derailed-dash
6917343a33
Fixed type in readme for FAST stages
2023-04-08 19:35:21 +01:00
Luca Prete
a9cba47ce8
Add FAST stage 2-networking-e-nva-bgp (NVA+NCC)
...
Co-authored-by: Luca Prete <lucaprete@google.com>
Co-authored-by: Simone Bruzzechesse <bruzzechesse@google.com>
Co-authored-by: Simone Ruffilli <sruffilli@google.com>
2023-04-04 20:41:04 +02:00
Geoff Cardamone
11b4fee5b5
Update Provider and Terraform variables section ( #1284 )
...
Updating readme so that the provider and terraform variables section is identical to the documentation in the other stages.
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
2023-03-28 14:18:44 +00:00
Ludovico Magnocavallo
3d41d01efc
FAST plugin system ( #1266 )
...
* plugin folder, gitignore, serverless connector example
* add support to fast plugin variables and outputs to tfdoc
* rename folder, READMEs
* add variable description
* show diffs
* check documentation, use multiple files
* debug check doc
* try a different glob
* debug tfdoc names
* more debug
* and even more debug
* fix gitignore
* fix links
* support extra files in tests
* fix fixture, switch stage 2 peering to new tests
* tfdoc
* Allow globs in extra files
---------
Co-authored-by: Julio Castillo <jccb@google.com>
2023-03-24 12:28:32 +00:00
simonebruzzechesse
c4c4688adc
Small fixes to FAST Networking stage with NVAs ( #1273 )
...
* fix issue with test-resources and internet connectivity from spokes
* terraform fmt
* removed reference to startup-script in README.md
2023-03-23 09:57:01 +01:00
Ludovico Magnocavallo
5edc931bf9
add missing secret to spoke tunnels ( #1265 )
2023-03-17 20:52:40 +01:00
Ludovico Magnocavallo
5fb17cb3ac
Widen scope for prod project factory SA to dev ( #1263 )
...
* restrict storage role on outputs bucket for stage SAs
* grant prod project factory SA authority over prod and dev org policies
* network stages delegated grants on dev to prod pf SA
* security grants to prod pf SA on dev
* tfdoc
* tests
2023-03-17 16:24:55 +00:00
Ludo
367f4b6670
remove debug output
2023-03-17 15:35:18 +01:00
Ludovico Magnocavallo
2794cb6f24
Fix #1139 ( #1249 )
2023-03-15 11:43:43 +01:00
Natalia Strelkova
fe7725e7d0
formatting
2023-03-14 14:48:04 +00:00
Natalia Strelkova
8bf3e11f34
location and storage class added to GKE GCS buckets
2023-03-14 15:43:55 +01:00
Ludovico Magnocavallo
112d9a8d9c
Allow using existing boot disk in compute-vm module ( #1241 )
...
* allow using existing boot disk in compute-vm module
* allow setting initialize params to null
* tests
* fast
* blueprints
2023-03-12 10:53:59 +01:00
Ludovico Magnocavallo
6e70b4216f
add missing attribute to FAST onprem VPN examples ( #1237 )
2023-03-10 14:58:33 +00:00
Ludovico Magnocavallo
be06554bba
Simplify VPN implementation in FAST networking stages ( #1228 )
...
* peering stage
* fix link, toc
* vpn stage
* fix link
* nva stage
* fix examples and test
* separate envs stage
* tfdoc
2023-03-09 17:57:44 +01:00
Julio Castillo
38808b37c0
Manage billing.creator role authoritatively in FAST bootstrap.
...
By default new orgs grant billing.creator and
resourcemanager.projectCreator to the whole domain[1]. This PR makes
FAST remove the former binding during the bootstrap (the latter is
already managed by FAST).
Fixes #1220
[1] https://cloud.google.com/resource-manager/docs/default-access-control
2023-03-07 17:52:00 +01:00
Natalia Strelkova
1f8e4cf1bf
FAQ on installing Fast on a non-empty org
2023-03-07 15:45:38 +01:00
Justin M
4eff309685
Update subnet sample yaml files to use subnet_secondary_ranges ( #1203 )
...
