yamllint fast

2025-10-23 20:43:00 +00:00
parent 2c878aa90e
commit b27b8f8291
21 changed files with 54 additions and 57 deletions
--- a/fast/addons/2-networking-test/data/instances/server-0.yaml
+++ b/fast/addons/2-networking-test/data/instances/server-0.yaml
@@ -21,4 +21,4 @@ project_id: dev-spoke-0
 service_account: server-0
 subnet_id: primary/default
 image: projects/cos-cloud/global/images/family/cos-stable
-user_data_file: assets/server-nginx-cloud-config.yaml
+user_data_file: assets/server-nginx-cloud-config.yaml
--- a/fast/addons/2-networking-test/data/service-accounts/client-0.yaml
+++ b/fast/addons/2-networking-test/data/service-accounts/client-0.yaml
@@ -17,4 +17,4 @@
 # file name can be overridden via 'name' property if needed
 # name: client-0
 project_id: dev-spoke-0
-display_name: Test client instances service account.
+display_name: Test client instances service account.
--- a/fast/addons/2-networking-test/data/service-accounts/server-0.yaml
+++ b/fast/addons/2-networking-test/data/service-accounts/server-0.yaml
@@ -17,4 +17,4 @@
 # file name can be overridden via 'name' property if needed
 # name: server-0
 project_id: dev-spoke-0
-display_name: Test server instances service account.
+display_name: Test server instances service account.
--- a/fast/project-templates/os-apt-registries/project.yaml
+++ b/fast/project-templates/os-apt-registries/project.yaml
@@ -42,4 +42,4 @@ iam:
    - prod-os-apt-0/rw
  # TODO: add instance service accounts that need access to the registries
  # roles/artifactregistry.writer:
-  #   - serviceAccount:foo@bar
+  #   - serviceAccount:foo@bar
--- a/fast/stages/0-org-setup/data/billing-accounts/default.yaml
+++ b/fast/stages/0-org-setup/data/billing-accounts/default.yaml
@@ -43,4 +43,4 @@ iam_bindings_additive:
 #   test:
 #     description: Test sink
 #     destination: $project_ids:log-0
-#     type: project
+#     type: project
--- a/fast/stages/0-org-setup/data/folders/data-platform/prod/.config.yaml
+++ b/fast/stages/0-org-setup/data/folders/data-platform/prod/.config.yaml
@@ -16,4 +16,4 @@

 name: Production
 tag_bindings:
-  environment: $tag_values:environment/production
+  environment: $tag_values:environment/production
--- a/fast/stages/0-org-setup/data/folders/networking/.config.yaml
+++ b/fast/stages/0-org-setup/data/folders/networking/.config.yaml
@@ -59,4 +59,4 @@ iam_bindings:
        api.getAttribute('iam.googleapis.com/modifiedGrantsByRole', []).hasOnly([
          'roles/compute.networkUser', 'roles/composer.sharedVpcAgent',
          'roles/container.hostServiceAgentUser', 'roles/vpcaccess.user'
-        ])
+        ])
--- a/fast/stages/0-org-setup/data/folders/networking/prod/.config.yaml
+++ b/fast/stages/0-org-setup/data/folders/networking/prod/.config.yaml
@@ -16,4 +16,4 @@

 name: Production
 tag_bindings:
-  environment: $tag_values:environment/production
+  environment: $tag_values:environment/production
--- a/fast/stages/0-org-setup/data/folders/security/.config.yaml
+++ b/fast/stages/0-org-setup/data/folders/security/.config.yaml
@@ -41,4 +41,4 @@ iam_bindings:
      expression: |
        api.getAttribute('iam.googleapis.com/modifiedGrantsByRole', []).hasOnly([
          'roles/cloudkms.cryptoKeyEncrypterDecrypter'
-        ])
+        ])
--- a/fast/stages/0-org-setup/data/folders/teams/.config.yaml
+++ b/fast/stages/0-org-setup/data/folders/teams/.config.yaml
@@ -27,4 +27,4 @@ iam_by_principals:
    - roles/resourcemanager.folderViewer
    - roles/resourcemanager.tagViewer
 tag_bindings:
-  context: $tag_values:context/project-factory
+  context: $tag_values:context/project-factory
--- a/fast/stages/0-org-setup/data/organization/org-policies/compute.yaml
+++ b/fast/stages/0-org-setup/data/organization/org-policies/compute.yaml
@@ -20,7 +20,7 @@

