yamllint fast
This commit is contained in:
Wiktor Niesiobędzki
@@ -21,4 +21,4 @@ project_id: dev-spoke-0
|
|||||||
service_account: server-0
|
service_account: server-0
|
||||||
subnet_id: primary/default
|
subnet_id: primary/default
|
||||||
image: projects/cos-cloud/global/images/family/cos-stable
|
image: projects/cos-cloud/global/images/family/cos-stable
|
||||||
user_data_file: assets/server-nginx-cloud-config.yaml
|
user_data_file: assets/server-nginx-cloud-config.yaml
|
||||||
|
|||||||
@@ -17,4 +17,4 @@
|
|||||||
# file name can be overridden via 'name' property if needed
|
# file name can be overridden via 'name' property if needed
|
||||||
# name: client-0
|
# name: client-0
|
||||||
project_id: dev-spoke-0
|
project_id: dev-spoke-0
|
||||||
display_name: Test client instances service account.
|
display_name: Test client instances service account.
|
||||||
|
|||||||
@@ -17,4 +17,4 @@
|
|||||||
# file name can be overridden via 'name' property if needed
|
# file name can be overridden via 'name' property if needed
|
||||||
# name: server-0
|
# name: server-0
|
||||||
project_id: dev-spoke-0
|
project_id: dev-spoke-0
|
||||||
display_name: Test server instances service account.
|
display_name: Test server instances service account.
|
||||||
|
|||||||
@@ -42,4 +42,4 @@ iam:
|
|||||||
- prod-os-apt-0/rw
|
- prod-os-apt-0/rw
|
||||||
# TODO: add instance service accounts that need access to the registries
|
# TODO: add instance service accounts that need access to the registries
|
||||||
# roles/artifactregistry.writer:
|
# roles/artifactregistry.writer:
|
||||||
# - serviceAccount:foo@bar
|
# - serviceAccount:foo@bar
|
||||||
|
|||||||
@@ -43,4 +43,4 @@ iam_bindings_additive:
|
|||||||
# test:
|
# test:
|
||||||
# description: Test sink
|
# description: Test sink
|
||||||
# destination: $project_ids:log-0
|
# destination: $project_ids:log-0
|
||||||
# type: project
|
# type: project
|
||||||
|
|||||||
@@ -16,4 +16,4 @@
|
|||||||
|
|
||||||
name: Production
|
name: Production
|
||||||
tag_bindings:
|
tag_bindings:
|
||||||
environment: $tag_values:environment/production
|
environment: $tag_values:environment/production
|
||||||
|
|||||||
@@ -59,4 +59,4 @@ iam_bindings:
|
|||||||
api.getAttribute('iam.googleapis.com/modifiedGrantsByRole', []).hasOnly([
|
api.getAttribute('iam.googleapis.com/modifiedGrantsByRole', []).hasOnly([
|
||||||
'roles/compute.networkUser', 'roles/composer.sharedVpcAgent',
|
'roles/compute.networkUser', 'roles/composer.sharedVpcAgent',
|
||||||
'roles/container.hostServiceAgentUser', 'roles/vpcaccess.user'
|
'roles/container.hostServiceAgentUser', 'roles/vpcaccess.user'
|
||||||
])
|
])
|
||||||
|
|||||||
@@ -16,4 +16,4 @@
|
|||||||
|
|
||||||
name: Production
|
name: Production
|
||||||
tag_bindings:
|
tag_bindings:
|
||||||
environment: $tag_values:environment/production
|
environment: $tag_values:environment/production
|
||||||
|
|||||||
@@ -41,4 +41,4 @@ iam_bindings:
|
|||||||
expression: |
|
expression: |
|
||||||
api.getAttribute('iam.googleapis.com/modifiedGrantsByRole', []).hasOnly([
|
api.getAttribute('iam.googleapis.com/modifiedGrantsByRole', []).hasOnly([
|
||||||
'roles/cloudkms.cryptoKeyEncrypterDecrypter'
|
'roles/cloudkms.cryptoKeyEncrypterDecrypter'
|
||||||
])
|
])
|
||||||
|
|||||||
@@ -27,4 +27,4 @@ iam_by_principals:
|
|||||||
- roles/resourcemanager.folderViewer
|
- roles/resourcemanager.folderViewer
|
||||||
- roles/resourcemanager.tagViewer
|
- roles/resourcemanager.tagViewer
|
||||||
tag_bindings:
|
tag_bindings:
|
||||||
context: $tag_values:context/project-factory
|
context: $tag_values:context/project-factory
|
