kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
dc8a67b83adc1dfaa96111e5d31d771f007c9d83
hunfabric/modules/project-factory/schemas/folder.schema.json
Julio Castillo 48f6b4cd49 Add PAM support (#3438) 
* PAM first pass

* Add factory and extend to organization

* Extend to project, add examples

* Add additionalProperties to all objects

* Fix boilerplate

* Expose pam_entitlements to project-factory

* Fix readme

* Move entitlements to second folder/project pass

* extend tests

* Fix readme

* Remove timeouts from inventories
2025-10-20 12:50:37 +00:00

556 lines
15 KiB
JSON
Raw Blame History

{
"$schema": "http://json-schema.org/draft-07/schema#",
"title": "Folder",
"type": "object",
"additionalProperties": false,
"properties": {
"automation": {
"type": "object",
"additionalProperties": false,
"required": [
"project"
],
"properties": {
"prefix": {
"type": "string"
},
"project": {
"type": "string"
},
"bucket": {
"$ref": "#/$defs/bucket"
},
"service_accounts": {
"type": "object",
"additionalProperties": false,
"patternProperties": {
"^[a-z0-9-]+$": {
"type": "object",
"additionalProperties": false,
"properties": {
"description": {
"type": "string"
},
"iam": {
"$ref": "#/$defs/iam"
},
"iam_bindings": {
"$ref": "#/$defs/iam_bindings"
},
"iam_bindings_additive": {
"$ref": "#/$defs/iam_bindings_additive"
},
"iam_billing_roles": {
"$ref": "#/$defs/iam_billing_roles"
},
"iam_folder_roles": {
"$ref": "#/$defs/iam_folder_roles"
},
"iam_organization_roles": {
"$ref": "#/$defs/iam_organization_roles"
},
"iam_project_roles": {
"$ref": "#/$defs/iam_project_roles"
},
"iam_sa_roles": {
"$ref": "#/$defs/iam_sa_roles"
},
"iam_storage_roles": {
"$ref": "#/$defs/iam_storage_roles"
}
}
}
}
}
}
},
"factories_config": {
"type": "object",
"additionalProperties": false,
"properties": {
"org_policies": {
"type": "string"
},
"pam_entitlements": {
"type": "string"
},
"scc_sha_custom_modules": {
"type": "string"
}
}
},
"iam": {
"$ref": "#/$defs/iam"
},
"iam_bindings": {
"$ref": "#/$defs/iam_bindings"
},
"iam_bindings_additive": {
"$ref": "#/$defs/iam_bindings_additive"
},
"iam_by_principals": {
"$ref": "#/$defs/iam_by_principals"
},
"name": {
"type": "string"
},
"org_policies": {
"type": "object",
"additionalProperties": false,
"patternProperties": {
"^[a-z]+\\.": {
"type": "object",
"properties": {
"inherit_from_parent": {
"type": "boolean"
},
"reset": {
"type": "boolean"
},
"rules": {
"type": "array",
"items": {
"type": "object",
"additionalProperties": false,
"properties": {
"allow": {
"type": "object",
"additionalProperties": false,
"properties": {
"all": {
"type": "boolean"
},
"values": {
"type": "array",
"items": {
"type": "string"
}
}
}
},
"deny": {
"type": "object",
"additionalProperties": false,
"properties": {
"all": {
"type": "boolean"
},
"values": {
"type": "array",
"items": {
"type": "string"
}
}
}
},
"enforce": {
"type": "boolean"
},
"condition": {
"type": "object",
"additionalProperties": false,
"properties": {
"description": {
"type": "string"
},
"expression": {
"type": "string"
},
"location": {
"type": "string"
},
"title": {
"type": "string"
}
}
}
}
}
}
}
}
}
},
"pam_entitlements": {
"$ref": "#/$defs/pam_entitlements"
},
"parent": {
"type": "string",
"pattern": "^(?:folders/[0-9]+|organizations/[0-9]+|\\$folder_ids:[a-z0-9_-]+)$"
},
"tag_bindings": {
"type": "object",
"additionalProperties": false,
"patternProperties": {
"^[a-z0-9_-]+$": {
"type": "string"
}
}
}
},
"$defs": {
"bucket": {
"type": "object",
"additionalProperties": false,
"properties": {
"name": {
"type": "string"
},
"description": {
"type": "string"
},
"iam": {
"$ref": "#/$defs/iam"
},
"iam_bindings": {
"$ref": "#/$defs/iam_bindings"
},
"iam_bindings_additive": {
"$ref": "#/$defs/iam_bindings_additive"
},
"force_destroy": {
"type": "boolean"
},
"labels": {
"type": "object",
"additionalProperties": {
"type": "string"
}
},
"location": {
"type": "string"
},
"managed_folders": {
"type": "object",
"additionalProperties": false,
"patternProperties": {
"^[a-zA-Z0-9][a-zA-Z0-9_/-]+$": {
"type": "object",
"additionalProperties": false,
"properties": {
"force_destroy": {
"type": "boolean"
},
"iam": {
"$ref": "#/$defs/iam"
},
"iam_bindings": {
"$ref": "#/$defs/iam_bindings"
},
"iam_bindings_additive": {
"$ref": "#/$defs/iam_bindings_additive"
}
}
}
}
},
"prefix": {
"type": "string"
},
"storage_class": {
"type": "string"
},
"uniform_bucket_level_access": {
"type": "boolean"
},
"versioning": {
"type": "boolean"