 compute.disableGuestAttributesAccess:
  rules:
-    - enforce: true
+  - enforce: true

 compute.disableInternetNetworkEndpointGroup:
  rules:
@@ -40,17 +40,17 @@ compute.disableVpcExternalIpv6:

 compute.requireOsLogin:
  rules:
-    - enforce: true
+  - enforce: true

 compute.restrictLoadBalancerCreationForTypes:
  rules:
-    - allow:
-        values:
-          - in:INTERNAL
+  - allow:
+      values:
+      - in:INTERNAL

 compute.skipDefaultNetworkCreation:
  rules:
-    - enforce: true
+  - enforce: true

 compute.setNewProjectDefaultToZonalDNSOnly:
  rules:
@@ -61,35 +61,35 @@ compute.trustedImageProjects:
  rules:
  - allow:
      values:
-        - "is:projects/centos-cloud"
-        - "is:projects/cos-cloud"
-        - "is:projects/debian-cloud"
-        - "is:projects/fedora-cloud"
-        - "is:projects/fedora-coreos-cloud"
-        - "is:projects/opensuse-cloud"
-        - "is:projects/rhel-cloud"
-        - "is:projects/rhel-sap-cloud"
-        - "is:projects/rocky-linux-cloud"
-        - "is:projects/suse-cloud"
-        - "is:projects/suse-sap-cloud"
-        - "is:projects/ubuntu-os-cloud"
-        - "is:projects/ubuntu-os-pro-cloud"
-        - "is:projects/windows-cloud"
-        - "is:projects/windows-sql-cloud"
-        - "is:projects/confidential-vm-images"
-        - "is:projects/confidential-space-images"
-        - "is:projects/backupdr-images"
-        - "is:projects/deeplearning-platform-release"
-        - "is:projects/serverless-vpc-access-images"
-        - "is:projects/gke-node-images"
-        - "is:projects/gke-windows-node-images"
-        - "is:projects/ubuntu-os-gke-cloud"
+      - "is:projects/centos-cloud"
+      - "is:projects/cos-cloud"
+      - "is:projects/debian-cloud"
+      - "is:projects/fedora-cloud"
+      - "is:projects/fedora-coreos-cloud"
+      - "is:projects/opensuse-cloud"
+      - "is:projects/rhel-cloud"
+      - "is:projects/rhel-sap-cloud"
+      - "is:projects/rocky-linux-cloud"
+      - "is:projects/suse-cloud"
+      - "is:projects/suse-sap-cloud"
+      - "is:projects/ubuntu-os-cloud"
+      - "is:projects/ubuntu-os-pro-cloud"
+      - "is:projects/windows-cloud"
+      - "is:projects/windows-sql-cloud"
+      - "is:projects/confidential-vm-images"
+      - "is:projects/confidential-space-images"
+      - "is:projects/backupdr-images"
+      - "is:projects/deeplearning-platform-release"
+      - "is:projects/serverless-vpc-access-images"
+      - "is:projects/gke-node-images"
+      - "is:projects/gke-windows-node-images"
+      - "is:projects/ubuntu-os-gke-cloud"


 compute.vmExternalIpAccess:
  rules:
-    - deny:
-        all: true
+  - deny:
+      all: true

 # compute.disableInternetNetworkEndpointGroup:
 #   rules:
@@ -112,9 +112,9 @@ compute.vmExternalIpAccess:

 compute.restrictProtocolForwardingCreationForTypes:
  rules:
-    - allow:
-        values:
-          - is:INTERNAL
+  - allow:
+      values:
+      - is:INTERNAL

