kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5,698 Commits 1 Branch 1 Tag
1fc5e90bdd0fc41f38be45a89c405064436aaa32
Commit Graph

152 Commits

Author SHA1 Message Date
Julio Castillo
1fc5e90bdd Allow disabling network security stage (#2701) 
* Allow disabling security stage

* Remove deprecated network_firewall_policies_viewer

* Enable nsec in resman tests
 2024-11-17 10:04:18 +01:00
Julio Castillo
f140adfab8 Remove REGIONAL/MULTI_REGIONAL buckets from FAST (#2697) 2024-11-16 10:14:47 +00:00
Julio Castillo
7b2a3424a8 Unify usage of top level folders short_name (#2693) 
* Unify usage of top level folders short_name

* Fix docs

* Update schema

* Fix tests

* Fix tests

* More fixes
 2024-11-15 13:56:45 +01:00
Julio Castillo
9814756074 Make project iam viewer name consistent with GCP naming (#2694) 
* Make project iam viewer name consistent with GCP naming

* Fix tests
 2024-11-15 11:48:37 +01:00
Ludovico Magnocavallo
31cb391be7 Streamline environments variable across stages (#2688) 
* streamline environments variable across stages

* linting

* linting
 2024-11-15 10:22:18 +01:00
Ludovico Magnocavallo
721e7689b4 Add missing billing roles to project factory ro SA in stage 1 (#2685) 
* add missing billing role for pf ro sa

* fix tests
 2024-11-14 11:41:30 +01:00
Ludovico Magnocavallo
aa30e33618 add missing role for pf ro account (#2683) 2024-11-14 10:25:51 +01:00
Ludovico Magnocavallo
d0c8ffaddb fix permadiff in bootstrap stage (#2656) 2024-11-01 15:56:07 +01:00
Ludovico Magnocavallo
50ac3a5013 Refactor of FAST resource management and subsequent stages (#2648) 
* untested

* pllan testing

* fix stage 2s

* move providers to their own file

* single-environment stage 3

* fixes and moved blocks

* stage3 factory

* doc

* review comments

* review comments

* tfdoc

* fasts tage 1 tests

* netsec as stage 2

* fix backported roles

* fix backported roles

* tfdoc

* fixes

* fix tag value roles in stage 1

* remove checklist, fix stage 1 tests

* inventory

* Small bugfix

* refactor context tag values

* fix previous merge

* fix previous merge

* fix previous merge

* support short names for top level automation resources, change top level context variable

* fix new top level context

* roll back merge changes to stage 0 outputs

* roll back more merge changes

* linting errors

* tfdoc

* fix tests, roll back merge in tenants stage

* tfdoc

* fix inventory

* optional stage 2 env folders and tag bindings

* tflint

* damn tflint

* damn tflint

* tfdoc

* fix networking tests

* tflint

* fix test inventories

* tfdoc

* use coalesce for project parents

* fix billing role conditions

* fix billing role conditions

* security stage tested (ngw resources need fixing/porting)

* boilerplate

* fix inventory

* stage envs and stage linking script

* initial work on resman docs, update diagram, improve teams folder

* resman README

* fix stage 2 IAM delegation

* remove checklist from bootstrap

* stage 1 tests

* stage 0 1 and 2 tests

* tflint

* tflint

* tfdoc

* GCVE stage refactor (untested)

* GCVE stage refactor (untested)

* GCVE stage 3

* gcve tests

* tflint

* tfdoc

* fix links

* module tests

* stages README

* move network security to stage 2

* network security tests

* replace stage links in README files

* minimal netsec stage refactor

* use factory for iac org policies, add configurable drs org policy for iac

* test mt stage

* tfdoc

* fix cicd workflows

* fix cicd workflows

* gke-dev stage

* tflint

* remove data platform stage

* exclude provider files via tfdoc opts

* remove data platform tests and links

* fix merge

* fix resman inventory

* boilerplate

* inventory

---------

Co-authored-by: Simone Ruffilli <sruffilli@google.com>
 2024-10-31 16:55:54 +01:00
Aurélien Legrand
d4b594f83a Adding DNS for GKE control plane to private google access APIs (#2641) 
* Adding DNS for GKE control plane to private google access APIs

