zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
5,370 Commits 3 Branches 352 Tags 59 MiB
Commit Graph

945 Commits

Author SHA1 Message Date
Wiktor Niesiobędzki 439e9a1af9 Internet NEG for net-lb-proxy-int 2024-05-24 12:56:28 +02:00
Ludovico Magnocavallo dc686c3a84
Remove default location from gcs module (#2303) 
* gcs module

* blueprints/apigee/bigquery-analytics

* tfdoc

* pubsub README md syntax
 2024-05-24 07:02:33 +00:00
Wiktor Niesiobędzki af814505be
Add AlloyDB service for e2e tests harness (#2302) 2024-05-23 11:44:40 +02:00
Ludovico Magnocavallo 980011806c
fix permadiff in cloud nat module (#2301) 2024-05-23 08:38:03 +02:00
Ludovico Magnocavallo ef5178c929
add support for shared vpc host to project factory (#2300) 2024-05-22 07:56:34 +00:00
simonebruzzechesse 1e149c18fc
New alloydb module (#2285) 
* add alloydb module

---------

Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
 2024-05-22 09:40:25 +02:00
Ludovico Magnocavallo be9214f99a
add support for tenant factory CI/CD (#2297) 2024-05-21 10:39:47 +02:00
Wiktor Niesiobędzki 1ecd637932
Internet NEG for net-lb-app-int (#2293) 
Internet NEG for net-lb-app-int
 2024-05-20 21:12:39 +02:00
simonebruzzechesse 79af34b69e
Add wif permissions to bootstrap tf SA (#2290) 
* add wif permissions to bootstrap tf SA
 2024-05-20 18:15:23 +02:00
Simone Ruffilli 21f3b733ab
FAST: Cleanup/harmonization of Simple and NVA net stages (#2287) 
Cleanup/harmonization of Simple and NVA net stages
 2024-05-16 16:49:15 +03:00
Simone Ruffilli 887c7e7926
Unify VPN and Peering FAST stages (#2284) 
* Unify VPN and Peering FAST stages
 2024-05-16 12:18:32 +03:00
Ludovico Magnocavallo 7a5dd4e6db
FAST: add top-level folders and restructure teams/tenants in resman (#2254) 
* remove teams and tenants from resman

* move fast features to stage 1, fix test inventories

* folders

* fix factory, add top level folder resources to outputs

* tfdoc

* stage 0 log sink defs

* tfdoc

* enable toc in resman readme

* simple tenants

* fast compatibility automation and logging

* testing fast-compatible tenants

* testing fast-compatible tenants

* tfdoc

* remove mt stages

* remove tests, fix links

* disable tflint

* fast tests

* make organization conditional in resman

* check names tool

* export real prefix to tfvars, prevent destroy errors

* prefix validation

* fix billing account export format

* tfdoc

* root node folder

* resman changes

* tenant resman roles

* first apply of tenant resman

* tenant log sinks in stage 1

* fix test vars

* tfdoc

* tenant vpc-sc access policy

* fix tests expected values

* tenant CI/CD

* identity providers

* wif

* tfdoc

* add comments to identity locals

* full-feature tenant resman apply

* tenant billing IAM

* stage test

* fix CI/CD comments

* tenant net stage verified

* tenant sec stage verified

* fix test

* README work

* tfdoc

* README

* README rewording

* README rewording

* tfdoc

* FAST excalidraw

* review comments

* diagram review changes

* add iam log sink for tenants

* remove redundant try from security stage

* Implement tflint-fast in Python driven by tftest.yaml files

* tflint

* test ci changes

* revert linting changes

* disable tflint for fast

* Create junit-style report for FAST tflint

* Remove junit-reporter

* YAPF tflint-fast.py

* Output tflint FAST to job summary

* Step summary

* Disable step_summary as output is not useful

* ignore tflint warning

* re-enable tflint on FAST

---------

Co-authored-by: Wiktor Niesiobędzki <wiktorn@google.com>
 2024-05-15 09:17:13 +00:00
Simone Ruffilli d3ffcc2b1c
Disable reserved_internal_range in net-vpc due to provider bug (#2282) 2024-05-15 05:46:18 +00:00
Simone Ruffilli 9a26fe8635
Add support for reserved_internal_range in net-vpc (#2275) 
Adds support for reserved_internal_range to net-vpc
 2024-05-14 22:19:45 +03:00
Ludovico Magnocavallo e4941c27f2
Implement the full IAM interface for tags (#2269) 
* IAM authoritative bindings in org module

* remove extra newline

* organization module

* project module

* tfdoc
 2024-05-13 20:18:51 +02:00
Wiktor Niesiobędzki af253c9702
Fix 0-bootstrap iam_by_principals not taking into account all principals (#2267) 
* Fix 0-bootstrap iam_by_principals not taking into account all principals
* Add test-case for iam_by_principals for 0-bootstrap stage

