diff --git a/fast/stages/0-bootstrap/data/custom-roles/gcve_network_admin.yaml b/fast/stages/0-bootstrap/data/custom-roles/gcve_network_admin.yaml index 5cc40f6a6..3f7213da0 100644 --- a/fast/stages/0-bootstrap/data/custom-roles/gcve_network_admin.yaml +++ b/fast/stages/0-bootstrap/data/custom-roles/gcve_network_admin.yaml @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -# yaml-language-server: $schema=../../../../../modules/organization/schemas/custom-role.schema.json +# yaml-language-server: $schema=../../schemas/custom-role.schema.json name: gcveNetworkAdmin includedPermissions: diff --git a/fast/stages/0-bootstrap/data/custom-roles/network_firewall_policies_admin.yaml b/fast/stages/0-bootstrap/data/custom-roles/network_firewall_policies_admin.yaml index e54e45f9b..457bef64d 100644 --- a/fast/stages/0-bootstrap/data/custom-roles/network_firewall_policies_admin.yaml +++ b/fast/stages/0-bootstrap/data/custom-roles/network_firewall_policies_admin.yaml @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -# yaml-language-server: $schema=../../../../../modules/organization/schemas/custom-role.schema.json +# yaml-language-server: $schema=../../schemas/custom-role.schema.json name: networkFirewallPoliciesAdmin includedPermissions: diff --git a/fast/stages/0-bootstrap/data/custom-roles/ngfw_enterprise_admin.yaml b/fast/stages/0-bootstrap/data/custom-roles/ngfw_enterprise_admin.yaml index b9e9cb10e..8f6b08a23 100644 --- a/fast/stages/0-bootstrap/data/custom-roles/ngfw_enterprise_admin.yaml +++ b/fast/stages/0-bootstrap/data/custom-roles/ngfw_enterprise_admin.yaml @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -# yaml-language-server: $schema=../../../../../modules/organization/schemas/custom-role.schema.json +# yaml-language-server: $schema=../../schemas/custom-role.schema.json name: ngfwEnterpriseAdmin includedPermissions: diff --git a/fast/stages/0-bootstrap/data/custom-roles/organization_admin_viewer.yaml b/fast/stages/0-bootstrap/data/custom-roles/organization_admin_viewer.yaml index ee99b093c..dfef91eab 100644 --- a/fast/stages/0-bootstrap/data/custom-roles/organization_admin_viewer.yaml +++ b/fast/stages/0-bootstrap/data/custom-roles/organization_admin_viewer.yaml @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -# yaml-language-server: $schema=../../../../../modules/organization/schemas/custom-role.schema.json +# yaml-language-server: $schema=../../schemas/custom-role.schema.json # this is used by the plan-only admin SA name: organizationAdminViewer diff --git a/fast/stages/0-bootstrap/data/custom-roles/organization_iam_admin.yaml b/fast/stages/0-bootstrap/data/custom-roles/organization_iam_admin.yaml index 880c1334f..8b1df2d9a 100644 --- a/fast/stages/0-bootstrap/data/custom-roles/organization_iam_admin.yaml +++ b/fast/stages/0-bootstrap/data/custom-roles/organization_iam_admin.yaml @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -# yaml-language-server: $schema=../../../../../modules/organization/schemas/custom-role.schema.json +# yaml-language-server: $schema=../../schemas/custom-role.schema.json # this is needed for use in additive IAM bindings, to avoid conflicts name: organizationIamAdmin diff --git a/fast/stages/0-bootstrap/data/custom-roles/service_project_network_admin.yaml b/fast/stages/0-bootstrap/data/custom-roles/service_project_network_admin.yaml index 265191195..83e3b3a31 100644 --- a/fast/stages/0-bootstrap/data/custom-roles/service_project_network_admin.yaml +++ b/fast/stages/0-bootstrap/data/custom-roles/service_project_network_admin.yaml @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -# yaml-language-server: $schema=../../../../../modules/organization/schemas/custom-role.schema.json +# yaml-language-server: $schema=../../schemas/custom-role.schema.json name: serviceProjectNetworkAdmin includedPermissions: diff --git a/fast/stages/0-bootstrap/data/custom-roles/storage_viewer.yaml b/fast/stages/0-bootstrap/data/custom-roles/storage_viewer.yaml index e5ebf4ee7..a80786e69 100644 --- a/fast/stages/0-bootstrap/data/custom-roles/storage_viewer.yaml +++ b/fast/stages/0-bootstrap/data/custom-roles/storage_viewer.yaml @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -# yaml-language-server: $schema=../../../../../modules/organization/schemas/custom-role.schema.json +# yaml-language-server: $schema=../../schemas/custom-role.schema.json # the following permissions are a descoped version of storage.admin name: storageViewer diff --git a/fast/stages/0-bootstrap/data/custom-roles/tag_viewer.yaml b/fast/stages/0-bootstrap/data/custom-roles/tag_viewer.yaml index 1362e577e..247e6d641 100644 --- a/fast/stages/0-bootstrap/data/custom-roles/tag_viewer.yaml +++ b/fast/stages/0-bootstrap/data/custom-roles/tag_viewer.yaml @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -# yaml-language-server: $schema=../../../../../modules/organization/schemas/custom-role.schema.json +# yaml-language-server: $schema=../../schemas/custom-role.schema.json # the following permissions are a descoped version of tagAdm name: tagViewer diff --git a/fast/stages/0-bootstrap/data/custom-roles/tenant_network_admin.yaml b/fast/stages/0-bootstrap/data/custom-roles/tenant_network_admin.yaml index 