Google Cloud Platform · Arazzo Workflow

Google Cloud Platform Review Project Governance

Version 1.0.0

Fetch a project, read its IAM policy, then list the tag bindings applied to it.

1 workflow 1 source API 1 provider

View Spec View on GitHub API ManagementCloud ComputingInfrastructurePlatform as a ServiceArazzoWorkflows

Provider

google-cloud-platform

Workflows

review-project-governance

Read a project, its IAM policy, and its tag bindings.

Gets a project, reads its IAM policy, and lists its tag bindings.

3 steps inputs: projectId, resource, tagBindingParent outputs: bindings, state, tagBindings

getProject

cloudresourcemanager.projects.get

Fetch the project record to confirm it exists and capture its state.

getPolicy

cloudresourcemanager.projects.getIamPolicy

Read the project IAM policy to capture its access bindings.

listTagBindings

cloudresourcemanager.tagBindings.list

List the tag bindings attached to the project's full resource name.

Source API Descriptions

openapi

cloudResourceManagerApi https://raw.githubusercontent.com/api-evangelist/google-cloud-platform/refs/heads/main/openapi/cloud-resource-manager-openapi.yml

Arazzo Workflow Specification

arazzo: 1.0.1
info:
  title: Google Cloud Platform Review Project Governance
  summary: Fetch a project, read its IAM policy, then list the tag bindings applied to it.
  description: >-
    Produces a governance snapshot for a single project. The workflow fetches
    the project record, reads its IAM policy to capture access bindings, and
    lists the tag bindings attached to the project's full resource name so
    callers can review identity and tagging governance in one pass. Every step
    spells out its request inline so the flow can be read and executed without
    opening the underlying OpenAPI description.
  version: 1.0.0
sourceDescriptions:
- name: cloudResourceManagerApi
  url: ../openapi/cloud-resource-manager-openapi.yml
  type: openapi
workflows:
- workflowId: review-project-governance
  summary: Read a project, its IAM policy, and its tag bindings.
  description: >-
    Gets a project, reads its IAM policy, and lists its tag bindings.
  inputs:
    type: object
    required:
    - projectId
    - resource
    - tagBindingParent
    properties:
      projectId:
        type: string
        description: The project id to review (e.g. my-app-prod-123).
      resource:
        type: string
        description: The project resource for IAM, e.g. projects/12345.
      tagBindingParent:
        type: string
        description: >-
          The full resource name for tag bindings, e.g.
          //cloudresourcemanager.googleapis.com/projects/12345.
  steps:
  - stepId: getProject
    description: >-
      Fetch the project record to confirm it exists and capture its state.
    operationId: cloudresourcemanager.projects.get
    parameters:
    - name: projectId
      in: path
      value: $inputs.projectId
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      state: $response.body#/state
      parent: $response.body#/parent
  - stepId: getPolicy
    description: >-
      Read the project IAM policy to capture its access bindings.
    operationId: cloudresourcemanager.projects.getIamPolicy
    parameters:
    - name: resource
      in: path
      value: $inputs.resource
    requestBody:
      contentType: application/json
      payload:
        options:
          requestedPolicyVersion: 3
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      bindings: $response.body#/bindings
  - stepId: listTagBindings
    description: >-
      List the tag bindings attached to the project's full resource name.
    operationId: cloudresourcemanager.tagBindings.list
    parameters:
    - name: parent
      in: query
      value: $inputs.tagBindingParent
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      tagBindings: $response.body#/tagBindings
  outputs:
    state: $steps.getProject.outputs.state
    bindings: $steps.getPolicy.outputs.bindings
    tagBindings: $steps.listTagBindings.outputs.tagBindings