solutions/client-landing-zone/client-folder/standard/applications-infrastructure/nonp/host-project/network/psc/google-apis/psc.yaml (2 lines): - line 64: # TODO: bug: errors when defining description field - line 74: # TODO: bug: missing service directory registration with a specific region to avoid default us-central1 region. solutions/project/spoke-unclass-env/network/psc/google-apis/psc.yaml (2 lines): - line 46: # TODO: bug: errors when defining description field - line 56: # TODO: bug: missing service directory registration with a specific region to avoid default us-central1 region. solutions/client-landing-zone/client-folder/standard/applications-infrastructure/pbmm/host-project/network/psc/google-apis/psc.yaml (2 lines): - line 64: # TODO: bug: errors when defining description field - line 74: # TODO: bug: missing service directory registration with a specific region to avoid default us-central1 region. solutions/project/spoke-unclass-env/org-policies/exceptions/gcp-resource-locations-except-spoke-project.yaml (1 line): - line 24: # TODO: This exception is to allow the us-central1 location until the issue below is resolved with the config connector forwardingRule resource. solutions/client-setup/namespaces/client-name-management-namespace.yaml (1 line): - line 46: # TODO: maybe remove client-name prefix to avoid exceeding the 30 chars limit for SA name solutions/experimentation/core-landing-zone/lz-folder/audits/logging-project/project-iam.yaml (1 line): - line 15: # TODO: IAMPolicyMember solutions/legacy/logging/core-experimentation/org-sink.yaml (1 line): - line 44: # Access Transparency Logs (TODO - not enabled) solutions/client-landing-zone/logging-project/cloud-logging-bucket.yaml (1 line): - line 15: # TODO: investigate using client ns, move functionality to client-setup and/or create new client logging project. Will be required if a config-controller is deployed per client OR we need to give permissions to the client service account into the core logging project. solutions/client-landing-zone/client-folder/folder-sink.yaml (1 line): - line 15: # TODO: investigate using client ns, move functionality to client-setup and/or create new client logging project. Will be required if a config-controller is deployed per client OR we need to give permissions to the client service account into the core logging project. solutions/gke/configconnector/gke-cluster-autopilot/app-infra-classification-folder/firewall.yaml (1 line): - line 16: # TODO: validate if service account can be used instead of primaryIpv4Range solutions/gke/kubernetes/namespace-defaults/namespace.yaml (1 line): - line 22: # TODO: to be replaced by gatekeeper constraints solutions/project/hub-env/search-replace-config.yaml (1 line): - line 18: # TODO: fix this to support a value defined in the setters.yaml. A kpt set using this string "${1}${fgt-admin-password}${3}" fails because "${string}" is a reserved function pattern solutions/gke/configconnector/gke-cluster-autopilot/service-account.yaml (1 line): - line 155: # TODO: activate once the service account can be used by the control plane solutions/project/hub-env/fortigate/fortigate-ap-secondary.yaml (1 line): - line 43: # TODO: Schedule solutions/project/hub-env/fortigate/firewall.yaml (1 line): - line 81: # TODO: once IP space is finalized, re-adjust this value to maybe allow only PAZ subnets solutions/legacy/logging/core-env/org-sink.yaml (1 line): - line 44: # Access Transparency Logs (TODO: - not enabled) solutions/gke/kubernetes/cluster-defaults/gateway/gateway-regional.yaml (1 line): - line 16: # # TODO: This gives an error; It tries to deploy it to /network/default VPC instead of the cluster VPC solutions/client-landing-zone/logging-project/project-iam.yaml (1 line): - line 15: # TODO: investigate using client ns, move functionality to client-setup and/or create new client logging project. Will be required if a config-controller is deployed per client OR we need to give permissions to the client service account into the core logging project. solutions/project/hub-env/fortigate/fortigate-ap-primary.yaml (1 line): - line 43: # TODO: Schedule solutions/core-landing-zone/namespaces/networking.yaml (1 line): - line 103: # TODO: validate if it could be set at the folder level solutions/gke/kubernetes/namespace-defaults/cd/cd-rolebinding.yaml (1 line): - line 29: # name: sample-google-account # TODO this needs to be set in setters e.g. service-account1@test-project.iam.gserviceaccount.com solutions/project/hub-env/fortigate/management-vm/management-vm.yaml (1 line): - line 46: # TODO: Schedule solutions/gke/configconnector/gke-cluster-autopilot/gkehub-featuremembership-acm.yaml (1 line): - line 35: # TODO: validate with ACM product team: this appears to be deprecated since May 15 2023