||||||
|
|||||||
@@ -20,7 +20,7 @@
|
|||||||
|
|
||||||
compute.disableGuestAttributesAccess:
|
compute.disableGuestAttributesAccess:
|
||||||
rules:
|
rules:
|
||||||
- enforce: true
|
- enforce: true
|
||||||
|
|
||||||
compute.disableInternetNetworkEndpointGroup:
|
compute.disableInternetNetworkEndpointGroup:
|
||||||
rules:
|
rules:
|
||||||
@@ -40,17 +40,17 @@ compute.disableVpcExternalIpv6:
|
|||||||
|
|
||||||
compute.requireOsLogin:
|
compute.requireOsLogin:
|
||||||
rules:
|
rules:
|
||||||
- enforce: true
|
- enforce: true
|
||||||
|
|
||||||
compute.restrictLoadBalancerCreationForTypes:
|
compute.restrictLoadBalancerCreationForTypes:
|
||||||
rules:
|
rules:
|
||||||
- allow:
|
- allow:
|
||||||
values:
|
values:
|
||||||
- in:INTERNAL
|
- in:INTERNAL
|
||||||
|
|
||||||
compute.skipDefaultNetworkCreation:
|
compute.skipDefaultNetworkCreation:
|
||||||
rules:
|
rules:
|
||||||
- enforce: true
|
- enforce: true
|
||||||
|
|
||||||
compute.setNewProjectDefaultToZonalDNSOnly:
|
compute.setNewProjectDefaultToZonalDNSOnly:
|
||||||
rules:
|
rules:
|
||||||
@@ -61,35 +61,35 @@ compute.trustedImageProjects:
|
|||||||
rules:
|
rules:
|
||||||
- allow:
|
- allow:
|
||||||
values:
|
values:
|
||||||
- "is:projects/centos-cloud"
|
- "is:projects/centos-cloud"
|
||||||
- "is:projects/cos-cloud"
|
- "is:projects/cos-cloud"
|
||||||
- "is:projects/debian-cloud"
|
- "is:projects/debian-cloud"
|
||||||
- "is:projects/fedora-cloud"
|
- "is:projects/fedora-cloud"
|
||||||
- "is:projects/fedora-coreos-cloud"
|
- "is:projects/fedora-coreos-cloud"
|
||||||
- "is:projects/opensuse-cloud"
|
- "is:projects/opensuse-cloud"
|
||||||
- "is:projects/rhel-cloud"
|
- "is:projects/rhel-cloud"
|
||||||
- "is:projects/rhel-sap-cloud"
|
- "is:projects/rhel-sap-cloud"
|
||||||
- "is:projects/rocky-linux-cloud"
|
- "is:projects/rocky-linux-cloud"
|
||||||
- "is:projects/suse-cloud"
|
- "is:projects/suse-cloud"
|
||||||
- "is:projects/suse-sap-cloud"
|
- "is:projects/suse-sap-cloud"
|
||||||
- "is:projects/ubuntu-os-cloud"
|
- "is:projects/ubuntu-os-cloud"
|
||||||
- "is:projects/ubuntu-os-pro-cloud"
|
- "is:projects/ubuntu-os-pro-cloud"
|
||||||
- "is:projects/windows-cloud"
|
- "is:projects/windows-cloud"
|
||||||
- "is:projects/windows-sql-cloud"
|
- "is:projects/windows-sql-cloud"
|
||||||
- "is:projects/confidential-vm-images"
|
- "is:projects/confidential-vm-images"
|
||||||
- "is:projects/confidential-space-images"
|
- "is:projects/confidential-space-images"
|
||||||
- "is:projects/backupdr-images"
|
- "is:projects/backupdr-images"
|
||||||
- "is:projects/deeplearning-platform-release"
|
- "is:projects/deeplearning-platform-release"
|
||||||
- "is:projects/serverless-vpc-access-images"
|
- "is:projects/serverless-vpc-access-images"
|
||||||
- "is:projects/gke-node-images"
|
- "is:projects/gke-node-images"
|
||||||
- "is:projects/gke-windows-node-images"
|
- "is:projects/gke-windows-node-images"
|
||||||
- "is:projects/ubuntu-os-gke-cloud"
|
- "is:projects/ubuntu-os-gke-cloud"
|
||||||
|
|
||||||
|
|
||||||
compute.vmExternalIpAccess:
|
compute.vmExternalIpAccess:
|
||||||
rules:
|
rules:
|
||||||
- deny:
|
- deny:
|
||||||
all: true
|
all: true
|
||||||
|
|
||||||
# compute.disableInternetNetworkEndpointGroup:
|
# compute.disableInternetNetworkEndpointGroup:
|
||||||
# rules:
|
# rules:
|
||||||
@@ -112,9 +112,9 @@ compute.vmExternalIpAccess:
|
|||||||
|
|
||||||
compute.restrictProtocolForwardingCreationForTypes:
|
compute.restrictProtocolForwardingCreationForTypes:
|
||||||
rules:
|
rules:
|
||||||
- allow:
|
- allow:
|
||||||
values:
|
values:
|
||||||
- is:INTERNAL
|
- is:INTERNAL
|
||||||
