897c6ef8c3
* module-level support * fast stage 0 * fix inventory, add outputs/tfvars * wip * project factory * pf outputs * iam templates will be added where ci/cd configs are managed * fix merge conflicts
15 KiB
15 KiB
Project
Properties
additional properties: false
- automation: object
additional properties: false- prefix: string
- ⁺project: string
- bucket: reference(bucket)
- service_accounts: object
additional properties: false^[a-z0-9-]+$: object
additional properties: false- description: string
- iam: reference(iam)
- iam_bindings: reference(iam_bindings)
- iam_bindings_additive: reference(iam_bindings_additive)
- iam_billing_roles: reference(iam_billing_roles)
- iam_folder_roles: reference(iam_folder_roles)
- iam_organization_roles: reference(iam_organization_roles)
- iam_project_roles: reference(iam_project_roles)
- iam_sa_roles: reference(iam_sa_roles)
- iam_storage_roles: reference(iam_storage_roles)
- billing_account: string
- billing_budgets: array
- items: string
- buckets: reference(buckets)
- contacts: object
additional properties: false^(\S+@\S+\.\S+|\$email_addresses:\S+)$: array- items: string
enum: ['ALL', 'BILLING', 'LEGAL', 'SECURITY', 'PRODUCT_UPDATES', 'SUSPENSION', 'TECHNICAL']
- items: string
- data_access_logs: object
additional properties: false^([a-z][a-z-]+\.googleapis\.com|allServices)$: object
additional properties: false- ADMIN_READ: object
additional properties: false- exempted_members: array
- items: string
- exempted_members: array
- DATA_READ: object
additional properties: false- exempted_members: array
- items: string
- exempted_members: array
- DATA_WRITE: object
additional properties: false- exempted_members: array
- items: string
- exempted_members: array
- ADMIN_READ: object
- datasets: object
additional properties: false^[a-z0-9_]+$: object
additional properties: false- friendly_name: string
- location: string
- deletion_policy: string
enum: ['PREVENT', 'DELETE', 'ABANDON'] - factories_config: object
additional properties: false- custom_roles: string
- observability: string
- org_policies: string
- quotas: string
- scc_sha_custom_modules: string
- tags: string
- iam: reference(iam)
- iam_bindings: reference(iam_bindings)
- iam_bindings_additive: reference(iam_bindings_additive)
- iam_by_principals: reference(iam_by_principals)
- iam_by_principals_additive: reference(iam_by_principals)
- kms: object
additional properties: false- autokeys: object
additional properties: false^[a-z][a-z0-9-]+[a-z0-9]$: object
additional properties: false- ⁺location: string
- ⁺resource_type_selector: string
- keyrings: object
additional properties: false^[a-z][a-z0-9-]+[a-z0-9]$: object
additional properties: false- ⁺location: string
- iam: reference(iam)
- iam_bindings: reference(iam_bindings)
- iam_bindings_additive: reference(iam_bindings_additive)
- keys: object
additional properties: false^[a-z][a-z0-9-]+[a-z0-9]$: object
additional properties: false- destroy_scheduled_duration: string
- rotation_period: string
- iam: reference(iam)
- iam_bindings: reference(iam_bindings)
- iam_bindings_additive: reference(iam_bindings_additive)
- purpose: string
default: ENCRYPT_DECRYPT, enum: ['CRYPTO_KEY_PURPOSE_UNSPECIFIED', 'ENCRYPT_DECRYPT', 'ASYMMETRIC_SIGN', 'ASYMMETRIC_DECRYPT', 'RAW_ENCRYPT_DECRYPT', 'MAC'] - version_template: object
additional properties: false- ⁺algorithm: string
- protection_level: string
default: SOFTWARE, enum: ['SOFTWARE', 'HSM', 'EXTERNAL', 'EXTERNAL_VPC']
- autokeys: object
- labels: object
- pam_entitlements: reference(pam_entitlements)
- log_buckets: object
additional properties: false^[a-z0-9-]+$: reference(log_bucket)
- metric_scopes: array
- items: string
- name: string
- org_policies: object
additional properties: false^[a-z]+\.: object- inherit_from_parent: boolean
- reset: boolean
- rules: array
- items: object
additional properties: false- allow: object
additional properties: false- all: boolean
- values: array
- items: string
- deny: object
additional properties: false- all: boolean
- values: array
- items: string
- enforce: boolean
- condition: object
additional properties: false- description: string
- expression: string
- location: string
- title: string
- allow: object
- items: object
- quotas: object
additional properties: false^[a-zA-Z0-9_-]+$: object
additional properties: false- ⁺service: string
- ⁺quota_id: string
- ⁺preferred_value: number
- dimensions: object
additional properties: string - justification: string
- contact_email: string
- annotations: object
additional properties: string - ignore_safety_checks: string
enum: ['QUOTA_DECREASE_BELOW_USAGE', 'QUOTA_DECREASE_PERCENTAGE_TOO_HIGH', 'QUOTA_SAFETY_CHECK_UNSPECIFIED']
- parent: string
- prefix: string
- project_reuse: object
additional properties: false- use_data_source: boolean
- attributes: object
- ⁺name: string
- ⁺number: number
- services_enabled: array
- items: string
- project_template: string
- service_accounts: object
additional properties: false^[a-z0-9-]+$: object
additional properties: false- display_name: string
- iam: reference(iam)
- iam_self_roles: array
- items: string
- iam_project_roles: reference(iam_project_roles)
- iam_sa_roles: reference(iam_sa_roles)
- service_encryption_key_ids: object
additional properties: false^[a-z-]+\.googleapis\.com$: array- items: string
- services: array
- items: string
pattern: ^[a-z-]+.googleapis.com$
- items: string
