kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5,071 Commits 1 Branch 1 Tag
2a66fcab2e9d3cb45e1f168c82b9c3cb3bcba5aa
Commit Graph

648 Commits

Author SHA1 Message Date
Ludovico Magnocavallo
9d6e61428b (WIP) Read-only service accounts for automation and CI/CD (#1899) 
* add design doc for the new CI/CD sa

* describe the actual implementation

* specify which files will need to be changed

* Update 0-cicd-plan-sa.md

* Update 0-cicd-plan-sa.md

* Update 0-cicd-plan-sa.md

* Update 0-cicd-plan-sa.md

* Update 0-cicd-plan-sa.md

* Update 0-cicd-plan-sa.md

* Update 0-cicd-plan-sa.md

* Fix typo

* stage 0 read-only service accounts

* stage 0 IAM map

* linting

* cicd read-only service accounts

* tweak workflow templates

* roles and github workflow fixes

* tfdoc

* Ad-hoc custom role factory for FAST bootstrap

* use factory variable for custom roles data path

* custom roles factory in org/project modules

* tfdoc

* rename custom roles factory variable, fix gitlab template

* gitlab workflow fixes

* fix merge

* output plan results on failed assertion

* update stage 0 expected values

* data platform branch

* gke

* networking

* security

* project factory

* outputs

* workflow templates

* resman apply fixes

* tfdoc

* fix stage 1 test fixture

* fix gh workflow

* read-only resman sa roles

* fix test

* read-only resman sa roles

* read-only resman sa roles

* read-only resman sa roles

* read-only resman sa roles

* fix test variables

* rename wif principal attribute names

* rename wif principal variables

* multitenant stages

---------

Co-authored-by: Wiktor Niesiobędzki <wiktorn@google.com>
Co-authored-by: Julio Castillo <jccb@google.com>
 2023-12-27 11:33:16 +00:00
Ludovico Magnocavallo
a2263da1f3 fix GitHub CI/CD provider (#1945) 2023-12-21 17:10:50 +00:00
Ludovico Magnocavallo
e592996ba0 Revert "Add debug step for JWT tokens" (#1943) 
This reverts commit d95280081f.
 2023-12-21 14:50:27 +01:00
simonebruzzechesse
c9a8d777ba Add kernels.googleusercontent.com zone in dns response policy (#1940) 
* Add kernels.googleusercontent.com zone in dns response policy
* update fast tests
 2023-12-20 11:18:11 +01:00
Wiktor Niesiobędzki
d95280081f Add debug step for JWT tokens 2023-12-20 09:26:55 +01:00
Julio Castillo
b6e0557bbb Simplify organization tags.tf locals (#1932) 
* Simplify organization tags.tf locals

* Fix boilerplate

* Override github provider version for tests
 2023-12-18 16:09:22 +00:00
Ludovico Magnocavallo
bba814c091 Custom role factories for organization and project modules (#1912) 
* backport custom role factories

* backport from fast ci/cd branch

* indent

* tfdoc

* fix module tests
 2023-12-11 14:16:39 +00:00
ibrahimparvez2
21297f28a6 Patch Github actions ci google-github-actions/auth@v0 --> v2 (#1900) 
* MInor patch auth

* Minor update auth
 2023-12-04 12:16:02 +00:00
Julio Castillo
85b18cf42b Document fast_features (#1855) 2023-11-20 21:41:06 +00:00
Wiktor Niesiobędzki
ad14b317ab tfdoc 2023-11-16 11:45:27 +00:00
Wiktor Niesiobędzki
35f75e5a26 Add missing KMS attribute in FAST stage 2023-11-16 11:43:35 +00:00
Ludovico Magnocavallo
de0325b3a3 Avoid map-related casting errors in project factory (#1836) 
* try to repro pf example error

* repro

* repro

* pf fix

* remove extra file

* FAST stage
 2023-11-02 08:24:50 +01:00
alealr
8d06afcdb8 Updating wording 2023-10-31 14:35:27 +00:00
Simone Ruffilli
cf55638f40 FAST: rename VPC-related files to net-* (#1818) 2023-10-27 08:23:08 +00:00
Simone Ruffilli
4decc641bb Stop wrapping yamldecode with try() (#1812) 2023-10-25 16:16:05 +02:00
Simone Ruffilli
b015380028 Fix allow-nat-ranges priority 2023-10-25 14:05:15 +02:00
Simone Ruffilli
a3290f2204 FAST: Add access transparency logs to the default sinks (#1810) 
* Adds access transparency logs to the default sinks
 2023-10-24 20:09:00 +00:00
Simone Ruffilli
1836c68990 Hierarchical rules update (#1809) 2023-10-24 19:46:04 +00:00
Simone Ruffilli
1378214af5 FAST: removed references to kms_defaults (#1811) 2023-10-24 21:18:08 +02:00
Ludovico Magnocavallo
4647b07665 less verbose project factory stage outputs (#1802) 2023-10-24 09:03:35 +02:00
Ludovico Magnocavallo
a93f08e833 improve usage of optionals in FAST stage 2 VPN variables (#1797) 2023-10-23 15:23:30 +02:00
Ludovico Magnocavallo
4690bf206a Update README.md 2023-10-21 18:59:17 +02:00
Simone Ruffilli
3e16c6a959 FAST: adds support to uploading a wif provider pubkey (#1788) 2023-10-21 16:52:19 +00:00
Simone Ruffilli
6d89b88149 versions.tf maintenance + copyright notice bump (#1782) 
* Bump copyright notice to 2023

