008a3719ad
* Support service_agents_config.skip_iam in project-factory and fast stages * Fix inventories * Change service-agent creation/iam order
24 KiB
24 KiB
Project
Properties
additional properties: false
- asset_feeds: object
additional properties: false^[a-z0-9-]+$: object
additional properties: false- billing_project: string
- content_type: string
enum: ['RESOURCE', 'IAM_POLICY', 'ORG_POLICY', 'ACCESS_POLICY', 'OS_INVENTORY', 'RELATIONSHIP'] - asset_types: array
- items: string
- asset_names: array
- items: string
- ⁺feed_output_config: object
additional properties: false- ⁺pubsub_destination: object
additional properties: false- ⁺topic: string
- ⁺pubsub_destination: object
- condition: object
additional properties: false- ⁺expression: string
- title: string
- description: string
- location: string
- automation: object
additional properties: false- prefix: string
- ⁺project: string
- bucket: reference(bucket)
- service_accounts: object
additional properties: false^[a-z0-9-]+$: object
additional properties: false- display_name: string
- description: string
- prefix: string
- iam: reference(iam)
- iam_bindings: reference(iam_bindings)
- iam_bindings_additive: reference(iam_bindings_additive)
- iam_billing_roles: reference(iam_billing_roles)
- iam_folder_roles: reference(iam_folder_roles)
- iam_organization_roles: reference(iam_organization_roles)
- iam_project_roles: reference(iam_project_roles)
- iam_sa_roles: reference(iam_sa_roles)
- iam_storage_roles: reference(iam_storage_roles)
- tag_bindings: reference(tag_bindings)
- billing_account: string
- billing_budgets: array
- items: string
- buckets: reference(buckets)
- contacts: object
additional properties: false^(\S+@\S+\.\S+|\$email_addresses:\S+)$: array- items: string
enum: ['ALL', 'BILLING', 'LEGAL', 'SECURITY', 'PRODUCT_UPDATES', 'SUSPENSION', 'TECHNICAL']
- items: string
- data_access_logs: object
additional properties: false^([a-z][a-z-]+\.googleapis\.com|allServices)$: object
additional properties: false- ADMIN_READ: object
additional properties: false- exempted_members: array
- items: string
- exempted_members: array
- DATA_READ: object
additional properties: false- exempted_members: array
- items: string
- exempted_members: array
- DATA_WRITE: object
additional properties: false- exempted_members: array
- items: string
- exempted_members: array
- ADMIN_READ: object
- datasets: object
additional properties: false^[a-z0-9_]+$: object
additional properties: false- friendly_name: string
- location: string
- encryption_key: string
- iam: reference(iam)
- iam_bindings: reference(iam_bindings)
- iam_bindings_additive: reference(iam_bindings_additive)
- iam_by_principals: reference(iam_by_principals)
- options: object
additional properties: false- default_table_expiration_ms: number
- default_partition_expiration_ms: number
- delete_contents_on_destroy: boolean
- max_time_travel_hours: number
- tag_bindings: reference(tag_bindings)
- deletion_policy: string
enum: ['PREVENT', 'DELETE', 'ABANDON'] - factories_config: object
additional properties: false- aspect_types: string
- custom_roles: string
- data_catalog_taxonomy: string
- observability: string
- org_policies: string
- quotas: string
- scc_sha_custom_modules: string
- tags: string
- iam: reference(iam)
- iam_bindings: reference(iam_bindings)
- iam_bindings_additive: reference(iam_bindings_additive)
- iam_by_principals: reference(iam_by_principals)
- iam_by_principals_conditional: reference(iam_by_principals_conditional)
- iam_by_principals_additive: reference(iam_by_principals)
- iam_deny_policies: object
additional properties: false^[a-z0-9-]+$: object
additional properties: false- display_name: string
- ⁺rules: array
- items: object
additional properties: false- description: string
- ⁺denied_permissions: array
- items: string
- ⁺denied_principals: array
- items: string
- denial_condition: object
additional properties: false- ⁺expression: string
- title: string
- description: string
- location: string
- exception_permissions: array
- items: string
- exception_principals: array
- items: string
- items: object
- kms: object
additional properties: false- autokeys: object
additional properties: false^[a-z][a-z0-9-]+[a-z0-9]$: object
additional properties: false- ⁺location: string
