kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5,494 Commits 1 Branch 1 Tag
1bbff3cc3ab878645de7bf7ce0678841d5e5d3c7
Commit Graph

54 Commits

Author SHA1 Message Date
Julio Castillo
1bbff3cc3a Add support for dry-run org policies (#2454) 2024-07-30 13:12:57 +00:00
Julio Castillo
c0bf32e797 Refactor service agent management (#2423) 
* Service agents script

* Service agents update

* WIP

* Update script and terraform

* Fix tests

* Fix linter

* Update docs

* Bring back pf example inventory

* Fix tests

* Fix more tests

* Fix tests

* Use dataclasses for build_service_agents.py

* Remove unneeded field() from build_service_agents

* Re-enable CMEK depends_on in project outputs

* Update tools/requirements.txt

* Enable storage in GCS example projects

* Fix tests

* Add CMEK Service Agents dependencies for services

* Fix typos and data platform cmek

* More typos
 2024-07-23 22:05:38 +02:00
Ludovico Magnocavallo
41e583ffc9 add network tags outputs and examples to project module (#2350) 2024-06-09 07:52:15 +02:00
Ludovico Magnocavallo
309792c559 Refactor vpc-sc support in project module, add support for dry run (#2229) 2024-04-22 09:28:01 +02:00
Wiktor Niesiobędzki
bca5901691 Fix project outputs inventory 2024-04-11 11:51:19 +02:00
Wiktor Niesiobędzki
a236222a93 Add project quotas factory 2024-04-11 11:51:19 +02:00
Wiktor Niesiobędzki
9a95ac10ed Once again fix e2e tests 2024-02-23 19:21:39 +01:00
Wiktor Niesiobędzki
8fd8ee0541 Fix too long project names on e2e tests 2024-02-23 11:41:58 +01:00
Julio Castillo
5197d5ca8d Allow projects as destinations for log sinks (#2102) 
* Add project log sink destination to project module

* Add project log sink destination to folder module

* Add project log sink destination to organization module

* Fix typos

* Add project log sink destination to billing-account module

* Make filter field optional

* Update READMEs

---------

Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
 2024-02-21 08:41:13 +01:00
Ludovico Magnocavallo
bf93b6fb4e fix typo in logging sinks interface (#2015) 2024-01-28 10:27:28 +01:00
Wiktor Niesiobędzki
0d486fb34e E2E tests fixes 2023-12-19 11:01:03 +01:00
simonebruzzechesse
c50b732c79 Allow granting network user role on host project from project module and factory (#1930) 
* Update shared vpc config for project factory and project module for more granular Shared VPC configuration

---------

Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
 2023-12-15 14:39:21 +01:00
Ludovico Magnocavallo
bba814c091 Custom role factories for organization and project modules (#1912) 
* backport custom role factories

* backport from fast ci/cd branch

* indent

* tfdoc

* fix module tests
 2023-12-11 14:16:39 +00:00
Ludovico Magnocavallo
f548b65b1c Add support for subnet-level service network user grants to project module, improve docs (#1907) 
* improve project factory example

* light refactor of project modules shared vpc internals and docs

* add support for subnet-level grants on host project
 2023-12-07 09:07:48 +00:00
Wiktor Niesiobędzki
4668b90e8a Fix inventory for project 2023-12-03 10:37:23 +00:00
Wiktor Niesiobędzki
fe485414e6 Add end-to-end tests for project module (#1823) 
* Add end-to-end tests for project module
* Add inventory to data tests
* Add files to end-to-end test cases
* Review fixes - use named groups

---------

Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
 2023-11-03 18:04:19 +01:00
Simone Ruffilli
6d89b88149 versions.tf maintenance + copyright notice bump (#1782) 
* Bump copyright notice to 2023

* Delete versions.tf on blueprints

* Pin provider to major version 5

* Remove comment

* Fix lint

* fix bq-ml blueprint readme

---------

Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
Co-authored-by: Julio Castillo <jccb@google.com>
 2023-10-20 18:17:47 +02:00
Ludovico Magnocavallo
789328ff5a Bump provider versions to v5.0.0 (#1724) 
* bump provider versions to 5.0.0

* fix cloud run, logging and vpc-sc

* Fix secret manager

* fix gke nodepool

* fix gke multitenant stage and blueprint

* Moving alloydb module to experimental.

