kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5,904 Commits 1 Branch 1 Tag
fd9f92324bccf054d2e5cffd794871fca322a1c2
Commit Graph

169 Commits

Author SHA1 Message Date
Julio Castillo
fd9f92324b Update VPC-SC module and FAST stage (#2887) 
* Update VPC-SC module to support vpc subnets

* Update FAST VPC-SC variables

* Fix tests
 2025-02-13 18:04:09 +00:00
Ludovico Magnocavallo
f22d783cf7 Address DNS issues with googleapis RPZ and forwarding (#2891) 
* add empty DNS zone for googleapis to net stages

* add ipv6 records for private/restricted

* avoid permadiff in rpz ipv6 addresses
 2025-02-13 16:08:27 +00:00
Julio Castillo
d43c624f9e Add new set of org policies with managed constraints to FAST bootstrap (#2884) 
* Managed org policies example

* Add folder with managed org policies

* Add tests for managed org policies

* Document new managed org policy set
 2025-02-12 19:38:44 +00:00
karpok78
e4f55fb7ff Add bucket IAM policy read (#2872) 
Allow the Project factory read only SA to retrieve buckets IAM policy for buckets created by the PF
 2025-02-09 23:55:54 +00:00
Julio Castillo
e0a3a3c7bb Expose custom constraint factory in bootstrap (#2854) 
* Expose custom constraint factory in bootstrap

* Silence linter

* Fix tests
 2025-01-31 07:03:29 +01:00
Ludovico Magnocavallo
95ec5ee3b5 Flexible stage 2s in FAST resource manager (#2840) 
* wip

* WIP

* wip

* wip

* apply untested

* tests

* support tag expansion for tenant-level installations in IAM conditions

* fix stage config output

* inventories

* remove dev files

* tfdoc

* enable org policies for stage folders

* resman README

* tfdoc

* stage 3 documentation

* inventory

* support extra_dirs in testing franework

* remove org policy files from stage 1

* Add principal interpolation to iam_by_principals (#2847)

* Add principal interpolation to iam_by_principals

* Fix tests

* relax schemas

* relax schemas

---------

Co-authored-by: Julio Castillo <jccb@google.com>
 2025-01-29 12:16:35 +00:00
Ludovico Magnocavallo
6aed84f070 FAST add-on for networking test resources (#2825) 
* needs testing

* add-on README, test, remove test resources from net stages

* tfdoc
 2025-01-20 09:41:35 +01:00
Ludovico Magnocavallo
f646e85301 FAST SWP networking add-on (#2821) 
* prototype implementation, untested

* halfway through refactor

* refactor cas module pool variable

* apply cas module refactor to ngfw fast addon

* untested

* test

* tflint

* tflint

* tfdoc

* fix brainfarts

* tfdoc

* update ca pool type in security stage
 2025-01-18 07:12:40 +00:00
Simone Ruffilli
8b31a006c7 Top level folder factory support for automation SA IAM (#2818) 
* Top level folder factory support for automation SA IAM

* Fixes iam_bindings and iam_bindings_additive for top-level-folder

---------

Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
 2025-01-16 10:32:59 +01:00
Ludovico Magnocavallo
b608e3756e Fix permadiff in stage 0 vpc-sc service account, add schemas to hierarchical policy YAML files (#2817) 
* fix permadiff in stage 0

* add missing schema

* update test inventories
 2025-01-15 09:47:04 +00:00
Ludovico Magnocavallo
27f1cc2b79 Implement FAST stage add-ons, refactor netsec as add-on (#2800) 
* security fixes

* change netsec to be a virtual stage in resman

* remove netsec bits from security stage, leave CAs in place

* netsec - security profile groups

* export regions to networking tfvars

* netsec - trust stores

* netsec refactor, untested

* netsec plan working

* netsec apply

* netsec apply errors

* netsec diagram

* update diagram

* move addon stages to addons folder

* remove top-level assets folder

* deprecate and remove fast plugins

* addon tests

* dynamic addon providers and cicd, untested

* stage 1 addons in stage 0, refactor stage 0 cicd

* addons and cicd refactor in stage 0 with tests

* refactor stage 0 cicd

* readd removed block

* small bootstrap cicd fixes

* refactor stage 1 cicd

* resman tests

* remove plugins from networking tests

* fix fast tests

* ngfw addon outputs

* try to fix unrelated tflint error in bootstrap

* remove common tfvars from bootstrap tests to fix linter errors

* tfdoc

* minimal readmes and links fixes

* tfdoc

* trim down test inventories

* fix plan test

* tfdoc

* allow configuring output files names

* fix tls inspection after adding count to project module

* comment fixes

* tfdoc
 2025-01-09 18:14:11 +00:00
Ludovico Magnocavallo
d6d582e636 Add optional support for fw policies via new vpc_configs variable, refactor factories variable in net stages (#2801) 
* net a

