9d6e61428b
(WIP) Read-only service accounts for automation and CI/CD ( #1899 )
...
* add design doc for the new CI/CD sa
* describe the actual implementation
* specify which files will need to be changed
* Update 0-cicd-plan-sa.md
* Update 0-cicd-plan-sa.md
* Update 0-cicd-plan-sa.md
* Update 0-cicd-plan-sa.md
* Update 0-cicd-plan-sa.md
* Update 0-cicd-plan-sa.md
* Update 0-cicd-plan-sa.md
* Fix typo
* stage 0 read-only service accounts
* stage 0 IAM map
* linting
* cicd read-only service accounts
* tweak workflow templates
* roles and github workflow fixes
* tfdoc
* Ad-hoc custom role factory for FAST bootstrap
* use factory variable for custom roles data path
* custom roles factory in org/project modules
* tfdoc
* rename custom roles factory variable, fix gitlab template
* gitlab workflow fixes
* fix merge
* output plan results on failed assertion
* update stage 0 expected values
* data platform branch
* gke
* networking
* security
* project factory
* outputs
* workflow templates
* resman apply fixes
* tfdoc
* fix stage 1 test fixture
* fix gh workflow
* read-only resman sa roles
* fix test
* read-only resman sa roles
* read-only resman sa roles
* read-only resman sa roles
* read-only resman sa roles
* fix test variables
* rename wif principal attribute names
* rename wif principal variables
* multitenant stages
---------
Co-authored-by: Wiktor Niesiobędzki <wiktorn@google.com>
Co-authored-by: Julio Castillo <jccb@google.com>
2023-12-27 11:33:16 +00:00
c9a8d777ba
Add kernels.googleusercontent.com zone in dns response policy ( #1940 )
...
* Add kernels.googleusercontent.com zone in dns response policy
* update fast tests
2023-12-20 11:18:11 +01:00
6d89b88149
versions.tf maintenance + copyright notice bump ( #1782 )
...
* Bump copyright notice to 2023
* Delete versions.tf on blueprints
* Pin provider to major version 5
* Remove comment
* Fix lint
* fix bq-ml blueprint readme
---------
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
Co-authored-by: Julio Castillo <jccb@google.com>
2023-10-20 18:17:47 +02:00
e0d84fb10b
add sink for workspace logs ( #1780 )
2023-10-19 14:51:01 +00:00
e7e188818a
Add service usage consumer role to IaC SAs, refactor delegated grants in FAST ( #1773 )
...
* add serviceusage role to iac sas, refactor delegated grants
* fix test
* tfdoc
2023-10-18 12:18:31 +00:00
252127bde5
Billing account module ( #1743 )
...
* initial untested draft
* readme and tests
* folder module tfdoc
* remove redundant billing cost manager role in fast stage 0
* fix FAST test
2023-10-15 15:02:50 +00:00
4b15605711
Fix dnssec keys lookup ( #1728 )
...
* Fix dnssec keys lookup
* Fix DNS examples
* Fix FAST and blueprints resource counts
2023-10-03 21:37:21 +02:00
1dfa72cadf
Define and adopt standard IP ranges for FAST networking ( #1697 )
...
* Define and adopt standard IP ranges for FAST networking
This PR documents and adopts a consistent IP address plan for FAST
networking stages
Fixes #1644
* Fix documented aggregated ranges for FAST
* Fix tests
* Fix ip ranges in documentation
* Fix NVA stages README
2023-09-21 14:27:53 +00:00
77c1e69666
New phpIPAM serverless third parties solution in blueprints ( #1642 )
...
* Added new phpIPAM serverless third parties solution in blueprints
* added jit to iap.googleapis.com service in project module
* updated tests
2023-09-07 15:30:22 +02:00
12e78af055
Fix project factory blueprint and fast stage ( #1654 )
2023-09-07 12:48:39 +00:00
50a449965f
Fix: align stage-2-e-nva-bgp to the latest APIs
2023-08-23 13:34:11 +02:00
819894d2ba
IAM interface refactor ( #1595 )
...
