kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6,416 Commits 1 Branch 1 Tag
ecdc248f3fcc98125537875c19098ebcdbd6aabd
Commit Graph

148 Commits

Author SHA1 Message Date
Wiktor Niesiobędzki
23dd44ce62 remove tf version from matrix, to keep workflow names stable across upgrades 2025-10-13 17:40:51 +02:00
Julio Castillo
9b9ad76ced Update gke-hub module to use new Policy Controller API (#3332) 
* Update gke-hub to use new Policy Controller API

Fixes #3287

* Use same config format for servicemesh

* remove useless trys

* use ternaries as in the rest of the repo

* Update docs and fix tests

* Update variables

* Bump tofu version

* Bump terraform version 1.12
 2025-10-13 09:47:39 +02:00
Ludovico Magnocavallo
36648b6b63 FAST light implementation (#3255) 
* data wip

* wip data

* update org schema, add note on expansion

* all schemas, workload notes

* Update WORKLOG.md

* Update WORKLOG.md

* Update WORKLOG.md

* Update WORKLOG.md

* wip

* data wip

* wip

* wip

* wip

* wip

* org module IAM context (using lookup)

* new-style context expansion in project IAM

* remove spurious file

* project module contexts

* finalize context replacement format for project module

* revert org module changes

* fix tag id interpolation in project

* fix tag id interpolation in project

* organization module context

* organization context test

* context expansion for folder tag bindings

* test context expansion for tag bindings

* service account module context

* simplify context local

* context for iam service account

* nuke blueprints

* remove links to blueprints

* vpc sc context in project module

* Add context to GCS module

* Add inline deps to plan_summary script

* Make context a top-level variable for folder, organization, sa

* Add add context top-level to VPC-SC

* move context out of factories_config variable

* tfdoc

* fix merge

* fix merge

* fix examples

* net-vpc module context

* add parent ids to folder context

* rename folder parent context

* fix folder parent check

* new project factory stub

* wip

* wip

* refactor defaults

* project iam

* bueckts and service accounts

* start adding context replacements

* better test data

* automation resources for folders and projects

* automation

* add support for project id interpolation

* first tested apply

* improve IAM description in gcs module

* add context to billing account module

* add notification channels to billing account module context

* add billing budgets to new pf

* schemas and defaults

* bootstrap wip

* bootstrap wip

* bootstrap wip

* pf outputs

* pf fixes

* fix pf sample data

* bootstrap lite fixes

* add locations to organization module contexts

* bootstrap lite fixes

* org fixes, billing accounts

* fix default project parent

* bootstrap lite wip

* add locations to gcs module context

* add context support to logging bucket module

* add context to pubsub module

* split out iam variables in gcs module

* fix logging bucket context test

* bootstrap log sink destinations

* streamline logging-bucket module variables

* fix logging bucket context test

* align logging bucket module interface in fast bootstrap

* add support for project-level log buckets to project factory

* support full context expansion in organization module log sinks

* log buckets in fast-lite bootstrap

* make og sink type optional in organization module

* log sinks in fast-lite bootstrap

* set tag values in factory context

* bootstrap lite data

* output files schema

* billing account schema

* output files

* output providers

* gcs output files

* boilerplate

* tflint

* check documentation

* check docs

* fix project module parent variable validation

* fix log bucket examples

* allow null parent in project module

* silence folder test errors

* fix billing account sink example

* fix project example

* fix billing account module

* fix folder tests

* fix FAST

* fix fast

* tfvars outputs

* wif

* cicd service accounts

* cicd

* allow defaults in context, minimal org policies

* support gcs managed folders in project factory and bootstrap lite

* support prefix in provider output files

* rename bootstrap stage

* gitignore

* gitignore

* security folder, billing IAM

* wip tfvars

* fix typo

* security IAM

* control tag iam/context via variables in organization module

* split tag creation from tag IAM to avoid circular refs

* port organization module tag changes to project module

* implement new-style context expansion in vpc-sc module

* fix fast vpc-sc tests

* boilerplate

* vpc sc stage

* schemas

* fast-lite compatibility for vpc sc stage

* make log project number optional in vpc-sc stage

* networking

* networking

* networking

* networking

* rename and move new stage under fast

* clone pf tests

* use context replacement for internal notification channels in billing account module

