9d6e61428b
(WIP) Read-only service accounts for automation and CI/CD ( #1899 )
...
* add design doc for the new CI/CD sa
* describe the actual implementation
* specify which files will need to be changed
* Update 0-cicd-plan-sa.md
* Update 0-cicd-plan-sa.md
* Update 0-cicd-plan-sa.md
* Update 0-cicd-plan-sa.md
* Update 0-cicd-plan-sa.md
* Update 0-cicd-plan-sa.md
* Update 0-cicd-plan-sa.md
* Fix typo
* stage 0 read-only service accounts
* stage 0 IAM map
* linting
* cicd read-only service accounts
* tweak workflow templates
* roles and github workflow fixes
* tfdoc
* Ad-hoc custom role factory for FAST bootstrap
* use factory variable for custom roles data path
* custom roles factory in org/project modules
* tfdoc
* rename custom roles factory variable, fix gitlab template
* gitlab workflow fixes
* fix merge
* output plan results on failed assertion
* update stage 0 expected values
* data platform branch
* gke
* networking
* security
* project factory
* outputs
* workflow templates
* resman apply fixes
* tfdoc
* fix stage 1 test fixture
* fix gh workflow
* read-only resman sa roles
* fix test
* read-only resman sa roles
* read-only resman sa roles
* read-only resman sa roles
* read-only resman sa roles
* fix test variables
* rename wif principal attribute names
* rename wif principal variables
* multitenant stages
---------
Co-authored-by: Wiktor Niesiobędzki <wiktorn@google.com>
Co-authored-by: Julio Castillo <jccb@google.com>
2023-12-27 11:33:16 +00:00
a2263da1f3
fix GitHub CI/CD provider ( #1945 )
2023-12-21 17:10:50 +00:00
e592996ba0
Revert "Add debug step for JWT tokens" ( #1943 )
...
This reverts commit d95280081f
2023-12-21 14:50:27 +01:00
c9a8d777ba
Add kernels.googleusercontent.com zone in dns response policy ( #1940 )
...
* Add kernels.googleusercontent.com zone in dns response policy
* update fast tests
2023-12-20 11:18:11 +01:00
d95280081f
Add debug step for JWT tokens
2023-12-20 09:26:55 +01:00
b6e0557bbb
Simplify organization tags.tf locals ( #1932 )
...
* Simplify organization tags.tf locals
* Fix boilerplate
* Override github provider version for tests
2023-12-18 16:09:22 +00:00
bba814c091
Custom role factories for organization and project modules ( #1912 )
...
* backport custom role factories
* backport from fast ci/cd branch
* indent
* tfdoc
* fix module tests
2023-12-11 14:16:39 +00:00
21297f28a6
Patch Github actions ci google-github-actions/auth@v0 --> v2 ( #1900 )
...
* MInor patch auth
* Minor update auth
2023-12-04 12:16:02 +00:00
85b18cf42b
Document `fast_features` ( #1855 )
2023-11-20 21:41:06 +00:00
ad14b317ab
tfdoc
2023-11-16 11:45:27 +00:00
35f75e5a26
Add missing KMS attribute in FAST stage
2023-11-16 11:43:35 +00:00
de0325b3a3
Avoid map-related casting errors in project factory ( #1836 )
...
* try to repro pf example error
* repro
* repro
* pf fix
* remove extra file
* FAST stage
2023-11-02 08:24:50 +01:00
8d06afcdb8
Updating wording
2023-10-31 14:35:27 +00:00
cf55638f40
FAST: rename VPC-related files to `net-*` ( #1818 )
2023-10-27 08:23:08 +00:00
4decc641bb
Stop wrapping yamldecode with try() ( #1812 )
2023-10-25 16:16:05 +02:00
b015380028
Fix allow-nat-ranges priority
2023-10-25 14:05:15 +02:00
a3290f2204
FAST: Add access transparency logs to the default sinks ( #1810 )
...
* Adds access transparency logs to the default sinks
2023-10-24 20:09:00 +00:00
1836c68990
Hierarchical rules update ( #1809 )
2023-10-24 19:46:04 +00:00
1378214af5
FAST: removed references to kms_defaults ( #1811 )
2023-10-24 21:18:08 +02:00
4647b07665
less verbose project factory stage outputs ( #1802 )
2023-10-24 09:03:35 +02:00
a93f08e833
improve usage of optionals in FAST stage 2 VPN variables ( #1797 )
2023-10-23 15:23:30 +02:00
4690bf206a
Update README.md
2023-10-21 18:59:17 +02:00
3e16c6a959
FAST: adds support to uploading a wif provider pubkey ( #1788 )
2023-10-21 16:52:19 +00:00
6d89b88149
versions.tf maintenance + copyright notice bump ( #1782 )
...
