diff --git a/fast/stages/0-bootstrap/data/org-policies-iac/iam.yaml b/fast/stages/0-bootstrap/data/org-policies-iac/iam.yaml index c4b603c6a..b88458e49 100644 --- a/fast/stages/0-bootstrap/data/org-policies-iac/iam.yaml +++ b/fast/stages/0-bootstrap/data/org-policies-iac/iam.yaml @@ -1,4 +1,4 @@ -# Copyright 2024 Google LLC +# Copyright 2025 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -22,3 +22,10 @@ iam.disableServiceAccountKeyCreation: rules: - enforce: true +iam.workloadIdentityPoolProviders: + rules: + - allow: + values: + - https://token.actions.githubusercontent.com + - https://gitlab.com + - https://app.terraform.io diff --git a/fast/stages/0-bootstrap/data/org-policies-managed/gcp.yaml b/fast/stages/0-bootstrap/data/org-policies-managed/gcp.yaml index d2440de46..534ff4b7b 100644 --- a/fast/stages/0-bootstrap/data/org-policies-managed/gcp.yaml +++ b/fast/stages/0-bootstrap/data/org-policies-managed/gcp.yaml @@ -1,4 +1,4 @@ -# Copyright 2024 Google LLC +# Copyright 2025 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,14 +12,12 @@ # See the License for the specific language governing permissions and # limitations under the License. ---- -# sample subset of useful organization policies, edit to suit requirements -# start of document (---) avoids errors if the file only contains comments - # yaml-language-server: $schema=../../schemas/org-policies.schema.json -# gcp.resourceLocations: -# rules: +gcp.resourceLocations: + rules: + - allow: + all: true # - allow: # values: # - "in:europe-locations" diff --git a/fast/stages/0-bootstrap/data/org-policies/gcp.yaml b/fast/stages/0-bootstrap/data/org-policies/gcp.yaml index d2440de46..534ff4b7b 100644 --- a/fast/stages/0-bootstrap/data/org-policies/gcp.yaml +++ b/fast/stages/0-bootstrap/data/org-policies/gcp.yaml @@ -1,4 +1,4 @@ -# Copyright 2024 Google LLC +# Copyright 2025 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,14 +12,12 @@ # See the License for the specific language governing permissions and # limitations under the License. ---- -# sample subset of useful organization policies, edit to suit requirements -# start of document (---) avoids errors if the file only contains comments - # yaml-language-server: $schema=../../schemas/org-policies.schema.json -# gcp.resourceLocations: -# rules: +gcp.resourceLocations: + rules: + - allow: + all: true # - allow: # values: # - "in:europe-locations" diff --git a/tests/fast/stages/s0_bootstrap/cicd.yaml b/tests/fast/stages/s0_bootstrap/cicd.yaml index 5830ebb29..eb73c324f 100644 --- a/tests/fast/stages/s0_bootstrap/cicd.yaml +++ b/tests/fast/stages/s0_bootstrap/cicd.yaml @@ -335,7 +335,7 @@ counts: google_logging_organization_sink: 4 google_logging_project_bucket_config: 4 google_org_policy_custom_constraint: 1 - google_org_policy_policy: 36 + google_org_policy_policy: 38 google_organization_iam_binding: 26 google_organization_iam_custom_role: 13 google_organization_iam_member: 31 @@ -356,4 +356,4 @@ counts: google_tags_tag_value: 2 local_file: 13 modules: 26 - resources: 289 + resources: 291 diff --git a/tests/fast/stages/s0_bootstrap/simple.yaml b/tests/fast/stages/s0_bootstrap/simple.yaml index cb94cfbbd..28b411747 100644 --- a/tests/fast/stages/s0_bootstrap/simple.yaml +++ b/tests/fast/stages/s0_bootstrap/simple.yaml @@ -20,7 +20,7 @@ counts: google_logging_organization_sink: 4 google_logging_project_bucket_config: 4 google_org_policy_custom_constraint: 1 - google_org_policy_policy: 36 + google_org_policy_policy: 38 google_organization_iam_binding: 26 google_organization_iam_custom_role: 13 google_organization_iam_member: 31 @@ -41,7 +41,7 @@ counts: google_tags_tag_value: 2 local_file: 8 modules: 20 - resources: 252 + resources: 254 outputs: automation: __missing__