* support service agents in project module iam context replacements

* support service agents in project module iam context replacements

* add support for kms keys to project module context

* experimental pf example test and fixes

* fix schemas

* fix tests

* tfdoc

* tfdoc

* pf config

* experimental pf

* remove redundant dot from gcs managed folder IAM keys

* bootstrap experimental test

* project factory exp stage test

* skip tflint for bootstrap experimental test

* tflint

* fix gcs test

* documentation work

* documentation work

* Update README.md

* tfdoc

* tfdoc

* readme

* tfdoc

* readme

* readme

* readme

* readme

* support universe in pf exp projects

* missing universe service agents

* org policies import, non-admin billing IAM

* todo

* fix test

* custom constraints

* fast classic dataset

* fix test data

* context replacements in billing module log sinks

* fix typo

* add support for billing log sinks

* update docs

* readme

* cicd fix and test

---------

Co-authored-by: Julio Castillo <jccb@google.com>
 2025-09-02 08:38:57 +02:00
Wiktor Niesiobędzki
e498f3407e Add support for GPUs in Cloud Run 2025-08-13 15:21:27 +02:00
Julio Castillo
7e20abc19d Update default FAST org policies (#3207) 2025-07-02 13:53:58 +00:00
Julio Castillo
49bdf49909 Remove blueprint metadata validation (#3200) 2025-06-28 17:06:10 +00:00
Julio Castillo
271942f2ed Bump Terraform to 1.11 (#3120) 
* Bump Terraform version to 1.11

* Update workflows
 2025-05-29 11:11:39 +02:00
Ludovico Magnocavallo
4811f72a6c Add FAST to Python linting check (#3026) 
* turn on Python linting for fast
* remove secops.py

---------

Co-authored-by: bruzzechesse <bruzzechesse@google.com>
 2025-04-11 16:48:17 +02:00
Wiktor Niesiobędzki
3e84236345 Project object c14n in separte file 
Create separate file for canonicalization of project factory objects and
introduce duplicate-diff lint checker.
 2025-03-30 10:39:08 +02:00
Ludo
411b2f6e6c Merge branch 'master' into fast-dev 2025-02-20 07:58:33 +01:00
Julio Castillo
009e03d55d Update pull_request_template.md 2025-02-18 21:44:13 +01:00
Julio Castillo
064fc0e280 Update pull_request_template.md 2025-02-18 21:41:40 +01:00
Wiktor Niesiobędzki
3ddfd59b88 Merge remote-tracking branch 'origin/master' into fast-dev 2025-02-18 20:30:14 +00:00
Julio Castillo
4c6e6d6791 Add breaking changes to changelog (#2908) 2025-02-18 18:09:13 +00:00
simonebruzzechesse
b0021cc0f1 New SecOps anonymization pipeline (#2794) 
* new secops anonymization pipeline

Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
 2025-02-17 19:23:19 +01:00
Julio Castillo
c4758af0d7 Update pull_request_template.md 2025-02-11 14:01:02 +01:00
Julio Castillo
8a2320311d Add bucket_create to modules/gcs (#2827) 
* Add `bucket_create` to `modules/gcs`

* Create local with bucket name

* Update variable description

* Fix bucket output

* Fix tests

* Fix tests

* Bump OpenTofu to 1.9.0 (needed for multi-var validations)
 2025-01-21 23:48:36 +01:00
Julio Castillo
cf173701b6 New tool versions.py to manage versions.tf/tofu (#2803) 
* Add provider_metadata to all modules

* Fix linting version check

* Another way

* Fix syntax

* Add fabric prefix to all provider meta

* Fix linting.yml
 2025-01-09 09:57:48 +01:00
Wiktor Niesiobędzki
6d51c8da4d Use separate versions.tofu for OpenTofu constraints 2024-12-17 12:29:04 +01:00
Ludovico Magnocavallo
91da1c6482 Support customizable resource names to fast stage 1 (#2769) 
* add support for resource names to fast stage 1

* tflint version
 2024-12-16 18:07:28 +00:00
Ludovico Magnocavallo
0fa257e6b1 Support customizable resource names in FAST stage 0 (#2768) 
* support customizable resource names in FAST stage 0

* tfdoc

* tflint

* remove comment

* use object type

* tfdoc

* bump tf version

* bump terraform version in versions files

* tf version in ci

* trigger workflow
 2024-12-16 17:46:34 +01:00
Julio Castillo
b38e8bfa79 Update issue templates (#2765) 2024-12-12 12:40:47 +00:00
Julio Castillo
71f72761af Run test and linting when pushing to master or fast-dev (#2730) 
Maintainers occasionally force push to these branches. This will allow
tests to run without the need for a dummy PR
 2024-11-22 19:21:38 +00:00
Ludovico Magnocavallo
abde265998 extend tests to fast-dev (#2646) 2024-10-30 10:39:36 +00:00
Wiktor Niesiobędzki
51ef390d04 Upload hidden files 2024-09-03 17:18:21 +02:00
Julio Castillo
bab85c88ba Bump provider to last release of version 5 (#2525) 
* Bump provider to last release of version 5