* Delete versions.tf on blueprints

* Pin provider to major version 5

* Remove comment

* Fix lint

* fix bq-ml blueprint readme

---------

Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
Co-authored-by: Julio Castillo <jccb@google.com>
 2023-10-20 18:17:47 +02:00
Ludovico Magnocavallo
e0d84fb10b add sink for workspace logs (#1780) 2023-10-19 14:51:01 +00:00
Ludovico Magnocavallo
77a4696aa6 Add gcp org policy constraints file to bootstrap stage (#1775) 
* add gcp org policy constraints file to bootstrap

* make the org policy factories more resilient
 2023-10-18 18:21:16 +00:00
Ludovico Magnocavallo
b0c552cff5 Update IAM.md 2023-10-18 19:59:07 +02:00
Ludovico Magnocavallo
e34cb20dc6 Update IAM.md 2023-10-18 19:58:18 +02:00
Ludovico Magnocavallo
f4c8786677 Update IAM.md 2023-10-18 19:57:46 +02:00
Ludovico Magnocavallo
94ae8634fc Update IAM.md 2023-10-18 19:57:03 +02:00
Ludovico Magnocavallo
e41cc4ec36 Update IAM.md 2023-10-18 19:56:40 +02:00
Ludovico Magnocavallo
6252198961 Update IAM.md 2023-10-18 19:56:20 +02:00
Ludovico Magnocavallo
e7e188818a Add service usage consumer role to IaC SAs, refactor delegated grants in FAST (#1773) 
* add serviceusage role to iac sas, refactor delegated grants

* fix test

* tfdoc
 2023-10-18 12:18:31 +00:00
Luca Prete
6c48512f7e [#1764] net-lb-int: add support for dual stack and multiple forwarding rules 2023-10-17 09:30:34 +00:00
Ludovico Magnocavallo
6fd58e33c9 Add support for psa peered domains to fast stages (#1760) 
* add support for psa peered domains

* tfdoc
 2023-10-16 06:57:18 +00:00
Ludovico Magnocavallo
28e19ab180 Minor edits to FAST network stage READMEs (#1759) 
* PSA section

* VPC description, ranges
 2023-10-15 16:14:48 +00:00
Ludovico Magnocavallo
252127bde5 Billing account module (#1743) 
* initial untested draft

* readme and tests

* folder module tfdoc

* remove redundant billing cost manager role in fast stage 0

* fix FAST test
 2023-10-15 15:02:50 +00:00
Ludovico Magnocavallo
2afdc5a8e1 Update COMPANION.md 2023-10-08 08:47:35 +02:00
Julio Castillo
dfc5023e0b Make deletion protection consistent across all modules (#1735) 
* Expose deletion_protection in GKE modules

* Make deletion protection consistent across all modules

* Add deletion_protection option to blueprints

* Fix blueprints tests

* Fix types

* Update READMEs

* Fix dp readme

* Fix cmek blueprint default deletion_protection

* Fix blueprints tests
 2023-10-05 17:31:07 +02:00
Alejandro Leal
81c6959617 Update to lint.sh and wording to some tf 
fast/stages-multitenant/0-bootstrap-tenant/identity-providers.tf
fast/stages/0-bootstrap/identity-providers.tf
tools/lint.sh
 2023-10-05 00:17:20 -04:00
Alejandro Leal
8c4cd8548c Update README.md 2023-10-04 14:04:04 -04:00
lcaggio
6889f02954 Fix data platform roles (#1725) 
* Fix Data Platform roles

* Fix README

* Fix blueprint tests

* Update cleanup dp steps

---------

Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
 2023-10-04 07:31:40 +02:00
Ludovico Magnocavallo
789328ff5a Bump provider versions to v5.0.0 (#1724) 
* bump provider versions to 5.0.0

* fix cloud run, logging and vpc-sc

* Fix secret manager

* fix gke nodepool

* fix gke multitenant stage and blueprint

* Moving alloydb module to experimental.

* Add project to bare resources in examples

* tfdoc

* fix svpc blueprint test

* Revert "fix svpc blueprint test"

This reverts commit 14f02659098070136e64ead600580dd52c23c339.

* Fix GKE peering project

* Disable tests in alloydb module

* Bring back secret ids in secret manager tests

* Remove duplicate key

* last push

---------

Co-authored-by: Julio Castillo <jccb@google.com>
 2023-10-03 12:15:36 +00:00
Ludovico Magnocavallo
2ee8f57769 FAST: add example of custom org policy condition to bootstrap README (#1718) 
* add oslogin constraint condition example to bootstrap

* add oslogin constraint condition example to bootstrap

* add oslogin constraint condition example to bootstrap
 2023-09-30 10:22:56 +02:00
Julio Castillo
9082bbcc48 Fix indentation in FAST hierarchical firewall rules (#1715) 
Fixes #1712
 2023-09-29 13:37:41 +00:00
lcaggio
e4a25d7c99 Fix tenant folder tag (#1711) 2023-09-28 23:48:14 +02:00
Julio Castillo
b2d27b5f12 Update bootstrap and destroy roles 2023-09-28 11:41:56 +02:00
Julio Castillo
30772d921c Update README.md 2023-09-28 10:59:54 +02:00
Ludovico Magnocavallo
fcc1aa87c4 fix latest commit 2023-09-28 10:58:31 +02:00
Ludovico Magnocavallo
76b4605326 add missing roles for initial bootstrap 2023-09-28 10:57:46 +02:00