kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6,044 Commits 1 Branch 1 Tag
8b9979d93e8ca3f79ceee969389d96aba364a136
Commit Graph

914 Commits

Author SHA1 Message Date
Ludovico Magnocavallo
7909abe833 redraw cross-stage diagram (#2875) 2025-02-10 13:39:27 +00:00
Ludo
d15f1d9f43 Merge remote-tracking branch 'origin/master' into fast-dev 2025-02-10 10:14:00 +01:00
Simon Roberts
cfe8c130f0 Add note about the use of n-stagename/moved/ files during upgrade (#2874) 2025-02-10 07:34:37 +00:00
karpok78
e4f55fb7ff Add bucket IAM policy read (#2872) 
Allow the Project factory read only SA to retrieve buckets IAM policy for buckets created by the PF
 2025-02-09 23:55:54 +00:00
ZoranBatman
276ef62e62 update docs: clarify 0-bootstrap.auto.tfvars creation and outputs_location use (#2862) 
Co-authored-by: Zoran Zaric <mr.zoranzaric@gmail.com>
 2025-02-03 15:44:47 +00:00
karpok78
66926bbd0c Workflow templating fix (#2864) 
Fixed some issue with WIF and providers templating in workflows.
 2025-02-03 16:31:59 +01:00
Julio Castillo
e0a3a3c7bb Expose custom constraint factory in bootstrap (#2854) 
* Expose custom constraint factory in bootstrap

* Silence linter

* Fix tests
 2025-01-31 07:03:29 +01:00
Julio Castillo
059cedcd64 Allow addons to any flex stage 2 (#2853) 2025-01-30 19:04:28 +01:00
Julio Castillo
ca5f28b0fd Support mulitple universes in bootstrap (#2851) 
* Initial support for universes in bootstrap

* Add var description

* Add universe to globals output

* Fix typo

* Update README

* Allow universes to exclude services

* Move service exclusion to project module

* Move service exclusion loging to the project module

---------

Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
 2025-01-30 11:35:57 +00:00
Ludovico Magnocavallo
95ec5ee3b5 Flexible stage 2s in FAST resource manager (#2840) 
* wip

* WIP

* wip

* wip

* apply untested

* tests

* support tag expansion for tenant-level installations in IAM conditions

* fix stage config output

* inventories

* remove dev files

* tfdoc

* enable org policies for stage folders

* resman README

* tfdoc

* stage 3 documentation

* inventory

* support extra_dirs in testing franework

* remove org policy files from stage 1

* Add principal interpolation to iam_by_principals (#2847)

* Add principal interpolation to iam_by_principals

* Fix tests

* relax schemas

* relax schemas

---------

Co-authored-by: Julio Castillo <jccb@google.com>
 2025-01-29 12:16:35 +00:00
Ludovico Magnocavallo
fcb4ff54ee Revert "Allow multiple stage-2 project factories (#2834)" (#2839) 
This reverts commit f6a8190946.
 2025-01-26 10:37:43 +01:00
Julio Castillo
bee7e30b2b Interpolate SAs in tag-level iam (#2836) 2025-01-24 10:39:03 +01:00
Julio Castillo
f6a8190946 Allow multiple stage-2 project factories (#2834) 
* Allow multiple stage 2 project factories

* Fix bindings and rename default project factory

* Remove debug

* Update readme
 2025-01-24 00:38:22 +01:00
Julio Castillo
cbd66f8462 Allow networking stage to be disabled (#2831) 2025-01-22 07:45:22 +01:00
Ludovico Magnocavallo
42a3ee44d0 Small fix to net test add-on context expansion (#2828) 
* Small fix to net test add-on context expansion

* linting
 2025-01-21 11:14:43 +01:00
Julio Castillo
9c22337ed1 Fix stage-1 addons provider files (#2826) 2025-01-21 07:55:40 +01:00
Ludovico Magnocavallo
6aed84f070 FAST add-on for networking test resources (#2825) 
* needs testing

