Wiktor Niesiobędzki
439e9a1af9
Internet NEG for net-lb-proxy-int
2024-05-24 12:56:28 +02:00
Ludovico Magnocavallo
dc686c3a84
Remove default location from gcs module ( #2303 )
...
* gcs module
* blueprints/apigee/bigquery-analytics
* tfdoc
* pubsub README md syntax
2024-05-24 07:02:33 +00:00
Wiktor Niesiobędzki
af814505be
Add AlloyDB service for e2e tests harness ( #2302 )
2024-05-23 11:44:40 +02:00
Ludovico Magnocavallo
980011806c
fix permadiff in cloud nat module ( #2301 )
2024-05-23 08:38:03 +02:00
Ludovico Magnocavallo
ef5178c929
add support for shared vpc host to project factory ( #2300 )
2024-05-22 07:56:34 +00:00
simonebruzzechesse
1e149c18fc
New alloydb module ( #2285 )
...
* add alloydb module
---------
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
2024-05-22 09:40:25 +02:00
Ludovico Magnocavallo
be9214f99a
add support for tenant factory CI/CD ( #2297 )
2024-05-21 10:39:47 +02:00
Wiktor Niesiobędzki
1ecd637932
Internet NEG for net-lb-app-int ( #2293 )
...
Internet NEG for net-lb-app-int
2024-05-20 21:12:39 +02:00
simonebruzzechesse
79af34b69e
Add wif permissions to bootstrap tf SA ( #2290 )
...
* add wif permissions to bootstrap tf SA
2024-05-20 18:15:23 +02:00
Simone Ruffilli
21f3b733ab
FAST: Cleanup/harmonization of Simple and NVA net stages ( #2287 )
...
Cleanup/harmonization of Simple and NVA net stages
2024-05-16 16:49:15 +03:00
Simone Ruffilli
887c7e7926
Unify VPN and Peering FAST stages ( #2284 )
...
* Unify VPN and Peering FAST stages
2024-05-16 12:18:32 +03:00
Ludovico Magnocavallo
7a5dd4e6db
FAST: add top-level folders and restructure teams/tenants in resman ( #2254 )
...
* remove teams and tenants from resman
* move fast features to stage 1, fix test inventories
* folders
* fix factory, add top level folder resources to outputs
* tfdoc
* stage 0 log sink defs
* tfdoc
* enable toc in resman readme
* simple tenants
* fast compatibility automation and logging
* testing fast-compatible tenants
* testing fast-compatible tenants
* tfdoc
* remove mt stages
* remove tests, fix links
* disable tflint
* fast tests
* make organization conditional in resman
* check names tool
* export real prefix to tfvars, prevent destroy errors
* prefix validation
* fix billing account export format
* tfdoc
* root node folder
* resman changes
* tenant resman roles
* first apply of tenant resman
* tenant log sinks in stage 1
* fix test vars
* tfdoc
* tenant vpc-sc access policy
* fix tests expected values
* tenant CI/CD
* identity providers
* wif
* tfdoc
* add comments to identity locals
* full-feature tenant resman apply
* tenant billing IAM
* stage test
* fix CI/CD comments
* tenant net stage verified
* tenant sec stage verified
* fix test
* README work
* tfdoc
* README
* README rewording
* README rewording
* tfdoc
* FAST excalidraw
* review comments
* diagram review changes
* add iam log sink for tenants
* remove redundant try from security stage
* Implement tflint-fast in Python driven by tftest.yaml files
* tflint
* test ci changes
* revert linting changes
* disable tflint for fast
* Create junit-style report for FAST tflint
* Remove junit-reporter
* YAPF tflint-fast.py
* Output tflint FAST to job summary
* Step summary
* Disable step_summary as output is not useful
* ignore tflint warning
* re-enable tflint on FAST
---------
Co-authored-by: Wiktor Niesiobędzki <wiktorn@google.com>
2024-05-15 09:17:13 +00:00
Simone Ruffilli
d3ffcc2b1c
Disable reserved_internal_range in net-vpc due to provider bug ( #2282 )
2024-05-15 05:46:18 +00:00
Simone Ruffilli
9a26fe8635
Add support for reserved_internal_range in net-vpc ( #2275 )
...
Adds support for reserved_internal_range to net-vpc
2024-05-14 22:19:45 +03:00
Ludovico Magnocavallo
e4941c27f2
Implement the full IAM interface for tags ( #2269 )
...
* IAM authoritative bindings in org module
* remove extra newline
* organization module
* project module
* tfdoc
2024-05-13 20:18:51 +02:00
Wiktor Niesiobędzki
af253c9702
Fix 0-bootstrap iam_by_principals not taking into account all principals ( #2267 )
...
* Fix 0-bootstrap iam_by_principals not taking into account all principals
* Add test-case for iam_by_principals for 0-bootstrap stage
---------
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
2024-05-12 21:02:04 +02:00
Wiktor Niesiobędzki
6a3c7fe444
CloudSQL PSC Endpoints support ( #2242 )
...
