kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5,125 Commits 1 Branch 1 Tag
da954343089acadc670d48883a1ae668db57998d
Commit Graph

659 Commits

Author SHA1 Message Date
Julio Castillo
da95434308 logging for default ingress rules in FAST (#2030) 
* Add default ingress deny rule with logging to FAST net stages.

Fixes #2024

* Allow firewall factory to omit rules key

* Fix tests

* Fix fast tests

* fix fast tests
 2024-01-30 16:53:01 +00:00
Julio Castillo
cdf65300f0 Fix sourcerepo templates and concat call (#2019) 
* Fix sourcerepo templates and concat call

Fixes #2018

* Fix iam

* Fix another sourcerepo template
 2024-01-30 11:46:33 +01:00
Ludovico Magnocavallo
99228363b2 enforce trusted image projects constraint in stage 0 (#2014) 2024-01-26 10:14:44 +00:00
Ludovico Magnocavallo
6d9b6403dd add support for essential contacts to FAST (#2010) 2024-01-25 12:20:14 +01:00
Ludovico Magnocavallo
c5416f3af1 Tighten up security of automation project (CSPR-related) (#2009) 
* enforce compute/iam policies on the automation project

* tests
 2024-01-24 18:40:36 +00:00
Ludovico Magnocavallo
070584ae74 Checklist attribution bucket (#2000) 2024-01-23 11:32:14 +00:00
Ludovico Magnocavallo
4b911a6047 update checklist parsing for top-level key (#1997) 2024-01-23 07:34:03 +01:00
Ludovico Magnocavallo
11d7edac64 Add example to FAST GKE stage, streamline GKE Hub module variables and usage (#1977) 
* implement optionals in gke-hub module

* simplify gke hub module call in mc mesh blueprint

* simplify gke hub module call and variables in multitenant blueprint

* gke hub inventory

* provide cluster and fleet examples in stage
 2024-01-20 10:06:38 +00:00
lcaggio
208902c8da Fix Data platform foundation (#1992) 
* FAST + Minimal DP

* Fix tests

---------

Co-authored-by: Julio Castillo <jccb@google.com>
 2024-01-20 08:49:46 +01:00
Ludovico Magnocavallo
a8c84357f4 Integrate checklist data in FAST (#1969) 
* add locals for additive and authoritative org iam roles

* first shot at IAM and logging location

* tfdoc

* use locals for locations

* fix file parsing, resman stubs

* initial resman implementation

* remove unneeded code

* fix data file

* replace dumb yamldecode

* fix wrong type in organization additive bindings try

* simplify logging local

* Use check asserts for version and org id

* Checks on checklist for resman

* refactor checks, ignore checklist files on wrong org id

* stage 0 tests

* fix checklist checks

* stage 1 tests

---------

Co-authored-by: Wiktor Niesiobędzki <wiktorn@google.com>
 2024-01-18 05:45:29 +01:00
simonebruzzechesse
b15c573f18 add locations on terraform.tfvars.sample for bootstrap stage (#1967) 
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
 2024-01-09 07:32:27 +00:00
Ludovico Magnocavallo
9d6e61428b (WIP) Read-only service accounts for automation and CI/CD (#1899) 
* add design doc for the new CI/CD sa

* describe the actual implementation

* specify which files will need to be changed

* Update 0-cicd-plan-sa.md

* Update 0-cicd-plan-sa.md

* Update 0-cicd-plan-sa.md

* Update 0-cicd-plan-sa.md

* Update 0-cicd-plan-sa.md

* Update 0-cicd-plan-sa.md

* Update 0-cicd-plan-sa.md

* Fix typo

* stage 0 read-only service accounts

* stage 0 IAM map

* linting

* cicd read-only service accounts

* tweak workflow templates

* roles and github workflow fixes

* tfdoc

* Ad-hoc custom role factory for FAST bootstrap

* use factory variable for custom roles data path

* custom roles factory in org/project modules

* tfdoc

* rename custom roles factory variable, fix gitlab template

* gitlab workflow fixes

* fix merge

* output plan results on failed assertion

* update stage 0 expected values

* data platform branch

* gke

* networking

* security

* project factory

* outputs

* workflow templates

* resman apply fixes

* tfdoc

* fix stage 1 test fixture

* fix gh workflow

* read-only resman sa roles

* fix test

* read-only resman sa roles

* read-only resman sa roles

* read-only resman sa roles

* read-only resman sa roles

* fix test variables

* rename wif principal attribute names

* rename wif principal variables

* multitenant stages

---------

Co-authored-by: Wiktor Niesiobędzki <wiktorn@google.com>
Co-authored-by: Julio Castillo <jccb@google.com>
 2023-12-27 11:33:16 +00:00
Ludovico Magnocavallo
a2263da1f3 fix GitHub CI/CD provider (#1945) 2023-12-21 17:10:50 +00:00
Ludovico Magnocavallo
e592996ba0 Revert "Add debug step for JWT tokens" (#1943) 
This reverts commit d95280081f.
 2023-12-21 14:50:27 +01:00
simonebruzzechesse
c9a8d777ba Add kernels.googleusercontent.com zone in dns response policy (#1940) 
* Add kernels.googleusercontent.com zone in dns response policy
* update fast tests
 2023-12-20 11:18:11 +01:00
Wiktor Niesiobędzki
d95280081f Add debug step for JWT tokens 2023-12-20 09:26:55 +01:00
Julio Castillo
b6e0557bbb Simplify organization tags.tf locals (#1932) 
* Simplify organization tags.tf locals

* Fix boilerplate

* Override github provider version for tests
 2023-12-18 16:09:22 +00:00
Ludovico Magnocavallo
bba814c091 Custom role factories for organization and project modules (#1912) 
* backport custom role factories

