kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Align schemas (#3447)

Browse Source 
* enforce schema uniqueness

* schemas

* fix tests
This commit is contained in:
Ludovico Magnocavallo
2025-10-21 14:03:40 +02:00
committed by GitHub
parent c60ae3652a
commit a4cc7cd979
11 changed files with 2492 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
fast/stages/0-org-setup/schemas/folder.schema.json
View File

@@ -1 +0,0 @@
../../../../modules/project-factory/schemas/folder.schema.json

555
fast/stages/0-org-setup/schemas/folder.schema.json Normal file
View File

@@ -0,0 +1,555 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"title": "Folder",
"type": "object",
"additionalProperties": false,
"properties": {
"automation": {
"type": "object",
"additionalProperties": false,
"required": [
"project"
],
"properties": {
"prefix": {
"type": "string"
},
"project": {
"type": "string"
},
"bucket": {
"$ref": "#/$defs/bucket"
},
"service_accounts": {
"type": "object",
"additionalProperties": false,
"patternProperties": {
"^[a-z0-9-]+$": {
"type": "object",
"additionalProperties": false,
"properties": {
"description": {
"type": "string"
},
"iam": {
"$ref": "#/$defs/iam"
},
"iam_bindings": {
"$ref": "#/$defs/iam_bindings"
},
"iam_bindings_additive": {
"$ref": "#/$defs/iam_bindings_additive"
},
"iam_billing_roles": {
"$ref": "#/$defs/iam_billing_roles"
},
"iam_folder_roles": {
"$ref": "#/$defs/iam_folder_roles"
},
"iam_organization_roles": {
"$ref": "#/$defs/iam_organization_roles"
},
"iam_project_roles": {
"$ref": "#/$defs/iam_project_roles"
},
"iam_sa_roles": {
"$ref": "#/$defs/iam_sa_roles"
},
"iam_storage_roles": {
"$ref": "#/$defs/iam_storage_roles"
}
}
}
}
}
}
},
"factories_config": {
"type": "object",
"additionalProperties": false,
"properties": {
"org_policies": {
"type": "string"
},
"pam_entitlements": {
"type": "string"
},
"scc_sha_custom_modules": {
"type": "string"
}
}
},
"iam": {
"$ref": "#/$defs/iam"
},
"iam_bindings": {
"$ref": "#/$defs/iam_bindings"
},
"iam_bindings_additive": {
"$ref": "#/$defs/iam_bindings_additive"
},
"iam_by_principals": {
"$ref": "#/$defs/iam_by_principals"
},
"name": {
"type": "string"
},
"org_policies": {
"type": "object",
"additionalProperties": false,
"patternProperties": {
"^[a-z]+\\.": {
"type": "object",
"properties": {
"inherit_from_parent": {
"type": "boolean"
},
"reset": {
"type": "boolean"
},
"rules": {
"type": "array",
"items": {
"type": "object",
"additionalProperties": false,
"properties": {
"allow": {
"type": "object",
"additionalProperties": false,
"properties": {
"all": {
"type": "boolean"
},
"values": {
"type": "array",
"items": {
"type": "string"
}
}
}
},
"deny": {
"type": "object",
"additionalProperties": false,
"properties": {
"all": {
"type": "boolean"
},
"values": {
"type": "array",
"items": {
"type": "string"
}
}
}
},
"enforce": {
"type": "boolean"
},
"condition": {
"type": "object",
"additionalProperties": false,
"properties": {
"description": {
"type": "string"
},
"expression": {
"type": "string"
},
"location": {
"type": "string"
},
"title": {
"type": "string"
}
}
}
}
}
}
}
}
}
},
"pam_entitlements": {
"$ref": "#/$defs/pam_entitlements"
},
"parent": {
"type": "string",
"pattern": "^(?:folders/[0-9]+|organizations/[0-9]+|\\$folder_ids:[a-z0-9_-]+)$"
},
"tag_bindings": {
"type": "object",
"additionalProperties": false,
"patternProperties": {
"^[a-z0-9_-]+$": {
"type": "string"
}
}
}
},
"$defs": {
"bucket": {
"type": "object",
"additionalProperties": false,
"properties": {
"name": {
"type": "string"
},
"description": {
"type": "string"
},
"iam": {
"$ref": "#/$defs/iam"
},
"iam_bindings": {
"$ref": "#/$defs/iam_bindings"
},
"iam_bindings_additive": {
"$ref": "#/$defs/iam_bindings_additive"
},
"force_destroy": {
"type": "boolean"
},
"labels": {
"type": "object",
"additionalProperties": {
"type": "string"
}
},
"location": {
"type": "string"
},
"managed_folders": {
"type": "object",
"additionalProperties": false,
"patternProperties": {
"^[a-zA-Z0-9][a-zA-Z0-9_/-]+$": {
"type": "object",
"additionalProperties": false,
"properties": {
"force_destroy": {
"type": "boolean"
},
"iam": {
"$ref": "#/$defs/iam"
},
"iam_bindings": {
"$ref": "#/$defs/iam_bindings"
},
"iam_bindings_additive": {
"$ref": "#/$defs/iam_bindings_additive"
}
}
}
}
},
"prefix": {
"type": "string"
},
"storage_class": {
"type": "string"
},
"uniform_bucket_level_access": {
"type": "boolean"
},
"versioning": {
