kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6,490 Commits 1 Branch 1 Tag
b0bc896a6800ca41cd8d455e5228aed614b05bc9
Commit Graph

42 Commits

Author SHA1 Message Date
Ludovico Magnocavallo
b0bc896a68 Allow null project id in service account module when reusing service account (#3452) 
* allow null project id for service account reuse

* fix pf
 2025-10-22 16:51:06 +00:00
Ludovico Magnocavallo
7ea9612b07 Allow skipping data source in service account module (#3450) 
* test implementation

* wip

* service account reuse

* fix fast stage test

* revert cicd changes

* remove unused dep

* add comment on extra condition
 2025-10-22 13:04:00 +02:00
Ludovico Magnocavallo
bc6950e205 Rename FAST stages preparing for eventual deprecation (#3298) 
* renames

* links

* readme

* docs

* update pf modules tests for renames

* condition_vars context in modules

* data platform dataset

* fix links in stage 3 docs

* schema changes

* schema docs

* tfdoc

* update duplicates check

* fast legacy tests

* legacy schema

* fix tests
 2025-09-04 08:24:11 +02:00
Ludovico Magnocavallo
36648b6b63 FAST light implementation (#3255) 
* data wip

* wip data

* update org schema, add note on expansion

* all schemas, workload notes

* Update WORKLOG.md

* Update WORKLOG.md

* Update WORKLOG.md

* Update WORKLOG.md

* wip

* data wip

* wip

* wip

* wip

* wip

* org module IAM context (using lookup)

