kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6,777 Commits 1 Branch 1 Tag
2af44b0651424cdbf4991f72f4b97bc4d8348b54
Commit Graph

56 Commits

Author SHA1 Message Date
Vannick Trinquier
2af44b0651 Add support for security command center mute rules in module organization, folder and project (#3694) 2026-02-04 08:31:05 +07:00
lopezvit
6db25b1a08 Add support for the Assured Workloads in the project factory (#3666) 
* Add support for the Assured Workloads in the project factory

* Fix test after requiring organization as a var
 2026-01-23 13:21:48 +01:00
Julio Castillo
d9e1b924a1 Add asset_feeds to resman modules (#3658) 
* Add asset_feeds to resman modules

* Add examples and update readmes

* Extend pubsub_topic context to project and folder modules

* Use pubsub_topic context for pubsub_destination

* Update readmes and add project-factory asset_feed example

* Update context tests

* Update schemas
 2026-01-20 14:37:35 +00:00
Ludovico Magnocavallo
7e32058010 [WIP] Add support for KMS autokey (#3515) 
* wip

* folder module

* project factory schema

* remove spurious project template

* gcs and compute-vm modules

* variable order
 2025-11-09 10:46:28 +01:00
Ludovico Magnocavallo
0a2cc758ac Essential contacts in schemas, and email context substitutions (#3495) 
* modules

* fast

* duplicate diff

* fix contacts in FAST stage 0 datasets, update contacts in YAML schemas
 2025-11-03 08:53:29 +01:00
Julio Castillo
48f6b4cd49 Add PAM support (#3438) 
* PAM first pass

* Add factory and extend to organization

* Extend to project, add examples

* Add additionalProperties to all objects

* Fix boilerplate

* Expose pam_entitlements to project-factory

* Fix readme

* Move entitlements to second folder/project pass

* extend tests

* Fix readme

* Remove timeouts from inventories
 2025-10-20 12:50:37 +00:00
Vannick Trinquier
cfe2e21ce7 feat: add support for SCC Custom Security Health Analytics module in … (#3372) 
* feat: add support for SCC Custom Security Health Analytics module in organization, folder and project modules

* fix: update description and docs

---------

Co-authored-by: Julio Castillo <jccb@google.com>
 2025-10-03 13:47:50 +02:00
Ludovico Magnocavallo
bc6950e205 Rename FAST stages preparing for eventual deprecation (#3298) 
* renames

* links

* readme

* docs

* update pf modules tests for renames

* condition_vars context in modules

* data platform dataset

* fix links in stage 3 docs

* schema changes

* schema docs

* tfdoc

* update duplicates check

* fast legacy tests

* legacy schema

* fix tests
 2025-09-04 08:24:11 +02:00
Ludovico Magnocavallo
36648b6b63 FAST light implementation (#3255) 
* data wip

* wip data

* update org schema, add note on expansion

* all schemas, workload notes

* Update WORKLOG.md

* Update WORKLOG.md

* Update WORKLOG.md

* Update WORKLOG.md

* wip

* data wip

* wip

* wip

* wip

* wip

* org module IAM context (using lookup)

