kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5,645 Commits 1 Branch 1 Tag
2fcb81c05cc3ef7df5522e07ebee6513520ef68e
Commit Graph

803 Commits

Author SHA1 Message Date
Julio Castillo
f5d05b3c3f Reorganize ADRs and new versioning ADR (#2642) 
* Reorganize ADRs and new versioning ADR

* Workflow examples

* Fix ADR links

* Changes discussed with ludoo

* Fix image reference

* Update image

* Fix typo

* Complet decision section

---------

Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
 2024-10-30 12:39:53 +01:00
Wiktor Niesiobędzki
8b7607af63 Codespell / whitespace fixes 2024-10-30 10:30:37 +01:00
Aurélien Legrand
d4b594f83a Adding DNS for GKE control plane to private google access APIs (#2641) 
* Adding DNS for GKE control plane to private google access APIs

* updating tests

* updating tests
 2024-10-29 14:09:26 +01:00
Luca Prete
24d78de373 [FAST] Fix stage 2 simple NVA wrong location - causing test failures (#2630) 2024-10-18 14:43:03 +02:00
Liam Nesteroff
f14cd9f948 Add TFE integration for backend and CICD (#2611) 
* added option for tfe_cicd

* formatting and readme

* formatting

* added terraform option for cicd_repos

* update readme

* modified provider templating for tf

* added missing resman gsa

* updated readmes

* added options for tf style write/branch structure

* added cicf_backends to tests

* added cicd_backends to tests

* Updated readme
 2024-10-16 17:01:39 +11:00
Liam Nesteroff
f65dc88b6f added output for tfvars_globals (#2620) 2024-10-15 18:39:09 +11:00
Elia
81a6ff30d2 GCVE network mode for 2-networking-b-nva stage (#2544) 
* GCVE network mode

* optional landing routes

* net option renamed

* minor fix

* added stage tests

* test fix

* regional-vpc mode

* fixed api

* fix readme

* drawing updated

* stage test fix

* stage test fix

* stage test fix

* stage test fix

* fix

---------

Co-authored-by: Simone Ruffilli <sruffilli@google.com>
 2024-10-15 08:28:15 +02:00
Ludovico Magnocavallo
8101a26652 support log exclusions in bootstrap log sinks (#2616) 2024-10-09 09:22:28 +02:00
Liam Nesteroff
c2780fa7b0 fixed tfe wif definition variables (#2604) 
* fixed tfe wif definition variables

* Added additional attributes for tfe

* kept workspaceid for google.subject as per gcp docs
 2024-10-03 13:41:31 +00:00
Simone Ruffilli
fbf5ad5a8f FAST: Adds support for PSC transitivity to 2-a (#2600) 2024-10-02 11:39:23 +02:00
Liam Nesteroff
999c3acca3 added tf def to wif providers (#2598) 2024-10-02 09:12:49 +10:00
Natalia Strelkova
923a1e41dc Nstrelkova/small readme fixes (#2584) 
* typo (old rename of 00-bootstrap to 0-bootstrap)

* resman purpose: not org policies, but tags

* GCVE: several typos

---------

Co-authored-by: Natalia Strelkova <nstrelkova@google.com>
 2024-09-19 13:23:40 +00:00
Ludovico Magnocavallo
c2a9cb7d09 make it explicit that stages need to be run once before CI/CD setup (#2582) 2024-09-19 09:43:35 +02:00
Ludovico Magnocavallo
9441eed410 fixed diagrams (#2581) 2024-09-19 09:39:35 +02:00
Ludovico Magnocavallo
2fc2f8fb92 FAST resman mt fixes (#2579) 
* resman mt fixes

* fix custom roles var
 2024-09-19 09:02:04 +02:00
Simon Roberts
9a51c4d196 Update a few references from 3-project-factory to 2-project-factory (#2568) 
* Move project-factory to stage 2, fix path. Remove other trailing whitespace.

* Update 3-project-factory to 2-project-factory

* ./tools/tfdoc.py fast/stages/0-bootstrap
 2024-09-19 05:11:32 +00:00
Elia
0e14cd5249 Update variables.tf (#2558) 
* Update variables.tf

Hi Team,
the default ranges for the dmz are not valid ranges that contain the default subnets.

