kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6,990 Commits 1 Branch 1 Tag
26dbaa2d6ea49c9ed00dee1747c0e26a17cadb21
Commit Graph

357 Commits

Author SHA1 Message Date
Ludovico Magnocavallo
04de8f7de7 Support CMEK configuration in org module logging settings, expose identities in FAST context (#3656) 
* support CMEK configuration in org module logging settings, expose identities as FAST contexts

* remove hash from inventories
 2026-01-19 13:35:30 +01:00
Julio Castillo
cff8a25c59 Introduce iam_by_principals_conditional (#3649) 
* Introduce iam_by_principals_conditional

* Add iam_by_principals_conditional to project factory

* Update IAM ADR

* Update project factory readme

* Sync FAST schemas

* Update organization schema

* Add resman tests for iam_by_principals_conditional

* Update PF project-defaults.tf

* Update copyright
 2026-01-14 11:16:07 +00:00
Eric Zhao
c1248d328a Allow any VPC for (secure) network_tags (#3634) 
* feat: allow all for VPC networks

* feat: add examples

* feat: add header

* feat: module test

* fix: update network testing data to pass validation

---------

Co-authored-by: Julio Castillo <jccb@google.com>
 2026-01-12 09:34:18 +00:00
Ludovico Magnocavallo
f8f856c9ac reinstate v51.0.0 2026-01-08 13:32:59 +00:00
Ludovico Magnocavallo
1b4930513f prep v51.1.1 2026-01-08 13:21:22 +00:00
Ludovico Magnocavallo
6ab071da8d prep v51.1.0 2026-01-08 12:12:43 +00:00
ooshrioo
ccad5654d9 Fix workforce identity federation provider configuration (#3626) 
* Fix workforce identity federation provider configuration

Remove redundant 'organizations/' prefix from parent parameter as
var.organization_id already contains the full organization path.

* Update test to match corrected parent parameter

The test expected the redundant 'organizations/' prefix, but the fix
correctly removes this duplication.

---------

Co-authored-by: Julio Castillo <jccb@google.com>
 2026-01-07 14:02:13 +01:00
Ludovico Magnocavallo
ef027ad5b5 prep v51.0.0 2026-01-07 11:23:41 +00:00
Ludovico Magnocavallo
9135406aab Merge remote-tracking branch 'origin/master' into fast-dev 2026-01-07 11:22:19 +00:00
Ludovico Magnocavallo
7a3387d64d prep v50.1.0 2026-01-07 09:57:10 +00:00
Ludovico Magnocavallo
a554971563 Merge remote-tracking branch 'origin/master' into fast-dev 2025-12-22 06:36:05 +00:00
Luca Prete
c193fb37ee Upgrade Terraform provider to 7.13 (#3600) 2025-12-18 11:29:48 +01:00
Vannick Trinquier
cc24046be8 Add CMEK support to FAST and controls for CMEK encryption (#3556) 2025-12-14 12:14:08 +07:00
Ludovico Magnocavallo
d21e9c51e8 prep v50.0.0 2025-12-10 18:22:55 +00:00
Ludovico Magnocavallo
5e606d0fff prep v49.3.0 2025-12-10 17:51:43 +00:00
Ludovico Magnocavallo
ac68262733 prep v49.2.0 2025-12-08 07:58:58 +00:00
Michael Woodham
bc5732357c Updates to GKE modules to support Secret Sync (#3562) 
* Updates to add secret_sync to GKE module in CFF

* updated READMEs against the python tfdoc command

* updated version for secret_sync to reflect 7.12.0

* update provider versions to 7.12.0

* Updated READMEs which got clobbered by merge with main

* Fixed test errors in secret-manager module

---------

Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
 2025-12-05 15:30:49 +00:00
Ludovico Magnocavallo
bd4f2e317a prep v49.1.0 2025-11-24 08:37:06 +00:00
Ludovico Magnocavallo
10e29e1eeb Context improvements: "all service accounts" principal in folder, org, project modules; custom roles in factory condition vars for FAST stage 0 (#3548) 
* iam principalsets

* fix folder

* add custom roles to factory condition vars in stage 0

* project shared vpc IAM
 2025-11-24 08:28:41 +00:00
Julio Castillo
3959bb3974 Fix aprover -> approver (#3540) 
* Fix aprover -> approver

* Once again...
 2025-11-19 08:50:23 +01:00
Ludovico Magnocavallo
3392953188 prep v49.0.0 2025-11-18 13:51:02 +00:00
Ludovico Magnocavallo
da5726324d Merge remote-tracking branch 'origin/master' into fast-dev 2025-11-18 13:49:13 +00:00
Ludovico Magnocavallo
83ebdbbd2d prep v48.1.0 2025-11-18 13:47:16 +00:00
Ludovico Magnocavallo
8c29512890 Leverage project-level workload identity in FAST CI/CD (#3535) 
* Leverage project-level WIF in FAST CI/CD

* add new context namespace, improve outputs, fix tests and inventories

* make YAML linter happy

* README
 2025-11-18 10:49:44 +00:00
Ludovico Magnocavallo
897c6ef8c3 Add support for Workload Identity to project module and project factory (#3531) 
* module-level support

