *object*
+
*additional properties: false*
+ - ⁺**topic**: *string*
+ - **condition**: *object*
+
*additional properties: false*
+ - ⁺**expression**: *string*
+ - **title**: *string*
+ - **description**: *string*
+ - **location**: *string*
- **automation**: *object*
*additional properties: false*
- **prefix**: *string*
@@ -90,6 +112,7 @@
- **location**: *string*
- **title**: *string*
- **pam_entitlements**: *reference([pam_entitlements](#refs-pam_entitlements))*
+- **assured_workload_config**: *reference([assured_workload_config](#refs-assured_workload_config))*
- **parent**: *string*
*pattern: ^(?:folders/[0-9]+|organizations/[0-9]+|\$folder_ids:[a-z0-9_-]+)$*
- **tag_bindings**: *object*
@@ -227,3 +250,21 @@
- items: *string*
- **requester_email_recipients**: *array*
- items: *string*
+- **assured_workload_config**: *object*
+
*additional properties: false*
+ - ⁺**compliance_regime**: *string*
+
*enum: ['ASSURED_WORKLOADS_FOR_PARTNERS', 'AU_REGIONS_AND_US_SUPPORT', 'CA_PROTECTED_B', 'CA_REGIONS_AND_SUPPORT', 'CJIS', 'COMPLIANCE_REGIME_UNSPECIFIED', 'EU_REGIONS_AND_SUPPORT', 'FEDRAMP_HIGH', 'FEDRAMP_MODERATE', 'HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS_US_SUPPORT', 'HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS', 'HIPAA', 'HITRUST', 'IL2', 'IL4', 'IL5', 'IRS_1075', 'ISR_REGIONS_AND_SUPPORT', 'ISR_REGIONS', 'ITAR', 'JP_REGIONS_AND_SUPPORT', 'KSA_REGIONS_AND_SUPPORT_WITH_SOVEREIGNTY_CONTROLS', 'REGIONAL_CONTROLS', 'US_REGIONAL_ACCESS']*
+ - ⁺**display_name**: *string*
+ - ⁺**location**: *string*
+ - ⁺**organization**: *string*
+ - **enable_sovereign_controls**: *boolean*
+ - **labels**: *object*
+
*additional properties: string*
+ - **partner**: *string*
+
*enum: ['LOCAL_CONTROLS_BY_S3NS', 'PARTNER_UNSPECIFIED', 'SOVEREIGN_CONTROLS_BY_CNTXT_NO_EKM', 'SOVEREIGN_CONTROLS_BY_CNTXT', 'SOVEREIGN_CONTROLS_BY_PSN', 'SOVEREIGN_CONTROLS_BY_SIA_MINSAIT', 'SOVEREIGN_CONTROLS_BY_T_SYSTEMS']*
+ - **partner_permissions**: *object*
+
*additional properties: false*
+ - **assured_workloads_monitoring**: *boolean*
+ - **data_logs_viewer**: *boolean*
+ - **service_access_approver**: *boolean*
+ - **violation_notifications_enabled**: *boolean*
diff --git a/fast/stages/2-networking/schemas/project.schema.json b/fast/stages/2-networking/schemas/project.schema.json
index 2488b4fc7..87866ff86 100644
--- a/fast/stages/2-networking/schemas/project.schema.json
+++ b/fast/stages/2-networking/schemas/project.schema.json
@@ -634,6 +634,12 @@
"iam": {
"$ref": "#/$defs/iam"
},
+ "iam_bindings": {
+ "$ref": "#/$defs/iam_bindings"
+ },
+ "iam_bindings_additive": {
+ "$ref": "#/$defs/iam_bindings_additive"
+ },
"iam_self_roles": {
"type": "array",
"items": {
diff --git a/fast/stages/2-networking/schemas/project.schema.md b/fast/stages/2-networking/schemas/project.schema.md
index a31495b7e..f4b2057e6 100644
--- a/fast/stages/2-networking/schemas/project.schema.md
+++ b/fast/stages/2-networking/schemas/project.schema.md
@@ -6,6 +6,28 @@
*additional properties: false*
+- **asset_feeds**: *object*
+
*additional properties: false*
+ - **`^[a-z0-9-]+$`**: *object*
+
*additional properties: false*
+ - **billing_project**: *string*
+ - **content_type**: *string*
+
*enum: ['RESOURCE', 'IAM_POLICY', 'ORG_POLICY', 'ACCESS_POLICY', 'OS_INVENTORY', 'RELATIONSHIP']*
+ - **asset_types**: *array*
+ - items: *string*
+ - **asset_names**: *array*
+ - items: *string*
+ - ⁺**feed_output_config**: *object*
+
*additional properties: false*
+ - ⁺**pubsub_destination**: *object*
+
*additional properties: false*
+ - ⁺**topic**: *string*
+ - **condition**: *object*
+
*additional properties: false*
+ - ⁺**expression**: *string*
+ - **title**: *string*
