zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
5,486 Commits 3 Branches 352 Tags 59 MiB
Commit Graph

1863 Commits

Author SHA1 Message Date
lcaggio aa9b1479b7
Data catalog Tag module (#2060) 
* First commit

* Update README

* Add todo

* Fix required_version
 2024-02-13 17:24:17 +01:00
Wiktor Niesiobędzki 72183be254 Use less conflicting IP 2024-02-13 07:40:31 +01:00
Ludovico Magnocavallo 71a64487d5
Extend FAST to support different principal types (#2064) 
* add doc draft

* typos

* typo

* typo

* typos

* rewording

* Update 0-domainless-iam.md

* Update 0-domainless-iam.md

* Update 0-domainless-iam.md

* Update 0-domainless-iam.md

* Update 0-domainless-iam.md

* Update 0-domainless-iam.md

* Update 0-domainless-iam.md

* Update 0-domainless-iam.md

* Update 0-domainless-iam.md

* Update 0-domainless-iam.md

* move iam variables to a separate file

* move billing-account module to iam_principals

* move data-catalog-policy-tag module to iam_principals

* move dataplex-datascan module to iam_principals

* move dataproc module to iam_principals

* move folder module to iam_principals

* copyright

* move organization module to iam_principals

* move project module to iam_principals

* move source-repository module to iam_principals

* update blueprints for iam_principals interface

* FAST bootstrap

* module READMEs fixes

* FAST bootstrap

* FAST networking stages

* FAST security stage

* FAST gke stage

* FAST multitenant bootstrap stage

* FAST multitenant resman stage

* tfdoc

* Update 0-domainless-iam.md

* Update 0-domainless-iam.md

* Update 0-domainless-iam.md

* Update 0-domainless-iam.md

* fix module test

* Update 0-domainless-iam.md

* Update 0-domainless-iam.md

* Rename iam_principals to iam_by_principals

* Update IAM template to include iam_by_principals

* Update Resman README

* Fix ADR link format

---------

Co-authored-by: Julio Castillo <jccb@google.com>
 2024-02-12 14:35:30 +01:00
lcaggio 50c7d3c0e9
Add Tags in project output. (#2062) 2024-02-09 10:42:18 +01:00
Wiktor Niesiobędzki 2c9eb5795b Bum terraform to version 1.7.0 2024-02-07 17:25:11 +01:00
luigi-bitonti cb9a9ab373
Added destroy_scheduled_duration variable (#2053) 
* Added destroy_scheduled_duration variable

* Fix doc

* Removed default value
 2024-02-07 15:47:49 +00:00
Deepak Kumar 27e503a3ac
fix: auto_provisioning_defaults is not really optional (#2051) 
Due to the disk_type validation for auto provision node pool,
this module always forced to create a GKE standard cluster
with a auto provisioned node pool. This is not desirable if
you manage pools separately like using the `gke-nodepool`.
 2024-02-06 07:09:13 +01:00
Harald Haas dda0250c4c
Fix dnssec_config issue on state off (#2035) 2024-02-01 06:53:32 +00:00
Ludovico Magnocavallo 01c7f806ce
Selectively enable logging in FAST and firewall policy module rules (#2032) 
* use logging in firewall policy module examples

* enable logging for selected hierarchical firewall rules
 2024-01-31 09:50:35 +01:00
Julio Castillo da95434308
logging for default ingress rules in FAST (#2030) 
* Add default ingress deny rule with logging to FAST net stages.

Fixes #2024

* Allow firewall factory to omit rules key

* Fix tests

* Fix fast tests

* fix fast tests
 2024-01-30 16:53:01 +00:00
shourya116 7b58114d65
Updated the DataQualitySpec for Dataplex Datascan (#2008) 
* Updated the DataQualitySpec for Dataplex Datascan

* Fix linting

---------

Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
Co-authored-by: Julio Castillo <jccb@google.com>
 2024-01-30 15:14:49 +00:00
lcaggio 37fc16ab42
Fix tests in README (#2027) 2024-01-30 11:04:47 +00:00
Ludovico Magnocavallo bf93b6fb4e
fix typo in logging sinks interface (#2015) 2024-01-28 10:27:28 +01:00
lcaggio 19dc6090fc
Add Tag Template module (#2013) 
* Tag policy module