* backport from fast ci/cd branch

* indent

* tfdoc

* fix module tests
 2023-12-11 14:16:39 +00:00
ibrahimparvez2
21297f28a6 Patch Github actions ci google-github-actions/auth@v0 --> v2 (#1900) 
* MInor patch auth

* Minor update auth
 2023-12-04 12:16:02 +00:00
Julio Castillo
85b18cf42b Document fast_features (#1855) 2023-11-20 21:41:06 +00:00
Wiktor Niesiobędzki
ad14b317ab tfdoc 2023-11-16 11:45:27 +00:00
Wiktor Niesiobędzki
35f75e5a26 Add missing KMS attribute in FAST stage 2023-11-16 11:43:35 +00:00
Ludovico Magnocavallo
de0325b3a3 Avoid map-related casting errors in project factory (#1836) 
* try to repro pf example error

* repro

* repro

* pf fix

* remove extra file

* FAST stage
 2023-11-02 08:24:50 +01:00
alealr
8d06afcdb8 Updating wording 2023-10-31 14:35:27 +00:00
Simone Ruffilli
cf55638f40 FAST: rename VPC-related files to net-* (#1818) 2023-10-27 08:23:08 +00:00
Simone Ruffilli
4decc641bb Stop wrapping yamldecode with try() (#1812) 2023-10-25 16:16:05 +02:00
Simone Ruffilli
b015380028 Fix allow-nat-ranges priority 2023-10-25 14:05:15 +02:00
Simone Ruffilli
a3290f2204 FAST: Add access transparency logs to the default sinks (#1810) 
* Adds access transparency logs to the default sinks
 2023-10-24 20:09:00 +00:00
Simone Ruffilli
1836c68990 Hierarchical rules update (#1809) 2023-10-24 19:46:04 +00:00
Simone Ruffilli
1378214af5 FAST: removed references to kms_defaults (#1811) 2023-10-24 21:18:08 +02:00
Ludovico Magnocavallo
4647b07665 less verbose project factory stage outputs (#1802) 2023-10-24 09:03:35 +02:00
Ludovico Magnocavallo
a93f08e833 improve usage of optionals in FAST stage 2 VPN variables (#1797) 2023-10-23 15:23:30 +02:00
Ludovico Magnocavallo
4690bf206a Update README.md 2023-10-21 18:59:17 +02:00
Simone Ruffilli
3e16c6a959 FAST: adds support to uploading a wif provider pubkey (#1788) 2023-10-21 16:52:19 +00:00
Simone Ruffilli
6d89b88149 versions.tf maintenance + copyright notice bump (#1782) 
* Bump copyright notice to 2023

* Delete versions.tf on blueprints

* Pin provider to major version 5

* Remove comment

* Fix lint

* fix bq-ml blueprint readme

---------

Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
Co-authored-by: Julio Castillo <jccb@google.com>
 2023-10-20 18:17:47 +02:00
Ludovico Magnocavallo
e0d84fb10b add sink for workspace logs (#1780) 2023-10-19 14:51:01 +00:00
Ludovico Magnocavallo
77a4696aa6 Add gcp org policy constraints file to bootstrap stage (#1775) 
* add gcp org policy constraints file to bootstrap

* make the org policy factories more resilient
 2023-10-18 18:21:16 +00:00
Ludovico Magnocavallo
b0c552cff5 Update IAM.md 2023-10-18 19:59:07 +02:00
Ludovico Magnocavallo
e34cb20dc6 Update IAM.md 2023-10-18 19:58:18 +02:00
Ludovico Magnocavallo
f4c8786677 Update IAM.md 2023-10-18 19:57:46 +02:00
Ludovico Magnocavallo
94ae8634fc Update IAM.md 2023-10-18 19:57:03 +02:00
Ludovico Magnocavallo
e41cc4ec36 Update IAM.md 2023-10-18 19:56:40 +02:00
Ludovico Magnocavallo
6252198961 Update IAM.md 2023-10-18 19:56:20 +02:00
Ludovico Magnocavallo
e7e188818a Add service usage consumer role to IaC SAs, refactor delegated grants in FAST (#1773) 
* add serviceusage role to iac sas, refactor delegated grants

* fix test

* tfdoc
 2023-10-18 12:18:31 +00:00
Luca Prete
6c48512f7e [#1764] net-lb-int: add support for dual stack and multiple forwarding rules 2023-10-17 09:30:34 +00:00
Ludovico Magnocavallo
6fd58e33c9 Add support for psa peered domains to fast stages (#1760) 
* add support for psa peered domains

* tfdoc
 2023-10-16 06:57:18 +00:00
Ludovico Magnocavallo
28e19ab180 Minor edits to FAST network stage READMEs (#1759) 
* PSA section

* VPC description, ranges
 2023-10-15 16:14:48 +00:00
Ludovico Magnocavallo
252127bde5 Billing account module (#1743) 
* initial untested draft

* readme and tests

* folder module tfdoc

* remove redundant billing cost manager role in fast stage 0

* fix FAST test
 2023-10-15 15:02:50 +00:00
Ludovico Magnocavallo
2afdc5a8e1 Update COMPANION.md 2023-10-08 08:47:35 +02:00
Julio Castillo
dfc5023e0b Make deletion protection consistent across all modules (#1735) 
* Expose deletion_protection in GKE modules

* Make deletion protection consistent across all modules

* Add deletion_protection option to blueprints

* Fix blueprints tests

* Fix types

* Update READMEs

* Fix dp readme

* Fix cmek blueprint default deletion_protection

* Fix blueprints tests
 2023-10-05 17:31:07 +02:00