"type": "boolean"
}
}
},
"iam": {
"type": "object",
"additionalProperties": false,
"patternProperties": {
"^(?:roles/|\\$custom_roles:)": {
"type": "array",
"items": {
"type": "string",
"pattern": "^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|\\$iam_principals:)"
}
}
}
},
"iam_bindings": {
"type": "object",
"additionalProperties": false,
"patternProperties": {
"^[a-z0-9_-]+$": {
"type": "object",
"additionalProperties": false,
"properties": {
"members": {
"type": "array",
"items": {
"type": "string",
"pattern": "^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|\\$iam_principals:)"
}
},
"role": {
"type": "string",
"pattern": "^(?:roles/|\\$custom_roles:)"
},
"condition": {
"type": "object",
"additionalProperties": false,
"required": [
"expression",
"title"
],
"properties": {
"expression": {
"type": "string"
},
"title": {
"type": "string"
},
"description": {
"type": "string"
}
}
}
}
}
}
},
"iam_bindings_additive": {
"type": "object",
"additionalProperties": false,
"patternProperties": {
"^[a-z0-9_-]+$": {
"type": "object",
"additionalProperties": false,
"properties": {
"member": {
"type": "string",
"pattern": "^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|\\$iam_principals:)"
},
"role": {
"type": "string",
"pattern": "^(?:roles/|\\$custom_roles:)"
},
"condition": {
"type": "object",
"additionalProperties": false,
"required": [
"expression",
"title"
],
"properties": {
"expression": {
"type": "string"
},
"title": {
"type": "string"
},
"description": {
"type": "string"
}
}
}
}
}
}
},
"iam_by_principals": {
"type": "object",
"additionalProperties": false,
"patternProperties": {
"^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|\\$iam_principals:)": {
"type": "array",
"items": {
"type": "string",
"pattern": "^(?:roles/|\\$custom_roles:)"
}
}
}
},
"iam_billing_roles": {
"type": "object",
"additionalProperties": false,
"patternProperties": {
"^[a-z0-9-]+$": {
"type": "array",
"items": {
"type": "string"
}
}
}
},
"iam_folder_roles": {
"type": "object",
"additionalProperties": false,
"patternProperties": {
"^[a-z0-9-]+$": {
"type": "array",
"items": {
"type": "string"
}
}
}
},
"iam_organization_roles": {
"type": "object",
"additionalProperties": false,
"patternProperties": {
"^[a-z0-9-]+$": {
"type": "array",
"items": {
"type": "string"
}
}
}
},
"iam_project_roles": {
"type": "object",
"additionalProperties": false,
"patternProperties": {
"^[a-z0-9-]+$": {
"type": "array",
"items": {
"type": "string"
}
}
}
},
"iam_sa_roles": {
"type": "object",
"additionalProperties": false,
"patternProperties": {
"^[a-z0-9-]+$": {
"type": "array",
"items": {
"type": "string"
}
}
}
},
"iam_storage_roles": {
"type": "object",
"additionalProperties": false,
"patternProperties": {
"^[a-z0-9-]+$": {
"type": "array",
"items": {
"type": "string"
}
}
}
},
"pam_entitlements": {
"type": "object",
"additionalProperties": false,
"patternProperties": {
"^[a-z][a-z0-9-]{0,61}[a-z0-9]$": {
"type": "object",
"properties": {
"max_request_duration": {
"type": "string"
},
"eligible_users": {
"type": "array",
"items": {
"type": "string"
}
},
"privileged_access": {
"type": "array",
"items": {
"type": "object",
"properties": {
"role": {
"type": "string"
},
"condition": {
"type": "string"
}
},
"required": [
"role"
],
"additionalProperties": false
}
},
"requester_justification_config": {
"type": "object",
"properties": {
"not_mandatory": {
"type": "boolean"
},
"unstructured": {
"type": "boolean"
}
},
"additionalProperties": false
},
"manual_approvals": {
"type": "object",
"properties": {
"require_approver_justification": {
"type": "boolean"
},
"steps": {
"type": "array",
"items": {
"type": "object",
"properties": {
"approvers": {
"type": "array",
"items": {
"type": "string"
}
},
"approvals_needed": {
"type": "number"
},
"approver_email_recipients": {
"type": "array",
"items": {
"type": "string"
}
}
},
"required": [
"approvers"
],
"additionalProperties": false
}
}
},
"required": [
"require_approver_justification",
"steps"
],
"additionalProperties": false
},
"additional_notification_targets": {
"type": "object",
"properties": {
"admin_email_recipients": {
"type": "array",
"items": {
"type": "string"
}
},
"requester_email_recipients": {
"type": "array",
"items": {
"type": "string"
}
}
},
"additionalProperties": false
}
},
"required": [
"max_request_duration",
"eligible_users",
"privileged_access"
],
"additionalProperties": false
}
}
}
}
}

