Julio Castillo
960e015b42
Fix FAST tests
2023-09-17 00:21:36 +02:00
Julio Castillo
121598dbea
Move FAST security delegated admins to iam_bindings_additive
2023-09-17 00:21:36 +02:00
Julio Castillo
9c878dc9cf
Fix tests for new KMS IAM interface
2023-09-17 00:21:36 +02:00
Ludovico Magnocavallo
d3d77d17fb
fix psa routing variable in FAST net stages ( #1685 )
2023-09-16 10:31:02 +02:00
Oliver Frolovs
6eb862a775
GKE cluster modules: add optional kube state metrics ( #1682 )
...
* `gke-cluster-standard`: add optional kube state metrics
* `gke-cluster-autopilot`: add optional kube state metrics
* FAST: add kube state metrics support for GKE
* blueprints/gke: add kube state metrics support
* Bump up the provider version to `v4.82.0`
2023-09-15 12:18:45 +01:00
Julio Castillo
f3be29cbc9
Fix tests
2023-09-15 00:27:55 +02:00
Oliver Frolovs
b3dc91b5cd
Upgrades to `monitoring_config` in `gke-cluster-*`, docs update, and cosmetics fixes to GKE cluster modules ( #1680 )
...
* gke-cluster-standard: upgrade `monitoring_config` to use object style. Add tests.
* gke-cluster-standard: update docs
* gke-cluster-autopilot: move gateway_api_config block (cosmetic change)
* gke-cluster-autopilot: update docs and fix typos
* Update blueprints due to `monitoring_config` changes in `gke-cluster-standard`.
* Update FAST due to `monitoring_config` changes in `gke-cluster-standard`.
* Update docs for affected blueprints and FAST stages
2023-09-14 23:25:57 +01:00
Julio Castillo
8d7772761c
Fix FAST readmes
2023-09-14 13:10:16 +02:00
Julio Castillo
c1be435b09
Fix range names definition of GKE clusters
...
Fixes #1677
2023-09-14 12:51:43 +02:00
Julio Castillo
949e98d375
Increase size of pod range for default GKE subnets in FAST
...
Related to the issues reported in #1644
2023-09-11 10:28:42 +02:00
Ludovico Magnocavallo
3915a016c9
Align pf stage sample data to new format ( #1664 )
...
* align pf stage sample data to new format
* boilerplate
2023-09-09 10:04:19 +02:00
Luca Prete
fcefadbd8e
[ #1661 ] Make FAST stage 1 resman tf destroy more reliable
...
Co-authored-by: Luca Prete <lucaprete@google.com>
2023-09-08 10:09:31 +00:00
Ludovico Magnocavallo
e14789ecb0
link project factory documentation from FAST stage ( #1659 )
2023-09-08 07:14:16 +00:00
Ludovico Magnocavallo
ec3b705f53
Change type of `iam_bindings` variable to allow multiple conditional bindings ( #1658 )
...
* modules
* fast
* dns readme
2023-09-08 08:56:31 +02:00
Luca Prete
12e78af055
Fix project factory blueprint and fast stage ( #1654 )
2023-09-07 12:48:39 +00:00
Oliver Frolovs
988fd2ee05
gke-cluster-standard: change logging configuration ( #1638 )
...
* Update logging configuration of this module to use object interface in harmony with `gke-cluster-autopilot` module.
* Update blueprints that use this module.
* Add "WORKLOADS" log source to logging configuration of the blueprints where the README files say so.
* Update FAST stage 3 because it uses this module.
2023-08-31 12:49:15 +01:00
Julio Castillo
804e7c961e
Silence FAST tests warnings
...
