Alex Ostapenko
7861ea74b8
fixed permissions for security stage SA ( #1376 )
...
it should be able to use automation project
as a quota project, hence it needs `serviceusage.serviceUsageConsumer`
role
2023-05-15 10:20:33 +00:00
Julio Castillo
016a4e08ae
fix fast tftest directives
2023-04-21 17:51:20 +02:00
Ludovico Magnocavallo
5fb17cb3ac
Widen scope for prod project factory SA to dev ( #1263 )
...
* restrict storage role on outputs bucket for stage SAs
* grant prod project factory SA authority over prod and dev org policies
* network stages delegated grants on dev to prod pf SA
* security grants to prod pf SA on dev
* tfdoc
* tests
2023-03-17 16:24:55 +00:00
Ludovico Magnocavallo
2794cb6f24
Fix #1139 ( #1249 )
2023-03-15 11:43:43 +01:00
Natalia Strelkova
fe7725e7d0
formatting
2023-03-14 14:48:04 +00:00
Natalia Strelkova
8bf3e11f34
location and storage class added to GKE GCS buckets
2023-03-14 15:43:55 +01:00
Ludovico Magnocavallo
96e829bdf3
Billing exclusion support for FAST mt resman ( #1209 )
...
* fix files resource parsing in tfdoc
* fix tfdoc generated output
* billing exclusion support in mt bootstrap
2023-03-03 16:23:36 +00:00
Ludovico Magnocavallo
2217abe5f0
Allow preventing creation of billing IAM roles in FAST, add instructions on delayed billing association ( #1207 )
...
* stage 0
* resman and networking stages
* tfdoc
* security stage
2023-03-03 09:24:41 +01:00
Julio Castillo
a5e905cb80
Update remaining org policies
2023-02-21 15:49:16 +01:00
Julio Castillo
d3bcf625f9
Update yaml org policies
2023-02-21 15:49:16 +01:00
Ludovico Magnocavallo
36a7347744
FAST stage docs cleanup ( #1145 )
...
* top-level and stage 0
* stage 1
* net peering
* networking
* networking
* security
* gke, dp
* checks
2023-02-15 05:42:14 +00:00
Ludovico Magnocavallo
2471e25c2c
post PR message on init or validate failure ( #1135 )
2023-02-07 10:04:03 +01:00
Ludovico Magnocavallo
9b8de3e415
fix stage links, fix stage 1 output file names ( #1134 )
2023-02-06 20:51:26 +01:00
Ludovico Magnocavallo
5453c585e0
FAST multitenant bootstrap and resource management, rename org-level FAST stages ( #1052 )
...
* rename stages
* remove support for external org billing, rename output files
* resman: make groups optional, align on new billing account variable
* bootstrap: multitenant outputs
* tenant bootstrap stage, untested
* fix folder name
* fix stage 0 output names
* optional creation for tag keys in organization module
* single tenant bootstrap minus tag
* rename output files, add tenant tag key
* fix organization module tag values output
* test skipping creation for tags in organization module
* single tenant bootstrap plan working
* multitenant bootstrap
* tfdoc
* fix check links error messages
* fix links
* tfdoc
* fix links
* rename fast tests, fix bootstrap tests
* multitenant stages have their own folder, simplify stage numbering
* stage renumbering
* wip
* rename tests
* exclude fast providers in fixture
* stage 0 tests
* stage 1 tests
* network stages tests
* stage tests
* tfdoc
* fix links
* tfdoc
* multitenant tests
* remove local files
* stage links command
* fix links script, TODO
* wip
* wip single tenant bootstrap
* working tenant bootstrap
* update gitignore
* remove local files
* tfdoc
* remove local files
* allow tests for tenant bootstrap stage
* tenant bootstrap proxies stage 1 tfvars
* stage 2 and 3 service accounts and IAM in tenant bootstrap
* wip
* wip
* wip
* drop multitenant bootstrap
* tfdoc
* add missing stage 2 SAs, fix org-level IAM condition
* wip
* wip
* optional tag value creation in organization module
* stage 1 working
* linting
* linting
* READMEs
* wip
* Make stage-links script work in old macos bash
* stage links command help
* fix output file names
* diagrams
* fix svg
* stage 0 skeleton and diagram
* test svg
* test svg
* test diagram
* diagram
* readme
* fix stage links script
* stage 0 readme
* README changes
* stage readmes
* fix outputs order
* fix link
* fix tests
* stage 1 test
* skip stage example
* boilerplate
* fix tftest skip
* default bootstrap stage log sinks to log buckets
* add logging to tenant bootstrap
* move iam variables out of tenant config
* fix cicd, reintroduce missing variable
* use optional in stage 1 cicd variable
* rename extras stage
* rename and move identity providers local, use optional for cicd variable
* tfdoc
* add support for wif pool and providers, ci/cd
* tfdoc
* fix links
* better handling of modules repository
* add missing role on logging project
* fix cicd pools in locals, test cicd
* fix workflow extension
* fix module source replacement
* allow tenant bootstrap cicd sa to impersonate resman sa
* tenant workflow templates fix for no providers file
* fix output files, push github workflow template to new repository
* remove try from outpout files
* align stage 1 cicd internals to stage 0
* tfdoc
* tests
* fix tests
* tests
* improve variable descriptions
* use optional in fast features
* actually create tenant log sinks, and allow the resman sa to do it
* test
* tests
* aaaand tests again
* fast features tenant override
* fast features tenant override
* fix wording
* add missing comment
* configure pf service accounts
* add missing comment
* tfdoc
* tests
* IAM docs
* update copyright
---------
Co-authored-by: Julio Castillo <jccb@google.com>
2023-02-04 15:00:45 +01:00