kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6,490 Commits 1 Branch 1 Tag
b0bc896a6800ca41cd8d455e5228aed614b05bc9
Commit Graph

19 Commits

Author SHA1 Message Date
Ludovico Magnocavallo
b0bc896a68 Allow null project id in service account module when reusing service account (#3452) 
* allow null project id for service account reuse

* fix pf
 2025-10-22 16:51:06 +00:00
Ludovico Magnocavallo
7ea9612b07 Allow skipping data source in service account module (#3450) 
* test implementation

* wip

* service account reuse

* fix fast stage test

* revert cicd changes

* remove unused dep

* add comment on extra condition
 2025-10-22 13:04:00 +02:00
Ludovico Magnocavallo
36648b6b63 FAST light implementation (#3255) 
* data wip

* wip data

* update org schema, add note on expansion

* all schemas, workload notes

* Update WORKLOG.md

* Update WORKLOG.md

* Update WORKLOG.md

* Update WORKLOG.md

* wip

* data wip

* wip

* wip

* wip

* wip

* org module IAM context (using lookup)

* new-style context expansion in project IAM

* remove spurious file

* project module contexts

* finalize context replacement format for project module

* revert org module changes

* fix tag id interpolation in project

* fix tag id interpolation in project

* organization module context

* organization context test

* context expansion for folder tag bindings

* test context expansion for tag bindings

* service account module context

* simplify context local

* context for iam service account

* nuke blueprints

* remove links to blueprints

* vpc sc context in project module

* Add context to GCS module

* Add inline deps to plan_summary script

* Make context a top-level variable for folder, organization, sa

* Add add context top-level to VPC-SC

* move context out of factories_config variable

* tfdoc

* fix merge

* fix merge

* fix examples

* net-vpc module context

* add parent ids to folder context

* rename folder parent context

* fix folder parent check

* new project factory stub

* wip

* wip

* refactor defaults

* project iam

* bueckts and service accounts

* start adding context replacements

* better test data

* automation resources for folders and projects

* automation

* add support for project id interpolation

* first tested apply

* improve IAM description in gcs module

* add context to billing account module

* add notification channels to billing account module context

* add billing budgets to new pf

* schemas and defaults

* bootstrap wip

* bootstrap wip

* bootstrap wip

* pf outputs

* pf fixes

* fix pf sample data

* bootstrap lite fixes

* add locations to organization module contexts

* bootstrap lite fixes

* org fixes, billing accounts

* fix default project parent

* bootstrap lite wip

* add locations to gcs module context

* add context support to logging bucket module

* add context to pubsub module

* split out iam variables in gcs module

* fix logging bucket context test

* bootstrap log sink destinations

* streamline logging-bucket module variables

* fix logging bucket context test

* align logging bucket module interface in fast bootstrap

* add support for project-level log buckets to project factory

* support full context expansion in organization module log sinks

* log buckets in fast-lite bootstrap

* make og sink type optional in organization module

* log sinks in fast-lite bootstrap

* set tag values in factory context

* bootstrap lite data

* output files schema

* billing account schema

* output files

* output providers

* gcs output files

* boilerplate

* tflint

* check documentation

* check docs

* fix project module parent variable validation

* fix log bucket examples

* allow null parent in project module

* silence folder test errors

* fix billing account sink example

* fix project example

* fix billing account module

* fix folder tests

* fix FAST

* fix fast

* tfvars outputs

* wif

* cicd service accounts

* cicd

* allow defaults in context, minimal org policies

* support gcs managed folders in project factory and bootstrap lite

* support prefix in provider output files

* rename bootstrap stage

* gitignore

* gitignore

* security folder, billing IAM

* wip tfvars

* fix typo

* security IAM

* control tag iam/context via variables in organization module

* split tag creation from tag IAM to avoid circular refs

* port organization module tag changes to project module

* implement new-style context expansion in vpc-sc module

* fix fast vpc-sc tests

* boilerplate

* vpc sc stage

* schemas

* fast-lite compatibility for vpc sc stage

* make log project number optional in vpc-sc stage

* networking

* networking

* networking

* networking

* rename and move new stage under fast

* clone pf tests

* use context replacement for internal notification channels in billing account module

* support service agents in project module iam context replacements

* support service agents in project module iam context replacements

* add support for kms keys to project module context

* experimental pf example test and fixes

* fix schemas

* fix tests

* tfdoc

* tfdoc

* pf config

* experimental pf

* remove redundant dot from gcs managed folder IAM keys

* bootstrap experimental test

* project factory exp stage test

* skip tflint for bootstrap experimental test

* tflint

* fix gcs test

* documentation work

* documentation work

* Update README.md

* tfdoc

* tfdoc

* readme

* tfdoc

* readme

* readme

* readme

* readme

* support universe in pf exp projects

* missing universe service agents

* org policies import, non-admin billing IAM

* todo

* fix test

* custom constraints

* fast classic dataset

* fix test data

* context replacements in billing module log sinks

* fix typo

* add support for billing log sinks

* update docs

* readme

* cicd fix and test

---------

Co-authored-by: Julio Castillo <jccb@google.com>
 2025-09-02 08:38:57 +02:00
Julio Castillo
e04079e334 Add support to attach tags to service accounts (#3008) 
* Remove service account key upload. Add create_ignore_already_exists