* extend change to other networking stages

* refactor factories config variable in net a

* net b and c

* complete net b

* fix errors, add mtu

* fix

* fix

* fix errors
 2025-01-09 17:14:55 +01:00
Ludovico Magnocavallo
647895a928 Leverage environments for folder and project creation in FAST resman and security (#2787) 
* resman

* resman tests

* untested sec changes

* plan fixes

* tests, tfdoc, test apply

* boilerplate

* resource naming
 2024-12-27 21:03:31 +01:00
Luca Prete
e72303a94b [FAST] Remove unused stage 1 CICD variables (#2774) 2024-12-17 17:26:02 +01:00
Luca Prete
c6c6bbfffa Add ability to autogenerate md5 keys in net-vpn-ha (#2748) 
* Add ability to optionally generate MD5 secrets in VPN module

* Add ability to autogenerate MD5 keys in net-vpn-ha module

* restore missing output

* fix test counts

---------

Co-authored-by: Luca Prete <lucaprete@google.com>
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
 2024-12-06 07:34:56 +00:00
Ludovico Magnocavallo
1a1886c551 fix parent id lookup for networking and security stages (#2744) 2024-12-04 21:08:31 +01:00
Julio Castillo
4a739fcb87 Expose factories_config for resman top level folders (#2707) 
* Expose factories_config for top_level_folders

* Complete top level folder schema

* Update README

* Fix escapes

* Update tests
 2024-11-17 22:54:56 +00:00
Julio Castillo
1fc5e90bdd Allow disabling network security stage (#2701) 
* Allow disabling security stage

* Remove deprecated network_firewall_policies_viewer

* Enable nsec in resman tests
 2024-11-17 10:04:18 +01:00
Julio Castillo
f140adfab8 Remove REGIONAL/MULTI_REGIONAL buckets from FAST (#2697) 2024-11-16 10:14:47 +00:00
Julio Castillo
7b2a3424a8 Unify usage of top level folders short_name (#2693) 
* Unify usage of top level folders short_name

* Fix docs

* Update schema

* Fix tests

* Fix tests

* More fixes
 2024-11-15 13:56:45 +01:00
Julio Castillo
9814756074 Make project iam viewer name consistent with GCP naming (#2694) 
* Make project iam viewer name consistent with GCP naming

* Fix tests
 2024-11-15 11:48:37 +01:00
Ludovico Magnocavallo
31cb391be7 Streamline environments variable across stages (#2688) 
* streamline environments variable across stages

* linting

* linting
 2024-11-15 10:22:18 +01:00
Ludovico Magnocavallo
721e7689b4 Add missing billing roles to project factory ro SA in stage 1 (#2685) 
* add missing billing role for pf ro sa

* fix tests
 2024-11-14 11:41:30 +01:00
Ludovico Magnocavallo
aa30e33618 add missing role for pf ro account (#2683) 2024-11-14 10:25:51 +01:00
Ludovico Magnocavallo
d0c8ffaddb fix permadiff in bootstrap stage (#2656) 2024-11-01 15:56:07 +01:00
Ludovico Magnocavallo
50ac3a5013 Refactor of FAST resource management and subsequent stages (#2648) 
* untested

* pllan testing

* fix stage 2s

* move providers to their own file

* single-environment stage 3

* fixes and moved blocks

* stage3 factory

* doc

* review comments

* review comments

* tfdoc

* fasts tage 1 tests

* netsec as stage 2

* fix backported roles

* fix backported roles

* tfdoc

* fixes

* fix tag value roles in stage 1

* remove checklist, fix stage 1 tests

* inventory

* Small bugfix

* refactor context tag values

* fix previous merge

* fix previous merge

* fix previous merge

* support short names for top level automation resources, change top level context variable

