hunfabric

Author	SHA1	Message	Date
Julio Castillo	ad912d795a	Enable creation of organization- and folder-level service agents (#3877 ) * Enable creation of organization- and folder-level service agents * formatting * Add folder test * Add org tests * linting * more linting * Fix tests	2026-04-16 17:35:17 +00:00
Julio Castillo	15c7951f97	Remove hcl2 python dependency (#3836 ) * Migrate organization policy tests to standard tftest.yaml. Remove python-hcl2 dependency and the custom python test file. Consolidate the boolean, list, and custom constraint tests into a single `org_policies` test with a factory equivalent. Restructure factory files into a unified `factory/` directory. * Migrate project and folder org policy tests to standard tftest.yaml. Replicate the organization module changes for project and folder modules: - Remove python-hcl2 dependency usages and conftest.py. - Remove custom python test files for org policies. - Consolidate org policy tests into a single `org_policies` test with a factory equivalent. - Unify factory files into a `factory/` directory. - Remove redundant common.tfvars in folder module. * Add factory policies directory to duplicate-diff checks. Ensure the YAML factory files for org policies remain perfectly identical across the organization, folder, and project modules. * Remove unused deepdiff dependency from requirements and pre-commit config. * Add boilerplate * fix broken link	2026-04-08 08:14:16 +02:00
Ludovico Magnocavallo	0be09646b0	Add missing folder features to project factory and align logging across folder/org modules (#3779 )	2026-03-04 10:28:48 +01:00
Vannick Trinquier	2af44b0651	Add support for security command center mute rules in module organization, folder and project (#3694 )	2026-02-04 08:31:05 +07:00
Julio Castillo	d9e1b924a1	Add `asset_feeds` to resman modules (#3658 ) * Add asset_feeds to resman modules * Add examples and update readmes * Extend pubsub_topic context to project and folder modules * Use pubsub_topic context for pubsub_destination * Update readmes and add project-factory asset_feed example * Update context tests * Update schemas	2026-01-20 14:37:35 +00:00
Julio Castillo	cff8a25c59	Introduce iam_by_principals_conditional (#3649 ) * Introduce iam_by_principals_conditional * Add iam_by_principals_conditional to project factory * Update IAM ADR * Update project factory readme * Sync FAST schemas * Update organization schema * Add resman tests for iam_by_principals_conditional * Update PF project-defaults.tf * Update copyright	2026-01-14 11:16:07 +00:00
Vannick Trinquier	cc24046be8	Add CMEK support to FAST and controls for CMEK encryption (#3556 )	2025-12-14 12:14:08 +07:00
Ludovico Magnocavallo	ba77c6170c	Allow configuring data access logs from org/folder/project schemas (#3516 ) * modules and FAST support * module tests * fast stage 0 dataset * tfdoc	2025-11-10 10:19:21 +00:00
Ludovico Magnocavallo	7e32058010	[WIP] Add support for KMS autokey (#3515 ) * wip * folder module * project factory schema * remove spurious project template * gcs and compute-vm modules * variable order	2025-11-09 10:46:28 +01:00
Ludovico Magnocavallo	0a2cc758ac	Essential contacts in schemas, and email context substitutions (#3495 ) * modules * fast * duplicate diff * fix contacts in FAST stage 0 datasets, update contacts in YAML schemas	2025-11-03 08:53:29 +01:00
Wiktor Niesiobędzki	f7c9a341b0	yamlint tests/	2025-10-24 13:11:17 +02:00
Julio Castillo	48f6b4cd49	Add PAM support (#3438 ) * PAM first pass * Add factory and extend to organization * Extend to project, add examples * Add additionalProperties to all objects * Fix boilerplate * Expose pam_entitlements to project-factory * Fix readme * Move entitlements to second folder/project pass * extend tests * Fix readme * Remove timeouts from inventories	2025-10-20 12:50:37 +00:00
Vannick Trinquier	cfe2e21ce7	feat: add support for SCC Custom Security Health Analytics module in … (#3372 ) * feat: add support for SCC Custom Security Health Analytics module in organization, folder and project modules * fix: update description and docs --------- Co-authored-by: Julio Castillo <jccb@google.com>	2025-10-03 13:47:50 +02:00
Ludovico Magnocavallo	bc6950e205	Rename FAST stages preparing for eventual deprecation (#3298 ) * renames * links * readme * docs * update pf modules tests for renames * condition_vars context in modules * data platform dataset * fix links in stage 3 docs * schema changes * schema docs * tfdoc * update duplicates check * fast legacy tests * legacy schema * fix tests	2025-09-04 08:24:11 +02:00
