kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6,063 Commits 1 Branch 1 Tag
2b0a9db8edb5d2ec936cb0ce53ef99fdb291ed93
Commit Graph

6063 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
rshokati2
b4abbfe9d0 Add intercepting sinks to the organization and folder modules (#2799) 
* RS-469: add support for intercept child on audit logging

* RS-469: add validation to ensure sink is set to project

* RS-469: add further validation to ensure include_children is also set to true when intercept is selected

* Update README

* RS-469: include optional flag for include and intercept

* RS-469: add intercept feature to folder module

* Fix organization README

* Fix condition

---------

Co-authored-by: Emile Hofsink <72841492+EmileHofsink@users.noreply.github.com>
Co-authored-by: Julio Castillo <jccb@google.com>
 2025-01-10 10:36:08 +00:00
Ludovico Magnocavallo
27f1cc2b79 Implement FAST stage add-ons, refactor netsec as add-on (#2800) 
* security fixes

* change netsec to be a virtual stage in resman

* remove netsec bits from security stage, leave CAs in place

* netsec - security profile groups

* export regions to networking tfvars

* netsec - trust stores

* netsec refactor, untested

* netsec plan working

* netsec apply

* netsec apply errors

* netsec diagram

* update diagram

* move addon stages to addons folder

* remove top-level assets folder

* deprecate and remove fast plugins

* addon tests

* dynamic addon providers and cicd, untested

* stage 1 addons in stage 0, refactor stage 0 cicd

* addons and cicd refactor in stage 0 with tests

* refactor stage 0 cicd

* readd removed block

* small bootstrap cicd fixes

* refactor stage 1 cicd

* resman tests

* remove plugins from networking tests

* fix fast tests

* ngfw addon outputs

* try to fix unrelated tflint error in bootstrap

* remove common tfvars from bootstrap tests to fix linter errors

* tfdoc

* minimal readmes and links fixes

* tfdoc

* trim down test inventories

* fix plan test

* tfdoc

* allow configuring output files names

* fix tls inspection after adding count to project module

* comment fixes

* tfdoc
 2025-01-09 18:14:11 +00:00
Ludovico Magnocavallo
d6d582e636 Add optional support for fw policies via new vpc_configs variable, refactor factories variable in net stages (#2801) 
* net a

* extend change to other networking stages

* refactor factories config variable in net a

* net b and c

* complete net b

* fix errors, add mtu

* fix

* fix

* fix errors
 2025-01-09 17:14:55 +01:00
Ludo
e07adf71c1 rollback 2025-01-09 16:43:56 +01:00
Ludo
4bae08f61e fix 2025-01-09 16:43:01 +01:00
Ludo
3097a54d30 Merge remote-tracking branch 'origin/master' into fast-dev 2025-01-09 16:38:01 +01:00
apichick
1ce9aff3b5 ASN should be optional in router_config variable as it is not necessary if the router is passed and not created by the net-vpn-ha module (#2806) 2025-01-09 14:46:42 +00:00
dependabot[bot]
8b9665a828 Bump golang.org/x/net (#2807) 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.23.0 to 0.33.0.
- [Commits](https://github.com/golang/net/compare/v0.23.0...v0.33.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-01-09 14:02:26 +00:00
Julio Castillo
cf173701b6 New tool versions.py to manage versions.tf/tofu (#2803) 
* Add provider_metadata to all modules

* Fix linting version check

* Another way

* Fix syntax

* Add fabric prefix to all provider meta

* Fix linting.yml
 2025-01-09 09:57:48 +01:00
apichick
9723cc2a57 Added BGP priority variable for dedicated interconnect because it was harcoded to 100 and removed default bgp range, so it can be automatically picked up if not specified (#2802) 2025-01-07 18:07:55 +01:00
Ludovico Magnocavallo
6844a19e74 Update addon-stages.md 2025-01-07 08:01:38 +01:00
Ludovico Magnocavallo
0ae0c3dad6 Update addon-stages.md 2025-01-07 08:01:16 +01:00
Ludovico Magnocavallo
3ec627682f Update addon-stages.md 2025-01-07 08:00:25 +01:00
Ludo
8ab982cd24 Merge remote-tracking branch 'origin/master' into fast-dev 2025-01-06 20:50:11 +01:00
Joshua Wright
325a997d79 Add Alerts, Logging, Channels Factories (#2758) 
* WIP: Logging Alerts Factory

