982717188d
* Avoid tag binding permadiffs for service accounts created by project-factory * Regenerate schema docs
14 KiB
14 KiB
Folder
Properties
additional properties: false
- asset_search: object
additional properties: false^[a-z0-9-]+$: object
additional properties: false- ⁺asset_types: array
- items: string
- query: string
- ⁺asset_types: array
- asset_feeds: object
additional properties: false^[a-z0-9-]+$: object
additional properties: false- ⁺billing_project: string
- content_type: string
enum: ['RESOURCE', 'IAM_POLICY', 'ORG_POLICY', 'ACCESS_POLICY', 'OS_INVENTORY', 'RELATIONSHIP'] - asset_types: array
- items: string
- asset_names: array
- items: string
- ⁺feed_output_config: object
additional properties: false- ⁺pubsub_destination: object
additional properties: false- ⁺topic: string
- ⁺pubsub_destination: object
- condition: object
additional properties: false- ⁺expression: string
- title: string
- description: string
- location: string
- automation: object
additional properties: false- prefix: string
- ⁺project: string
- bucket: reference(bucket)
- service_accounts: object
additional properties: false^[a-z0-9-]+$: object
additional properties: false- description: string
- iam: reference(iam)
- iam_bindings: reference(iam_bindings)
- iam_bindings_additive: reference(iam_bindings_additive)
- iam_billing_roles: reference(iam_billing_roles)
- iam_folder_roles: reference(iam_folder_roles)
- iam_organization_roles: reference(iam_organization_roles)
- iam_project_roles: reference(iam_project_roles)
- iam_sa_roles: reference(iam_sa_roles)
- iam_storage_roles: reference(iam_storage_roles)
- tag_bindings: reference(tag_bindings)
- autokey_config: object
additional properties: false- project: string
pattern: ^(projects/|$project_ids:|$project_numbers:)
- project: string
- billing_budgets: array
- items: string
- contacts: object
additional properties: false^(\S+@\S+\.\S+|\$email_addresses:\S+)$: array- items: string
enum: ['ALL', 'BILLING', 'LEGAL', 'SECURITY', 'PRODUCT_UPDATES', 'SUSPENSION', 'TECHNICAL']
- items: string
- data_access_logs: object
additional properties: false^([a-z][a-z-]+\.googleapis\.com|allServices)$: object
additional properties: false- ADMIN_READ: object
additional properties: false- exempted_members: array
- items: string
- exempted_members: array
- DATA_READ: object
additional properties: false- exempted_members: array
- items: string
- exempted_members: array
- DATA_WRITE: object
additional properties: false- exempted_members: array
- items: string
- exempted_members: array
- ADMIN_READ: object
- deletion_protection: boolean
- id: string
pattern: ^(folders/[0-9]+|$folder_ids:[a-z0-9_/-]+)$ - firewall_policy: object
additional properties: false- ⁺name: string
- ⁺policy: string
- logging: object
additional properties: false- kms_key_name: string
- storage_location: string
- sinks: object
additional properties: false^[a-z][a-z0-9-_]+$: object
additional properties: false- description: string
- destination: string
- exclusions: object
- filter: string
- type: string
default: logging, enum: ['bigquery', 'logging', 'project', 'pubsub', 'storage']
- factories_config: object
additional properties: false- org_policies: string
- pam_entitlements: string
- scc_sha_custom_modules: string
- iam: reference(iam)
- iam_bindings: reference(iam_bindings)
- iam_bindings_additive: reference(iam_bindings_additive)
- iam_by_principals: reference(iam_by_principals)
- iam_by_principals_conditional: reference(iam_by_principals_conditional)
- iam_deny_policies: object
additional properties: false^[a-z0-9-]+$: object
additional properties: false- display_name: string
- ⁺rules: array
- items: object