- ⁺resource_type_selector: string
- keyrings: object
additional properties: false^[a-z][a-z0-9-]+[a-z0-9]$: object
additional properties: false- ⁺location: string
- iam: reference(iam)
- iam_bindings: reference(iam_bindings)
- iam_bindings_additive: reference(iam_bindings_additive)
- tag_bindings: reference(tag_bindings)
- keys: object
additional properties: false^[a-z][a-z0-9-]+[a-z0-9]$: object
additional properties: false- destroy_scheduled_duration: string
- rotation_period: string
- iam: reference(iam)
- iam_bindings: reference(iam_bindings)
- iam_bindings_additive: reference(iam_bindings_additive)
- purpose: string
default: ENCRYPT_DECRYPT, enum: ['CRYPTO_KEY_PURPOSE_UNSPECIFIED', 'ENCRYPT_DECRYPT', 'ASYMMETRIC_SIGN', 'ASYMMETRIC_DECRYPT', 'RAW_ENCRYPT_DECRYPT', 'MAC'] - version_template: object
additional properties: false- ⁺algorithm: string
- protection_level: string
default: SOFTWARE, enum: ['SOFTWARE', 'HSM', 'EXTERNAL', 'EXTERNAL_VPC']
- autokeys: object
- labels: object
- pam_entitlements: reference(pam_entitlements)
- log_buckets: object
additional properties: false^[a-zA-Z0-9_-]+$: reference(log_bucket)
- metric_scopes: array
- items: string
- name: string
- descriptive_name: string
- dns_threat_detector: object
additional properties: false- enabled: boolean
- excluded_networks: array
- items: string
- labels: object
- location: string
- name: string
- threat_detector_provider: string
enum: ['INFOBLOX']
- org_policies: object
additional properties: false^[a-z]+\.: object- inherit_from_parent: boolean
- reset: boolean
- rules: array
- items: object
additional properties: false- allow: object
additional properties: false- all: boolean
- values: array
- items: string
- deny: object
additional properties: false- all: boolean
- values: array
- items: string
- enforce: boolean
- condition: object
additional properties: false- description: string
- expression: string
- location: string
- title: string
- allow: object
- items: object
- quotas: object
additional properties: false^[a-zA-Z0-9_-]+$: object
additional properties: false- ⁺service: string
- ⁺quota_id: string
- ⁺preferred_value: number
- dimensions: object
additional properties: string - justification: string
- contact_email: string
- annotations: object
additional properties: string - ignore_safety_checks: string
enum: ['QUOTA_DECREASE_BELOW_USAGE', 'QUOTA_DECREASE_PERCENTAGE_TOO_HIGH', 'QUOTA_SAFETY_CHECK_UNSPECIFIED']
- parent: string
- prefix: string
- project_reuse: object
additional properties: false- use_data_source: boolean
- attributes: object
- ⁺name: string
- ⁺number: number
- services_enabled: array
- items: string
- project_template: string
- pubsub_topics: object
additional properties: false^[a-zA-Z0-9_-]+$: reference(pubsub_topic)
- service_accounts: object
additional properties: false^[a-z0-9-]+$: object
additional properties: false- display_name: string
- iam: reference(iam)
- iam_bindings: reference(iam_bindings)
- iam_bindings_additive: reference(iam_bindings_additive)
- iam_self_roles: array
- items: string
- iam_project_roles: reference(iam_project_roles)
- iam_sa_roles: reference(iam_sa_roles)
- tag_bindings: reference(tag_bindings)
- service_agents_config: object
additional properties: false- create_primary_agents: boolean
- grant_default_roles: boolean
- grant_service_agent_editor: boolean
- skip_iam: array
- items: string
- service_encryption_key_ids: object
additional properties: false^[a-z-]+\.googleapis\.com$: array- items: string
- services: array
- items: string
pattern: ^[a-z-]+.googleapis.com$
- items: string
- shared_vpc_host_config: object
additional properties: false- ⁺enabled: boolean
- service_projects: array
- items: string
- shared_vpc_service_config: object
additional properties: false- ⁺host_project: string
- iam_bindings_additive: reference(iam_bindings_additive)
- network_users: array
- items: string
- service_agent_iam: object
^[a-z0-9_-]+$: array- items: string
- service_agent_subnet_iam: object
^[a-z0-9_-]+$: array- items: string
- service_iam_grants: array
- items: string
- network_subnet_users: object
^[a-z0-9_-]+$: array- items: string
- tags: object
additional properties: object - tag_bindings: object
additional properties: false^[a-z0-9_-]+$: string
- universe: object
