add missing IAM interface attributes to service account module (#3700)

modules/folder/schemas/scc-mute-config.schema.md

@@ -8,4 +8,8 @@
   - **description**: *string*
   - ⁺**filter**: *string*
   - **type**: *string*
-    - enum: `DYNAMIC`, `STATIC`
+    <br>*default: DYNAMIC*, *enum: ['DYNAMIC', 'STATIC']*
+
+## Definitions
+
+

modules/organization/schemas/scc-mute-config.schema.md

@@ -8,4 +8,8 @@
   - **description**: *string*
   - ⁺**filter**: *string*
   - **type**: *string*
-    - enum: `DYNAMIC`, `STATIC`
+    <br>*default: DYNAMIC*, *enum: ['DYNAMIC', 'STATIC']*
+
+## Definitions
+
+

modules/project-factory/README.md

@@ -640,6 +640,10 @@ service_accounts:
     iam:
       roles/iam.serviceAccountUser:
         - $iam_principals:service_accounts/_self_/app-0-fe
+    iam_bindings_additive:
+      test:
+        role: roles/iam.serviceAccountUser
+        member: group:team-a-admins@example.org
     iam_sa_roles:
       $service_account_ids:_self_/app-0-fe:
         - roles/iam.serviceAccountUser

modules/project-factory/projects-service-accounts.tf

@@ -28,6 +28,8 @@ locals {
           "Terraform-managed."
         )
         iam                    = try(opts.iam, {})
+        iam_bindings           = try(opts.iam_bindings, {})
+        iam_bindings_additive  = try(opts.iam_bindings_additive, {})
         iam_billing_roles      = try(opts.iam_billing_roles, {})
         iam_organization_roles = try(opts.iam_organization_roles, {})
         iam_sa_roles           = try(opts.iam_sa_roles, {})
@@ -119,6 +121,8 @@ module "service_accounts-iam" {
       lookup(local.self_sas_ids, each.value.project_key, {})
     )
   })
-  iam          = each.value.iam
-  iam_sa_roles = each.value.iam_sa_roles
-}
+  iam                   = each.value.iam
+  iam_bindings          = each.value.iam_bindings
+  iam_bindings_additive = each.value.iam_bindings_additive
+  iam_sa_roles          = each.value.iam_sa_roles
+}

modules/project-factory/schemas/folder.schema.md

@@ -6,6 +6,28 @@
 
 *additional properties: false*
 
+- **asset_feeds**: *object*
+  <br>*additional properties: false*
+  - **`^[a-z0-9-]+$`**: *object*
+    <br>*additional properties: false*
+    - ⁺**billing_project**: *string*
+    - **content_type**: *string*
+      <br>*enum: ['RESOURCE', 'IAM_POLICY', 'ORG_POLICY', 'ACCESS_POLICY', 'OS_INVENTORY', 'RELATIONSHIP']*
+    - **asset_types**: *array*
+      - items: *string*
+    - **asset_names**: *array*
+      - items: *string*
+    - ⁺**feed_output_config**: *object*
+      <br>*additional properties: false*
+      - ⁺**pubsub_destination**: *object*
+        <br>*additional properties: false*
+        - ⁺**topic**: *string*
+    - **condition**: *object*
+      <br>*additional properties: false*
+      - ⁺**expression**: *string*
+      - **title**: *string*
+      - **description**: *string*
+      - **location**: *string*
 - **automation**: *object*
   <br>*additional properties: false*
   - **prefix**: *string*
@@ -237,7 +259,7 @@
   - ⁺**organization**: *string*
   - **enable_sovereign_controls**: *boolean*
   - **labels**: *object*
-    *additional properties: String*
+    <br>*additional properties: string*
   - **partner**: *string*
     <br>*enum: ['LOCAL_CONTROLS_BY_S3NS', 'PARTNER_UNSPECIFIED', 'SOVEREIGN_CONTROLS_BY_CNTXT_NO_EKM', 'SOVEREIGN_CONTROLS_BY_CNTXT', 'SOVEREIGN_CONTROLS_BY_PSN', 'SOVEREIGN_CONTROLS_BY_SIA_MINSAIT', 'SOVEREIGN_CONTROLS_BY_T_SYSTEMS']*
   - **partner_permissions**: *object*

modules/project-factory/schemas/project.schema.json

@@ -634,6 +634,12 @@
             "iam": {
               "$ref": "#/$defs/iam"
             },
+            "iam_bindings": {
+              "$ref": "#/$defs/iam_bindings"
+            },
+            "iam_bindings_additive": {
+              "$ref": "#/$defs/iam_bindings_additive"
+            },
             "iam_self_roles": {
               "type": "array",
               "items": {

modules/project-factory/schemas/project.schema.md

@@ -6,6 +6,28 @@
 
 *additional properties: false*
 
+- **asset_feeds**: *object*
+  <br>*additional properties: false*
+  - **`^[a-z0-9-]+$`**: *object*
+    <br>*additional properties: false*
+    - **billing_project**: *string*
+    - **content_type**: *string*
+      <br>*enum: ['RESOURCE', 'IAM_POLICY', 'ORG_POLICY', 'ACCESS_POLICY', 'OS_INVENTORY', 'RELATIONSHIP']*
+    - **asset_types**: *array*
+      - items: *string*
+    - **asset_names**: *array*
+      - items: *string*
+    - ⁺**feed_output_config**: *object*
+      <br>*additional properties: false*
+      - ⁺**pubsub_destination**: *object*
+        <br>*additional properties: false*
+        - ⁺**topic**: *string*
+    - **condition**: *object*
+      <br>*additional properties: false*
+      - ⁺**expression**: *string*
+      - **title**: *string*
+      - **description**: *string*
+      - **location**: *string*
 - **automation**: *object*
   <br>*additional properties: false*
   - **prefix**: *string*
@@ -174,6 +196,8 @@
     <br>*additional properties: false*
     - **display_name**: *string*
     - **iam**: *reference([iam](#refs-iam))*
+    - **iam_bindings**: *reference([iam_bindings](#refs-iam_bindings))*
+    - **iam_bindings_additive**: *reference([iam_bindings_additive](#refs-iam_bindings_additive))*
     - **iam_self_roles**: *array*
       - items: *string*
     - **iam_project_roles**: *reference([iam_project_roles](#refs-iam_project_roles))*

modules/project/schemas/scc-mute-config.schema.md

@@ -8,4 +8,8 @@
   - **description**: *string*
   - ⁺**filter**: *string*
   - **type**: *string*
-    - enum: `DYNAMIC`, `STATIC`
+    <br>*default: DYNAMIC*, *enum: ['DYNAMIC', 'STATIC']*
+
+## Definitions
+
+