* Add PSC endpoints consumers to net-address
* Cloud SQL E2E tests
2024-05-12 12:00:39 +02:00
Julio Castillo
d838c4ac47
Make Simple NVA route IAP traffic through NIC 0 ( #2262 )
2024-05-09 18:29:25 +02:00
Julio Castillo
c58850c096
Add Hybrid NAT support ( #2261 )
...
* Updates to support hybid NAT
* Fix readme
* Fix variable order
2024-05-09 13:24:41 +00:00
Ludovico Magnocavallo
c9503d5ac5
Remove data source from folder module ( #2260 )
...
* remove data source from folder module
* fix fast tfdoc
* fix locals type error
* fix folder test
* fix fast test
2024-05-09 13:09:54 +00:00
Julio Castillo
94c32c1d71
Misc FAST fixes ( #2253 )
...
* Misc FAST fixes
* Fix readme
* Fix FAST nva bgp tests
2024-05-02 06:56:26 +00:00
Ludovico Magnocavallo
27a055a9cb
fix factory ingress policies ( #2251 )
2024-05-01 18:50:30 +02:00
apichick
be966c4f32
Fixed issue with service networking DNS peering ( #2246 )
...
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
2024-04-28 20:18:02 +00:00
apichick
ab174274de
Added new attributes Apigee organization and bumped up providers version ( #2243 )
2024-04-28 17:31:42 +02:00
Wiktor Niesiobędzki
d831d32864
Use default labels on pubsub subscription when no override is provided
2024-04-27 09:22:41 +02:00
Julio Castillo
99129d54a3
Update FAST logging ( #2235 )
...
* Update FAST logging
* Fix readme
* Fix tests
2024-04-25 08:31:51 +02:00
Ludovico Magnocavallo
309792c559
Refactor vpc-sc support in project module, add support for dry run ( #2229 )
2024-04-22 09:28:01 +02:00
Wiktor Niesiobędzki
024d3255e6
Generalization of tflint call for FAST stages ( #2225 )
...
* Generalization of tflint call for FAST
* Fix tfvars path
* Fix tfvars path - depending where the file is
* Fix regex
* Reeanble linting
* Align test directory to stage name
* Align all fast stages to use tftest
2024-04-18 21:04:24 +02:00
Julio Castillo
3af7e257d2
Add tflint to pipelines ( #2220 )
...
* Fix terraform_deprecated_index
https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.5.0/docs/rules/terraform_deprecated_index.md
* Fix terraform_deprecated_interpolation
Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.5.0/docs/rules/terraform_deprecated_interpolation.md
* Fix more indexing
* Remove unused variable
* Enable TFLint for modules
* Add tflint config file
* Fix chdir
* Lint modules
* TFLint fixes
* TFLint
* Fixes binauthz README
* Fixes DNS response policy tests. Restores MIG outputs.
* Fixes other DNS response policy tests.
* Update tests for fast 2-e
* Moar fixed tests
---------
Co-authored-by: Simone Ruffilli <sruffilli@google.com>
2024-04-17 10:23:48 +02:00
Ludovico Magnocavallo
9414779cc2
Allow multiple PSA service providers in net-vpc module ( #2218 )
...
* allowing multiple PSA service providers in net-vpc module
* tfdoc
* tfdoc
* Add tfvars/yaml tests
* fix module and tests
* re-enable inventory
* merge fix
* Add multiple PSA test case
* fix cloudsql example
---------
Co-authored-by: Wiktor Niesiobędzki <wiktorn@google.com>
2024-04-16 15:02:36 +00:00
Ludovico Magnocavallo
198d90c6fc
Remove data source from net-vpc module ( #2216 )
...
* remove data source from net-vpc module
* fix test inventories
* remove data source, fix fast inventories
2024-04-16 14:11:12 +03:00
Julio Castillo
a74a106f8b
Add new org policies to FAST ( #2215 )
...
* Add new org policies to FAST
* Fix tests
2024-04-15 15:29:24 +02:00
Ludovico Magnocavallo
fbc7e891db
Net LB App Internal Cross-Region recipe ( #2214 )
...
* reorder tfdoc methods
* add support for recipes to tfdoc
* fix repo url in tfdoc
* update module README
* validated untested recipe
* validated untested refactored recipe
* add optional proxy subnet creation, outputs, fixes
* tested
* tfdoc fix
* fix README
* exclude examples from test collector
2024-04-14 19:38:05 +03:00
Ludovico Magnocavallo
3138eb9025
add support for tags to GCS module ( #2213 )
2024-04-11 13:19:05 +00:00
Wiktor Niesiobędzki
bca5901691
Fix project outputs inventory
2024-04-11 11:51:19 +02:00
Wiktor Niesiobędzki
a236222a93
Add project quotas factory
2024-04-11 11:51:19 +02:00
Simone Ruffilli
7833203d87
Add support for GCS soft-delete retention period ( #2212 )
...
* Add support for GCS soft-delete retention period
2024-04-11 07:31:00 +00:00
Ludovico Magnocavallo
9cace5272f
Add support for quotas to project module ( #2210 )
...