* new-style context expansion in project IAM

* remove spurious file

* project module contexts

* finalize context replacement format for project module

* revert org module changes

* fix tag id interpolation in project

* fix tag id interpolation in project

* organization module context

* organization context test

* context expansion for folder tag bindings

* test context expansion for tag bindings

* service account module context

* simplify context local

* context for iam service account

* nuke blueprints

* remove links to blueprints

* vpc sc context in project module

* Add context to GCS module

* Add inline deps to plan_summary script

* Make context a top-level variable for folder, organization, sa

* Add add context top-level to VPC-SC

* move context out of factories_config variable

* tfdoc

* fix merge

* fix merge

* fix examples

* net-vpc module context

* add parent ids to folder context

* rename folder parent context

* fix folder parent check

* new project factory stub

* wip

* wip

* refactor defaults

* project iam

* bueckts and service accounts

* start adding context replacements

* better test data

* automation resources for folders and projects

* automation

* add support for project id interpolation

* first tested apply

* improve IAM description in gcs module

* add context to billing account module

* add notification channels to billing account module context

* add billing budgets to new pf

* schemas and defaults

* bootstrap wip

* bootstrap wip

* bootstrap wip

* pf outputs

* pf fixes

* fix pf sample data

* bootstrap lite fixes

* add locations to organization module contexts

* bootstrap lite fixes

* org fixes, billing accounts

* fix default project parent

* bootstrap lite wip

* add locations to gcs module context

* add context support to logging bucket module

* add context to pubsub module

* split out iam variables in gcs module

* fix logging bucket context test

* bootstrap log sink destinations

* streamline logging-bucket module variables

* fix logging bucket context test

* align logging bucket module interface in fast bootstrap

* add support for project-level log buckets to project factory

* support full context expansion in organization module log sinks

* log buckets in fast-lite bootstrap

* make og sink type optional in organization module

* log sinks in fast-lite bootstrap

* set tag values in factory context

* bootstrap lite data

* output files schema

* billing account schema

* output files

* output providers

* gcs output files

* boilerplate

* tflint

* check documentation

* check docs

* fix project module parent variable validation

* fix log bucket examples

* allow null parent in project module

* silence folder test errors

* fix billing account sink example

* fix project example

* fix billing account module

* fix folder tests

* fix FAST

* fix fast

* tfvars outputs

* wif

* cicd service accounts

* cicd

* allow defaults in context, minimal org policies

* support gcs managed folders in project factory and bootstrap lite

* support prefix in provider output files

* rename bootstrap stage

* gitignore

* gitignore

* security folder, billing IAM

* wip tfvars

* fix typo

* security IAM

* control tag iam/context via variables in organization module

* split tag creation from tag IAM to avoid circular refs

* port organization module tag changes to project module

* implement new-style context expansion in vpc-sc module

* fix fast vpc-sc tests

* boilerplate

* vpc sc stage

* schemas

* fast-lite compatibility for vpc sc stage

* make log project number optional in vpc-sc stage

* networking

* networking

* networking

* networking

* rename and move new stage under fast

* clone pf tests

* use context replacement for internal notification channels in billing account module

* support service agents in project module iam context replacements

* support service agents in project module iam context replacements

* add support for kms keys to project module context

* experimental pf example test and fixes

* fix schemas

* fix tests

* tfdoc

* tfdoc

* pf config

* experimental pf

* remove redundant dot from gcs managed folder IAM keys

* bootstrap experimental test

* project factory exp stage test

* skip tflint for bootstrap experimental test

* tflint

* fix gcs test

* documentation work

* documentation work

* Update README.md

* tfdoc

* tfdoc

* readme

* tfdoc

* readme

* readme

* readme

* readme

* support universe in pf exp projects

* missing universe service agents

* org policies import, non-admin billing IAM

* todo

* fix test

* custom constraints

* fast classic dataset

* fix test data

* context replacements in billing module log sinks

* fix typo

* add support for billing log sinks

* update docs

* readme

* cicd fix and test

---------

Co-authored-by: Julio Castillo <jccb@google.com>
 2025-09-02 08:38:57 +02:00
Julio Castillo
3ffe838e06 Add context to organization policiy factories (#2876) 2025-02-10 22:24:01 +00:00
Julio Castillo
68a5a701e7 Expose parameters module in org policy variables 2025-02-07 10:55:05 +01:00
Simone Ruffilli
7f8a02a405 Add support for google provider 6.x (#2536) 
* Add support for google provider 6.x

Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
Co-authored-by: Wiktor Niesiobędzki <wiktorn@google.com>
Co-authored-by: Julio Castillo <jccb@google.com>
 2024-09-05 10:35:58 +00:00
Aleksandr Averbukh
85c1b7c156 Add AssuredWorkload support to the folder module (#2390) 
* Feat: Add AssuredWorkload support to the folder module

* Formatting

* Use square brackets to access list items

* Docs gen after adding an example to the readme

* Reorder variables

* Formatting

* Reordering outputs, formatting

* Remove try where not needed. Add IAM into the AW example and tests

* Fix tests

* Enable Assured Workloads in E2E tests

* Add compliance_regime and partner enum fields validation

* Rewording validation message for compliance_regime, partner fields

* Sort the list of allowed values alphabetically

* Make the organization dependant on testing environment

* fix tests

* Disable E2E for Assured Workflow example.

This example requires Access Transparency enabled on org level, even
chosing different regime, we need to have `parent` and `organization`
within the same hierarchy, which is not currently the case and requires
more rework of the test framework.

---------

Co-authored-by: Wiktor Niesiobędzki <wiktorn@google.com>
 2024-06-27 14:28:17 +02:00
Ludovico Magnocavallo
604920dec9 add logging settings to folder module (#2268) 2024-05-13 09:24:17 +02:00
Julio Castillo
5197d5ca8d Allow projects as destinations for log sinks (#2102) 
* Add project log sink destination to project module

* Add project log sink destination to folder module

* Add project log sink destination to organization module

* Fix typos

* Add project log sink destination to billing-account module

* Make filter field optional

* Update READMEs

---------

Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
 2024-02-21 08:41:13 +01:00
Ludovico Magnocavallo
71a64487d5 Extend FAST to support different principal types (#2064) 
* add doc draft

* typos

* typo

* typo

* typos

* rewording

* Update 0-domainless-iam.md

* Update 0-domainless-iam.md

* Update 0-domainless-iam.md

* Update 0-domainless-iam.md

* Update 0-domainless-iam.md

* Update 0-domainless-iam.md

* Update 0-domainless-iam.md

* Update 0-domainless-iam.md

* Update 0-domainless-iam.md

* Update 0-domainless-iam.md

* move iam variables to a separate file

* move billing-account module to iam_principals

* move data-catalog-policy-tag module to iam_principals

* move dataplex-datascan module to iam_principals

* move dataproc module to iam_principals

* move folder module to iam_principals

* copyright

* move organization module to iam_principals

* move project module to iam_principals

* move source-repository module to iam_principals

* update blueprints for iam_principals interface

* FAST bootstrap

* module READMEs fixes

* FAST bootstrap

* FAST networking stages

* FAST security stage

* FAST gke stage

* FAST multitenant bootstrap stage

* FAST multitenant resman stage

* tfdoc

* Update 0-domainless-iam.md

* Update 0-domainless-iam.md

* Update 0-domainless-iam.md

* Update 0-domainless-iam.md

* fix module test

* Update 0-domainless-iam.md

* Update 0-domainless-iam.md

* Rename iam_principals to iam_by_principals

* Update IAM template to include iam_by_principals

* Update Resman README

* Fix ADR link format

---------

Co-authored-by: Julio Castillo <jccb@google.com>
 2024-02-12 14:35:30 +01:00
Ludovico Magnocavallo
bf93b6fb4e fix typo in logging sinks interface (#2015) 2024-01-28 10:27:28 +01:00
Ludovico Magnocavallo
bba814c091 Custom role factories for organization and project modules (#1912) 
* backport custom role factories

* backport from fast ci/cd branch

* indent

* tfdoc

* fix module tests
 2023-12-11 14:16:39 +00:00
apichick
0f91a964da Added back sink iam flag as module users might not have access to the sink destination and the role might need to be granted somewhere else 2023-11-07 08:11:23 +01:00
Ludovico Magnocavallo
252127bde5 Billing account module (#1743) 
* initial untested draft