|
|
||||||
# compute.restrictSharedVpcHostProjects:
|
# compute.restrictSharedVpcHostProjects:
|
||||||
# rules:
|
# rules:
|
||||||
|
|||||||
@@ -19,11 +19,11 @@ iam_by_principals:
|
|||||||
$iam_principals:service_accounts/iac-0/iac-org-ro:
|
$iam_principals:service_accounts/iac-0/iac-org-ro:
|
||||||
- roles/viewer
|
- roles/viewer
|
||||||
$iam_principals:service_accounts/iac-0/iac-org-rw:
|
$iam_principals:service_accounts/iac-0/iac-org-rw:
|
||||||
- roles/owner
|
- roles/owner
|
||||||
services:
|
services:
|
||||||
- bigquery.googleapis.com
|
- bigquery.googleapis.com
|
||||||
- bigquerydatatransfer.googleapis.com
|
- bigquerydatatransfer.googleapis.com
|
||||||
- storage.googleapis.com
|
- storage.googleapis.com
|
||||||
datasets:
|
datasets:
|
||||||
billing_export:
|
billing_export:
|
||||||
friendly_name: Billing export
|
friendly_name: Billing export
|
||||||
|
|||||||
@@ -7,7 +7,7 @@ region: $regions:primary
|
|||||||
description: Default subnet for dev Data Platform
|
description: Default subnet for dev Data Platform
|
||||||
ip_cidr_range: 10.68.2.0/24
|
ip_cidr_range: 10.68.2.0/24
|
||||||
secondary_ip_ranges:
|
secondary_ip_ranges:
|
||||||
pods:
|
pods:
|
||||||
ip_cidr_range: 100.69.0.0/16
|
ip_cidr_range: 100.69.0.0/16
|
||||||
services:
|
services:
|
||||||
ip_cidr_range: 100.71.2.0/24
|
ip_cidr_range: 100.71.2.0/24
|
||||||
|
|||||||
@@ -30,4 +30,4 @@ projects:
|
|||||||
|
|
||||||
# context:
|
# context:
|
||||||
# iam_principals:
|
# iam_principals:
|
||||||
# foo: group:foo@example.com
|
# foo: group:foo@example.com
|
||||||
|
|||||||
@@ -16,4 +16,4 @@
|
|||||||
|
|
||||||
name: Production
|
name: Production
|
||||||
tag_bindings:
|
tag_bindings:
|
||||||
environment: $tag_values:environment/production
|
environment: $tag_values:environment/production
|
||||||
|
|||||||
@@ -18,4 +18,4 @@ parent: $folder_ids:team-a/prod
|
|||||||
shared_vpc_service_config:
|
shared_vpc_service_config:
|
||||||
host_project: $project_ids:prod-spoke-0
|
host_project: $project_ids:prod-spoke-0
|
||||||
# network_users:
|
# network_users:
|
||||||
# - group:team-a-admins@example.com
|
# - group:team-a-admins@example.com
|
||||||
|
|||||||
@@ -20,5 +20,3 @@ ca_pool_config:
|
|||||||
create_pool: {}
|
create_pool: {}
|
||||||
ca_configs:
|
ca_configs:
|
||||||
prod-ca-0-0: {}
|
prod-ca-0-0: {}
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -20,4 +20,4 @@ context:
|
|||||||
secondary: europe-west3
|
secondary: europe-west3
|
||||||
projects:
|
projects:
|
||||||
defaults:
|
defaults:
|
||||||
storage_location: eu
|
storage_location: eu
|
||||||
|
|||||||
@@ -17,4 +17,4 @@
|
|||||||
name: Production
|
name: Production
|
||||||
parent: $folder_ids:security
|
parent: $folder_ids:security
|
||||||
tag_bindings:
|
tag_bindings:
|
||||||
environment: $tag_values:environment/production
|
environment: $tag_values:environment/production
|
||||||
|
|||||||
@@ -14,4 +14,4 @@
|
|||||||
|
|
||||||
private_ip_addresses:
|
private_ip_addresses:
|
||||||
description: "Private CIDR ranges"
|
description: "Private CIDR ranges"
|
||||||
type: CIDR # either CIDR, STRING, REGEX
|
type: CIDR # either CIDR, STRING, REGEX
|
||||||
|
|||||||
@@ -1,4 +1,3 @@
|
|||||||
|
|
||||||
# Copyright 2025 Google LLC
|
# Copyright 2025 Google LLC
|
||||||
#
|
#
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
@@ -17,4 +16,4 @@ network_traffic_to_specific_country:
|
|||||||
enabled: true
|
enabled: true
|
||||||
alerting: true
|
alerting: true
|
||||||
archived: false
|
archived: false
|
||||||
run_frequency: "LIVE"
|
run_frequency: "LIVE"
|
||||||
|
|||||||
Reference in New Issue
Block a user