kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5,977 Commits 1 Branch 1 Tag
83755da3e72258efa6f4cecfad4b3e2f2d20727f
Commit Graph

5977 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ludo
206fd28419 Merge remote-tracking branch 'origin/master' into fast-dev 2025-01-14 17:04:18 +01:00
Julio Castillo
c59470a4fb Update logging_data_access type (#2816) 
* Update logging_data_access variables to use types

* Fix dependencies

* fix schema

* Add missing comma

* Fix try
 2025-01-14 16:00:35 +00:00
Julio Castillo
7eff7b19dc Add iam_by_principals_additive to project, organization and folder modules (#2814) 
* First attempt at iam_by_principals_additive

* Remove validation

* Update IAM ADR

* Apply to organization and project modules

* Update READMEs

* Add tests

* Remove "cycle errors"
 2025-01-14 12:32:19 +00:00
Luca Prete
bf528ec89d [FAST] Add missing permission to ngfwEnterpriseAdmin role (#2815) 
Co-authored-by: Luca Prete <lucaprete@google.com>
 2025-01-14 08:40:57 +00:00
Liam Johnston
ec59f70a5c feat: include network tfvars in project factory (#2813) 2025-01-14 07:29:38 +01:00
Ludo
ef5e228f42 fix conflict 2025-01-13 15:01:09 +01:00
Julio Castillo
0cea946ced Simplify versions tf and update FAST workflows (#2812) 
* Simplify versions tf and update FAST workflows

* Fix typos
 2025-01-12 20:39:01 +00:00
Ludovico Magnocavallo
962fd34e76 Small fixes and improvements to FAST netsec/net (#2810) 
* remove obsolete stage-links script

* update networking stages fast envs

* add security policy groups FAST variable and context to net stages

* small networking/ngfw fixes
 2025-01-11 13:48:44 +01:00
Ludo
d250c4e726 prepare v37.0.0-rc1 2025-01-10 17:09:08 +01:00
Ludo
2d09d2ea74 Merge remote-tracking branch 'origin/master' into fast-dev 2025-01-10 17:04:06 +01:00
Ludo
21045cb333 prepare for v36.1.0 2025-01-10 16:56:01 +01:00
Ludo
96d881aa57 update changelog 2025-01-10 16:52:15 +01:00
dependabot[bot]
e64ba759fd Bump golang.org/x/net (#2808) 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.23.0 to 0.33.0.
- [Commits](https://github.com/golang/net/compare/v0.23.0...v0.33.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-01-10 15:48:39 +00:00
Ludo
39efcc1104 update changelog 2025-01-10 16:34:55 +01:00
rshokati2
b4abbfe9d0 Add intercepting sinks to the organization and folder modules (#2799) 
* RS-469: add support for intercept child on audit logging

* RS-469: add validation to ensure sink is set to project

* RS-469: add further validation to ensure include_children is also set to true when intercept is selected

* Update README

* RS-469: include optional flag for include and intercept

* RS-469: add intercept feature to folder module

* Fix organization README

* Fix condition

---------

Co-authored-by: Emile Hofsink <72841492+EmileHofsink@users.noreply.github.com>
Co-authored-by: Julio Castillo <jccb@google.com>
 2025-01-10 10:36:08 +00:00
Ludovico Magnocavallo
27f1cc2b79 Implement FAST stage add-ons, refactor netsec as add-on (#2800) 
* security fixes

* change netsec to be a virtual stage in resman

* remove netsec bits from security stage, leave CAs in place

* netsec - security profile groups

* export regions to networking tfvars

* netsec - trust stores

* netsec refactor, untested

* netsec plan working

* netsec apply

* netsec apply errors

* netsec diagram

* update diagram

* move addon stages to addons folder

* remove top-level assets folder

* deprecate and remove fast plugins

* addon tests

* dynamic addon providers and cicd, untested

* stage 1 addons in stage 0, refactor stage 0 cicd

* addons and cicd refactor in stage 0 with tests

* refactor stage 0 cicd

* readd removed block

* small bootstrap cicd fixes

* refactor stage 1 cicd

* resman tests

* remove plugins from networking tests

* fix fast tests

* ngfw addon outputs

* try to fix unrelated tflint error in bootstrap

* remove common tfvars from bootstrap tests to fix linter errors

* tfdoc

* minimal readmes and links fixes

* tfdoc

* trim down test inventories

* fix plan test

* tfdoc

* allow configuring output files names

* fix tls inspection after adding count to project module

* comment fixes

* tfdoc
 2025-01-09 18:14:11 +00:00
Ludovico Magnocavallo
d6d582e636 Add optional support for fw policies via new vpc_configs variable, refactor factories variable in net stages (#2801) 
* net a

