7a91a7e41c
Add default googleapi route creation to net-vpc
2023-05-26 10:55:35 +02:00
4aa99ea829
allow setting identities in egress policies ( #1394 )
2023-05-24 12:05:16 +02:00
00cac9148a
fix(stages): only add sandbox SA when `sandbox` feature is enabled ( #1391 )
...
If you have the `project_factory` feature enabled, but not the `sandbox` feature (as it's not a requirement on your org), when doing a `terraform apply` on `1-resman` it raises this errors as it's expecting the wrong feature when creating the sandbox SA
```
│ Error: Invalid index
│
│ on branch-sandbox.tf line 68, in resource "google_organization_iam_member" "org_policy_admin_sandbox":
│ 68: member = module.branch-sandbox-sa.0.iam_email
│ ├────────────────
│ │ module.branch-sandbox-sa is empty tuple
│
│ The given key does not identify an element in this collection value: the collection has no elements.
```
2023-05-24 05:17:35 +00:00
e0911c6291
Add conditional org admin role to sandbox SA ( #1385 )
...
* add org admin conditional role to sandbox SA
* tfdoc
2023-05-21 10:48:41 +02:00
d2f0b17ec4
Allows groups from other orgs/domains ( #1383 )
...
* Allows groups from other orgs
2023-05-17 11:07:47 +02:00
0ad21351c0
Merge branch 'master' into master
2023-05-15 14:25:42 -04:00
c4ec4868c2
Merge branch 'master' into fast-home-path-fix
2023-05-15 13:16:55 +02:00
f5b10fa3da
Fixed home path
2023-05-15 12:55:43 +02:00
7861ea74b8
fixed permissions for security stage SA ( #1376 )
...
it should be able to use automation project
as a quota project, hence it needs `serviceusage.serviceUsageConsumer`
role
2023-05-15 10:20:33 +00:00
87cd83f5c0
Several updates
...
Several updates
2023-05-13 23:51:46 -04:00
ac349332c4
fix routes priority typo
2023-05-09 21:28:56 +10:00
491b52f023
update variables files for gke nodepool taints ( #1358 )
...
* update variables files for gke node config taints to allow passing of node objects
* forgot to run terraform fmt..
* update module docs
2023-05-05 19:42:00 +02:00
efb0ebe689
Switch FAST networking stages to network policies for Google domains ( #1352 )
...
* peering stage implementation
* vpn stage implementation
* tfdoc
* tests
* add most supported google domains
* align all net stages
* add support for factory to DNS response policy module
* use dns policy factory in network stages
* boilerplate
2023-05-04 07:38:40 +02:00
75cc2f3d7a
FAST: shorten stage 3 prefixes, enforce prefix length in stage 3s ( #1346 )
...
* shorten stage 3 prefixes, enforce prefix length in stage 3s
* tfdoc
* tfdoc
2023-05-03 07:39:41 +02:00
6f06ca5781
Fix readmes
2023-04-27 12:46:52 +02:00
016a4e08ae
fix fast tftest directives
2023-04-21 17:51:20 +02:00
56261101c3
Allow longer org pfx plus tenant pfx ( #1318 )
...
Thanks!!!
2023-04-12 01:36:37 +02:00
6917343a33
Fixed type in readme for FAST stages
2023-04-08 19:35:21 +01:00
a9cba47ce8
Add FAST stage 2-networking-e-nva-bgp (NVA+NCC)
...
Co-authored-by: Luca Prete <lucaprete@google.com>
Co-authored-by: Simone Bruzzechesse <bruzzechesse@google.com>
Co-authored-by: Simone Ruffilli <sruffilli@google.com>
2023-04-04 20:41:04 +02:00
11b4fee5b5
Update Provider and Terraform variables section ( #1284 )
...
Updating readme so that the provider and terraform variables section is identical to the documentation in the other stages.
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
2023-03-28 14:18:44 +00:00
3d41d01efc
FAST plugin system ( #1266 )
...
* plugin folder, gitignore, serverless connector example
* add support to fast plugin variables and outputs to tfdoc
* rename folder, READMEs
* add variable description
* show diffs
* check documentation, use multiple files
* debug check doc
* try a different glob
* debug tfdoc names
* more debug
* and even more debug
* fix gitignore
* fix links
* support extra files in tests
* fix fixture, switch stage 2 peering to new tests
* tfdoc
* Allow globs in extra files
---------
Co-authored-by: Julio Castillo <jccb@google.com>
2023-03-24 12:28:32 +00:00
c4c4688adc
Small fixes to FAST Networking stage with NVAs ( #1273 )
...
* fix issue with test-resources and internet connectivity from spokes
* terraform fmt
* removed reference to startup-script in README.md
2023-03-23 09:57:01 +01:00
5edc931bf9
add missing secret to spoke tunnels ( #1265 )
2023-03-17 20:52:40 +01:00
5fb17cb3ac
Widen scope for prod project factory SA to dev ( #1263 )
...