---------

Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
 2024-01-27 12:30:21 +01:00
Blake Corbitt 9c1afa6261
Issue #2011 - add support for target_resources in hierarchical policy for net-firewall-policy module. (#2012) 
* Issue #2011 - Add support for target_resources in hierarchical firewall policy

* Removing errant character in factory.tf
 2024-01-25 17:56:17 +00:00
Amela Spica 1a8400e60e
Fixes and additional support for ssl_mode for CloudSQL module (#2002) 
* added ssl mode, ignore password change and maintenance fix

* validation - ssl mode can be null

* removed ignore password

* readme update

* added moved, shortened ssl_mode desc

* order fix

* fmt

* created ssl variable

* handle exceptions

* removed null from optional

* change ssl from null to empty object

* output ordered alphabetically

* readme update

* default value of require_ssl
 2024-01-25 16:29:07 +01:00
Ludovico Magnocavallo 6d9b6403dd
add support for essential contacts to FAST (#2010) 2024-01-25 12:20:14 +01:00
Ludovico Magnocavallo c5416f3af1
Tighten up security of automation project (CSPR-related) (#2009) 
* enforce compute/iam policies on the automation project

* tests
 2024-01-24 18:40:36 +00:00
marcjwo 6b4dad01d6
Marcwo/dataform module (#2001) 
* pre PR commit

* added IAM functionality

* clean up of readme

* versions.tf fix

* added separate iam.tf, facilitated existing secret manager module

* corrected optional variable defaults

* adjusted readme to new changes

* adjusted tftest line in readme for changed example

* reverted the module back to a state where it only manages one instance

* minor fix for main readme.md

---------

Co-authored-by: Julio Castillo <jccb@google.com>
 2024-01-24 17:13:21 +01:00
Miro Michalicka 15439c3f5b
Fix named ranges behaviour if cidr_tpl_file variable not provided. (#2005) 
* Fix named ranges behaviour if cidr_tpl_file variable not provided.

* Fix and extend tests.

* fix map syntax

---------

Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
 2024-01-24 11:18:11 +00:00
Wiktor Niesiobędzki 526185fd1f
Remove default region for Cloud Function and Cloud Run (#2004) 
Remove default region for Cloud Function and Cloud Run
 2024-01-24 10:23:40 +00:00
Wiktor Niesiobędzki 277777d1c7
Fix DNS E2E test + add one to net-lb-app-int-cross-region (#1993) 
* Fix DNS E2E test + add one to net-lb-app-int-cross-region

* Update README.md

* Fix inventory for tests

* Fix tests

* Fix number of resources

---------

Co-authored-by: Julio Castillo <jccb@google.com>
 2024-01-23 16:34:45 +01:00
luigi-bitonti 0ef7ee4670
Added beta apis feature (#1999) 2024-01-23 11:09:22 +00:00
Ludovico Magnocavallo 37dc48bca4
fix factory type for firewall rule ports (#1996) 2024-01-21 12:38:24 +01:00
dibaskar-google 4ed738688a
dns reponse policy e2e changes (#1994) 
dns reponse policy e2e changes
 2024-01-20 19:47:02 +01:00
Ludovico Magnocavallo 11d7edac64
Add example to FAST GKE stage, streamline GKE Hub module variables and usage (#1977) 
* implement optionals in gke-hub module

* simplify gke hub module call in mc mesh blueprint

* simplify gke hub module call and variables in multitenant blueprint

* gke hub inventory

* provide cluster and fleet examples in stage
 2024-01-20 10:06:38 +00:00
Deepak Kumar d62012cebc
Specify `docker_repository` field for google_cloudfunctions2_function (#1987) 
* fix: allow configuring `docker_repository` for cloud-function2

When docker repository is not specified by default docker repository
`projects/PROJECT_ID/locations/REGION/repositories/gcf-artifacts` is used.
In such a case, terraform plan always generates a difference for `docker_repository`
field as the module passes null value but the tfstate file has the above specified
default value. This fix allows one to prevent unnecessary infrastructure change when
using the default repository as well as any user created repository.

