kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6,723 Commits 1 Branch 1 Tag
88306fe99a333d05a214adb42f976d21bfbdac38
Commit Graph

154 Commits

Author SHA1 Message Date
Ludovico Magnocavallo
88306fe99a Adding missing context replacement type to project factory README, add folder_ids to project condition vars (#3642) 
* Adding missing context replacement type to project factory README

* add folder ids to project context condition vars
 2026-01-12 14:41:07 +01:00
Ludovico Magnocavallo
fedf90d25f Add support for pubsub to project factory (#3608) 
* add support for pubsub to project factory

* remove duplicate data access log definitions from folders

* tfdoc

* schemas

* fix example

* add pubsub topics context to org in stage 0
 2025-12-23 10:24:33 +00:00
Ludovico Magnocavallo
a554971563 Merge remote-tracking branch 'origin/master' into fast-dev 2025-12-22 06:36:05 +00:00
Josh Myers
1eb93db427 feat: project-factory folders support deletion_protection (#3595) 
* feat: project-factory buckets support deletion_protection

* chore: Update all folder.schema.json

---------

Co-authored-by: Julio Castillo <jccb@google.com>
 2025-12-18 14:25:05 +00:00
Vannick Trinquier
cc24046be8 Add CMEK support to FAST and controls for CMEK encryption (#3556) 2025-12-14 12:14:08 +07:00
Ludovico Magnocavallo
ab0f55216a Add support for descriptive name to projects (#3591) 
* add support for descriptive name to projects

* boilerplate

* fmt
 2025-12-12 09:06:47 +01:00
Ludovico Magnocavallo
216a12eae5 Fix CI/CD dataset files and provider workflow variable in FAST stage 0 (#3587) 
* fix CI/CD dataset files and provider workflow variable

* IAM principals use pool, sts uses provider

* tfdoc

* fix variable description
 2025-12-11 15:05:39 +01:00
Ludovico Magnocavallo
7cc12da6b3 Merge remote-tracking branch 'origin/master' into fast-dev 2025-12-10 18:19:11 +00:00
kovagoadam
4e88bec299 Use project numbers in billing budget filter (#3555) 
* Fixed project level billing budget filter

* Moved project_numbers local to concat block

* Fixed with try block

* fix project replacement

* tfdoc

* fix test

---------

Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
 2025-12-10 17:35:06 +00:00
Ludovico Magnocavallo
3eac45f225 Merge remote-tracking branch 'origin/master' into fast-dev 2025-12-10 16:59:06 +00:00
Josh Myers
5ab73b9f00 feat: Allow empty prefix for project_factory buckets (#3575) 
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
 2025-12-10 16:41:08 +00:00
Ludovico Magnocavallo
7c05299540 Implement additional GCS attributes in project factory (#3583) 
* implement additional bucket attributes in project factory

* update FAST schemas

* fmt/tfdoc
 2025-12-10 16:12:58 +01:00
fenyvesi-levi
4a30b2103e fixed project-factory module to pass service account description (#3579) 2025-12-09 11:26:43 +00:00
Vannick Trinquier
171a2c6690 Add support for CMEK in logging bucket, big query dataset and gke notifications (#3558) 2025-12-04 10:01:32 +00:00
Ludovico Magnocavallo
26d43d8ec5 re-enable project billing association in project factory, extends to folder (#3554) 2025-11-27 20:51:20 +00:00
Ludovico Magnocavallo
a8384b85d1 Auto-grant editor role for cloudservices in project module, expand project ids context in project factory module (#3552) 
* service agent editor role

* add internal project ids to context replacement for projects in project factory module
 2025-11-27 12:45:52 +00:00
Ludovico Magnocavallo
10e29e1eeb Context improvements: "all service accounts" principal in folder, org, project modules; custom roles in factory condition vars for FAST stage 0 (#3548) 
* iam principalsets

* fix folder

* add custom roles to factory condition vars in stage 0

* project shared vpc IAM
 2025-11-24 08:28:41 +00:00
Julio Castillo
3959bb3974 Fix aprover -> approver (#3540) 
* Fix aprover -> approver

* Once again...
 2025-11-19 08:50:23 +01:00
Ludovico Magnocavallo
897c6ef8c3 Add support for Workload Identity to project module and project factory (#3531) 
* module-level support

* fast stage 0

* fix inventory, add outputs/tfvars

* wip

* project factory

* pf outputs

* iam templates will be added where ci/cd configs are managed

* fix merge conflicts
 2025-11-17 07:31:21 +00:00
Ludovico Magnocavallo
5270586a8e fix schema doc tool, fix schema errors, regenerate schema docs (#3524) 2025-11-12 08:50:52 +01:00
Ludovico Magnocavallo
602e1731c9 Replace leftover schema links with actual files (#3522) 
* replace schema links with schemas

* vpc-sc stage
 2025-11-11 11:57:51 +01:00
Ludovico Magnocavallo
fc7aa71ada Add support for KMS key creation to project factory (#3518) 
* initial implementation

* context

* tfdoc

* add support for autokey to projects

* fix typo
 2025-11-11 07:23:50 +01:00
Ludovico Magnocavallo
ba77c6170c Allow configuring data access logs from org/folder/project schemas (#3516) 
* modules and FAST support

* module tests

* fast stage 0 dataset

* tfdoc
 2025-11-10 10:19:21 +00:00
Ludovico Magnocavallo
7e32058010 [WIP] Add support for KMS autokey (#3515) 
* wip

