zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
5,209 Commits 3 Branches 352 Tags 54 MiB
Commit Graph

5209 Commits

Author SHA1 Message Date
Stefano Tribioli a4def10c19 Add PNA support to Service Directory module 
Endpoints in Service Directory can be *associated* with a
VPC. In this case, they can be used by supported Google
Cloud products to send requests directly to resources inside
a VPC. This feature is called Private Network Access.

The `google_service_directory_endpoint` resource supports
this configuration with a new argument `network`.
Unfortunately, this argument has an unusual format: it
is similar to a standard VPC ID, but instead of the project ID,
it expects the project number.
 2024-01-05 15:05:32 +00:00
Julio Castillo c13a192755
Use zones b and c for MIG fixture (#1961) 2024-01-05 15:02:12 +00:00
Julio Castillo cc079e3a32
net-lb-app-ext example fixes (#1959) 
* Fix typos

* Small fixes net-lb-app-ext examples
 2024-01-05 13:38:30 +00:00
Andy Bubune Amewuda 3edacd0aba Add e2e test for net_lb_app_ext module 2024-01-05 10:02:23 +01:00
Jason Steenblik 22e9e9e950
Support CMEK encryption on Bigtable instances. (#1956) 2024-01-05 09:29:36 +01:00
Wiktor Niesiobędzki 29b615e20d
Add version check to tools/lint.sh (#1955) 2023-12-30 09:09:10 +01:00
Wiktor Niesiobędzki 6c258e6562 Fix description 2023-12-29 12:09:16 +01:00
Wiktor Niesiobędzki 1eea077460 Add service account email to outputs to manage its permissions 2023-12-29 12:09:16 +01:00
Wiktor Niesiobędzki 724dfda09c Provider doesn't set defaults on config 
Can't provide just one size (like `web_server` or `triggerrer`) because
of no defaults are taken:
module.composer.google_composer_environment.env: Modifying... [id=***]
╷
│ Error: googleapi: Error 400: Found 6 problems:
│       1) You have to specify Scheduler CPUs not lower than 0.5.
│       2) You have to specify number of schedulers larger than 0.
│       3) You have to specify Web Server CPUs not lower than 0.5.
│       4) You have to specify Worker CPUs not lower than 0.5.
│       5) You have to specify minimum number of workers larger than 0.
│       6) Triggerer memory must be between 1.00GB and 6.50GB for given vCpu

So provide the defaults as set workloads_config == null
 2023-12-29 12:09:16 +01:00
Julio Diez aacd658c1b
Merge branch 'master' into jd/serverless-program 2023-12-29 11:15:09 +01:00
Julio Diez 6bad85d758 Update related serverless READMEs 2023-12-29 11:14:16 +01:00
Julio Castillo fde7b76036
Allow per-module terraform fixtures (#1914) 
* Allow terraform fixtures for examples

* Allow defining multiple fixtures, and named fixtures under tests/fixtures/

* Enable e2e for wiktorn

* Fix prepare_files call for e2e

* Move fixture to separate file, fix test

* Revert shallow-copying symlinks, performane penalty - 20%

* Update tfdoc.py to list used fixtures

---------

Co-authored-by: Wiktor Niesiobędzki <wiktorn@google.com>
 2023-12-29 09:43:44 +00:00
Julio Diez 3685eb8493 Fix tftest values 2023-12-28 20:30:10 +01:00
Julio Diez 0e6174b08b
Merge branch 'master' into jd/serverless-program 2023-12-28 20:14:26 +01:00
Julio Diez bae9845f4b Update README 2023-12-28 20:06:11 +01:00
Julio Diez 2e500c69a7 Avoid permadiff in launch_stage 2023-12-28 17:57:15 +01:00
Julio Diez 2ca24d320e Use of new module cloud-run-v2 2023-12-28 17:30:41 +01:00
andybubu 2ad109ae23
Fix variable region (#1953) 
This PR changes variable region's default value in example tests to real region value.

Some of the modules parse the region name to decide whether to create regional or zonal resources.
 2023-12-28 15:04:15 +01:00
Ludovico Magnocavallo 9d6e61428b
(WIP) Read-only service accounts for automation and CI/CD (#1899) 
* add design doc for the new CI/CD sa