* Bump copyright notice to 2023
* Delete versions.tf on blueprints
* Pin provider to major version 5
* Remove comment
* Fix lint
* fix bq-ml blueprint readme
---------
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
Co-authored-by: Julio Castillo <jccb@google.com>
2023-10-20 18:17:47 +02:00
e0d84fb10b
add sink for workspace logs ( #1780 )
2023-10-19 14:51:01 +00:00
77a4696aa6
Add gcp org policy constraints file to bootstrap stage ( #1775 )
...
* add gcp org policy constraints file to bootstrap
* make the org policy factories more resilient
2023-10-18 18:21:16 +00:00
b0c552cff5
Update IAM.md
2023-10-18 19:59:07 +02:00
e34cb20dc6
Update IAM.md
2023-10-18 19:58:18 +02:00
f4c8786677
Update IAM.md
2023-10-18 19:57:46 +02:00
94ae8634fc
Update IAM.md
2023-10-18 19:57:03 +02:00
e41cc4ec36
Update IAM.md
2023-10-18 19:56:40 +02:00
6252198961
Update IAM.md
2023-10-18 19:56:20 +02:00
e7e188818a
Add service usage consumer role to IaC SAs, refactor delegated grants in FAST ( #1773 )
...
* add serviceusage role to iac sas, refactor delegated grants
* fix test
* tfdoc
2023-10-18 12:18:31 +00:00
6c48512f7e
[ #1764 ] net-lb-int: add support for dual stack and multiple forwarding rules
2023-10-17 09:30:34 +00:00
6fd58e33c9
Add support for psa peered domains to fast stages ( #1760 )
...
* add support for psa peered domains
* tfdoc
2023-10-16 06:57:18 +00:00
28e19ab180
Minor edits to FAST network stage READMEs ( #1759 )
...
* PSA section
* VPC description, ranges
2023-10-15 16:14:48 +00:00
252127bde5
Billing account module ( #1743 )
...
* initial untested draft
* readme and tests
* folder module tfdoc
* remove redundant billing cost manager role in fast stage 0
* fix FAST test
2023-10-15 15:02:50 +00:00
2afdc5a8e1
Update COMPANION.md
2023-10-08 08:47:35 +02:00
dfc5023e0b
Make deletion protection consistent across all modules ( #1735 )
...
* Expose deletion_protection in GKE modules
* Make deletion protection consistent across all modules
* Add deletion_protection option to blueprints
* Fix blueprints tests
* Fix types
* Update READMEs
* Fix dp readme
* Fix cmek blueprint default deletion_protection
* Fix blueprints tests
2023-10-05 17:31:07 +02:00
81c6959617
Update to lint.sh and wording to some tf
...
fast/stages-multitenant/0-bootstrap-tenant/identity-providers.tf
fast/stages/0-bootstrap/identity-providers.tf
tools/lint.sh
2023-10-05 00:17:20 -04:00
8c4cd8548c
Update README.md
2023-10-04 14:04:04 -04:00
6889f02954
Fix data platform roles ( #1725 )
...
* Fix Data Platform roles
* Fix README
* Fix blueprint tests
* Update cleanup dp steps
---------
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
2023-10-04 07:31:40 +02:00
789328ff5a
Bump provider versions to v5.0.0 ( #1724 )
...
* bump provider versions to 5.0.0
* fix cloud run, logging and vpc-sc
* Fix secret manager
* fix gke nodepool
* fix gke multitenant stage and blueprint
* Moving alloydb module to experimental.
* Add project to bare resources in examples
* tfdoc
* fix svpc blueprint test
* Revert "fix svpc blueprint test"
This reverts commit 14f02659098070136e64ead600580dd52c23c339.
* Fix GKE peering project
* Disable tests in alloydb module
* Bring back secret ids in secret manager tests
* Remove duplicate key
* last push
---------
Co-authored-by: Julio Castillo <jccb@google.com>
2023-10-03 12:15:36 +00:00
2ee8f57769
FAST: add example of custom org policy condition to bootstrap README ( #1718 )
...
* add oslogin constraint condition example to bootstrap
* add oslogin constraint condition example to bootstrap
* add oslogin constraint condition example to bootstrap
2023-09-30 10:22:56 +02:00
9082bbcc48
Fix indentation in FAST hierarchical firewall rules ( #1715 )
...
Fixes #1712
2023-09-29 13:37:41 +00:00
e4a25d7c99
Fix tenant folder tag ( #1711 )
2023-09-28 23:48:14 +02:00
b2d27b5f12
Update bootstrap and destroy roles
2023-09-28 11:41:56 +02:00
30772d921c
Update README.md
2023-09-28 10:59:54 +02:00
fcc1aa87c4
fix latest commit
2023-09-28 10:58:31 +02:00
76b4605326
add missing roles for initial bootstrap
2023-09-28 10:57:46 +02:00
Ludovico Magnocavallo
simonebruzzechesse
Wiktor Niesiobędzki
Julio Castillo
ibrahimparvez2
alealr
Simone Ruffilli
Simone Ruffilli
Luca Prete
Alejandro Leal
lcaggio