kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5,149 Commits 1 Branch 1 Tag
71a64487d5d2bfcbc2abf65a16cdebad13626fa7
Commit Graph

672 Commits

Author SHA1 Message Date
Ludovico Magnocavallo
71a64487d5 Extend FAST to support different principal types (#2064) 
* add doc draft

* typos

* typo

* typo

* typos

* rewording

* Update 0-domainless-iam.md

* Update 0-domainless-iam.md

* Update 0-domainless-iam.md

* Update 0-domainless-iam.md

* Update 0-domainless-iam.md

* Update 0-domainless-iam.md

* Update 0-domainless-iam.md

* Update 0-domainless-iam.md

* Update 0-domainless-iam.md

* Update 0-domainless-iam.md

* move iam variables to a separate file

* move billing-account module to iam_principals

* move data-catalog-policy-tag module to iam_principals

* move dataplex-datascan module to iam_principals

* move dataproc module to iam_principals

* move folder module to iam_principals

* copyright

* move organization module to iam_principals

* move project module to iam_principals

* move source-repository module to iam_principals

* update blueprints for iam_principals interface

* FAST bootstrap

* module READMEs fixes

* FAST bootstrap

* FAST networking stages

* FAST security stage

* FAST gke stage

* FAST multitenant bootstrap stage

* FAST multitenant resman stage

* tfdoc

* Update 0-domainless-iam.md

* Update 0-domainless-iam.md

* Update 0-domainless-iam.md

* Update 0-domainless-iam.md

* fix module test

* Update 0-domainless-iam.md

* Update 0-domainless-iam.md

* Rename iam_principals to iam_by_principals

* Update IAM template to include iam_by_principals

* Update Resman README

* Fix ADR link format

---------

Co-authored-by: Julio Castillo <jccb@google.com>
 2024-02-12 14:35:30 +01:00
Wiktor Niesiobędzki
3397d4cd52 Fix imports of org policies (#2065) 2024-02-11 07:22:11 +01:00
Wiktor Niesiobędzki
da11396e3a Postpone setting essential contacts until it is done through SA 2024-02-07 20:08:44 +01:00
Wiktor Niesiobędzki
c58e61e98e Introduce variable to disable imports, fix tests 2024-02-07 17:25:11 +01:00
Wiktor Niesiobędzki
ec3f314c08 Import default policies 2024-02-07 17:25:11 +01:00
Julio Castillo
e219d92217 Enable additional recommended org policies (#2050) 
* Enable additional recommended org policies

Fixes #2047
Fixes #2048
Fixes #2049

* Fix tests
 2024-02-05 10:46:37 +01:00
Ludovico Magnocavallo
5448ab64c4 Leverage net-vpc module for DNS logging in FAST (#2041) 
* revert #2023

* leverage net vpc module for dns logging in fast
 2024-02-03 08:16:00 +01:00
Julio Castillo
13636ba07b Make Cloud NAT creation optional in FAST net stages. (#2038) 
* Make Cloud NAT creation optional in FAST net stages.

Fixes #2021

* Update READMEs
 2024-02-02 10:58:16 +01:00
Ludovico Magnocavallo
d127c25ad0 Shielded nodes and custom service account in FAST GKE stage and blueprint (CSPR-related) (#2036) 
* default to shielded nodes in FAST gke stage

* use custom service account in GKE multitenant blueprint
 2024-02-01 15:16:00 +00:00
Julio Castillo
4c68c016a9 Add DNS query logging to FAST net stages (#2033) 
* Add DNS query logging to FAST net stages

Fixes #2020

* Update readmes

* Add variable to toggle DNS logging

* Extend DNS logging toggle to other net stages
 2024-01-31 13:44:51 +01:00
Ludovico Magnocavallo
01c7f806ce Selectively enable logging in FAST and firewall policy module rules (#2032) 
* use logging in firewall policy module examples

* enable logging for selected hierarchical firewall rules
 2024-01-31 09:50:35 +01:00
Ludo
1e06c35a1f fix typos 2024-01-31 09:02:55 +01:00
Ludovico Magnocavallo
c9db1fde20 clarify relationship with checklist groups (#2031) 2024-01-31 08:51:20 +01:00
Julio Castillo
da95434308 logging for default ingress rules in FAST (#2030) 
* Add default ingress deny rule with logging to FAST net stages.