---------

Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
 2024-05-12 21:02:04 +02:00
Wiktor Niesiobędzki 6a3c7fe444
CloudSQL PSC Endpoints support (#2242) 
* Add PSC endpoints consumers to net-address
* Cloud SQL E2E tests
 2024-05-12 12:00:39 +02:00
Julio Castillo d838c4ac47
Make Simple NVA route IAP traffic through NIC 0 (#2262) 2024-05-09 18:29:25 +02:00
Julio Castillo c58850c096
Add Hybrid NAT support (#2261) 
* Updates to support hybid NAT

* Fix readme

* Fix variable order
 2024-05-09 13:24:41 +00:00
Ludovico Magnocavallo c9503d5ac5
Remove data source from folder module (#2260) 
* remove data source from folder module

* fix fast tfdoc

* fix locals type error

* fix folder test

* fix fast test
 2024-05-09 13:09:54 +00:00
Julio Castillo 94c32c1d71
Misc FAST fixes (#2253) 
* Misc FAST fixes

* Fix readme

* Fix FAST nva bgp tests
 2024-05-02 06:56:26 +00:00
Ludovico Magnocavallo 27a055a9cb
fix factory ingress policies (#2251) 2024-05-01 18:50:30 +02:00
apichick be966c4f32
Fixed issue with service networking DNS peering (#2246) 
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
 2024-04-28 20:18:02 +00:00
apichick ab174274de
Added new attributes Apigee organization and bumped up providers version (#2243) 2024-04-28 17:31:42 +02:00
Wiktor Niesiobędzki d831d32864 Use default labels on pubsub subscription when no override is provided 2024-04-27 09:22:41 +02:00
Julio Castillo 99129d54a3
Update FAST logging (#2235) 
* Update FAST logging

* Fix readme

* Fix tests
 2024-04-25 08:31:51 +02:00
Ludovico Magnocavallo 309792c559
Refactor vpc-sc support in project module, add support for dry run (#2229) 2024-04-22 09:28:01 +02:00
Wiktor Niesiobędzki 024d3255e6
Generalization of tflint call for FAST stages (#2225) 
* Generalization of tflint call for FAST

* Fix tfvars path

* Fix tfvars path - depending where the file is

* Fix regex

* Reeanble linting

* Align test directory to stage name

* Align all fast stages to use tftest
 2024-04-18 21:04:24 +02:00
Julio Castillo 3af7e257d2
Add tflint to pipelines (#2220) 
* Fix terraform_deprecated_index

https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.5.0/docs/rules/terraform_deprecated_index.md

* Fix terraform_deprecated_interpolation

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.5.0/docs/rules/terraform_deprecated_interpolation.md

* Fix more indexing

* Remove unused variable

* Enable TFLint for modules

* Add tflint config file

* Fix chdir

* Lint modules

* TFLint fixes

* TFLint

* Fixes binauthz README

* Fixes DNS response policy tests. Restores MIG outputs.

* Fixes other DNS response policy tests.

* Update tests for fast 2-e

* Moar fixed tests

---------

Co-authored-by: Simone Ruffilli <sruffilli@google.com>
 2024-04-17 10:23:48 +02:00
Ludovico Magnocavallo 9414779cc2
Allow multiple PSA service providers in net-vpc module (#2218) 
* allowing multiple PSA service providers in net-vpc module

* tfdoc

* tfdoc

* Add tfvars/yaml tests

* fix module and tests

* re-enable inventory

* merge fix

* Add multiple PSA test case

* fix cloudsql example

---------

Co-authored-by: Wiktor Niesiobędzki <wiktorn@google.com>
 2024-04-16 15:02:36 +00:00
Ludovico Magnocavallo 198d90c6fc
Remove data source from net-vpc module (#2216) 
* remove data source from net-vpc module

* fix test inventories

* remove data source, fix fast inventories
 2024-04-16 14:11:12 +03:00
Julio Castillo a74a106f8b
Add new org policies to FAST (#2215) 
* Add new org policies to FAST

* Fix tests
 2024-04-15 15:29:24 +02:00
Ludovico Magnocavallo fbc7e891db
Net LB App Internal Cross-Region recipe (#2214) 
* reorder tfdoc methods

* add support for recipes to tfdoc

* fix repo url in tfdoc

* update module README

* validated untested recipe

* validated untested refactored recipe

* add optional proxy subnet creation, outputs, fixes

* tested

* tfdoc fix

* fix README

* exclude examples from test collector
 2024-04-14 19:38:05 +03:00
Ludovico Magnocavallo 3138eb9025
add support for tags to GCS module (#2213) 2024-04-11 13:19:05 +00:00
Wiktor Niesiobędzki bca5901691 Fix project outputs inventory 2024-04-11 11:51:19 +02:00
Wiktor Niesiobędzki a236222a93 Add project quotas factory 2024-04-11 11:51:19 +02:00
Simone Ruffilli 7833203d87
Add support for GCS soft-delete retention period (#2212) 
* Add support for GCS soft-delete retention period
 2024-04-11 07:31:00 +00:00
Ludovico Magnocavallo 9cace5272f
Add support for quotas to project module (#2210) 
* add support for quotas to project module

* tfdoc

* better outputs

* Ensure keys in `quota_configs` are unique

* update fast tests

* Make quota E2E testable

* Remove quota project caveat

---------

Co-authored-by: Wiktor Niesiobędzki <wiktorn@google.com>
 2024-04-10 17:03:04 +00:00
Tone 2831af09fa
feat(gke-cluster-standard): Add optional `CiliumClusterWideNetworkPolicy` (#2207) 
* feat(gke-cluster-standard): Add optionnal `CiliumClusterWideNetworkPolicy`

Add `CiliumClusterWideNetworkPolicy` option on cluster.