additional properties: false- description: string
- ⁺denied_permissions: array
- items: string
- ⁺denied_principals: array
- items: string
- denial_condition: object
additional properties: false- ⁺expression: string
- title: string
- description: string
- location: string
- exception_permissions: array
- items: string
- exception_principals: array
- items: string
- items: object
- name: string
- org_policies: object
additional properties: false^[a-z]+\.: object- inherit_from_parent: boolean
- reset: boolean
- rules: array
- items: object
additional properties: false- allow: object
additional properties: false- all: boolean
- values: array
- items: string
- deny: object
additional properties: false- all: boolean
- values: array
- items: string
- enforce: boolean
- condition: object
additional properties: false- description: string
- expression: string
- location: string
- title: string
- allow: object
- items: object
- pam_entitlements: reference(pam_entitlements)
- assured_workload_config: reference(assured_workload_config)
- parent: string
pattern: ^(?:folders/[0-9]+|organizations/[0-9]+|$folder_ids:[a-z0-9_-]+)$ - tag_bindings: object
additional properties: false^[a-z0-9_-]+$: string
Definitions
- bucket: object
additional properties: false- name: string
- description: string
- iam: reference(iam)
- iam_bindings: reference(iam_bindings)
- iam_bindings_additive: reference(iam_bindings_additive)
- force_destroy: boolean
- labels: object
additional properties: string - location: string
- managed_folders: object
additional properties: false^[a-zA-Z0-9][a-zA-Z0-9_/-]+$: object
additional properties: false- force_destroy: boolean
- iam: reference(iam)
- iam_bindings: reference(iam_bindings)
- iam_bindings_additive: reference(iam_bindings_additive)
- prefix: string
- storage_class: string
- uniform_bucket_level_access: boolean
- versioning: boolean
- iam: object
additional properties: false^(?:roles/|\$custom_roles:|organizations/[0-9]+/roles/|([a-z0-9.]+:)?projects/[a-z0-9-]+/roles/): array- items: string
pattern: ^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|$iam_principals:)
- items: string
- iam_bindings: object
additional properties: false^[a-z0-9_-]+$: object
additional properties: false- members: array
- items: string
pattern: ^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|$iam_principals:)
- items: string
- role: string
pattern: ^(?:roles/|$custom_roles:|organizations/[0-9]+/roles/|([a-z0-9.]+:)?projects/[a-z0-9-]+/roles/) - condition: object
additional properties: false- ⁺expression: string
- ⁺title: string
- description: string
- members: array
- iam_bindings_additive: object
additional properties: false^[a-z0-9_-]+$: object
additional properties: false- member: string
pattern: ^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|$iam_principals:) - role: string
pattern: ^(?:roles/|$custom_roles:|organizations/[0-9]+/roles/|([a-z0-9.]+:)?projects/[a-z0-9-]+/roles/) - condition: object
additional properties: false- ⁺expression: string
- ⁺title: string
- description: string
- member: string
- iam_by_principals: object
additional properties: false^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|\$iam_principals:): array- items: string
pattern: ^(?:roles/|$custom_roles:|organizations/[0-9]+/roles/|([a-z0-9.]+:)?projects/[a-z0-9-]+/roles/)
- items: string
- iam_by_principals_conditional: object
additional properties: false^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|\$iam_principals:): object
additional properties: false- ⁺condition: object
additional properties: false- ⁺expression: string
- ⁺title: string
- description: string
- ⁺roles: array
- items: string
