1404fb20da
This PR (re :D)introduces module net-vpc-factory, a minimal factory that deals with vpcs, subnets, and firewall rules creation, meant to be embedded into other factories, starting with 2-data-platform and 2-networking.
232 lines
5.6 KiB
JSON
232 lines
5.6 KiB
JSON
{
|
|
"$schema": "http://json-schema.org/draft-07/schema#",
|
|
"title": "Subnet",
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"required": [
|
|
"region"
|
|
],
|
|
"anyOf": [
|
|
{"required": ["ip_cidr_range"]},
|
|
{"required": ["reserved_internal_range"]},
|
|
{"required": ["ip_collection"]},
|
|
{
|
|
"allOf": [
|
|
{"not": {"required": ["ip_cidr_range"]}},
|
|
{"not": {"required": ["reserved_internal_range"]}},
|
|
{"not": {"required": ["ip_collection"]}},
|
|
{"properties": {"ipv6": {"properties": {"ipv6_only": {"const": true}}}}, "required": ["ipv6"]}
|
|
]
|
|
}
|
|
],
|
|
"properties": {
|
|
"active": {
|
|
"type": "boolean"
|
|
},
|
|
"description": {
|
|
"type": "string"
|
|
},
|
|
"enable_private_access": {
|
|
"type": "boolean"
|
|
},
|
|
"allow_subnet_cidr_routes_overlap": {
|
|
"type": "boolean"
|
|
},
|
|
"flow_logs_config": {
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"properties": {
|
|
"aggregation_interval": {
|
|
"type": "string"
|
|
},
|
|
"filter_expression": {
|
|
"type": "string"
|
|
},
|
|
"flow_sampling": {
|
|
"type": "number"
|
|
},
|
|
"metadata": {
|
|
"type": "string"
|
|
},
|
|
"metadata_fields": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"global": {
|
|
"type": "boolean"
|
|
},
|
|
"ip_cidr_range": {
|
|
"type": "string"
|
|
},
|
|
"reserved_internal_range": {
|
|
"type": "string",
|
|
"description": "Name of the internal range to use for this subnet. Mutually exclusive with ip_cidr_range and ip_collection."
|
|
},
|
|
"ipv6": {
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"properties": {
|
|
"access_type": {
|
|
"type": "string"
|
|
},
|
|
"ipv6_only": {
|
|
"type": "boolean"
|
|
}
|
|
}
|
|
},
|
|
"ip_collection": {
|
|
"type": "string"
|
|
},
|
|
"name": {
|
|
"type": "string"
|
|
},
|
|
"region": {
|
|
"type": "string"
|
|
},
|
|
"psc": {
|
|
"type": "boolean"
|
|
},
|
|
"proxy_only": {
|
|
"type": "boolean"
|
|
},
|
|
"secondary_ip_ranges": {
|
|
"type": "object",
|
|
"additionalProperties": {
|
|
"oneOf": [
|
|
{
|
|
"type": "string",
|
|
"description": "IP CIDR range for backward compatibility"
|
|
},
|
|
{
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"anyOf": [
|
|
{"required": ["ip_cidr_range"]},
|
|
{"required": ["reserved_internal_range"]}
|
|
],
|
|
"properties": {
|
|
"ip_cidr_range": {
|
|
"type": "string",
|
|
"description": "IP CIDR range for this secondary range"
|
|
},
|
|
"reserved_internal_range": {
|
|
"type": "string",
|
|
"description": "Name of the internal range to use for this secondary range"
|
|
}
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"iam": {
|
|
"$ref": "#/$defs/iam"
|
|
},
|
|
"iam_bindings": {
|
|
"$ref": "#/$defs/iam_bindings"
|
|
},
|
|
"iam_bindings_additive": {
|
|
"$ref": "#/$defs/iam_bindings_additive"
|
|
}
|
|
},
|
|
"$defs": {
|
|
"iam": {
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"patternProperties": {
|
|
"^roles/": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string",
|
|
"pattern": "^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|ro|rw)"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"iam_bindings": {
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"patternProperties": {
|
|
"^[a-z0-9_-]+$": {
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"properties": {
|
|
"members": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string",
|
|
"pattern": "^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|ro|rw)"
|
|
}
|
|
},
|
|
"role": {
|
|
"type": "string",
|
|
"pattern": "^roles/"
|
|
},
|
|
"condition": {
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"required": [
|
|
"expression",
|
|
"title"
|
|
],
|
|
"properties": {
|
|
"expression": {
|
|
"type": "string"
|
|
},
|
|
"title": {
|
|
"type": "string"
|
|
},
|
|
"description": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"iam_bindings_additive": {
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"patternProperties": {
|
|
"^[a-z0-9_-]+$": {
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"properties": {
|
|
"member": {
|
|
"type": "string",
|
|
"pattern": "^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|ro|rw)"
|
|
},
|
|
"role": {
|
|
"type": "string",
|
|
"pattern": "^roles/"
|
|
},
|
|
"condition": {
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"required": [
|
|
"expression",
|
|
"title"
|
|
],
|
|
"properties": {
|
|
"expression": {
|
|
"type": "string"
|
|
},
|
|
"title": {
|
|
"type": "string"
|
|
},
|
|
"description": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|