* fix new top level context

* roll back merge changes to stage 0 outputs

* roll back more merge changes

* linting errors

* tfdoc

* fix tests, roll back merge in tenants stage

* tfdoc

* fix inventory

* optional stage 2 env folders and tag bindings

* tflint

* damn tflint

* damn tflint

* tfdoc

* fix networking tests

* tflint

* fix test inventories

* tfdoc

* use coalesce for project parents

* fix billing role conditions

* fix billing role conditions

* security stage tested (ngw resources need fixing/porting)

* boilerplate

* fix inventory

* stage envs and stage linking script

* initial work on resman docs, update diagram, improve teams folder

* resman README

* fix stage 2 IAM delegation

* remove checklist from bootstrap

* stage 1 tests

* stage 0 1 and 2 tests

* tflint

* tflint

* tfdoc

* GCVE stage refactor (untested)

* GCVE stage refactor (untested)

* GCVE stage 3

* gcve tests

* tflint

* tfdoc

* fix links

* module tests

* stages README

* move network security to stage 2

* network security tests

* replace stage links in README files

* minimal netsec stage refactor

* use factory for iac org policies, add configurable drs org policy for iac

* test mt stage

* tfdoc

* fix cicd workflows

* fix cicd workflows

* gke-dev stage

* tflint

* remove data platform stage

* exclude provider files via tfdoc opts

* remove data platform tests and links

* fix merge

* fix resman inventory

* boilerplate

* inventory

---------

Co-authored-by: Simone Ruffilli <sruffilli@google.com>
 2024-10-31 16:55:54 +01:00
Aurélien Legrand
d4b594f83a Adding DNS for GKE control plane to private google access APIs (#2641) 
* Adding DNS for GKE control plane to private google access APIs

* updating tests

* updating tests
 2024-10-29 14:09:26 +01:00
Liam Nesteroff
f14cd9f948 Add TFE integration for backend and CICD (#2611) 
* added option for tfe_cicd

* formatting and readme

* formatting

* added terraform option for cicd_repos

* update readme

* modified provider templating for tf

* added missing resman gsa

* updated readmes

* added options for tf style write/branch structure

* added cicf_backends to tests

* added cicd_backends to tests

* Updated readme
 2024-10-16 17:01:39 +11:00
Elia
81a6ff30d2 GCVE network mode for 2-networking-b-nva stage (#2544) 
* GCVE network mode

* optional landing routes

* net option renamed

* minor fix

* added stage tests

* test fix

* regional-vpc mode

* fixed api

* fix readme

* drawing updated

* stage test fix

* stage test fix

* stage test fix

* stage test fix

* fix

---------

Co-authored-by: Simone Ruffilli <sruffilli@google.com>
 2024-10-15 08:28:15 +02:00
Simone Ruffilli
9905e1dc69 Enables compute.setNewProjectDefaultToZonalDNSOnly and essentialcontacts.allowedContactDomains (#2564) 
* Enables setNewProjectDefaultToZonalDNSOnly policy
* Add support for essentialcontacts.allowedContactDomains
 2024-09-13 11:09:55 +02:00
Ludovico Magnocavallo
579c7296db moved blocks and fixes for FAST v33-v34 transition (#2541) 2024-08-30 07:44:27 +00:00
Luca Prete
3ca0525039 [FAST] TLS inspection support for NGFW Enterprise (#2484) 2024-08-30 09:15:17 +02:00
Julio Castillo
f57635d044 Add managed folders suports to gcs module (#2530) 
* Add RPO, make versioning dynamic

* Add manaed folders

* Change autoclass and cors defaults to null

* Update README

* Add iam_by_principals

* Add managed folders var description

* Remove need for managed folders to end in /

* Add inventory to example

* Update readme

* Fix FAST tests
 2024-08-28 07:30:52 +00:00
Luca Prete
17667ce205 [FAST] Add permissions to nsec-r SA (#2511) 2024-08-21 20:26:32 +02:00
Ludovico Magnocavallo
13595f1499 depend network security stage from fast features in resman (#2509) 2024-08-21 08:38:43 +02:00
Ludovico Magnocavallo
ad5de9b7ea Refactor FAST project factory and supporting documentation (#2505) 
* untested

