Add sample to Forseti bundle for default IAM rules

GoogleCloudPlatform / policy-library

A library of constraint templates and sample constraints for Constraint Framework tools

Apache License 2.0

223 stars 129 forks source link

Add sample to Forseti bundle for default IAM rules #349

Closed gkowalski-google closed 4 years ago

gkowalski-google commented 4 years ago

Story

The default Forseti rules include a rule to restrict the Org Admin role from being assigned to users outside of your domain. Add or update a sample to the Forseti bundle to cover this.

Proposed Solution

Update the [restrict domain] sample to add to the Forseti bundle and include a setter comment for the domain.

gkowalski-google commented 4 years ago

Changes are completed, but waiting on the other kpt setter to be merged after kpt is released.