kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6,974 Commits 1 Branch 1 Tag
99f53d37f003ef534bea8127c0fbffd5b4a8e8a2
Commit Graph

1614 Commits

Author SHA1 Message Date
Ludovico Magnocavallo
fda89827a2 revert #3704 (#3713) 2026-02-07 11:08:25 +01:00
Vannick Trinquier
d499dc6928 Add support for bucket logging configuration in module gcs and project-factory (#3699) 2026-02-06 14:14:46 +07:00
Ludovico Magnocavallo
06da98fac6 Fix regression in project factory module context (#3708) 
* fix regression in pf

* regression test
 2026-02-05 18:06:34 +00:00
lopezvit
97297d6065 fix(project-factory): Correctly interpolate IAM principals in tags (#3704) 
* fix(project-factory): Correctly interpolate IAM principals in tags

Moves the processing of `tags` and `tag_bindings` from the `projects` module instance to the `projects-iam` instance.

This fixes a bug where IAM principals for automation service accounts, referenced via `$iam_principals:service_accounts/...`, were not being interpolated within `tags` IAM definitions. The `projects` module was called before the automation service account context was available, leading to the literal string being used instead of the service account email. Processing tags in the `projects-iam` module ensures the full context is available for interpolation.

Adds new tests for both the `project` and `project-factory` modules to validate the fix.

* fix(project-factory): Tag creation is now done in 2 steps.

1st step(projects): Creation of the tags without IAM bindings
2nd step(projects-iam): IAM bindings without creating the tags again
That way we are more backwards compatible as tags and tags values are back to be under  module.project-factory.module.projects["*"].google_tags_tag_*

* fix(modules/project-factory): introduce fix suggested by @ludoo, fix logs

* fix(modules/project-factory): fix linting

---------

Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
 2026-02-05 15:50:43 +00:00
Ludovico Magnocavallo
8e7253ba11 add missing IAM interface attributes to service account module (#3700) 2026-02-04 12:07:06 +01:00
Simone Ruffilli
1404fb20da Net-vpc-factory (#3696) 
This PR (re :D)introduces module net-vpc-factory, a minimal factory that deals with vpcs, subnets, and firewall rules creation, meant to be embedded into other factories, starting with 2-data-platform and 2-networking.
 2026-02-04 11:36:58 +01:00
Vannick Trinquier
2af44b0651 Add support for security command center mute rules in module organization, folder and project (#3694) 2026-02-04 08:31:05 +07:00
Julio Castillo
3e277d808a Fix project-factory observability factory (#3695) 2026-02-02 16:02:00 +00:00
Ludovico Magnocavallo
67b44ee39e fix inventory 2026-01-31 07:23:41 +00:00
Ludovico Magnocavallo
cdc5e7df45 prep v52.0.0 2026-01-30 16:00:47 +00:00
Ludovico Magnocavallo
12fd675c8c Merge remote-tracking branch 'origin/master' into fast-dev 2026-01-30 15:59:10 +00:00
Ludovico Magnocavallo
1f8c2b36da prep v51.1.0 2026-01-30 15:58:47 +00:00
Ludovico Magnocavallo
30810146cf Merge remote-tracking branch 'origin/master' into fast-dev 2026-01-30 15:54:45 +00:00
Ludovico Magnocavallo
06c6df5fec allow null prefixes in project factory when override is not set (#3691) 2026-01-30 16:52:50 +01:00
Luca Prete
dc2ccfe518 Fix Agent Engine PSC-I configuration (#3687) 2026-01-30 07:38:41 +01:00
Luca Prete
3877a40119 Add PSC-I support to Agent Engine module (#3686) 2026-01-30 07:24:06 +03:00
Thomas Colomb
a29b1619e9 fix(gke-cluster-standard): Avoid perpetual diff on network tags in node_pool_auto_config block (#3680) 
* fix(gke-cluster-standard): Avoid perpetual diff on network tags in node_pool_auto_config block

* Fix test, remove network tags when empty
 2026-01-27 14:12:21 +00:00
Ludovico Magnocavallo
d95c4fcc3f Merge remote-tracking branch 'origin/master' into fast-dev 2026-01-27 11:55:58 +00:00
Ludovico Magnocavallo
8490df96bf Use context syntax for VPC-SC access levels and policies (#3678) 
* access levels as context

* ingress/egress context in module

* ingress/egress context in module

* update FAST

* tfdoc

* context test
 2026-01-26 15:12:26 +00:00
Ludovico Magnocavallo
91973aca23 add support for custom periods in factory budgets (#3674) 2026-01-24 09:58:25 +00:00
Ludovico Magnocavallo
b18a883506 Support universe-specific package domain in artifact registry module (#3671) 
* universe

* tflint

* yamllint
 2026-01-23 15:55:14 +01:00
Julio Castillo
8dde9fe773 Fix domains of default service accounts when universe is present (#3670) 2026-01-23 14:11:17 +00:00
Julio Castillo
1e82683b15 Add service connection policies to net-vpc (#3667) 2026-01-23 12:51:00 +00:00
lopezvit
6db25b1a08 Add support for the Assured Workloads in the project factory (#3666) 
* Add support for the Assured Workloads in the project factory