* add support for quotas to project module
* tfdoc
* better outputs
* Ensure keys in `quota_configs` are unique
* update fast tests
* Make quota E2E testable
* Remove quota project caveat
---------
Co-authored-by: Wiktor Niesiobędzki <wiktorn@google.com>
2024-04-10 17:03:04 +00:00
Tone
2831af09fa
feat(gke-cluster-standard): Add optional `CiliumClusterWideNetworkPolicy` ( #2207 )
...
* feat(gke-cluster-standard): Add optionnal `CiliumClusterWideNetworkPolicy`
Add `CiliumClusterWideNetworkPolicy` option on cluster.
Ref:
- https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/container_cluster#enable_cilium_clusterwide_network_policy
- https://cloud.google.com/kubernetes-engine/docs/how-to/configure-cilium-network-policy
* feat(gke-cluster-standard): Update Google provider to manage new feature
* feat(gke-cluster-standard): Move `cilium_clusterwide_network_policy` to `enable_features` field
* fix(scheduled-asset-inventory-export-bq): Set `dataset_id` with underscores
* fix(bigquery-dataset): Set `dataset_id` with underscores
2024-04-09 17:08:36 +02:00
Ludovico Magnocavallo
8511170412
FAST security stage refactor ( #2203 )
...
* first working change, missing docs and tests
* fixes
* tests
* boilerplate
* tfdoc
2024-04-07 20:14:39 -07:00
bluPhy
c420f17636
Updating cloud-run-v2 terraform and some typos ( #2201 )
...
* Updating cloud-run-v2 terraform and some typos
Updating modules/cloud-run-v2/main.tf to determine the tcp_socket value
Fixin typos in:
tests/fixtures.py
modules/workstation-cluster/README.md
modules/net-lb-int/README.md
modules/dataplex/README.md
modules/dataform-repository/README.md
modules/__docs/20230816-iam-refactor.md
CONTRIBUTING.md
blueprints/third-party-solutions/f5-bigip/f5-bigip-ha-active/startup-script.tpl
blueprints/third-party-solutions/f5-bigip/f5-bigip-ha-active/README.md
* Update README.md
---------
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
Co-authored-by: Ludovico Magnocavallo <ludo@qix.it>
2024-04-07 09:49:07 +00:00
Julio Castillo
a9ac0f40cd
Add variable to resman to control top-level folder IAM ( #2196 )
2024-04-04 10:26:35 +02:00
Ludovico Magnocavallo
33ffe2daa6
Allow r/o project factory SAs access to folder-level IAM ( #2195 )
...
* allow project factory SAs read access to folder-level IAM
* tfdoc
2024-04-03 21:51:46 +02:00
Elia
b80132a618
FAST GCVE stage ( #2191 )
...
* GCVE stage prerequisites
* fix gcve prereq
* gcve stage first deploy
* Updated readme filex
* docs updated
* some fixes after testing
* updated readme files
* elia fix
* gcve net admin custom role
* gcve net admin custom role
* elia fix
* ven peering deploy
* elia fix
* added blueprint and stage tests
* Edits to Readme files
* typo in outputs
* clean-up
* gcve stage tests fix
* readme fix
* fix sorting
* fix copyrights and readme file
* fix test
* fix copyright
* fixed gcve feature flag cond.
* removed validation
* fixed typo
* fixed typo
* fixed gcve tests
* fixed typo
* fixed typo
* fixed sorting
* fixed sorting
---------
Co-authored-by: Konrad Schieban <kschieban@google.com>
2024-04-03 17:25:12 +02:00
Wiktor Niesiobędzki
da4e5acd46
Fix failin e2e tests for Cloud Run CMEK
...
* create a fixture adding IAM grants to Cloud Run service agent
* add to README.md information about required grant
Decided to add ths as a fixture though it may not be reused so:
* grant is not polluting the example
* grant is fairly easy discoverable from README.md
* setup_module is not burdened with additional grant which is used only
for this example
2024-03-28 15:02:56 +01:00
Ludovico Magnocavallo
f487b27aa9
Fix default nodepool defaults in gke standard module ( #2182 )
...
* fix default nodepool defaults in gke standard module
* fix inventory
2024-03-28 11:22:14 +01:00
Tone
0f44e581d5
feat(gke-cluster-standard): Set optionnal `default_node_pool` configuration ( #2175 )
...
* feat(gke-cluster-standard): Set optionnal `default_node_pool` configuration
* feat(gke-cluster-standard): Improve `default_node_pool` variable setup
* feat(gke-cluster-standard): Improve `default_node_pool` condition validation
2024-03-26 18:05:35 +01:00
Wiktor Niesiobędzki
f2806f347b
Bump provider version to 5.18, so fix non-empty plan for google_notebooks_instance
2024-03-25 19:57:14 +01:00
Ludovico Magnocavallo
a590deb58b
Fix subnet configuration in cloud nat module ( #2171 )
...
* support optional secondary ranges in net-cloudnat module
* fix subnet configuration
* fix packer blueprint
2024-03-22 15:59:02 +01:00
Ludovico Magnocavallo
5ac86ecae7
Support advanced_datapath_observability in gke cluster standard module ( #2168 )
...
* support advanced_datapath_observability in gke cluster standard module
* bump provider to 5.17.0
2024-03-22 08:25:43 +01:00