kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6,623 Commits 1 Branch 1 Tag
5bef0064a490a1c2bb170c618e63a4b12653033c
Commit Graph

270 Commits

Author SHA1 Message Date
Ludovico Magnocavallo
5bef0064a4 Merge remote-tracking branch 'origin/master' into fast-dev 2025-11-21 07:25:51 +00:00
Vannick Trinquier
b686a6f730 Fix org policy service to be enabled before organization policies applied (#3547) 
* Fix org policy service to be enabled before organization policies applied
 2025-11-21 14:22:17 +07:00
Zsolt Molnar
9f51c4b555 Configure ADMIN_READ for sts.googleapis.com to enable Workforce Identity logging (#3545) 
* Configure ADMIN_READ for sts.googleapis.com to enable Workforce Identity logging

* Updated test results
 2025-11-21 07:40:45 +01:00
Ludovico Magnocavallo
932fd82fe2 Drop the 2-secops stage and minimally refactor 3-secops-dev (#3537) 
* drop 2-secops and minimally refactor 3-secops

* remove stage 2 tests

* tfdoc
 2025-11-18 14:32:06 +01:00
Ludovico Magnocavallo
8c29512890 Leverage project-level workload identity in FAST CI/CD (#3535) 
* Leverage project-level WIF in FAST CI/CD

* add new context namespace, improve outputs, fix tests and inventories

* make YAML linter happy

* README
 2025-11-18 10:49:44 +00:00
Ludovico Magnocavallo
0ff2e8c56b Merge remote-tracking branch 'origin/master' into fast-dev 2025-11-17 19:00:17 +00:00
Ludovico Magnocavallo
09367404a8 remove log buckets from security stage projects (#3534) 2025-11-17 14:24:58 +00:00
Ludovico Magnocavallo
6035fe89d7 assign service usage roles on iac project to automation service accounts (#3532) 2025-11-17 14:58:57 +01:00
Vannick Trinquier
03521a5780 Prettify yaml controls (#3525) 2025-11-13 14:21:36 +07:00
Vannick Trinquier
1f0940a716 Update yaml controls to match max line-length (#3520) 
* Update yaml controls to match max line-length

* Add test for stage 0 with hardened datasets

---------

Co-authored-by: Julio Castillo <jccb@google.com>
 2025-11-11 07:00:49 +00:00
Vannick Trinquier
15a5486a1e Add hardened controls for gke, networking and monitoring alerts recommended in CIS Benchmarks for GCP (#3484) 2025-11-10 11:06:25 +00:00
Ludovico Magnocavallo
ba77c6170c Allow configuring data access logs from org/folder/project schemas (#3516) 
* modules and FAST support

* module tests

* fast stage 0 dataset

* tfdoc
 2025-11-10 10:19:21 +00:00
Ludovico Magnocavallo
81010a97c0 Rename project and VPC resources in net stage datasets (#3513) 
* vpcsc tfvars optional in net

* net project/vpc renames

* fix provider diffs in inventories
 2025-11-08 13:38:28 +01:00
Ludovico Magnocavallo
68c8538fd6 Refactor FAST VPC-SC docs, ensure cooperative VPC-SC resource control works (#3504) 
* stage README

* vpc-sc in security stage

* vpc-sc for networking

* vpc-sc for net

* vpc-sc for pf

* vpc-sc for pf

* spelling

* inventory
 2025-11-05 13:19:02 +00:00
Ludovico Magnocavallo
f9f015a692 Implement precondition check in project factory to ensure declared templates exist (#3493) 
* pf template check

* tfdoc

* test inventories
 2025-10-31 15:32:33 +00:00
Ludovico Magnocavallo
90b6e312d3 Merge remote-tracking branch 'origin/master' into fast-dev 2025-10-30 16:55:28 +00:00
fenyvesi-levi
e5eb13c6e4 Fenyvesi levi/fix essential contact (#3486) 
* Added line to make organization module process essential contacts

* delete unnecessary line
 2025-10-29 13:15:53 +00:00
Ludovico Magnocavallo
4a9085675e Align network stage defaults/outputs to other stages, add defaults schema (#3481) 
* networking stage

* implement defaults for vpc defaults :)

* Rename peering test to simple

This enables tflint on 2-networking stage

* tflint

* bring peering test back

* bring peering test back

* yaml lint

---------

Co-authored-by: Wiktor Niesiobędzki <wiktorn@google.com>
 2025-10-28 07:47:28 +00:00
Wiktor Niesiobędzki
4c617b4729 Enable tflint on 2-security 2025-10-28 07:33:15 +01:00
Ludovico Magnocavallo
717803e977 Merge remote-tracking branch 'origin/master' into fast-dev 2025-10-27 18:21:35 +00:00
Wiktor Niesiobędzki
0992d117b3 Enable tflint_fast for 0-org-setup 2025-10-27 15:42:37 +01:00
Simone Ruffilli
4a41a4237a Removes legacy FAST networking stages (#3479) 
Removes the legacy networking stages, superseded by 2-networking.

