kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5,510 Commits 1 Branch 1 Tag
2758eee4ffa774ca2cb23b3cdb08d24cb5fb4a12
Commit Graph

561 Commits

Author SHA1 Message Date
Wiktor Niesiobędzki
2758eee4ff Fix inventories for Cloud SQL 2024-08-06 11:49:29 +02:00
Wiktor Niesiobędzki
d395e9490d Fix quotas E2E tests 2024-08-06 11:49:29 +02:00
Ludovico Magnocavallo
345716e576 VPC-SC as separate FAST stage 1 (#2460) 
* initial commit

* README

* boilerplate

* tflint

* tfdoc

* fix security stage tests

* vpc-sc stage tests

* tflint

* fix resman stage test inventories

* security README

* stage-level README

* Update README.md

* flexible perimeter variable

* remove diagram

* change default to dry run

* default to dry run
 2024-08-02 18:04:36 +02:00
Julio Castillo
1bbff3cc3a Add support for dry-run org policies (#2454) 2024-07-30 13:12:57 +00:00
Julio Castillo
c0bf32e797 Refactor service agent management (#2423) 
* Service agents script

* Service agents update

* WIP

* Update script and terraform

* Fix tests

* Fix linter

* Update docs

* Bring back pf example inventory

* Fix tests

* Fix more tests

* Fix tests

* Use dataclasses for build_service_agents.py

* Remove unneeded field() from build_service_agents

* Re-enable CMEK depends_on in project outputs

* Update tools/requirements.txt

* Enable storage in GCS example projects

* Fix tests

* Add CMEK Service Agents dependencies for services

* Fix typos and data platform cmek

* More typos
 2024-07-23 22:05:38 +02:00
Aurélien Legrand
78069eeffb Adding support for DWS for GKE nodepools (#2418) 
* Adding TPU limits for GKE cluster node auto-provisioning (NAP)

* rework of the cluster autoscaling configuration

* updated README

* adding queued_provisioning (DWS) attribute

* Adding support for DWS for GKE nodepools

* typo

* adding test for DWS

---------

Co-authored-by: Wiktor Niesiobędzki <wiktorn@google.com>
 2024-07-10 15:18:12 +02:00
Jay Bana
2a2c4a96ce Add support for sqlAssertion AutoDQ rule type in dataplex-datascan (#2416) 
* Add sql_assertion rule type to Dataplex AutoDQ data_quality_spec

* Fix broken link to API reference public doc for DQ spec

* Update README.md after linting

* Add example tests for dataplex-datascan

* Bump provider versions

* Bump provider versions everywhere
 2024-07-09 21:29:45 +00:00
Wiktor Niesiobędzki
01904c3397 Fix CFv2 tests 2024-07-08 16:14:21 +02:00
Wiktor Niesiobędzki
1d76bfc3ff Add E2E tests for Cloud Functions and fix perma-diff 2024-07-08 16:14:21 +02:00
Luca Prete
1bd3380a3f Adds support for external SPGs to net-firewall-policy (#2409) 
- Added support to reference external SPGs in factories in net-firewall-policy
- Added missing tls_inspect argument to hierarchical and global network firewall policies
- Fixed regional firewall policy rules, removing security profile groups and ngfw actions (given they're not supported)
- Updated copyright
 2024-07-06 10:33:09 +00:00
Julio Castillo
4e8adc9c43 Update modules/artifact-registry with newly-released features. (#2396) 
Fixes #2377
 2024-06-28 19:52:25 +02:00
apichick
00d4673093 Added certificate-manager module (#2387) 2024-06-27 13:05:35 +00:00
Aleksandr Averbukh
85c1b7c156 Add AssuredWorkload support to the folder module (#2390) 
* Feat: Add AssuredWorkload support to the folder module

* Formatting

* Use square brackets to access list items

* Docs gen after adding an example to the readme

* Reorder variables

* Formatting

* Reordering outputs, formatting

* Remove try where not needed. Add IAM into the AW example and tests

* Fix tests

* Enable Assured Workloads in E2E tests

* Add compliance_regime and partner enum fields validation

* Rewording validation message for compliance_regime, partner fields

* Sort the list of allowed values alphabetically

* Make the organization dependant on testing environment

* fix tests

* Disable E2E for Assured Workflow example.

This example requires Access Transparency enabled on org level, even
chosing different regime, we need to have `parent` and `organization`
within the same hierarchy, which is not currently the case and requires
more rework of the test framework.