+ - **description**: *string*
+ - **location**: *string*
- **automation**: *object*
*additional properties: false*
- **prefix**: *string*
@@ -174,6 +196,8 @@
*additional properties: false*
- **display_name**: *string*
- **iam**: *reference([iam](#refs-iam))*
+ - **iam_bindings**: *reference([iam_bindings](#refs-iam_bindings))*
+ - **iam_bindings_additive**: *reference([iam_bindings_additive](#refs-iam_bindings_additive))*
- **iam_self_roles**: *array*
- items: *string*
- **iam_project_roles**: *reference([iam_project_roles](#refs-iam_project_roles))*
diff --git a/fast/stages/2-project-factory/schemas/folder.schema.md b/fast/stages/2-project-factory/schemas/folder.schema.md
index d71e11920..846d18c6b 100644
--- a/fast/stages/2-project-factory/schemas/folder.schema.md
+++ b/fast/stages/2-project-factory/schemas/folder.schema.md
@@ -6,6 +6,28 @@
*additional properties: false*
+- **asset_feeds**: *object*
+
*additional properties: false*
+ - **`^[a-z0-9-]+$`**: *object*
+
*additional properties: false*
+ - ⁺**billing_project**: *string*
+ - **content_type**: *string*
+
*enum: ['RESOURCE', 'IAM_POLICY', 'ORG_POLICY', 'ACCESS_POLICY', 'OS_INVENTORY', 'RELATIONSHIP']*
+ - **asset_types**: *array*
+ - items: *string*
+ - **asset_names**: *array*
+ - items: *string*
+ - ⁺**feed_output_config**: *object*
+
*additional properties: false*
+ - ⁺**pubsub_destination**: *object*
+
*additional properties: false*
+ - ⁺**topic**: *string*
+ - **condition**: *object*
+
*additional properties: false*
+ - ⁺**expression**: *string*
+ - **title**: *string*
+ - **description**: *string*
+ - **location**: *string*
- **automation**: *object*
*additional properties: false*
- **prefix**: *string*
@@ -237,7 +259,7 @@
- ⁺**organization**: *string*
- **enable_sovereign_controls**: *boolean*
- **labels**: *object*
- *additional properties: String*
+
*additional properties: string*
- **partner**: *string*
*enum: ['LOCAL_CONTROLS_BY_S3NS', 'PARTNER_UNSPECIFIED', 'SOVEREIGN_CONTROLS_BY_CNTXT_NO_EKM', 'SOVEREIGN_CONTROLS_BY_CNTXT', 'SOVEREIGN_CONTROLS_BY_PSN', 'SOVEREIGN_CONTROLS_BY_SIA_MINSAIT', 'SOVEREIGN_CONTROLS_BY_T_SYSTEMS']*
- **partner_permissions**: *object*
diff --git a/fast/stages/2-project-factory/schemas/project.schema.json b/fast/stages/2-project-factory/schemas/project.schema.json
index 2488b4fc7..87866ff86 100644
--- a/fast/stages/2-project-factory/schemas/project.schema.json
+++ b/fast/stages/2-project-factory/schemas/project.schema.json
@@ -634,6 +634,12 @@
"iam": {
"$ref": "#/$defs/iam"
},
+ "iam_bindings": {
+ "$ref": "#/$defs/iam_bindings"
+ },
+ "iam_bindings_additive": {
+ "$ref": "#/$defs/iam_bindings_additive"
+ },
"iam_self_roles": {
"type": "array",
"items": {
diff --git a/fast/stages/2-project-factory/schemas/project.schema.md b/fast/stages/2-project-factory/schemas/project.schema.md
index a31495b7e..f4b2057e6 100644
--- a/fast/stages/2-project-factory/schemas/project.schema.md
+++ b/fast/stages/2-project-factory/schemas/project.schema.md
@@ -6,6 +6,28 @@
*additional properties: false*
+- **asset_feeds**: *object*
+
*additional properties: false*
+ - **`^[a-z0-9-]+$`**: *object*
+
*additional properties: false*
+ - **billing_project**: *string*
+ - **content_type**: *string*
+
*enum: ['RESOURCE', 'IAM_POLICY', 'ORG_POLICY', 'ACCESS_POLICY', 'OS_INVENTORY', 'RELATIONSHIP']*
+ - **asset_types**: *array*
+ - items: *string*
+ - **asset_names**: *array*
+ - items: *string*
+ - ⁺**feed_output_config**: *object*
+
*additional properties: false*
+ - ⁺**pubsub_destination**: *object*
+
*additional properties: false*
+ - ⁺**topic**: *string*
+ - **condition**: *object*
+
*additional properties: false*
+ - ⁺**expression**: *string*