40a008178..a07df2a06 100644 --- a/fast/stages/0-bootstrap/data/custom-roles/tenant_network_admin.yaml +++ b/fast/stages/0-bootstrap/data/custom-roles/tenant_network_admin.yaml @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -# yaml-language-server: $schema=../../../../../modules/organization/schemas/custom-role.schema.json +# yaml-language-server: $schema=../../schemas/custom-role.schema.json name: tenantNetworkAdmin includedPermissions: diff --git a/fast/stages/0-bootstrap/data/org-policies/compute.yaml b/fast/stages/0-bootstrap/data/org-policies/compute.yaml index 69f4453ce..644918a5c 100644 --- a/fast/stages/0-bootstrap/data/org-policies/compute.yaml +++ b/fast/stages/0-bootstrap/data/org-policies/compute.yaml @@ -16,7 +16,7 @@ # sample subset of useful organization policies, edit to suit requirements # start of document (---) avoids errors if the file only contains comments -# yaml-language-server: $schema=../../../../../modules/organization/schemas/org-policies.schema.json +# yaml-language-server: $schema=../../schemas/org-policies.schema.json compute.disableGuestAttributesAccess: rules: diff --git a/fast/stages/0-bootstrap/data/org-policies/gcp.yaml b/fast/stages/0-bootstrap/data/org-policies/gcp.yaml index 96df60ca0..d2440de46 100644 --- a/fast/stages/0-bootstrap/data/org-policies/gcp.yaml +++ b/fast/stages/0-bootstrap/data/org-policies/gcp.yaml @@ -16,7 +16,7 @@ # sample subset of useful organization policies, edit to suit requirements # start of document (---) avoids errors if the file only contains comments -# yaml-language-server: $schema=../../../../../modules/organization/schemas/org-policies.schema.json +# yaml-language-server: $schema=../../schemas/org-policies.schema.json # gcp.resourceLocations: # rules: diff --git a/fast/stages/0-bootstrap/data/org-policies/iam.yaml b/fast/stages/0-bootstrap/data/org-policies/iam.yaml index 7b39b926c..fca116d82 100644 --- a/fast/stages/0-bootstrap/data/org-policies/iam.yaml +++ b/fast/stages/0-bootstrap/data/org-policies/iam.yaml @@ -16,7 +16,7 @@ # sample subset of useful organization policies, edit to suit requirements # start of document (---) avoids errors if the file only contains comments -# yaml-language-server: $schema=../../../../../modules/organization/schemas/org-policies.schema.json +# yaml-language-server: $schema=../../schemas/org-policies.schema.json iam.automaticIamGrantsForDefaultServiceAccounts: rules: diff --git a/fast/stages/0-bootstrap/data/org-policies/serverless.yaml b/fast/stages/0-bootstrap/data/org-policies/serverless.yaml index d504e588e..c1b939d44 100644 --- a/fast/stages/0-bootstrap/data/org-policies/serverless.yaml +++ b/fast/stages/0-bootstrap/data/org-policies/serverless.yaml @@ -16,7 +16,7 @@ # sample subset of useful organization policies, edit to suit requirements # start of document (---) avoids errors if the file only contains comments -# yaml-language-server: $schema=../../../../../modules/organization/schemas/org-policies.schema.json +# yaml-language-server: $schema=../../schemas/org-policies.schema.json run.allowedIngress: rules: diff --git a/fast/stages/0-bootstrap/data/org-policies/sql.yaml b/fast/stages/0-bootstrap/data/org-policies/sql.yaml index f52a532a7..d0fca4c65 100644 --- a/fast/stages/0-bootstrap/data/org-policies/sql.yaml +++ b/fast/stages/0-bootstrap/data/org-policies/sql.yaml @@ -16,7 +16,7 @@ # sample subset of useful organization policies, edit to suit requirements # start of document (---) avoids errors if the file only contains comments -# yaml-language-server: $schema=../../../../../modules/organization/schemas/org-policies.schema.json +# yaml-language-server: $schema=../../schemas/org-policies.schema.json sql.restrictAuthorizedNetworks: rules: diff --git a/fast/stages/0-bootstrap/data/org-policies/storage.yaml b/fast/stages/0-bootstrap/data/org-policies/storage.yaml index dc9b5bf74..03e38fafa 100644 --- a/fast/stages/0-bootstrap/data/org-policies/storage.yaml +++ b/fast/stages/0-bootstrap/data/org-policies/storage.yaml @@ -16,7 +16,7 @@ # sample subset of useful organization policies, edit to suit requirements # start of document (---) avoids errors if the file only contains comments -# yaml-language-server: $schema=../../../../../modules/organization/schemas/org-policies.schema.json +# yaml-language-server: $schema=../../schemas/org-policies.schema.json storage.uniformBucketLevelAccess: rules: diff --git a/fast/stages/0-bootstrap/schemas/custom-role.schema.json b/fast/stages/0-bootstrap/schemas/custom-role.schema.json new file mode 120000 index 000000000..a1d6e5658 --- /dev/null +++ b/fast/stages/0-bootstrap/schemas/custom-role.schema.json @@ -0,0 +1 @@ +../../../../modules/organization/schemas/custom-role.schema.json \ No newline at end of file diff --git a/fast/stages/0-bootstrap/schemas/org-policies.schema.json b/fast/stages/0-bootstrap/schemas/org-policies.schema.json new file mode 120000 index 000000000..c5ebcfaf7 --- /dev/null +++ b/fast/stages/0-bootstrap/schemas/org-policies.schema.json @@ -0,0 +1 @@ +../../../../modules/organization/schemas/org-policies.schema.json \ No newline at end of file diff --git a/fast/stages/1-resman/data/org-policies/sandbox/compute.yaml