* teams pattern

* rework doc

* README

* boierplate

* tflint

* Fix tflint for project factory

* Correct path to pf

* resman changes

* fix factory variable default

* fix links

* project factory module substitutions

* tflint

* stage test

* tfdoc

* rename schema, address review comments

* README typos and wording

* tfdoc

* review comments

* remove test from yaml

* revert output workflow changes

* fix sa reference errors

* tfdoc

* pf tag roles

* schema validation

* pf tag roles

* avoid null values in pf context

---------

Co-authored-by: Wiktor Niesiobędzki <wiktorn@google.com>
 2024-08-20 16:45:42 +00:00
Julio Castillo
912cbb8281 Rename 1-vpc-sc stage to 1-vpcsc (#2471) 
* Rename 1-vpc-sc stage to 1-vpcsc

* Fix tests
 2024-08-06 11:21:55 +00:00
Julio Castillo
89333a5d43 Make policyReader binding additive in bootstrap (#2470) 2024-08-06 09:35:37 +00:00
Ludovico Magnocavallo
345716e576 VPC-SC as separate FAST stage 1 (#2460) 
* initial commit

* README

* boilerplate

* tflint

* tfdoc

* fix security stage tests

* vpc-sc stage tests

* tflint

* fix resman stage test inventories

* security README

* stage-level README

* Update README.md

* flexible perimeter variable

* remove diagram

* change default to dry run

* default to dry run
 2024-08-02 18:04:36 +02:00
Luca Prete
80f9ce6307 [FAST] Add basic NGFW enterprise stage (#2410) 2024-08-01 09:41:31 +00:00
Simone Ruffilli
27bb48df77 NCC in 2-net-a-simple (#2397) 
* NCC in 2-net-a-simple
 2024-07-25 18:03:09 +02:00
Julio Castillo
c0bf32e797 Refactor service agent management (#2423) 
* Service agents script

* Service agents update

* WIP

* Update script and terraform

* Fix tests

* Fix linter

* Update docs

* Bring back pf example inventory

* Fix tests

* Fix more tests

* Fix tests

* Use dataclasses for build_service_agents.py

* Remove unneeded field() from build_service_agents

* Re-enable CMEK depends_on in project outputs

* Update tools/requirements.txt

* Enable storage in GCS example projects

* Fix tests

* Add CMEK Service Agents dependencies for services

* Fix typos and data platform cmek

* More typos
 2024-07-23 22:05:38 +02:00
Ludovico Magnocavallo
5319184e71 FAST ng: stage 0 environments and VPC-SC IaC resources (#2440) 
* FAST ng: stage 0 environments and VPC-SC IaC resources

* test inventories
 2024-07-23 11:52:39 +02:00
Simone Ruffilli
3151b02eda FAST: IAM cleanups to reflect PF changes (#2430) 
* FAST: IAM cleanups to reflect PF changes
 2024-07-18 14:59:28 +02:00
Ludovico Magnocavallo
e3809e6735 Add main project factory service account (#2353) 
* add main project factory service account

* add main project factory service account
 2024-06-10 12:23:30 +02:00
Ludovico Magnocavallo
b13b6032d3 Remove support for source repositories from FAST CI/CD (#2352) 
* stage 0

* stage 1

* stage 1 mt

* remove unused locals from resman

* remove unused locals from resman

* tfdoc
 2024-06-10 09:02:55 +00:00
Julio Castillo
ef7083799c Update PGA domains (#2330) 
* Update PGA domains

* Fix tests
 2024-05-31 10:53:50 +00:00
Simone Ruffilli
4901b4aee8 FAST: Enable networkconnectivity when using NCC-RA in 2-b (#2329) 2024-05-31 08:22:24 +00:00
Luca Prete
eb5754e475 [FAST] Rename stage 2-networking-d-separate-envs to 2-netwroking-c-separate-envs (#2328) 
Co-authored-by: Luca Prete <lucaprete@google.com>
 2024-05-31 09:09:31 +03:00
Simone Ruffilli
532f1ecfc4 Merge FAST C and E network stages into a new B stage. (#2309) 
Merge FAST C and E network stages into a new B stage.
 2024-05-28 17:27:28 +02:00