kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6,033 Commits 1 Branch 1 Tag
7b993cd2f12a42c95be1bc515c8b46ab0ea8e984
Commit Graph

908 Commits

Author SHA1 Message Date
Ludovico Magnocavallo
7b993cd2f1 allow configuring dns zone names in FAST networking stages (#3021) 2025-04-09 18:53:20 +02:00
Julio Castillo
b2e26e50ae Enable storage.restrictAuthTypes org policy (#3017) 2025-04-08 15:43:24 +02:00
Matt
db165721f3 Add OKTA WIF provider definition (#3015) 
Co-authored-by: Julio Castillo <jccb@google.com>
 2025-04-08 12:48:06 +00:00
Ludovico Magnocavallo
bdc97a54c7 Properly support org policy tags in resman/project factory (#3014) 
* allow setting IAM for org policy tags, add org policy tags to pf context

* allow tag id substitution

* tfdoc
 2025-04-08 14:24:46 +02:00
Wiktor Niesiobędzki
9c93c6daa4 Add trusted images projects 2025-04-06 12:49:16 +02:00
Ludovico Magnocavallo
7aba2c1b58 allow external config of restricted services base set in vpc-sc stage (#3009) 2025-04-04 12:04:15 +00:00
Ludovico Magnocavallo
69188fa9d9 Implement support for VPC-SC perimeter membership from project factory (#3007) 
* support project factory-level vpc-sc perimeter interpolation

* fix ro role

* add support for IAM on service accounts

* fix typo
 2025-04-04 11:45:22 +00:00
JayKim
25b6020a14 Fix stage-3 CICD SA access (#3005) 2025-04-03 19:17:04 +00:00
Julio Castillo
f656a37c40 Merge branch 'master' into fast-dev 2025-04-02 14:07:33 +02:00
Julio Castillo
0c334a6128 Add roles support to VPC-SC (#3000) 2025-04-02 09:39:04 +02:00
Julio Castillo
bd829e6ba3 Allow disabling GKE IP endpoints and setting GKE VPC scope DNS domain (#2997) 
* Allow disabling IP access to GKE control plane

* Add additive VPC scope DNS domain to gke clusters

* Fix typo

* Bump provider to 6.27.0

* Update readme
 2025-04-02 07:03:58 +00:00
Wiktor Niesiobędzki
bea36cb047 Add requireInvokerIam constraint to the polices to prevent public exposure of Cloud Run services 2025-03-31 20:46:48 +02:00
simonebruzzechesse
1809552f8a Improve SecOps Anonymization pipeline (#2988) 
* update secops anonymization pipeline with new chronicle APIs

* improvements to doc for secops anonymization pipeline

---------

Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
 2025-03-29 19:09:37 +01:00
Ludovico Magnocavallo
554cc47707 Mongodb Atlas project template (#2986) 
* mongodb project definition

* wip

* add psc output to net-address module

* wip

* wip

* initial README, test

* remove providers file

* boilerplate

* tfdoc

* test

* fix unrelated test

* outputs, better README
 2025-03-29 08:43:27 +00:00
Ludo
0facab6724 Merge remote-tracking branch 'origin/master' into fast-dev 2025-03-28 09:38:22 +01:00
Luca Prete
ffb1452dbd Allow to specify function egress settings without using a VPC connector (#2967) 2025-03-19 10:38:33 +00:00
Ludovico Magnocavallo
b1c85962b8 update FAST diagram (#2961) 2025-03-17 12:48:14 +00:00
Ludovico Magnocavallo
9b04cb130a fix module ref in vpc-sc stage output (#2947) 2025-03-10 11:30:54 +00:00
Ludo
2861078898 Merge remote-tracking branch 'origin/master' into fast-dev 2025-03-10 09:52:26 +01:00
Simone Ruffilli
dda9002266 Fast 2-networking-a: removed obsolete not about lack of PSC transitivity 2025-03-05 06:55:59 +00:00
Ludovico Magnocavallo
94a406a3ef Update fast/stages/2-project-factory/outputs.tf 
Co-authored-by: Wiktor Niesiobędzki <github@vink.pl>
 2025-03-04 09:06:27 +01:00
Laurent Al Hossri
103548a8f3 fix(project_factory): bucket definition updated due to change on project factory module 2025-03-04 09:06:27 +01:00
Laurent Al Hossri
49e211b231 fix(project_factory): add condition on for_each to avoid creating a local file on non existing directory /providers if outputs_location is empty 2025-03-04 09:06:27 +01:00
dgourillon
cae5090cee Allow different principal types in bootstrap user variable (#2922) 
* handle the iam_user_bootstrap_bindings with a local.bootstrap_user to handle the case where var.bootstrap_user is a WIF user (starts with principal:// and does not require to be added the prefix user:)

* terraform fmt

* fix linting

* lint fix

* reran terraform fmt

* Fix condition

---------

Co-authored-by: Julio Castillo <jccb@google.com>
 2025-02-25 11:14:25 +00:00
Julio Castillo
3ed801c464 Use VPC-SC perimeter factory in FAST 1-vpcsc stage (#2928) 
* Use VPC-SC perimeter factory in FAST 1-vpcsc stage