* Fix test after requiring organization as a var
 2026-01-23 13:21:48 +01:00
Vannick Trinquier
2ea4c27fe8 Add context support for constraints and additional controls for hardened datasets (IAM, GKE and others) (#3661) 2026-01-23 08:28:02 +07:00
Julio Castillo
d46b39b717 Add missing context interpolations (#3659) 2026-01-20 20:21:56 +01:00
Julio Castillo
d9e1b924a1 Add asset_feeds to resman modules (#3658) 
* Add asset_feeds to resman modules

* Add examples and update readmes

* Extend pubsub_topic context to project and folder modules

* Use pubsub_topic context for pubsub_destination

* Update readmes and add project-factory asset_feed example

* Update context tests

* Update schemas
 2026-01-20 14:37:35 +00:00
Ludovico Magnocavallo
9d486022bf Merge remote-tracking branch 'origin/master' into fast-dev 2026-01-20 08:47:01 +00:00
Ludovico Magnocavallo
04de8f7de7 Support CMEK configuration in org module logging settings, expose identities in FAST context (#3656) 
* support CMEK configuration in org module logging settings, expose identities as FAST contexts

* remove hash from inventories
 2026-01-19 13:35:30 +01:00
Vannick Trinquier
8342558732 Implement various compliance configuration and principle of least privilege for hardened dataset (#3635) 2026-01-19 15:46:15 +07:00
Luca Prete
ecb92b508c Add ability to use existing source files in GCS. (#3653) 2026-01-15 16:39:05 +00:00
Ludovico Magnocavallo
86268888b4 Merge remote-tracking branch 'origin/master' into fast-dev 2026-01-14 15:06:31 +00:00
Julio Castillo
cff8a25c59 Introduce iam_by_principals_conditional (#3649) 
* Introduce iam_by_principals_conditional

* Add iam_by_principals_conditional to project factory

* Update IAM ADR

* Update project factory readme

* Sync FAST schemas

* Update organization schema

* Add resman tests for iam_by_principals_conditional

* Update PF project-defaults.tf

* Update copyright
 2026-01-14 11:16:07 +00:00
David Liebert
649cab0020 fixed bug where label field is ignored for policy based routes (#3648) 
* fixed bug where label field is ignored for policy based routes

* Fix example and inventory

* Add missing schema

---------

Co-authored-by: Julio Castillo <jccb@google.com>
 2026-01-14 09:48:16 +00:00
Ludovico Magnocavallo
66bbaeb854 fix observability in stage 0 (#3646) 2026-01-13 09:34:59 +00:00
Ludovico Magnocavallo
88306fe99a Adding missing context replacement type to project factory README, add folder_ids to project condition vars (#3642) 
* Adding missing context replacement type to project factory README

* add folder ids to project context condition vars
 2026-01-12 14:41:07 +01:00
Julio Castillo
6febcfe136 Add support for mirroring rules to modules/net-firewall-policy (#3636) 
* Add support for mirroring rules to net-firewall-policy

* Split mirroring rules

* Add schema

* Sort variables
 2026-01-12 11:10:43 +00:00
Eric Zhao
c1248d328a Allow any VPC for (secure) network_tags (#3634) 
* feat: allow all for VPC networks

* feat: add examples

* feat: add header

* feat: module test

* fix: update network testing data to pass validation

---------

Co-authored-by: Julio Castillo <jccb@google.com>
 2026-01-12 09:34:18 +00:00
Vannick Trinquier
ca413b8aa8 Add support to VPC flow logs for PSC subnet (#3639) 2026-01-12 15:56:14 +07:00
Ludovico Magnocavallo
f8f856c9ac reinstate v51.0.0 2026-01-08 13:32:59 +00:00
Ludovico Magnocavallo
da29af53c9 Revert "Use additive resource for perimeter resources in vpc-sc module when i…" (#3631) 
This reverts commit a3e09197c7.
 2026-01-08 14:29:40 +01:00
Ludovico Magnocavallo
12d0bbf2fc Revert "fix previous change to vpc sc module (#3629)" (#3630) 
This reverts commit dc35ce15ee.
 2026-01-08 14:28:57 +01:00
Ludovico Magnocavallo
1b4930513f prep v51.1.1 2026-01-08 13:21:22 +00:00
Ludovico Magnocavallo
f99920a69b fix previous change to vpc sc module 2026-01-08 12:35:27 +00:00
Ludovico Magnocavallo
6ab071da8d prep v51.1.0 2026-01-08 12:12:43 +00:00
Ludovico Magnocavallo
a3e09197c7 Use additive resource for perimeter resources in vpc-sc module when ignore changes is set (#3628) 
* module changes

* fix module
 2026-01-08 12:09:09 +00:00
David Liebert
5374899b36 added support for labels with google_compute_global_address resource (#3622) 
Co-authored-by: Julio Castillo <jccb@google.com>
 2026-01-07 13:19:48 +00:00
ooshrioo
ccad5654d9 Fix workforce identity federation provider configuration (#3626) 
* Fix workforce identity federation provider configuration

Remove redundant 'organizations/' prefix from parent parameter as
var.organization_id already contains the full organization path.

* Update test to match corrected parent parameter

The test expected the redundant 'organizations/' prefix, but the fix
correctly removes this duplication.

---------

Co-authored-by: Julio Castillo <jccb@google.com>
 2026-01-07 14:02:13 +01:00
Ludovico Magnocavallo
ef027ad5b5 prep v51.0.0 2026-01-07 11:23:41 +00:00
Ludovico Magnocavallo
9135406aab Merge remote-tracking branch 'origin/master' into fast-dev 2026-01-07 11:22:19 +00:00