Simone Ruffilli
532f1ecfc4
Merge FAST C and E network stages into a new B stage. ( #2309 )
...
Merge FAST C and E network stages into a new B stage.
2024-05-28 17:27:28 +02:00
Simone Ruffilli
11050c46cf
FAST MT: Readme updates and more prefix validation ( #2305 )
...
This change documents the process of deploying FAST on a tenant-factory bootstrapped tenant.
It also fixes changes the validation logic for prefix as follows:
- 0-bootstrap: 9 chars or less
- 1-resman/1-tenant-factory: 9 chars or less if ran at org-level, else 11
- else 11
It also uniforms across all stages the variables.tf and variables-fast.tf breakdown.
2024-05-24 12:01:55 +02:00
Simone Ruffilli
21f3b733ab
FAST: Cleanup/harmonization of Simple and NVA net stages ( #2287 )
...
Cleanup/harmonization of Simple and NVA net stages
2024-05-16 16:49:15 +03:00
Simone Ruffilli
887c7e7926
Unify VPN and Peering FAST stages ( #2284 )
...
* Unify VPN and Peering FAST stages
2024-05-16 12:18:32 +03:00
Julio Castillo
94c32c1d71
Misc FAST fixes ( #2253 )
...
* Misc FAST fixes
* Fix readme
* Fix FAST nva bgp tests
2024-05-02 06:56:26 +00:00
Julio Castillo
f22837cd47
Enable TFLint in FAST stages ( #2221 )
2024-04-18 10:06:24 +02:00
Julio Castillo
3af7e257d2
Add tflint to pipelines ( #2220 )
...
* Fix terraform_deprecated_index
https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.5.0/docs/rules/terraform_deprecated_index.md
* Fix terraform_deprecated_interpolation
Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.5.0/docs/rules/terraform_deprecated_interpolation.md
* Fix more indexing
* Remove unused variable
* Enable TFLint for modules
* Add tflint config file
* Fix chdir
* Lint modules
* TFLint fixes
* TFLint
* Fixes binauthz README
* Fixes DNS response policy tests. Restores MIG outputs.
* Fixes other DNS response policy tests.
* Update tests for fast 2-e
* Moar fixed tests
---------
Co-authored-by: Simone Ruffilli <sruffilli@google.com>
2024-04-17 10:23:48 +02:00
Ludovico Magnocavallo
9414779cc2
Allow multiple PSA service providers in net-vpc module ( #2218 )
...
* allowing multiple PSA service providers in net-vpc module
* tfdoc
* tfdoc
* Add tfvars/yaml tests
* fix module and tests
* re-enable inventory
* merge fix
* Add multiple PSA test case
* fix cloudsql example
---------
Co-authored-by: Wiktor Niesiobędzki <wiktorn@google.com>
2024-04-16 15:02:36 +00:00
Ludovico Magnocavallo
f0197c2662
align net stages exported tfvars, add psc and proxy only subnets ( #2204 )
2024-04-08 09:26:47 +02:00
Elia
b80132a618
FAST GCVE stage ( #2191 )
...
* GCVE stage prerequisites
* fix gcve prereq
* gcve stage first deploy
* Updated readme filex
* docs updated
* some fixes after testing
* updated readme files
* elia fix
* gcve net admin custom role
* gcve net admin custom role
* elia fix
* ven peering deploy
* elia fix
* added blueprint and stage tests
* Edits to Readme files
* typo in outputs
* clean-up
* gcve stage tests fix
* readme fix
* fix sorting
* fix copyrights and readme file
* fix test
* fix copyright
* fixed gcve feature flag cond.
* removed validation
* fixed typo
* fixed typo
* fixed gcve tests
* fixed typo
* fixed typo
* fixed sorting
* fixed sorting
---------
Co-authored-by: Konrad Schieban <kschieban@google.com>
2024-04-03 17:25:12 +02:00
Ludovico Magnocavallo
52b5bd00a9
stage c nva ( #2172 )
2024-03-24 12:54:29 +01:00
Ludovico Magnocavallo
3972eb6df4
Align resource names in FAST networking stages ( #2115 )
...
* stage c nva
* fix tests
* remove moved blocks from net c stage
* simplify subnet naming in stage 2 net e
* address most renames in stage 2 e
* address most renames in stage 2 e
* address most renames in stage 2 e
* complete renames in stage 2 e
* use non-regional names in subnets
* use non-regional names in subnets
* use non-regional names in subnets
2024-02-29 07:45:19 +01:00
Ludovico Magnocavallo
6941313c7d
Factories refactor ( #1843 )
...
