kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6,958 Commits 1 Branch 1 Tag
f5ee82ab3aaa0037df8bbf5d3a397ee449852be7
Commit Graph

1315 Commits

Author SHA1 Message Date
aumohr
33bf7ab157 added role required for support ticket creation (#3578) 
* added role required for support ticket creation

* updated tests for role count

* updated tests for resource count
 2025-12-09 14:09:06 +04:00
Ludovico Magnocavallo
66b9106e6e Merge remote-tracking branch 'origin/master' into fast-dev 2025-12-08 08:09:55 +00:00
Ludovico Magnocavallo
ac68262733 prep v49.2.0 2025-12-08 07:58:58 +00:00
Wiktor Niesiobędzki
a3d112d14a ignore_changes quirks 2025-12-07 10:43:25 +01:00
Zsolt Molnar
b1969f6c60 Workforce identity: migrate to iam.managed.allowedPolicyMembers Organizational Policy (#3546) 
* Migrate to iam.managed.allowedPolicyMembers Organizational Policy to allow PrincipalSets configuration for Workforce identity use-cases

* Keep iam.managed.allowedPolicyMembers implementation as comment only

---------

Co-authored-by: Julio Castillo <jccb@google.com>
 2025-12-05 17:26:04 +01:00
Michael Woodham
bc5732357c Updates to GKE modules to support Secret Sync (#3562) 
* Updates to add secret_sync to GKE module in CFF

* updated READMEs against the python tfdoc command

* updated version for secret_sync to reflect 7.12.0

* update provider versions to 7.12.0

* Updated READMEs which got clobbered by merge with main

* Fixed test errors in secret-manager module

---------

Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
 2025-12-05 15:30:49 +00:00
Ludovico Magnocavallo
ad9b71442a Update stage 0 README (#3565) 
* Update stage 0 README

* tfdoc

* sort services and remvoe duplicates
 2025-12-04 10:28:57 +01:00
Vannick Trinquier
33df0bba4a Align locations in networking stage with other stages (#3559) 2025-12-04 14:28:05 +07:00
Ludovico Magnocavallo
26d43d8ec5 re-enable project billing association in project factory, extends to folder (#3554) 2025-11-27 20:51:20 +00:00
Ludovico Magnocavallo
6f8097d2eb Merge remote-tracking branch 'origin/master' into fast-dev 2025-11-24 09:56:12 +00:00
Ludovico Magnocavallo
3daba73d0b add default routes / delete default (#3549) 2025-11-24 09:28:57 +00:00
Ludovico Magnocavallo
bd4f2e317a prep v49.1.0 2025-11-24 08:37:06 +00:00
Ludovico Magnocavallo
10e29e1eeb Context improvements: "all service accounts" principal in folder, org, project modules; custom roles in factory condition vars for FAST stage 0 (#3548) 
* iam principalsets

* fix folder

* add custom roles to factory condition vars in stage 0

* project shared vpc IAM
 2025-11-24 08:28:41 +00:00
Vannick Trinquier
ba4ed1a7a9 Add additional hardened controls for gke, firewall, cloudrun and others (#3541) 2025-11-21 15:38:53 +07:00
Zsolt Molnar
9f51c4b555 Configure ADMIN_READ for sts.googleapis.com to enable Workforce Identity logging (#3545) 
* Configure ADMIN_READ for sts.googleapis.com to enable Workforce Identity logging

* Updated test results
 2025-11-21 07:40:45 +01:00
Ludovico Magnocavallo
3392953188 prep v49.0.0 2025-11-18 13:51:02 +00:00
Ludovico Magnocavallo
da5726324d Merge remote-tracking branch 'origin/master' into fast-dev 2025-11-18 13:49:13 +00:00
Ludovico Magnocavallo
83ebdbbd2d prep v48.1.0 2025-11-18 13:47:16 +00:00
Ludovico Magnocavallo
932fd82fe2 Drop the 2-secops stage and minimally refactor 3-secops-dev (#3537) 
* drop 2-secops and minimally refactor 3-secops

* remove stage 2 tests

* tfdoc
 2025-11-18 14:32:06 +01:00
Ludovico Magnocavallo
8c29512890 Leverage project-level workload identity in FAST CI/CD (#3535) 
* Leverage project-level WIF in FAST CI/CD

* add new context namespace, improve outputs, fix tests and inventories

* make YAML linter happy

* README
 2025-11-18 10:49:44 +00:00
Ludovico Magnocavallo
0ff2e8c56b Merge remote-tracking branch 'origin/master' into fast-dev 2025-11-17 19:00:17 +00:00
kovagoadam
2567233fb7 Fix egress-policy schema by removing pattern to match the one in ingress-policy schema. (#3533) 2025-11-17 14:56:32 +00:00
Ludovico Magnocavallo
09367404a8 remove log buckets from security stage projects (#3534) 2025-11-17 14:24:58 +00:00
Ludovico Magnocavallo
6035fe89d7 assign service usage roles on iac project to automation service accounts (#3532) 2025-11-17 14:58:57 +01:00
Ludovico Magnocavallo
897c6ef8c3 Add support for Workload Identity to project module and project factory (#3531) 
* module-level support