+ - **title**: *string*
+ - **description**: *string*
+ - **location**: *string*
- **automation**: *object*
*additional properties: false*
- **prefix**: *string*
@@ -174,6 +196,8 @@
*additional properties: false*
- **display_name**: *string*
- **iam**: *reference([iam](#refs-iam))*
+ - **iam_bindings**: *reference([iam_bindings](#refs-iam_bindings))*
+ - **iam_bindings_additive**: *reference([iam_bindings_additive](#refs-iam_bindings_additive))*
- **iam_self_roles**: *array*
- items: *string*
- **iam_project_roles**: *reference([iam_project_roles](#refs-iam_project_roles))*
diff --git a/fast/stages/2-security/schemas/folder.schema.md b/fast/stages/2-security/schemas/folder.schema.md
index 52c48b342..846d18c6b 100644
--- a/fast/stages/2-security/schemas/folder.schema.md
+++ b/fast/stages/2-security/schemas/folder.schema.md
@@ -6,6 +6,28 @@
*additional properties: false*
+- **asset_feeds**: *object*
+
*additional properties: false*
+ - **`^[a-z0-9-]+$`**: *object*
+
*additional properties: false*
+ - ⁺**billing_project**: *string*
+ - **content_type**: *string*
+
*enum: ['RESOURCE', 'IAM_POLICY', 'ORG_POLICY', 'ACCESS_POLICY', 'OS_INVENTORY', 'RELATIONSHIP']*
+ - **asset_types**: *array*
+ - items: *string*
+ - **asset_names**: *array*
+ - items: *string*
+ - ⁺**feed_output_config**: *object*
+
*additional properties: false*
+ - ⁺**pubsub_destination**: *object*
+
*additional properties: false*
+ - ⁺**topic**: *string*
+ - **condition**: *object*
+
*additional properties: false*
+ - ⁺**expression**: *string*
+ - **title**: *string*
+ - **description**: *string*
+ - **location**: *string*
- **automation**: *object*
*additional properties: false*
- **prefix**: *string*
@@ -90,6 +112,7 @@
- **location**: *string*
- **title**: *string*
- **pam_entitlements**: *reference([pam_entitlements](#refs-pam_entitlements))*
+- **assured_workload_config**: *reference([assured_workload_config](#refs-assured_workload_config))*
- **parent**: *string*
*pattern: ^(?:folders/[0-9]+|organizations/[0-9]+|\$folder_ids:[a-z0-9_-]+)$*
- **tag_bindings**: *object*
@@ -227,3 +250,21 @@
- items: *string*
- **requester_email_recipients**: *array*
- items: *string*
+- **assured_workload_config**: *object*
+
*additional properties: false*
+ - ⁺**compliance_regime**: *string*
+
*enum: ['ASSURED_WORKLOADS_FOR_PARTNERS', 'AU_REGIONS_AND_US_SUPPORT', 'CA_PROTECTED_B', 'CA_REGIONS_AND_SUPPORT', 'CJIS', 'COMPLIANCE_REGIME_UNSPECIFIED', 'EU_REGIONS_AND_SUPPORT', 'FEDRAMP_HIGH', 'FEDRAMP_MODERATE', 'HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS_US_SUPPORT', 'HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS', 'HIPAA', 'HITRUST', 'IL2', 'IL4', 'IL5', 'IRS_1075', 'ISR_REGIONS_AND_SUPPORT', 'ISR_REGIONS', 'ITAR', 'JP_REGIONS_AND_SUPPORT', 'KSA_REGIONS_AND_SUPPORT_WITH_SOVEREIGNTY_CONTROLS', 'REGIONAL_CONTROLS', 'US_REGIONAL_ACCESS']*
+ - ⁺**display_name**: *string*
+ - ⁺**location**: *string*
+ - ⁺**organization**: *string*
+ - **enable_sovereign_controls**: *boolean*
+ - **labels**: *object*
+
*additional properties: string*
+ - **partner**: *string*
+
*enum: ['LOCAL_CONTROLS_BY_S3NS', 'PARTNER_UNSPECIFIED', 'SOVEREIGN_CONTROLS_BY_CNTXT_NO_EKM', 'SOVEREIGN_CONTROLS_BY_CNTXT', 'SOVEREIGN_CONTROLS_BY_PSN', 'SOVEREIGN_CONTROLS_BY_SIA_MINSAIT', 'SOVEREIGN_CONTROLS_BY_T_SYSTEMS']*
+ - **partner_permissions**: *object*
+
*additional properties: false*
+ - **assured_workloads_monitoring**: *boolean*
+ - **data_logs_viewer**: *boolean*
+ - **service_access_approver**: *boolean*
+ - **violation_notifications_enabled**: *boolean*
diff --git a/fast/stages/2-security/schemas/project.schema.json b/fast/stages/2-security/schemas/project.schema.json