* fast stage 0

* fix inventory, add outputs/tfvars

* wip

* project factory

* pf outputs

* iam templates will be added where ci/cd configs are managed

* fix merge conflicts
 2025-11-17 07:31:21 +00:00
Ludovico Magnocavallo
87ed19bc47 Add support for Workforce Identity to organization module and org setup stage (#3530) 
* module-level support

* fast stage 0

* fix inventory, add outputs/tfvars
 2025-11-17 08:00:30 +01:00
Ludovico Magnocavallo
5270586a8e fix schema doc tool, fix schema errors, regenerate schema docs (#3524) 2025-11-12 08:50:52 +01:00
Ludovico Magnocavallo
3289a6ff27 prep v48.0.0 2025-11-11 09:13:44 +00:00
Ludovico Magnocavallo
76eec666ea Merge remote-tracking branch 'origin/master' into fast-dev 2025-11-11 09:10:56 +00:00
Ludovico Magnocavallo
0d0e086cfc prep v47.1.0 2025-11-11 08:59:19 +00:00
Ludovico Magnocavallo
ba77c6170c Allow configuring data access logs from org/folder/project schemas (#3516) 
* modules and FAST support

* module tests

* fast stage 0 dataset

* tfdoc
 2025-11-10 10:19:21 +00:00
Ludovico Magnocavallo
6f644c886f Merge remote-tracking branch 'origin/master' into fast-dev 2025-11-06 17:20:17 +00:00
Julio Castillo
002349c35b Allow defining org-level pam_entitlements in 0-org-setup (#3506) 2025-11-05 19:27:59 +01:00
Ludovico Magnocavallo
5946433737 prep v47.0.0 2025-11-05 08:28:44 +00:00
Ludovico Magnocavallo
fc538a15cc Merge remote-tracking branch 'origin/master' into fast-dev 2025-11-05 08:26:53 +00:00
Ludovico Magnocavallo
adec737e2a prep v46.1.0 2025-11-05 08:24:06 +00:00
Ludovico Magnocavallo
8bfc3cf579 Pass email addresses context to organization module in stage 0 (#3496) 
* pass email addresses context to organization module in stage 0

* depend essential contacts on org policy resource
 2025-11-03 08:43:15 +00:00
Ludovico Magnocavallo
0a2cc758ac Essential contacts in schemas, and email context substitutions (#3495) 
* modules

* fast

* duplicate diff

* fix contacts in FAST stage 0 datasets, update contacts in YAML schemas
 2025-11-03 08:53:29 +01:00
Ludovico Magnocavallo
3801a7c2d1 prep v46.0.0 2025-10-26 16:12:02 +00:00
Ludovico Magnocavallo
b8943cedbc Merge remote-tracking branch 'origin/master' into fast-dev 2025-10-26 15:34:01 +00:00
Ludovico Magnocavallo
43191dbf63 prep v45.1.0 2025-10-26 15:03:03 +00:00
Ludovico Magnocavallo
7b6c152755 Implement proper validation for tag value names in schema (#3470) 
* implement proper validation for tag value names in schema

* fix unrelated typos surfaced by new spell check
 2025-10-26 13:35:56 +01:00
Ludovico Magnocavallo
a4cc7cd979 Align schemas (#3447) 
* enforce schema uniqueness

* schemas

* fix tests
 2025-10-21 14:03:40 +02:00
Vannick Trinquier
c60ae3652a Adding hardened datasets for preventive and detective Compliance Controls (#3410) 
* Adding hardened datasets for preventive and detective Compliance Controls in stage 0 and stage 1 VPC-SC

* Move observability to factory file

* Update documentation

* Update local variable for use

* Update observability factory to use other module

* Add raw diagram file for hardened datasets

* Retrofit change

* Rename log_buckets context variable to be consistent across modules

* Update stage 0 documentation to mention hardened dataset

* Update customer ids list

* Update documentation, path to schema add ID to access level

* Comment organization policy gcp.resourceLocation by default

* Prevent duplicate key error by merging principal roles

* Adding ngfw roles files in hardened datasets

* Update script to validate files differences to support folder and datasets

* Format duplicate-diff python script

* Remove .config.yaml from duplicates

---------

Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
 2025-10-21 10:34:25 +00:00
Ludovico Magnocavallo
32ca4498ad Merge remote-tracking branch 'origin/master' into fast-dev 2025-10-20 17:56:31 +00:00
Luca Prete
64738a1808 Add Agent Engine module. (#3429) 2025-10-20 17:02:39 +02:00
Ludovico Magnocavallo
ec09414823 Merge remote-tracking branch 'origin/master' into fast-dev 2025-10-20 13:58:44 +00:00
Julio Castillo
48f6b4cd49 Add PAM support (#3438) 
* PAM first pass

* Add factory and extend to organization

* Extend to project, add examples

* Add additionalProperties to all objects

* Fix boilerplate

* Expose pam_entitlements to project-factory

* Fix readme

* Move entitlements to second folder/project pass

* extend tests

* Fix readme

* Remove timeouts from inventories
 2025-10-20 12:50:37 +00:00
Ludovico Magnocavallo
5e05044306 Merge remote-tracking branch 'origin/master' into fast-dev 2025-10-18 14:22:57 +00:00
Julio Castillo
1566711c3a Add service agent outputs to folder and organization (#3436) 
* Add service agent outputs to folder and organization

* Fix tests
 2025-10-17 17:23:08 +02:00