* fast stage 0

* fix inventory, add outputs/tfvars

* wip

* project factory

* pf outputs

* iam templates will be added where ci/cd configs are managed

* fix merge conflicts
 2025-11-17 07:31:21 +00:00
Ludovico Magnocavallo
87ed19bc47 Add support for Workforce Identity to organization module and org setup stage (#3530) 
* module-level support

* fast stage 0

* fix inventory, add outputs/tfvars
 2025-11-17 08:00:30 +01:00
Vannick Trinquier
03521a5780 Prettify yaml controls (#3525) 2025-11-13 14:21:36 +07:00
Ludovico Magnocavallo
5270586a8e fix schema doc tool, fix schema errors, regenerate schema docs (#3524) 2025-11-12 08:50:52 +01:00
Ludovico Magnocavallo
602e1731c9 Replace leftover schema links with actual files (#3522) 
* replace schema links with schemas

* vpc-sc stage
 2025-11-11 11:57:51 +01:00
Ludovico Magnocavallo
3289a6ff27 prep v48.0.0 2025-11-11 09:13:44 +00:00
Ludovico Magnocavallo
76eec666ea Merge remote-tracking branch 'origin/master' into fast-dev 2025-11-11 09:10:56 +00:00
Ludovico Magnocavallo
0d0e086cfc prep v47.1.0 2025-11-11 08:59:19 +00:00
Vannick Trinquier
1f0940a716 Update yaml controls to match max line-length (#3520) 
* Update yaml controls to match max line-length

* Add test for stage 0 with hardened datasets

---------

Co-authored-by: Julio Castillo <jccb@google.com>
 2025-11-11 07:00:49 +00:00
Ludovico Magnocavallo
192788cdb4 Update README.md 2025-11-11 07:40:55 +01:00
Ludovico Magnocavallo
fc7aa71ada Add support for KMS key creation to project factory (#3518) 
* initial implementation

* context

* tfdoc

* add support for autokey to projects

* fix typo
 2025-11-11 07:23:50 +01:00
Vannick Trinquier
15a5486a1e Add hardened controls for gke, networking and monitoring alerts recommended in CIS Benchmarks for GCP (#3484) 2025-11-10 11:06:25 +00:00
Ludovico Magnocavallo
ba77c6170c Allow configuring data access logs from org/folder/project schemas (#3516) 
* modules and FAST support

* module tests

* fast stage 0 dataset

* tfdoc
 2025-11-10 10:19:21 +00:00
Ludovico Magnocavallo
7e32058010 [WIP] Add support for KMS autokey (#3515) 
* wip

* folder module

* project factory schema

* remove spurious project template

* gcs and compute-vm modules

* variable order
 2025-11-09 10:46:28 +01:00
Ludovico Magnocavallo
16da9ffaad Merge remote-tracking branch 'origin/master' into fast-dev 2025-11-08 17:07:49 +00:00
Ludovico Magnocavallo
81010a97c0 Rename project and VPC resources in net stage datasets (#3513) 
* vpcsc tfvars optional in net

* net project/vpc renames

* fix provider diffs in inventories
 2025-11-08 13:38:28 +01:00
Simone Ruffilli
1363d2f765 Sets a default for delete_default_routes_on_create in 2-networking (#3511) 2025-11-07 08:31:45 +00:00
Luca Prete
e25d5881f9 [FAST] fix host project names in sample yaml files in project factory (#3508) 2025-11-06 23:02:20 +01:00
Ludovico Magnocavallo
6f644c886f Merge remote-tracking branch 'origin/master' into fast-dev 2025-11-06 17:20:17 +00:00
Julio Castillo
002349c35b Allow defining org-level pam_entitlements in 0-org-setup (#3506) 2025-11-05 19:27:59 +01:00
Ludovico Magnocavallo
68c8538fd6 Refactor FAST VPC-SC docs, ensure cooperative VPC-SC resource control works (#3504) 
* stage README

* vpc-sc in security stage

* vpc-sc for networking

* vpc-sc for net

* vpc-sc for pf

* vpc-sc for pf

* spelling

* inventory
 2025-11-05 13:19:02 +00:00
Ludovico Magnocavallo
5946433737 prep v47.0.0 2025-11-05 08:28:44 +00:00
Ludovico Magnocavallo
fc538a15cc Merge remote-tracking branch 'origin/master' into fast-dev 2025-11-05 08:26:53 +00:00
Ludovico Magnocavallo
adec737e2a prep v46.1.0 2025-11-05 08:24:06 +00:00
Ludovico Magnocavallo
dddea78e49 add resource set for org setup projects to vpc sc stage (#3497) 2025-11-03 10:36:40 +01:00
Ludovico Magnocavallo
8bfc3cf579 Pass email addresses context to organization module in stage 0 (#3496) 
* pass email addresses context to organization module in stage 0

* depend essential contacts on org policy resource
 2025-11-03 08:43:15 +00:00