* restrict storage role on outputs bucket for stage SAs
* grant prod project factory SA authority over prod and dev org policies
* network stages delegated grants on dev to prod pf SA
* security grants to prod pf SA on dev
* tfdoc
* tests
2023-03-17 16:24:55 +00:00
367f4b6670
remove debug output
2023-03-17 15:35:18 +01:00
2794cb6f24
Fix #1139 ( #1249 )
2023-03-15 11:43:43 +01:00
fe7725e7d0
formatting
2023-03-14 14:48:04 +00:00
8bf3e11f34
location and storage class added to GKE GCS buckets
2023-03-14 15:43:55 +01:00
112d9a8d9c
Allow using existing boot disk in compute-vm module ( #1241 )
...
* allow using existing boot disk in compute-vm module
* allow setting initialize params to null
* tests
* fast
* blueprints
2023-03-12 10:53:59 +01:00
6e70b4216f
add missing attribute to FAST onprem VPN examples ( #1237 )
2023-03-10 14:58:33 +00:00
be06554bba
Simplify VPN implementation in FAST networking stages ( #1228 )
...
* peering stage
* fix link, toc
* vpn stage
* fix link
* nva stage
* fix examples and test
* separate envs stage
* tfdoc
2023-03-09 17:57:44 +01:00
38808b37c0
Manage billing.creator role authoritatively in FAST bootstrap.
...
By default new orgs grant billing.creator and
resourcemanager.projectCreator to the whole domain[1]. This PR makes
FAST remove the former binding during the bootstrap (the latter is
already managed by FAST).
Fixes #1220
[1] https://cloud.google.com/resource-manager/docs/default-access-control
2023-03-07 17:52:00 +01:00
1f8e4cf1bf
FAQ on installing Fast on a non-empty org
2023-03-07 15:45:38 +01:00
4eff309685
Update subnet sample yaml files to use subnet_secondary_ranges ( #1203 )
...
* Replaces 'secondary_ip_range:' with 'secondary_ip_ranges:' in samples
* Replaces 'secondary_ip_range:' with 'secondary_ip_ranges:' in tests/
* reverts previous commit- files in tests/ don't need to be changed
---------
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
2023-03-05 19:37:23 +01:00
8fc9549c58
add support for proxy and psc subnets to module factory ( #1211 )
2023-03-05 17:08:43 +01:00
96e829bdf3
Billing exclusion support for FAST mt resman ( #1209 )
...
* fix files resource parsing in tfdoc
* fix tfdoc generated output
* billing exclusion support in mt bootstrap
2023-03-03 16:23:36 +00:00
2217abe5f0
Allow preventing creation of billing IAM roles in FAST, add instructions on delayed billing association ( #1207 )
...
* stage 0
* resman and networking stages
* tfdoc
* security stage
2023-03-03 09:24:41 +01:00
6320c53baf
Allow multiple peer gateways in vpn ha module ( #1184 )
...
* allow multiple peer gateways in vpn ha module
* align blueprints
* fast
2023-02-27 10:18:59 +00:00
47855cb682
Merge branch 'master' into lcaggio/dp-projectcreate
2023-02-23 11:54:48 +01:00
ad0840656b
Add documentation about referring modules stored on CSR
2023-02-22 10:02:54 +01:00
ac75cbe71a
Fix lint.
2023-02-22 01:38:44 +01:00
2108b4650d
Fix Tests, rely on iam additive.
2023-02-22 01:36:01 +01:00
a5e905cb80
Update remaining org policies
2023-02-21 15:49:16 +01:00
d3bcf625f9
Update yaml org policies
2023-02-21 15:49:16 +01:00
2564c9b06a
Fix README
2023-02-20 01:17:08 +01:00
970b8ff255
Fix DP Fast variables.
2023-02-20 01:16:22 +01:00
63a81a9b9b
Fix Fast test
2023-02-20 01:12:19 +01:00
f4c1fa6c20
Fix tests.
2023-02-20 00:56:32 +01:00
36a7347744
FAST stage docs cleanup ( #1145 )
...
* top-level and stage 0
* stage 1
* net peering
* networking
* networking
* security
* gke, dp
* checks
2023-02-15 05:42:14 +00:00
742b5bab62
Fix tfvars sample for fast bootstrap stage
2023-02-14 11:29:19 +02:00
Julio Castillo
Ludovico Magnocavallo
Gustavo Valverde
Roberto Jung Drebes
Alejandro Leal
Natalia Strelkova
Alex Ostapenko
Fawzi
Jack P
Dazbo
Luca Prete
Geoff Cardamone
simonebruzzechesse
Natalia Strelkova
Justin M
lcaggio
Wiktor Niesiobędzki