b/fast/stages/1-resman/data/org-policies/sandbox/compute.yaml index dcdc47cb3..071fe96c2 100644 --- a/fast/stages/1-resman/data/org-policies/sandbox/compute.yaml +++ b/fast/stages/1-resman/data/org-policies/sandbox/compute.yaml @@ -6,6 +6,8 @@ # Terraform will be unable to decode this file if it does not contain valid YAML # You can retain `---` (start of the document) to indicate an empty document. +# yaml-language-server: $schema=../../../schemas/org-policies.schema.json + compute.vmExternalIpAccess: rules: - allow: diff --git a/fast/stages/1-resman/data/org-policies/sandbox/sql.yaml b/fast/stages/1-resman/data/org-policies/sandbox/sql.yaml index 157fd510d..cd1504c87 100644 --- a/fast/stages/1-resman/data/org-policies/sandbox/sql.yaml +++ b/fast/stages/1-resman/data/org-policies/sandbox/sql.yaml @@ -6,6 +6,8 @@ # Terraform will be unable to decode this file if it does not contain valid YAML # You can retain `---` (start of the document) to indicate an empty document. +# yaml-language-server: $schema=../../../schemas/org-policies.schema.json + sql.restrictPublicIp: rules: - enforce: true diff --git a/fast/stages/1-resman/schemas/org-policies.schema.json b/fast/stages/1-resman/schemas/org-policies.schema.json new file mode 120000 index 000000000..c5ebcfaf7 --- /dev/null +++ b/fast/stages/1-resman/schemas/org-policies.schema.json @@ -0,0 +1 @@ +../../../../modules/organization/schemas/org-policies.schema.json \ No newline at end of file diff --git a/fast/stages/1-vpcsc/data/access-levels/geo.yaml b/fast/stages/1-vpcsc/data/access-levels/geo.yaml index 6d820363a..3f34b527b 100644 --- a/fast/stages/1-vpcsc/data/access-levels/geo.yaml +++ b/fast/stages/1-vpcsc/data/access-levels/geo.yaml @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -# yaml-language-server: $schema=../../../../../modules/vpc-sc/schemas/access-level.schema.json +# yaml-language-server: $schema=../../schemas/access-level.schema.json # this is just an example that reflects the FAST core team members' locations # and needs to be edited, or not referenced in the perimeter variable diff --git a/fast/stages/1-vpcsc/schemas/access-level.schema.json b/fast/stages/1-vpcsc/schemas/access-level.schema.json new file mode 120000 index 000000000..57c2f3717 --- /dev/null +++ b/fast/stages/1-vpcsc/schemas/access-level.schema.json @@ -0,0 +1 @@ +../../../../modules/vpc-sc/schemas/access-level.schema.json \ No newline at end of file diff --git a/fast/stages/1-vpcsc/schemas/egress-policy.schema.json b/fast/stages/1-vpcsc/schemas/egress-policy.schema.json new file mode 120000 index 000000000..4949e03ee --- /dev/null +++ b/fast/stages/1-vpcsc/schemas/egress-policy.schema.json @@ -0,0 +1 @@ +../../../../modules/vpc-sc/schemas/egress-policy.schema.json \ No newline at end of file diff --git a/fast/stages/1-vpcsc/schemas/ingress-policy.schema.json b/fast/stages/1-vpcsc/schemas/ingress-policy.schema.json new file mode 120000 index 000000000..4741a4230 --- /dev/null +++ b/fast/stages/1-vpcsc/schemas/ingress-policy.schema.json @@ -0,0 +1 @@ +../../../../modules/vpc-sc/schemas/ingress-policy.schema.json \ No newline at end of file diff --git a/fast/stages/2-networking-a-simple/data/subnets/dev/dev-dataplatform.yaml b/fast/stages/2-networking-a-simple/data/subnets/dev/dev-dataplatform.yaml index f6007d28a..77e800868 100644 --- a/fast/stages/2-networking-a-simple/data/subnets/dev/dev-dataplatform.yaml +++ b/fast/stages/2-networking-a-simple/data/subnets/dev/dev-dataplatform.yaml @@ -1,5 +1,7 @@ # skip boilerplate check +# yaml-language-server: $schema=../../../schemas/subnet.schema.json + name: dev-dataplatform region: primary description: Default subnet for dev Data Platform diff --git a/fast/stages/2-networking-a-simple/data/subnets/dev/dev-default.yaml b/fast/stages/2-networking-a-simple/data/subnets/dev/dev-default.yaml index 583ced0a9..1980652be 100644 --- a/fast/stages/2-networking-a-simple/data/subnets/dev/dev-default.yaml +++ b/fast/stages/2-networking-a-simple/data/subnets/dev/dev-default.yaml @@ -1,5 +1,7 @@ # skip boilerplate check +# yaml-language-server: $schema=../../../schemas/subnet.schema.json + name: dev-default region: primary ip_cidr_range: 10.68.0.0/24 diff --git a/fast/stages/2-networking-a-simple/data/subnets/dev/dev-gke-nodes.yaml b/fast/stages/2-networking-a-simple/data/subnets/dev/dev-gke-nodes.yaml index e96135a62..3903373d0 100644 --- a/fast/stages/2-networking-a-simple/data/subnets/dev/dev-gke-nodes.yaml +++ b/fast/stages/2-networking-a-simple/data/subnets/dev/dev-gke-nodes.yaml @@ -1,5 +1,7 @@ # skip boilerplate check +# yaml-language-server: $schema=../../../schemas/subnet.schema.json + name: dev-gke-nodes region: primary description: Default subnet for prod gke nodes diff --git a/fast/stages/2-networking-a-simple/data/subnets/landing/landing-default.yaml b/fast/stages/2-networking-a-simple/data/subnets/landing/landing-default.yaml index 0b0ae0f50..59577cef4 100644 --- a/fast/stages/2-networking-a-simple/data/subnets/landing/landing-default.yaml +++ b/fast/stages/2-networking-a-simple/data/subnets/landing/landing-default.yaml @@ -1,5 +1,7 @@ # skip boilerplate check +# yaml-language-server: $schema=../../../schemas/subnet.schema.json + name: landing-default region: