kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6,883 Commits 1 Branch 1 Tag
2c39df64537c169971c655b2a4509cb4de08b799
Commit Graph

180 Commits

Author SHA1 Message Date
Josh Myers
2c39df6453 Fix Logging folder settings folder (#3811) 
* Fix: google_logging_folder_settings takes a folder number not folder id

* chore(project-factory): Conditionally pass through logging_settings

Only pass through logging_settings to the folder module if any of the following are true:

- logging.storage_location      is not null
- logging.disable_default_sink  is not null
- logging.kms_key_name          is not null

Else we are triggering [1] when we don't want to.

[1] https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/blob/master/modules/folder/logging.tf#L59-L69
 2026-03-26 05:56:08 +00:00
Samuele Perticarari
bd87710eea feat: Add new compliance regime options for Assured Workloads (#3794) 
* feat: Add new compliance regime options to folder schemas for assured workloads configurations.

* terraform fmt

* Update Folder README with `tools/tfdoc.py` tool
 2026-03-16 17:59:25 +00:00
Ludovico Magnocavallo
7a5664f475 Additional changes to folder module and project factory (#3782) 
* allow null name, use basepath for factories in pf folders

* fix id in folder schema
 2026-03-05 09:32:35 +00:00
Ludovico Magnocavallo
0be09646b0 Add missing folder features to project factory and align logging across folder/org modules (#3779) 2026-03-04 10:28:48 +01:00
Ludovico Magnocavallo
6494939348 Fix support for credit types in billing module budgets (#3765) 
* fix billing budgets

* tfdoc
 2026-02-25 15:31:35 +01:00
kovagoadam
738e638bbe Added custom prefix support for automation SA (#3757) 2026-02-21 09:54:01 +01:00
Ludovico Magnocavallo
67b1543e90 Support additional attributes for buckets/datasets in project factory module (#3755) 
* extend attributes for project factory secondary resources

* remove extra files

* complete

* tf fmt

* tfdoc

* schemas

* fix tests

* tfdoc
 2026-02-20 11:57:59 +00:00
Luca Prete
1ba20addf6 Fix project factory service agents outputs from iamEmail to iam_email 2026-02-19 09:42:02 +00:00
Luca Prete
90d7ffc703 [project-factory] Add service_agent outputs (#3750) 2026-02-19 09:08:16 +00:00
Ludovico Magnocavallo
079aac1f88 Merge remote-tracking branch 'origin/master' into fast-dev 2026-02-12 09:07:04 +00:00
Ashley Abbott
c09a5d3e24 feat: pass variable for additive by principal (#3731) 
* feat: pass variable for additive by principal

* fix reference
 2026-02-12 08:53:30 +00:00
Ludovico Magnocavallo
fb21f6aaf8 Change factories_config type in FAST and project/vpc factory modules, add YAML schema validation (#3728) 
* stage 0

* stage 1

* networking

* security

* pf stage

* tfdoc

* align schemas

* inventory

* fix observability

* pf module

* pf module budgets

* align fast stages

* align project subfactories

* tfdoc

* schema validation

* add missing schemas

* Fix observability types

---------

Co-authored-by: Julio Castillo <jccb@google.com>
 2026-02-11 15:29:49 +00:00
kovagoadam
4fa6a6f205 Add custom bucket name for project-factory module (#3682) 
* Added bucket_name for project-factory module

* Added new key attribute to projects_buckets local

---------

Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
Co-authored-by: Julio Castillo <jccb@google.com>
 2026-02-09 13:44:03 +01:00
Ludovico Magnocavallo
bcca9e44ac Support project-level tag key/value contexts in project factory (#3714) 
* cross-project tag context

* improve regression test

* add tag contexts to README contexts table
 2026-02-09 08:54:29 +00:00
Ludovico Magnocavallo
fda89827a2 revert #3704 (#3713) 2026-02-07 11:08:25 +01:00
Vannick Trinquier
d499dc6928 Add support for bucket logging configuration in module gcs and project-factory (#3699) 2026-02-06 14:14:46 +07:00
Ludovico Magnocavallo
06da98fac6 Fix regression in project factory module context (#3708) 
* fix regression in pf

* regression test
 2026-02-05 18:06:34 +00:00
lopezvit
97297d6065 fix(project-factory): Correctly interpolate IAM principals in tags (#3704) 
* fix(project-factory): Correctly interpolate IAM principals in tags

Moves the processing of `tags` and `tag_bindings` from the `projects` module instance to the `projects-iam` instance.