Fixes #2024

* Allow firewall factory to omit rules key

* Fix tests

* Fix fast tests

* fix fast tests
 2024-01-30 16:53:01 +00:00
Julio Castillo
cdf65300f0 Fix sourcerepo templates and concat call (#2019) 
* Fix sourcerepo templates and concat call

Fixes #2018

* Fix iam

* Fix another sourcerepo template
 2024-01-30 11:46:33 +01:00
Ludovico Magnocavallo
99228363b2 enforce trusted image projects constraint in stage 0 (#2014) 2024-01-26 10:14:44 +00:00
Ludovico Magnocavallo
6d9b6403dd add support for essential contacts to FAST (#2010) 2024-01-25 12:20:14 +01:00
Ludovico Magnocavallo
c5416f3af1 Tighten up security of automation project (CSPR-related) (#2009) 
* enforce compute/iam policies on the automation project

* tests
 2024-01-24 18:40:36 +00:00
Ludovico Magnocavallo
070584ae74 Checklist attribution bucket (#2000) 2024-01-23 11:32:14 +00:00
Ludovico Magnocavallo
4b911a6047 update checklist parsing for top-level key (#1997) 2024-01-23 07:34:03 +01:00
Ludovico Magnocavallo
11d7edac64 Add example to FAST GKE stage, streamline GKE Hub module variables and usage (#1977) 
* implement optionals in gke-hub module

* simplify gke hub module call in mc mesh blueprint

* simplify gke hub module call and variables in multitenant blueprint

* gke hub inventory

* provide cluster and fleet examples in stage
 2024-01-20 10:06:38 +00:00
lcaggio
208902c8da Fix Data platform foundation (#1992) 
* FAST + Minimal DP

* Fix tests

---------

Co-authored-by: Julio Castillo <jccb@google.com>
 2024-01-20 08:49:46 +01:00
Ludovico Magnocavallo
a8c84357f4 Integrate checklist data in FAST (#1969) 
* add locals for additive and authoritative org iam roles

* first shot at IAM and logging location

* tfdoc

* use locals for locations

* fix file parsing, resman stubs

* initial resman implementation

* remove unneeded code

* fix data file

* replace dumb yamldecode

* fix wrong type in organization additive bindings try

* simplify logging local

* Use check asserts for version and org id

* Checks on checklist for resman

* refactor checks, ignore checklist files on wrong org id

* stage 0 tests

* fix checklist checks

* stage 1 tests

---------

Co-authored-by: Wiktor Niesiobędzki <wiktorn@google.com>
 2024-01-18 05:45:29 +01:00
simonebruzzechesse
b15c573f18 add locations on terraform.tfvars.sample for bootstrap stage (#1967) 
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
 2024-01-09 07:32:27 +00:00
Ludovico Magnocavallo
9d6e61428b (WIP) Read-only service accounts for automation and CI/CD (#1899) 
* add design doc for the new CI/CD sa