* Replaces 'secondary_ip_range:' with 'secondary_ip_ranges:' in samples
* Replaces 'secondary_ip_range:' with 'secondary_ip_ranges:' in tests/
* reverts previous commit- files in tests/ don't need to be changed
---------
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
2023-03-05 19:37:23 +01:00
Ludovico Magnocavallo
8fc9549c58
add support for proxy and psc subnets to module factory ( #1211 )
2023-03-05 17:08:43 +01:00
Ludovico Magnocavallo
96e829bdf3
Billing exclusion support for FAST mt resman ( #1209 )
...
* fix files resource parsing in tfdoc
* fix tfdoc generated output
* billing exclusion support in mt bootstrap
2023-03-03 16:23:36 +00:00
Ludovico Magnocavallo
2217abe5f0
Allow preventing creation of billing IAM roles in FAST, add instructions on delayed billing association ( #1207 )
...
* stage 0
* resman and networking stages
* tfdoc
* security stage
2023-03-03 09:24:41 +01:00
Ludovico Magnocavallo
6320c53baf
Allow multiple peer gateways in vpn ha module ( #1184 )
...
* allow multiple peer gateways in vpn ha module
* align blueprints
* fast
2023-02-27 10:18:59 +00:00
lcaggio
47855cb682
Merge branch 'master' into lcaggio/dp-projectcreate
2023-02-23 11:54:48 +01:00
Wiktor Niesiobędzki
ad0840656b
Add documentation about referring modules stored on CSR
2023-02-22 10:02:54 +01:00
lcaggio
ac75cbe71a
Fix lint.
2023-02-22 01:38:44 +01:00
lcaggio
2108b4650d
Fix Tests, rely on iam additive.
2023-02-22 01:36:01 +01:00
Julio Castillo
a5e905cb80
Update remaining org policies
2023-02-21 15:49:16 +01:00
Julio Castillo
d3bcf625f9
Update yaml org policies
2023-02-21 15:49:16 +01:00
lcaggio
2564c9b06a
Fix README
2023-02-20 01:17:08 +01:00
lcaggio
970b8ff255
Fix DP Fast variables.
2023-02-20 01:16:22 +01:00
lcaggio
63a81a9b9b
Fix Fast test
2023-02-20 01:12:19 +01:00
lcaggio
f4c1fa6c20
Fix tests.
2023-02-20 00:56:32 +01:00
Ludovico Magnocavallo
36a7347744
FAST stage docs cleanup ( #1145 )
...
* top-level and stage 0
* stage 1
* net peering
* networking
* networking
* security
* gke, dp
* checks
2023-02-15 05:42:14 +00:00
Julio Castillo
742b5bab62
Fix tfvars sample for fast bootstrap stage
2023-02-14 11:29:19 +02:00
Ludovico Magnocavallo
8708f490ce
Allow configuring regions from tfvars in FAST networking stages ( #1137 )
...
* configurable regions
* vpn, tests
* tfdoc
* separate envs
* nva
* test resources
* add new custom role for tenant network service accounts
* allow setting firewall policy name in networking stages
* fix stage links script
* set custom role to tenant networking service account
* rename tenant stage 1 provider files
* remove extra file
* fix peering and vpn
* tfdoc
* fix variable order
* tests
2023-02-08 09:59:43 +01:00
simonebruzzechesse
779c635682
Merged old bgp_peer_config parameter into bgp_peer aligning with newer version of tunnels variable available in the net-vpn-ha module ( #1133 )
...
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
2023-02-07 22:58:28 +00:00
Ludovico Magnocavallo
2471e25c2c
post PR message on init or validate failure ( #1135 )
2023-02-07 10:04:03 +01:00
Ludovico Magnocavallo
9b8de3e415
fix stage links, fix stage 1 output file names ( #1134 )
2023-02-06 20:51:26 +01:00
Natalia Strelkova
803c9c3163
Merge branch 'master' into fast-networking-nva-no-peering-files
2023-02-04 16:12:35 +01:00
Ludovico Magnocavallo
5453c585e0
FAST multitenant bootstrap and resource management, rename org-level FAST stages ( #1052 )
...