**Breaking Changes**

```upgrade-note
`fast/stages/2-networking-legacy-a-simple`: The stage is being removed, and superseded by the `2-networking` FAST stage, introduced in #3435 
`fast/stages/2-networking-legacy-b-nva`: The stage is being removed, and superseded by the `2-networking` FAST stage, introduced in #3435 
`fast/stages/2-networking-legacy-c-separate-envs`: The stage is being removed, and superseded by the `2-networking` FAST stage, introduced in #3435 
```
 2025-10-27 14:38:28 +00:00
Ludovico Magnocavallo
4b15741144 Streamline stage variables and output files for vpc-sc and security stages (#3471) 
* implement fast context output var, remove tflint errors from security stage

* tfdoc

* defaults-based outputs for security stage

* fix tests

* implement defaults in vpc sc stage

* tflint
 2025-10-27 13:27:09 +00:00
Ludovico Magnocavallo
9b862c383b remove legacy security stage (#3474) 2025-10-26 16:49:52 +00:00
Ludovico Magnocavallo
97596a0e8b Merge remote-tracking branch 'origin/master' into fast-dev 2025-10-26 11:19:18 +00:00
Wiktor Niesiobędzki
7fe999562a codespell fixes 2025-10-26 11:56:41 +01:00
Simone Ruffilli
da3860a908 2-networking - NVA Dataset (#3463) 
This PR implements a dataset for 2-networking which implements a NVA hub and spoke topology with 2 spokes.
 2025-10-26 09:51:00 +00:00
Ludovico Magnocavallo
08e6c4196a fix yaml linting (#3466) 2025-10-25 11:15:25 +02:00
Ludovico Magnocavallo
6fafdc8780 Merge remote-tracking branch 'origin/master' into fast-dev 2025-10-25 08:08:22 +00:00
Wiktor Niesiobędzki
f7c9a341b0 yamlint tests/ 2025-10-24 13:11:17 +02:00
Simone Ruffilli
885ba2fb05 Consistent subnetting across datasets + contexts (#3460) 2025-10-23 21:14:05 +02:00
Simone Ruffilli
bfb7d0c812 2-networking - VPN Dataset (#3458) 
This PR implements a dataset for 2-networking which implements a simple VPN hub and spoke topology with 2 spokes.
 2025-10-23 17:21:39 +02:00
Ludovico Magnocavallo
80988c0bbf Fix issues with FAST CI/CD support (#3454) 
* wip, broken

* wip

* streamline locals

* tfdoc

* update yaml files

* refactor
 2025-10-23 16:40:06 +02:00
Simone Ruffilli
393e99194a 2-networking - NCC Dataset (#3457) 
Dataset for 2-networking which implements a simple NCC full mesh topology with 2 spokes.
 2025-10-23 12:59:46 +00:00
Simone Ruffilli
23f8326665 Factory based FAST Networking stage (#3435) 
New factory based networking stage, shipping with a single dataset (peering) to keep the PR size somewhat manageable.
 2025-10-23 14:17:44 +02:00
Ludovico Magnocavallo
b0bc896a68 Allow null project id in service account module when reusing service account (#3452) 
* allow null project id for service account reuse

* fix pf
 2025-10-22 16:51:06 +00:00
Simone Ruffilli
de8ebefe17 Start the deprecation process of the old networking stages (#3451) 
This PR renames `2-networking-foo` stages to `2-networking-legacy-foo` - including references of stages in docs and tests.

**Breaking Changes**

```upgrade-note
`fast/stages/2-networking-a-simple`: The stage is being deprecated, and superseded the `2-networking` FAST stage, introduced in #3435 
`fast/stages/2-networking-b-nva`: The stage is being deprecated, and superseded the `2-networking` FAST stage, introduced in #3435 
`fast/stages/2-networking-c-separate-envs`: The stage is being deprecated, and superseded the `2-networking` FAST stage, introduced in #3435 
`modules/net-vpc-factory`:  The module has been deprecated, and superseded the `2-networking` FAST stage, introduced in #3435 
```
 2025-10-22 16:31:14 +02:00
Ludovico Magnocavallo
7ea9612b07 Allow skipping data source in service account module (#3450) 
* test implementation

* wip

* service account reuse

* fix fast stage test

* revert cicd changes

* remove unused dep

* add comment on extra condition
 2025-10-22 13:04:00 +02:00
Ludovico Magnocavallo
7b272da6b6 Merge remote-tracking branch 'origin/master' into fast-dev 2025-10-21 18:38:50 +00:00
Julio Castillo
772d064e1c Skip IAM grants for service agents that are not created on API activation (#3448) 
* Skip IAM grants for service agents that are not created on API activation

* Fix tests
 2025-10-21 14:31:32 +00:00
Julio Castillo
b8aa4b5578 Merge branch 'master' into fast-dev 2025-10-21 08:14:42 +02:00
Julio Castillo
792003ff97 Remove Netsec Authz Service Agent (#3445) 
* Remove Netsec Authz Service Agent

* fix tests
 2025-10-20 19:36:03 +00:00
Ludovico Magnocavallo
2753196ca2 fix merge 2025-10-18 14:54:53 +00:00
Ludovico Magnocavallo
5e05044306 Merge remote-tracking branch 'origin/master' into fast-dev 2025-10-18 14:22:57 +00:00
Julio Castillo
1566711c3a Add service agent outputs to folder and organization (#3436) 
* Add service agent outputs to folder and organization

* Fix tests
 2025-10-17 17:23:08 +02:00
Ludovico Magnocavallo
489b21f8cc fix ngfw add-on instructions (#3409) 2025-10-13 16:52:54 +00:00
Luca Prete
142ad6488e NGFW Enterprise custom roles (#3408) 2025-10-13 16:29:27 +00:00
Ludovico Magnocavallo
9cf67755de Merge remote-tracking branch 'origin/master' into fast-dev 2025-10-10 06:32:03 +00:00
Ludovico Magnocavallo
6a79d0f74c Remove unavailable service from VPC-SC stage services list (#3400) 2025-10-10 05:58:08 +00:00
Ludovico Magnocavallo
d3c80ce18b Rationalize location defaults across project factory module and FAST stages (#3392) 
* group default/overrides locations in a single object in pf module

* org setup

* project factory stage

* fix defaults

* pf defaults

* security stage defaults
 2025-10-08 07:12:15 +00:00