feat: Add schema check to custom constraints, SCC custom modules, and observability configurations, along with their respective schema definitions. (#3705)

2026-02-05 22:20:25 +11:00
parent 2af44b0651
commit 9debc3df6f
137 changed files with 1087 additions and 91 deletions
--- a/fast/stages/0-org-setup/datasets/hardened/observability/auditConfigChanges.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/observability/auditConfigChanges.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../schemas/observability.schema.json
+
 alerts:
  auditConfigChanges:
    combiner: OR
--- a/fast/stages/0-org-setup/datasets/hardened/observability/binaryAuthorizationPolicyChanges.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/observability/binaryAuthorizationPolicyChanges.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../schemas/observability.schema.json
+
 alerts:
  binaryAuthorizationPolicyChanges:
    combiner: OR
--- a/fast/stages/0-org-setup/datasets/hardened/observability/cloudsqlInstanceChanges.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/observability/cloudsqlInstanceChanges.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../schemas/observability.schema.json
+
 alerts:
  cloudsqlInstanceChanges:
    combiner: OR
--- a/fast/stages/0-org-setup/datasets/hardened/observability/customRoleChanges.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/observability/customRoleChanges.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../schemas/observability.schema.json
+
 alerts:
  customRoleChanges:
    combiner: OR
--- a/fast/stages/0-org-setup/datasets/hardened/observability/firewallPolicyRuleChanges.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/observability/firewallPolicyRuleChanges.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../schemas/observability.schema.json
+
 alerts:
  firewallPolicyRuleChanges:
    combiner: OR
--- a/fast/stages/0-org-setup/datasets/hardened/observability/firewallRuleChanges.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/observability/firewallRuleChanges.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../schemas/observability.schema.json
+
 alerts:
  firewallRuleChanges:
    combiner: OR
--- a/fast/stages/0-org-setup/datasets/hardened/observability/networkChanges.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/observability/networkChanges.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../schemas/observability.schema.json
+
 alerts:
  networkChanges:
    combiner: OR
--- a/fast/stages/0-org-setup/datasets/hardened/observability/networkRouteChanges.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/observability/networkRouteChanges.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../schemas/observability.schema.json
+
 alerts:
  networkRouteChanges:
    combiner: OR
--- a/fast/stages/0-org-setup/datasets/hardened/observability/projectOwnershipChange.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/observability/projectOwnershipChange.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../schemas/observability.schema.json
+
 alerts:
  projectOwnershipChange:
    combiner: OR
--- a/fast/stages/0-org-setup/datasets/hardened/observability/storageIamChanges.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/observability/storageIamChanges.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../schemas/observability.schema.json
+
 alerts:
  storageIamChanges:
    combiner: OR
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.accesscontextmanagerDisableBridgePerimeters.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.accesscontextmanagerDisableBridgePerimeters.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.accesscontextmanagerDisableBridgePerimeters:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudbuildDisableWorkerPoolExternalIP.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudbuildDisableWorkerPoolExternalIP.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.cloudbuildDisableWorkerPoolExternalIP:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudkmsAllowedAlgorithms.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudkmsAllowedAlgorithms.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.cloudkmsAllowedAlgorithms:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudkmsAllowedProtectionLevel.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudkmsAllowedProtectionLevel.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.cloudkmsAllowedProtectionLevel:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudkmsAllowedRotationPeriod.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudkmsAllowedRotationPeriod.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.cloudkmsAllowedRotationPeriod:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudrunDisableEnvironmentVariablePattern.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudrunDisableEnvironmentVariablePattern.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.cloudrunDisableEnvironmentVariablePattern:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudrunJobDisableDefaultServiceAccount.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudrunJobDisableDefaultServiceAccount.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.cloudrunJobDisableDefaultServiceAccount:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudrunJobRequireBinaryAuthorization.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudrunJobRequireBinaryAuthorization.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.cloudrunJobRequireBinaryAuthorization:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudrunServiceDisableDefaultServiceAccount.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudrunServiceDisableDefaultServiceAccount.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.cloudrunServiceDisableDefaultServiceAccount:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudrunServiceRequireBinaryAuthorization.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudrunServiceRequireBinaryAuthorization.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.cloudrunServiceRequireBinaryAuthorization:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlDisablePublicAuthorizedNetworks.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlDisablePublicAuthorizedNetworks.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.cloudsqlDisablePublicAuthorizedNetworks:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlEnforcePasswordComplexity.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlEnforcePasswordComplexity.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.cloudsqlEnforcePasswordComplexity:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequireAutomatedBackup.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequireAutomatedBackup.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.cloudsqlRequireAutomatedBackup:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequireHighAvailability.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequireHighAvailability.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.cloudsqlRequireHighAvailability:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequireMySQLDatabaseFlags.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequireMySQLDatabaseFlags.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.cloudsqlRequireMySQLDatabaseFlags:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequirePointInTimeRecovery.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequirePointInTimeRecovery.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.cloudsqlRequirePointInTimeRecovery:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequirePostgreSQLDatabaseAdditionalFlags.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequirePostgreSQLDatabaseAdditionalFlags.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.cloudsqlRequirePostgreSQLDatabaseAdditionalFlags:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequirePostgreSQLDatabaseFlags.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequirePostgreSQLDatabaseFlags.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.cloudsqlRequirePostgreSQLDatabaseFlags:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequireRootPassword.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequireRootPassword.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.cloudsqlRequireRootPassword:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequireSQLServerDatabaseFlags.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequireSQLServerDatabaseFlags.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.cloudsqlRequireSQLServerDatabaseFlags:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequireSSLConnection.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequireSSLConnection.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.cloudsqlRequireSSLConnection:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.dataprocDisableDefaultServiceAccount.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.dataprocDisableDefaultServiceAccount.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.dataprocDisableDefaultServiceAccount:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.dataprocRequireDiskCmekEncryption.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.dataprocRequireDiskCmekEncryption.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.dataprocRequireDiskCmekEncryption:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.dataprocRequireInternalIp.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.dataprocRequireInternalIp.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.dataprocRequireInternalIp:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.dataprocRequireKerberos.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.dataprocRequireKerberos.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.dataprocRequireKerberos:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.dnsAllowedSigningAlgorithms.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.dnsAllowedSigningAlgorithms.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.dnsAllowedSigningAlgorithms:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.dnsRequireManageZoneDNSSEC.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.dnsRequireManageZoneDNSSEC.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.dnsRequireManageZoneDNSSEC:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.dnsRequirePolicyLogging.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.dnsRequirePolicyLogging.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.dnsRequirePolicyLogging:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallEnforcePolicyRuleLogging.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallEnforcePolicyRuleLogging.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.firewallEnforcePolicyRuleLogging:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallEnforceRuleLogging.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallEnforceRuleLogging.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.firewallEnforceRuleLogging:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRequireDescription.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRequireDescription.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.firewallRequireDescription:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictCacheSearchDatabasesPolicyRule.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictCacheSearchDatabasesPolicyRule.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.firewallRestrictCacheSearchDatabasesPolicyRule:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictCacheSearchDatabasesRule.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictCacheSearchDatabasesRule.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.firewallRestrictCacheSearchDatabasesRule:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictDirectoryServicesPolicyRule.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictDirectoryServicesPolicyRule.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.firewallRestrictDirectoryServicesPolicyRule:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictDirectoryServicesRule.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictDirectoryServicesRule.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.firewallRestrictDirectoryServicesRule:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictExplicitAllPortsPolicyRule.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictExplicitAllPortsPolicyRule.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.firewallRestrictExplicitAllPortsPolicyRule:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictExplicitAllPortsRule.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictExplicitAllPortsRule.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.firewallRestrictExplicitAllPortsRule:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictInsecureProtocolsPolicyRule.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictInsecureProtocolsPolicyRule.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.firewallRestrictInsecureProtocolsPolicyRule:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictInsecureProtocolsRule.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictInsecureProtocolsRule.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.firewallRestrictInsecureProtocolsRule:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictMailProtocolsPolicyRule.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictMailProtocolsPolicyRule.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.firewallRestrictMailProtocolsPolicyRule:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictMailProtocolsRule.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictMailProtocolsRule.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.firewallRestrictMailProtocolsRule:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictManagementPortsPolicyRule.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictManagementPortsPolicyRule.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.firewallRestrictManagementPortsPolicyRule:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictManagementPortsRule.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictManagementPortsRule.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.firewallRestrictManagementPortsRule:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictNetworkServicesPolicyRule.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictNetworkServicesPolicyRule.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.firewallRestrictNetworkServicesPolicyRule:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictNetworkServicesRule.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictNetworkServicesRule.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.firewallRestrictNetworkServicesRule:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictNoSQLDatabasesPolicyRule.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictNoSQLDatabasesPolicyRule.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.firewallRestrictNoSQLDatabasesPolicyRule:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictNoSQLDatabasesRule.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictNoSQLDatabasesRule.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.firewallRestrictNoSQLDatabasesRule:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictPublicAccessPolicyRule.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictPublicAccessPolicyRule.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.firewallRestrictPublicAccessPolicyRule:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictPublicAccessRule.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictPublicAccessRule.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.firewallRestrictPublicAccessRule:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictRdpPolicyRule.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictRdpPolicyRule.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.firewallRestrictRdpPolicyRule:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictRdpRule.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictRdpRule.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.firewallRestrictRdpRule:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictSQLDatabasesPolicyRule.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictSQLDatabasesPolicyRule.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.firewallRestrictSQLDatabasesPolicyRule:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictSQLDatabasesRule.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictSQLDatabasesRule.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.firewallRestrictSQLDatabasesRule:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictSshPolicyRule.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictSshPolicyRule.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.firewallRestrictSshPolicyRule:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictSshRule.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictSshRule.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.firewallRestrictSshRule:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeAllowedNodePoolImages.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeAllowedNodePoolImages.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.gkeAllowedNodePoolImages:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeAllowedReleaseChannels.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeAllowedReleaseChannels.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.gkeAllowedReleaseChannels:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeDisableAlphaCluster.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeDisableAlphaCluster.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.gkeDisableAlphaCluster:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeDisableKubernetesDashboard.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeDisableKubernetesDashboard.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.gkeDisableKubernetesDashboard:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeDisableLegacyAbac.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeDisableLegacyAbac.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.gkeDisableLegacyAbac:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeDisableLegacyMetadataEndpoints.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeDisableLegacyMetadataEndpoints.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.gkeDisableLegacyMetadataEndpoints:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireCOSImage.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireCOSImage.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.gkeRequireCOSImage:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireConfidentialNodes.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireConfidentialNodes.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.gkeRequireConfidentialNodes:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireDataplaneV2.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireDataplaneV2.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.gkeRequireDataplaneV2:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireGKEMetadataServer.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireGKEMetadataServer.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.gkeRequireGKEMetadataServer:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireIntegrityMonitoring.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireIntegrityMonitoring.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.gkeRequireIntegrityMonitoring:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireIntraNodeVisibility.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireIntraNodeVisibility.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.gkeRequireIntraNodeVisibility:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireMasterAuthorizedNetworks.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireMasterAuthorizedNetworks.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.gkeRequireMasterAuthorizedNetworks:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireMonitoring.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireMonitoring.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.gkeRequireMonitoring:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireNodePoolAutoRepair.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireNodePoolAutoRepair.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.gkeRequireNodePoolAutoRepair:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireNodePoolAutoUpgrade.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireNodePoolAutoUpgrade.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.gkeRequireNodePoolAutoUpgrade:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireNodePoolCMEKEncryption.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireNodePoolCMEKEncryption.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.gkeRequireNodePoolCMEKEncryption:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireNodePoolSandbox.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireNodePoolSandbox.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.gkeRequireNodePoolSandbox:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequirePrivateEndpoint.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequirePrivateEndpoint.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.gkeRequirePrivateEndpoint:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireRegionalClusters.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireRegionalClusters.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.gkeRequireRegionalClusters:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireSecureBoot.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireSecureBoot.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.gkeRequireSecureBoot:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireVPCNativeCluster.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireVPCNativeCluster.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.gkeRequireVPCNativeCluster:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.iamAllowedMembers.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.iamAllowedMembers.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.iamAllowedMembers:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.iamDisableAdminServiceAccount.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.iamDisableAdminServiceAccount.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.iamDisableAdminServiceAccount:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.iamDisableBasicRoles.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.iamDisableBasicRoles.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.iamDisableBasicRoles:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.iamDisableProjectServiceAccountImpersonationRoles.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.iamDisableProjectServiceAccountImpersonationRoles.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.iamDisableProjectServiceAccountImpersonationRoles:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.iamDisablePublicBindings.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.iamDisablePublicBindings.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.iamDisablePublicBindings:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.iamDisableRedisAdminRoles.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.iamDisableRedisAdminRoles.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.iamDisableRedisAdminRoles:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.networkDisableTargetHTTPProxy.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.networkDisableTargetHTTPProxy.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.networkDisableTargetHTTPProxy:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.networkDisableWeakSSLPolicy.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.networkDisableWeakSSLPolicy.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.networkDisableWeakSSLPolicy:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.networkRequireBackendServiceLogging.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.networkRequireBackendServiceLogging.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.networkRequireBackendServiceLogging:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.networkRequireCustomModeVpc.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.networkRequireCustomModeVpc.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.networkRequireCustomModeVpc:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.networkRequireSubnetPrivateGoogleAccess.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.networkRequireSubnetPrivateGoogleAccess.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.networkRequireSubnetPrivateGoogleAccess:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.storageRequireBucketObjectVersionning.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.storageRequireBucketObjectVersionning.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.storageRequireBucketObjectVersionning:
  action_type: DENY
  condition: |-
--- a/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/artifactregistryRequireCMEK.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/artifactregistryRequireCMEK.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# yaml-language-server: $schema=../../../../schemas/scc-sha-custom-modules.schema.json
+
 artifactregistryRequireCMEK:
  description: Detect if Artifact Registry repositories are not encrypted using CMEK
  predicate:
--- a/Show More
+++ b/Show More