- Fix pytest PytestUnraisableExceptionWarning
- Remove incorrect print
- Use tfvars for some examples in READMEs
2023-08-28 18:40:41 +02:00
Luca Prete
c63884d52e
Remove unused ASN numbers in CloudNAT to avoid FAST provider errors
2023-08-28 15:32:30 +00:00
Julio Castillo
b88e4c6f6e
Fix syntax error in FAST nva
2023-08-28 16:28:01 +02:00
Julio Castillo
b701d55b1f
Fix tests
2023-08-28 16:00:48 +02:00
Julio Castillo
5e9829373c
Fix FAST hfw policies
2023-08-28 16:00:48 +02:00
Luca Prete
4c64c15871
Revert "Remove unused ASN numbers from CloudNAT to avoid provider errors" ( #1626 )
...
This reverts commit 311bed8e83
.
2023-08-28 09:33:52 +02:00
Julio Castillo
1adfb9fb32
Fix role name for delegated grants in FAST bootstrap
...
Fixes issue behind #1621
2023-08-24 19:13:42 +02:00
Luca Prete
50a449965f
Fix: align stage-2-e-nva-bgp to the latest APIs
2023-08-23 13:34:11 +02:00
Luca Prete
8ca60881f1
Fix: use existing variable to optionally name fw policies ( #1610 )
2023-08-22 08:55:56 +02:00
Ludovico Magnocavallo
819894d2ba
IAM interface refactor ( #1595 )
...
* IAM modules refactor proposal
* policy
* subheading
* Update 20230816-iam-refactor.md
* log Julio's +1
* data-catalog-policy-tag
* dataproc
* dataproc
* folder
* folder
* folder
* folder
* project
* better filtering in test examples
* project
* folder
* folder
* organization
* fix variable descriptions
* kms
* net-vpc
* dataplex-datascan
* modules/iam-service-account
* modules/source-repository/
* blueprints/cloud-operations/vm-migration/
* blueprints/third-party-solutions/wordpress
* dataplex-datascan
* blueprints/cloud-operations/workload-identity-federation
* blueprints/data-solutions/cloudsql-multiregion/
* blueprints/data-solutions/composer-2
* Update 20230816-iam-refactor.md
* Update 20230816-iam-refactor.md
* capture discussion in architectural doc
* update variable names and refactor proposal
* project
* blueprints first round
* folder
* organization
* data-catalog-policy-tag
* re-enable folder inventory
* project module style fix
* dataproc
* source-repository
* source-repository tests
* dataplex-datascan
* dataplex-datascan tests
* net-vpc
* net-vpc test examples
* iam-service-account
* iam-service-account test examples
* kms
* boilerplate
* tfdoc
* fix module tests
* more blueprint fixes
* fix typo in data blueprints
* incomplete refactor of data platform foundations
* tfdoc
* data platform foundation
* refactor data platform foundation iam locals
* remove redundant example test
* shielded folder fix
* fix typo
* project factory
* project factory outputs
* tfdoc
* test workflow: less verbose tests, fix tf version
* re-enable -vv, shorter traceback, fix action version
* ignore github extension warning, re-enable action version
* fast bootstrap IAM, untested
* bootstrap stage IAM fixes
* stage 0 tests
* fast stage 1
* tenant stage 1
* minor changes to fast stage 0 and 1
* fast security stage
* fast mt stage 0
* fast mt stage 0
* fast pf
2023-08-20 09:44:20 +02:00
lcaggio
6eeba5e599
[Data Platform] Update README.md ( #1601 )
...
Fix hardcoded path in readme.
2023-08-18 18:27:43 +02:00
Alejandro Leal
ea0de3adbb
Fixing some typos
2023-08-18 05:51:00 +00:00
Stefan Moser
dcb3c32761
fix null object exception in bootstrap output when using cloudsource repos ( #1597 )
2023-08-17 09:03:23 +00:00
Ludovico Magnocavallo
2423fd40c1
Fix FAST CI/CD for Gitlab ( #1593 )
...