* Remove default-versions copy in test env setup

* Use file instead of symlink in tools/lookfile

* Remove default-version reference

* Removed unused code
 2024-08-27 16:50:59 +02:00
Julio Castillo
6c42ac00ab rename step 2024-08-09 15:43:11 +02:00
Julio Castillo
73fd175070 fix yaml again 2024-08-09 15:43:11 +02:00
Julio Castillo
9903c20ed9 Fix yaml 2024-08-09 15:43:11 +02:00
Julio Castillo
bb1dc40f77 Fix yaml syntax 2024-08-09 15:43:11 +02:00
Julio Castillo
714b97598f Add schema testing to PR workflow 2024-08-09 15:43:11 +02:00
Wiktor Niesiobędzki
afa6e7425c Test different versions of Terraform (#2399) 
Add capability to run tests using terraform version 1.5.7 and OpenTofu. 

Automatic checks are run with  Terraform 1.7.4 and OpenTofu 1.7.2, it should be possible to override terraform version when Tests workflow is run manually.
 2024-07-05 13:21:41 +02:00
Wiktor Niesiobędzki
cf31d83b15 Explicit YAPF style 2024-05-28 10:53:13 +02:00
Ludovico Magnocavallo
7a5dd4e6db FAST: add top-level folders and restructure teams/tenants in resman (#2254) 
* remove teams and tenants from resman

* move fast features to stage 1, fix test inventories

* folders

* fix factory, add top level folder resources to outputs

* tfdoc

* stage 0 log sink defs

* tfdoc

* enable toc in resman readme

* simple tenants

* fast compatibility automation and logging

* testing fast-compatible tenants

* testing fast-compatible tenants

* tfdoc

* remove mt stages

* remove tests, fix links

* disable tflint

* fast tests

* make organization conditional in resman

* check names tool

* export real prefix to tfvars, prevent destroy errors

* prefix validation

* fix billing account export format

* tfdoc

* root node folder

* resman changes

* tenant resman roles

* first apply of tenant resman

* tenant log sinks in stage 1

* fix test vars

* tfdoc

* tenant vpc-sc access policy

* fix tests expected values

* tenant CI/CD

* identity providers

* wif

* tfdoc

* add comments to identity locals

* full-feature tenant resman apply

* tenant billing IAM

* stage test

* fix CI/CD comments

* tenant net stage verified

* tenant sec stage verified

* fix test

* README work

* tfdoc

* README

* README rewording

* README rewording

* tfdoc

* FAST excalidraw

* review comments

* diagram review changes

* add iam log sink for tenants

* remove redundant try from security stage

* Implement tflint-fast in Python driven by tftest.yaml files

* tflint

* test ci changes

* revert linting changes

* disable tflint for fast

* Create junit-style report for FAST tflint

* Remove junit-reporter

* YAPF tflint-fast.py

* Output tflint FAST to job summary

* Step summary

* Disable step_summary as output is not useful

* ignore tflint warning

* re-enable tflint on FAST

---------

Co-authored-by: Wiktor Niesiobędzki <wiktorn@google.com>
 2024-05-15 09:17:13 +00:00
Wiktor Niesiobędzki
024d3255e6 Generalization of tflint call for FAST stages (#2225) 
* Generalization of tflint call for FAST

* Fix tfvars path

* Fix tfvars path - depending where the file is

* Fix regex

* Reeanble linting

* Align test directory to stage name

* Align all fast stages to use tftest
 2024-04-18 21:04:24 +02:00
Julio Castillo
f22837cd47 Enable TFLint in FAST stages (#2221) 2024-04-18 10:06:24 +02:00
Julio Castillo
3af7e257d2 Add tflint to pipelines (#2220) 
* Fix terraform_deprecated_index

https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.5.0/docs/rules/terraform_deprecated_index.md

* Fix terraform_deprecated_interpolation

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.5.0/docs/rules/terraform_deprecated_interpolation.md

* Fix more indexing

* Remove unused variable

* Enable TFLint for modules

* Add tflint config file

* Fix chdir

* Lint modules

* TFLint fixes

* TFLint

* Fixes binauthz README

* Fixes DNS response policy tests. Restores MIG outputs.

* Fixes other DNS response policy tests.