* new-style context expansion in project IAM

* remove spurious file

* project module contexts

* finalize context replacement format for project module

* revert org module changes

* fix tag id interpolation in project

* fix tag id interpolation in project

* organization module context

* organization context test

* context expansion for folder tag bindings

* test context expansion for tag bindings

* service account module context

* simplify context local

* context for iam service account

* nuke blueprints

* remove links to blueprints

* vpc sc context in project module

* Add context to GCS module

* Add inline deps to plan_summary script

* Make context a top-level variable for folder, organization, sa

* Add add context top-level to VPC-SC

* move context out of factories_config variable

* tfdoc

* fix merge

* fix merge

* fix examples

* net-vpc module context

* add parent ids to folder context

* rename folder parent context

* fix folder parent check

* new project factory stub

* wip

* wip

* refactor defaults

* project iam

* bueckts and service accounts

* start adding context replacements

* better test data

* automation resources for folders and projects

* automation

* add support for project id interpolation

* first tested apply

* improve IAM description in gcs module

* add context to billing account module

* add notification channels to billing account module context

* add billing budgets to new pf

* schemas and defaults

* bootstrap wip

* bootstrap wip

* bootstrap wip

* pf outputs

* pf fixes

* fix pf sample data

* bootstrap lite fixes

* add locations to organization module contexts

* bootstrap lite fixes

* org fixes, billing accounts

* fix default project parent

* bootstrap lite wip

* add locations to gcs module context

* add context support to logging bucket module

* add context to pubsub module

* split out iam variables in gcs module

* fix logging bucket context test

* bootstrap log sink destinations

* streamline logging-bucket module variables

* fix logging bucket context test

* align logging bucket module interface in fast bootstrap

* add support for project-level log buckets to project factory

* support full context expansion in organization module log sinks

* log buckets in fast-lite bootstrap

* make og sink type optional in organization module

* log sinks in fast-lite bootstrap

* set tag values in factory context

* bootstrap lite data

* output files schema

* billing account schema

* output files

* output providers

* gcs output files

* boilerplate

* tflint

* check documentation

* check docs

* fix project module parent variable validation

* fix log bucket examples

* allow null parent in project module

* silence folder test errors

* fix billing account sink example

* fix project example

* fix billing account module

* fix folder tests

* fix FAST

* fix fast

* tfvars outputs

* wif

* cicd service accounts

* cicd

* allow defaults in context, minimal org policies

* support gcs managed folders in project factory and bootstrap lite

* support prefix in provider output files

* rename bootstrap stage

* gitignore

* gitignore

* security folder, billing IAM

* wip tfvars

* fix typo

* security IAM

* control tag iam/context via variables in organization module

* split tag creation from tag IAM to avoid circular refs

* port organization module tag changes to project module

* implement new-style context expansion in vpc-sc module

* fix fast vpc-sc tests

* boilerplate

* vpc sc stage

* schemas

* fast-lite compatibility for vpc sc stage

* make log project number optional in vpc-sc stage

* networking

* networking

* networking

* networking

* rename and move new stage under fast

* clone pf tests

* use context replacement for internal notification channels in billing account module

* support service agents in project module iam context replacements

* support service agents in project module iam context replacements

* add support for kms keys to project module context

* experimental pf example test and fixes

* fix schemas

* fix tests

* tfdoc

* tfdoc

* pf config

* experimental pf

* remove redundant dot from gcs managed folder IAM keys

* bootstrap experimental test

* project factory exp stage test

* skip tflint for bootstrap experimental test

* tflint

* fix gcs test

* documentation work

* documentation work

* Update README.md

* tfdoc

* tfdoc

* readme

* tfdoc

* readme

* readme

* readme

* readme

* support universe in pf exp projects

* missing universe service agents

* org policies import, non-admin billing IAM

* todo

* fix test

* custom constraints

* fast classic dataset

* fix test data

* context replacements in billing module log sinks

* fix typo

* add support for billing log sinks

* update docs

* readme

* cicd fix and test

---------

Co-authored-by: Julio Castillo <jccb@google.com>
 2025-09-02 08:38:57 +02:00
Julio Castillo
e04079e334 Add support to attach tags to service accounts (#3008) 
* Remove service account key upload. Add create_ignore_already_exists

* Add tag bindings to service accounts

* Add description to create_ignore_already_exists

* Remove broken links
 2025-04-04 12:31:19 +00:00
Wiktor Niesiobędzki
c1ab3bf710 Remove Service Account key generation 2025-02-18 18:02:38 +01:00
Wiktor Niesiobędzki
9e6b114b8c Fix E2E tests 2024-11-16 11:02:16 +01:00
Thangaraju R
da5371b391 e2e test fix for iam-service-account module (#1894) 2023-12-01 09:23:37 +01:00
Ludovico Magnocavallo
ec3b705f53 Change type of iam_bindings variable to allow multiple conditional bindings (#1658) 
* modules

* fast

* dns readme
 2023-09-08 08:56:31 +02:00
Ludovico Magnocavallo
819894d2ba IAM interface refactor (#1595) 
* IAM modules refactor proposal