primary ip_cidr_range: 10.64.0.0/24 diff --git a/fast/stages/2-networking-a-simple/data/subnets/prod/prod-default.yaml b/fast/stages/2-networking-a-simple/data/subnets/prod/prod-default.yaml index 09a91d46b..781b018ce 100644 --- a/fast/stages/2-networking-a-simple/data/subnets/prod/prod-default.yaml +++ b/fast/stages/2-networking-a-simple/data/subnets/prod/prod-default.yaml @@ -1,5 +1,7 @@ # skip boilerplate check +# yaml-language-server: $schema=../../../schemas/subnet.schema.json + name: prod-default region: primary ip_cidr_range: 10.72.0.0/24 diff --git a/fast/stages/2-networking-a-simple/schemas/subnet.schema.json b/fast/stages/2-networking-a-simple/schemas/subnet.schema.json new file mode 120000 index 000000000..b7d7a7f2b --- /dev/null +++ b/fast/stages/2-networking-a-simple/schemas/subnet.schema.json @@ -0,0 +1 @@ +../../../../modules/net-vpc/schemas/subnet.schema.json \ No newline at end of file diff --git a/fast/stages/2-networking-b-nva/data/subnets/dev/dev-dataplatform.yaml b/fast/stages/2-networking-b-nva/data/subnets/dev/dev-dataplatform.yaml index f6007d28a..77e800868 100644 --- a/fast/stages/2-networking-b-nva/data/subnets/dev/dev-dataplatform.yaml +++ b/fast/stages/2-networking-b-nva/data/subnets/dev/dev-dataplatform.yaml @@ -1,5 +1,7 @@ # skip boilerplate check +# yaml-language-server: $schema=../../../schemas/subnet.schema.json + name: dev-dataplatform region: primary description: Default subnet for dev Data Platform diff --git a/fast/stages/2-networking-b-nva/data/subnets/dev/dev-default-pri.yaml b/fast/stages/2-networking-b-nva/data/subnets/dev/dev-default-pri.yaml index 583ced0a9..1980652be 100644 --- a/fast/stages/2-networking-b-nva/data/subnets/dev/dev-default-pri.yaml +++ b/fast/stages/2-networking-b-nva/data/subnets/dev/dev-default-pri.yaml @@ -1,5 +1,7 @@ # skip boilerplate check +# yaml-language-server: $schema=../../../schemas/subnet.schema.json + name: dev-default region: primary ip_cidr_range: 10.68.0.0/24 diff --git a/fast/stages/2-networking-b-nva/data/subnets/dev/dev-default-sec.yaml b/fast/stages/2-networking-b-nva/data/subnets/dev/dev-default-sec.yaml index 619ccdfab..71d51799e 100644 --- a/fast/stages/2-networking-b-nva/data/subnets/dev/dev-default-sec.yaml +++ b/fast/stages/2-networking-b-nva/data/subnets/dev/dev-default-sec.yaml @@ -1,5 +1,7 @@ # skip boilerplate check +# yaml-language-server: $schema=../../../schemas/subnet.schema.json + name: dev-default region: secondary ip_cidr_range: 10.84.0.0/24 diff --git a/fast/stages/2-networking-b-nva/data/subnets/dev/dev-gke-nodes.yaml b/fast/stages/2-networking-b-nva/data/subnets/dev/dev-gke-nodes.yaml index e96135a62..3903373d0 100644 --- a/fast/stages/2-networking-b-nva/data/subnets/dev/dev-gke-nodes.yaml +++ b/fast/stages/2-networking-b-nva/data/subnets/dev/dev-gke-nodes.yaml @@ -1,5 +1,7 @@ # skip boilerplate check +# yaml-language-server: $schema=../../../schemas/subnet.schema.json + name: dev-gke-nodes region: primary description: Default subnet for prod gke nodes diff --git a/fast/stages/2-networking-b-nva/data/subnets/dmz/dmz-default-pri.yaml b/fast/stages/2-networking-b-nva/data/subnets/dmz/dmz-default-pri.yaml index e3ed392f2..f2c55687b 100644 --- a/fast/stages/2-networking-b-nva/data/subnets/dmz/dmz-default-pri.yaml +++ b/fast/stages/2-networking-b-nva/data/subnets/dmz/dmz-default-pri.yaml @@ -1,5 +1,7 @@ # skip boilerplate check +# yaml-language-server: $schema=../../../schemas/subnet.schema.json + name: dmz-default region: primary ip_cidr_range: 10.64.128.0/24 diff --git a/fast/stages/2-networking-b-nva/data/subnets/dmz/dmz-default-sec.yaml b/fast/stages/2-networking-b-nva/data/subnets/dmz/dmz-default-sec.yaml index 9ce18efa6..5e04dc607 100644 --- a/fast/stages/2-networking-b-nva/data/subnets/dmz/dmz-default-sec.yaml +++ b/fast/stages/2-networking-b-nva/data/subnets/dmz/dmz-default-sec.yaml @@ -1,5 +1,7 @@ # skip boilerplate check +# yaml-language-server: $schema=../../../schemas/subnet.schema.json + name: dmz-default region: secondary ip_cidr_range: 10.80.128.0/24 diff --git a/fast/stages/2-networking-b-nva/data/subnets/landing/landing-default-pri.yaml b/fast/stages/2-networking-b-nva/data/subnets/landing/landing-default-pri.yaml index 0b0ae0f50..59577cef4 100644 --- a/fast/stages/2-networking-b-nva/data/subnets/landing/landing-default-pri.yaml +++ b/fast/stages/2-networking-b-nva/data/subnets/landing/landing-default-pri.yaml @@ -1,5 +1,7 @@ # skip boilerplate check +# yaml-language-server: $schema=../../../schemas/subnet.schema.json + name: landing-default region: primary ip_cidr_range: 10.64.0.0/24 diff --git a/fast/stages/2-networking-b-nva/data/subnets/landing/landing-default-sec.yaml b/fast/stages/2-networking-b-nva/data/subnets/landing/landing-default-sec.yaml index 12787a6a7..212027800 100644 --- a/fast/stages/2-networking-b-nva/data/subnets/landing/landing-default-sec.yaml +++ b/fast/stages/2-networking-b-nva/data/subnets/landing/landing-default-sec.yaml @@ -1,5 +1,7 @@ # skip boilerplate check +# yaml-language-server: $schema=../../../schemas/subnet.schema.json + name: landing-default region: secondary ip_cidr_range: 10.80.0.0/24 diff --git a/fast/stages/2-networking-b-nva/data/subnets/prod/prod-default-ew1.yaml