* describe the actual implementation

* specify which files will need to be changed

* Update 0-cicd-plan-sa.md

* Update 0-cicd-plan-sa.md

* Update 0-cicd-plan-sa.md

* Update 0-cicd-plan-sa.md

* Update 0-cicd-plan-sa.md

* Update 0-cicd-plan-sa.md

* Update 0-cicd-plan-sa.md

* Fix typo

* stage 0 read-only service accounts

* stage 0 IAM map

* linting

* cicd read-only service accounts

* tweak workflow templates

* roles and github workflow fixes

* tfdoc

* Ad-hoc custom role factory for FAST bootstrap

* use factory variable for custom roles data path

* custom roles factory in org/project modules

* tfdoc

* rename custom roles factory variable, fix gitlab template

* gitlab workflow fixes

* fix merge

* output plan results on failed assertion

* update stage 0 expected values

* data platform branch

* gke

* networking

* security

* project factory

* outputs

* workflow templates

* resman apply fixes

* tfdoc

* fix stage 1 test fixture

* fix gh workflow

* read-only resman sa roles

* fix test

* read-only resman sa roles

* read-only resman sa roles

* read-only resman sa roles

* read-only resman sa roles

* fix test variables

* rename wif principal attribute names

* rename wif principal variables

* multitenant stages

---------

Co-authored-by: Wiktor Niesiobędzki <wiktorn@google.com>
Co-authored-by: Julio Castillo <jccb@google.com>
 2023-12-27 11:33:16 +00:00
Ludovico Magnocavallo
a2263da1f3 fix GitHub CI/CD provider (#1945) 2023-12-21 17:10:50 +00:00
Ludovico Magnocavallo
e592996ba0 Revert "Add debug step for JWT tokens" (#1943) 
This reverts commit d95280081f.
 2023-12-21 14:50:27 +01:00
simonebruzzechesse
c9a8d777ba Add kernels.googleusercontent.com zone in dns response policy (#1940) 
* Add kernels.googleusercontent.com zone in dns response policy
* update fast tests
 2023-12-20 11:18:11 +01:00
Wiktor Niesiobędzki
d95280081f Add debug step for JWT tokens 2023-12-20 09:26:55 +01:00
Julio Castillo
b6e0557bbb Simplify organization tags.tf locals (#1932) 
* Simplify organization tags.tf locals

* Fix boilerplate

* Override github provider version for tests
 2023-12-18 16:09:22 +00:00
Ludovico Magnocavallo
bba814c091 Custom role factories for organization and project modules (#1912) 
* backport custom role factories

* backport from fast ci/cd branch

* indent

* tfdoc

* fix module tests
 2023-12-11 14:16:39 +00:00
ibrahimparvez2
21297f28a6 Patch Github actions ci google-github-actions/auth@v0 --> v2 (#1900) 
* MInor patch auth

* Minor update auth
 2023-12-04 12:16:02 +00:00
Julio Castillo
85b18cf42b Document fast_features (#1855) 2023-11-20 21:41:06 +00:00
Wiktor Niesiobędzki
ad14b317ab tfdoc 2023-11-16 11:45:27 +00:00
Wiktor Niesiobędzki
35f75e5a26 Add missing KMS attribute in FAST stage 2023-11-16 11:43:35 +00:00
Ludovico Magnocavallo
de0325b3a3 Avoid map-related casting errors in project factory (#1836) 
* try to repro pf example error

* repro

* repro

* pf fix

* remove extra file

* FAST stage
 2023-11-02 08:24:50 +01:00
alealr
8d06afcdb8 Updating wording 2023-10-31 14:35:27 +00:00
Simone Ruffilli
cf55638f40 FAST: rename VPC-related files to net-* (#1818) 2023-10-27 08:23:08 +00:00
Simone Ruffilli
4decc641bb Stop wrapping yamldecode with try() (#1812) 2023-10-25 16:16:05 +02:00
Simone Ruffilli
b015380028 Fix allow-nat-ranges priority 2023-10-25 14:05:15 +02:00
Simone Ruffilli
a3290f2204 FAST: Add access transparency logs to the default sinks (#1810) 
* Adds access transparency logs to the default sinks
 2023-10-24 20:09:00 +00:00
Simone Ruffilli
1836c68990 Hierarchical rules update (#1809) 2023-10-24 19:46:04 +00:00
Simone Ruffilli
1378214af5 FAST: removed references to kms_defaults (#1811) 2023-10-24 21:18:08 +02:00
Ludovico Magnocavallo
4647b07665 less verbose project factory stage outputs (#1802) 2023-10-24 09:03:35 +02:00
Ludovico Magnocavallo
a93f08e833 improve usage of optionals in FAST stage 2 VPN variables (#1797) 2023-10-23 15:23:30 +02:00
Ludovico Magnocavallo
4690bf206a Update README.md 2023-10-21 18:59:17 +02:00
Simone Ruffilli
3e16c6a959 FAST: adds support to uploading a wif provider pubkey (#1788) 2023-10-21 16:52:19 +00:00
Simone Ruffilli
6d89b88149 versions.tf maintenance + copyright notice bump (#1782) 
* Bump copyright notice to 2023

* Delete versions.tf on blueprints

* Pin provider to major version 5

* Remove comment

* Fix lint

* fix bq-ml blueprint readme

---------

Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
Co-authored-by: Julio Castillo <jccb@google.com>
 2023-10-20 18:17:47 +02:00
Ludovico Magnocavallo
e0d84fb10b add sink for workspace logs (#1780) 2023-10-19 14:51:01 +00:00
Ludovico Magnocavallo
77a4696aa6 Add gcp org policy constraints file to bootstrap stage (#1775) 
* add gcp org policy constraints file to bootstrap

* make the org policy factories more resilient
 2023-10-18 18:21:16 +00:00