1
fast/stages/0-org-setup/schemas/folder.schema.md
View File

@@ -1 +0,0 @@
../../../../modules/project-factory/schemas/folder.schema.md

188
fast/stages/0-org-setup/schemas/folder.schema.md Normal file
View File

@@ -0,0 +1,188 @@
# Folder
<!-- markdownlint-disable MD036 -->
## Properties
*additional properties: false*
- **automation**: *object*
<br>*additional properties: false*
- **prefix**: *string*
- ⁺**project**: *string*
- **bucket**: *reference([bucket](#refs-bucket))*
- **service_accounts**: *object*
<br>*additional properties: false*
- **`^[a-z0-9-]+$`**: *object*
<br>*additional properties: false*
- **description**: *string*
- **iam**: *reference([iam](#refs-iam))*
- **iam_bindings**: *reference([iam_bindings](#refs-iam_bindings))*
- **iam_bindings_additive**: *reference([iam_bindings_additive](#refs-iam_bindings_additive))*
- **iam_billing_roles**: *reference([iam_billing_roles](#refs-iam_billing_roles))*
- **iam_folder_roles**: *reference([iam_folder_roles](#refs-iam_folder_roles))*
- **iam_organization_roles**: *reference([iam_organization_roles](#refs-iam_organization_roles))*
- **iam_project_roles**: *reference([iam_project_roles](#refs-iam_project_roles))*
- **iam_sa_roles**: *reference([iam_sa_roles](#refs-iam_sa_roles))*
- **iam_storage_roles**: *reference([iam_storage_roles](#refs-iam_storage_roles))*
- **factories_config**: *object*
<br>*additional properties: false*
- **org_policies**: *string*
- **pam_entitlements**: *string*
- **scc_sha_custom_modules**: *string*
- **iam**: *reference([iam](#refs-iam))*
- **iam_bindings**: *reference([iam_bindings](#refs-iam_bindings))*
- **iam_bindings_additive**: *reference([iam_bindings_additive](#refs-iam_bindings_additive))*
- **iam_by_principals**: *reference([iam_by_principals](#refs-iam_by_principals))*
- **name**: *string*
- **org_policies**: *object*
<br>*additional properties: false*
- **`^[a-z]+\.`**: *object*
- **inherit_from_parent**: *boolean*
- **reset**: *boolean*
- **rules**: *array*
- items: *object*
<br>*additional properties: false*
- **allow**: *object*
<br>*additional properties: false*
- **all**: *boolean*
- **values**: *array*
- items: *string*
- **deny**: *object*
<br>*additional properties: false*
- **all**: *boolean*
- **values**: *array*
- items: *string*
- **enforce**: *boolean*
- **condition**: *object*
<br>*additional properties: false*
- **description**: *string*
- **expression**: *string*
- **location**: *string*
- **title**: *string*
- **pam_entitlements**: *reference([pam_entitlements](#refs-pam_entitlements))*
- **parent**: *string*
<br>*pattern: ^(?:folders/[0-9]+|organizations/[0-9]+|\$folder_ids:[a-z0-9_-]+)$*
- **tag_bindings**: *object*
<br>*additional properties: false*
- **`^[a-z0-9_-]+$`**: *string*
## Definitions
- **bucket**<a name="refs-bucket"></a>: *object*
<br>*additional properties: false*
- **name**: *string*
- **description**: *string*
- **iam**: *reference([iam](#refs-iam))*
- **iam_bindings**: *reference([iam_bindings](#refs-iam_bindings))*
- **iam_bindings_additive**: *reference([iam_bindings_additive](#refs-iam_bindings_additive))*
- **force_destroy**: *boolean*
- **labels**: *object*
*additional properties: String*
- **location**: *string*
- **managed_folders**: *object*
<br>*additional properties: false*
- **`^[a-zA-Z0-9][a-zA-Z0-9_/-]+$`**: *object*
<br>*additional properties: false*
- **force_destroy**: *boolean*
- **iam**: *reference([iam](#refs-iam))*
- **iam_bindings**: *reference([iam_bindings](#refs-iam_bindings))*
- **iam_bindings_additive**: *reference([iam_bindings_additive](#refs-iam_bindings_additive))*
- **prefix**: *string*
- **storage_class**: *string*
- **uniform_bucket_level_access**: *boolean*
- **versioning**: *boolean*
- **iam**<a name="refs-iam"></a>: *object*
<br>*additional properties: false*
- **`^(?:roles/|\$custom_roles:)`**: *array*
- items: *string*
<br>*pattern: ^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|\$iam_principals:)*
- **iam_bindings**<a name="refs-iam_bindings"></a>: *object*
<br>*additional properties: false*
- **`^[a-z0-9_-]+$`**: *object*
<br>*additional properties: false*
- **members**: *array*
- items: *string*
<br>*pattern: ^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|\$iam_principals:)*
- **role**: *string*
<br>*pattern: ^(?:roles/|\$custom_roles:)*
- **condition**: *object*
<br>*additional properties: false*
- ⁺**expression**: *string*
- ⁺**title**: *string*
- **description**: *string*
- **iam_bindings_additive**<a name="refs-iam_bindings_additive"></a>: *object*
<br>*additional properties: false*
- **`^[a-z0-9_-]+$`**: *object*
<br>*additional properties: false*
- **member**: *string*
<br>*pattern: ^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|\$iam_principals:)*
- **role**: *string*
<br>*pattern: ^(?:roles/|\$custom_roles:)*
- **condition**: *object*
<br>*additional properties: false*
- ⁺**expression**: *string*
- ⁺**title**: *string*
- **description**: *string*
- **iam_by_principals**<a name="refs-iam_by_principals"></a>: *object*
<br>*additional properties: false*
- **`^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|\$iam_principals:)`**: *array*
- items: *string*
<br>*pattern: ^(?:roles/|\$custom_roles:)*
- **iam_billing_roles**<a name="refs-iam_billing_roles"></a>: *object*
<br>*additional properties: false*
- **`^[a-z0-9-]+$`**: *array*
- items: *string*
- **iam_folder_roles**<a name="refs-iam_folder_roles"></a>: *object*
<br>*additional properties: false*
- **`^[a-z0-9-]+$`**: *array*
- items: *string*
- **iam_organization_roles**<a name="refs-iam_organization_roles"></a>: *object*
<br>*additional properties: false*
- **`^[a-z0-9-]+$`**: *array*
- items: *string*
- **iam_project_roles**<a name="refs-iam_project_roles"></a>: *object*
<br>*additional properties: false*
- **`^[a-z0-9-]+$`**: *array*
- items: *string*
- **iam_sa_roles**<a name="refs-iam_sa_roles"></a>: *object*
<br>*additional properties: false*
- **`^[a-z0-9-]+$`**: *array*
- items: *string*
- **iam_storage_roles**<a name="refs-iam_storage_roles"></a>: *object*
<br>*additional properties: false*
- **`^[a-z0-9-]+$`**: *array*
- items: *string*
- **pam_entitlements**<a name="refs-pam_entitlements"></a>: *object*
<br>*additional properties: false*
- **`^[a-z][a-z0-9-]{0,61}[a-z0-9]$`**: *object*
<br>*additional properties: false*
- ⁺**max_request_duration**: *string*
- ⁺**eligible_users**: *array*
- items: *string*
- ⁺**privileged_access**: *array*
- items: *object*
<br>*additional properties: false*
- ⁺**role**: *string*
- **condition**: *string*
- **requester_justification_config**: *object*
<br>*additional properties: false*
- **not_mandatory**: *boolean*
- **unstructured**: *boolean*
- **manual_approvals**: *object*
<br>*additional properties: false*
- ⁺**require_approver_justification**: *boolean*
- ⁺**steps**: *array*
- items: *object*
<br>*additional properties: false*
- ⁺**approvers**: *array*
- items: *string*
- **approvals_needed**: *number*
- **approver_email_recipients**: *array*
- items: *string*
- **additional_notification_targets**: *object*
<br>*additional properties: false*
- **admin_email_recipients**: *array*
- items: *string*
- **requester_email_recipients**: *array*
- items: *string*

