kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7,015 Commits 1 Branch 1 Tag
2c489cfd328cd038ea0bfc0adbbaf80713ba008e
Commit Graph

334 Commits

Author SHA1 Message Date
Ludovico Magnocavallo
9d486022bf Merge remote-tracking branch 'origin/master' into fast-dev 2026-01-20 08:47:01 +00:00
Ludovico Magnocavallo
04de8f7de7 Support CMEK configuration in org module logging settings, expose identities in FAST context (#3656) 
* support CMEK configuration in org module logging settings, expose identities as FAST contexts

* remove hash from inventories
 2026-01-19 13:35:30 +01:00
Vannick Trinquier
8342558732 Implement various compliance configuration and principle of least privilege for hardened dataset (#3635) 2026-01-19 15:46:15 +07:00
Ludovico Magnocavallo
66bbaeb854 fix observability in stage 0 (#3646) 2026-01-13 09:34:59 +00:00
Wiktor Niesiobędzki
e811daaff7 fix bucket name for versions file in 0-org-setup 2025-12-23 07:32:56 +01:00
Wiktor Niesiobędzki
85ebc4bc6f fix tests 2025-12-18 11:20:31 +01:00
Vannick Trinquier
cc24046be8 Add CMEK support to FAST and controls for CMEK encryption (#3556) 2025-12-14 12:14:08 +07:00
Ludovico Magnocavallo
216a12eae5 Fix CI/CD dataset files and provider workflow variable in FAST stage 0 (#3587) 
* fix CI/CD dataset files and provider workflow variable

* IAM principals use pool, sts uses provider

* tfdoc

* fix variable description
 2025-12-11 15:05:39 +01:00
Ludovico Magnocavallo
dd6b1ea493 Merge remote-tracking branch 'origin/master' into fast-dev 2025-12-09 17:14:59 +00:00
aumohr
33bf7ab157 added role required for support ticket creation (#3578) 
* added role required for support ticket creation

* updated tests for role count

* updated tests for resource count
 2025-12-09 14:09:06 +04:00
Vannick Trinquier
33df0bba4a Align locations in networking stage with other stages (#3559) 2025-12-04 14:28:05 +07:00
Ludovico Magnocavallo
6f8097d2eb Merge remote-tracking branch 'origin/master' into fast-dev 2025-11-24 09:56:12 +00:00
Ludovico Magnocavallo
3daba73d0b add default routes / delete default (#3549) 2025-11-24 09:28:57 +00:00
Vannick Trinquier
ba4ed1a7a9 Add additional hardened controls for gke, firewall, cloudrun and others (#3541) 2025-11-21 15:38:53 +07:00
Ludovico Magnocavallo
5bef0064a4 Merge remote-tracking branch 'origin/master' into fast-dev 2025-11-21 07:25:51 +00:00
Vannick Trinquier
b686a6f730 Fix org policy service to be enabled before organization policies applied (#3547) 
* Fix org policy service to be enabled before organization policies applied
 2025-11-21 14:22:17 +07:00
Zsolt Molnar
9f51c4b555 Configure ADMIN_READ for sts.googleapis.com to enable Workforce Identity logging (#3545) 
* Configure ADMIN_READ for sts.googleapis.com to enable Workforce Identity logging

* Updated test results
 2025-11-21 07:40:45 +01:00
Ludovico Magnocavallo
932fd82fe2 Drop the 2-secops stage and minimally refactor 3-secops-dev (#3537) 
* drop 2-secops and minimally refactor 3-secops

* remove stage 2 tests

* tfdoc
 2025-11-18 14:32:06 +01:00
Ludovico Magnocavallo
8c29512890 Leverage project-level workload identity in FAST CI/CD (#3535) 
* Leverage project-level WIF in FAST CI/CD

* add new context namespace, improve outputs, fix tests and inventories

* make YAML linter happy

* README
 2025-11-18 10:49:44 +00:00
Ludovico Magnocavallo
0ff2e8c56b Merge remote-tracking branch 'origin/master' into fast-dev 2025-11-17 19:00:17 +00:00
Ludovico Magnocavallo
09367404a8 remove log buckets from security stage projects (#3534) 2025-11-17 14:24:58 +00:00
Ludovico Magnocavallo
6035fe89d7 assign service usage roles on iac project to automation service accounts (#3532) 2025-11-17 14:58:57 +01:00
Vannick Trinquier
03521a5780 Prettify yaml controls (#3525) 2025-11-13 14:21:36 +07:00
Vannick Trinquier
1f0940a716 Update yaml controls to match max line-length (#3520) 
* Update yaml controls to match max line-length

* Add test for stage 0 with hardened datasets

---------

Co-authored-by: Julio Castillo <jccb@google.com>
 2025-11-11 07:00:49 +00:00
Vannick Trinquier
15a5486a1e Add hardened controls for gke, networking and monitoring alerts recommended in CIS Benchmarks for GCP (#3484) 2025-11-10 11:06:25 +00:00
Ludovico Magnocavallo
ba77c6170c Allow configuring data access logs from org/folder/project schemas (#3516) 
* modules and FAST support

* module tests

* fast stage 0 dataset

* tfdoc
 2025-11-10 10:19:21 +00:00
Ludovico Magnocavallo
81010a97c0 Rename project and VPC resources in net stage datasets (#3513) 
* vpcsc tfvars optional in net