* policy

* subheading

* Update 20230816-iam-refactor.md

* log Julio's +1

* data-catalog-policy-tag

* dataproc

* dataproc

* folder

* folder

* folder

* folder

* project

* better filtering in test examples

* project

* folder

* folder

* organization

* fix variable descriptions

* kms

* net-vpc

* dataplex-datascan

* modules/iam-service-account

* modules/source-repository/

* blueprints/cloud-operations/vm-migration/

* blueprints/third-party-solutions/wordpress

* dataplex-datascan

* blueprints/cloud-operations/workload-identity-federation

* blueprints/data-solutions/cloudsql-multiregion/

* blueprints/data-solutions/composer-2

* Update 20230816-iam-refactor.md

* Update 20230816-iam-refactor.md

* capture discussion in architectural doc

* update variable names and refactor proposal

* project

* blueprints first round

* folder

* organization

* data-catalog-policy-tag

* re-enable folder inventory

* project module style fix

* dataproc

* source-repository

* source-repository tests

* dataplex-datascan

* dataplex-datascan tests

* net-vpc

* net-vpc test examples

* iam-service-account

* iam-service-account test examples

* kms

* boilerplate

* tfdoc

* fix module tests

* more blueprint fixes

* fix typo in data blueprints

* incomplete refactor of data platform foundations

* tfdoc

* data platform foundation

* refactor data platform foundation iam locals

* remove redundant example test

* shielded folder fix

* fix typo

* project factory

* project factory outputs

* tfdoc

* test workflow: less verbose tests, fix tf version

* re-enable -vv, shorter traceback, fix action version

* ignore github extension warning, re-enable action version

* fast bootstrap IAM, untested

* bootstrap stage IAM fixes

* stage 0 tests

* fast stage 1

* tenant stage 1

* minor changes to fast stage 0 and 1

* fast security stage

* fast mt stage 0

* fast mt stage 0

* fast pf
 2023-08-20 09:44:20 +02:00
Ludovico Magnocavallo
def2f476d1 Add support for conditions to iam_members module variables (#1594) 
* project

* data-catalog-policy-tag

* dataproc

* folder

* iam-service-account

* kms

* net-vpc

* organization

* source-repository

* dataplex-datascan
 2023-08-15 16:28:23 +02:00
Ludovico Magnocavallo
adf2621727 Add new iam_members variable to IAM additive module interfaces (#1589) 
* resource management modules

* data catalog policy

* dataproc

* service account

* kms

* net-vpc

* source repository

* dataplex datascan

* service account module variable order
 2023-08-14 09:54:50 +00:00
Ludovico Magnocavallo
884cb8b4bf Ensure all modules have an id output (#1410) 
* net-vpc

* a-d

* complete modules

* fix error
 2023-06-02 16:07:22 +02:00
Julio Castillo
126227502e Fix tests paths for examples 2022-12-18 14:00:20 +01:00
Julio Castillo
e700a27079 Enforce terraform fmt in examples 2022-12-18 14:00:19 +01:00
Natalia Strelkova
68c3b13d6a prefix variable consistency across modules 2022-11-10 15:05:53 +00:00
Catalin Muresan
4e2762098f Updated README.md 2022-11-07 12:47:35 +00:00
Julio Castillo
269894e92b Update all internal links examples -> blueprints 2022-09-09 16:39:01 +02:00
Julio Castillo
a866182161 Test documentation examples in the examples/ folder 2022-09-06 17:46:09 +02:00
Ludovico Magnocavallo
ee23694fed revert service account modules changes to outputs 2022-06-16 23:09:35 +02:00
Ludovico Magnocavallo
6d8f3f7e22 depend service account outputs on iam roles 2022-06-16 22:16:20 +02:00
Ludovico Magnocavallo
44ae2671b0 CI/CD support for Source Repository and Cloud Build (#669) 
* add id to outputs

* initial cloud build implementation for stage 0

* comments

* stage 0

* stage 1, untested

* add support for IAM and CB triggers to source repository module

* refactor stage 0 to use sourcerepo module

* refactor stage 1 to use sourcerepo module

* file descriptions

* fix gitlab pipeline
 2022-06-08 11:34:08 +02:00
Ludovico Magnocavallo
725f7effce Initial MVP for CI/CD (#608) 
* preliminary support for wif in stage 0

* IAM wif role

* IAM wif role TODO

* add support for external SA IAM to SA module

* add name output to SA module

* separate cicd SA

* tfdoc

* GITLAB principal (untested)