* Update tests for fast 2-e

* Moar fixed tests

---------

Co-authored-by: Simone Ruffilli <sruffilli@google.com>
 2024-04-17 10:23:48 +02:00
Ludovico Magnocavallo
fc23c9c387 Update labeler version (#2192) 
* update labeler version

* test on:documentation label

* test on:blueprints label

* remove on:documentation

* test

* test on:fast label

* test

* remove test event from workflow

* remove fast comment
 2024-04-03 11:24:10 +02:00
Wiktor Niesiobędzki
7ec6c686a8 Add test reports to checks 2024-03-11 10:54:34 +01:00
Julio Castillo
ff90b736ca Update actions to latest versions (#2144) 2024-03-11 09:31:16 +01:00
Ludovico Magnocavallo
6941313c7d Factories refactor (#1843) 
* factories refactor doc

* Adds file schema and filesystem organization

* Update 20231106-factories.md

* move factories out of blueprints and create new factories  README

* align factory in billing-account module

* align factory in dataplex-datascan module

* align factory in billing-account module

* align factory in net-firewall-policy module

* align factory in dns-response-policy module

* align factory in net-vpc-firewall module

* align factory in net-vpc module

* align factory variable names in FAST

* remove decentralized firewall blueprint

* bump terraform version

* bump module versions

* update top-level READMEs

* move project factory to modules

* fix variable names and tests

* tfdoc

* remove changelog link

* add project factory to top-level README

* fix cludrun eventarc diff

* fix README

* fix cludrun eventarc diff

---------

Co-authored-by: Simone Ruffilli <sruffilli@google.com>
 2024-02-26 10:16:52 +00:00
simonebruzzechesse
d11c380aec Format python files in blueprints (#2079) 
* format python files in blueprints
* update check on blueprints python code
* update python linter in CI workflow
 2024-02-15 09:37:49 +01:00
Wiktor Niesiobędzki
2c9eb5795b Bum terraform to version 1.7.0 2024-02-07 17:25:11 +01:00
Wiktor Niesiobędzki
70a94eda46 Add version check 2023-12-27 08:40:23 +01:00
Julio Castillo
f815382d32 Update issue templates 2023-10-24 11:11:09 +02:00
Simone Ruffilli
6d89b88149 versions.tf maintenance + copyright notice bump (#1782) 
* Bump copyright notice to 2023

* Delete versions.tf on blueprints

* Pin provider to major version 5

* Remove comment

* Fix lint

* fix bq-ml blueprint readme

---------

Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
Co-authored-by: Julio Castillo <jccb@google.com>
 2023-10-20 18:17:47 +02:00
Julio Castillo
5bbb7bdd09 Simplify linting output in workflow 2023-08-31 10:15:12 +02:00
Julio Castillo
2e0474dc71 Update pull_request_template.md 2023-08-30 17:49:49 +02:00
Julio Castillo
d717712657 Create pull_request_template.md 2023-08-30 17:46:56 +02:00
Ludovico Magnocavallo
819894d2ba IAM interface refactor (#1595) 
* IAM modules refactor proposal

* policy

* subheading

* Update 20230816-iam-refactor.md

* log Julio's +1

* data-catalog-policy-tag

* dataproc

* dataproc

* folder

* folder

* folder

* folder

* project

* better filtering in test examples

* project

* folder

* folder

* organization

* fix variable descriptions

* kms

* net-vpc

* dataplex-datascan

* modules/iam-service-account

* modules/source-repository/

* blueprints/cloud-operations/vm-migration/

* blueprints/third-party-solutions/wordpress

* dataplex-datascan

* blueprints/cloud-operations/workload-identity-federation

* blueprints/data-solutions/cloudsql-multiregion/

* blueprints/data-solutions/composer-2

* Update 20230816-iam-refactor.md

* Update 20230816-iam-refactor.md

* capture discussion in architectural doc

* update variable names and refactor proposal

* project

* blueprints first round

* folder

* organization

* data-catalog-policy-tag

* re-enable folder inventory

* project module style fix

* dataproc

* source-repository

* source-repository tests

* dataplex-datascan

* dataplex-datascan tests

* net-vpc

* net-vpc test examples

* iam-service-account

* iam-service-account test examples

* kms

* boilerplate

* tfdoc

* fix module tests

* more blueprint fixes

* fix typo in data blueprints

* incomplete refactor of data platform foundations

* tfdoc

* data platform foundation

* refactor data platform foundation iam locals

* remove redundant example test

* shielded folder fix

* fix typo

* project factory

* project factory outputs

* tfdoc

* test workflow: less verbose tests, fix tf version

* re-enable -vv, shorter traceback, fix action version

* ignore github extension warning, re-enable action version

* fast bootstrap IAM, untested

* bootstrap stage IAM fixes

* stage 0 tests

* fast stage 1

* tenant stage 1

* minor changes to fast stage 0 and 1

* fast security stage

* fast mt stage 0

* fast mt stage 0

* fast pf
 2023-08-20 09:44:20 +02:00