* extend change to other networking stages

* refactor factories config variable in net a

* net b and c

* complete net b

* fix errors, add mtu

* fix

* fix

* fix errors
 2025-01-09 17:14:55 +01:00
Ludo
e07adf71c1 rollback 2025-01-09 16:43:56 +01:00
Ludo
4bae08f61e fix 2025-01-09 16:43:01 +01:00
Ludo
3097a54d30 Merge remote-tracking branch 'origin/master' into fast-dev 2025-01-09 16:38:01 +01:00
apichick
1ce9aff3b5 ASN should be optional in router_config variable as it is not necessary if the router is passed and not created by the net-vpn-ha module (#2806) 2025-01-09 14:46:42 +00:00
dependabot[bot]
8b9665a828 Bump golang.org/x/net (#2807) 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.23.0 to 0.33.0.
- [Commits](https://github.com/golang/net/compare/v0.23.0...v0.33.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-01-09 14:02:26 +00:00
Julio Castillo
cf173701b6 New tool versions.py to manage versions.tf/tofu (#2803) 
* Add provider_metadata to all modules

* Fix linting version check

* Another way

* Fix syntax

* Add fabric prefix to all provider meta

* Fix linting.yml
 2025-01-09 09:57:48 +01:00
apichick
9723cc2a57 Added BGP priority variable for dedicated interconnect because it was harcoded to 100 and removed default bgp range, so it can be automatically picked up if not specified (#2802) 2025-01-07 18:07:55 +01:00
Ludovico Magnocavallo
6844a19e74 Update addon-stages.md 2025-01-07 08:01:38 +01:00
Ludovico Magnocavallo
0ae0c3dad6 Update addon-stages.md 2025-01-07 08:01:16 +01:00
Ludovico Magnocavallo
3ec627682f Update addon-stages.md 2025-01-07 08:00:25 +01:00
Ludo
8ab982cd24 Merge remote-tracking branch 'origin/master' into fast-dev 2025-01-06 20:50:11 +01:00
Joshua Wright
325a997d79 Add Alerts, Logging, Channels Factories (#2758) 
* WIP: Logging Alerts Factory

* Implement Logging Alerts on Remaining Modules

* Documentation & FMT

* Convert To Multiple Factories

* Correct Project

* Update Documentation

* Update modules/project/alerts-factory.tf

Co-authored-by: Julio Castillo <jccb@google.com>

* Update fast/stages/0-bootstrap/data/logging-metrics/compliance.yaml

Co-authored-by: Julio Castillo <jccb@google.com>

* Update Tests, Resources

* tests

* Fix Tests

* Fix formatting

* Reformat metric filters

* Formatting, reordering, and small fixes

* Bring back alerts and metrics documentation

* Revert change bootstrap outputs.tf

* Fix project notification channel vars and factories

* Fix vars and factory for logging alerts

* Complete alert variable and factory

* Reorder fields

* Update readme

* Reorder variables

* Add schemas, update README, and fix some types

* Remove default alerts email from project and project-factory

* Move observability factory to a single file

* Add outputs to project module

* Add factories_config to PF data_defaults and data_overrides

* Reorder PF field processing

* Revert fast/ to master.

We'll do observability stuff in a separate PR

* Remove observability from FAST

* Remove new FAST tests

* Remove unused local

* Fix tests

---------

Co-authored-by: Julio Castillo <jccb@google.com>
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
 2025-01-05 19:49:20 +00:00
Ludovico Magnocavallo
2e86b09d0b ADR proposal for FAST add-on stages (#2798) 
* ADR proposal for FAST add-on stages