* readme and tests

* folder module tfdoc

* remove redundant billing cost manager role in fast stage 0

* fix FAST test
 2023-10-15 15:02:50 +00:00
Ludovico Magnocavallo
ec3b705f53 Change type of iam_bindings variable to allow multiple conditional bindings (#1658) 
* modules

* fast

* dns readme
 2023-09-08 08:56:31 +02:00
Julio Castillo
04721a35ef Allow single hfw policy association in folder and organization modules 2023-08-28 16:00:48 +02:00
Ludovico Magnocavallo
819894d2ba IAM interface refactor (#1595) 
* IAM modules refactor proposal

* policy

* subheading

* Update 20230816-iam-refactor.md

* log Julio's +1

* data-catalog-policy-tag

* dataproc

* dataproc

* folder

* folder

* folder

* folder

* project

* better filtering in test examples

* project

* folder

* folder

* organization

* fix variable descriptions

* kms

* net-vpc

* dataplex-datascan

* modules/iam-service-account

* modules/source-repository/

* blueprints/cloud-operations/vm-migration/

* blueprints/third-party-solutions/wordpress

* dataplex-datascan

* blueprints/cloud-operations/workload-identity-federation

* blueprints/data-solutions/cloudsql-multiregion/

* blueprints/data-solutions/composer-2

* Update 20230816-iam-refactor.md

* Update 20230816-iam-refactor.md

* capture discussion in architectural doc

* update variable names and refactor proposal

* project

* blueprints first round

* folder

* organization

* data-catalog-policy-tag

* re-enable folder inventory

* project module style fix

* dataproc

* source-repository

* source-repository tests

* dataplex-datascan

* dataplex-datascan tests

* net-vpc

* net-vpc test examples

* iam-service-account

* iam-service-account test examples

* kms

* boilerplate

* tfdoc

* fix module tests

* more blueprint fixes

* fix typo in data blueprints

* incomplete refactor of data platform foundations

* tfdoc

* data platform foundation

* refactor data platform foundation iam locals

* remove redundant example test

* shielded folder fix

* fix typo

* project factory

* project factory outputs

* tfdoc

* test workflow: less verbose tests, fix tf version

* re-enable -vv, shorter traceback, fix action version

* ignore github extension warning, re-enable action version

* fast bootstrap IAM, untested

* bootstrap stage IAM fixes

* stage 0 tests

* fast stage 1

* tenant stage 1

* minor changes to fast stage 0 and 1

* fast security stage

* fast mt stage 0

* fast mt stage 0

* fast pf
 2023-08-20 09:44:20 +02:00
Ludovico Magnocavallo
def2f476d1 Add support for conditions to iam_members module variables (#1594) 
* project

* data-catalog-policy-tag

* dataproc

* folder

* iam-service-account

* kms

* net-vpc

* organization

* source-repository

* dataplex-datascan
 2023-08-15 16:28:23 +02:00
Ludovico Magnocavallo
adf2621727 Add new iam_members variable to IAM additive module interfaces (#1589) 
* resource management modules

* data catalog policy

* dataproc

* service account

* kms

* net-vpc

* source repository

* dataplex datascan

* service account module variable order
 2023-08-14 09:54:50 +00:00
Ludovico Magnocavallo
79373721df Remove firewall policy management from resource management modules (#1581) 
* rename firewall policy module, fix outputs

* add TOC to firewall policy module

* don't depend policy on parent id

* remove firewall policy from resource management modules

* remove factory conditionals

* fast net a and b

* fast stages

* fast tfdoc

* fast tfdoc

* remove unused test

* fix shielded folder blueprint

* fix shielded folder blueprint
 2023-08-09 11:23:07 +00:00
Ludovico Magnocavallo
551dc581e8 Implement proper support for data access logs in resource manager modules (#1497) 
* organization module