}
}
},
"iam": {
"type": "object",
"additionalProperties": false,
"patternProperties": {
"^(?:roles/|\\$custom_roles:)": {
"type": "array",
"items": {
"type": "string",
"pattern": "^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|\\$iam_principals:)"
}
}
}
},
"iam_bindings": {
"type": "object",
"additionalProperties": false,
"patternProperties": {
"^[a-z0-9_-]+$": {
"type": "object",
"additionalProperties": false,
"properties": {
"members": {
"type": "array",
"items": {
"type": "string",
"pattern": "^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|\\$iam_principals:)"
}
},
"role": {
"type": "string",
"pattern": "^(?:roles/|\\$custom_roles:)"
},
"condition": {
"type": "object",
"additionalProperties": false,
"required": [
"expression",
"title"
],
"properties": {
"expression": {
"type": "string"
},
"title": {
"type": "string"
},
"description": {
"type": "string"
}
}
}
}
}
}
},
"iam_bindings_additive": {
"type": "object",
"additionalProperties": false,
"patternProperties": {
"^[a-z0-9_-]+$": {
"type": "object",
"additionalProperties": false,
"properties": {
"member": {
"type": "string",
"pattern": "^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|\\$iam_principals:)"
},
"role": {
"type": "string",
"pattern": "^(?:roles/|\\$custom_roles:)"
},
"condition": {
"type": "object",
"additionalProperties": false,
"required": [
"expression",
"title"
],
"properties": {
"expression": {
"type": "string"
},
"title": {
"type": "string"
},
"description": {
"type": "string"
}
}
}
}
}
}
},
"iam_by_principals": {
"type": "object",
"additionalProperties": false,
"patternProperties": {
"^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|\\$iam_principals:)": {
"type": "array",
"items": {
"type": "string",
"pattern": "^(?:roles/|\\$custom_roles:)"
}
}
}
},
"iam_billing_roles": {
"type": "object",
"additionalProperties": false,
"patternProperties": {
"^[a-z0-9-]+$": {
"type": "array",
"items": {
"type": "string"
}
}
}
},
"iam_folder_roles": {
"type": "object",
"additionalProperties": false,
"patternProperties": {
"^[a-z0-9-]+$": {
"type": "array",
"items": {
"type": "string"
}
}
}
},
"iam_organization_roles": {
"type": "object",
"additionalProperties": false,
"patternProperties": {
"^[a-z0-9-]+$": {
"type": "array",
"items": {
"type": "string"
}
}
}
},
"iam_project_roles": {
"type": "object",
"additionalProperties": false,
"patternProperties": {
"^[a-z0-9-]+$": {
"type": "array",
"items": {
"type": "string"
}
}
}
},
"iam_sa_roles": {
"type": "object",
"additionalProperties": false,
"patternProperties": {
"^[a-z0-9-]+$": {
"type": "array",
"items": {
"type": "string"
}
}
}
},
"iam_storage_roles": {
"type": "object",
"additionalProperties": false,
"patternProperties": {
"^[a-z0-9-]+$": {
"type": "array",
"items": {
"type": "string"
}
}
}
},
"pam_entitlements": {
"type": "object",
"additionalProperties": false,
"patternProperties": {
"^[a-z][a-z0-9-]{0,61}[a-z0-9]$": {
"type": "object",
"properties": {
"max_request_duration": {
"type": "string"
},
"eligible_users": {
"type": "array",
"items": {
"type": "string"
}
},
"privileged_access": {
"type": "array",
"items": {
"type": "object",
"properties": {
"role": {
"type": "string"
},
"condition": {
"type": "string"
}
},
"required": [
"role"
],
"additionalProperties": false
}
},
"requester_justification_config": {
"type": "object",
"properties": {
"not_mandatory": {
"type": "boolean"
},
"unstructured": {
"type": "boolean"
}
},
"additionalProperties": false
},
"manual_approvals": {
"type": "object",
"properties": {
"require_approver_justification": {
"type": "boolean"
},
"steps": {
"type": "array",
"items": {
"type": "object",
"properties": {
"approvers": {
"type": "array",
"items": {
"type": "string"
}
},
"approvals_needed": {
"type": "number"
},
"approver_email_recipients": {
"type": "array",
"items": {
"type": "string"
}
}
},
"required": [
"approvers"
],
"additionalProperties": false
}
}
},
"required": [
"require_approver_justification",
"steps"
],
"additionalProperties": false
},
"additional_notification_targets": {
"type": "object",
"properties": {
"admin_email_recipients": {
"type": "array",
"items": {
"type": "string"
}
},
"requester_email_recipients": {
"type": "array",
"items": {
"type": "string"
}
}
},
"additionalProperties": false
}
},
"required": [
"max_request_duration",
"eligible_users",
"privileged_access"
],
"additionalProperties": false
}
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink