zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
5,370 Commits 3 Branches 352 Tags 58 MiB
Commit Graph

536 Commits

Author SHA1 Message Date
Wiktor Niesiobędzki 439e9a1af9 Internet NEG for net-lb-proxy-int 2024-05-24 12:56:28 +02:00
Ludovico Magnocavallo 980011806c
fix permadiff in cloud nat module (#2301) 2024-05-23 08:38:03 +02:00
Ludovico Magnocavallo ef5178c929
add support for shared vpc host to project factory (#2300) 2024-05-22 07:56:34 +00:00
simonebruzzechesse 1e149c18fc
New alloydb module (#2285) 
* add alloydb module

---------

Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
 2024-05-22 09:40:25 +02:00
Wiktor Niesiobędzki 1ecd637932
Internet NEG for net-lb-app-int (#2293) 
Internet NEG for net-lb-app-int
 2024-05-20 21:12:39 +02:00
Simone Ruffilli 9a26fe8635
Add support for reserved_internal_range in net-vpc (#2275) 
Adds support for reserved_internal_range to net-vpc
 2024-05-14 22:19:45 +03:00
Ludovico Magnocavallo e4941c27f2
Implement the full IAM interface for tags (#2269) 
* IAM authoritative bindings in org module

* remove extra newline

* organization module

* project module

* tfdoc
 2024-05-13 20:18:51 +02:00
Wiktor Niesiobędzki 6a3c7fe444
CloudSQL PSC Endpoints support (#2242) 
* Add PSC endpoints consumers to net-address
* Cloud SQL E2E tests
 2024-05-12 12:00:39 +02:00
Julio Castillo c58850c096
Add Hybrid NAT support (#2261) 
* Updates to support hybid NAT

* Fix readme

* Fix variable order
 2024-05-09 13:24:41 +00:00
Ludovico Magnocavallo c9503d5ac5
Remove data source from folder module (#2260) 
* remove data source from folder module

* fix fast tfdoc

* fix locals type error

* fix folder test

* fix fast test
 2024-05-09 13:09:54 +00:00
Ludovico Magnocavallo 27a055a9cb
fix factory ingress policies (#2251) 2024-05-01 18:50:30 +02:00
apichick be966c4f32
Fixed issue with service networking DNS peering (#2246) 
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
 2024-04-28 20:18:02 +00:00
Wiktor Niesiobędzki d831d32864 Use default labels on pubsub subscription when no override is provided 2024-04-27 09:22:41 +02:00
Ludovico Magnocavallo 309792c559
Refactor vpc-sc support in project module, add support for dry run (#2229) 2024-04-22 09:28:01 +02:00
Julio Castillo 3af7e257d2
Add tflint to pipelines (#2220) 
* Fix terraform_deprecated_index

https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.5.0/docs/rules/terraform_deprecated_index.md

* Fix terraform_deprecated_interpolation

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.5.0/docs/rules/terraform_deprecated_interpolation.md

* Fix more indexing

* Remove unused variable

* Enable TFLint for modules

* Add tflint config file

* Fix chdir

* Lint modules

* TFLint fixes

* TFLint

* Fixes binauthz README

* Fixes DNS response policy tests. Restores MIG outputs.

* Fixes other DNS response policy tests.

* Update tests for fast 2-e

* Moar fixed tests

---------

Co-authored-by: Simone Ruffilli <sruffilli@google.com>
 2024-04-17 10:23:48 +02:00
Ludovico Magnocavallo 9414779cc2
Allow multiple PSA service providers in net-vpc module (#2218) 
* allowing multiple PSA service providers in net-vpc module

* tfdoc

* tfdoc

* Add tfvars/yaml tests

* fix module and tests

* re-enable inventory

* merge fix

* Add multiple PSA test case

* fix cloudsql example

---------

Co-authored-by: Wiktor Niesiobędzki <wiktorn@google.com>
 2024-04-16 15:02:36 +00:00
Ludovico Magnocavallo 198d90c6fc
Remove data source from net-vpc module (#2216) 
* remove data source from net-vpc module

* fix test inventories

* remove data source, fix fast inventories
 2024-04-16 14:11:12 +03:00
Ludovico Magnocavallo 3138eb9025
add support for tags to GCS module (#2213) 2024-04-11 13:19:05 +00:00
Wiktor Niesiobędzki bca5901691 Fix project outputs inventory 2024-04-11 11:51:19 +02:00
Wiktor Niesiobędzki a236222a93 Add project quotas factory 2024-04-11 11:51:19 +02:00
Simone Ruffilli 7833203d87
Add support for GCS soft-delete retention period (#2212) 
* Add support for GCS soft-delete retention period
 2024-04-11 07:31:00 +00:00
Tone 2831af09fa
feat(gke-cluster-standard): Add optional `CiliumClusterWideNetworkPolicy` (#2207) 
* feat(gke-cluster-standard): Add optionnal `CiliumClusterWideNetworkPolicy`

Add `CiliumClusterWideNetworkPolicy` option on cluster.