* Add project to bare resources in examples

* tfdoc

* fix svpc blueprint test

* Revert "fix svpc blueprint test"

This reverts commit 14f02659098070136e64ead600580dd52c23c339.

* Fix GKE peering project

* Disable tests in alloydb module

* Bring back secret ids in secret manager tests

* Remove duplicate key

* last push

---------

Co-authored-by: Julio Castillo <jccb@google.com>
 2023-10-03 12:15:36 +00:00
Ludovico Magnocavallo
ec3b705f53 Change type of iam_bindings variable to allow multiple conditional bindings (#1658) 
* modules

* fast

* dns readme
 2023-09-08 08:56:31 +02:00
Ludovico Magnocavallo
819894d2ba IAM interface refactor (#1595) 
* IAM modules refactor proposal

* policy

* subheading

* Update 20230816-iam-refactor.md

* log Julio's +1

* data-catalog-policy-tag

* dataproc

* dataproc

* folder

* folder

* folder

* folder

* project

* better filtering in test examples

* project

* folder

* folder

* organization

* fix variable descriptions

* kms

* net-vpc

* dataplex-datascan

* modules/iam-service-account

* modules/source-repository/

* blueprints/cloud-operations/vm-migration/

* blueprints/third-party-solutions/wordpress

* dataplex-datascan

* blueprints/cloud-operations/workload-identity-federation

* blueprints/data-solutions/cloudsql-multiregion/

* blueprints/data-solutions/composer-2

* Update 20230816-iam-refactor.md

* Update 20230816-iam-refactor.md

* capture discussion in architectural doc

* update variable names and refactor proposal

* project

* blueprints first round

* folder

* organization

* data-catalog-policy-tag

* re-enable folder inventory

* project module style fix

* dataproc

* source-repository

* source-repository tests

* dataplex-datascan

* dataplex-datascan tests

* net-vpc

* net-vpc test examples

* iam-service-account

* iam-service-account test examples

* kms

* boilerplate

* tfdoc

* fix module tests

* more blueprint fixes

* fix typo in data blueprints

* incomplete refactor of data platform foundations

* tfdoc

* data platform foundation

* refactor data platform foundation iam locals

* remove redundant example test

* shielded folder fix

* fix typo

* project factory

* project factory outputs

* tfdoc

* test workflow: less verbose tests, fix tf version

* re-enable -vv, shorter traceback, fix action version

* ignore github extension warning, re-enable action version

* fast bootstrap IAM, untested

* bootstrap stage IAM fixes

* stage 0 tests

* fast stage 1

* tenant stage 1

* minor changes to fast stage 0 and 1

* fast security stage

* fast mt stage 0

* fast mt stage 0

* fast pf
 2023-08-20 09:44:20 +02:00
Ludovico Magnocavallo
def2f476d1 Add support for conditions to iam_members module variables (#1594) 
* project

* data-catalog-policy-tag

* dataproc

* folder

* iam-service-account

* kms

* net-vpc

* organization

* source-repository

* dataplex-datascan
 2023-08-15 16:28:23 +02:00
Ludovico Magnocavallo
adf2621727 Add new iam_members variable to IAM additive module interfaces (#1589) 
* resource management modules

* data catalog policy

* dataproc

* service account

* kms

* net-vpc

* source repository

* dataplex datascan

* service account module variable order
 2023-08-14 09:54:50 +00:00
Wiktor Niesiobędzki
4998f1d376 Grant IAM rights to service identities in host project (#1542) 
* [module/project] Grant IAM rights to service identities based on used services in host project
* [blueprints/factories/project-factory] enable granting IAM permissions in host VPC for service identities directly or by specifying services in use
 2023-07-29 20:07:21 +02:00
Ludovico Magnocavallo
551dc581e8 Implement proper support for data access logs in resource manager modules (#1497) 
* organization module