b/fast/stages/2-networking-b-nva/data/subnets/prod/prod-default-ew1.yaml index 09a91d46b..781b018ce 100644 --- a/fast/stages/2-networking-b-nva/data/subnets/prod/prod-default-ew1.yaml +++ b/fast/stages/2-networking-b-nva/data/subnets/prod/prod-default-ew1.yaml @@ -1,5 +1,7 @@ # skip boilerplate check +# yaml-language-server: $schema=../../../schemas/subnet.schema.json + name: prod-default region: primary ip_cidr_range: 10.72.0.0/24 diff --git a/fast/stages/2-networking-b-nva/data/subnets/prod/prod-default-ew4.yaml b/fast/stages/2-networking-b-nva/data/subnets/prod/prod-default-ew4.yaml index c1fbfe407..5200c0de4 100644 --- a/fast/stages/2-networking-b-nva/data/subnets/prod/prod-default-ew4.yaml +++ b/fast/stages/2-networking-b-nva/data/subnets/prod/prod-default-ew4.yaml @@ -1,5 +1,7 @@ # skip boilerplate check +# yaml-language-server: $schema=../../../schemas/subnet.schema.json + name: prod-default region: secondary ip_cidr_range: 10.88.0.0/24 diff --git a/fast/stages/2-networking-b-nva/schemas/subnet.schema.json b/fast/stages/2-networking-b-nva/schemas/subnet.schema.json new file mode 120000 index 000000000..b7d7a7f2b --- /dev/null +++ b/fast/stages/2-networking-b-nva/schemas/subnet.schema.json @@ -0,0 +1 @@ +../../../../modules/net-vpc/schemas/subnet.schema.json \ No newline at end of file diff --git a/fast/stages/2-networking-c-separate-envs/data/subnets/dev/dev-dataplatform.yaml b/fast/stages/2-networking-c-separate-envs/data/subnets/dev/dev-dataplatform.yaml index f6007d28a..77e800868 100644 --- a/fast/stages/2-networking-c-separate-envs/data/subnets/dev/dev-dataplatform.yaml +++ b/fast/stages/2-networking-c-separate-envs/data/subnets/dev/dev-dataplatform.yaml @@ -1,5 +1,7 @@ # skip boilerplate check +# yaml-language-server: $schema=../../../schemas/subnet.schema.json + name: dev-dataplatform region: primary description: Default subnet for dev Data Platform diff --git a/fast/stages/2-networking-c-separate-envs/data/subnets/dev/dev-default.yaml b/fast/stages/2-networking-c-separate-envs/data/subnets/dev/dev-default.yaml index 928fb1ebf..94ef66e21 100644 --- a/fast/stages/2-networking-c-separate-envs/data/subnets/dev/dev-default.yaml +++ b/fast/stages/2-networking-c-separate-envs/data/subnets/dev/dev-default.yaml @@ -1,5 +1,7 @@ # skip boilerplate check +# yaml-language-server: $schema=../../../schemas/subnet.schema.json + name: dev-default region: europe-west1 ip_cidr_range: 10.68.0.0/24 diff --git a/fast/stages/2-networking-c-separate-envs/data/subnets/dev/dev-gke-nodes.yaml b/fast/stages/2-networking-c-separate-envs/data/subnets/dev/dev-gke-nodes.yaml index e96135a62..3903373d0 100644 --- a/fast/stages/2-networking-c-separate-envs/data/subnets/dev/dev-gke-nodes.yaml +++ b/fast/stages/2-networking-c-separate-envs/data/subnets/dev/dev-gke-nodes.yaml @@ -1,5 +1,7 @@ # skip boilerplate check +# yaml-language-server: $schema=../../../schemas/subnet.schema.json + name: dev-gke-nodes region: primary description: Default subnet for prod gke nodes diff --git a/fast/stages/2-networking-c-separate-envs/data/subnets/prod/prod-default.yaml b/fast/stages/2-networking-c-separate-envs/data/subnets/prod/prod-default.yaml index 48c1e6a06..ff193c0ac 100644 --- a/fast/stages/2-networking-c-separate-envs/data/subnets/prod/prod-default.yaml +++ b/fast/stages/2-networking-c-separate-envs/data/subnets/prod/prod-default.yaml @@ -1,5 +1,7 @@ # skip boilerplate check +# yaml-language-server: $schema=../../../schemas/subnet.schema.json + name: prod-default region: primary ip_cidr_range: 10.72.0.0/24 diff --git a/fast/stages/2-networking-c-separate-envs/schemas/subnet.schema.json b/fast/stages/2-networking-c-separate-envs/schemas/subnet.schema.json new file mode 120000 index 000000000..b7d7a7f2b --- /dev/null +++ b/fast/stages/2-networking-c-separate-envs/schemas/subnet.schema.json @@ -0,0 +1 @@ +../../../../modules/net-vpc/schemas/subnet.schema.json \ No newline at end of file diff --git a/modules/billing-account/README.md b/modules/billing-account/README.md index 104476992..dd3bdb6d7 100644 --- a/modules/billing-account/README.md +++ b/modules/billing-account/README.md @@ -238,7 +238,6 @@ module "billing-account" { ``` ```yaml -# tftest-file id=test-1 path=data/billing-budgets/folder-net-month-current-100.yaml display_name: 100 dollars in current spend amount: units: 100 @@ -255,6 +254,8 @@ update_rules: disable_default_iam_recipients: true monitoring_notification_channels: - billing-default + +# tftest-file id=test-1 path=data/billing-budgets/folder-net-month-current-100.yaml schema=budget.schema.json ``` diff --git a/modules/billing-account/schemas/budget.schema.json b/modules/billing-account/schemas/budget.schema.json new file mode 100644 index 000000000..b1bdb24d7 --- /dev/null +++ b/modules/billing-account/schemas/budget.schema.json @@ -0,0 +1,169 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "title": "Project", + "type": "object", + "additionalProperties": false, + "required": [ + "amount" + ], + "properties": { + "amount": { + "type": "object", + "additionalProperties": false, + "properties": { + "currency_code": { + "type": "string" + }, + "nanos": { + "type": "number" + }, + "units": { + "type": "number" + }, + "use_last_period": { + "type": "boolean" + } + } + }, + "display_name": { + "type": "string" + }, + "filter": { + "type": "object", + "additionalProperties": false, + "properties": { + "credit_types_treatment": { + "type": "object", + "additionalProperties": false, + "properties": { + "exclude_all": { + "type": "boolean" + }, + "include_specified": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "label": { + "type": "object", + "additionalProperties": false, + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + } + }, + "period": { + "type": "object", + "additionalProperties": false, + "properties": { + "calendar": { + "type": "string" + }, + "custom": { + "type": "object", + "additionalProperties": false, + "properties": { + "start_date": { + "$ref": "#/$defs/date" + }, + "end_date": { + "$ref": "#/$defs/date" + } + } + } + } + }, + "projects": { + "type": "array", + "items": { + "type": "string" + } + }, + "resource_ancestors": { + "type": "array", + "items": { + "type": "string" + } + }, + "services": { + "type": "array", + "items": { + "type": "string" + } + }, + "subaccounts": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "threshold_rules": { + "type": "array", + "items": { + "type": "object", + "additionalProperties": false, + "required": [ + "percent" + ], + "properties": { + "percent": { + "type": "number" + }, + "forecasted_spend": { + "type": "boolean" + } + } + } + }, + "update_rules": { + "type": "object", + "additionalProperties": false, + "patternProperties": { + "^[a-z0-9_-]+$": { + "type": "object", + "additionalProperties": false, + "properties": { + "disable_default_iam_recipients": { + "type": "boolean" + }, + "monitoring_notification_channels": { + "type": "array", + "items": { + "type": "string" + } + }, + "pubsub_topic": { + "type": "string" + } + } + } + } + } + }, + "$defs": { + "date": { + "type": "object", + "additionalProperties": false, + "properties": { + "day": { + "type": "number" + }, + "month": { + "type": "number" + }, + "year": { + "type": "number" + } + } + } + } +} \ No newline at end of file diff --git a/modules/folder/README.md b/modules/folder/README.md index a15d4b204..defc63b86 100644 --- a/modules/folder/README.md +++ b/modules/folder/README.md @@ -165,7 +165,6 @@ module "folder" { ``` ```yaml -# tftest-file id=boolean path=configs/org-policies/boolean.yaml compute.disableGuestAttributesAccess: rules: - enforce: true @@ -184,10 +183,11 @@ iam.disableServiceAccountKeyUpload: title: condition enforce: true - enforce: false + +# tftest-file id=boolean path=configs/org-policies/boolean.yaml schema=org-policies.schema.json ``` ```yaml -# tftest-file id=list path=configs/org-policies/list.yaml compute.trustedImageProjects: rules: - allow: @@ -203,6 +203,8 @@ iam.allowedPolicyMemberDomains: values: - C0xxxxxxx - C0yyyyyyy + +# tftest-file id=list path=configs/org-policies/list.yaml schema=org-policies.schema.json ``` ## Hierarchical Firewall Policy Attachments diff --git a/modules/folder/schemas/org-policies.schema.json b/modules/folder/schemas/org-policies.schema.json new file mode 120000 index 000000000..3a18ee3b5 --- /dev/null +++ b/modules/folder/schemas/org-policies.schema.json @@ -0,0 +1 @@ +../../organization/schemas/org-policies.schema.json \ No newline at end of file diff --git a/modules/net-vpc/README.md b/modules/net-vpc/README.md index 05eaf1275..d89fde140 100644 --- a/modules/net-vpc/README.md +++ b/modules/net-vpc/README.md @@ -435,21 +435,22 @@ module "vpc" { ``` ```yaml -# tftest-file id=subnet-simple path=config/subnets/subnet-simple.yaml name: simple region: primary ip_cidr_range: 10.0.1.0/24 + +# tftest-file id=subnet-simple path=config/subnets/subnet-simple.yaml schema=subnet.schema.json ``` ```yaml -# tftest-file id=subnet-simple-2 path=config/subnets/subnet-simple-2.yaml name: simple region: europe-west8 ip_cidr_range: 10.0.2.0/24 + +# tftest-file id=subnet-simple-2 path=config/subnets/subnet-simple-2.yaml schema=subnet.schema.json ``` ```yaml -# tftest-file id=subnet-detailed path=config/subnets/subnet-detailed.yaml region: europe-west1 description: Sample description ip_cidr_range: 10.0.0.0/24 @@ -466,28 +467,33 @@ flow_logs_config: # enable, set to empty map to use defaults aggregation_interval: "INTERVAL_5_SEC" flow_sampling: 0.5 metadata: "INCLUDE_ALL_METADATA" + +# tftest-file id=subnet-detailed path=config/subnets/subnet-detailed.yaml schema=subnet.schema.json ``` ```yaml -# tftest-file id=subnet-proxy path=config/subnets/subnet-proxy.yaml region: europe-west4 ip_cidr_range: 10.1.0.0/24 proxy_only: true + +# tftest-file id=subnet-proxy path=config/subnets/subnet-proxy.yaml schema=subnet.schema.json ``` ```yaml -# tftest-file id=subnet-proxy-global path=config/subnets/subnet-proxy-global.yaml region: australia-southeast2 ip_cidr_range: 10.4.0.0/24 proxy_only: true global: true + +# tftest-file id=subnet-proxy-global path=config/subnets/subnet-proxy-global.yaml schema=subnet.schema.json ``` ```yaml -# tftest-file id=subnet-psc path=config/subnets/subnet-psc.yaml region: europe-west4 ip_cidr_range: 10.2.0.0/24 psc: true + +# tftest-file id=subnet-psc path=config/subnets/subnet-psc.yaml schema=subnet.schema.json ``` ### Custom Routes