* Update addon-stages.md

* Update addon-stages.md

* Update addon-stages.md

* Update addon-stages.md

* Update addon-stages.md

* Update addon-stages.md

* Update addon-stages.md

* Update addon-stages.md

* Update addon-stages.md

* Update addon-stages.md
 2025-01-05 16:02:47 +01:00
simonebruzzechesse
0de38240a2 add docker image tag to bindplane config variable (#2796) 2025-01-03 16:52:51 +01:00
Wiktor Niesiobędzki
cbaf6928d6 fix non-empty plan after apply for vertex mlops 2024-12-31 17:27:47 +01:00
Julio Castillo
c73f912d43 Fabric e2e fixes (#2791) 
* Try to fix fabric e2e tests. Update service agents

* Fix typo

* Fix syntax

* Delay PSA creation until service agents have roles assigned

* Fix tests
 2024-12-31 15:25:36 +01:00
Ludovico Magnocavallo
510d76dff1 Merge remote-tracking branch 'origin/master' into fast-dev 2024-12-30 10:58:51 +01:00
Wiktor Niesiobędzki
76b108d7a7 Fix cycle in the plan 
Without this change, terraform errors with:
│ Error: Cycle: module.project.google_storage_bucket_iam_member.gcs-sinks-binding, module.project.google_project_iam_member.project-sinks-binding, module.project.google_essential_contacts_contact.contact, module.project.google_bigquery_dataset_iam_member.bq-sinks-binding, module.project.google_project_iam_member.bucket-sinks-binding, module.project (close), module.project.output.sink_writer_identities (expand), local.cluster_sa (expand), module.project.var.iam_bindings_additive (expand), module.project.google_project_iam_member.bindings, module.project.google_logging_project_sink.sink, module.project.google_pubsub_topic_iam_member.pubsub-sinks-binding

The actual error is wrong variable reference.

Closes: #2789
 2024-12-29 20:30:59 +01:00
Ludovico Magnocavallo
647895a928 Leverage environments for folder and project creation in FAST resman and security (#2787) 
* resman

* resman tests

* untested sec changes

* plan fixes

* tests, tfdoc, test apply

* boilerplate

* resource naming
 2024-12-27 21:03:31 +01:00
Ludovico Magnocavallo
33b129eb12 Merge remote-tracking branch 'origin/master' into fast-dev 2024-12-26 16:50:08 +01:00
Wiktor Niesiobędzki
c176ea16be Make PSA connection more robust 2024-12-26 16:37:24 +01:00
Ludo
4dd679ff80 Merge branch 'fast-dev' of github.com:GoogleCloudPlatform/cloud-foundation-fabric into fast-dev 2024-12-26 08:56:17 +01:00
Ludo
c9cb93584b update changelog 2024-12-25 08:25:57 +01:00
Ludovico Magnocavallo
94c5e630e7 fix validation message (#2784) 2024-12-25 08:25:07 +01:00
Harvey Liu
59e3c87034 Update net-lb-app-ext security_settings variables (#2783) 
* updates

- set client_tls_policy as optional
- set subject_alt_names as optional

* update

run cmd ./tools/tfdoc.py modules/net-lb-app-ext to fix linting error
 2024-12-25 07:52:31 +01:00
simonebruzzechesse
bf2995d94b Fix bindplane cos module (#2781) 
Fix bindplane cos module
 2024-12-23 10:37:09 +01:00
Ludo
7cb162bfb2 update changelog 2024-12-21 11:27:26 +01:00
Sergio Rodriguez
1e4a3a4bb8 an empty ssl_certificates list should be set to null (#2780) 
An empty `ssl_certificates` list will conflict with a user-defined
`certificate_manager_certificates` value, so exclude it.
 2024-12-21 10:26:29 +00:00
Wiktor Niesiobędzki
ddd8382e7c fix failing tofu tests 2024-12-20 10:19:01 +01:00
Julio Castillo
efddd1c45e Document tag_bindings definition as map(string) (#2777) 2024-12-19 14:47:32 +01:00
Julio Castillo
f1acc92864 Add support for log views and log scopes (#2776) 
* Add views and tags to logging bucket

* Add logs scopes to project

* Add missing inventory
 2024-12-18 18:29:44 +01:00
simonebruzzechesse
e241624040 New BindPlane OP Management console on GKE SecOps blueprint (#2721) 
new bindplane on GKE secops blueprint
 2024-12-17 22:16:40 +01:00
Luca Prete
e72303a94b [FAST] Remove unused stage 1 CICD variables (#2774) 2024-12-17 17:26:02 +01:00