# Copyright 2026 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. values: google_access_context_manager_service_perimeter_resource.default["$vpc_sc_perimeters:default"]: perimeter_name: accessPolicies/888933661165/servicePerimeters/default timeouts: null google_cloud_asset_project_feed.default["test"]: asset_names: null asset_types: null billing_project: test-project condition: [] content_type: null feed_id: test feed_output_config: - pubsub_destination: - topic: projects/test-prod-audit-logs-0/topics/audit-logs project: my-project timeouts: null google_compute_shared_vpc_service_project.shared_vpc_service[0]: deletion_policy: null host_project: test-vpc-host service_project: my-project timeouts: null google_essential_contacts_contact.contact["$email_addresses:default"]: email: foo@example.com language_tag: en notification_category_subscriptions: - ALL parent: projects/my-project timeouts: null google_kms_crypto_key_iam_member.service_agent_cmek["key-0.compute-system"]: condition: [] crypto_key_id: projects/kms-central-prj/locations/europe-west1/keyRings/my-keyring/cryptoKeys/ew1-compute role: roles/cloudkms.cryptoKeyEncrypterDecrypter google_logging_metric.metrics["test-metric"]: bucket_name: logging.googleapis.com/projects/my-project/locations/global/buckets/audit-bucket bucket_options: [] description: null disabled: null filter: resource.type="gce_instance" label_extractors: null name: test-metric project: my-project timeouts: null value_extractor: null google_logging_project_sink.sink["test-pubsub"]: custom_writer_identity: null description: test-pubsub (Terraform-managed). destination: pubsub.googleapis.com/projects/test-prod-audit-logs-0/topics/audit-logs disabled: false exclusions: [] filter: log_id('cloudaudit.googleapis.com/activity') name: test-pubsub project: my-project unique_writer_identity: true google_monitoring_alert_policy.alerts["test-alert"]: alert_strategy: [] combiner: OR conditions: - condition_absent: [] condition_matched_log: [] condition_monitoring_query_language: [] condition_prometheus_query_language: [] condition_sql: [] condition_threshold: - aggregations: [] comparison: COMPARISON_GT denominator_aggregations: [] denominator_filter: null duration: 60s evaluation_missing_data: null filter: resource.type="gce_instance" AND metric.type="compute.googleapis.com/instance/cpu/utilization" forecast_options: [] threshold_value: null trigger: [] display_name: test-condition display_name: Test Alert documentation: [] enabled: true notification_channels: - projects/my-project/notificationChannels/12345 project: my-project severity: null timeouts: null user_labels: null google_monitoring_notification_channel.channels["new-email"]: description: null display_name: null enabled: true force_delete: false labels: email_address: foo@example.com project: my-project sensitive_labels: [] timeouts: null type: email user_labels: null google_monitoring_notification_channel.channels["new-pubsub"]: description: null display_name: null enabled: true force_delete: false labels: topic: projects/test-prod-audit-logs-0/topics/audit-logs project: my-project sensitive_labels: [] timeouts: null type: pubsub user_labels: null google_privileged_access_manager_entitlement.default["net-admins"]: additional_notification_targets: [] approval_workflow: - manual_approvals: - require_approver_justification: true steps: - approvals_needed: 1 approver_email_recipients: null approvers: - principals: - group:test-group@example.com eligible_users: - principals: - group:test-group@example.com entitlement_id: net-admins location: global max_request_duration: 3600s parent: projects/my-project privileged_access: - gcp_iam_access: - resource: //cloudresourcemanager.googleapis.com/projects/my-project resource_type: cloudresourcemanager.googleapis.com/Project role_bindings: - condition_expression: null role: roles/compute.networkAdmin - condition_expression: null role: roles/compute.admin - condition_expression: null role: organizations/366118655033/roles/myRoleTwo requester_justification_config: - not_mandatory: [] unstructured: - {} timeouts: null google_project.project[0]: auto_create_network: false billing_account: null deletion_policy: DELETE effective_labels: goog-terraform-provisioned: 'true' folder_id: '6789012345' labels: null name: my-project org_id: null project_id: my-project tags: null terraform_labels: goog-terraform-provisioned: 'true' timeouts: null google_project_iam_audit_config.default["allServices"]: audit_log_config: - exempted_members: - group:test-group@example.com log_type: ADMIN_READ - exempted_members: [] log_type: DATA_READ project: my-project service: allServices google_project_iam_binding.authoritative["$custom_roles:myrole_one"]: condition: [] members: - group:test-group@example.com - user:test-user@example.com project: my-project role: organizations/366118655033/roles/myRoleOne google_project_iam_binding.authoritative["roles/owner"]: condition: [] members: - group:test-group@example.com project: my-project role: roles/owner google_project_iam_binding.authoritative["roles/viewer"]: condition: [] members: - serviceAccount:test@test-project.iam.gserviceaccount.com project: my-project role: roles/viewer google_project_iam_binding.bindings["iam-bpc:$custom_roles:myrole_one-expires_after_2020_12_31"]: condition: - description: Expiring at midnight of 2020-12-31 expression: request.time < timestamp("2021-01-01T00:00:00Z") title: expires_after_2020_12_31 members: - user:test-user@example.com project: my-project role: organizations/366118655033/roles/myRoleOne google_project_iam_binding.bindings["iam-bpc:$custom_roles:myrole_two-expires_after_2020_12_31"]: condition: - description: Expiring at midnight of 2020-12-31 expression: request.time < timestamp("2021-01-01T00:00:00Z") title: expires_after_2020_12_31 members: - user:test-user@example.com project: my-project role: organizations/366118655033/roles/myRoleTwo google_project_iam_binding.bindings["iam-bpc:roles/storage.admin-expires_after_2020_12_31"]: condition: - description: Expiring at midnight of 2020-12-31 expression: request.time < timestamp("2021-01-01T00:00:00Z") title: expires_after_2020_12_31 members: - user:test-user@example.com project: my-project role: roles/storage.admin google_project_iam_binding.bindings["myrole_two"]: condition: - description: null expression: resource.matchTag('1234567890/environment', 'development') title: Test members: - serviceAccount:test@test-project.iam.gserviceaccount.com project: my-project role: organizations/366118655033/roles/myRoleTwo google_project_iam_member.bindings["myrole_two"]: condition: [] member: user:test-user@example.com project: my-project role: organizations/366118655033/roles/myRoleTwo google_project_iam_member.bindings["sa_test"]: condition: [] project: my-project role: roles/browser google_project_iam_member.service_agents["compute-system"]: condition: [] project: my-project role: roles/compute.serviceAgent google_project_iam_member.shared_vpc_host_iam["$iam_principals:mysa"]: condition: [] member: serviceAccount:test@test-project.iam.gserviceaccount.com project: test-vpc-host role: roles/compute.networkUser google_project_iam_member.shared_vpc_host_iam_additive["myrole_two"]: condition: [] member: user:test-user@example.com project: test-vpc-host role: organizations/366118655033/roles/myRoleTwo google_project_iam_member.shared_vpc_host_robots["roles/compute.networkUser:cloudservices"]: condition: [] project: test-vpc-host role: roles/compute.networkUser google_project_iam_member.shared_vpc_host_robots["roles/compute.networkUser:compute"]: condition: [] project: test-vpc-host role: roles/compute.networkUser google_project_service.project_services["compute.googleapis.com"]: disable_dependent_services: false disable_on_destroy: false project: my-project service: compute.googleapis.com timeouts: null google_pubsub_topic_iam_member.pubsub-sinks-binding["test-pubsub"]: condition: [] project: test-prod-audit-logs-0 role: roles/pubsub.publisher topic: audit-logs google_tags_tag_binding.binding["foo"]: tag_value: tagValues/1234567890 timeouts: null google_tags_tag_key_iam_binding.bindings["test:tag_user"]: condition: [] members: - user:test-user@example.com role: roles/tagUser tag_key: tagKeys/1234567890 google_tags_tag_key_iam_binding.default["test:roles/tagAdmin"]: condition: [] members: - group:test-group@example.com role: roles/tagAdmin tag_key: tagKeys/1234567890 google_tags_tag_key_iam_member.bindings["test:tag_viewer"]: condition: [] member: serviceAccount:test@test-project.iam.gserviceaccount.com role: roles/tagViewer tag_key: tagKeys/1234567890 google_tags_tag_value_iam_binding.bindings["test/one:tag_user"]: condition: [] members: - user:test-user@example.com role: roles/tagUser tag_value: tagValues/1234567890 google_tags_tag_value_iam_binding.default["test/one:roles/tagAdmin"]: condition: [] members: - group:test-group@example.com role: roles/tagAdmin tag_value: tagValues/1234567890 google_tags_tag_value_iam_member.bindings["test/one:tag_viewer"]: condition: [] member: serviceAccount:test@test-project.iam.gserviceaccount.com role: roles/tagViewer tag_value: tagValues/1234567890 counts: google_access_context_manager_service_perimeter_resource: 1 google_cloud_asset_project_feed: 1 google_compute_shared_vpc_service_project: 1 google_essential_contacts_contact: 1 google_kms_crypto_key_iam_member: 1 google_logging_metric: 1 google_logging_project_sink: 1 google_monitoring_alert_policy: 1 google_monitoring_notification_channel: 2 google_privileged_access_manager_entitlement: 1 google_project: 1 google_project_iam_audit_config: 1 google_project_iam_binding: 7 google_project_iam_member: 7 google_project_service: 1 google_pubsub_topic_iam_member: 1 google_tags_tag_binding: 1 google_tags_tag_key_iam_binding: 2 google_tags_tag_key_iam_member: 1 google_tags_tag_value_iam_binding: 2 google_tags_tag_value_iam_member: 1 modules: 0 resources: 36