* IAM modules refactor proposal
* policy
* subheading
* Update 20230816-iam-refactor.md
* log Julio's +1
* data-catalog-policy-tag
* dataproc
* dataproc
* folder
* folder
* folder
* folder
* project
* better filtering in test examples
* project
* folder
* folder
* organization
* fix variable descriptions
* kms
* net-vpc
* dataplex-datascan
* modules/iam-service-account
* modules/source-repository/
* blueprints/cloud-operations/vm-migration/
* blueprints/third-party-solutions/wordpress
* dataplex-datascan
* blueprints/cloud-operations/workload-identity-federation
* blueprints/data-solutions/cloudsql-multiregion/
* blueprints/data-solutions/composer-2
* Update 20230816-iam-refactor.md
* Update 20230816-iam-refactor.md
* capture discussion in architectural doc
* update variable names and refactor proposal
* project
* blueprints first round
* folder
* organization
* data-catalog-policy-tag
* re-enable folder inventory
* project module style fix
* dataproc
* source-repository
* source-repository tests
* dataplex-datascan
* dataplex-datascan tests
* net-vpc
* net-vpc test examples
* iam-service-account
* iam-service-account test examples
* kms
* boilerplate
* tfdoc
* fix module tests
* more blueprint fixes
* fix typo in data blueprints
* incomplete refactor of data platform foundations
* tfdoc
* data platform foundation
* refactor data platform foundation iam locals
* remove redundant example test
* shielded folder fix
* fix typo
* project factory
* project factory outputs
* tfdoc
* test workflow: less verbose tests, fix tf version
* re-enable -vv, shorter traceback, fix action version
* ignore github extension warning, re-enable action version
* fast bootstrap IAM, untested
* bootstrap stage IAM fixes
* stage 0 tests
* fast stage 1
* tenant stage 1
* minor changes to fast stage 0 and 1
* fast security stage
* fast mt stage 0
* fast mt stage 0
* fast pf
2023-08-20 09:44:20 +02:00
79373721df
Remove firewall policy management from resource management modules ( #1581 )
...
* rename firewall policy module, fix outputs
* add TOC to firewall policy module
* don't depend policy on parent id
* remove firewall policy from resource management modules
* remove factory conditionals
* fast net a and b
* fast stages
* fast tfdoc
* fast tfdoc
* remove unused test
* fix shielded folder blueprint
* fix shielded folder blueprint
2023-08-09 11:23:07 +00:00
cacb0c02e2
Refactoring of dns module
2023-07-19 12:57:44 +02:00
623c886e95
Peering dashboard ( #1492 )
...
* Adding dashboard to monitor VPC and VPC peering group quotas
* Adding 1 ressource to the tests (dashboard)
* Adding dashboard and tests for other networking architecture
* Update test
2023-07-05 18:25:31 +02:00
0fe3f165ed
Add VPN monitoring alerts to 2-networking and VPN usage chart
...
The Fast stage 2-networking-* currently adds a monitoring dashboard
for VPN metrics. This change adds an additional chart to monitor the
usage of the VPN bandwidth.
This change also adds the following monitoring alerts:
* VPN tunnel established
*
[VPN bandwidth](https://cloud.google.com/network-connectivity/docs/vpn/how-to/viewing-logs-metrics#define-bandwidth-alerts )
To configure the alerts, there is a new `alert_config` variable with
defined default values.
The alerts are created in the stage `b` by default. In the stages a,
c, d, and e, the alerts are created if the user creates the On-prem
VPN.
To disable the creation of alerts, add the following to
`terraform.tfvars`:
```
alert_config = {
vpn_tunnel_established = null
vpn_tunnel_bandwidth = null
}
```
2023-06-06 13:49:21 +01:00
efb0ebe689
Switch FAST networking stages to network policies for Google domains ( #1352 )
...
* peering stage implementation
* vpn stage implementation
* tfdoc
* tests
* add most supported google domains
* align all net stages
* add support for factory to DNS response policy module
* use dns policy factory in network stages
* boilerplate
2023-05-04 07:38:40 +02:00
c819305a42
Migrate apigee tests
2023-04-21 17:51:19 +02:00
a9cba47ce8
Add FAST stage 2-networking-e-nva-bgp (NVA+NCC)
...
Co-authored-by: Luca Prete <lucaprete@google.com>
Co-authored-by: Simone Bruzzechesse <bruzzechesse@google.com>
Co-authored-by: Simone Ruffilli <sruffilli@google.com>
2023-04-04 20:41:04 +02:00
3d41d01efc
FAST plugin system ( #1266 )
...