* rename stages
* remove support for external org billing, rename output files
* resman: make groups optional, align on new billing account variable
* bootstrap: multitenant outputs
* tenant bootstrap stage, untested
* fix folder name
* fix stage 0 output names
* optional creation for tag keys in organization module
* single tenant bootstrap minus tag
* rename output files, add tenant tag key
* fix organization module tag values output
* test skipping creation for tags in organization module
* single tenant bootstrap plan working
* multitenant bootstrap
* tfdoc
* fix check links error messages
* fix links
* tfdoc
* fix links
* rename fast tests, fix bootstrap tests
* multitenant stages have their own folder, simplify stage numbering
* stage renumbering
* wip
* rename tests
* exclude fast providers in fixture
* stage 0 tests
* stage 1 tests
* network stages tests
* stage tests
* tfdoc
* fix links
* tfdoc
* multitenant tests
* remove local files
* stage links command
* fix links script, TODO
* wip
* wip single tenant bootstrap
* working tenant bootstrap
* update gitignore
* remove local files
* tfdoc
* remove local files
* allow tests for tenant bootstrap stage
* tenant bootstrap proxies stage 1 tfvars
* stage 2 and 3 service accounts and IAM in tenant bootstrap
* wip
* wip
* wip
* drop multitenant bootstrap
* tfdoc
* add missing stage 2 SAs, fix org-level IAM condition
* wip
* wip
* optional tag value creation in organization module
* stage 1 working
* linting
* linting
* READMEs
* wip
* Make stage-links script work in old macos bash
* stage links command help
* fix output file names
* diagrams
* fix svg
* stage 0 skeleton and diagram
* test svg
* test svg
* test diagram
* diagram
* readme
* fix stage links script
* stage 0 readme
* README changes
* stage readmes
* fix outputs order
* fix link
* fix tests
* stage 1 test
* skip stage example
* boilerplate
* fix tftest skip
* default bootstrap stage log sinks to log buckets
* add logging to tenant bootstrap
* move iam variables out of tenant config
* fix cicd, reintroduce missing variable
* use optional in stage 1 cicd variable
* rename extras stage
* rename and move identity providers local, use optional for cicd variable
* tfdoc
* add support for wif pool and providers, ci/cd
* tfdoc
* fix links
* better handling of modules repository
* add missing role on logging project
* fix cicd pools in locals, test cicd
* fix workflow extension
* fix module source replacement
* allow tenant bootstrap cicd sa to impersonate resman sa
* tenant workflow templates fix for no providers file
* fix output files, push github workflow template to new repository
* remove try from outpout files
* align stage 1 cicd internals to stage 0
* tfdoc
* tests
* fix tests
* tests
* improve variable descriptions
* use optional in fast features
* actually create tenant log sinks, and allow the resman sa to do it
* test
* tests
* aaaand tests again
* fast features tenant override
* fast features tenant override
* fix wording
* add missing comment
* configure pf service accounts
* add missing comment
* tfdoc
* tests
* IAM docs
* update copyright
---------
Co-authored-by: Julio Castillo <jccb@google.com>
2023-02-04 15:00:45 +01:00
Natalia Strelkova
2958063625
Remove info about non-existing vpc-peering-*.tf files
2023-02-03 15:39:00 +01:00
Ludovico Magnocavallo
7b96ed429c
add missing role for initial user ( #1118 )
2023-01-28 08:41:22 +00:00
Ludo
83a0916bff
add missing newline
2023-01-28 09:27:31 +01:00
Ludovico Magnocavallo
c1d3736b06
fix destroy in stage 1 outputs ( #1099 )
2023-01-19 09:35:40 +00:00
lcaggio
a5f4e0883d
Fix FAST documentation.
2023-01-11 08:56:58 +01:00
lcaggio
488b6d4dc0
Remove plg project, composer 2
2023-01-11 00:31:52 +01:00
Roberto Jung Drebes
e234aa68b4
fix restricted services not being added to the perimeter configurations
2023-01-06 13:07:33 +01:00
agutta
7c3768d338
Update FAQ.md
2022-12-29 09:37:17 -06:00
agutta
5120df1615
Adding new section for Authentication issues
...
Common error when we have multiple identities
2022-12-28 12:06:13 -06:00
agutta
a128333223
Adding new file FAQ and an image
...
Adding a new file to capture and address frequently asked questions.
2022-12-19 16:07:41 -06:00
Julio Castillo
4f7cb39a06
Simplify readme discovery
2022-12-18 14:00:20 +01:00