* make GCS name output static

* outputs bucket

* fix stage 1 test

* tweak outputs

* tfdoc

* move wif_pool to automation variable

* add support for top-level and repository providers

* add missing boilerplate

* fix branchless principal

* initial workflow

* symlink provider template in stages

* remove service accounts from stage 0 cicd tfvars

* add cicd interface variable to resman stage

* fix cicd variable in resman stage

* better condition on outputs_location

* fix last change

* change outputs_location type

* revert outputs_location change

* split outputs in stage 0

* update ci/cd temporary notes

* rename additive IAM resource in SA module

* split outputs in stage 1

* remove unused locals

* fix stage 1 tests

* tfdoc

* Upload action files to outputs_bucket

* Fix tests and README

* rename template, streamline outputs

* local templates and gcs output for all stage 2

* add workflows to local output files

* Use lowercase WIF providers everywhere

* Bring back suffix for workflow files

* Remove unused files

* Update READMEs

* preliminary CI/CD implementation for stage 1

* fix stage 1

* stage 1 cicd

* tfdoc

* fix tests

* readme and links for cicd and wif

* refactor wif providers

* refactor cicd for stage 1

* fix stage 1

* wif org policies

* split identity provider configuration from cicd

* add type attribute to cicd repositories

* valid cicd repositories have a workflow template

* refactor stage 01

* fix stage 01 tests

* minimal CI/CD documentation

* better check_links error reporting

* fix links

* Added Gitlab specific configurations

Set the default issuer_uri for Gitlab. Added allowed audiences to OIDC configuration.

* Fixed TF formatting in identity providers.

* Changing identity provider audience to null

Changing identity provider audience to default to null.

* add instructions for renaming workflows

* address Julio's comments

Co-authored-by: Julio Castillo <jccb@google.com>
Co-authored-by: alexmeissner <alexmeissner@google.com>
 2022-04-12 08:17:27 +02:00
Julio Castillo
3dd6e3fc0d Define nullable variables in SA module 2022-01-29 09:51:02 +01:00
Julio Castillo
bb6674ea19 Split SA module in multiple files 2022-01-29 09:51:02 +01:00
Julio Castillo
cf423998f0 Align tftest syntax with tdoc 
This commit changes the token separator for inline examples from a
semicolon to a space
 2022-01-28 21:34:15 +01:00
Julio Castillo
31f625f149 Link vars and outputs from README 2022-01-22 14:15:16 +01:00
apichick
7bbe3d0b6d fixed README in iam-service-account module 2022-01-21 21:01:48 +01:00
Julio Castillo
2728c4aac1 Fix all internal links 2022-01-11 11:53:19 +01:00
Ludovico Magnocavallo
2bc5f7d33c update tfdoc (#404) 2021-12-30 10:56:19 +01:00
Ludovico Magnocavallo
1ac3fe4460 New tfdoc version (#396) 
* update tfdoc

* rewrite check docs, refactor tfdoc replace, regenerate modules READMEs

* remove dead code from check docs

* do not fail on missing variable files in check docs

* fix typos
 2021-12-21 08:51:51 +01:00
Aleksandr Averbukh
4fd1ccb982 Update iam-sa docs 2021-12-06 17:30:56 +01:00
Aleksandr Averbukh
2d9c2fe774 Fix typo in the SA module readme 2021-12-06 17:09:48 +01:00
Aleksandr Averbukh
205975ff39 SA key uploading and credentials json generation with terraform. 2021-12-06 17:02:56 +01:00
Ludovico Magnocavallo
555de95f48 iam-service-account 2021-10-19 21:05:09 +02:00
Julio Castillo
875b786171 Optional create for service accounts 2021-05-06 12:07:39 +02:00
Julio Castillo
eecdee63e6 Make examples in READMEs runnable and testable 2020-11-07 10:28:33 +01:00
Ludovico Magnocavallo
c33e68ecd0 use list in service account module variable types 2020-11-05 09:26:24 +01:00
Ludovico Magnocavallo
cb54ff77a1 rename iam variable in service account module 2020-11-05 09:22:13 +01:00
Julio Castillo
1a7b9836ea Update folder and service account READMEs 2020-10-29 23:54:40 +01:00
Julio Castillo
85fda5b1fe Remove iam_roles from service accounts, folder and organization modules 2020-10-21 09:37:05 +02:00
Julio Castillo
13ed799a8b Update service account module to Terraform 0.13 2020-10-20 22:36:03 +02:00