* Add tag bindings to service accounts

* Add description to create_ignore_already_exists

* Remove broken links
 2025-04-04 12:31:19 +00:00
Wiktor Niesiobędzki
c1ab3bf710 Remove Service Account key generation 2025-02-18 18:02:38 +01:00
Wiktor Niesiobędzki
9e6b114b8c Fix E2E tests 2024-11-16 11:02:16 +01:00
Ludovico Magnocavallo
884cb8b4bf Ensure all modules have an id output (#1410) 
* net-vpc

* a-d

* complete modules

* fix error
 2023-06-02 16:07:22 +02:00
Catalin Muresan
31bb4476d1 Added IAM Additive and converted some outputs to static 2022-11-07 12:41:41 +00:00
Ludovico Magnocavallo
ee23694fed revert service account modules changes to outputs 2022-06-16 23:09:35 +02:00
Ludovico Magnocavallo
6d8f3f7e22 depend service account outputs on iam roles 2022-06-16 22:16:20 +02:00
Ludovico Magnocavallo
44ae2671b0 CI/CD support for Source Repository and Cloud Build (#669) 
* add id to outputs

* initial cloud build implementation for stage 0

* comments

* stage 0

* stage 1, untested

* add support for IAM and CB triggers to source repository module

* refactor stage 0 to use sourcerepo module

* refactor stage 1 to use sourcerepo module

* file descriptions

* fix gitlab pipeline
 2022-06-08 11:34:08 +02:00
Ludovico Magnocavallo
725f7effce Initial MVP for CI/CD (#608) 
* preliminary support for wif in stage 0

* IAM wif role

* IAM wif role TODO

* add support for external SA IAM to SA module

* add name output to SA module

* separate cicd SA

* tfdoc

* GITLAB principal (untested)

* make GCS name output static

* outputs bucket

* fix stage 1 test

* tweak outputs

* tfdoc

* move wif_pool to automation variable

* add support for top-level and repository providers

* add missing boilerplate

* fix branchless principal

* initial workflow

* symlink provider template in stages

* remove service accounts from stage 0 cicd tfvars

* add cicd interface variable to resman stage

* fix cicd variable in resman stage

* better condition on outputs_location

* fix last change

* change outputs_location type

* revert outputs_location change

* split outputs in stage 0

* update ci/cd temporary notes

* rename additive IAM resource in SA module

* split outputs in stage 1

* remove unused locals

* fix stage 1 tests

* tfdoc

* Upload action files to outputs_bucket

* Fix tests and README

* rename template, streamline outputs

* local templates and gcs output for all stage 2

* add workflows to local output files

* Use lowercase WIF providers everywhere

* Bring back suffix for workflow files

* Remove unused files

* Update READMEs

* preliminary CI/CD implementation for stage 1

* fix stage 1

* stage 1 cicd

* tfdoc

* fix tests

* readme and links for cicd and wif

* refactor wif providers

* refactor cicd for stage 1

* fix stage 1

* wif org policies

* split identity provider configuration from cicd

* add type attribute to cicd repositories

* valid cicd repositories have a workflow template

* refactor stage 01

* fix stage 01 tests

* minimal CI/CD documentation

* better check_links error reporting

* fix links

* Added Gitlab specific configurations

Set the default issuer_uri for Gitlab. Added allowed audiences to OIDC configuration.

* Fixed TF formatting in identity providers.

* Changing identity provider audience to null

Changing identity provider audience to default to null.

* add instructions for renaming workflows

* address Julio's comments

Co-authored-by: Julio Castillo <jccb@google.com>
Co-authored-by: alexmeissner <alexmeissner@google.com>
 2022-04-12 08:17:27 +02:00
Simone Ruffilli
ee25965c89 Copyright bump (#410) 2022-01-01 15:52:31 +01:00
Aleksandr Averbukh
205975ff39 SA key uploading and credentials json generation with terraform. 2021-12-06 17:02:56 +01:00
Julio Castillo
1d13e3e624 Add more validations to linter 
- Ensure all variables and outputs are sorted
- Ensure all variables and outputs have a description
- Add data-solutions/data-platform-foundations to linter

Fix all modules to follow these new conventions.
 2021-10-08 18:26:04 +02:00
Julio Castillo
75418bbbd0 Compute service account email statically 
Generate the service account output statically based on the service
account name and parent project. This allows, among other things, to use
service accounts as map keys (e.g. to be used in the `iam` argument in
other modules).
 2021-08-10 10:50:44 +02:00
Julio Castillo
875b786171 Optional create for service accounts 2021-05-06 12:07:39 +02:00
Julio Castillo
1e11c670f5 Update copyright to 2021 2021-02-15 09:38:10 +01:00
Julio Castillo
13ed799a8b Update service account module to Terraform 0.13 2020-10-20 22:36:03 +02:00