relax wif org policy in IaC project (#3090)

fast/stages/0-bootstrap/data/org-policies-iac/iam.yaml

@@ -1,4 +1,4 @@
-# Copyright 2024 Google LLC
+# Copyright 2025 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -22,3 +22,10 @@ iam.disableServiceAccountKeyCreation:
   rules:
     - enforce: true
 
+iam.workloadIdentityPoolProviders:
+  rules:
+    - allow:
+        values:
+          - https://token.actions.githubusercontent.com
+          - https://gitlab.com
+          - https://app.terraform.io

fast/stages/0-bootstrap/data/org-policies-managed/gcp.yaml

@@ -1,4 +1,4 @@
-# Copyright 2024 Google LLC
+# Copyright 2025 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -12,14 +12,12 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
----
-# sample subset of useful organization policies, edit to suit requirements
-# start of document (---) avoids errors if the file only contains comments
-
 # yaml-language-server: $schema=../../schemas/org-policies.schema.json
 
-# gcp.resourceLocations:
-#   rules:
+gcp.resourceLocations:
+  rules:
+  - allow:
+      all: true
 #   - allow:
 #       values:
 #       - "in:europe-locations"

fast/stages/0-bootstrap/data/org-policies/gcp.yaml

@@ -1,4 +1,4 @@
-# Copyright 2024 Google LLC
+# Copyright 2025 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -12,14 +12,12 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
----
-# sample subset of useful organization policies, edit to suit requirements
-# start of document (---) avoids errors if the file only contains comments
-
 # yaml-language-server: $schema=../../schemas/org-policies.schema.json
 
-# gcp.resourceLocations:
-#   rules:
+gcp.resourceLocations:
+  rules:
+  - allow:
+      all: true
 #   - allow:
 #       values:
 #       - "in:europe-locations"

tests/fast/stages/s0_bootstrap/cicd.yaml

@@ -335,7 +335,7 @@ counts:
   google_logging_organization_sink: 4
   google_logging_project_bucket_config: 4
   google_org_policy_custom_constraint: 1
-  google_org_policy_policy: 36
+  google_org_policy_policy: 38
   google_organization_iam_binding: 26
   google_organization_iam_custom_role: 13
   google_organization_iam_member: 31
@@ -356,4 +356,4 @@ counts:
   google_tags_tag_value: 2
   local_file: 13
   modules: 26
-  resources: 289
+  resources: 291

tests/fast/stages/s0_bootstrap/simple.yaml

@@ -20,7 +20,7 @@ counts:
   google_logging_organization_sink: 4
   google_logging_project_bucket_config: 4
   google_org_policy_custom_constraint: 1
-  google_org_policy_policy: 36
+  google_org_policy_policy: 38
   google_organization_iam_binding: 26
   google_organization_iam_custom_role: 13
   google_organization_iam_member: 31
@@ -41,7 +41,7 @@ counts:
   google_tags_tag_value: 2
   local_file: 8
   modules: 20
-  resources: 252
+  resources: 254
 
 outputs:
   automation: __missing__