1
fast/stages/0-org-setup/schemas/project.schema.json
View File

@@ -1 +0,0 @@
../../../../modules/project-factory/schemas/project.schema.json

1008
fast/stages/0-org-setup/schemas/project.schema.json Normal file
View File

File diff suppressed because it is too large Load Diff

1
fast/stages/0-org-setup/schemas/project.schema.md
View File

@@ -1 +0,0 @@
../../../../modules/project-factory/schemas/project.schema.md

310
fast/stages/0-org-setup/schemas/project.schema.md Normal file
View File

@@ -0,0 +1,310 @@
# Project
<!-- markdownlint-disable MD036 -->
## Properties
*additional properties: false*
- **automation**: *object*
<br>*additional properties: false*
- **prefix**: *string*
- ⁺**project**: *string*
- **bucket**: *reference([bucket](#refs-bucket))*
- **service_accounts**: *object*
<br>*additional properties: false*
- **`^[a-z0-9-]+$`**: *object*
<br>*additional properties: false*
- **description**: *string*
- **iam**: *reference([iam](#refs-iam))*
- **iam_bindings**: *reference([iam_bindings](#refs-iam_bindings))*
- **iam_bindings_additive**: *reference([iam_bindings_additive](#refs-iam_bindings_additive))*
- **iam_billing_roles**: *reference([iam_billing_roles](#refs-iam_billing_roles))*
- **iam_folder_roles**: *reference([iam_folder_roles](#refs-iam_folder_roles))*
- **iam_organization_roles**: *reference([iam_organization_roles](#refs-iam_organization_roles))*
- **iam_project_roles**: *reference([iam_project_roles](#refs-iam_project_roles))*
- **iam_sa_roles**: *reference([iam_sa_roles](#refs-iam_sa_roles))*
- **iam_storage_roles**: *reference([iam_storage_roles](#refs-iam_storage_roles))*
- **billing_account**: *string*
- **billing_budgets**: *array*
- items: *string*
- **buckets**: *reference([buckets](#refs-buckets))*
- **contacts**: *object*
<br>*additional properties: false*
- **`^[a-z0-9_-]+$`**: *array*
- items: *string*
- **deletion_policy**: *string*
<br>*enum: ['PREVENT', 'DELETE', 'ABANDON']*
- **factories_config**: *object*
<br>*additional properties: false*
- **custom_roles**: *string*
- **observability**: *string*
- **org_policies**: *string*
- **quotas**: *string*
- **scc_sha_custom_modules**: *string*
- **tags**: *string*
- **iam**: *reference([iam](#refs-iam))*
- **iam_bindings**: *reference([iam_bindings](#refs-iam_bindings))*
- **iam_bindings_additive**: *reference([iam_bindings_additive](#refs-iam_bindings_additive))*
- **iam_by_principals**: *reference([iam_by_principals](#refs-iam_by_principals))*
- **labels**: *object*
- **pam_entitlements**: *reference([pam_entitlements](#refs-pam_entitlements))*
- **log_buckets**: *object*
<br>*additional properties: false*
- **`^[a-z0-9-]+$`**: *reference([log_bucket](#refs-log_bucket))*
- **metric_scopes**: *array*
- items: *string*
- **name**: *string*
- **org_policies**: *object*
<br>*additional properties: false*
- **`^[a-z]+\.`**: *object*
- **inherit_from_parent**: *boolean*
- **reset**: *boolean*
- **rules**: *array*
- items: *object*
<br>*additional properties: false*
- **allow**: *object*
<br>*additional properties: false*
- **all**: *boolean*
- **values**: *array*
- items: *string*
- **deny**: *object*
<br>*additional properties: false*
- **all**: *boolean*
- **values**: *array*
- items: *string*
- **enforce**: *boolean*
- **condition**: *object*
<br>*additional properties: false*
- **description**: *string*
- **expression**: *string*
- **location**: *string*
- **title**: *string*
- **quotas**: *object*
<br>*additional properties: false*
- **`^[a-zA-Z0-9_-]+$`**: *object*
<br>*additional properties: false*
- ⁺**service**: *string*
- ⁺**quota_id**: *string*
- ⁺**preferred_value**: *number*
- **dimensions**: *object*
*additional properties: String*
- **justification**: *string*
- **contact_email**: *string*
- **annotations**: *object*
*additional properties: String*
- **ignore_safety_checks**: *string*