* rename iam_bindings_authoritative to iam_policy, fix tests

* add support for data access logs and iam policy to folder module

* test inventories

* add support for data access logs and iam policy to project module
 2023-07-10 08:08:02 +00:00
Julio Castillo
6b767c9035 Simplify org policies data model in resman modules. 2023-02-21 15:49:16 +01:00
Julio Castillo
c83a7de076 Remove as_logging_destination 2022-11-12 19:24:41 +01:00
Julio Castillo
daf0fef7cd Fix folder variables 2022-11-12 12:07:48 +01:00
Julio Castillo
8fe19ad7c2 Rename bigquery_use_partitioned_table 2022-11-12 11:30:34 +01:00
Julio Castillo
486d398c7d Update logging sink to tf1.3 in resman modules 2022-11-11 19:22:05 +01:00
Julio Castillo
4b278a1533 Update variable description 2022-11-03 12:35:50 +01:00
Julio Castillo
3e18575fad Add factory support for new org policies 2022-11-03 11:41:53 +01:00
Julio Castillo
b23d07b0c6 Update project/folder/module to use new org policies API and tf1.3 optionals. 2022-10-28 17:49:44 +02:00
Ludovico Magnocavallo
ecadebe90b Add support for IAM additive to folder module (#580) 2022-03-11 09:46:32 +01:00
Ludovico Magnocavallo
0b5ed8b7ef Add support for resource management tags and tag bindings (#552) 
* organization module

* folder module

* project module

* fix project binding

* use id instead of name for references

* kms module

* compute-vm

* fix compute-vm
 2022-02-20 11:14:18 +01:00
Simone Ruffilli
abb6b50a46 Add periods at the end of each description field where missing (#478) 2022-01-31 10:45:34 +01:00
Julio Castillo
e2abd772f2 Update resman modules (#475) 
* Make logging sinks in different resources use the same API

* Split resman modules in multiple files. Add nullables where applicable
 2022-01-29 19:35:33 +01:00
apichick
6dbb7fc6b2 removed boolean flag used to authorize the sink writer identity on the destination 2022-01-27 17:44:27 +01:00
Simone Ruffilli
ee25965c89 Copyright bump (#410) 2022-01-01 15:52:31 +01:00
Julio Castillo
f78902aee8 Update hierarchical firewall resource 
This replaces all the `google_compute_organization_security_*`
resources with the newer `google_compute_firewall_*` resources.
 2021-12-31 13:06:35 +01:00
Ludovico Magnocavallo
174de3a087 Organization module refactor, in-module firewall policy factory for organization and folder (#385) 
* move iam and logging to separate files, minimal refactoring

* update README

* fix example

* factory

* tfdoc

* boilerplate

* remove data_folder variable

* tfdoc

* fix default factory name

* add firewall policy to folder module

* add factory example
 2021-12-13 08:41:02 +01:00
Julio Castillo
1d13e3e624 Add more validations to linter 
- Ensure all variables and outputs are sorted
- Ensure all variables and outputs have a description
- Add data-solutions/data-platform-foundations to linter

Fix all modules to follow these new conventions.
 2021-10-08 18:26:04 +02:00
Ludovico Magnocavallo
f8413cc98e Add support for group-based IAM to resource management modules (#229) 
* group_iam support for organization

* group_iam support for folder

* fix typo in variable description

* add group_iam to project module

* update project module README
 2021-04-11 14:48:16 +02:00
Julio Castillo
ad68fc4dfa Support for cloud logging buckets 2021-03-03 14:23:59 +01:00
Julio Castillo
2d9d81e061 Add support for essential contacts 2021-02-24 18:34:17 +01:00
Julio Castillo
1e11c670f5 Update copyright to 2021 2021-02-15 09:38:10 +01:00
Julio Castillo
c6691a6140 Add include_children option folder and organization sinks 2020-12-06 17:56:27 +01:00
Julio Castillo
1af70c748c Rename "grant" to "iam" in sink variables 2020-12-05 12:39:06 +01:00