* folder module

* project factory schema

* remove spurious project template

* gcs and compute-vm modules

* variable order
 2025-11-09 10:46:28 +01:00
Ludovico Magnocavallo
cafb8f8aec Revert "Add support for project templates to projects variable in project fac…" (#3499) 
This reverts commit ecbf890889.
 2025-11-03 11:35:29 +01:00
Ludovico Magnocavallo
ecbf890889 Add support for project templates to projects variable in project factory module (#3498) 
* support project template in projects variable

* variable defined projects go through normalization too
 2025-11-03 09:53:14 +00:00
Ludovico Magnocavallo
0a2cc758ac Essential contacts in schemas, and email context substitutions (#3495) 
* modules

* fast

* duplicate diff

* fix contacts in FAST stage 0 datasets, update contacts in YAML schemas
 2025-11-03 08:53:29 +01:00
Ludovico Magnocavallo
f9f015a692 Implement precondition check in project factory to ensure declared templates exist (#3493) 
* pf template check

* tfdoc

* test inventories
 2025-10-31 15:32:33 +00:00
Ludovico Magnocavallo
90b6e312d3 Merge remote-tracking branch 'origin/master' into fast-dev 2025-10-30 16:55:28 +00:00
Ludovico Magnocavallo
c765043c5c add the self project key to service account namespaces (#3490) 2025-10-30 16:42:13 +00:00
Ludovico Magnocavallo
b9f9446e38 exclude folder config files from project factory paths (#3488) 2025-10-30 17:25:14 +01:00
Ludovico Magnocavallo
97596a0e8b Merge remote-tracking branch 'origin/master' into fast-dev 2025-10-26 11:19:18 +00:00
Wiktor Niesiobędzki
7fe999562a codespell fixes 2025-10-26 11:56:41 +01:00
Ludovico Magnocavallo
56b213a047 add fourth folder level to project factory module (#3467) 2025-10-26 10:34:02 +01:00
Ludovico Magnocavallo
6fafdc8780 Merge remote-tracking branch 'origin/master' into fast-dev 2025-10-25 08:08:22 +00:00
Wiktor Niesiobędzki
dc8a67b83a yamllint modules 2025-10-24 13:11:17 +02:00
Ludovico Magnocavallo
b0bc896a68 Allow null project id in service account module when reusing service account (#3452) 
* allow null project id for service account reuse

* fix pf
 2025-10-22 16:51:06 +00:00
Ludovico Magnocavallo
7ea9612b07 Allow skipping data source in service account module (#3450) 
* test implementation

* wip

* service account reuse

* fix fast stage test

* revert cicd changes

* remove unused dep

* add comment on extra condition
 2025-10-22 13:04:00 +02:00
Ludovico Magnocavallo
7b272da6b6 Merge remote-tracking branch 'origin/master' into fast-dev 2025-10-21 18:38:50 +00:00
Julio Castillo
367184561b Few more typos 2025-10-21 15:13:51 +02:00
Vannick Trinquier
c60ae3652a Adding hardened datasets for preventive and detective Compliance Controls (#3410) 
* Adding hardened datasets for preventive and detective Compliance Controls in stage 0 and stage 1 VPC-SC

* Move observability to factory file

* Update documentation

* Update local variable for use

* Update observability factory to use other module

* Add raw diagram file for hardened datasets

* Retrofit change

* Rename log_buckets context variable to be consistent across modules

* Update stage 0 documentation to mention hardened dataset

* Update customer ids list

* Update documentation, path to schema add ID to access level

* Comment organization policy gcp.resourceLocation by default

* Prevent duplicate key error by merging principal roles

* Adding ngfw roles files in hardened datasets

* Update script to validate files differences to support folder and datasets

* Format duplicate-diff python script

* Remove .config.yaml from duplicates

---------

Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
 2025-10-21 10:34:25 +00:00
Ludovico Magnocavallo
6fe142608d fix merge 2025-10-20 13:59:18 +00:00
Ludovico Magnocavallo
ec09414823 Merge remote-tracking branch 'origin/master' into fast-dev 2025-10-20 13:58:44 +00:00
Julio Castillo
48f6b4cd49 Add PAM support (#3438) 
* PAM first pass

* Add factory and extend to organization

* Extend to project, add examples

* Add additionalProperties to all objects

* Fix boilerplate

* Expose pam_entitlements to project-factory

* Fix readme

* Move entitlements to second folder/project pass

* extend tests

* Fix readme

* Remove timeouts from inventories
 2025-10-20 12:50:37 +00:00
Ludovico Magnocavallo
a4f9924680 Merge remote-tracking branch 'origin/master' into fast-dev 2025-10-20 06:33:53 +00:00
Vannick Trinquier
30f46f09d6 Apply alerts and log based metrics after log buckets creation (#3442) 2025-10-20 06:13:42 +00:00
Ludovico Magnocavallo
ff71c9f1a3 fix pf merge 2025-10-18 14:30:57 +00:00
Ludovico Magnocavallo
2f9234547c fix pf merge 2025-10-18 14:30:46 +00:00
Ludovico Magnocavallo
f5a05b3097 fix pf merge 2025-10-18 14:27:24 +00:00
Ludovico Magnocavallo
5e05044306 Merge remote-tracking branch 'origin/master' into fast-dev 2025-10-18 14:22:57 +00:00