index 2488b4fc7..87866ff86 100644
--- a/fast/stages/2-security/schemas/project.schema.json
+++ b/fast/stages/2-security/schemas/project.schema.json
@@ -634,6 +634,12 @@
"iam": {
"$ref": "#/$defs/iam"
},
+ "iam_bindings": {
+ "$ref": "#/$defs/iam_bindings"
+ },
+ "iam_bindings_additive": {
+ "$ref": "#/$defs/iam_bindings_additive"
+ },
"iam_self_roles": {
"type": "array",
"items": {
diff --git a/fast/stages/2-security/schemas/project.schema.md b/fast/stages/2-security/schemas/project.schema.md
index a31495b7e..f4b2057e6 100644
--- a/fast/stages/2-security/schemas/project.schema.md
+++ b/fast/stages/2-security/schemas/project.schema.md
@@ -6,6 +6,28 @@
*additional properties: false*
+- **asset_feeds**: *object*
+
*additional properties: false*
+ - **`^[a-z0-9-]+$`**: *object*
+
*additional properties: false*
+ - **billing_project**: *string*
+ - **content_type**: *string*
+
*enum: ['RESOURCE', 'IAM_POLICY', 'ORG_POLICY', 'ACCESS_POLICY', 'OS_INVENTORY', 'RELATIONSHIP']*
+ - **asset_types**: *array*
+ - items: *string*
+ - **asset_names**: *array*
+ - items: *string*
+ - ⁺**feed_output_config**: *object*
+
*additional properties: false*
+ - ⁺**pubsub_destination**: *object*
+
*additional properties: false*
+ - ⁺**topic**: *string*
+ - **condition**: *object*
+
*additional properties: false*
+ - ⁺**expression**: *string*
+ - **title**: *string*
+ - **description**: *string*
+ - **location**: *string*
- **automation**: *object*
*additional properties: false*
- **prefix**: *string*
@@ -174,6 +196,8 @@
*additional properties: false*
- **display_name**: *string*
- **iam**: *reference([iam](#refs-iam))*
+ - **iam_bindings**: *reference([iam_bindings](#refs-iam_bindings))*
+ - **iam_bindings_additive**: *reference([iam_bindings_additive](#refs-iam_bindings_additive))*
- **iam_self_roles**: *array*
- items: *string*
- **iam_project_roles**: *reference([iam_project_roles](#refs-iam_project_roles))*
diff --git a/modules/folder/schemas/scc-mute-config.schema.md b/modules/folder/schemas/scc-mute-config.schema.md
index 15db0d6ce..03955212e 100644
--- a/modules/folder/schemas/scc-mute-config.schema.md
+++ b/modules/folder/schemas/scc-mute-config.schema.md
@@ -8,4 +8,8 @@
- **description**: *string*
- ⁺**filter**: *string*
- **type**: *string*
- - enum: `DYNAMIC`, `STATIC`
+
*default: DYNAMIC*, *enum: ['DYNAMIC', 'STATIC']*
+
+## Definitions
+
+
diff --git a/modules/organization/schemas/scc-mute-config.schema.md b/modules/organization/schemas/scc-mute-config.schema.md
index 15db0d6ce..03955212e 100644
--- a/modules/organization/schemas/scc-mute-config.schema.md
+++ b/modules/organization/schemas/scc-mute-config.schema.md
@@ -8,4 +8,8 @@
- **description**: *string*
- ⁺**filter**: *string*
- **type**: *string*
- - enum: `DYNAMIC`, `STATIC`
+
*default: DYNAMIC*, *enum: ['DYNAMIC', 'STATIC']*
+
+## Definitions
+
+
diff --git a/modules/project-factory/README.md b/modules/project-factory/README.md
index 0875c08bc..91e3df336 100644
--- a/modules/project-factory/README.md
+++ b/modules/project-factory/README.md
@@ -640,6 +640,10 @@ service_accounts:
iam:
roles/iam.serviceAccountUser:
- $iam_principals:service_accounts/_self_/app-0-fe
+ iam_bindings_additive:
+ test:
+ role: roles/iam.serviceAccountUser
+ member: group:team-a-admins@example.org
iam_sa_roles:
$service_account_ids:_self_/app-0-fe:
- roles/iam.serviceAccountUser
diff --git a/modules/project-factory/projects-service-accounts.tf b/modules/project-factory/projects-service-accounts.tf
index 1e1c69af4..afbdc71ef 100644
--- a/modules/project-factory/projects-service-accounts.tf
+++ b/modules/project-factory/projects-service-accounts.tf
@@ -28,6 +28,8 @@ locals {
"Terraform-managed."