* factories refactor doc
* Adds file schema and filesystem organization
* Update 20231106-factories.md
* move factories out of blueprints and create new factories README
* align factory in billing-account module
* align factory in dataplex-datascan module
* align factory in billing-account module
* align factory in net-firewall-policy module
* align factory in dns-response-policy module
* align factory in net-vpc-firewall module
* align factory in net-vpc module
* align factory variable names in FAST
* remove decentralized firewall blueprint
* bump terraform version
* bump module versions
* update top-level READMEs
* move project factory to modules
* fix variable names and tests
* tfdoc
* remove changelog link
* add project factory to top-level README
* fix cludrun eventarc diff
* fix README
* fix cludrun eventarc diff
---------
Co-authored-by: Simone Ruffilli <sruffilli@google.com>
2024-02-26 10:16:52 +00:00
Ludovico Magnocavallo
71a64487d5
Extend FAST to support different principal types ( #2064 )
...
* add doc draft
* typos
* typo
* typo
* typos
* rewording
* Update 0-domainless-iam.md
* Update 0-domainless-iam.md
* Update 0-domainless-iam.md
* Update 0-domainless-iam.md
* Update 0-domainless-iam.md
* Update 0-domainless-iam.md
* Update 0-domainless-iam.md
* Update 0-domainless-iam.md
* Update 0-domainless-iam.md
* Update 0-domainless-iam.md
* move iam variables to a separate file
* move billing-account module to iam_principals
* move data-catalog-policy-tag module to iam_principals
* move dataplex-datascan module to iam_principals
* move dataproc module to iam_principals
* move folder module to iam_principals
* copyright
* move organization module to iam_principals
* move project module to iam_principals
* move source-repository module to iam_principals
* update blueprints for iam_principals interface
* FAST bootstrap
* module READMEs fixes
* FAST bootstrap
* FAST networking stages
* FAST security stage
* FAST gke stage
* FAST multitenant bootstrap stage
* FAST multitenant resman stage
* tfdoc
* Update 0-domainless-iam.md
* Update 0-domainless-iam.md
* Update 0-domainless-iam.md
* Update 0-domainless-iam.md
* fix module test
* Update 0-domainless-iam.md
* Update 0-domainless-iam.md
* Rename iam_principals to iam_by_principals
* Update IAM template to include iam_by_principals
* Update Resman README
* Fix ADR link format
---------
Co-authored-by: Julio Castillo <jccb@google.com>
2024-02-12 14:35:30 +01:00
Ludovico Magnocavallo
5448ab64c4
Leverage net-vpc module for DNS logging in FAST ( #2041 )
...
* revert #2023
* leverage net vpc module for dns logging in fast
2024-02-03 08:16:00 +01:00
Julio Castillo
13636ba07b
Make Cloud NAT creation optional in FAST net stages. ( #2038 )
...
* Make Cloud NAT creation optional in FAST net stages.
Fixes #2021
* Update READMEs
2024-02-02 10:58:16 +01:00
Julio Castillo
4c68c016a9
Add DNS query logging to FAST net stages ( #2033 )
...
* Add DNS query logging to FAST net stages
Fixes #2020
* Update readmes
* Add variable to toggle DNS logging
* Extend DNS logging toggle to other net stages
2024-01-31 13:44:51 +01:00
Ludovico Magnocavallo
01c7f806ce
Selectively enable logging in FAST and firewall policy module rules ( #2032 )
...
* use logging in firewall policy module examples
* enable logging for selected hierarchical firewall rules
2024-01-31 09:50:35 +01:00
Julio Castillo
da95434308
logging for default ingress rules in FAST ( #2030 )
...
* Add default ingress deny rule with logging to FAST net stages.
Fixes #2024
* Allow firewall factory to omit rules key
* Fix tests
* Fix fast tests
* fix fast tests
2024-01-30 16:53:01 +00:00
Ludovico Magnocavallo
6d9b6403dd
add support for essential contacts to FAST ( #2010 )
2024-01-25 12:20:14 +01:00
simonebruzzechesse
c9a8d777ba
Add kernels.googleusercontent.com zone in dns response policy ( #1940 )
...
* Add kernels.googleusercontent.com zone in dns response policy
* update fast tests
2023-12-20 11:18:11 +01:00
Simone Ruffilli
cf55638f40
FAST: rename VPC-related files to `net-*` ( #1818 )
2023-10-27 08:23:08 +00:00
Simone Ruffilli
4decc641bb
Stop wrapping yamldecode with try() ( #1812 )
2023-10-25 16:16:05 +02:00
Simone Ruffilli
b015380028
Fix allow-nat-ranges priority
2023-10-25 14:05:15 +02:00
Simone Ruffilli
1836c68990
Hierarchical rules update ( #1809 )
2023-10-24 19:46:04 +00:00
Ludovico Magnocavallo
e7e188818a
Add service usage consumer role to IaC SAs, refactor delegated grants in FAST ( #1773 )
...