* Add boilerplate

* Fix linter and schema checks

* Fix tests

* Fix schemas
 2025-02-24 12:29:51 +00:00
Antoine Méausoone
ffeb75100c fix(bootstrap): fix custom roles billing viewer duplicate permissions (#2927) 2025-02-24 12:52:30 +01:00
Wiktor Niesiobędzki
fea88ade66 Add limits for stage_names and environment 2025-02-23 18:33:32 +01:00
JayKim
1dce672d16 Fix CICD SA access (#2923) 2025-02-23 08:04:10 +01:00
dependabot[bot]
b73114c0a8 Bump requests (#2918) 
Bumps [requests](https://github.com/psf/requests) from 2.27.1 to 2.32.2.
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](https://github.com/psf/requests/compare/v2.27.1...v2.32.2)

---
updated-dependencies:
- dependency-name: requests
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
 2025-02-21 09:03:12 +00:00
Ludo
60a4179c98 fast moved file 2025-02-21 09:42:42 +01:00
Julio Castillo
21253a1768 Add title to VPC-SC directional policies (#2909) 
* Add title to VPC-SC directional policies

* Ignore versions.tf in diffs

* Update versions.tf

* Fail if a perimeter uses unknown directional policies
 2025-02-20 08:48:08 +00:00
Ludovico Magnocavallo
5312767be4 Add provider output files to project factory stage, single automation bucket in module (#2914) 
* single automation bucket, provider output files for project factory

* tfdoc

* fix outputs
 2025-02-19 17:45:56 +00:00
Julio Castillo
51bd19bc30 Update default FAST org policies (#2906) 
* Update org default org policies

* Update default FAST org policies
 2025-02-18 16:34:44 +01:00
Julio Castillo
348e4df081 Fix default compute.restrictProtocolForwardingCreationForTypes value (#2904) 2025-02-18 14:28:33 +01:00
Ludovico Magnocavallo
44de36905e Allow passing explicit regions in net test addon subnets (#2902) 
* allow passing explicit regions in net-test addon subnets

* checkout repo in labeler

* checkout repo in labeler

* revert labeler changes
 2025-02-18 10:26:39 +01:00
simonebruzzechesse
b0021cc0f1 New SecOps anonymization pipeline (#2794) 
* new secops anonymization pipeline

Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
 2025-02-17 19:23:19 +01:00
Ludovico Magnocavallo
1a4b298cc9 Project factory additions, project module reuse implementation (#2899) 
* add support for buckets

* add project-level interpolation for own SAs

* docs

* project reuse changes

* fix example

* tfdoc

* update check documentation tool

* fast tests

* blueprints

* typo
 2025-02-15 20:37:45 +01:00
Ludovico Magnocavallo
87383a1569 FAST project templates example (#2897) 
* wip

* project factory providers

* working example

* copyright, tfdoc

* rewording

* rewording

* tfdoc

* tfdoc

* tfdoc again

* fix tests

* tests
 2025-02-14 19:14:27 +00:00
Ludovico Magnocavallo
9148e76087 Add support for project-level log sinks to FAST stage 0 (#2893) 
* Fix ipv6 and align loadbalancer address types

* Release v37.3.0

* add support for project-level log sinks to stage 0

---------

Co-authored-by: Wiktor Niesiobędzki <wiktorn@google.com>
 2025-02-14 11:58:18 +01:00
Julio Castillo
fd9f92324b Update VPC-SC module and FAST stage (#2887) 
* Update VPC-SC module to support vpc subnets

* Update FAST VPC-SC variables

* Fix tests
 2025-02-13 18:04:09 +00:00
Ludovico Magnocavallo
f22d783cf7 Address DNS issues with googleapis RPZ and forwarding (#2891) 
* add empty DNS zone for googleapis to net stages

* add ipv6 records for private/restricted

* avoid permadiff in rpz ipv6 addresses
 2025-02-13 16:08:27 +00:00
Julio Castillo
e5c6045de1 Add compute.restrictProtocolForwardingCreationForTypes to importable policy set (#2888) 2025-02-13 13:00:25 +00:00
Julio Castillo
d43c624f9e Add new set of org policies with managed constraints to FAST bootstrap (#2884) 
* Managed org policies example

* Add folder with managed org policies

* Add tests for managed org policies

* Document new managed org policy set
 2025-02-12 19:38:44 +00:00
Julio Castillo
4dc61aafda Move DRS and essential contact domains to factory (#2878) 
* Move DRS and essential contact domains to factory

* Update docs
 2025-02-11 16:36:16 +00:00
Ludovico Magnocavallo
7909abe833 redraw cross-stage diagram (#2875) 2025-02-10 13:39:27 +00:00
Ludo
d15f1d9f43 Merge remote-tracking branch 'origin/master' into fast-dev 2025-02-10 10:14:00 +01:00
Simon Roberts
cfe8c130f0 Add note about the use of n-stagename/moved/ files during upgrade (#2874) 2025-02-10 07:34:37 +00:00
karpok78
e4f55fb7ff Add bucket IAM policy read (#2872) 
Allow the Project factory read only SA to retrieve buckets IAM policy for buckets created by the PF
 2025-02-09 23:55:54 +00:00
ZoranBatman
276ef62e62 update docs: clarify 0-bootstrap.auto.tfvars creation and outputs_location use (#2862) 
Co-authored-by: Zoran Zaric <mr.zoranzaric@gmail.com>
 2025-02-03 15:44:47 +00:00
karpok78
66926bbd0c Workflow templating fix (#2864) 
Fixed some issue with WIF and providers templating in workflows.
 2025-02-03 16:31:59 +01:00