Ref:
 - https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/container_cluster#enable_cilium_clusterwide_network_policy
 - https://cloud.google.com/kubernetes-engine/docs/how-to/configure-cilium-network-policy

* feat(gke-cluster-standard): Update Google provider to manage new feature

* feat(gke-cluster-standard): Move `cilium_clusterwide_network_policy` to `enable_features` field

* fix(scheduled-asset-inventory-export-bq): Set `dataset_id` with underscores

* fix(bigquery-dataset): Set `dataset_id` with underscores
 2024-04-09 17:08:36 +02:00
Ludovico Magnocavallo f487b27aa9
Fix default nodepool defaults in gke standard module (#2182) 
* fix default nodepool defaults in gke standard module

* fix inventory
 2024-03-28 11:22:14 +01:00
Tone 0f44e581d5
feat(gke-cluster-standard): Set optionnal `default_node_pool` configuration (#2175) 
* feat(gke-cluster-standard): Set optionnal `default_node_pool` configuration

* feat(gke-cluster-standard): Improve `default_node_pool` variable setup

* feat(gke-cluster-standard): Improve `default_node_pool` condition validation
 2024-03-26 18:05:35 +01:00
Ludovico Magnocavallo a590deb58b
Fix subnet configuration in cloud nat module (#2171) 
* support optional secondary ranges in net-cloudnat module

* fix subnet configuration

* fix packer blueprint
 2024-03-22 15:59:02 +01:00
andybubu 688c6cfb79
feat: add e2e test for pubsub module (#2163) 
* feat: add e2e test for pubsub module
 2024-03-20 17:30:30 +01:00
Ludovico Magnocavallo 7f8d2834b3
Support automation/controlling projects and resources in project factory (#2162) 
* initial implementation not tested

* project factory automation project support
 2024-03-19 15:50:06 +00:00
Julio Castillo 28f02688ee
Add folder factory to project-factory module (#2152) 
* WIP Folder Factory

* parent keys and general fixes

* changes

* update README and example test, add support for hierarchy projects

---------

Co-authored-by: Ludo <ludomagno@google.com>
 2024-03-14 15:03:42 +03:00
dibaskar-google 4a187811d5
Kms e2e tests (#2151) 
kms e2e tests
 2024-03-13 11:31:21 +01:00
Magido Mascate 3cd43aca62
Cloudnat E-2-E Tests (#2149) 
* Create E2E tests for Cloud NAT

---------

Co-authored-by: Magido Mascate <magido@google.com>
 2024-03-11 16:47:11 +01:00
andybubu 105a19b9de
feat: add e2e test for compute-mig module (#2132) 
add e2e test for compute-mig module
 2024-03-06 20:30:20 +00:00
Ludovico Magnocavallo 39139e2fa1
add support for service account IAM variables to pf (#2130) 2024-03-05 13:13:02 +01:00
Ludovico Magnocavallo da68d3cfc4
Add support for PSC network attachments and interfaces in modules (#2125) 
* support network attachments in net-vpc module

* support network attachments in net-address module

* fix examples

* fix examples

* add support for psc interfaces to compute-vm module
 2024-03-04 10:12:11 +01:00
Ludovico Magnocavallo 525684faf3
Define service attachment interface for lb modules and implement in internal LBs (#2122) 
* add service attachment support to lb app int module

* allow direct referencing of self managed ig in ilb module

* add service attachment support to net-ilb-int

* add service attachments example to net-lb-int

* fix resource name in net-lb-ext

* rename fwd rules resource in test inventories

* add toc to net-lb-int
 2024-03-02 18:36:29 +00:00
Ludovico Magnocavallo dbabfb9ae0
Add support for billing budgets to project factory (#2112) 
* align factory variable name in project factory module

* tested

* align fast stage
 2024-02-27 18:13:49 +00:00
Ludovico Magnocavallo 6941313c7d
Factories refactor (#1843) 
* factories refactor doc

* Adds file schema and filesystem organization

* Update 20231106-factories.md

* move factories out of blueprints and create new factories  README

* align factory in billing-account module

* align factory in dataplex-datascan module

* align factory in billing-account module

* align factory in net-firewall-policy module

* align factory in dns-response-policy module

* align factory in net-vpc-firewall module

* align factory in net-vpc module

* align factory variable names in FAST

* remove decentralized firewall blueprint

* bump terraform version

* bump module versions

* update top-level READMEs

* move project factory to modules

* fix variable names and tests

* tfdoc

* remove changelog link

* add project factory to top-level README

* fix cludrun eventarc diff

* fix README

* fix cludrun eventarc diff

---------

Co-authored-by: Simone Ruffilli <sruffilli@google.com>
 2024-02-26 10:16:52 +00:00
Wiktor Niesiobędzki 9a95ac10ed Once again fix e2e tests 2024-02-23 19:21:39 +01:00
Wiktor Niesiobędzki 8fd8ee0541 Fix too long project names on e2e tests 2024-02-23 11:41:58 +01:00
Julio Castillo 5197d5ca8d
Allow projects as destinations for log sinks (#2102) 
* Add project log sink destination to project module