* add-on README, test, remove test resources from net stages

* tfdoc
 2025-01-20 09:41:35 +01:00
Ludovico Magnocavallo
1c2e3c5677 Update service activation in ngfw add-on (#2823) 
* align services use in ngfw add-on with swp

* update ngfw README example
 2025-01-18 14:23:23 +01:00
Ludovico Magnocavallo
f646e85301 FAST SWP networking add-on (#2821) 
* prototype implementation, untested

* halfway through refactor

* refactor cas module pool variable

* apply cas module refactor to ngfw fast addon

* untested

* test

* tflint

* tflint

* tfdoc

* fix brainfarts

* tfdoc

* update ca pool type in security stage
 2025-01-18 07:12:40 +00:00
Simone Ruffilli
8b31a006c7 Top level folder factory support for automation SA IAM (#2818) 
* Top level folder factory support for automation SA IAM

* Fixes iam_bindings and iam_bindings_additive for top-level-folder

---------

Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
 2025-01-16 10:32:59 +01:00
Ludovico Magnocavallo
b608e3756e Fix permadiff in stage 0 vpc-sc service account, add schemas to hierarchical policy YAML files (#2817) 
* fix permadiff in stage 0

* add missing schema

* update test inventories
 2025-01-15 09:47:04 +00:00
Ludo
206fd28419 Merge remote-tracking branch 'origin/master' into fast-dev 2025-01-14 17:04:18 +01:00
Julio Castillo
c59470a4fb Update logging_data_access type (#2816) 
* Update logging_data_access variables to use types

* Fix dependencies

* fix schema

* Add missing comma

* Fix try
 2025-01-14 16:00:35 +00:00
Luca Prete
bf528ec89d [FAST] Add missing permission to ngfwEnterpriseAdmin role (#2815) 
Co-authored-by: Luca Prete <lucaprete@google.com>
 2025-01-14 08:40:57 +00:00
Liam Johnston
ec59f70a5c feat: include network tfvars in project factory (#2813) 2025-01-14 07:29:38 +01:00
Ludo
ef5e228f42 fix conflict 2025-01-13 15:01:09 +01:00
Julio Castillo
0cea946ced Simplify versions tf and update FAST workflows (#2812) 
* Simplify versions tf and update FAST workflows

* Fix typos
 2025-01-12 20:39:01 +00:00
Ludovico Magnocavallo
962fd34e76 Small fixes and improvements to FAST netsec/net (#2810) 
* remove obsolete stage-links script

* update networking stages fast envs

* add security policy groups FAST variable and context to net stages

* small networking/ngfw fixes
 2025-01-11 13:48:44 +01:00
Ludovico Magnocavallo
27f1cc2b79 Implement FAST stage add-ons, refactor netsec as add-on (#2800) 
* security fixes

* change netsec to be a virtual stage in resman

* remove netsec bits from security stage, leave CAs in place

* netsec - security profile groups

* export regions to networking tfvars

* netsec - trust stores

* netsec refactor, untested

* netsec plan working

* netsec apply

* netsec apply errors

* netsec diagram

* update diagram

* move addon stages to addons folder

* remove top-level assets folder

* deprecate and remove fast plugins

* addon tests

* dynamic addon providers and cicd, untested

* stage 1 addons in stage 0, refactor stage 0 cicd

* addons and cicd refactor in stage 0 with tests

* refactor stage 0 cicd

* readd removed block

* small bootstrap cicd fixes

* refactor stage 1 cicd

* resman tests

* remove plugins from networking tests

* fix fast tests

* ngfw addon outputs

* try to fix unrelated tflint error in bootstrap

* remove common tfvars from bootstrap tests to fix linter errors

* tfdoc

* minimal readmes and links fixes

* tfdoc

* trim down test inventories

* fix plan test

* tfdoc

* allow configuring output files names

* fix tls inspection after adding count to project module

* comment fixes

* tfdoc
 2025-01-09 18:14:11 +00:00
Ludovico Magnocavallo
d6d582e636 Add optional support for fw policies via new vpc_configs variable, refactor factories variable in net stages (#2801) 
* net a

