dc81b26a9b
Use display_name instead of description for FAST service accounts
...
Fixes #944
2022-11-03 16:23:48 +01:00
8a20a14a0d
Move policy to serverless.yaml
2022-11-03 14:50:53 +01:00
747ebc6f39
Use org policy factory for resman stage
2022-11-03 14:48:21 +01:00
559753fab5
enable org policy API, fix run.allowedIngress value ( #935 )
2022-11-01 09:52:03 +01:00
d80a43eabb
Fix FAST org policies
2022-10-28 17:49:44 +02:00
4a1465ae32
Comment redundant role in bootstrap stage, align IAM.md files, improve IAM tool ( #842 )
...
* comment redundant role
* account for duplicate folder names
* update IAM.md files
2022-09-29 08:30:01 +02:00
a18a3c92b3
GKE CI/CD ( #804 )
2022-09-09 08:33:25 +02:00
b0b6510aed
Fix automation gcs location ( #803 )
...
* Fix automation gcs location
* also apply change to stage 01
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
2022-09-09 07:18:44 +02:00
76e49d5891
Merge remote-tracking branch 'origin/master' into fast/gke2
2022-09-08 22:38:05 +02:00
353706150e
FAST: add support for storage locations in stages 0 and 1 ( #800 )
...
* FAST: add support for storage locations in stages 0 and 1
* fix typo
* fix typo on logging
* tfdoc
2022-09-08 15:24:42 +02:00
a82ef7550e
Allow gke stage to write to automation bucket
2022-08-25 15:11:44 +02:00
dcc2700008
Merge branch 'master' into fast/gke2
2022-08-07 07:43:16 +00:00
b953424aec
fixing to move without output_location ( #770 )
2022-08-07 09:00:27 +02:00
0bec03b0a0
Merge remote-tracking branch 'origin/master' into fast/gke2
2022-08-03 20:42:09 +02:00
bfefaf627e
refactor teams, fix #750 ( #766 )
2022-08-03 16:34:09 +02:00
366f28a519
Merge remote-tracking branch 'origin/master' into fast/gke2
2022-07-29 10:57:25 +02:00
7f1a523866
FIX: Missing value to format principalSet ( #759 )
2022-07-27 08:18:27 +02:00
1bc352bb7b
Fix docs
2022-07-12 12:19:05 +02:00
25955b158a
Merge branch 'master' into fast/gke2
2022-07-12 12:16:04 +02:00
e7bc11e6b9
Add gke SAs to outputs
2022-07-12 12:10:39 +02:00
0d9fac316a
FAST: Resman: Update billing.tf ( #721 )
...
* FAST: Resman: Update billing.tf
Add billing.costsManager to the PF SAs to allow it to create billing alerts.
* fix linting
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
2022-07-06 16:10:14 +03:00
ea7827d1ad
FAST - added missing format argument in branch-pf-dev-sa-cicd
...
In the module branch-pf-dev-sa-cicd, the calls to the "format" function were missing the argument var.automation.federated_identity_pool.
2022-07-05 11:44:33 +02:00
7b5ced7e15
stage 01
2022-06-30 18:22:57 +02:00
7786dd3d90
Merge branch 'master' into fast/gke2
2022-06-30 11:30:52 +02:00
d6a81fb662
wip
2022-06-30 11:00:57 +02:00
ee7a615a58
Merge remote-tracking branch 'origin/master' into fast/gke2
2022-06-29 17:06:55 +02:00
c66bb0e1c3
Merge branch 'master' of https://github.com/GoogleCloudPlatform/cloud-foundation-fabric into mgfeller/fast-readme-tfvars-auto
2022-06-29 15:29:43 +02:00
66c4fffd76
FAST: configuration switches for features ( #703 )
...
* example implementation of top-level switches
* data platform as a fast feature
* decouple teams and project factory
* teams disable fixes
* optional pf
* networking stage
* remove var from stage 2s, security
2022-06-28 17:33:37 +02:00
34650ae621
FAST - updated some READMEs about usage of *.auto.tfvars files
...
Updated information about using the auto generated tfvars files in the "Variable configuration" section for some stages.
Mainly about using globals.auto.tfvars.json instead of copying terraform.tfvars from bootstrap stage.