additional properties: false- prefix: string
- forced_jit_service_identities: array
- items: string
- unavailable_services: array
- items: string
- unavailable_service_identities: array
- items: string
- vpc_sc: object
- ⁺perimeter_name: string
- is_dry_run: boolean
- workload_identity_pools: object
additional properties: false^[a-z][a-z0-9-]+[a-z0-9]$: object
additional properties: false- description: string
- display_name: string
- disabled: boolean
- providers: object
additional properties: false^[a-z][a-z0-9-]+[a-z0-9]$: object
additional properties: false- description: string
- display_name: string
- disabled: boolean
- attribute_condition: string
- attribute_mapping: object
additional properties: string - identity_provider: object
Definitions
- bucket: object
additional properties: false- name: string
- create: boolean
- description: string
- encryption_key: string
- iam: reference(iam)
- iam_bindings: reference(iam_bindings)
- iam_bindings_additive: reference(iam_bindings_additive)
- force_destroy: boolean
- labels: object
additional properties: string - lifecycle_rules: object
additional properties: false^[a-zA-Z0-9_-]+$: object
additional properties: false- ⁺action: object
additional properties: false- ⁺type: string
enum: ['Delete', 'SetStorageClass', 'AbortIncompleteMultipartUpload'] - storage_class: string
- ⁺type: string
- ⁺condition: object
additional properties: false- age: number
- created_before: string
- custom_time_before: string
- days_since_custom_time: number
- days_since_noncurrent_time: number
- matches_prefix: array
- items: string
- matches_storage_class: array
- items: string
enum: ['STANDARD', 'MULTI_REGIONAL', 'REGIONAL', 'NEARLINE', 'COLDLINE', 'ARCHIVE', 'DURABLE_REDUCED_AVAILABILITY']
- items: string
- matches_suffix: array
- items: string
- noncurrent_time_before: string
- num_newer_versions: number
- with_state: string
enum: ['LIVE', 'ARCHIVED', 'ANY']
- ⁺action: object
- logging_config: object
additional properties: false- ⁺log_bucket: string
- log_object_prefix: string
- location: string
- managed_folders: object
additional properties: false^[a-zA-Z0-9][a-zA-Z0-9_/-]+$: object
additional properties: false- force_destroy: boolean
- iam: reference(iam)
- iam_bindings: reference(iam_bindings)
- iam_bindings_additive: reference(iam_bindings_additive)
- prefix: string
- storage_class: string
- uniform_bucket_level_access: boolean
- versioning: boolean
- retention_policy: object
additional properties: false- retention_period: string
- is_locked: boolean
- soft_delete_retention: number
- enable_object_retention: boolean
- tag_bindings: reference(tag_bindings)
- custom_placement_config: array
- items: string
- buckets: object
additional properties: false^[a-z0-9-]+$: reference(bucket)
- iam: object
additional properties: false^(?:roles/|\$custom_roles:|organizations/[0-9]+/roles/|([a-z0-9.]+:)?projects/[a-z0-9-]+/roles/): array- items: string
pattern: ^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:||$iam_principals:[a-z0-9_-]+)
- items: string
- iam_bindings: object
additional properties: false^[a-z0-9_-]+$: object
additional properties: false- members: array
- items: string
pattern: ^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|$iam_principals:[a-z0-9_-]+)
- items: string
- role: string
pattern: ^(?:roles/|$custom_roles:|organizations/[0-9]+/roles/|([a-z0-9.]+:)?projects/[a-z0-9-]+/roles/) - condition: object
additional properties: false- ⁺expression: string
- ⁺title: string
- description: string
- members: array
- iam_bindings_additive: object
additional properties: false^[a-z0-9_-]+$: object
additional properties: false- member: string
pattern: ^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|$iam_principals:[a-z0-9_-]+) - role: string
pattern: ^(?:roles/|$custom_roles:|organizations/[0-9]+/roles/|([a-z0-9.]+:)?projects/[a-z0-9-]+/roles/) - condition: object
additional properties: false- ⁺expression: string
- ⁺title: string
- description: string
- member: string
- iam_by_principals: object
additional properties: false^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|\$iam_principals:[a-z0-9_-]+): array- items: string
pattern: ^(?:roles/|$custom_roles:|organizations/[0-9]+/roles/|([a-z0-9.]+:)?projects/[a-z0-9-]+/roles/)
