kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a2493caf25c12f7a9819aa5dc955c388064527d7
hunfabric/fast/addons
History
Simon Roberts 26dbaa2d6e Enable terraform_naming_convention in tflint (#3930) 
* Draft terraform_naming_convention

* Two fast/stages fixes for terraform_naming_convention

* Disable terraform_naming_convention for resources for now

* module fixes for terraform_naming_convention

* tfdoc

* Remove "moved" from recipe and needs-fixing

* Fix moved for spoke_ra

* fix tests

* Use default (snake_case) for resources

* factory.terraform_data.project-preconditions

* First-pass migration of resources + tests

* Fix tests/modules/organization

* Require snake_case for variables; Add annotations for _testing

* permit _fast_debug variable

* Fix net_vpc_factory and net_vpc_firewall tests

* tfdoc addons and recipe

* Fix more tests

* Fix some net-global -> net_global tests

---------

Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
2026-05-06 06:06:26 +00:00
..
2-networking-ngfw
Enable terraform_naming_convention in tflint (#3930)
2026-05-06 06:06:26 +00:00
2-networking-swp
Enable terraform_naming_convention in tflint (#3930)
2026-05-06 06:06:26 +00:00
2-networking-test
Fix pre-commit hook (#3882)
2026-04-18 10:07:14 +02:00
README.md
fix ngfw add-on instructions (#3409)
2025-10-13 16:52:54 +00:00

README.md

FAST add-ons

Each of the folders contained here is a separate "add-on" that can be used to add extra functionality to a specific stage.

Add-ons can be thought of as additional thin layers on top of a stage, that reuse its IaC resources and leverage the same IAM configuration: the same service accounts are used to run the add-on, and state configuration is stored in the same bucket as their "parent stage" under a different prefix.

Add-on configuration

To configure an add-on, once you have identified its "parent stage" (networking, security, etc.) you have to configure the org setup stage so that its providers file, and associated GCS resources to host the state file, are created. The following example configures resources for the NGFW Networking add-on.

First, the new provider file is declared in the defaults.yaml file.

# defaults.yaml (snippet)

output_files:
  # ...
  providers:
    # ...
    2-networking-ngfw:
      bucket: $storage_buckets:iac-0/iac-stage-state
      prefix: 2-networking-ngfw
      service_account: $iam_principals:service_accounts/iac-0/iac-networking-rw

Then, the GCS folder (shown here) or bucket for the Terraform state is defined in the IaC project.

# projects/iac-0.yaml
buckets:
  # ...
  iac-stage-state:
    description: Terraform state for stage automation.
    managed_folders:
      # ...
      2-networking-ngfw:
        iam:
          roles/storage.admin:
            - $iam_principals:service_accounts/iac-0/iac-networking-rw
          $custom_roles:storage_viewer:
            - $iam_principals:service_accounts/iac-0/iac-networking-ro

Once the org setup stage is ready and applied, the add-on can be run using the generated provider files. The fast-links.sh can be used to link or copy the relevant files to the add-on, in the same way it's used for regular stages.