2022-06-28 11:27:21 +02:00
fb1d31551f
fix tfdoc
2022-06-23 08:55:28 +02:00
666d8a469c
Merge branch 'master' into fast/gke2
2022-06-23 08:34:09 +02:00
a09eb39a96
disable provider data source when not needed, explicitly depend on CI/CD SAs
2022-06-16 23:11:08 +02:00
a35ed1ca0f
allow using cicd service accounts in build triggers
2022-06-16 22:16:43 +02:00
da17d57863
fix tfdoc
2022-06-16 21:59:44 +02:00
2b61efb722
add project number to sgae 1 values
2022-06-16 21:57:09 +02:00
c87c645bf0
add missing try to stage 1 outputs
2022-06-16 21:56:48 +02:00
e3d91e84e4
sourcerepo and cloudbuild at 01-resman
2022-06-15 21:34:26 -05:00
2eb996d33d
sourcerepo and cloudbuild at 01-resman
2022-06-15 19:12:11 -05:00
f75c0021a1
fix #673 ( #674 )
2022-06-10 10:51:26 +02:00
f9b808b4bc
Fix permissions and update NVA and peering net stages for gke
2022-06-08 11:42:04 +02:00
9fabfafc63
Update gke stage to use contract setup
2022-06-08 11:42:02 +02:00
a4c0b22f4e
Move GKE example to dev
2022-06-08 11:41:52 +02:00
801a5ed42d
Add xpn admin to gke SAs on gke folders
2022-06-08 11:41:52 +02:00
f3f9a4a88c
GKE multitenant
...
Co-authored-by: Daniel Marzini <dmarzi@google.com>
2022-06-08 11:41:50 +02:00
44ae2671b0
CI/CD support for Source Repository and Cloud Build ( #669 )
...
* add id to outputs
* initial cloud build implementation for stage 0
* comments
* stage 0
* stage 1, untested
* add support for IAM and CB triggers to source repository module
* refactor stage 0 to use sourcerepo module
* refactor stage 1 to use sourcerepo module
* file descriptions
* fix gitlab pipeline
2022-06-08 11:34:08 +02:00
7b30aa2c12
Added "gitlab" type to 01-resman Stage
2022-04-19 11:09:33 +02:00
73a9136dc6
disable some org policies ( #631 )
2022-04-15 08:10:42 +02:00
eec0fd2fdf
FAST: allow changing tag names from variables in resman ( #628 )
2022-04-13 10:22:33 +02:00
2644627837
Remove broken link and ignore globals in fast stages
2022-04-12 21:33:03 +02:00
725f7effce
Initial MVP for CI/CD ( #608 )
...
* preliminary support for wif in stage 0
* IAM wif role
* IAM wif role TODO
* add support for external SA IAM to SA module
* add name output to SA module
* separate cicd SA
* tfdoc
* GITLAB principal (untested)
* make GCS name output static
* outputs bucket
* fix stage 1 test
* tweak outputs
* tfdoc
* move wif_pool to automation variable
* add support for top-level and repository providers
* add missing boilerplate
* fix branchless principal
* initial workflow
* symlink provider template in stages
* remove service accounts from stage 0 cicd tfvars
* add cicd interface variable to resman stage
* fix cicd variable in resman stage
* better condition on outputs_location
* fix last change
* change outputs_location type
* revert outputs_location change
* split outputs in stage 0
* update ci/cd temporary notes
* rename additive IAM resource in SA module
* split outputs in stage 1
* remove unused locals
* fix stage 1 tests
* tfdoc
* Upload action files to outputs_bucket
* Fix tests and README
* rename template, streamline outputs
* local templates and gcs output for all stage 2
* add workflows to local output files
* Use lowercase WIF providers everywhere
* Bring back suffix for workflow files
* Remove unused files
* Update READMEs
* preliminary CI/CD implementation for stage 1
* fix stage 1
* stage 1 cicd
* tfdoc
* fix tests
* readme and links for cicd and wif
* refactor wif providers
* refactor cicd for stage 1
* fix stage 1
* wif org policies
* split identity provider configuration from cicd
* add type attribute to cicd repositories
* valid cicd repositories have a workflow template
* refactor stage 01
* fix stage 01 tests
* minimal CI/CD documentation
* better check_links error reporting
* fix links
* Added Gitlab specific configurations
Set the default issuer_uri for Gitlab. Added allowed audiences to OIDC configuration.
* Fixed TF formatting in identity providers.
* Changing identity provider audience to null
Changing identity provider audience to default to null.
* add instructions for renaming workflows
* address Julio's comments
Co-authored-by: Julio Castillo <jccb@google.com>
Co-authored-by: alexmeissner <alexmeissner@google.com>
2022-04-12 08:17:27 +02:00
Julio Castillo
Ludovico Magnocavallo
Miklos Niedermayer
Daisuke
Agustin Ramirez
Simone Ruffilli
Michael Gfeller
Alexander Meissner