* updating tests

* updating tests
 2024-10-29 14:09:26 +01:00
Liam Nesteroff
f14cd9f948 Add TFE integration for backend and CICD (#2611) 
* added option for tfe_cicd

* formatting and readme

* formatting

* added terraform option for cicd_repos

* update readme

* modified provider templating for tf

* added missing resman gsa

* updated readmes

* added options for tf style write/branch structure

* added cicf_backends to tests

* added cicd_backends to tests

* Updated readme
 2024-10-16 17:01:39 +11:00
Elia
81a6ff30d2 GCVE network mode for 2-networking-b-nva stage (#2544) 
* GCVE network mode

* optional landing routes

* net option renamed

* minor fix

* added stage tests

* test fix

* regional-vpc mode

* fixed api

* fix readme

* drawing updated

* stage test fix

* stage test fix

* stage test fix

* stage test fix

* fix

---------

Co-authored-by: Simone Ruffilli <sruffilli@google.com>
 2024-10-15 08:28:15 +02:00
Simone Ruffilli
9905e1dc69 Enables compute.setNewProjectDefaultToZonalDNSOnly and essentialcontacts.allowedContactDomains (#2564) 
* Enables setNewProjectDefaultToZonalDNSOnly policy
* Add support for essentialcontacts.allowedContactDomains
 2024-09-13 11:09:55 +02:00
Ludovico Magnocavallo
579c7296db moved blocks and fixes for FAST v33-v34 transition (#2541) 2024-08-30 07:44:27 +00:00
Luca Prete
3ca0525039 [FAST] TLS inspection support for NGFW Enterprise (#2484) 2024-08-30 09:15:17 +02:00
Julio Castillo
f57635d044 Add managed folders suports to gcs module (#2530) 
* Add RPO, make versioning dynamic

* Add manaed folders

* Change autoclass and cors defaults to null

* Update README

* Add iam_by_principals

* Add managed folders var description

* Remove need for managed folders to end in /

* Add inventory to example

* Update readme

* Fix FAST tests
 2024-08-28 07:30:52 +00:00
Luca Prete
17667ce205 [FAST] Add permissions to nsec-r SA (#2511) 2024-08-21 20:26:32 +02:00
Ludovico Magnocavallo
13595f1499 depend network security stage from fast features in resman (#2509) 2024-08-21 08:38:43 +02:00
Ludovico Magnocavallo
ad5de9b7ea Refactor FAST project factory and supporting documentation (#2505) 
* untested

* teams pattern

* rework doc

* README

* boierplate

* tflint

* Fix tflint for project factory

* Correct path to pf

* resman changes

* fix factory variable default

* fix links

* project factory module substitutions

* tflint

* stage test

* tfdoc

* rename schema, address review comments

* README typos and wording

* tfdoc

* review comments

* remove test from yaml

* revert output workflow changes

* fix sa reference errors

* tfdoc

* pf tag roles

* schema validation

* pf tag roles

* avoid null values in pf context

---------

Co-authored-by: Wiktor Niesiobędzki <wiktorn@google.com>
 2024-08-20 16:45:42 +00:00
Julio Castillo
912cbb8281 Rename 1-vpc-sc stage to 1-vpcsc (#2471) 
* Rename 1-vpc-sc stage to 1-vpcsc

* Fix tests
 2024-08-06 11:21:55 +00:00
Julio Castillo
89333a5d43 Make policyReader binding additive in bootstrap (#2470) 2024-08-06 09:35:37 +00:00
Ludovico Magnocavallo
345716e576 VPC-SC as separate FAST stage 1 (#2460) 
* initial commit

* README

* boilerplate

* tflint

* tfdoc

* fix security stage tests

* vpc-sc stage tests

* tflint

* fix resman stage test inventories

* security README

* stage-level README

* Update README.md

* flexible perimeter variable

* remove diagram

* change default to dry run

* default to dry run
 2024-08-02 18:04:36 +02:00
Luca Prete
80f9ce6307 [FAST] Add basic NGFW enterprise stage (#2410) 2024-08-01 09:41:31 +00:00
Simone Ruffilli
27bb48df77 NCC in 2-net-a-simple (#2397) 
* NCC in 2-net-a-simple
 2024-07-25 18:03:09 +02:00
Julio Castillo
c0bf32e797 Refactor service agent management (#2423) 
* Service agents script