* fix cicd (multitenant untested)
* tfdoc
* rename allowed_audiences to audiences, align multitenant
2023-08-15 12:59:31 +02:00
Ludovico Magnocavallo
c5a77ebfe3
fix module path for teams cicd ( #1583 )
2023-08-09 21:41:56 +00:00
Matt
9600047a32
Enable team CI/CD impersonation ( #1579 )
2023-08-09 08:46:24 -04:00
Ludovico Magnocavallo
79373721df
Remove firewall policy management from resource management modules ( #1581 )
...
* rename firewall policy module, fix outputs
* add TOC to firewall policy module
* don't depend policy on parent id
* remove firewall policy from resource management modules
* remove factory conditionals
* fast net a and b
* fast stages
* fast tfdoc
* fast tfdoc
* remove unused test
* fix shielded folder blueprint
* fix shielded folder blueprint
2023-08-09 11:23:07 +00:00
Ludovico Magnocavallo
9c75aa469c
More module descriptions ( #1572 )
...
* bigquery dataset
* data catalog policy tag
* net-address
* fix data catalog callers
* bigquery dataset views
* fix data catalog callers
* logging bucket
* net vpn ha
2023-08-06 09:25:45 +00:00
Luca Prete
311bed8e83
Remove unused ASN numbers from CloudNAT to avoid provider errors
2023-08-04 08:02:11 +00:00
Luca Prete
47daeaafe1
Update FAST CI/CD workflows so it can work with ID_TOKEN and Gitlab 15+
2023-08-03 16:09:45 +00:00
Ludovico Magnocavallo
b524aa137c
Peering module refactor ( #1547 )
...
* refactor net-vpc-peering module
* hub and spoke peering blueprint
* fast stages
* boilerplate
* fast tfdoc
---------
Co-authored-by: Julio Castillo <jccb@google.com>
2023-07-29 21:33:57 +02:00
Ludovico Magnocavallo
c918cfc800
Update README.md
2023-07-27 13:40:26 +02:00
Ludovico Magnocavallo
ea800fa475
fix stage links for GKE stage ( #1514 )
2023-07-20 10:48:45 +00:00
Miren Esnaola
cacb0c02e2
Refactoring of dns module
2023-07-19 12:57:44 +02:00
Ludovico Magnocavallo
aa1a79632b
Create 0-org-policies.md
2023-07-15 18:40:18 +02:00
Ludovico Magnocavallo
4ad55923b7
Update 0-bootstram-user-iam.md
2023-07-13 19:33:01 +02:00
Ludovico Magnocavallo
fbbe668015
Document architectural decisions ( #1506 )
...
* add architectural decisions log and first decision
* add header
* typo
2023-07-13 16:15:32 +02:00
Natalia Strelkova
e00d3bcba4
README: audit logs on org level go to a logging bucket, not bigquery
2023-07-10 16:42:01 +02:00
Ludovico Magnocavallo
154df17951
FAST: initial implementation of lightweight tenants ( #1470 )
...
* initial import
* fixes
* fixes
* fixes
* red SA roles
* red SA roles
* org-level custom roles var, tenants IAM config
* tfdoc
* allow core SA to write output files to tenant bucket
* README
* implement comments on PR
* show tenant org example
* update example
2023-07-07 08:40:37 +02:00
Aurélien Legrand
623c886e95
Peering dashboard ( #1492 )
...
* Adding dashboard to monitor VPC and VPC peering group quotas
* Adding 1 ressource to the tests (dashboard)
* Adding dashboard and tests for other networking architecture
* Update test
2023-07-05 18:25:31 +02:00
Julio Castillo
d49a5c0fbb
Fix primary gke/dp ranges in FAST subnets
2023-06-30 19:28:21 +02:00
Roberto Jung Drebes
772cf813fc
FAST: short_name_is_prefix for multi-tenant ( #1478 )
...