)
iam = try(opts.iam, {})
+ iam_bindings = try(opts.iam_bindings, {})
+ iam_bindings_additive = try(opts.iam_bindings_additive, {})
iam_billing_roles = try(opts.iam_billing_roles, {})
iam_organization_roles = try(opts.iam_organization_roles, {})
iam_sa_roles = try(opts.iam_sa_roles, {})
@@ -119,6 +121,8 @@ module "service_accounts-iam" {
lookup(local.self_sas_ids, each.value.project_key, {})
)
})
- iam = each.value.iam
- iam_sa_roles = each.value.iam_sa_roles
-}
\ No newline at end of file
+ iam = each.value.iam
+ iam_bindings = each.value.iam_bindings
+ iam_bindings_additive = each.value.iam_bindings_additive
+ iam_sa_roles = each.value.iam_sa_roles
+}
diff --git a/modules/project-factory/schemas/folder.schema.md b/modules/project-factory/schemas/folder.schema.md
index d71e11920..846d18c6b 100644
--- a/modules/project-factory/schemas/folder.schema.md
+++ b/modules/project-factory/schemas/folder.schema.md
@@ -6,6 +6,28 @@
*additional properties: false*
+- **asset_feeds**: *object*
+
*additional properties: false*
+ - **`^[a-z0-9-]+$`**: *object*
+
*additional properties: false*
+ - ⁺**billing_project**: *string*
+ - **content_type**: *string*
+
*enum: ['RESOURCE', 'IAM_POLICY', 'ORG_POLICY', 'ACCESS_POLICY', 'OS_INVENTORY', 'RELATIONSHIP']*
+ - **asset_types**: *array*
+ - items: *string*
+ - **asset_names**: *array*
+ - items: *string*
+ - ⁺**feed_output_config**: *object*
+
*additional properties: false*
+ - ⁺**pubsub_destination**: *object*
+
*additional properties: false*
+ - ⁺**topic**: *string*
+ - **condition**: *object*
+
*additional properties: false*
+ - ⁺**expression**: *string*
+ - **title**: *string*
+ - **description**: *string*
+ - **location**: *string*
- **automation**: *object*
*additional properties: false*
- **prefix**: *string*
@@ -237,7 +259,7 @@
- ⁺**organization**: *string*
- **enable_sovereign_controls**: *boolean*
- **labels**: *object*
- *additional properties: String*
+
*additional properties: string*
- **partner**: *string*
*enum: ['LOCAL_CONTROLS_BY_S3NS', 'PARTNER_UNSPECIFIED', 'SOVEREIGN_CONTROLS_BY_CNTXT_NO_EKM', 'SOVEREIGN_CONTROLS_BY_CNTXT', 'SOVEREIGN_CONTROLS_BY_PSN', 'SOVEREIGN_CONTROLS_BY_SIA_MINSAIT', 'SOVEREIGN_CONTROLS_BY_T_SYSTEMS']*
- **partner_permissions**: *object*
diff --git a/modules/project-factory/schemas/project.schema.json b/modules/project-factory/schemas/project.schema.json
index 2488b4fc7..87866ff86 100644
--- a/modules/project-factory/schemas/project.schema.json
+++ b/modules/project-factory/schemas/project.schema.json
@@ -634,6 +634,12 @@
"iam": {
"$ref": "#/$defs/iam"
},
+ "iam_bindings": {
+ "$ref": "#/$defs/iam_bindings"
+ },
+ "iam_bindings_additive": {
+ "$ref": "#/$defs/iam_bindings_additive"
+ },
"iam_self_roles": {
"type": "array",
"items": {
diff --git a/modules/project-factory/schemas/project.schema.md b/modules/project-factory/schemas/project.schema.md
index a31495b7e..f4b2057e6 100644
--- a/modules/project-factory/schemas/project.schema.md
+++ b/modules/project-factory/schemas/project.schema.md
@@ -6,6 +6,28 @@
*additional properties: false*