* Implement Logging Alerts on Remaining Modules

* Documentation & FMT

* Convert To Multiple Factories

* Correct Project

* Update Documentation

* Update modules/project/alerts-factory.tf

Co-authored-by: Julio Castillo <jccb@google.com>

* Update fast/stages/0-bootstrap/data/logging-metrics/compliance.yaml

Co-authored-by: Julio Castillo <jccb@google.com>

* Update Tests, Resources

* tests

* Fix Tests

* Fix formatting

* Reformat metric filters

* Formatting, reordering, and small fixes

* Bring back alerts and metrics documentation

* Revert change bootstrap outputs.tf

* Fix project notification channel vars and factories

* Fix vars and factory for logging alerts

* Complete alert variable and factory

* Reorder fields

* Update readme

* Reorder variables

* Add schemas, update README, and fix some types

* Remove default alerts email from project and project-factory

* Move observability factory to a single file

* Add outputs to project module

* Add factories_config to PF data_defaults and data_overrides

* Reorder PF field processing

* Revert fast/ to master.

We'll do observability stuff in a separate PR

* Remove observability from FAST

* Remove new FAST tests

* Remove unused local

* Fix tests

---------

Co-authored-by: Julio Castillo <jccb@google.com>
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
 2025-01-05 19:49:20 +00:00
Ludovico Magnocavallo
2e86b09d0b ADR proposal for FAST add-on stages (#2798) 
* ADR proposal for FAST add-on stages

* Update addon-stages.md

* Update addon-stages.md

* Update addon-stages.md

* Update addon-stages.md

* Update addon-stages.md

* Update addon-stages.md

* Update addon-stages.md

* Update addon-stages.md

* Update addon-stages.md

* Update addon-stages.md
 2025-01-05 16:02:47 +01:00
simonebruzzechesse
0de38240a2 add docker image tag to bindplane config variable (#2796) 2025-01-03 16:52:51 +01:00
Wiktor Niesiobędzki
cbaf6928d6 fix non-empty plan after apply for vertex mlops 2024-12-31 17:27:47 +01:00
Julio Castillo
c73f912d43 Fabric e2e fixes (#2791) 
* Try to fix fabric e2e tests. Update service agents

* Fix typo

* Fix syntax

* Delay PSA creation until service agents have roles assigned

* Fix tests
 2024-12-31 15:25:36 +01:00
Ludovico Magnocavallo
510d76dff1 Merge remote-tracking branch 'origin/master' into fast-dev 2024-12-30 10:58:51 +01:00
Wiktor Niesiobędzki
76b108d7a7 Fix cycle in the plan 
Without this change, terraform errors with:
│ Error: Cycle: module.project.google_storage_bucket_iam_member.gcs-sinks-binding, module.project.google_project_iam_member.project-sinks-binding, module.project.google_essential_contacts_contact.contact, module.project.google_bigquery_dataset_iam_member.bq-sinks-binding, module.project.google_project_iam_member.bucket-sinks-binding, module.project (close), module.project.output.sink_writer_identities (expand), local.cluster_sa (expand), module.project.var.iam_bindings_additive (expand), module.project.google_project_iam_member.bindings, module.project.google_logging_project_sink.sink, module.project.google_pubsub_topic_iam_member.pubsub-sinks-binding

The actual error is wrong variable reference.

Closes: #2789
 2024-12-29 20:30:59 +01:00
Ludovico Magnocavallo
647895a928 Leverage environments for folder and project creation in FAST resman and security (#2787) 
* resman

* resman tests

* untested sec changes

* plan fixes

* tests, tfdoc, test apply

* boilerplate

* resource naming
 2024-12-27 21:03:31 +01:00
Ludovico Magnocavallo
33b129eb12 Merge remote-tracking branch 'origin/master' into fast-dev 2024-12-26 16:50:08 +01:00
Wiktor Niesiobędzki
c176ea16be Make PSA connection more robust 2024-12-26 16:37:24 +01:00
Ludo
4dd679ff80 Merge branch 'fast-dev' of github.com:GoogleCloudPlatform/cloud-foundation-fabric into fast-dev 2024-12-26 08:56:17 +01:00
Ludo
c9cb93584b update changelog 2024-12-25 08:25:57 +01:00
Ludovico Magnocavallo
94c5e630e7 fix validation message (#2784) 2024-12-25 08:25:07 +01:00
Harvey Liu
59e3c87034 Update net-lb-app-ext security_settings variables (#2783) 
* updates