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
2023-06-30 09:49:25 +02:00
Alejandro Leal
43b3490ef1
Updating a few files for typos
...
fast/stages/3-data-platform/dev/README.md
fast/stages/3-data-platform/dev/outputs.tf
CHANGELOG.md
blueprints/data-solutions/data-platform-minimal/README.md
blueprints/data-solutions/data-platform-minimal/outputs.tf
blueprints/data-solutions/data-platform-foundations/README.md
2023-06-29 21:47:17 -04:00
Arvind Ganesh
d3e4864b57
Making the changes as suggested in https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1477#issuecomment-1612846907
2023-06-29 12:24:29 -04:00
Arvind Ganesh
0b19a16593
Changing the IP ranges in all networking stages
2023-06-28 14:45:33 -04:00
Arvind Ganesh
f75bc321b9
Changing the IP range of pods from 100.64.48.0/20 to 100.65.16.0/20 as there is an overlap in 100.64.0.0/16 range with dev-gke-nodes-ew1.yaml
2023-06-28 14:15:35 -04:00
Julio Castillo
d6aea3ff5f
Remove unneeded file from resman stage
2023-06-27 09:54:46 +02:00
Ludovico Magnocavallo
638841c8d1
Rename network load balancer modules ( #1466 )
...
* update LB modules to new names
* update LB modules names
* update test paths
2023-06-26 07:50:10 +00:00
Albert Lloveras
7cacc46b4b
fixup(project-factory): Use the correct KMS Service Agents attribute … ( #1446 )
...
* fixup(project-factory): Use the correct KMS Service Agents attribute name
* Add new KMS bindings to tests
* Update test resource counts
* Update README.md resource count
2023-06-19 23:53:08 +00:00
Keith Harvey
a68a3b55cb
Bump TF version in all workflow templates to coincide with module requirements ( #1445 )
...
* Resman - bump GH TF version to coincide with module requirements (#1 )
Bootstrap was bumped in #1414
* Bump TF version in all workflow files
* bump TF version in missed workflow file
2023-06-16 07:39:28 +00:00
Ludovico Magnocavallo
815728aca6
fix repo names check ( #1443 )
2023-06-15 16:08:57 +00:00
Julio Castillo
e900e9c951
Make internal/external addresses optional in compute-vm
...
Fixes 1431
2023-06-08 14:00:10 +02:00
Wiktor Niesiobędzki
6b4bca10bd
Use RFC6598 addresses for pods and subnets
...
10.128.0.0/9 is public network.
Closes : #1424
2023-06-08 07:56:31 +02:00
Ludovico Magnocavallo
c024eca320
Add custom tag support to FAST ( #1426 )
...
* initial implementation of custom tags
* depend org policies on tags
* fix test
* integrate default and custom org policy tags
2023-06-07 22:10:27 +00:00
Ludovico Magnocavallo
7bd6e5d57b
Small fixes ( #1425 )
...
* fix serverless connector plugin outputs
* add internal and lb to allowed ingress org policy
* add validation condition on cloud run ingress settings
* tfdoc
* plugin tfdoc
* allow disabling googleapis routes with a single instruction in net-vpc
* fix variable def
* fix variable description
* fix cr variable validation
* fix usage of create_googleapis_routes in examples and stages
2023-06-07 17:37:46 +00:00
Ana Fernandez del Alamo
0fe3f165ed
Add VPN monitoring alerts to 2-networking and VPN usage chart
...
The Fast stage 2-networking-* currently adds a monitoring dashboard
for VPN metrics. This change adds an additional chart to monitor the
usage of the VPN bandwidth.
This change also adds the following monitoring alerts:
* VPN tunnel established
*
[VPN bandwidth](https://cloud.google.com/network-connectivity/docs/vpn/how-to/viewing-logs-metrics#define-bandwidth-alerts )
To configure the alerts, there is a new `alert_config` variable with
defined default values.
The alerts are created in the stage `b` by default. In the stages a,
c, d, and e, the alerts are created if the user creates the On-prem
VPN.