---------

Co-authored-by: Wiktor Niesiobędzki <wiktorn@google.com>
 2024-06-27 14:28:17 +02:00
apichick
00080cd840 Added firestore module (#2374) 2024-06-26 14:18:42 +02:00
apichick
73e286c0ab Added spanner-instance module (#2372) 2024-06-23 17:25:22 +00:00
Wiktor Niesiobędzki
bf3f2b9367 Add example, tests and fix for Google APIs PSC endpoint (#2369) 
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
 2024-06-20 12:44:43 +02:00
Wiktor Niesiobędzki
1f40f2e573 Add support for different endpoint types for Cloud NAT 2024-06-14 15:37:58 +02:00
Ludovico Magnocavallo
fa00deb747 Support GCS objects in cloud function modules bundles (#2361) 
* cloud function v2

* cloud function v1

* blueprints
 2024-06-14 11:44:01 +00:00
Wiktor Niesiobędzki
4d51d33921 Use var.vpc_config.subnetwork in NEGs when var.neg_config.*.subnetwork is not provided 2024-06-10 16:57:12 +02:00
Ludovico Magnocavallo
41e583ffc9 add network tags outputs and examples to project module (#2350) 2024-06-09 07:52:15 +02:00
simonebruzzechesse
1969b02ed8 Alloydb add support for psc (#2341) 
* alloydb add support for psc
* add tag binding support

Co-authored-by: Wiktor Niesiobędzki <wiktorn@google.com>
 2024-06-05 13:39:03 +02:00
Wiktor Niesiobędzki
f8f18734f1 Add pre-commit hook configuration (#2326) 
* Pre-commit config

Run following linters on commit:
Terraform:
- terraform fmt
- terraform tflint

Python specific:
- yapf

Shell scripts
- shellcheck
- shfmt

YAML files:
- yamllint (disabled as of now)
- check-yaml

Other:
- end-of-file-fixer
- trailing-whitespace fixer

Fabric specific
- tools/tfdoc.py
- tools/check_boilerplate.py

* linting fixes

* Fix boilerplate check
 2024-05-30 19:35:09 +02:00
simonebruzzechesse
941a35ab69 Fixed e2e tests for alloydb module (#2321) 
* fixed e2e tests for alloydb module
 2024-05-30 11:41:15 +02:00
Wiktor Niesiobędzki
d1ec3b0499 Fixes for Alloydb E2E tests (#2312) 
* Fixes for Alloydb E2E tests

* too long project name in Sipmle example resulted in:
```
Error: "***-alloydb-prj" name must be 4 to 30 characters with lowercase and uppercase letters, numbers, hyphen, single-quote, double-quote, space, and exclamation point.
```

* using self_link resulted in:
```
Error: Error creating Cluster: googleapi: Error 499: malformed network path: "https://www.googleapis.com/compute/v1/projects/***/global/networks/e2e-test"
```

* Cross region replication stil fails with:
```
│ Error: Error creating cluster. Can not create secondary cluster without secondary_config field.
│
│   with module.alloydb.google_alloydb_cluster.secondary[0],
│   on /usr/local/google/home/wiktorn/git/cloud-foundation-fabric/modules/alloydb/main.tf line 199, in resource "google_alloydb_cluster" "secondary":
│  199: resource "google_alloydb_cluster" "secondary" {
```

* Fix tests

---------

Co-authored-by: Julio Castillo <jccb@google.com>
 2024-05-29 14:46:15 +00:00
dibaskar-google
3d668170e5 Secret manager e2etests (#2280) 
secret-manager e2e tests
 2024-05-28 09:28:08 +02:00
Wiktor Niesiobędzki
439e9a1af9 Internet NEG for net-lb-proxy-int 2024-05-24 12:56:28 +02:00
Ludovico Magnocavallo
980011806c fix permadiff in cloud nat module (#2301) 2024-05-23 08:38:03 +02:00
Ludovico Magnocavallo
ef5178c929 add support for shared vpc host to project factory (#2300) 2024-05-22 07:56:34 +00:00
simonebruzzechesse
1e149c18fc New alloydb module (#2285) 
* add alloydb module

---------

Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
 2024-05-22 09:40:25 +02:00
Wiktor Niesiobędzki
1ecd637932 Internet NEG for net-lb-app-int (#2293) 
Internet NEG for net-lb-app-int
 2024-05-20 21:12:39 +02:00
Simone Ruffilli
9a26fe8635 Add support for reserved_internal_range in net-vpc (#2275) 
Adds support for reserved_internal_range to net-vpc
 2024-05-14 22:19:45 +03:00
Ludovico Magnocavallo
e4941c27f2 Implement the full IAM interface for tags (#2269) 
* IAM authoritative bindings in org module

* remove extra newline

* organization module

* project module

* tfdoc
 2024-05-13 20:18:51 +02:00
Wiktor Niesiobędzki
6a3c7fe444 CloudSQL PSC Endpoints support (#2242) 
* Add PSC endpoints consumers to net-address
* Cloud SQL E2E tests
 2024-05-12 12:00:39 +02:00
Julio Castillo
c58850c096 Add Hybrid NAT support (#2261) 
* Updates to support hybid NAT