<br>*enum: ['QUOTA_DECREASE_BELOW_USAGE', 'QUOTA_DECREASE_PERCENTAGE_TOO_HIGH', 'QUOTA_SAFETY_CHECK_UNSPECIFIED']*
- **parent**: *string*
- **prefix**: *string*
- **project_reuse**: *object*
<br>*additional properties: false*
- **use_data_source**: *boolean*
- **attributes**: *object*
- ⁺**name**: *string*
- ⁺**number**: *number*
- **services_enabled**: *array*
- items: *string*
- **project_template**: *string*
- **service_accounts**: *object*
<br>*additional properties: false*
- **`^[a-z0-9-]+$`**: *object*
<br>*additional properties: false*
- **display_name**: *string*
- **iam**: *reference([iam](#refs-iam))*
- **iam_self_roles**: *array*
- items: *string*
- **iam_project_roles**: *reference([iam_project_roles](#refs-iam_project_roles))*
- **iam_sa_roles**: *reference([iam_sa_roles](#refs-iam_sa_roles))*
- **service_encryption_key_ids**: *object*
<br>*additional properties: false*
- **`^[a-z-]+\.googleapis\.com$`**: *array*
- items: *string*
- **services**: *array*
- items: *string*
<br>*pattern: ^[a-z-]+\.googleapis\.com$*
- **shared_vpc_host_config**: *object*
<br>*additional properties: false*
- ⁺**enabled**: *boolean*
- **service_projects**: *array*
- items: *string*
- **shared_vpc_service_config**: *object*
<br>*additional properties: false*
- ⁺**host_project**: *string*
- **iam_bindings_additive**: *reference([iam_bindings_additive](#refs-iam_bindings_additive))*
- **network_users**: *array*
- items: *string*
- **service_agent_iam**: *object*
- **`^[a-z0-9_-]+$`**: *array*
- items: *string*
- **service_agent_subnet_iam**: *object*
- **`^[a-z0-9_-]+$`**: *array*
- items: *string*
- **service_iam_grants**: *array*
- items: *string*
- **network_subnet_users**: *object*
- **`^[a-z0-9_-]+$`**: *array*
- items: *string*
- **tag_bindings**: *object*
<br>*additional properties: false*
- **`^[a-z0-9_-]+$`**: *string*
- **tags**: *object*
*additional properties: Object*
- **universe**: *object*
<br>*additional properties: false*
- **prefix**: *string*
- **forced_jit_service_identities**: *array*
- items: *string*
- **unavailable_services**: *array*
- items: *string*
- **unavailable_service_identities**: *array*
- items: *string*
- **vpc_sc**: *object*
- ⁺**perimeter_name**: *string*
- **is_dry_run**: *boolean*
- **datasets**: *object*
<br>*additional properties: false*
- **`^[a-z0-9_]+$`**: *object*
<br>*additional properties: false*
- **friendly_name**: *string*
- **location**: *string*
## Definitions
- **bucket**<a name="refs-bucket"></a>: *object*
<br>*additional properties: false*
- **name**: *string*
- **create**: *boolean*
- **description**: *string*
- **iam**: *reference([iam](#refs-iam))*
- **iam_bindings**: *reference([iam_bindings](#refs-iam_bindings))*
- **iam_bindings_additive**: *reference([iam_bindings_additive](#refs-iam_bindings_additive))*
- **force_destroy**: *boolean*
- **labels**: *object*
*additional properties: String*
- **location**: *string*
- **managed_folders**: *object*
<br>*additional properties: false*
- **`^[a-zA-Z0-9][a-zA-Z0-9_/-]+$`**: *object*
<br>*additional properties: false*
- **force_destroy**: *boolean*
- **iam**: *reference([iam](#refs-iam))*
- **iam_bindings**: *reference([iam_bindings](#refs-iam_bindings))*
- **iam_bindings_additive**: *reference([iam_bindings_additive](#refs-iam_bindings_additive))*
- **prefix**: *string*
- **storage_class**: *string*
- **uniform_bucket_level_access**: *boolean*
- **versioning**: *boolean*
- **retention_policy**: *object*
<br>*additional properties: false*
- **retention_period**: *number*
- **is_locked**: *boolean*
- **enable_object_retention**: *boolean*
- **buckets**<a name="refs-buckets"></a>: *object*
<br>*additional properties: false*
- **`^[a-z0-9-]+$`**: *reference([bucket](#refs-bucket))*
- **iam**<a name="refs-iam"></a>: *object*
<br>*additional properties: false*