Ludovico Magnocavallo	36648b6b63	FAST light implementation (#3255 ) * data wip * wip data * update org schema, add note on expansion * all schemas, workload notes * Update WORKLOG.md * Update WORKLOG.md * Update WORKLOG.md * Update WORKLOG.md * wip * data wip * wip * wip * wip * wip * org module IAM context (using lookup) * new-style context expansion in project IAM * remove spurious file * project module contexts * finalize context replacement format for project module * revert org module changes * fix tag id interpolation in project * fix tag id interpolation in project * organization module context * organization context test * context expansion for folder tag bindings * test context expansion for tag bindings * service account module context * simplify context local * context for iam service account * nuke blueprints * remove links to blueprints * vpc sc context in project module * Add context to GCS module * Add inline deps to plan_summary script * Make context a top-level variable for folder, organization, sa * Add add context top-level to VPC-SC * move context out of factories_config variable * tfdoc * fix merge * fix merge * fix examples * net-vpc module context * add parent ids to folder context * rename folder parent context * fix folder parent check * new project factory stub * wip * wip * refactor defaults * project iam * bueckts and service accounts * start adding context replacements * better test data * automation resources for folders and projects * automation * add support for project id interpolation * first tested apply * improve IAM description in gcs module * add context to billing account module * add notification channels to billing account module context * add billing budgets to new pf * schemas and defaults * bootstrap wip * bootstrap wip * bootstrap wip * pf outputs * pf fixes * fix pf sample data * bootstrap lite fixes * add locations to organization module contexts * bootstrap lite fixes * org fixes, billing accounts * fix default project parent * bootstrap lite wip * add locations to gcs module context * add context support to logging bucket module * add context to pubsub module * split out iam variables in gcs module * fix logging bucket context test * bootstrap log sink destinations * streamline logging-bucket module variables * fix logging bucket context test * align logging bucket module interface in fast bootstrap * add support for project-level log buckets to project factory * support full context expansion in organization module log sinks * log buckets in fast-lite bootstrap * make og sink type optional in organization module * log sinks in fast-lite bootstrap * set tag values in factory context * bootstrap lite data * output files schema * billing account schema * output files * output providers * gcs output files * boilerplate * tflint * check documentation * check docs * fix project module parent variable validation * fix log bucket examples * allow null parent in project module * silence folder test errors * fix billing account sink example * fix project example * fix billing account module * fix folder tests * fix FAST * fix fast * tfvars outputs * wif * cicd service accounts * cicd * allow defaults in context, minimal org policies * support gcs managed folders in project factory and bootstrap lite * support prefix in provider output files * rename bootstrap stage * gitignore * gitignore * security folder, billing IAM * wip tfvars * fix typo * security IAM * control tag iam/context via variables in organization module * split tag creation from tag IAM to avoid circular refs * port organization module tag changes to project module * implement new-style context expansion in vpc-sc module * fix fast vpc-sc tests * boilerplate * vpc sc stage * schemas * fast-lite compatibility for vpc sc stage * make log project number optional in vpc-sc stage * networking * networking * networking * networking * rename and move new stage under fast * clone pf tests * use context replacement for internal notification channels in billing account module * support service agents in project module iam context replacements * support service agents in project module iam context replacements * add support for kms keys to project module context * experimental pf example test and fixes * fix schemas * fix tests * tfdoc * tfdoc * pf config * experimental pf * remove redundant dot from gcs managed folder IAM keys * bootstrap experimental test * project factory exp stage test * skip tflint for bootstrap experimental test * tflint * fix gcs test * documentation work * documentation work * Update README.md * tfdoc * tfdoc * readme * tfdoc * readme * readme * readme * readme * support universe in pf exp projects * missing universe service agents * org policies import, non-admin billing IAM * todo * fix test * custom constraints * fast classic dataset * fix test data * context replacements in billing module log sinks * fix typo * add support for billing log sinks * update docs * readme * cicd fix and test --------- Co-authored-by: Julio Castillo <jccb@google.com>	2025-09-02 08:38:57 +02:00
