3972eb6df4
Align resource names in FAST networking stages ( #2115 )
...
* stage c nva
* fix tests
* remove moved blocks from net c stage
* simplify subnet naming in stage 2 net e
* address most renames in stage 2 e
* address most renames in stage 2 e
* address most renames in stage 2 e
* complete renames in stage 2 e
* use non-regional names in subnets
* use non-regional names in subnets
* use non-regional names in subnets
2024-02-29 07:45:19 +01:00
dbabfb9ae0
Add support for billing budgets to project factory ( #2112 )
...
* align factory variable name in project factory module
* tested
* align fast stage
2024-02-27 18:13:49 +00:00
6941313c7d
Factories refactor ( #1843 )
...
* factories refactor doc
* Adds file schema and filesystem organization
* Update 20231106-factories.md
* move factories out of blueprints and create new factories README
* align factory in billing-account module
* align factory in dataplex-datascan module
* align factory in billing-account module
* align factory in net-firewall-policy module
* align factory in dns-response-policy module
* align factory in net-vpc-firewall module
* align factory in net-vpc module
* align factory variable names in FAST
* remove decentralized firewall blueprint
* bump terraform version
* bump module versions
* update top-level READMEs
* move project factory to modules
* fix variable names and tests
* tfdoc
* remove changelog link
* add project factory to top-level README
* fix cludrun eventarc diff
* fix README
* fix cludrun eventarc diff
---------
Co-authored-by: Simone Ruffilli <sruffilli@google.com>
2024-02-26 10:16:52 +00:00
220ab76e40
enable shielded nodes by default on GKE mt blueprint and FAST stage ( #2105 )
2024-02-22 07:35:27 +00:00
b82f008efc
Make all project_parent_ids fields optional ( #2101 )
2024-02-20 15:21:56 +00:00
eb23bb62d2
Support domainless orgs in FAST ( #2086 )
...
* bootstrap
* align org policies to domainless enforced ones
* fix #2073
* fix tests
* fix team admin attribute in resman stage
2024-02-19 08:29:37 +00:00
946ae148f7
Add workforce_identity_federation in 0-bootstrap ( #2077 )
...
* add workforce_identity_federation in 0-bootstrap
* update tests
2024-02-15 00:10:24 +01:00
47c3d0cb64
Update organization.tf
...
fix typos
2024-02-13 08:50:05 +01:00
20c5bc8444
Update 0-domainless-iam.md
2024-02-12 14:39:21 +01:00
5c3507aa72
Update 0-domainless-iam.md
2024-02-12 14:39:03 +01:00
4e77193c6a
Update 0-domainless-iam.md
2024-02-12 14:38:35 +01:00
71a64487d5
Extend FAST to support different principal types ( #2064 )
...
* add doc draft
* typos
* typo
* typo
* typos
* rewording
* Update 0-domainless-iam.md
* Update 0-domainless-iam.md
* Update 0-domainless-iam.md
* Update 0-domainless-iam.md
* Update 0-domainless-iam.md
* Update 0-domainless-iam.md
* Update 0-domainless-iam.md
* Update 0-domainless-iam.md
* Update 0-domainless-iam.md
* Update 0-domainless-iam.md
* move iam variables to a separate file
* move billing-account module to iam_principals
* move data-catalog-policy-tag module to iam_principals
* move dataplex-datascan module to iam_principals
* move dataproc module to iam_principals
* move folder module to iam_principals
* copyright
* move organization module to iam_principals
* move project module to iam_principals
* move source-repository module to iam_principals
* update blueprints for iam_principals interface
* FAST bootstrap
* module READMEs fixes
* FAST bootstrap
* FAST networking stages
* FAST security stage
* FAST gke stage
* FAST multitenant bootstrap stage
* FAST multitenant resman stage
* tfdoc
* Update 0-domainless-iam.md
* Update 0-domainless-iam.md
* Update 0-domainless-iam.md
* Update 0-domainless-iam.md
* fix module test
* Update 0-domainless-iam.md
* Update 0-domainless-iam.md
* Rename iam_principals to iam_by_principals
* Update IAM template to include iam_by_principals
* Update Resman README
* Fix ADR link format
---------
Co-authored-by: Julio Castillo <jccb@google.com>
2024-02-12 14:35:30 +01:00
3397d4cd52
Fix imports of org policies ( #2065 )
2024-02-11 07:22:11 +01:00
da11396e3a
Postpone setting essential contacts until it is done through SA
2024-02-07 20:08:44 +01:00
c58e61e98e
Introduce variable to disable imports, fix tests
2024-02-07 17:25:11 +01:00
ec3f314c08
Import default policies
2024-02-07 17:25:11 +01:00
e219d92217
Enable additional recommended org policies ( #2050 )
...