 # compute.restrictSharedVpcHostProjects:
 #   rules:
--- a/fast/stages/0-org-setup/data/projects/core/billing-0.yaml
+++ b/fast/stages/0-org-setup/data/projects/core/billing-0.yaml
@@ -19,11 +19,11 @@ iam_by_principals:
  $iam_principals:service_accounts/iac-0/iac-org-ro:
    - roles/viewer
  $iam_principals:service_accounts/iac-0/iac-org-rw:
-    - roles/owner 
+    - roles/owner
 services:
  - bigquery.googleapis.com
  - bigquerydatatransfer.googleapis.com
  - storage.googleapis.com
 datasets:
  billing_export:
-    friendly_name: Billing export
+    friendly_name: Billing export
--- a/fast/stages/2-networking-a-simple/data/subnets/dev/dev-dataplatform.yaml
+++ b/fast/stages/2-networking-a-simple/data/subnets/dev/dev-dataplatform.yaml
@@ -7,7 +7,7 @@ region: $regions:primary
 description: Default subnet for dev Data Platform
 ip_cidr_range: 10.68.2.0/24
 secondary_ip_ranges:
-  pods: 
+  pods:
    ip_cidr_range: 100.69.0.0/16
  services:
    ip_cidr_range: 100.71.2.0/24
--- a/fast/stages/2-project-factory/data/defaults.yaml
+++ b/fast/stages/2-project-factory/data/defaults.yaml
@@ -30,4 +30,4 @@ projects:

 # context:
 #   iam_principals:
-#     foo: group:foo@example.com
+#     foo: group:foo@example.com
--- a/fast/stages/2-project-factory/data/folders/team-a/prod/.config.yaml
+++ b/fast/stages/2-project-factory/data/folders/team-a/prod/.config.yaml
@@ -16,4 +16,4 @@

 name: Production
 tag_bindings:
-  environment: $tag_values:environment/production
+  environment: $tag_values:environment/production
--- a/fast/stages/2-project-factory/data/projects/prod-app-a-0.yaml
+++ b/fast/stages/2-project-factory/data/projects/prod-app-a-0.yaml
@@ -18,4 +18,4 @@ parent: $folder_ids:team-a/prod
 shared_vpc_service_config:
  host_project: $project_ids:prod-spoke-0
  # network_users:
-  #   - group:team-a-admins@example.com
+  #   - group:team-a-admins@example.com
--- a/fast/stages/2-security/data/certificate-authorities/prod-ca-0.yaml
+++ b/fast/stages/2-security/data/certificate-authorities/prod-ca-0.yaml
@@ -20,5 +20,3 @@ ca_pool_config:
  create_pool: {}
 ca_configs:
  prod-ca-0-0: {}
-
-
--- a/fast/stages/2-security/data/defaults.yaml
+++ b/fast/stages/2-security/data/defaults.yaml
@@ -20,4 +20,4 @@ context:
    secondary: europe-west3
 projects:
  defaults:
-    storage_location: eu
+    storage_location: eu
--- a/fast/stages/2-security/data/folders/prod/.config.yaml
+++ b/fast/stages/2-security/data/folders/prod/.config.yaml
@@ -17,4 +17,4 @@
 name: Production
 parent: $folder_ids:security
 tag_bindings:
-  environment: $tag_values:environment/production
+  environment: $tag_values:environment/production
--- a/fast/stages/3-secops-dev/data/secops_reference_lists.yaml
+++ b/fast/stages/3-secops-dev/data/secops_reference_lists.yaml
@@ -14,4 +14,4 @@

 private_ip_addresses:
  description: "Private CIDR ranges"
-  type: CIDR # either CIDR, STRING, REGEX
+  type: CIDR  # either CIDR, STRING, REGEX
--- a/fast/stages/3-secops-dev/data/secops_rules.yaml
+++ b/fast/stages/3-secops-dev/data/secops_rules.yaml
@@ -1,4 +1,3 @@
-
 # Copyright 2025 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -17,4 +16,4 @@ network_traffic_to_specific_country:
  enabled: true
  alerting: true
  archived: false
-  run_frequency: "LIVE"
+  run_frequency: "LIVE"