* extend change to other networking stages

* refactor factories config variable in net a

* net b and c

* complete net b

* fix errors, add mtu

* fix

* fix

* fix errors
 2025-01-09 17:14:55 +01:00
Ludo
e07adf71c1 rollback 2025-01-09 16:43:56 +01:00
Ludo
4bae08f61e fix 2025-01-09 16:43:01 +01:00
Ludovico Magnocavallo
647895a928 Leverage environments for folder and project creation in FAST resman and security (#2787) 
* resman

* resman tests

* untested sec changes

* plan fixes

* tests, tfdoc, test apply

* boilerplate

* resource naming
 2024-12-27 21:03:31 +01:00
Luca Prete
e72303a94b [FAST] Remove unused stage 1 CICD variables (#2774) 2024-12-17 17:26:02 +01:00
Ludovico Magnocavallo
91da1c6482 Support customizable resource names to fast stage 1 (#2769) 
* add support for resource names to fast stage 1

* tflint version
 2024-12-16 18:07:28 +00:00
Ludovico Magnocavallo
0fa257e6b1 Support customizable resource names in FAST stage 0 (#2768) 
* support customizable resource names in FAST stage 0

* tfdoc

* tflint

* remove comment

* use object type

* tfdoc

* bump tf version

* bump terraform version in versions files

* tf version in ci

* trigger workflow
 2024-12-16 17:46:34 +01:00
Ludovico Magnocavallo
133a9bb133 fix workspace logs sink in FAST bootstrap stage (#2767) 2024-12-13 13:22:42 +00:00
Ludovico Magnocavallo
ae9f4c6d74 allow optional creation of billing resources in FAST boostrap stage (#2766) 2024-12-13 12:32:16 +01:00
Ludovico Magnocavallo
d86b8d565c Refactor GKE cluster modules access configurations, add support for DNS endpoint (#2761) 
* stub

* gke standard module and tests

* blueprints

* tfdoc

* autopilot

* blueprints

* tfdoc

* gke hub module examples

* dataproc and gke fixture
 2024-12-12 11:02:24 +01:00
Ludovico Magnocavallo
1a1886c551 fix parent id lookup for networking and security stages (#2744) 2024-12-04 21:08:31 +01:00
mtndrew404
7c858f4753 Fixing yaml naming in prod subnet folder to match other lifecycles (#2733) 2024-11-26 06:40:21 +00:00
Ludovico Magnocavallo
008202129b add missing role to org-level delegated IAM grants (#2731) 2024-11-23 07:58:13 +01:00
Ludo
a3bffbbcbf Merge remote-tracking branch 'origin/master' into fast-dev 2024-11-22 07:39:09 +01:00
Ludovico Magnocavallo
5af0f90929 Allow setting GCS location default/override in project factory (#2715) 
* allow setting GCS location default/override in project factory

* tflint
 2024-11-18 17:45:52 +01:00
Julio Castillo
81166b3601 Remove stale validation (#2714) 2024-11-18 16:00:06 +00:00
Julio Castillo
4a739fcb87 Expose factories_config for resman top level folders (#2707) 
* Expose factories_config for top_level_folders

* Complete top level folder schema

* Update README

* Fix escapes

* Update tests
 2024-11-17 22:54:56 +00:00
Julio Castillo
bb65920b4b Merge branch 'master' into fast-dev 2024-11-17 22:01:21 +01:00
Joshua Wright
2676010629 Add Automation Service Accounts Output (#2640) 
* Add Automation Service Accounts Output

* Add Automation Service Accounts Output

* Add Projects Output, Along with Docs

* Fix output

---------

Co-authored-by: Julio Castillo <jccb@google.com>
 2024-11-17 17:29:06 +00:00
Julio Castillo
1fc5e90bdd Allow disabling network security stage (#2701) 
* Allow disabling security stage

* Remove deprecated network_firewall_policies_viewer

* Enable nsec in resman tests
 2024-11-17 10:04:18 +01:00
Julio Castillo
f140adfab8 Remove REGIONAL/MULTI_REGIONAL buckets from FAST (#2697) 2024-11-16 10:14:47 +00:00