Ref:
 - https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/container_cluster#enable_cilium_clusterwide_network_policy
 - https://cloud.google.com/kubernetes-engine/docs/how-to/configure-cilium-network-policy

* feat(gke-cluster-standard): Update Google provider to manage new feature

* feat(gke-cluster-standard): Move `cilium_clusterwide_network_policy` to `enable_features` field

* fix(scheduled-asset-inventory-export-bq): Set `dataset_id` with underscores

* fix(bigquery-dataset): Set `dataset_id` with underscores
 2024-04-09 17:08:36 +02:00
Ludovico Magnocavallo 8511170412
FAST security stage refactor (#2203) 
* first working change, missing docs and tests

* fixes

* tests

* boilerplate

* tfdoc
 2024-04-07 20:14:39 -07:00
bluPhy c420f17636
Updating cloud-run-v2 terraform and some typos (#2201) 
* Updating cloud-run-v2 terraform and some typos

Updating modules/cloud-run-v2/main.tf to determine the tcp_socket value

Fixin typos in:
tests/fixtures.py
modules/workstation-cluster/README.md
modules/net-lb-int/README.md
modules/dataplex/README.md
modules/dataform-repository/README.md
modules/__docs/20230816-iam-refactor.md
CONTRIBUTING.md
blueprints/third-party-solutions/f5-bigip/f5-bigip-ha-active/startup-script.tpl
blueprints/third-party-solutions/f5-bigip/f5-bigip-ha-active/README.md

* Update README.md

---------

Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
Co-authored-by: Ludovico Magnocavallo <ludo@qix.it>
 2024-04-07 09:49:07 +00:00
Julio Castillo a9ac0f40cd
Add variable to resman to control top-level folder IAM (#2196) 2024-04-04 10:26:35 +02:00
Ludovico Magnocavallo 33ffe2daa6
Allow r/o project factory SAs access to folder-level IAM (#2195) 
* allow project factory SAs read access to folder-level IAM

* tfdoc
 2024-04-03 21:51:46 +02:00
Elia b80132a618
FAST GCVE stage (#2191) 
* GCVE stage prerequisites

* fix gcve prereq

* gcve stage first deploy

* Updated readme filex

* docs updated

* some fixes after testing

* updated readme files

* elia fix

* gcve net admin custom role

* gcve net admin custom role

* elia fix

* ven peering deploy

* elia fix

* added blueprint and stage tests

* Edits to Readme files

* typo in outputs

* clean-up

* gcve stage tests fix

* readme fix

* fix sorting

* fix copyrights and readme file

* fix test

* fix copyright

* fixed gcve feature flag cond.

* removed validation

* fixed typo

* fixed typo

* fixed gcve tests

* fixed typo

* fixed typo

* fixed sorting

* fixed sorting

---------

Co-authored-by: Konrad Schieban <kschieban@google.com>
 2024-04-03 17:25:12 +02:00
Wiktor Niesiobędzki da4e5acd46 Fix failin e2e tests for Cloud Run CMEK 
* create a fixture adding IAM grants to Cloud Run service agent
* add to README.md information about required grant

Decided to add ths as a fixture though it may not be reused so:
* grant is not polluting the example
* grant is fairly easy discoverable from README.md
* setup_module is not burdened with additional grant which is used only
  for this example
 2024-03-28 15:02:56 +01:00
Ludovico Magnocavallo f487b27aa9
Fix default nodepool defaults in gke standard module (#2182) 
* fix default nodepool defaults in gke standard module

* fix inventory
 2024-03-28 11:22:14 +01:00
Tone 0f44e581d5
feat(gke-cluster-standard): Set optionnal `default_node_pool` configuration (#2175) 
* feat(gke-cluster-standard): Set optionnal `default_node_pool` configuration

* feat(gke-cluster-standard): Improve `default_node_pool` variable setup

* feat(gke-cluster-standard): Improve `default_node_pool` condition validation
 2024-03-26 18:05:35 +01:00
Wiktor Niesiobędzki f2806f347b Bump provider version to 5.18, so fix non-empty plan for google_notebooks_instance 2024-03-25 19:57:14 +01:00
Ludovico Magnocavallo a590deb58b
Fix subnet configuration in cloud nat module (#2171) 
* support optional secondary ranges in net-cloudnat module

* fix subnet configuration

* fix packer blueprint
 2024-03-22 15:59:02 +01:00
Ludovico Magnocavallo 5ac86ecae7
Support advanced_datapath_observability in gke cluster standard module (#2168) 
* support advanced_datapath_observability in gke cluster standard module

* bump provider to 5.17.0
 2024-03-22 08:25:43 +01:00