This fixes a bug where IAM principals for automation service accounts, referenced via `$iam_principals:service_accounts/...`, were not being interpolated within `tags` IAM definitions. The `projects` module was called before the automation service account context was available, leading to the literal string being used instead of the service account email. Processing tags in the `projects-iam` module ensures the full context is available for interpolation.

Adds new tests for both the `project` and `project-factory` modules to validate the fix.

* fix(project-factory): Tag creation is now done in 2 steps.

1st step(projects): Creation of the tags without IAM bindings
2nd step(projects-iam): IAM bindings without creating the tags again
That way we are more backwards compatible as tags and tags values are back to be under  module.project-factory.module.projects["*"].google_tags_tag_*

* fix(modules/project-factory): introduce fix suggested by @ludoo, fix logs

* fix(modules/project-factory): fix linting

---------

Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
 2026-02-05 15:50:43 +00:00
Ludovico Magnocavallo
8e7253ba11 add missing IAM interface attributes to service account module (#3700) 2026-02-04 12:07:06 +01:00
Julio Castillo
3e277d808a Fix project-factory observability factory (#3695) 2026-02-02 16:02:00 +00:00
Ludovico Magnocavallo
06c6df5fec allow null prefixes in project factory when override is not set (#3691) 2026-01-30 16:52:50 +01:00
lopezvit
6db25b1a08 Add support for the Assured Workloads in the project factory (#3666) 
* Add support for the Assured Workloads in the project factory

* Fix test after requiring organization as a var
 2026-01-23 13:21:48 +01:00
Julio Castillo
d46b39b717 Add missing context interpolations (#3659) 2026-01-20 20:21:56 +01:00
Julio Castillo
d9e1b924a1 Add asset_feeds to resman modules (#3658) 
* Add asset_feeds to resman modules

* Add examples and update readmes

* Extend pubsub_topic context to project and folder modules

* Use pubsub_topic context for pubsub_destination

* Update readmes and add project-factory asset_feed example

* Update context tests

* Update schemas
 2026-01-20 14:37:35 +00:00
Julio Castillo
cff8a25c59 Introduce iam_by_principals_conditional (#3649) 
* Introduce iam_by_principals_conditional

* Add iam_by_principals_conditional to project factory

* Update IAM ADR

* Update project factory readme

* Sync FAST schemas

* Update organization schema

* Add resman tests for iam_by_principals_conditional

* Update PF project-defaults.tf

* Update copyright
 2026-01-14 11:16:07 +00:00
Ludovico Magnocavallo
032db2f902 expose bigquery kms in project schema (#3645) 2026-01-13 10:30:19 +01:00
Ludovico Magnocavallo
88306fe99a Adding missing context replacement type to project factory README, add folder_ids to project condition vars (#3642) 
* Adding missing context replacement type to project factory README

* add folder ids to project context condition vars
 2026-01-12 14:41:07 +01:00
Ludovico Magnocavallo
fedf90d25f Add support for pubsub to project factory (#3608) 
* add support for pubsub to project factory

* remove duplicate data access log definitions from folders

* tfdoc

* schemas

* fix example

* add pubsub topics context to org in stage 0
 2025-12-23 10:24:33 +00:00
Ludovico Magnocavallo
a554971563 Merge remote-tracking branch 'origin/master' into fast-dev 2025-12-22 06:36:05 +00:00
Josh Myers
1eb93db427 feat: project-factory folders support deletion_protection (#3595) 
* feat: project-factory buckets support deletion_protection

* chore: Update all folder.schema.json

---------

Co-authored-by: Julio Castillo <jccb@google.com>
 2025-12-18 14:25:05 +00:00
Vannick Trinquier
cc24046be8 Add CMEK support to FAST and controls for CMEK encryption (#3556) 2025-12-14 12:14:08 +07:00
Ludovico Magnocavallo
ab0f55216a Add support for descriptive name to projects (#3591) 
* add support for descriptive name to projects