To disable the creation of alerts, add the following to
`terraform.tfvars`:
```
alert_config = {
vpn_tunnel_established = null
vpn_tunnel_bandwidth = null
}
```
2023-06-06 13:49:21 +01:00
Julio Castillo
9af4db2fa0
Delete FAQ.md
2023-06-06 14:47:26 +02:00
David Asaf
43ce70e1ed
Bump GH TF version to coincide with module requirements ( #1414 )
2023-06-03 06:20:11 +00:00
Julio Castillo
b6ce4222d1
Fix nva stages tests
2023-05-26 17:32:34 +02:00
Julio Castillo
fb121b4d08
Fix FAST tests
2023-05-26 17:17:40 +02:00
Julio Castillo
0888cce3a5
Rename to `create_googleapis_routes`
2023-05-26 16:43:43 +02:00
Julio Castillo
7a91a7e41c
Add default googleapi route creation to net-vpc
2023-05-26 10:55:35 +02:00
Ludovico Magnocavallo
4aa99ea829
allow setting identities in egress policies ( #1394 )
2023-05-24 12:05:16 +02:00
Gustavo Valverde
00cac9148a
fix(stages): only add sandbox SA when `sandbox` feature is enabled ( #1391 )
...
If you have the `project_factory` feature enabled, but not the `sandbox` feature (as it's not a requirement on your org), when doing a `terraform apply` on `1-resman` it raises this errors as it's expecting the wrong feature when creating the sandbox SA
```
│ Error: Invalid index
│
│ on branch-sandbox.tf line 68, in resource "google_organization_iam_member" "org_policy_admin_sandbox":
│ 68: member = module.branch-sandbox-sa.0.iam_email
│ ├────────────────
│ │ module.branch-sandbox-sa is empty tuple
│
│ The given key does not identify an element in this collection value: the collection has no elements.
```
2023-05-24 05:17:35 +00:00
Ludovico Magnocavallo
e0911c6291
Add conditional org admin role to sandbox SA ( #1385 )
...
* add org admin conditional role to sandbox SA
* tfdoc
2023-05-21 10:48:41 +02:00
Roberto Jung Drebes
d2f0b17ec4
Allows groups from other orgs/domains ( #1383 )
...
* Allows groups from other orgs
2023-05-17 11:07:47 +02:00
Alejandro Leal
0ad21351c0
Merge branch 'master' into master
2023-05-15 14:25:42 -04:00
Natalia Strelkova
c4ec4868c2
Merge branch 'master' into fast-home-path-fix
2023-05-15 13:16:55 +02:00
Natalia Strelkova
f5b10fa3da
Fixed home path
2023-05-15 12:55:43 +02:00
Alex Ostapenko
7861ea74b8
fixed permissions for security stage SA ( #1376 )
...
it should be able to use automation project
as a quota project, hence it needs `serviceusage.serviceUsageConsumer`
role
2023-05-15 10:20:33 +00:00
Alejandro Leal
87cd83f5c0
Several updates
...
Several updates
2023-05-13 23:51:46 -04:00
Fawzi
ac349332c4
fix routes priority typo
2023-05-09 21:28:56 +10:00
Jack P
491b52f023
update variables files for gke nodepool taints ( #1358 )
...
* update variables files for gke node config taints to allow passing of node objects
* forgot to run terraform fmt..
* update module docs
2023-05-05 19:42:00 +02:00
Ludovico Magnocavallo
efb0ebe689
Switch FAST networking stages to network policies for Google domains ( #1352 )
...
* peering stage implementation
* vpn stage implementation
* tfdoc
* tests
* add most supported google domains
* align all net stages
* add support for factory to DNS response policy module
* use dns policy factory in network stages
* boilerplate
2023-05-04 07:38:40 +02:00
Ludovico Magnocavallo
75cc2f3d7a
FAST: shorten stage 3 prefixes, enforce prefix length in stage 3s ( #1346 )
...