Wiktor Niesiobędzki	58051e48e7	Fix tests	2025-02-19 16:47:15 +01:00
Julio Castillo	3ffe838e06	Add context to organization policiy factories (#2876 )	2025-02-10 22:24:01 +00:00
Julio Castillo	e08698a410	Fix tests	2025-02-07 10:55:05 +01:00
Julio Castillo	3fc7144c4f	Update examples and tests	2025-02-07 10:55:05 +01:00
Julio Castillo	8a2320311d	Add `bucket_create` to `modules/gcs` (#2827 ) * Add `bucket_create` to `modules/gcs` * Create local with bucket name * Update variable description * Fix bucket output * Fix tests * Fix tests * Bump OpenTofu to 1.9.0 (needed for multi-var validations)	2025-01-21 23:48:36 +01:00
Julio Castillo	7eff7b19dc	Add `iam_by_principals_additive` to project, organization and folder modules (#2814 ) * First attempt at iam_by_principals_additive * Remove validation * Update IAM ADR * Apply to organization and project modules * Update READMEs * Add tests * Remove "cycle errors"	2025-01-14 12:32:19 +00:00
Julio Castillo	f57635d044	Add managed folders suports to `gcs` module (#2530 ) * Add RPO, make versioning dynamic * Add manaed folders * Change autoclass and cors defaults to null * Update README * Add iam_by_principals * Add managed folders var description * Remove need for managed folders to end in / * Add inventory to example * Update readme * Fix FAST tests	2024-08-28 07:30:52 +00:00
Julio Castillo	0420dec32f	Add `deletion_policy` to project module (#2502 ) * Replace skip_delete with deletion_policy * Fix blueprints * Update apigee blueprint readme * Remove skip_delete from test inventories	2024-08-16 18:33:39 +02:00
Luca Prete	092053b517	Adds a new certification authority service (CAS) module (#2481 )	2024-08-08 09:55:48 +02:00
Aleksandr Averbukh	85c1b7c156	Add AssuredWorkload support to the folder module (#2390 ) * Feat: Add AssuredWorkload support to the folder module * Formatting * Use square brackets to access list items * Docs gen after adding an example to the readme * Reorder variables * Formatting * Reordering outputs, formatting * Remove try where not needed. Add IAM into the AW example and tests * Fix tests * Enable Assured Workloads in E2E tests * Add compliance_regime and partner enum fields validation * Rewording validation message for compliance_regime, partner fields * Sort the list of allowed values alphabetically * Make the organization dependant on testing environment * fix tests * Disable E2E for Assured Workflow example. This example requires Access Transparency enabled on org level, even chosing different regime, we need to have `parent` and `organization` within the same hierarchy, which is not currently the case and requires more rework of the test framework. --------- Co-authored-by: Wiktor Niesiobędzki <wiktorn@google.com>	2024-06-27 14:28:17 +02:00
Wiktor Niesiobędzki	9a95ac10ed	Once again fix e2e tests	2024-02-23 19:21:39 +01:00
Wiktor Niesiobędzki	8fd8ee0541	Fix too long project names on e2e tests	2024-02-23 11:41:58 +01:00
Julio Castillo	5197d5ca8d	Allow projects as destinations for log sinks (#2102 ) * Add project log sink destination to project module * Add project log sink destination to folder module * Add project log sink destination to organization module * Fix typos * Add project log sink destination to billing-account module * Make filter field optional * Update READMEs --------- Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>	2024-02-21 08:41:13 +01:00
Ludovico Magnocavallo	bf93b6fb4e	fix typo in logging sinks interface (#2015 )	2024-01-28 10:27:28 +01:00
Ludovico Magnocavallo	bba814c091	Custom role factories for organization and project modules (#1912 ) * backport custom role factories * backport from fast ci/cd branch * indent * tfdoc * fix module tests	2023-12-11 14:16:39 +00:00
Wiktor Niesiobędzki	55f308cbea	Fix failing E2E tests for folders (#1884 ) * Run tests requiring uniqueness on org level serially (organization tags, firewall policies) * make gcs bucket name globally unique --------- Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>	2023-11-24 08:09:13 +00:00