- items: string
- iam_by_principals_conditional: object
additional properties: false^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|\$iam_principals:[a-z0-9_-]+): object
additional properties: false- ⁺condition: object
additional properties: false- ⁺expression: string
- ⁺title: string
- description: string
- ⁺roles: array
- items: string
pattern: ^(?:roles/|$custom_roles:|organizations/[0-9]+/roles/|([a-z0-9.]+:)?projects/[a-z0-9-]+/roles/)
- items: string
- ⁺condition: object
- iam_billing_roles: object
additional properties: false^[a-z0-9-]+$: array- items: string
- iam_folder_roles: object
additional properties: false^[a-z0-9-]+$: array- items: string
- iam_organization_roles: object
additional properties: false^[a-z0-9-]+$: array- items: string
- iam_project_roles: object
additional properties: false^(?:[a-z0-9-]|\$project_ids:[a-z0-9_-])+$: array- items: string
- iam_sa_roles: object
additional properties: false^(?:\$service_account_ids:|projects/): array- items: string
- iam_storage_roles: object
additional properties: false^[a-z0-9-]+$: array- items: string
- log_bucket: object
additional properties: false- description: string
- kms_key_name: string
- location: string
- log_analytics: object
additional properties: false- enable: boolean
- dataset_link_id: string
- description: string
- retention: number
- pam_entitlements: object
additional properties: false^[a-z][a-z0-9-]{0,61}[a-z0-9]$: object
additional properties: false- ⁺max_request_duration: string
- ⁺eligible_users: array
- items: string
- ⁺privileged_access: array
- items: object
additional properties: false- ⁺role: string
- condition: string
- items: object
- requester_justification_config: object
additional properties: false- not_mandatory: boolean
- unstructured: boolean
- manual_approvals: object
additional properties: false- ⁺require_approver_justification: boolean
- ⁺steps: array
- items: object
additional properties: false- ⁺approvers: array
- items: string
- approvals_needed: number
- approver_email_recipients: array
- items: string
- ⁺approvers: array
- items: object
- additional_notification_targets: object
additional properties: false- admin_email_recipients: array
- items: string
- requester_email_recipients: array
- items: string
- admin_email_recipients: array
- pubsub_topic: object
additional properties: false- iam: reference(iam)
- iam_bindings: reference(iam_bindings)
- iam_bindings_additive: reference(iam_bindings_additive)
- iam_by_principals: reference(iam_by_principals)
- kms_key: string
- labels: object
additional properties: string - message_retention_duration: string
- regions: array
- items: string
- schema: object
additional properties: false- ⁺definition: string
- msg_encoding: string
- ⁺schema_type: string
- subscriptions: object
additional properties: false^[a-zA-Z0-9_-]+$: object
additional properties: false- ack_deadline_seconds: number
- enable_exactly_once_delivery: boolean
- enable_message_ordering: boolean
- expiration_policy_ttl: string
- filter: string
- iam: reference(iam)
- iam_bindings: reference(iam_bindings)
- iam_bindings_additive: reference(iam_bindings_additive)
- labels: object
additional properties: string - message_retention_duration: string
- retain_acked_messages: boolean
- bigquery: object
additional properties: false- ⁺table: string
- drop_unknown_fields: boolean
- service_account_email: string
- use_table_schema: boolean
- use_topic_schema: boolean
- write_metadata: boolean
- cloud_storage: object
additional properties: false- ⁺bucket: string
- filename_prefix: string
- filename_suffix: string
- max_duration: string
- max_bytes: number
- avro_config: object
additional properties: false- write_metadata: boolean
- dead_letter_policy: object
additional properties: false- ⁺topic: string
- max_delivery_attempts: number
- push: object
additional properties: false- ⁺endpoint: string
- attributes: object
additional properties: string - no_wrapper: object
additional properties: false- write_metadata: boolean
- oidc_token: object
additional properties: false- audience: string
- ⁺service_account_email: string
- retry_policy: object
additional properties: false- minimum_backoff: number
- maximum_backoff: number
- tag_bindings: object
additional properties: false^[a-z0-9_-]+$: string