- **`^(?:roles/|\$custom_roles:)`**: *array*
- items: *string*
<br>*pattern: ^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:||\$iam_principals:[a-z0-9_-]+)*
- **iam_bindings**<a name="refs-iam_bindings"></a>: *object*
<br>*additional properties: false*
- **`^[a-z0-9_-]+$`**: *object*
<br>*additional properties: false*
- **members**: *array*
- items: *string*
<br>*pattern: ^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|\$iam_principals:[a-z0-9_-]+)*
- **role**: *string*
<br>*pattern: ^(?:roles/|\$custom_roles:)*
- **condition**: *object*
<br>*additional properties: false*
- ⁺**expression**: *string*
- ⁺**title**: *string*
- **description**: *string*
- **iam_bindings_additive**<a name="refs-iam_bindings_additive"></a>: *object*
<br>*additional properties: false*
- **`^[a-z0-9_-]+$`**: *object*
<br>*additional properties: false*
- **member**: *string*
<br>*pattern: ^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|\$iam_principals:[a-z0-9_-]+)*
- **role**: *string*
<br>*pattern: ^(?:roles/|\$custom_roles:)*
- **condition**: *object*
<br>*additional properties: false*
- ⁺**expression**: *string*
- ⁺**title**: *string*
- **description**: *string*
- **iam_by_principals**<a name="refs-iam_by_principals"></a>: *object*
<br>*additional properties: false*
- **`^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|\$iam_principals:[a-z0-9_-]+)`**: *array*
- items: *string*
<br>*pattern: ^(?:roles/|\$custom_roles:)*
- **iam_billing_roles**<a name="refs-iam_billing_roles"></a>: *object*
<br>*additional properties: false*
- **`^[a-z0-9-]+$`**: *array*
- items: *string*
- **iam_folder_roles**<a name="refs-iam_folder_roles"></a>: *object*
<br>*additional properties: false*
- **`^[a-z0-9-]+$`**: *array*
- items: *string*
- **iam_organization_roles**<a name="refs-iam_organization_roles"></a>: *object*
<br>*additional properties: false*
- **`^[a-z0-9-]+$`**: *array*
- items: *string*
- **iam_project_roles**<a name="refs-iam_project_roles"></a>: *object*
<br>*additional properties: false*
- **`^(?:[a-z0-9-]|\$project_ids:[a-z0-9_-])+$`**: *array*
- items: *string*
- **iam_sa_roles**<a name="refs-iam_sa_roles"></a>: *object*
<br>*additional properties: false*
- **`^(?:\$service_account_ids:|projects/)`**: *array*
- items: *string*
- **iam_storage_roles**<a name="refs-iam_storage_roles"></a>: *object*
<br>*additional properties: false*
- **`^[a-z0-9-]+$`**: *array*
- items: *string*
- **log_bucket**<a name="refs-log_bucket"></a>: *object*
<br>*additional properties: false*
- **description**: *string*
- **kms_key_name**: *string*
- **location**: *string*
- **log_analytics**: *object*
<br>*additional properties: false*
- **enable**: *boolean*
- **dataset_link_id**: *string*
- **description**: *string*
- **retention**: *number*
- **pam_entitlements**<a name="refs-pam_entitlements"></a>: *object*
<br>*additional properties: false*
- **`^[a-z][a-z0-9-]{0,61}[a-z0-9]$`**: *object*
<br>*additional properties: false*
- ⁺**max_request_duration**: *string*
- ⁺**eligible_users**: *array*
- items: *string*
- ⁺**privileged_access**: *array*
- items: *object*
<br>*additional properties: false*
- ⁺**role**: *string*
- **condition**: *string*
- **requester_justification_config**: *object*
<br>*additional properties: false*
- **not_mandatory**: *boolean*
- **unstructured**: *boolean*
- **manual_approvals**: *object*
<br>*additional properties: false*
- ⁺**require_approver_justification**: *boolean*
- ⁺**steps**: *array*
- items: *object*
<br>*additional properties: false*
- ⁺**approvers**: *array*
- items: *string*
- **approvals_needed**: *number*
- **approver_email_recipients**: *array*
- items: *string*
- **additional_notification_targets**: *object*
<br>*additional properties: false*
- **admin_email_recipients**: *array*
- items: *string*
- **requester_email_recipients**: *array*
- items: *string*

