Ludovico Magnocavallo
725f7effce
Initial MVP for CI/CD ( #608 )
...
* preliminary support for wif in stage 0
* IAM wif role
* IAM wif role TODO
* add support for external SA IAM to SA module
* add name output to SA module
* separate cicd SA
* tfdoc
* GITLAB principal (untested)
* make GCS name output static
* outputs bucket
* fix stage 1 test
* tweak outputs
* tfdoc
* move wif_pool to automation variable
* add support for top-level and repository providers
* add missing boilerplate
* fix branchless principal
* initial workflow
* symlink provider template in stages
* remove service accounts from stage 0 cicd tfvars
* add cicd interface variable to resman stage
* fix cicd variable in resman stage
* better condition on outputs_location
* fix last change
* change outputs_location type
* revert outputs_location change
* split outputs in stage 0
* update ci/cd temporary notes
* rename additive IAM resource in SA module
* split outputs in stage 1
* remove unused locals
* fix stage 1 tests
* tfdoc
* Upload action files to outputs_bucket
* Fix tests and README
* rename template, streamline outputs
* local templates and gcs output for all stage 2
* add workflows to local output files
* Use lowercase WIF providers everywhere
* Bring back suffix for workflow files
* Remove unused files
* Update READMEs
* preliminary CI/CD implementation for stage 1
* fix stage 1
* stage 1 cicd
* tfdoc
* fix tests
* readme and links for cicd and wif
* refactor wif providers
* refactor cicd for stage 1
* fix stage 1
* wif org policies
* split identity provider configuration from cicd
* add type attribute to cicd repositories
* valid cicd repositories have a workflow template
* refactor stage 01
* fix stage 01 tests
* minimal CI/CD documentation
* better check_links error reporting
* fix links
* Added Gitlab specific configurations
Set the default issuer_uri for Gitlab. Added allowed audiences to OIDC configuration.
* Fixed TF formatting in identity providers.
* Changing identity provider audience to null
Changing identity provider audience to default to null.
* add instructions for renaming workflows
* address Julio's comments
Co-authored-by: Julio Castillo <jccb@google.com>
Co-authored-by: alexmeissner <alexmeissner@google.com>
2022-04-12 08:17:27 +02:00
Simone Ruffilli
ee25965c89
Copyright bump ( #410 )
2022-01-01 15:52:31 +01:00
Aleksandr Averbukh
205975ff39
SA key uploading and credentials json generation with terraform.
2021-12-06 17:02:56 +01:00
Julio Castillo
1d13e3e624
Add more validations to linter
...
- Ensure all variables and outputs are sorted
- Ensure all variables and outputs have a description
- Add data-solutions/data-platform-foundations to linter
Fix all modules to follow these new conventions.
2021-10-08 18:26:04 +02:00
Julio Castillo
75418bbbd0
Compute service account email statically
...
Generate the service account output statically based on the service
account name and parent project. This allows, among other things, to use
service accounts as map keys (e.g. to be used in the `iam` argument in
other modules).
2021-08-10 10:50:44 +02:00
Julio Castillo
875b786171
Optional create for service accounts
2021-05-06 12:07:39 +02:00
Julio Castillo
1e11c670f5
Update copyright to 2021
2021-02-15 09:38:10 +01:00
Julio Castillo
13ed799a8b
Update service account module to Terraform 0.13
2020-10-20 22:36:03 +02:00