* add serviceusage role to iac sas, refactor delegated grants
* fix test
* tfdoc
2023-10-18 12:18:31 +00:00
Luca Prete
6c48512f7e
[ #1764 ] net-lb-int: add support for dual stack and multiple forwarding rules
2023-10-17 09:30:34 +00:00
Ludovico Magnocavallo
6fd58e33c9
Add support for psa peered domains to fast stages ( #1760 )
...
* add support for psa peered domains
* tfdoc
2023-10-16 06:57:18 +00:00
Ludovico Magnocavallo
28e19ab180
Minor edits to FAST network stage READMEs ( #1759 )
...
* PSA section
* VPC description, ranges
2023-10-15 16:14:48 +00:00
Julio Castillo
9082bbcc48
Fix indentation in FAST hierarchical firewall rules ( #1715 )
...
Fixes #1712
2023-09-29 13:37:41 +00:00
Julio Castillo
1dfa72cadf
Define and adopt standard IP ranges for FAST networking ( #1697 )
...
* Define and adopt standard IP ranges for FAST networking
This PR documents and adopts a consistent IP address plan for FAST
networking stages
Fixes #1644
* Fix documented aggregated ranges for FAST
* Fix tests
* Fix ip ranges in documentation
* Fix NVA stages README
2023-09-21 14:27:53 +00:00
Ludovico Magnocavallo
82fcd5a7d3
rename FAST globals output file ( #1695 )
2023-09-20 10:36:06 +02:00
Ludovico Magnocavallo
d3d77d17fb
fix psa routing variable in FAST net stages ( #1685 )
2023-09-16 10:31:02 +02:00
Julio Castillo
f3be29cbc9
Fix tests
2023-09-15 00:27:55 +02:00
Julio Castillo
949e98d375
Increase size of pod range for default GKE subnets in FAST
...
Related to the issues reported in #1644
2023-09-11 10:28:42 +02:00
Luca Prete
c63884d52e
Remove unused ASN numbers in CloudNAT to avoid FAST provider errors
2023-08-28 15:32:30 +00:00
Julio Castillo
b88e4c6f6e
Fix syntax error in FAST nva
2023-08-28 16:28:01 +02:00
Julio Castillo
b701d55b1f
Fix tests
2023-08-28 16:00:48 +02:00
Julio Castillo
5e9829373c
Fix FAST hfw policies
2023-08-28 16:00:48 +02:00
Luca Prete
4c64c15871
Revert "Remove unused ASN numbers from CloudNAT to avoid provider errors" ( #1626 )
...
This reverts commit 311bed8e83
.
2023-08-28 09:33:52 +02:00
Luca Prete
8ca60881f1
Fix: use existing variable to optionally name fw policies ( #1610 )
2023-08-22 08:55:56 +02:00
Alejandro Leal
ea0de3adbb
Fixing some typos
2023-08-18 05:51:00 +00:00
Ludovico Magnocavallo
79373721df
Remove firewall policy management from resource management modules ( #1581 )
...
* rename firewall policy module, fix outputs
* add TOC to firewall policy module
* don't depend policy on parent id
* remove firewall policy from resource management modules
* remove factory conditionals
* fast net a and b
* fast stages
* fast tfdoc
* fast tfdoc
* remove unused test
* fix shielded folder blueprint
* fix shielded folder blueprint
2023-08-09 11:23:07 +00:00
Luca Prete
311bed8e83
Remove unused ASN numbers from CloudNAT to avoid provider errors
2023-08-04 08:02:11 +00:00
Miren Esnaola
cacb0c02e2
Refactoring of dns module
2023-07-19 12:57:44 +02:00
Aurélien Legrand
623c886e95
Peering dashboard ( #1492 )
...
* Adding dashboard to monitor VPC and VPC peering group quotas
* Adding 1 ressource to the tests (dashboard)
* Adding dashboard and tests for other networking architecture
* Update test
2023-07-05 18:25:31 +02:00
Julio Castillo
d49a5c0fbb
Fix primary gke/dp ranges in FAST subnets
2023-06-30 19:28:21 +02:00
Arvind Ganesh
d3e4864b57
Making the changes as suggested in https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1477#issuecomment-1612846907
2023-06-29 12:24:29 -04:00
Arvind Ganesh
0b19a16593
Changing the IP ranges in all networking stages
2023-06-28 14:45:33 -04:00
Ludovico Magnocavallo
638841c8d1
Rename network load balancer modules ( #1466 )
...
* update LB modules to new names
* update LB modules names
* update test paths
2023-06-26 07:50:10 +00:00