1
fast/stages/1-vpcsc/schemas/perimeter.schema.json
View File

@@ -1 +0,0 @@
../../../../modules/vpc-sc/schemas/perimeters.schema.json

120
fast/stages/1-vpcsc/schemas/perimeter.schema.json Normal file
View File

@@ -0,0 +1,120 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"title": "perimeters",
"type": "object",
"additionalProperties": false,
"properties": {
"description": {
"type": "string"
},
"ignore_resource_changes": {
"type": "boolean",
"default": false
},
"spec": {
"type": "object",
"properties": {
"access_levels": {
"type": "array",
"items": {
"type": "string"
}
},
"egress_policies": {
"type": "array",
"items": {
"type": "string"
}
},
"ingress_policies": {
"type": "array",
"items": {
"type": "string"
}
},
"restricted_services": {
"type": "array",
"items": {
"type": "string"
}
},
"resources": {
"type": "array",
"items": {
"type": "string"
}
},
"vpc_accessible_services": {
"$ref": "#/$defs/VpcAccessibleServices"
}
},
"additionalProperties": false
},
"status": {
"type": "object",
"properties": {
"access_levels": {
"type": "array",
"items": {
"type": "string"
}
},
"egress_policies": {
"type": "array",
"items": {
"type": "string"
}
},
"ingress_policies": {
"type": "array",
"items": {
"type": "string"
}
},
"resources": {
"type": "array",
"items": {
"type": "string"
}
},
"restricted_services": {
"type": "array",
"items": {
"type": "string"
}
},
"vpc_accessible_services": {
"$ref": "#/$defs/VpcAccessibleServices"
}
},
"additionalProperties": false
},
"title": {
"type": "string"
},
"use_explicit_dry_run_spec": {
"type": "boolean",
"default": false
}
},
"$defs": {
"VpcAccessibleServices": {
"type": "object",
"additionalProperties": false,
"properties": {
"allowed_services": {
"type": "array",
"items": {
"type": "string"
}
},
"enable_restriction": {
"type": "boolean"
}
},
"required": [
"allowed_services"
]
}
}
}