+- **asset_feeds**: *object*
+
*additional properties: false*
+ - **`^[a-z0-9-]+$`**: *object*
+
*additional properties: false*
+ - **billing_project**: *string*
+ - **content_type**: *string*
+
*enum: ['RESOURCE', 'IAM_POLICY', 'ORG_POLICY', 'ACCESS_POLICY', 'OS_INVENTORY', 'RELATIONSHIP']*
+ - **asset_types**: *array*
+ - items: *string*
+ - **asset_names**: *array*
+ - items: *string*
+ - ⁺**feed_output_config**: *object*
+
*additional properties: false*
+ - ⁺**pubsub_destination**: *object*
+
*additional properties: false*
+ - ⁺**topic**: *string*
+ - **condition**: *object*
+
*additional properties: false*
+ - ⁺**expression**: *string*
+ - **title**: *string*
+ - **description**: *string*
+ - **location**: *string*
- **automation**: *object*
*additional properties: false*
- **prefix**: *string*
@@ -174,6 +196,8 @@
*additional properties: false*
- **display_name**: *string*
- **iam**: *reference([iam](#refs-iam))*
+ - **iam_bindings**: *reference([iam_bindings](#refs-iam_bindings))*
+ - **iam_bindings_additive**: *reference([iam_bindings_additive](#refs-iam_bindings_additive))*
- **iam_self_roles**: *array*
- items: *string*
- **iam_project_roles**: *reference([iam_project_roles](#refs-iam_project_roles))*
diff --git a/modules/project/schemas/scc-mute-config.schema.md b/modules/project/schemas/scc-mute-config.schema.md
index 15db0d6ce..03955212e 100644
--- a/modules/project/schemas/scc-mute-config.schema.md
+++ b/modules/project/schemas/scc-mute-config.schema.md
@@ -8,4 +8,8 @@
- **description**: *string*
- ⁺**filter**: *string*
- **type**: *string*
- - enum: `DYNAMIC`, `STATIC`
+
*default: DYNAMIC*, *enum: ['DYNAMIC', 'STATIC']*
+
+## Definitions
+
+
diff --git a/tests/modules/project_factory/examples/example.yaml b/tests/modules/project_factory/examples/example.yaml
index 03fbd3e97..01337b178 100644
--- a/tests/modules/project_factory/examples/example.yaml
+++ b/tests/modules/project_factory/examples/example.yaml
@@ -827,6 +827,10 @@ values:
: condition: []
role: roles/iam.serviceAccountUser
service_account_id: projects/test-pf-dev-ta-app0-be/serviceAccounts/app-0-fe@test-pf-dev-ta-app0-be.iam.gserviceaccount.com
+ ? module.project-factory.module.service_accounts-iam["dev-ta-app0-be/app-0-be"].google_service_account_iam_member.bindings["test"]
+ : condition: []
+ member: group:team-a-admins@example.org
+ role: roles/iam.serviceAccountUser
? module.project-factory.module.service_accounts-iam["dev-tb-app0-0/vm-default"].google_service_account_iam_binding.authoritative["roles/iam.serviceAccountTokenCreator"]
: condition: []
members:
@@ -867,7 +871,7 @@ counts:
google_pubsub_topic_iam_binding: 1
google_service_account: 6
google_service_account_iam_binding: 2
- google_service_account_iam_member: 1
+ google_service_account_iam_member: 2
google_storage_bucket: 1
google_storage_bucket_iam_binding: 2
google_storage_project_service_account: 4
@@ -876,5 +880,5 @@ counts:
google_tags_tag_value: 2
google_tags_tag_value_iam_binding: 1
modules: 30
- resources: 108
+ resources: 109
terraform_data: 2