* net project/vpc renames

* fix provider diffs in inventories
 2025-11-08 13:38:28 +01:00
Ludovico Magnocavallo
68c8538fd6 Refactor FAST VPC-SC docs, ensure cooperative VPC-SC resource control works (#3504) 
* stage README

* vpc-sc in security stage

* vpc-sc for networking

* vpc-sc for net

* vpc-sc for pf

* vpc-sc for pf

* spelling

* inventory
 2025-11-05 13:19:02 +00:00
Ludovico Magnocavallo
f9f015a692 Implement precondition check in project factory to ensure declared templates exist (#3493) 
* pf template check

* tfdoc

* test inventories
 2025-10-31 15:32:33 +00:00
Ludovico Magnocavallo
90b6e312d3 Merge remote-tracking branch 'origin/master' into fast-dev 2025-10-30 16:55:28 +00:00
fenyvesi-levi
e5eb13c6e4 Fenyvesi levi/fix essential contact (#3486) 
* Added line to make organization module process essential contacts

* delete unnecessary line
 2025-10-29 13:15:53 +00:00
Ludovico Magnocavallo
4a9085675e Align network stage defaults/outputs to other stages, add defaults schema (#3481) 
* networking stage

* implement defaults for vpc defaults :)

* Rename peering test to simple

This enables tflint on 2-networking stage

* tflint

* bring peering test back

* bring peering test back

* yaml lint

---------

Co-authored-by: Wiktor Niesiobędzki <wiktorn@google.com>
 2025-10-28 07:47:28 +00:00
Wiktor Niesiobędzki
4c617b4729 Enable tflint on 2-security 2025-10-28 07:33:15 +01:00
Ludovico Magnocavallo
717803e977 Merge remote-tracking branch 'origin/master' into fast-dev 2025-10-27 18:21:35 +00:00
Wiktor Niesiobędzki
0992d117b3 Enable tflint_fast for 0-org-setup 2025-10-27 15:42:37 +01:00
Simone Ruffilli
4a41a4237a Removes legacy FAST networking stages (#3479) 
Removes the legacy networking stages, superseded by 2-networking.

**Breaking Changes**

```upgrade-note
`fast/stages/2-networking-legacy-a-simple`: The stage is being removed, and superseded by the `2-networking` FAST stage, introduced in #3435 
`fast/stages/2-networking-legacy-b-nva`: The stage is being removed, and superseded by the `2-networking` FAST stage, introduced in #3435 
`fast/stages/2-networking-legacy-c-separate-envs`: The stage is being removed, and superseded by the `2-networking` FAST stage, introduced in #3435 
```
 2025-10-27 14:38:28 +00:00
Ludovico Magnocavallo
4b15741144 Streamline stage variables and output files for vpc-sc and security stages (#3471) 
* implement fast context output var, remove tflint errors from security stage

* tfdoc

* defaults-based outputs for security stage

* fix tests

* implement defaults in vpc sc stage

* tflint
 2025-10-27 13:27:09 +00:00
Ludovico Magnocavallo
9b862c383b remove legacy security stage (#3474) 2025-10-26 16:49:52 +00:00
Ludovico Magnocavallo
97596a0e8b Merge remote-tracking branch 'origin/master' into fast-dev 2025-10-26 11:19:18 +00:00
Wiktor Niesiobędzki
7fe999562a codespell fixes 2025-10-26 11:56:41 +01:00
Simone Ruffilli
da3860a908 2-networking - NVA Dataset (#3463) 
This PR implements a dataset for 2-networking which implements a NVA hub and spoke topology with 2 spokes.
 2025-10-26 09:51:00 +00:00
Ludovico Magnocavallo
08e6c4196a fix yaml linting (#3466) 2025-10-25 11:15:25 +02:00
Ludovico Magnocavallo
6fafdc8780 Merge remote-tracking branch 'origin/master' into fast-dev 2025-10-25 08:08:22 +00:00
Wiktor Niesiobędzki
f7c9a341b0 yamlint tests/ 2025-10-24 13:11:17 +02:00
Simone Ruffilli
885ba2fb05 Consistent subnetting across datasets + contexts (#3460) 2025-10-23 21:14:05 +02:00
Simone Ruffilli
bfb7d0c812 2-networking - VPN Dataset (#3458) 
This PR implements a dataset for 2-networking which implements a simple VPN hub and spoke topology with 2 spokes.
 2025-10-23 17:21:39 +02:00
Ludovico Magnocavallo
80988c0bbf Fix issues with FAST CI/CD support (#3454) 
* wip, broken

* wip

* streamline locals

* tfdoc

* update yaml files

* refactor
 2025-10-23 16:40:06 +02:00
Simone Ruffilli
393e99194a 2-networking - NCC Dataset (#3457) 
Dataset for 2-networking which implements a simple NCC full mesh topology with 2 spokes.
 2025-10-23 12:59:46 +00:00
Simone Ruffilli
23f8326665 Factory based FAST Networking stage (#3435) 
New factory based networking stage, shipping with a single dataset (peering) to keep the PR size somewhat manageable.
 2025-10-23 14:17:44 +02:00
Ludovico Magnocavallo
b0bc896a68 Allow null project id in service account module when reusing service account (#3452) 
* allow null project id for service account reuse

* fix pf
 2025-10-22 16:51:06 +00:00