216
fast/stages/2-security/schemas/project.schema.json
View File

@@ -88,6 +88,24 @@
}
}
},
"datasets": {
"type": "object",
"additionalProperties": false,
"patternProperties": {
"^[a-z0-9_]+$": {
"type": "object",
"additionalProperties": false,
"properties": {
"friendly_name": {
"type": "string"
},
"location": {
"type": "string"
}
}
}
}
},
"deletion_policy": {
"type": "string",
"enum": [
@@ -96,6 +114,33 @@
"ABANDON"
]
},
"factories_config": {
"type": "object",
"additionalProperties": false,
"properties": {
"custom_roles": {
"type": "string"
},
"observability": {
"type": "string"
},
"org_policies": {
"type": "string"
},
"org_policies": {
"type": "string"
},
"quotas": {
"type": "string"
},
"scc_sha_custom_modules": {
"type": "string"
},
"tags": {
"type": "string"
}
}
},
"iam": {
"$ref": "#/$defs/iam"
},
@@ -108,9 +153,15 @@
"iam_by_principals": {
"$ref": "#/$defs/iam_by_principals"
},
"iam_by_principals_additive": {
"$ref": "#/$defs/iam_by_principals"
},
"labels": {
"type": "object"
},
"pam_entitlements": {
"$ref": "#/$defs/pam_entitlements"
},
"log_buckets": {
"type": "object",
"additionalProperties": false,
@@ -295,6 +346,9 @@
}
}
},
"project_template": {
"type": "string"
},
"service_accounts": {
"type": "object",
"additionalProperties": false,
@@ -482,6 +536,33 @@
}
}
},
"universe": {
"type": "object",
"additionalProperties": false,
"properties": {
"prefix": {
"type": "string"
},
"forced_jit_service_identities": {
"type": "array",
"items": {
"type": "string"
}
},
"unavailable_services": {
"type": "array",
"items": {
"type": "string"
}
},
"unavailable_service_identities": {
"type": "array",
"items": {
"type": "string"
}
}
}
},
"vpc_sc": {
"type": "object",
"additionalItems": false,
@@ -506,6 +587,10 @@
"name": {
"type": "string"
},
"create": {
"type": "boolean",
"default": true
},
"description": {
"type": "string"
},
@@ -565,6 +650,21 @@
},
"versioning": {
"type": "boolean"
},
"retention_policy": {
"type": "object",
"additionalProperties": false,
"properties": {
"retention_period": {
"type": "number"
},
"is_locked": {
"type": "boolean"
}
}
},
"enable_object_retention": {
"type": "boolean"
}
}
},
@@ -789,6 +889,120 @@
"type": "number"
}
}
},
"pam_entitlements": {
"type": "object",
"additionalProperties": false,
"patternProperties": {
"^[a-z][a-z0-9-]{0,61}[a-z0-9]$": {
"type": "object",
"properties": {
"max_request_duration": {
"type": "string"
},
"eligible_users": {
"type": "array",
"items": {
"type": "string"
}
},
"privileged_access": {
"type": "array",
"items": {
"type": "object",
"properties": {
"role": {
"type": "string"
},
"condition": {
"type": "string"
}
},
"required": [
"role"
],
"additionalProperties": false
}
},
"requester_justification_config": {
"type": "object",
"properties": {
"not_mandatory": {
"type": "boolean"
},
"unstructured": {
"type": "boolean"
}
},
"additionalProperties": false
},
"manual_approvals": {
"type": "object",
"properties": {
"require_approver_justification": {
"type": "boolean"
},
"steps": {
"type": "array",
"items": {
"type": "object",
"properties": {
"approvers": {
"type": "array",
"items": {
"type": "string"
}
},
"approvals_needed": {
"type": "number"
},
"approver_email_recipients": {
"type": "array",
"items": {
"type": "string"
}
}
},
"required": [
"approvers"
],
"additionalProperties": false
}
}
},
"required": [
"require_approver_justification",
"steps"
],
"additionalProperties": false
},
"additional_notification_targets": {
"type": "object",
"properties": {
"admin_email_recipients": {
"type": "array",
"items": {
"type": "string"
}
},
"requester_email_recipients": {
"type": "array",
"items": {
"type": "string"
}
}
},
"additionalProperties": false
}
},
"required": [
"max_request_duration",
"eligible_users",
"privileged_access"
],
"additionalProperties": false
}
}
}
}
}
}