This is the subnetting:
https://visualsubnetcalc.com/index.html?c=1N4IgbiBcIIwgNCAzlUMAMA6LOD0AOVWHbbXATiI1LwyIH0A7KEBEegYxZAF9FqAbABYauOpDRZhomHAnFM02gCYqUkbQDMaxRrIwhOpfoCsRvejEDzMgOwNm0AC4AnAK5InAUwAmAAgAHFwBLAFsAQxcATzZObj4FaRhlfH17eSYWH1CAL0CQiOjYrmheBMETGWt5CrsHbkQ40vKpSuTUyxh00EzSxpLWHiH+KQEZMwzHVn74lsUO-UMaqQXOicl5qvroHy8wfLDImJnmkcVyLcmG9gGys9sSNe3pm9m522UZbWXMD5kljZ-WjrBRA-TVHpTIIAe38QUORROg3umkukOuTUG7wsYhBvRemLuoLGtAB7CmxTeZ3wjzEqh+NK+OkZpOZtJgIOoLPBbLqV2c7k8vj8SC8HGhjB8R0ppwUjPaaWe2TyovFkulSKJXJgaLlOto3XJGNuc3wOoVnUN+JlWNNn2BzxtWqw+BxBmZbs5LrdEKNOz2IrFEqliNesq5lVovutmuGcpJpkdsbjXNWYm+G3wafdDOzXswWd1+Jh-lVwY1YeRcouUaTledmHI7LxFOTZ3I9sWdcJQxTWHICc6cnRfXrvbOFrIlH5BJNvaAA

* fixed readme file
 2024-09-16 08:28:21 +00:00
Simone Ruffilli
8090fe66aa Fix format typo for essential contacts domains in bootstrap 2024-09-13 11:32:47 +02:00
Simone Ruffilli
9905e1dc69 Enables compute.setNewProjectDefaultToZonalDNSOnly and essentialcontacts.allowedContactDomains (#2564) 
* Enables setNewProjectDefaultToZonalDNSOnly policy
* Add support for essentialcontacts.allowedContactDomains
 2024-09-13 11:09:55 +02:00
Simone Ruffilli
ca9ec30114 Update list of org policies imported by FAST bootstrap stage 2024-09-13 07:05:01 +00:00
Ludovico Magnocavallo
e4413dbbd1 add documentation instructions for corner cases in github and bootstrap (#2545) 2024-08-30 14:04:43 +02:00
Ludo
3191a041e3 tfdoc 2024-08-30 10:43:04 +02:00
Ludo
e6bd1c62b8 update changelog 2024-08-30 10:42:34 +02:00
Ludovico Magnocavallo
eb89c62b5f prepare v34.0.0 release (#2543) 2024-08-30 10:06:33 +02:00
Ludovico Magnocavallo
579c7296db moved blocks and fixes for FAST v33-v34 transition (#2541) 2024-08-30 07:44:27 +00:00
Luca Prete
3ca0525039 [FAST] TLS inspection support for NGFW Enterprise (#2484) 2024-08-30 09:15:17 +02:00
Julio Castillo
f57635d044 Add managed folders suports to gcs module (#2530) 
* Add RPO, make versioning dynamic

* Add manaed folders

* Change autoclass and cors defaults to null

* Update README

* Add iam_by_principals

* Add managed folders var description

* Remove need for managed folders to end in /

* Add inventory to example

* Update readme

* Fix FAST tests
 2024-08-28 07:30:52 +00:00
Luca Prete
17667ce205 [FAST] Add permissions to nsec-r SA (#2511) 2024-08-21 20:26:32 +02:00
Ludovico Magnocavallo
13595f1499 depend network security stage from fast features in resman (#2509) 2024-08-21 08:38:43 +02:00
Ludovico Magnocavallo
ad5de9b7ea Refactor FAST project factory and supporting documentation (#2505) 
* untested