* rename iam_bindings_authoritative to iam_policy, fix tests

* add support for data access logs and iam policy to folder module

* test inventories

* add support for data access logs and iam policy to project module
 2023-07-10 08:08:02 +00:00
Julio Castillo
a5e905cb80 Update remaining org policies 2023-02-21 15:49:16 +01:00
Julio Castillo
d3bcf625f9 Update yaml org policies 2023-02-21 15:49:16 +01:00
Julio Castillo
6b767c9035 Simplify org policies data model in resman modules. 2023-02-21 15:49:16 +01:00
Wiktor Niesiobędzki
e64e8db20d Allow additive IAM grants by robots name 
Regreatablly member name will be known after apply, hence changes in the
tests
 2023-02-16 14:39:21 +01:00
Julio Castillo
065b1471a8 Reorder org policy rules 2023-01-03 16:52:31 +01:00
Julio Castillo
4b77e484b1 Migrate project module to new tests 2022-12-18 14:00:19 +01:00
Julio Castillo
b4d3aa2055 Migrate organizations tests 2022-12-06 00:06:29 +01:00
Julio Castillo
c83a7de076 Remove as_logging_destination 2022-11-12 19:24:41 +01:00
Julio Castillo
486d398c7d Update logging sink to tf1.3 in resman modules 2022-11-11 19:22:05 +01:00
Julio Castillo
61e047d95a Update folder and project org policy tests 2022-11-11 17:49:18 +01:00
Julio Castillo
3e18575fad Add factory support for new org policies 2022-11-03 11:41:53 +01:00
Julio Castillo
f44f4a74dc Fix module tests 2022-10-28 17:49:44 +02:00
Miren Esnaola
0920ac3877 Shared vpc service fixes 2022-08-02 18:21:08 +02:00
Miren Esnaola
f153ab4614 Added dependency on google_compute_shared_vpc_host_project.shared_vpc_host to project_id output and modified tests 2022-07-21 14:11:21 +02:00
Julio Castillo
e2abd772f2 Update resman modules (#475) 
* Make logging sinks in different resources use the same API

* Split resman modules in multiple files. Add nullables where applicable
 2022-01-29 19:35:33 +01:00
lcaggio
a97c606253 Support service dependencies for crypto key bindings in project module (#443) 
* Support services that require crypto/decrypt role on robot service accounts

* delete test and upload refactored implementation

* fix duplicate key on dependent services, add tests

Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
 2022-01-22 08:32:13 +01:00
Julio Castillo
f0773d4883 Simplify tests by figuring out fixture dir automatically 
We always use the same directory for terraform fixtures, so it's quite
easy to figure out its path from a pytest fixture by inspecting the
stack. This commit implements this functionality and decreases the
amount of boilerplate needed to write a test.

(Ported from fast)
 2022-01-11 11:54:13 +01:00
Simone Ruffilli
ee25965c89 Copyright bump (#410) 2022-01-01 15:52:31 +01:00
Julio Castillo
7ca2e60399 Fix tests 2021-03-31 10:45:35 +02:00
Julio Castillo
ad68fc4dfa Support for cloud logging buckets 2021-03-03 14:23:59 +01:00
Julio Castillo
1e11c670f5 Update copyright to 2021 2021-02-15 09:38:10 +01:00
Julio Castillo
8d65a97b11 Add tests for logging sinks 2020-12-06 17:36:22 +01:00
Ludovico Magnocavallo
6610b79b6c Revert iam_additive behaviour (#160) 
* revert iam_additive format, add iam_additive_members

* revert iam_additive format, add iam_additive_members

* update CHANGELOG
 2020-11-09 11:29:08 +01:00
Ludovico Magnocavallo
d47478a466 rename iam members variable in project module 2020-11-04 16:22:00 +01:00
Ludovico Magnocavallo
d0ed3b7614 rename iam additive variable in project module 2020-11-04 16:17:12 +01:00
Julio Castillo
78efb63b4a Remove iam_roles from project module 2020-10-29 23:51:34 +01:00