* describe the actual implementation

* specify which files will need to be changed

* Update 0-cicd-plan-sa.md

* Update 0-cicd-plan-sa.md

* Update 0-cicd-plan-sa.md

* Update 0-cicd-plan-sa.md

* Update 0-cicd-plan-sa.md

* Update 0-cicd-plan-sa.md

* Update 0-cicd-plan-sa.md

* Fix typo

* stage 0 read-only service accounts

* stage 0 IAM map

* linting

* cicd read-only service accounts

* tweak workflow templates

* roles and github workflow fixes

* tfdoc

* Ad-hoc custom role factory for FAST bootstrap

* use factory variable for custom roles data path

* custom roles factory in org/project modules

* tfdoc

* rename custom roles factory variable, fix gitlab template

* gitlab workflow fixes

* fix merge

* output plan results on failed assertion

* update stage 0 expected values

* data platform branch

* gke

* networking

* security

* project factory

* outputs

* workflow templates

* resman apply fixes

* tfdoc

* fix stage 1 test fixture

* fix gh workflow

* read-only resman sa roles

* fix test

* read-only resman sa roles

* read-only resman sa roles

* read-only resman sa roles

* read-only resman sa roles

* fix test variables

* rename wif principal attribute names

* rename wif principal variables

* multitenant stages

---------

Co-authored-by: Wiktor Niesiobędzki <wiktorn@google.com>
Co-authored-by: Julio Castillo <jccb@google.com>
 2023-12-27 11:33:16 +00:00
Julio Diez 8889c18690
Merge branch 'master' into jd/serverless-program 2023-12-27 12:31:09 +01:00
Wiktor Niesiobędzki 70a94eda46 Add version check 2023-12-27 08:40:23 +01:00
Julio Diez 34cd9d4228
Merge pull request #1902 from GoogleCloudPlatform/1849-implement-cloud-run-module-version-2 
First version of Cloud Run module v2
 2023-12-26 19:19:16 +01:00
Julio Diez cadac6b77d
Merge branch 'master' into 1849-implement-cloud-run-module-version-2 2023-12-26 12:11:03 +01:00
Julio Diez 597722f85d
Merge pull request #1949 from GoogleCloudPlatform/juliodiez-patch-1 
Update REFERENCES.md
 2023-12-26 11:57:14 +01:00
Julio Diez 9a7c600b6f
Merge branch 'master' into 1849-implement-cloud-run-module-version-2 2023-12-26 11:52:42 +01:00
Julio Diez 81814c3e4e Links to the new module in READMEs 2023-12-26 11:52:13 +01:00
Julio Diez 55901b3225
Merge branch 'master' into juliodiez-patch-1 2023-12-26 11:43:45 +01:00
Wiktor Niesiobędzki a5ce58ea22 tfdoc 2023-12-25 08:42:22 +00:00
Wiktor Niesiobędzki a2a767a027 Doc fixes 2023-12-25 08:39:52 +00:00
dibaskar-google 969111f0cf
dns e2e tests (#1944) 2023-12-23 10:29:32 +00:00
Julio Diez b03c53e194
Update REFERENCES.md 
Add reference to CFF blueprints through official Google Cloud documentation
 2023-12-22 16:23:24 +01:00
Julio Diez 3b7724053b
Merge branch 'master' into 1849-implement-cloud-run-module-version-2 2023-12-22 11:45:56 +01:00
Luca Prete 44b1115b9f
Fix GCVE network policy (#1948) 
Co-authored-by: Luca Prete <lucaprete@google.com>
 2023-12-22 10:29:43 +00:00
Luca Prete 06b2a97291
GCVE: add network policy configuration 2023-12-22 10:02:12 +00:00
Julio Diez fd451c3451 Align with default versions file 2023-12-22 11:01:41 +01:00
Julio Diez f784f47528
Merge branch 'master' into 1849-implement-cloud-run-module-version-2 2023-12-21 22:11:20 +01:00
Julio Diez d08541159d Update README 2023-12-21 22:09:47 +01:00
Luca Prete df5c02aa1e
Minor fix to GCVE module readme (#1946) 
Co-authored-by: Luca Prete <lucaprete@google.com>
Co-authored-by: Simone Ruffilli <sruffilli@google.com>
 2023-12-21 18:29:30 +01:00
Ludovico Magnocavallo a2263da1f3
fix GitHub CI/CD provider (#1945) 2023-12-21 17:10:50 +00:00
Simone Ruffilli 87548f9739
Networking Sandbox Blueprint (#1939) 
This blueprint creates a networking playground showing a number of different VPC connectivity options:

Hub and spoke via HA VPN
Hub and spoke via VPC peering
Interconnecting two networks via a network virtual appliance (aka NVA)
On top of that, this blueprint implements Policy Based Routing (aka PBR) to show how to force all traffic within a VPC to be funneled through an internal network passthrough load balancer, to implement an Intrusion Prevention System (IPS). PBR is enabled in the hub VPC, matching all traffic originating from within that VPC.
 2023-12-21 17:50:38 +01:00
simonebruzzechesse 717f7ecad1
Blueprints naming convention update (#1942) 
* update network-dashboard and quota-monitoring naming convention
 2023-12-21 17:02:25 +01:00
Ludovico Magnocavallo e592996ba0
Revert "Add debug step for JWT tokens" (#1943) 
This reverts commit d95280081f.
 2023-12-21 14:50:27 +01:00
Luca Prete c4123044b7
Use new resources in GCVE module, bump up provider versions (#1941) 2023-12-21 13:23:38 +00:00
Wiktor Niesiobędzki 110fd798a7
Fix always succeding test (#1937) 
Co-authored-by: Julio Castillo <jccb@google.com>
 2023-12-21 11:01:08 +00:00
Julio Diez a04f59852f
Merge branch 'master' into 1849-implement-cloud-run-module-version-2 2023-12-20 18:17:15 +01:00
simonebruzzechesse c9a8d777ba
Add kernels.googleusercontent.com zone in dns response policy (#1940) 
* Add kernels.googleusercontent.com zone in dns response policy
* update fast tests
 2023-12-20 11:18:11 +01:00
Wiktor Niesiobędzki d95280081f Add debug step for JWT tokens 2023-12-20 09:26:55 +01:00
Ludo a82d1e8122
update changelog 2023-12-20 09:05:05 +01:00
Simone Ruffilli 0255c80e90
Move squid to __need_fixing (#1936) 
* Moved `modules/cloud-config-container/squid` to __need_fixing
* Moved `blueprints/networking/filtering-proxy{,-psc}` to __need_fixing
 2023-12-19 14:27:37 +00:00
Wiktor Niesiobędzki 0d486fb34e E2E tests fixes 2023-12-19 11:01:03 +01:00