* boilerplate

* fmt
 2025-12-12 09:06:47 +01:00
Ludovico Magnocavallo
216a12eae5 Fix CI/CD dataset files and provider workflow variable in FAST stage 0 (#3587) 
* fix CI/CD dataset files and provider workflow variable

* IAM principals use pool, sts uses provider

* tfdoc

* fix variable description
 2025-12-11 15:05:39 +01:00
Ludovico Magnocavallo
7cc12da6b3 Merge remote-tracking branch 'origin/master' into fast-dev 2025-12-10 18:19:11 +00:00
kovagoadam
4e88bec299 Use project numbers in billing budget filter (#3555) 
* Fixed project level billing budget filter

* Moved project_numbers local to concat block

* Fixed with try block

* fix project replacement

* tfdoc

* fix test

---------

Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
 2025-12-10 17:35:06 +00:00
Ludovico Magnocavallo
3eac45f225 Merge remote-tracking branch 'origin/master' into fast-dev 2025-12-10 16:59:06 +00:00
Josh Myers
5ab73b9f00 feat: Allow empty prefix for project_factory buckets (#3575) 
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
 2025-12-10 16:41:08 +00:00
Ludovico Magnocavallo
7c05299540 Implement additional GCS attributes in project factory (#3583) 
* implement additional bucket attributes in project factory

* update FAST schemas

* fmt/tfdoc
 2025-12-10 16:12:58 +01:00
fenyvesi-levi
4a30b2103e fixed project-factory module to pass service account description (#3579) 2025-12-09 11:26:43 +00:00
Vannick Trinquier
171a2c6690 Add support for CMEK in logging bucket, big query dataset and gke notifications (#3558) 2025-12-04 10:01:32 +00:00
Ludovico Magnocavallo
26d43d8ec5 re-enable project billing association in project factory, extends to folder (#3554) 2025-11-27 20:51:20 +00:00
Ludovico Magnocavallo
a8384b85d1 Auto-grant editor role for cloudservices in project module, expand project ids context in project factory module (#3552) 
* service agent editor role

* add internal project ids to context replacement for projects in project factory module
 2025-11-27 12:45:52 +00:00
Ludovico Magnocavallo
10e29e1eeb Context improvements: "all service accounts" principal in folder, org, project modules; custom roles in factory condition vars for FAST stage 0 (#3548) 
* iam principalsets

* fix folder

* add custom roles to factory condition vars in stage 0

* project shared vpc IAM
 2025-11-24 08:28:41 +00:00
Julio Castillo
3959bb3974 Fix aprover -> approver (#3540) 
* Fix aprover -> approver

* Once again...
 2025-11-19 08:50:23 +01:00
Ludovico Magnocavallo
897c6ef8c3 Add support for Workload Identity to project module and project factory (#3531) 
* module-level support

* fast stage 0

* fix inventory, add outputs/tfvars

* wip

* project factory

* pf outputs

* iam templates will be added where ci/cd configs are managed

* fix merge conflicts
 2025-11-17 07:31:21 +00:00
Ludovico Magnocavallo
5270586a8e fix schema doc tool, fix schema errors, regenerate schema docs (#3524) 2025-11-12 08:50:52 +01:00
Ludovico Magnocavallo
602e1731c9 Replace leftover schema links with actual files (#3522) 
* replace schema links with schemas

* vpc-sc stage
 2025-11-11 11:57:51 +01:00
Ludovico Magnocavallo
fc7aa71ada Add support for KMS key creation to project factory (#3518) 
* initial implementation

* context

* tfdoc

* add support for autokey to projects

* fix typo
 2025-11-11 07:23:50 +01:00
Ludovico Magnocavallo
ba77c6170c Allow configuring data access logs from org/folder/project schemas (#3516) 
* modules and FAST support

* module tests

* fast stage 0 dataset

* tfdoc
 2025-11-10 10:19:21 +00:00
Ludovico Magnocavallo
7e32058010 [WIP] Add support for KMS autokey (#3515) 
* wip

* folder module

* project factory schema

* remove spurious project template

* gcs and compute-vm modules

* variable order
 2025-11-09 10:46:28 +01:00