* shorten stage 3 prefixes, enforce prefix length in stage 3s
* tfdoc
* tfdoc
2023-05-03 07:39:41 +02:00
Julio Castillo
6f06ca5781
Fix readmes
2023-04-27 12:46:52 +02:00
Julio Castillo
127787c65e
Add logging details to bootstrap outputs
2023-04-27 12:28:20 +02:00
Julio Castillo
016a4e08ae
fix fast tftest directives
2023-04-21 17:51:20 +02:00
Ludovico Magnocavallo
121bc30e90
fix typo in variable name ( #1324 )
2023-04-17 07:40:05 +00:00
Ludovico Magnocavallo
9072c3472e
strip org name from deploy key repo ( #1328 )
2023-04-17 08:59:07 +02:00
Dazbo
56261101c3
Allow longer org pfx plus tenant pfx ( #1318 )
...
Thanks!!!
2023-04-12 01:36:37 +02:00
Ludovico Magnocavallo
2cd247bb1f
fix mt resman, add support for mt stage 2s ( #1315 )
2023-04-11 18:43:39 +09:00
Dazbo
4843d0dfaf
Fixed type in readme for FAST multitenant ( #1313 )
2023-04-11 04:47:03 +02:00
derailed-dash
6917343a33
Fixed type in readme for FAST stages
2023-04-08 19:35:21 +01:00
Luca Prete
a9cba47ce8
Add FAST stage 2-networking-e-nva-bgp (NVA+NCC)
...
Co-authored-by: Luca Prete <lucaprete@google.com>
Co-authored-by: Simone Bruzzechesse <bruzzechesse@google.com>
Co-authored-by: Simone Ruffilli <sruffilli@google.com>
2023-04-04 20:41:04 +02:00
Simone Ruffilli
e2b0ef55ab
Update hierarchical_rules.schema.yaml ( #1285 )
...
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
2023-03-30 06:30:52 +00:00
Geoff Cardamone
11b4fee5b5
Update Provider and Terraform variables section ( #1284 )
...
Updating readme so that the provider and terraform variables section is identical to the documentation in the other stages.
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
2023-03-28 14:18:44 +00:00
Ludovico Magnocavallo
3d41d01efc
FAST plugin system ( #1266 )
...
* plugin folder, gitignore, serverless connector example
* add support to fast plugin variables and outputs to tfdoc
* rename folder, READMEs
* add variable description
* show diffs
* check documentation, use multiple files
* debug check doc
* try a different glob
* debug tfdoc names
* more debug
* and even more debug
* fix gitignore
* fix links
* support extra files in tests
* fix fixture, switch stage 2 peering to new tests
* tfdoc
* Allow globs in extra files
---------
Co-authored-by: Julio Castillo <jccb@google.com>
2023-03-24 12:28:32 +00:00
simonebruzzechesse
c4c4688adc
Small fixes to FAST Networking stage with NVAs ( #1273 )
...
* fix issue with test-resources and internet connectivity from spokes
* terraform fmt
* removed reference to startup-script in README.md
2023-03-23 09:57:01 +01:00
Ludovico Magnocavallo
5edc931bf9
add missing secret to spoke tunnels ( #1265 )
2023-03-17 20:52:40 +01:00
Ludovico Magnocavallo
5fb17cb3ac
Widen scope for prod project factory SA to dev ( #1263 )
...
* restrict storage role on outputs bucket for stage SAs
* grant prod project factory SA authority over prod and dev org policies
* network stages delegated grants on dev to prod pf SA
* security grants to prod pf SA on dev
* tfdoc
* tests
2023-03-17 16:24:55 +00:00
Ludo
367f4b6670
remove debug output
2023-03-17 15:35:18 +01:00
Anton KOVACH
5d8cbd3c57
Merge branch 'master' into feature/fast-cicd-github-enable-populating-of-data-directory-sample-files-and-update-dependencies
2023-03-15 11:57:21 +01:00
Ludovico Magnocavallo
2794cb6f24
Fix #1139 ( #1249 )
2023-03-15 11:43:43 +01:00