pattern: ^(?:roles/|$custom_roles:|organizations/[0-9]+/roles/|([a-z0-9.]+:)?projects/[a-z0-9-]+/roles/)
- items: string
- ⁺condition: object
- iam_billing_roles: object
additional properties: false^[a-z0-9-]+$: array- items: string
- iam_folder_roles: object
additional properties: false^[a-z0-9-]+$: array- items: string
- iam_organization_roles: object
additional properties: false^[a-z0-9-]+$: array- items: string
- iam_project_roles: object
additional properties: false^[a-z0-9-]+$: array- items: string
- iam_sa_roles: object
additional properties: false^[a-z0-9-]+$: array- items: string
- iam_storage_roles: object
additional properties: false^[a-z0-9-]+$: array- items: string
- pam_entitlements: object
additional properties: false^[a-z][a-z0-9-]{0,61}[a-z0-9]$: object
additional properties: false- ⁺max_request_duration: string
- ⁺eligible_users: array
- items: string
- ⁺privileged_access: array
- items: object
additional properties: false- ⁺role: string
- condition: string
- items: object
- requester_justification_config: object
additional properties: false- not_mandatory: boolean
- unstructured: boolean
- manual_approvals: object
additional properties: false- ⁺require_approver_justification: boolean
- ⁺steps: array
- items: object
additional properties: false- ⁺approvers: array
- items: string
- approvals_needed: number
- approver_email_recipients: array
- items: string
- ⁺approvers: array
- items: object
- additional_notification_targets: object
additional properties: false- admin_email_recipients: array
- items: string
- requester_email_recipients: array
- items: string
- admin_email_recipients: array
- assured_workload_config: object
additional properties: false- ⁺compliance_regime: string
enum: ['ASSURED_WORKLOADS_FOR_PARTNERS', 'AU_REGIONS_AND_US_SUPPORT', 'AUSTRALIA_DATA_BOUNDARY_AND_SUPPORT', 'CA_PROTECTED_B', 'CA_REGIONS_AND_SUPPORT', 'CANADA_CONTROLLED_GOODS', 'CANADA_DATA_BOUNDARY_AND_SUPPORT', 'CJIS', 'COMPLIANCE_REGIME_UNSPECIFIED', 'DATA_BOUNDARY_FOR_CANADA_CONTROLLED_GOODS', 'DATA_BOUNDARY_FOR_CANADA_PROTECTED_B', 'DATA_BOUNDARY_FOR_CJIS', 'DATA_BOUNDARY_FOR_FEDRAMP_HIGH', 'DATA_BOUNDARY_FOR_FEDRAMP_MODERATE', 'DATA_BOUNDARY_FOR_IL2', 'DATA_BOUNDARY_FOR_IL4', 'DATA_BOUNDARY_FOR_IL5', 'DATA_BOUNDARY_FOR_IRS_PUBLICATION_1075', 'DATA_BOUNDARY_FOR_ITAR', 'EU_DATA_BOUNDARY_AND_SUPPORT', 'EU_REGIONS_AND_SUPPORT', 'FEDRAMP_HIGH', 'FEDRAMP_MODERATE', 'HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS', 'HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS_US_SUPPORT', 'HIPAA', 'HITRUST', 'IL2', 'IL4', 'IL5', 'IRS_1075', 'ISR_REGIONS', 'ISR_REGIONS_AND_SUPPORT', 'ISRAEL_DATA_BOUNDARY_AND_SUPPORT', 'ITAR', 'JAPAN_DATA_BOUNDARY', 'JP_REGIONS_AND_SUPPORT', 'KSA_DATA_BOUNDARY_WITH_ACCESS_JUSTIFICATIONS', 'KSA_REGIONS_AND_SUPPORT_WITH_SOVEREIGNTY_CONTROLS', 'REGIONAL_CONTROLS', 'REGIONAL_DATA_BOUNDARY', 'US_DATA_BOUNDARY_AND_SUPPORT', 'US_DATA_BOUNDARY_FOR_HEALTHCARE_AND_LIFE_SCIENCES', 'US_DATA_BOUNDARY_FOR_HEALTHCARE_AND_LIFE_SCIENCES_WITH_SUPPORT', 'US_REGIONAL_ACCESS'] - ⁺display_name: string
- ⁺location: string
- ⁺organization: string
- enable_sovereign_controls: boolean
- labels: object
additional properties: string - partner: string
enum: ['LOCAL_CONTROLS_BY_S3NS', 'PARTNER_UNSPECIFIED', 'SOVEREIGN_CONTROLS_BY_CNTXT_NO_EKM', 'SOVEREIGN_CONTROLS_BY_CNTXT', 'SOVEREIGN_CONTROLS_BY_PSN', 'SOVEREIGN_CONTROLS_BY_SIA_MINSAIT', 'SOVEREIGN_CONTROLS_BY_T_SYSTEMS'] - partner_permissions: object
additional properties: false- assured_workloads_monitoring: boolean
- data_logs_viewer: boolean
- service_access_approver: boolean
- violation_notifications_enabled: boolean
- ⁺compliance_regime: string