* Fix readme

* Fix variable order
 2024-05-09 13:24:41 +00:00
Ludovico Magnocavallo
c9503d5ac5 Remove data source from folder module (#2260) 
* remove data source from folder module

* fix fast tfdoc

* fix locals type error

* fix folder test

* fix fast test
 2024-05-09 13:09:54 +00:00
Ludovico Magnocavallo
27a055a9cb fix factory ingress policies (#2251) 2024-05-01 18:50:30 +02:00
apichick
be966c4f32 Fixed issue with service networking DNS peering (#2246) 
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
 2024-04-28 20:18:02 +00:00
Wiktor Niesiobędzki
d831d32864 Use default labels on pubsub subscription when no override is provided 2024-04-27 09:22:41 +02:00
Ludovico Magnocavallo
309792c559 Refactor vpc-sc support in project module, add support for dry run (#2229) 2024-04-22 09:28:01 +02:00
Julio Castillo
3af7e257d2 Add tflint to pipelines (#2220) 
* Fix terraform_deprecated_index

https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.5.0/docs/rules/terraform_deprecated_index.md

* Fix terraform_deprecated_interpolation

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.5.0/docs/rules/terraform_deprecated_interpolation.md

* Fix more indexing

* Remove unused variable

* Enable TFLint for modules

* Add tflint config file

* Fix chdir

* Lint modules

* TFLint fixes

* TFLint

* Fixes binauthz README

* Fixes DNS response policy tests. Restores MIG outputs.

* Fixes other DNS response policy tests.

* Update tests for fast 2-e

* Moar fixed tests

---------

Co-authored-by: Simone Ruffilli <sruffilli@google.com>
 2024-04-17 10:23:48 +02:00
Ludovico Magnocavallo
9414779cc2 Allow multiple PSA service providers in net-vpc module (#2218) 
* allowing multiple PSA service providers in net-vpc module

* tfdoc

* tfdoc

* Add tfvars/yaml tests

* fix module and tests

* re-enable inventory

* merge fix

* Add multiple PSA test case

* fix cloudsql example

---------

Co-authored-by: Wiktor Niesiobędzki <wiktorn@google.com>
 2024-04-16 15:02:36 +00:00
Ludovico Magnocavallo
198d90c6fc Remove data source from net-vpc module (#2216) 
* remove data source from net-vpc module

* fix test inventories

* remove data source, fix fast inventories
 2024-04-16 14:11:12 +03:00
Ludovico Magnocavallo
3138eb9025 add support for tags to GCS module (#2213) 2024-04-11 13:19:05 +00:00
Wiktor Niesiobędzki
bca5901691 Fix project outputs inventory 2024-04-11 11:51:19 +02:00
Wiktor Niesiobędzki
a236222a93 Add project quotas factory 2024-04-11 11:51:19 +02:00
Simone Ruffilli
7833203d87 Add support for GCS soft-delete retention period (#2212) 
* Add support for GCS soft-delete retention period
 2024-04-11 07:31:00 +00:00
Tone
2831af09fa feat(gke-cluster-standard): Add optional CiliumClusterWideNetworkPolicy (#2207) 
* feat(gke-cluster-standard): Add optionnal `CiliumClusterWideNetworkPolicy`

Add `CiliumClusterWideNetworkPolicy` option on cluster.

Ref:
 - https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/container_cluster#enable_cilium_clusterwide_network_policy
 - https://cloud.google.com/kubernetes-engine/docs/how-to/configure-cilium-network-policy

* feat(gke-cluster-standard): Update Google provider to manage new feature

* feat(gke-cluster-standard): Move `cilium_clusterwide_network_policy` to `enable_features` field

* fix(scheduled-asset-inventory-export-bq): Set `dataset_id` with underscores

* fix(bigquery-dataset): Set `dataset_id` with underscores
 2024-04-09 17:08:36 +02:00
Ludovico Magnocavallo
f487b27aa9 Fix default nodepool defaults in gke standard module (#2182) 
* fix default nodepool defaults in gke standard module

* fix inventory
 2024-03-28 11:22:14 +01:00
Tone
0f44e581d5 feat(gke-cluster-standard): Set optionnal default_node_pool configuration (#2175) 
* feat(gke-cluster-standard): Set optionnal `default_node_pool` configuration

* feat(gke-cluster-standard): Improve `default_node_pool` variable setup

* feat(gke-cluster-standard): Improve `default_node_pool` condition validation
 2024-03-26 18:05:35 +01:00
Ludovico Magnocavallo
a590deb58b Fix subnet configuration in cloud nat module (#2171) 
* support optional secondary ranges in net-cloudnat module

* fix subnet configuration

* fix packer blueprint
 2024-03-22 15:59:02 +01:00