* Enable additional recommended org policies
Fixes #2047
Fixes #2048
Fixes #2049
* Fix tests
2024-02-05 10:46:37 +01:00
5448ab64c4
Leverage net-vpc module for DNS logging in FAST ( #2041 )
...
* revert #2023
* leverage net vpc module for dns logging in fast
2024-02-03 08:16:00 +01:00
13636ba07b
Make Cloud NAT creation optional in FAST net stages. ( #2038 )
...
* Make Cloud NAT creation optional in FAST net stages.
Fixes #2021
* Update READMEs
2024-02-02 10:58:16 +01:00
d127c25ad0
Shielded nodes and custom service account in FAST GKE stage and blueprint (CSPR-related) ( #2036 )
...
* default to shielded nodes in FAST gke stage
* use custom service account in GKE multitenant blueprint
2024-02-01 15:16:00 +00:00
4c68c016a9
Add DNS query logging to FAST net stages ( #2033 )
...
* Add DNS query logging to FAST net stages
Fixes #2020
* Update readmes
* Add variable to toggle DNS logging
* Extend DNS logging toggle to other net stages
2024-01-31 13:44:51 +01:00
01c7f806ce
Selectively enable logging in FAST and firewall policy module rules ( #2032 )
...
* use logging in firewall policy module examples
* enable logging for selected hierarchical firewall rules
2024-01-31 09:50:35 +01:00
1e06c35a1f
fix typos
2024-01-31 09:02:55 +01:00
c9db1fde20
clarify relationship with checklist groups ( #2031 )
2024-01-31 08:51:20 +01:00
da95434308
logging for default ingress rules in FAST ( #2030 )
...
* Add default ingress deny rule with logging to FAST net stages.
Fixes #2024
* Allow firewall factory to omit rules key
* Fix tests
* Fix fast tests
* fix fast tests
2024-01-30 16:53:01 +00:00
cdf65300f0
Fix sourcerepo templates and concat call ( #2019 )
...
* Fix sourcerepo templates and concat call
Fixes #2018
* Fix iam
* Fix another sourcerepo template
2024-01-30 11:46:33 +01:00
99228363b2
enforce trusted image projects constraint in stage 0 ( #2014 )
2024-01-26 10:14:44 +00:00
6d9b6403dd
add support for essential contacts to FAST ( #2010 )
2024-01-25 12:20:14 +01:00
c5416f3af1
Tighten up security of automation project (CSPR-related) ( #2009 )
...
* enforce compute/iam policies on the automation project
* tests
2024-01-24 18:40:36 +00:00
070584ae74
Checklist attribution bucket ( #2000 )
2024-01-23 11:32:14 +00:00
4b911a6047
update checklist parsing for top-level key ( #1997 )
2024-01-23 07:34:03 +01:00
11d7edac64
Add example to FAST GKE stage, streamline GKE Hub module variables and usage ( #1977 )
...
* implement optionals in gke-hub module
* simplify gke hub module call in mc mesh blueprint
* simplify gke hub module call and variables in multitenant blueprint
* gke hub inventory
* provide cluster and fleet examples in stage
2024-01-20 10:06:38 +00:00
208902c8da
Fix Data platform foundation ( #1992 )
...
* FAST + Minimal DP
* Fix tests
---------
Co-authored-by: Julio Castillo <jccb@google.com>
2024-01-20 08:49:46 +01:00
a8c84357f4
Integrate checklist data in FAST ( #1969 )
...
* add locals for additive and authoritative org iam roles
* first shot at IAM and logging location
* tfdoc
* use locals for locations
* fix file parsing, resman stubs
* initial resman implementation
* remove unneeded code
* fix data file
* replace dumb yamldecode
* fix wrong type in organization additive bindings try
* simplify logging local
* Use check asserts for version and org id
* Checks on checklist for resman
* refactor checks, ignore checklist files on wrong org id
* stage 0 tests
* fix checklist checks
* stage 1 tests
---------
Co-authored-by: Wiktor Niesiobędzki <wiktorn@google.com>
2024-01-18 05:45:29 +01:00
b15c573f18
add locations on terraform.tfvars.sample for bootstrap stage ( #1967 )
...
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
2024-01-09 07:32:27 +00:00
9d6e61428b
(WIP) Read-only service accounts for automation and CI/CD ( #1899 )
...
* add design doc for the new CI/CD sa
* describe the actual implementation
* specify which files will need to be changed
* Update 0-cicd-plan-sa.md
* Update 0-cicd-plan-sa.md
* Update 0-cicd-plan-sa.md
* Update 0-cicd-plan-sa.md
* Update 0-cicd-plan-sa.md
* Update 0-cicd-plan-sa.md
* Update 0-cicd-plan-sa.md
* Fix typo
* stage 0 read-only service accounts
* stage 0 IAM map
* linting
* cicd read-only service accounts
* tweak workflow templates
* roles and github workflow fixes
* tfdoc
* Ad-hoc custom role factory for FAST bootstrap
* use factory variable for custom roles data path
* custom roles factory in org/project modules
* tfdoc
* rename custom roles factory variable, fix gitlab template
* gitlab workflow fixes
* fix merge
* output plan results on failed assertion
* update stage 0 expected values
* data platform branch
* gke
* networking
* security
* project factory
* outputs
* workflow templates
* resman apply fixes
* tfdoc
* fix stage 1 test fixture
* fix gh workflow
* read-only resman sa roles
* fix test
* read-only resman sa roles
* read-only resman sa roles
* read-only resman sa roles
* read-only resman sa roles
* fix test variables
* rename wif principal attribute names
* rename wif principal variables
* multitenant stages
---------
Co-authored-by: Wiktor Niesiobędzki <wiktorn@google.com>
Co-authored-by: Julio Castillo <jccb@google.com>
2023-12-27 11:33:16 +00:00
a2263da1f3
fix GitHub CI/CD provider ( #1945 )
2023-12-21 17:10:50 +00:00
e592996ba0
Revert "Add debug step for JWT tokens" ( #1943 )
...
This reverts commit d95280081f
2023-12-21 14:50:27 +01:00
c9a8d777ba
Add kernels.googleusercontent.com zone in dns response policy ( #1940 )
...
* Add kernels.googleusercontent.com zone in dns response policy
* update fast tests
2023-12-20 11:18:11 +01:00
d95280081f
Add debug step for JWT tokens
2023-12-20 09:26:55 +01:00
b6e0557bbb
Simplify organization tags.tf locals ( #1932 )
...
* Simplify organization tags.tf locals
* Fix boilerplate
* Override github provider version for tests
2023-12-18 16:09:22 +00:00
bba814c091
Custom role factories for organization and project modules ( #1912 )
...
* backport custom role factories
* backport from fast ci/cd branch
* indent
* tfdoc
* fix module tests
2023-12-11 14:16:39 +00:00
21297f28a6
Patch Github actions ci google-github-actions/auth@v0 --> v2 ( #1900 )
...
* MInor patch auth
* Minor update auth
2023-12-04 12:16:02 +00:00
85b18cf42b
Document `fast_features` ( #1855 )
2023-11-20 21:41:06 +00:00
ad14b317ab
tfdoc
2023-11-16 11:45:27 +00:00
35f75e5a26
Add missing KMS attribute in FAST stage
2023-11-16 11:43:35 +00:00
de0325b3a3
Avoid map-related casting errors in project factory ( #1836 )
...
* try to repro pf example error
* repro
* repro
* pf fix
* remove extra file
* FAST stage
2023-11-02 08:24:50 +01:00
8d06afcdb8
Updating wording
2023-10-31 14:35:27 +00:00
cf55638f40
FAST: rename VPC-related files to `net-*` ( #1818 )
2023-10-27 08:23:08 +00:00
4decc641bb
Stop wrapping yamldecode with try() ( #1812 )
2023-10-25 16:16:05 +02:00
Ludovico Magnocavallo
Julio Castillo
simonebruzzechesse
Wiktor Niesiobędzki
lcaggio
ibrahimparvez2
alealr
Simone Ruffilli