* Service agents update

* WIP

* Update script and terraform

* Fix tests

* Fix linter

* Update docs

* Bring back pf example inventory

* Fix tests

* Fix more tests

* Fix tests

* Use dataclasses for build_service_agents.py

* Remove unneeded field() from build_service_agents

* Re-enable CMEK depends_on in project outputs

* Update tools/requirements.txt

* Enable storage in GCS example projects

* Fix tests

* Add CMEK Service Agents dependencies for services

* Fix typos and data platform cmek

* More typos
 2024-07-23 22:05:38 +02:00
Ludovico Magnocavallo
5319184e71 FAST ng: stage 0 environments and VPC-SC IaC resources (#2440) 
* FAST ng: stage 0 environments and VPC-SC IaC resources

* test inventories
 2024-07-23 11:52:39 +02:00
Simone Ruffilli
3151b02eda FAST: IAM cleanups to reflect PF changes (#2430) 
* FAST: IAM cleanups to reflect PF changes
 2024-07-18 14:59:28 +02:00
Ludovico Magnocavallo
e3809e6735 Add main project factory service account (#2353) 
* add main project factory service account

* add main project factory service account
 2024-06-10 12:23:30 +02:00
Ludovico Magnocavallo
b13b6032d3 Remove support for source repositories from FAST CI/CD (#2352) 
* stage 0

* stage 1

* stage 1 mt

* remove unused locals from resman

* remove unused locals from resman

* tfdoc
 2024-06-10 09:02:55 +00:00
Julio Castillo
ef7083799c Update PGA domains (#2330) 
* Update PGA domains

* Fix tests
 2024-05-31 10:53:50 +00:00
Simone Ruffilli
4901b4aee8 FAST: Enable networkconnectivity when using NCC-RA in 2-b (#2329) 2024-05-31 08:22:24 +00:00
Luca Prete
eb5754e475 [FAST] Rename stage 2-networking-d-separate-envs to 2-netwroking-c-separate-envs (#2328) 
Co-authored-by: Luca Prete <lucaprete@google.com>
 2024-05-31 09:09:31 +03:00
Simone Ruffilli
532f1ecfc4 Merge FAST C and E network stages into a new B stage. (#2309) 
Merge FAST C and E network stages into a new B stage.
 2024-05-28 17:27:28 +02:00
Ludovico Magnocavallo
980011806c fix permadiff in cloud nat module (#2301) 2024-05-23 08:38:03 +02:00
Ludovico Magnocavallo
be9214f99a add support for tenant factory CI/CD (#2297) 2024-05-21 10:39:47 +02:00
simonebruzzechesse
79af34b69e Add wif permissions to bootstrap tf SA (#2290) 
* add wif permissions to bootstrap tf SA
 2024-05-20 18:15:23 +02:00
Simone Ruffilli
21f3b733ab FAST: Cleanup/harmonization of Simple and NVA net stages (#2287) 
Cleanup/harmonization of Simple and NVA net stages
 2024-05-16 16:49:15 +03:00
Simone Ruffilli
887c7e7926 Unify VPN and Peering FAST stages (#2284) 
* Unify VPN and Peering FAST stages
 2024-05-16 12:18:32 +03:00
Ludovico Magnocavallo
7a5dd4e6db FAST: add top-level folders and restructure teams/tenants in resman (#2254) 
* remove teams and tenants from resman