* plugin folder, gitignore, serverless connector example
* add support to fast plugin variables and outputs to tfdoc
* rename folder, READMEs
* add variable description
* show diffs
* check documentation, use multiple files
* debug check doc
* try a different glob
* debug tfdoc names
* more debug
* and even more debug
* fix gitignore
* fix links
* support extra files in tests
* fix fixture, switch stage 2 peering to new tests
* tfdoc
* Allow globs in extra files
---------
Co-authored-by: Julio Castillo <jccb@google.com>
2023-03-24 12:28:32 +00:00
5fb17cb3ac
Widen scope for prod project factory SA to dev ( #1263 )
...
* restrict storage role on outputs bucket for stage SAs
* grant prod project factory SA authority over prod and dev org policies
* network stages delegated grants on dev to prod pf SA
* security grants to prod pf SA on dev
* tfdoc
* tests
2023-03-17 16:24:55 +00:00
be06554bba
Simplify VPN implementation in FAST networking stages ( #1228 )
...
* peering stage
* fix link, toc
* vpn stage
* fix link
* nva stage
* fix examples and test
* separate envs stage
* tfdoc
2023-03-09 17:57:44 +01:00
e33caf0059
Fix tests
2023-03-07 17:52:00 +01:00
a5e905cb80
Update remaining org policies
2023-02-21 15:49:16 +01:00
8708f490ce
Allow configuring regions from tfvars in FAST networking stages ( #1137 )
...
* configurable regions
* vpn, tests
* tfdoc
* separate envs
* nva
* test resources
* add new custom role for tenant network service accounts
* allow setting firewall policy name in networking stages
* fix stage links script
* set custom role to tenant networking service account
* rename tenant stage 1 provider files
* remove extra file
* fix peering and vpn
* tfdoc
* fix variable order
* tests
2023-02-08 09:59:43 +01:00
5453c585e0
FAST multitenant bootstrap and resource management, rename org-level FAST stages ( #1052 )
...
* rename stages
* remove support for external org billing, rename output files
* resman: make groups optional, align on new billing account variable
* bootstrap: multitenant outputs
* tenant bootstrap stage, untested
* fix folder name
* fix stage 0 output names
* optional creation for tag keys in organization module
* single tenant bootstrap minus tag
* rename output files, add tenant tag key
* fix organization module tag values output
* test skipping creation for tags in organization module
* single tenant bootstrap plan working
* multitenant bootstrap
* tfdoc
* fix check links error messages
* fix links
* tfdoc
* fix links
* rename fast tests, fix bootstrap tests
* multitenant stages have their own folder, simplify stage numbering
* stage renumbering
* wip
* rename tests
* exclude fast providers in fixture
* stage 0 tests
* stage 1 tests
* network stages tests
* stage tests
* tfdoc
* fix links
* tfdoc
* multitenant tests
* remove local files
* stage links command
* fix links script, TODO
* wip
* wip single tenant bootstrap
* working tenant bootstrap
* update gitignore
* remove local files
* tfdoc
* remove local files
* allow tests for tenant bootstrap stage
* tenant bootstrap proxies stage 1 tfvars
* stage 2 and 3 service accounts and IAM in tenant bootstrap
* wip
* wip
* wip
* drop multitenant bootstrap
* tfdoc
* add missing stage 2 SAs, fix org-level IAM condition
* wip
* wip
* optional tag value creation in organization module
* stage 1 working
* linting
* linting
* READMEs
* wip
* Make stage-links script work in old macos bash
* stage links command help
* fix output file names
* diagrams
* fix svg
* stage 0 skeleton and diagram
* test svg
* test svg
* test diagram
* diagram
* readme
* fix stage links script
* stage 0 readme
* README changes
* stage readmes
* fix outputs order
* fix link
* fix tests
* stage 1 test
* skip stage example
* boilerplate
* fix tftest skip
* default bootstrap stage log sinks to log buckets
* add logging to tenant bootstrap
* move iam variables out of tenant config
* fix cicd, reintroduce missing variable
* use optional in stage 1 cicd variable
* rename extras stage
* rename and move identity providers local, use optional for cicd variable
* tfdoc
* add support for wif pool and providers, ci/cd
* tfdoc
* fix links
* better handling of modules repository
* add missing role on logging project
* fix cicd pools in locals, test cicd
* fix workflow extension
* fix module source replacement
* allow tenant bootstrap cicd sa to impersonate resman sa
* tenant workflow templates fix for no providers file
* fix output files, push github workflow template to new repository
* remove try from outpout files
* align stage 1 cicd internals to stage 0
* tfdoc
* tests
* fix tests
* tests
* improve variable descriptions
* use optional in fast features
* actually create tenant log sinks, and allow the resman sa to do it
* test
* tests
* aaaand tests again
* fast features tenant override
* fast features tenant override
* fix wording
* add missing comment
* configure pf service accounts
* add missing comment
* tfdoc
* tests
* IAM docs
* update copyright
---------
Co-authored-by: Julio Castillo <jccb@google.com>
2023-02-04 15:00:45 +01:00
edd3a82453
Include cloudbuild API in project module ( #1116 )
...