dibaskar-google	2d70bb8db2	E2E tests for folder module (#1876 ) E2E tests for folder module	2023-11-22 10:25:11 +01:00
Simone Ruffilli	6d89b88149	versions.tf maintenance + copyright notice bump (#1782 ) * Bump copyright notice to 2023 * Delete versions.tf on blueprints * Pin provider to major version 5 * Remove comment * Fix lint * fix bq-ml blueprint readme --------- Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com> Co-authored-by: Julio Castillo <jccb@google.com>	2023-10-20 18:17:47 +02:00
Ludovico Magnocavallo	819894d2ba	IAM interface refactor (#1595 ) * IAM modules refactor proposal * policy * subheading * Update 20230816-iam-refactor.md * log Julio's +1 * data-catalog-policy-tag * dataproc * dataproc * folder * folder * folder * folder * project * better filtering in test examples * project * folder * folder * organization * fix variable descriptions * kms * net-vpc * dataplex-datascan * modules/iam-service-account * modules/source-repository/ * blueprints/cloud-operations/vm-migration/ * blueprints/third-party-solutions/wordpress * dataplex-datascan * blueprints/cloud-operations/workload-identity-federation * blueprints/data-solutions/cloudsql-multiregion/ * blueprints/data-solutions/composer-2 * Update 20230816-iam-refactor.md * Update 20230816-iam-refactor.md * capture discussion in architectural doc * update variable names and refactor proposal * project * blueprints first round * folder * organization * data-catalog-policy-tag * re-enable folder inventory * project module style fix * dataproc * source-repository * source-repository tests * dataplex-datascan * dataplex-datascan tests * net-vpc * net-vpc test examples * iam-service-account * iam-service-account test examples * kms * boilerplate * tfdoc * fix module tests * more blueprint fixes * fix typo in data blueprints * incomplete refactor of data platform foundations * tfdoc * data platform foundation * refactor data platform foundation iam locals * remove redundant example test * shielded folder fix * fix typo * project factory * project factory outputs * tfdoc * test workflow: less verbose tests, fix tf version * re-enable -vv, shorter traceback, fix action version * ignore github extension warning, re-enable action version * fast bootstrap IAM, untested * bootstrap stage IAM fixes * stage 0 tests * fast stage 1 * tenant stage 1 * minor changes to fast stage 0 and 1 * fast security stage * fast mt stage 0 * fast mt stage 0 * fast pf	2023-08-20 09:44:20 +02:00
Ludovico Magnocavallo	adf2621727	Add new `iam_members` variable to IAM additive module interfaces (#1589 ) * resource management modules * data catalog policy * dataproc * service account * kms * net-vpc * source repository * dataplex datascan * service account module variable order	2023-08-14 09:54:50 +00:00
Ludovico Magnocavallo	551dc581e8	Implement proper support for data access logs in resource manager modules (#1497 ) * organization module * rename iam_bindings_authoritative to iam_policy, fix tests * add support for data access logs and iam policy to folder module * test inventories * add support for data access logs and iam policy to project module	2023-07-10 08:08:02 +00:00
lcaggio	39b27ac25e	Add support for Log Analytics on logging-bucket module and bump provider version (#1423 ) * first commit * Bump provider versions * Fix tests	2023-06-07 23:23:28 +02:00
Julio Castillo	a5e905cb80	Update remaining org policies	2023-02-21 15:49:16 +01:00
Julio Castillo	6b767c9035	Simplify org policies data model in resman modules.	2023-02-21 15:49:16 +01:00
Julio Castillo	c8bfe892a6	Update folder tests	2023-01-03 16:52:31 +01:00
Julio Castillo	b4d3aa2055	Migrate organizations tests	2022-12-06 00:06:29 +01:00
Julio Castillo	c83a7de076	Remove as_logging_destination	2022-11-12 19:24:41 +01:00
Julio Castillo	c7fe6da12e	Update READMEs	2022-11-11 19:28:02 +01:00
Julio Castillo	486d398c7d	Update logging sink to tf1.3 in resman modules	2022-11-11 19:22:05 +01:00
Julio Castillo	61e047d95a	Update folder and project org policy tests	2022-11-11 17:49:18 +01:00
Julio Castillo	3e18575fad	Add factory support for new org policies	2022-11-03 11:41:53 +01:00
Julio Castillo	5b9b6b7739	Remove debugging libraries	2022-10-28 18:10:28 +02:00
Julio Castillo	f44f4a74dc	Fix module tests	2022-10-28 17:49:44 +02:00
Ludovico Magnocavallo	ecadebe90b	Add support for IAM additive to folder module (#580 )	2022-03-11 09:46:32 +01:00
Julio Castillo	e2abd772f2	Update resman modules (#475 ) * Make logging sinks in different resources use the same API * Split resman modules in multiple files. Add nullables where applicable	2022-01-29 19:35:33 +01:00

1 2

60 Commits