* move fast features to stage 1, fix test inventories

* folders

* fix factory, add top level folder resources to outputs

* tfdoc

* stage 0 log sink defs

* tfdoc

* enable toc in resman readme

* simple tenants

* fast compatibility automation and logging

* testing fast-compatible tenants

* testing fast-compatible tenants

* tfdoc

* remove mt stages

* remove tests, fix links

* disable tflint

* fast tests

* make organization conditional in resman

* check names tool

* export real prefix to tfvars, prevent destroy errors

* prefix validation

* fix billing account export format

* tfdoc

* root node folder

* resman changes

* tenant resman roles

* first apply of tenant resman

* tenant log sinks in stage 1

* fix test vars

* tfdoc

* tenant vpc-sc access policy

* fix tests expected values

* tenant CI/CD

* identity providers

* wif

* tfdoc

* add comments to identity locals

* full-feature tenant resman apply

* tenant billing IAM

* stage test

* fix CI/CD comments

* tenant net stage verified

* tenant sec stage verified

* fix test

* README work

* tfdoc

* README

* README rewording

* README rewording

* tfdoc

* FAST excalidraw

* review comments

* diagram review changes

* add iam log sink for tenants

* remove redundant try from security stage

* Implement tflint-fast in Python driven by tftest.yaml files

* tflint

* test ci changes

* revert linting changes

* disable tflint for fast

* Create junit-style report for FAST tflint

* Remove junit-reporter

* YAPF tflint-fast.py

* Output tflint FAST to job summary

* Step summary

* Disable step_summary as output is not useful

* ignore tflint warning

* re-enable tflint on FAST

---------

Co-authored-by: Wiktor Niesiobędzki <wiktorn@google.com>
 2024-05-15 09:17:13 +00:00
Simone Ruffilli
9a26fe8635 Add support for reserved_internal_range in net-vpc (#2275) 
Adds support for reserved_internal_range to net-vpc
 2024-05-14 22:19:45 +03:00
Wiktor Niesiobędzki
af253c9702 Fix 0-bootstrap iam_by_principals not taking into account all principals (#2267) 
* Fix 0-bootstrap iam_by_principals not taking into account all principals
* Add test-case for iam_by_principals for 0-bootstrap stage

---------

Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
 2024-05-12 21:02:04 +02:00
Julio Castillo
d838c4ac47 Make Simple NVA route IAP traffic through NIC 0 (#2262) 2024-05-09 18:29:25 +02:00
Julio Castillo
c58850c096 Add Hybrid NAT support (#2261) 
* Updates to support hybid NAT

* Fix readme

* Fix variable order
 2024-05-09 13:24:41 +00:00
Ludovico Magnocavallo
c9503d5ac5 Remove data source from folder module (#2260) 
* remove data source from folder module

* fix fast tfdoc

* fix locals type error

* fix folder test

* fix fast test
 2024-05-09 13:09:54 +00:00
Julio Castillo
94c32c1d71 Misc FAST fixes (#2253) 
* Misc FAST fixes

* Fix readme

* Fix FAST nva bgp tests
 2024-05-02 06:56:26 +00:00
Julio Castillo
99129d54a3 Update FAST logging (#2235) 
* Update FAST logging

* Fix readme

* Fix tests
 2024-04-25 08:31:51 +02:00
Wiktor Niesiobędzki
024d3255e6 Generalization of tflint call for FAST stages (#2225) 
* Generalization of tflint call for FAST

* Fix tfvars path

* Fix tfvars path - depending where the file is

* Fix regex

* Reeanble linting

* Align test directory to stage name

* Align all fast stages to use tftest
 2024-04-18 21:04:24 +02:00
Julio Castillo
3af7e257d2 Add tflint to pipelines (#2220) 
* Fix terraform_deprecated_index

https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.5.0/docs/rules/terraform_deprecated_index.md

* Fix terraform_deprecated_interpolation

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.5.0/docs/rules/terraform_deprecated_interpolation.md

* Fix more indexing

* Remove unused variable

* Enable TFLint for modules

* Add tflint config file

* Fix chdir

* Lint modules

* TFLint fixes

* TFLint

* Fixes binauthz README

* Fixes DNS response policy tests. Restores MIG outputs.

* Fixes other DNS response policy tests.

* Update tests for fast 2-e

* Moar fixed tests

---------

Co-authored-by: Simone Ruffilli <sruffilli@google.com>
 2024-04-17 10:23:48 +02:00
Ludovico Magnocavallo
198d90c6fc Remove data source from net-vpc module (#2216) 
* remove data source from net-vpc module

* fix test inventories

* remove data source, fix fast inventories
 2024-04-16 14:11:12 +03:00
Julio Castillo
a74a106f8b Add new org policies to FAST (#2215) 
* Add new org policies to FAST

* Fix tests
 2024-04-15 15:29:24 +02:00