From c27f634314733f5fd0e027f05d3c2c5b57ae5c17 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Wiktor=20Niesiob=C4=99dzki?= <wiktorn@google.com>
Date: Fri, 9 Aug 2024 08:35:01 +0000
Subject: [PATCH] Bind schemas to factory files, add support for groups in
 VPC-SC schema

https://cloud.google.com/vpc-service-controls/docs/release-notes#July_31_2024
---
 .vscode/settings.json                         | 24 +++++++++++++++++--
 .../vpc-sc/schemas/egress-policy.schema.json  |  5 ++--
 .../vpc-sc/schemas/ingress-policy.schema.json |  5 ++--
 3 files changed, 28 insertions(+), 6 deletions(-)

diff --git a/.vscode/settings.json b/.vscode/settings.json
index 5191466a2..355d296f2 100644
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -6,5 +6,25 @@
       ],
       "url": "http://json-schema.org/draft-07/schema#"
     }
-  ]
-}
\ No newline at end of file
+  ],
+  "yaml.schemas": {
+    "modules/project-factory/schemas/budget.schema.json": [
+      "budgets/**/*yaml"
+    ],
+    "modules/project-factory/schemas/folder.schema.json": [
+      "folders/**/*yaml"
+    ],
+    "modules/project-factory/schemas/project.schema.json": [
+      "projects/**/*yaml"
+    ],
+    "modules/vpc-sc/schemas/access-level.schema.json": [
+      "access-levels/**/*yaml"
+    ],
+    "modules/vpc-sc/schemas/egress-policy.schema.json": [
+      "egress-policies/**/*yaml"
+    ],
+    "modules/vpc-sc/schemas/ingress-policy.schema.json": [
+      "ingress-policies/**/*yaml"
+    ],
+  }
+}
diff --git a/modules/vpc-sc/schemas/egress-policy.schema.json b/modules/vpc-sc/schemas/egress-policy.schema.json
index e13004758..c8e0931bd 100644
--- a/modules/vpc-sc/schemas/egress-policy.schema.json
+++ b/modules/vpc-sc/schemas/egress-policy.schema.json
@@ -24,7 +24,8 @@
         "identities": {
           "type": "array",
           "items": {
-            "type": "string"
+            "type": "string",
+            "pattern": "^(?:serviceAccount:|user:|group:|principal:)"
           }
         }
       }
@@ -72,4 +73,4 @@
       }
     }
   }
-}
\ No newline at end of file
+}
diff --git a/modules/vpc-sc/schemas/ingress-policy.schema.json b/modules/vpc-sc/schemas/ingress-policy.schema.json
index 0c19ab935..3df793545 100644
--- a/modules/vpc-sc/schemas/ingress-policy.schema.json
+++ b/modules/vpc-sc/schemas/ingress-policy.schema.json
@@ -30,7 +30,8 @@
         "identities": {
           "type": "array",
           "items": {
-            "type": "string"
+            "type": "string",
+            "pattern": "^(?:serviceAccount:|user:|group:|principal:)"
           }
         },
         "resources": {
@@ -80,4 +81,4 @@
       }
     }
   }
-}
\ No newline at end of file
+}