* Add project log sink destination to folder module

* Add project log sink destination to organization module

* Fix typos

* Add project log sink destination to billing-account module

* Make filter field optional

* Update READMEs

---------

Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
 2024-02-21 08:41:13 +01:00
Thinh Ha 82f11e7ca5
add analytics hub module (#2087) 2024-02-19 15:55:00 +00:00
Wiktor Niesiobędzki bee3072568
Add support for Cloud Run v2 jobs (#1954) 
Add support for Cloud Run v2 jobs

* create a separate file for service creation (service.tf) and job
  (job.tf) - for easy comparison
* add E2E tests where possibile
* remove default value for input variable `region`
* fix subnet range VPC Access Connector example
* add creation of service account for audit logs call (trigger requires
  service account)
* use provided trigger service account email in
  `local.trigger_sa_email`, so explicitly provided SA is passed to
  trigger
* set default value for vpc_connector_create.throughput.max, to match
  what is set by GCP API, as provider uses wrong default of 300 which
  results in perma-diff
* create inventory fiels for all examples

Global changes
* (tests) add input variable `project_number`, to allow assigning IAM permissions to Service Accounts in fixtures
* (tests) fix not outputting the path, when object is not found in inventory
* (tests) fix `create_e2e_sandbox.sh` - now it properly finds root of the repo

Secret Manager
* added `version_versions` output, to allow specifying versions in other modules. `versions` is sensitive and it makes it unsuitable for `for_each` values

New test fixtures
* `pubsub.tf` - creating one topic
* `secret-credential.tf` - creating Secret Manager `credential` secret
* `shared-vpc.tf` - creating two projects (host and service), and vpc in host project
* `vpc-connector.tf` - creating VPC Access Connector instance
 2024-02-18 14:57:34 +01:00
Ludovico Magnocavallo 91615e0140
VPC-SC module factories (#2081) 
* factory untested

* factory example test
 2024-02-17 08:02:16 +01:00
Wiktor Niesiobędzki 72183be254 Use less conflicting IP 2024-02-13 07:40:31 +01:00
Ludovico Magnocavallo 71a64487d5
Extend FAST to support different principal types (#2064) 
* add doc draft

* typos

* typo

* typo

* typos

* rewording

* Update 0-domainless-iam.md

* Update 0-domainless-iam.md

* Update 0-domainless-iam.md

* Update 0-domainless-iam.md

* Update 0-domainless-iam.md

* Update 0-domainless-iam.md

* Update 0-domainless-iam.md

* Update 0-domainless-iam.md

* Update 0-domainless-iam.md

* Update 0-domainless-iam.md

* move iam variables to a separate file

* move billing-account module to iam_principals

* move data-catalog-policy-tag module to iam_principals

* move dataplex-datascan module to iam_principals

* move dataproc module to iam_principals

* move folder module to iam_principals

* copyright

* move organization module to iam_principals

* move project module to iam_principals

* move source-repository module to iam_principals

* update blueprints for iam_principals interface

* FAST bootstrap

* module READMEs fixes

* FAST bootstrap

* FAST networking stages

* FAST security stage

* FAST gke stage

* FAST multitenant bootstrap stage

* FAST multitenant resman stage

* tfdoc

* Update 0-domainless-iam.md

* Update 0-domainless-iam.md

* Update 0-domainless-iam.md

* Update 0-domainless-iam.md

* fix module test

* Update 0-domainless-iam.md

* Update 0-domainless-iam.md

* Rename iam_principals to iam_by_principals

* Update IAM template to include iam_by_principals

* Update Resman README

* Fix ADR link format

---------

Co-authored-by: Julio Castillo <jccb@google.com>
 2024-02-12 14:35:30 +01:00
Ludovico Magnocavallo 01c7f806ce
Selectively enable logging in FAST and firewall policy module rules (#2032) 
* use logging in firewall policy module examples

* enable logging for selected hierarchical firewall rules
 2024-01-31 09:50:35 +01:00
Ludovico Magnocavallo bf93b6fb4e
fix typo in logging sinks interface (#2015) 2024-01-28 10:27:28 +01:00
Wiktor Niesiobędzki 526185fd1f
Remove default region for Cloud Function and Cloud Run (#2004) 
Remove default region for Cloud Function and Cloud Run
 2024-01-24 10:23:40 +00:00
Wiktor Niesiobędzki 277777d1c7
Fix DNS E2E test + add one to net-lb-app-int-cross-region (#1993) 
* Fix DNS E2E test + add one to net-lb-app-int-cross-region

* Update README.md

* Fix inventory for tests

* Fix tests

* Fix number of resources

---------

Co-authored-by: Julio Castillo <jccb@google.com>
 2024-01-23 16:34:45 +01:00
Ludovico Magnocavallo 37dc48bca4
fix factory type for firewall rule ports (#1996) 2024-01-21 12:38:24 +01:00
dibaskar-google 4ed738688a
dns reponse policy e2e changes (#1994) 
dns reponse policy e2e changes
 2024-01-20 19:47:02 +01:00