* Include cloudbuild API in project module
* Increase number of resources
2023-01-27 21:38:01 +01:00
09ad53000e
Remove recursive_e2e_plan_runner
2022-12-18 14:00:20 +01:00
be0e807435
Bring back `tests` key in test yaml spec
2022-12-06 00:06:29 +01:00
589f7a5c2f
Simplify yaml test spec
2022-12-06 00:06:29 +01:00
34f01762c3
Simplify fast bootstrap test
2022-12-06 00:06:29 +01:00
2af4a826fa
Initial FAST bootstrap fixture
2022-12-06 00:06:29 +01:00
b4d3aa2055
Migrate organizations tests
2022-12-06 00:06:29 +01:00
8631d698cb
Reorder fixture parameters
2022-12-06 00:06:29 +01:00
354ab110f8
Simplify path handling
2022-12-06 00:06:29 +01:00
181533786b
remove key from fast values inventory
2022-12-06 00:06:29 +01:00
0619b35ae6
Fix fast test
2022-12-06 00:06:29 +01:00
dc1fda0fd8
First tests using fast
2022-12-06 00:06:29 +01:00
8c43b72dd4
Remove stale xmark from parellel testing attempt
2022-12-06 00:06:29 +01:00
a9c47681d8
Refactor vps-sc module for Terraform 1.3 ( #963 )
...
* wip
* example tests
* module tests
* streamline example
* fast
* tfdoc
* use collections.Counter in tests
2022-11-10 19:34:45 +01:00
fc7bf40e69
Initial replacement for CI/CD stage ( #903 )
...
* github extra stage
* remove original cicd stage
* allow setting commit attributes via variabes
* remove reference to deleted stage
* optional repo creation, documentation
2022-10-23 19:52:45 +02:00
4b798fb34d
Run tests in parallel using `pytest-xdist` ( #881 )
...
* test terraform cache
* try pytest-xdist
* revert cache changes
* extend to other jobs
* change dist, bump processes to 4
* revert
* mark tests
* run init to prime providers cache
* prime providers cache
* prime providers cache for all jobs
* add local provider to versions
* remove leftover code
2022-10-14 14:56:16 +02:00
e8056577ce
Refactor GKE nodepool and blueprints ( #875 )
...
* first shot, untested
* example tests working
* module tests
* work on gke blueprints
* multitenant fleet doc examples
* fix gke hub doc examples
* blueprint tests
* move master range to vpc config
* fast stage 3 gke test
* tfdoc
* bump provider versions
* and bump provider again to latest
2022-10-12 12:59:36 +02:00
24c3ffe66b
FAST: Separate network environment ( #566 )
2022-10-10 11:50:07 +02:00
78d1a09aeb
Enable FAST 00-cicd provider test ( #865 )
...
* enable fast 00-cicd provider test
* don't overwrite version files in CI
* change provider pinning for all tests in CI file
2022-10-07 13:20:56 +02:00
a0171b2c49
Bump terraform required version ( #864 )
...
* bump terraform required version
* fix test
* debug test
* debug test
* disable test
* fix CI file, bump terraform action version
2022-10-07 12:51:56 +02:00
7e9173d35d
Create fully recursive e2e test runner
2022-09-12 13:58:11 +02:00
72da12e377
Rename gke-serverless to gke and add test for fast gke stage
2022-09-12 09:56:25 +02:00
52e7e0517a
Merge branch 'master' into fast/gke2
2022-08-24 15:37:15 +02:00
5b7f6ab91a
fix data-platform-dev folder in stage 03-data-platform ( #774 )
2022-08-16 09:36:24 +02:00
Ludovico Magnocavallo
simonebruzzechesse
Simone Ruffilli
Julio Castillo
Luca Prete
Miren Esnaola
Aurélien Legrand
Ana Fernandez del Alamo
Ayman Farhat
Stefan Tomm