- shared_vpc_host_config: object
additional properties: false- ⁺enabled: boolean
- service_projects: array
- items: string
- shared_vpc_service_config: object
additional properties: false- ⁺host_project: string
- iam_bindings_additive: reference(iam_bindings_additive)
- network_users: array
- items: string
- service_agent_iam: object
^[a-z0-9_-]+$: array- items: string
- service_agent_subnet_iam: object
^[a-z0-9_-]+$: array- items: string
- service_iam_grants: array
- items: string
- network_subnet_users: object
^[a-z0-9_-]+$: array- items: string
- tag_bindings: object
additional properties: false^[a-z0-9_-]+$: string
- tags: object
additional properties: object - universe: object
additional properties: false- prefix: string
- forced_jit_service_identities: array
- items: string
- unavailable_services: array
- items: string
- unavailable_service_identities: array
- items: string
- vpc_sc: object
- ⁺perimeter_name: string
- is_dry_run: boolean
- workload_identity_pools: object
additional properties: false^[a-z][a-z0-9-]+[a-z0-9]$: object
additional properties: false- description: string
- display_name: string
- disabled: boolean
- providers: object
additional properties: false^[a-z][a-z0-9-]+[a-z0-9]$: object
additional properties: false- description: string
- display_name: string
- disabled: boolean
- attribute_condition: string
- attribute_mapping: object
additional properties: string - identity_provider: object
Definitions
- bucket: object
additional properties: false- name: string
- create: boolean
- description: string
- encryption_key: string
- iam: reference(iam)
- iam_bindings: reference(iam_bindings)
- iam_bindings_additive: reference(iam_bindings_additive)
- force_destroy: boolean
- labels: object
additional properties: string - location: string
- managed_folders: object
additional properties: false^[a-zA-Z0-9][a-zA-Z0-9_/-]+$: object
additional properties: false- force_destroy: boolean
- iam: reference(iam)
- iam_bindings: reference(iam_bindings)
- iam_bindings_additive: reference(iam_bindings_additive)
- prefix: string
- storage_class: string
- uniform_bucket_level_access: boolean
- versioning: boolean
- retention_policy: object
additional properties: false- retention_period: number
- is_locked: boolean
- enable_object_retention: boolean
- buckets: object
additional properties: false^[a-z0-9-]+$: reference(bucket)
- iam: object
additional properties: false^(?:roles/|\$custom_roles:): array- items: string
pattern: ^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:||$iam_principals:[a-z0-9_-]+)
- items: string
- iam_bindings: object
additional properties: false^[a-z0-9_-]+$: object
additional properties: false- members: array
- items: string
pattern: ^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|$iam_principals:[a-z0-9_-]+)
- items: string
- role: string
pattern: ^(?:roles/|$custom_roles:) - condition: object
additional properties: false- ⁺expression: string
- ⁺title: string
- description: string
- members: array
- iam_bindings_additive: object
additional properties: false^[a-z0-9_-]+$: object
additional properties: false- member: string
pattern: ^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|$iam_principals:[a-z0-9_-]+) - role: string
pattern: ^(?:roles/|$custom_roles:) - condition: object
additional properties: false- ⁺expression: string
- ⁺title: string
- description: string
- member: string
- iam_by_principals: object
additional properties: false^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|\$iam_principals:[a-z0-9_-]+): array- items: string
pattern: ^(?:roles/|$custom_roles:)
- items: string
- iam_billing_roles: object
additional properties: false^[a-z0-9-]+$: array- items: string
- iam_folder_roles: object
additional properties: false^[a-z0-9-]+$: array- items: string
- iam_organization_roles: object
additional properties: false^[a-z0-9-]+$: array- items: string
- iam_project_roles: object
additional properties: false^(?:[a-z0-9-]|\$project_ids:[a-z0-9_-])+$: array- items: string
- iam_sa_roles: object
additional properties: false^(?:\$service_account_ids:|projects/): array- items: string
- iam_storage_roles: object
additional properties: false^[a-z0-9-]+$: array- items: string
- log_bucket: object
additional properties: false- description: string
- kms_key_name: string
- location: string
- log_analytics: object
additional properties: false- enable: boolean
- dataset_link_id: string
- description: string
- retention: number
- pam_entitlements: object
additional properties: false^[a-z][a-z0-9-]{0,61}[a-z0-9]$: object
additional properties: false- ⁺max_request_duration: string
- ⁺eligible_users: array
- items: string
- ⁺privileged_access: array
- items: object
additional properties: false- ⁺role: string
- condition: string
- items: object
- requester_justification_config: object
additional properties: false- not_mandatory: boolean
- unstructured: boolean
- manual_approvals: object
additional properties: false- ⁺require_approver_justification: boolean
- ⁺steps: array
- items: object
additional properties: false- ⁺approvers: array
- items: string
- approvals_needed: number
- approver_email_recipients: array
- items: string
- ⁺approvers: array
- items: object
- additional_notification_targets: object
additional properties: false- admin_email_recipients: array
- items: string
- requester_email_recipients: array
- items: string
- admin_email_recipients: array