- set client_tls_policy as optional
- set subject_alt_names as optional

* update

run cmd ./tools/tfdoc.py modules/net-lb-app-ext to fix linting error
 2024-12-25 07:52:31 +01:00
simonebruzzechesse
bf2995d94b Fix bindplane cos module (#2781) 
Fix bindplane cos module
 2024-12-23 10:37:09 +01:00
Ludo
7cb162bfb2 update changelog 2024-12-21 11:27:26 +01:00
Sergio Rodriguez
1e4a3a4bb8 an empty ssl_certificates list should be set to null (#2780) 
An empty `ssl_certificates` list will conflict with a user-defined
`certificate_manager_certificates` value, so exclude it.
 2024-12-21 10:26:29 +00:00
Wiktor Niesiobędzki
ddd8382e7c fix failing tofu tests 2024-12-20 10:19:01 +01:00
Julio Castillo
efddd1c45e Document tag_bindings definition as map(string) (#2777) 2024-12-19 14:47:32 +01:00
Julio Castillo
f1acc92864 Add support for log views and log scopes (#2776) 
* Add views and tags to logging bucket

* Add logs scopes to project

* Add missing inventory
 2024-12-18 18:29:44 +01:00
simonebruzzechesse
e241624040 New BindPlane OP Management console on GKE SecOps blueprint (#2721) 
new bindplane on GKE secops blueprint
 2024-12-17 22:16:40 +01:00
Luca Prete
e72303a94b [FAST] Remove unused stage 1 CICD variables (#2774) 2024-12-17 17:26:02 +01:00
Wiktor Niesiobędzki
3337f0be0e Fix for perma-diff when using PSC NEGs. 
Provider issue: https://github.com/hashicorp/terraform-provider-google/issues/20576
 2024-12-17 14:28:48 +01:00
Wiktor Niesiobędzki
6d51c8da4d Use separate versions.tofu for OpenTofu constraints 2024-12-17 12:29:04 +01:00
Ludo
531934457e update changelog 2024-12-16 19:25:41 +01:00
Ludovico Magnocavallo
91da1c6482 Support customizable resource names to fast stage 1 (#2769) 
* add support for resource names to fast stage 1

* tflint version
 2024-12-16 18:07:28 +00:00
Ludovico Magnocavallo
0fa257e6b1 Support customizable resource names in FAST stage 0 (#2768) 
* support customizable resource names in FAST stage 0

* tfdoc

* tflint

* remove comment

* use object type

* tfdoc

* bump tf version

* bump terraform version in versions files

* tf version in ci

* trigger workflow
 2024-12-16 17:46:34 +01:00
Ludo
89a33f0a73 update changelog 2024-12-13 18:03:48 +01:00
Ludovico Magnocavallo
133a9bb133 fix workspace logs sink in FAST bootstrap stage (#2767) 2024-12-13 13:22:42 +00:00
Ludovico Magnocavallo
ae9f4c6d74 allow optional creation of billing resources in FAST boostrap stage (#2766) 2024-12-13 12:32:16 +01:00
Ludo
1ee21fae5a better org replacement in iam tool 2024-12-13 11:01:23 +01:00
Julio Castillo
b38e8bfa79 Update issue templates (#2765) 2024-12-12 12:40:47 +00:00
Ludo
9873fc41f6 update changelog 2024-12-12 12:09:37 +01:00
Ludovico Magnocavallo
d86b8d565c Refactor GKE cluster modules access configurations, add support for DNS endpoint (#2761) 
* stub

* gke standard module and tests

* blueprints

* tfdoc

* autopilot

* blueprints

* tfdoc

* gke hub module examples

* dataproc and gke fixture
 2024-12-12 11:02:24 +01:00
Ludovico Magnocavallo
d59d182456 ignore ssl certificates if none are passed in net-lb-app-int module (#2764) 2024-12-12 10:37:37 +01:00
Luca Prete
07e0fb895b Update net-vlan-attachment module readme (#2757) 
* Update net-vlan-attachment module configuration with the correct link-local IP addresses and interconnect self-link formats.

* fix example formatting

---------

Co-authored-by: Luca Prete <lucaprete@google.com>
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
 2024-12-11 08:00:28 +00:00