* teams pattern

* rework doc

* README

* boierplate

* tflint

* Fix tflint for project factory

* Correct path to pf

* resman changes

* fix factory variable default

* fix links

* project factory module substitutions

* tflint

* stage test

* tfdoc

* rename schema, address review comments

* README typos and wording

* tfdoc

* review comments

* remove test from yaml

* revert output workflow changes

* fix sa reference errors

* tfdoc

* pf tag roles

* schema validation

* pf tag roles

* avoid null values in pf context

---------

Co-authored-by: Wiktor Niesiobędzki <wiktorn@google.com>
 2024-08-20 16:45:42 +00:00
Ludovico Magnocavallo
d8a5c42b82 firewall policy module schema (#2499) 2024-08-11 10:12:03 +02:00
Ludovico Magnocavallo
7be042c706 dns rpz factory schema (#2498) 2024-08-10 17:19:28 +02:00
Ludovico Magnocavallo
3efb368b6c net vpc firewall factory schema (#2497) 2024-08-10 15:04:50 +02:00
Ludovico Magnocavallo
db044296e1 Additional module schemas (#2494) 
* resman modules

* billing account

* net-vpc subnets

* fast schemas and subnet validation
 2024-08-09 13:58:05 +00:00
Ludovico Magnocavallo
4a61dba841 organization module factory schemas (#2491) 2024-08-09 10:22:57 +00:00
Julio Castillo
bda83ea0ef Add boostrap output with log destination ids (#2483) 
* Add boostrap output with log destination ids

* Update readme
 2024-08-08 16:23:37 +02:00
Luca Prete
cb2add1718 [FAST] Rename netsec stage to nsec (#2482) 2024-08-08 12:30:09 +00:00
Ludovico Magnocavallo
db7cb937d1 VPC-SC factory JSON Schemas (#2477) 2024-08-07 12:09:37 +00:00
Julio Castillo
912cbb8281 Rename 1-vpc-sc stage to 1-vpcsc (#2471) 
* Rename 1-vpc-sc stage to 1-vpcsc

* Fix tests
 2024-08-06 11:21:55 +00:00
Julio Castillo
89333a5d43 Make policyReader binding additive in bootstrap (#2470) 2024-08-06 09:35:37 +00:00
Luca Prete
b3efa95488 [FAST] Sets projects_data_path optional, as in the project factory module (#2466) 2024-08-06 08:27:34 +02:00
Ludovico Magnocavallo
4298f14e1b fix peering routes config in fast a network stage (#2464) 2024-08-03 22:18:45 +02:00
Ludovico Magnocavallo
345716e576 VPC-SC as separate FAST stage 1 (#2460) 
* initial commit

* README

* boilerplate

* tflint

* tfdoc

* fix security stage tests

* vpc-sc stage tests

* tflint

* fix resman stage test inventories

* security README

* stage-level README

* Update README.md

* flexible perimeter variable

* remove diagram

* change default to dry run

* default to dry run
 2024-08-02 18:04:36 +02:00
Luca Prete
80f9ce6307 [FAST] Add basic NGFW enterprise stage (#2410) 2024-08-01 09:41:31 +00:00
Julio Castillo
2854ae6bd8 Remove "constraints/" from org policy names (#2450) 2024-07-29 15:15:04 +02:00
Simone Ruffilli
27bb48df77 NCC in 2-net-a-simple (#2397) 
* NCC in 2-net-a-simple
 2024-07-25 18:03:09 +02:00
Luca Prete
c39145e3cf Remove alpha from gcloud storage cp as it moved to GA (#2446) 2024-07-24 22:46:43 +02:00
Simone Ruffilli
d66a358b6d Add context to net-vpc (subnets) factory (#2444) 2024-07-24 15:54:20 +02:00
Julio Castillo
c0bf32e797 Refactor service agent management (#2423) 
* Service agents script

* Service agents update

* WIP

* Update script and terraform

* Fix tests

* Fix linter

* Update docs

* Bring back pf example inventory

* Fix tests

* Fix more tests

* Fix tests

* Use dataclasses for build_service_agents.py

* Remove unneeded field() from build_service_agents

* Re-enable CMEK depends_on in project outputs

* Update tools/requirements.txt

* Enable storage in GCS example projects

* Fix tests

* Add CMEK Service Agents dependencies for services

* Fix typos and data platform cmek

* More typos
 2024-07-23 22:05:38 +02:00
Ludovico Magnocavallo
5319184e71 FAST ng: stage 0 environments and VPC-SC IaC resources (#2440) 
* FAST ng: stage 0 environments and VPC-SC IaC resources

* test inventories
 2024-07-23 11:52:39 +02:00