diff --git a/modules/net-vpc/schemas/subnet.schema.json b/modules/net-vpc/schemas/subnet.schema.json new file mode 100644 index 000000000..9c2948abc --- /dev/null +++ b/modules/net-vpc/schemas/subnet.schema.json @@ -0,0 +1,183 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "title": "Subnet", + "type": "object", + "additionalProperties": false, + "required": [ + "ip_cidr_range", + "region" + ], + "properties": { + "active": { + "type": "boolean" + }, + "description": { + "type": "string" + }, + "enable_private_access": { + "type": "boolean" + }, + "flow_logs_config": { + "type": "object", + "additionalProperties": false, + "properties": { + "aggregation_interval": { + "type": "string" + }, + "filter_expression": { + "type": "string" + }, + "flow_sampling": { + "type": "number" + }, + "metadata": { + "type": "string" + }, + "metadata_fields": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "global": { + "type": "boolean" + }, + "ip_cidr_range": { + "type": "string" + }, + "ipv6": { + "type": "object", + "additionalProperties": false, + "properties": { + "access_type": { + "type": "string" + } + } + }, + "name": { + "type": "string" + }, + "region": { + "type": "string" + }, + "psc": { + "type": "boolean" + }, + "proxy_only": { + "type": "boolean" + }, + "secondary_ip_ranges": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "iam": { + "$ref": "#/$defs/iam" + }, + "iam_bindings": { + "$ref": "#/$defs/iam_bindings" + }, + "iam_bindings_additive": { + "$ref": "#/$defs/iam_bindings_additive" + } + }, + "$defs": { + "iam": { + "type": "object", + "additionalProperties": false, + "patternProperties": { + "^roles/": { + "type": "array", + "items": { + "type": "string", + "pattern": "^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|ro|rw)" + } + } + } + }, + "iam_bindings": { + "type": "object", + "additionalProperties": false, + "patternProperties": { + "^[a-z0-9_-]+$": { + "type": "object", + "additionalProperties": false, + "properties": { + "members": { + "type": "array", + "items": { + "type": "string", + "pattern": "^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|ro|rw)" + } + }, + "role": { + "type": "string", + "pattern": "^roles/" + }, + "condition": { + "type": "object", + "additionalProperties": false, + "required": [ + "expression", + "title" + ], + "properties": { + "expression": { + "type": "string" + }, + "title": { + "type": "string" + }, + "description": { + "type": "string" + } + } + } + } + } + } + }, + "iam_bindings_additive": { + "type": "object", + "additionalProperties": false, + "patternProperties": { + "^[a-z0-9_-]+$": { + "type": "object", + "additionalProperties": false, + "properties": { + "member": { + "type": "string", + "pattern": "^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|ro|rw)" + }, + "role": { + "type": "string", + "pattern": "^roles/" + }, + "condition": { + "type": "object", + "additionalProperties": false, + "required": [ + "expression", + "title" + ], + "properties": { + "expression": { + "type": "string" + }, + "title": { + "type": "string" + }, + "description": { + "type": "string" + } + } + } + } + } + } + } + } +} \ No newline at end of file diff --git a/modules/project-factory/schemas/budget.schema.json b/modules/project-factory/schemas/budget.schema.json deleted file mode 100644 index b1bdb24d7..000000000 --- a/modules/project-factory/schemas/budget.schema.json +++ /dev/null @@ -1,169 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "title": "Project", - "type": "object", - "additionalProperties": false, - "required": [ - "amount" - ], - "properties": { - "amount": { - "type": "object", - "additionalProperties": false, - "properties": { - "currency_code": { - "type": "string" - }, - "nanos": { - "type": "number" - }, - "units": { - "type": "number" - }, - "use_last_period": { - "type": "boolean" - } - } - }, - "display_name": { - "type": "string" - }, - "filter": { - "type": "object", - "additionalProperties": false, - "properties": { - "credit_types_treatment": { - "type": "object", - "additionalProperties": false, - "properties": { - "exclude_all": { - "type": "boolean" - }, - "include_specified": { - "type": "array", - "items": { - "type": "string" - } - } - } - }, - "label": { - "type": "object", - "additionalProperties": false, - "properties": { - "key": { - "type": "string" - }, - "value": { - "type": "string" - } - } - }, - "period": { - "type": "object", - "additionalProperties": false, - "properties": { - "calendar": { - "type": "string" - }, - "custom": { - "type": "object", - "additionalProperties": false, - "properties": { - "start_date": { - "$ref": "#/$defs/date" - }, - "end_date": { - "$ref": "#/$defs/date" - } - } - } - } - }, - "projects": { - "type": "array", - "items": { - "type": "string" - } - }, - "resource_ancestors": { - "type": "array", - "items": { - "type": "string" - } - }, - "services": { - "type": "array", - "items": { - "type": "string" - } - }, - "subaccounts": { - "type": "array", - "items": { - "type": "string" - } - } - } - }, - "threshold_rules": { - "type": "array", - "items": { - "type": "object", - "additionalProperties": false, - "required": [ - "percent" - ], - "properties": { - "percent": { - "type": "number" - }, - "forecasted_spend": { - "type": "boolean" - } - } - } - }, - "update_rules": { - "type": "object", - "additionalProperties": false, - "patternProperties": { - "^[a-z0-9_-]+$": { - "type": "object", - "additionalProperties": false, - "properties": { - "disable_default_iam_recipients": { - "type": "boolean" - }, - "monitoring_notification_channels": { - "type": "array", - "items": { - "type": "string" - } - }, - "pubsub_topic": { - "type": "string" - } - } - } - } - } - }, - "$defs": { - "date": { - "type": "object", - "additionalProperties": false, - "properties": { - "day": { - "type": "number" - }, - "month": { - "type": "number" - }, - "year": { - "type": "number" - } - } - } - } -} \ No newline at end of file diff --git a/modules/project-factory/schemas/budget.schema.json b/modules/project-factory/schemas/budget.schema.json new file mode 120000 index 000000000..618778222 --- /dev/null +++ b/modules/project-factory/schemas/budget.schema.json @@ -0,0 +1 @@ +../../billing-account/schemas/budget.schema.json \ No newline at end of file diff --git a/modules/project/README.md b/modules/project/README.md index 2a51aa7a3..8e4a4297e 100644 --- a/modules/project/README.md +++ b/modules/project/README.md @@ -542,12 +542,6 @@ module "project" { ``` ```yaml -# tftest-file id=boolean path=configs/org-policies/boolean.yaml - ---- -# Terraform will be unable to decode this file if it does not contain valid YAML -# You can retain `---` (start of the document) to indicate an empty document. - compute.disableGuestAttributesAccess: rules: - enforce: true @@ -566,15 +560,11 @@ iam.disableServiceAccountKeyUpload: title: condition enforce: true - enforce: false + +# tftest-file id=boolean path=configs/org-policies/boolean.yaml schema=org-policies.schema.json ``` ```yaml -# tftest-file id=list path=configs/org-policies/list.yaml - ---- -# Terraform will be unable to decode this file if it does not contain valid YAML -# You can retain `---` (start of the document) to indicate an empty document. - compute.trustedImageProjects: rules: - allow: @@ -590,6 +580,8 @@ iam.allowedPolicyMemberDomains: values: - C0xxxxxxx - C0yyyyyyy + +# tftest-file id=list path=configs/org-policies/list.yaml schema=org-policies.schema.json ``` ### Dry-Run Mode @@ -962,20 +954,20 @@ module "project" { ``` ```yaml -# tftest-file id=custom-role-1 path=data/custom_roles/test_1.yaml - includedPermissions: - compute.globalOperations.get + +# tftest-file id=custom-role-1 path=data/custom_roles/test_1.yaml schema=custom-role.schema.json ``` ```yaml -# tftest-file id=custom-role-2 path=data/custom_roles/test_2.yaml - name: projectViewer includedPermissions: - resourcemanager.projects.get - resourcemanager.projects.getIamPolicy - resourcemanager.projects.list + +# tftest-file id=custom-role-2 path=data/custom_roles/test_2.yaml schema=custom-role.schema.json ``` ## Quotas @@ -1039,12 +1031,6 @@ module "project" { ``` ```yaml -# tftest-file id=quota-cpus-ew8 path=data/quotas/cpus-ew8.yaml - ---- -# Terraform will be unable to decode this file if it does not contain valid YAML -# You can retain `---` (start of the document) to indicate an empty document. - cpus-ew8: service: compute.googleapis.com quota_id: CPUS-per-project-region @@ -1052,6 +1038,8 @@ cpus-ew8: preferred_value: 751 dimensions: region: europe-west8 + +# tftest-file id=quota-cpus-ew8 path=data/quotas/cpus-ew8.yaml schema=quotas.schema.json ``` ## VPC Service Controls diff --git a/modules/project/schemas/custom-role.schema.json b/modules/project/schemas/custom-role.schema.json new file mode 120000 index 000000000..473497179 --- /dev/null +++ b/modules/project/schemas/custom-role.schema.json @@ -0,0 +1 @@ +../../organization/schemas/custom-role.schema.json \ No newline at end of file diff --git a/modules/project/schemas/org-policies.schema.json b/modules/project/schemas/org-policies.schema.json new file mode 120000 index 000000000..3a18ee3b5 --- /dev/null +++ b/modules/project/schemas/org-policies.schema.json @@ -0,0 +1 @@ +../../organization/schemas/org-policies.schema.json \ No newline at end of file diff --git a/modules/project/schemas/quotas.schema.json b/modules/project/schemas/quotas.schema.json new file mode 100644 index 000000000..3390f3b38 --- /dev/null +++ b/modules/project/schemas/quotas.schema.json @@ -0,0 +1,53 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "title": "Organization Policies", + "type": "object", + "additionalProperties": false, + "patternProperties": { + "^[a-zA-Z0-9_-]+$": { + "type": "object", + "additionalProperties": false, + "required": [ + "service", + "quota_id", + "preferred_value" + ], + "properties": { + "service": { + "type": "string" + }, + "quota_id": { + "type": "string" + }, + "preferred_value": { + "type": "number" + }, + "dimensions": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "justification": { + "type": "string" + }, + "contact_email": { + "type": "string" + }, + "annotations": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "ignore_safety_checks": { + "enum": [ + "QUOTA_DECREASE_BELOW_USAGE", + "QUOTA_DECREASE_PERCENTAGE_TOO_HIGH", + "QUOTA_SAFETY_CHECK_UNSPECIFIED" + ] + } + } + } + } +} \ No newline at end of file