* doc: updated README for cloud-function-v2

---------

Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
 2024-01-20 09:40:26 +00:00
Wiktor Niesiobędzki 09176feaec
Fix typo in example 2024-01-18 19:46:53 +01:00
apichick 228a4a82c3 Fixed README and test for dns module 2024-01-18 19:04:03 +01:00
apichick 4bf394a916 Added health checked targets for geo routing policy in dns module 
Added health checked targets for geo routing policy in dns module
 2024-01-18 16:39:56 +01:00
Tahar JEGHAM 1c99bae649
feat: enable mtls on external application application load balancer (#1979) 
* feat: enable mtls on external application application load balancer

* refactor: move variable inside https_proxy_config block

---------

Co-authored-by: Julio Castillo <jccb@google.com>
 2024-01-17 06:24:54 +00:00
Luca Prete bc506795f2
compute-vm: add resource manager tags support for instance templates (#1982) 2024-01-16 17:40:15 +00:00
apichick 5ba54aeaf7 Added Cross-region internal application load balancer module 2024-01-16 17:54:50 +01:00
Viliam Pucik 5372361b8c
Proper validation of empty string value in identity_type (#1980) 2024-01-16 10:28:30 +01:00
Viliam Pucik 19eb247849
Fix identity_type (#1978) 
* Allow empty string for 'identity_type' supported by Google provider and use correct value name for ingress 'identity_type'

* Sanitizing variables as the logical operators in Terraform do not short-circuit.
 2024-01-15 20:40:06 +00:00
luigi-bitonti cec11d2d55
Add support for service_external_ips_config to GKE cluster modules (#1970) 
* Added variable in gke standard and autopilot modules

* Changed variable position

* Added dynamic block
 2024-01-12 11:50:53 +01:00
Julio Castillo 46f437fd5d
use provided SA for cloud function v2 trigger (#1968) 2024-01-08 16:39:01 +00:00
Jan Toth d1746b8bd1
Support for ANY_USER_ACCOUNT in module vpc-sc egress rule. (#1966) 2024-01-08 14:23:07 +01:00
Wiktor Niesiobędzki af41e0fe38 Use fixtures in net-lb-ext 2024-01-06 17:09:49 +01:00
Jason Steenblik e10664984e
Create bigtable service identity with project if api is enabled (#1958) 2024-01-06 16:38:08 +01:00
Wiktor Niesiobędzki 39822888ad Add support for subnetwork for external addresses 
For IPv6 it is necessary to provide subnetwork when reserving external
address.
 2024-01-06 14:02:52 +01:00
Wiktor Niesiobędzki b92135a56d Remove null address for PSC 
null address results in following error:
Error creating GlobalAddress: googleapi: Error 400: Invalid value for field 'resource.address': ''. The field is not a valid IP address or does not match the given prefix length, invalid
 2024-01-06 14:02:52 +01:00
Wiktor Niesiobędzki 3470661993 IPv6 address reservation not supported for ILB 
Error creating Address: googleapi: Error 400: Invalid value for field 'resource.purpose': 'SHARED_LOADBALANCER_VIP'. Shared LoadBalancer VIP IPv6 address reservation is not supported., invalid
 2024-01-06 14:02:52 +01:00
Wiktor Niesiobędzki 8afdf66a09 Add end-to-end tests for net-address 2024-01-06 14:02:52 +01:00
Wiktor Niesiobędzki 0e39676c99 Remove tier for internall addresses 
Error creating Address: googleapi: Error 400: Invalid value for field 'resource.networkTier': 'STANDARD'. An address with type INTERNAL cannot have a network tier., invalid
 2024-01-06 14:02:52 +01:00
Wiktor Niesiobędzki 2a66fcab2e Fix HTTP to HTTPS example 2024-01-06 12:05:53 +01:00
Wiktor Niesiobędzki 05dd4b89b6 Enable E2E tests for net-lb-app-ext-regional 
HTTP to HTTPS needs work, now fails with:
Error: Error creating ForwardingRule: googleapi: Error 400: Invalid value for field 'resource.IPAddress': '34.160.52.156'. Invalid IP address specified., invalid

  with module.ralb-test-0-redirect.google_compute_forwarding_rule.default,
  on fabric/modules/net-lb-app-ext-regional/main.tf line 32, in resource "google_compute_forwarding_rule" "default":
  32: resource "google_compute_forwarding_rule" "default" {
 2024-01-06 12:05:53 +01:00
Wiktor Niesiobędzki a6e377fad2 Rename compute-mig-bc.tf to compute-vm-group-bc.tf 2024-01-06 12:05:53 +01:00
Julio Castillo 4e6d65b466
Update README.md 2024-01-05 17:30:34 +01:00
Julio Castillo 8beb621e07
New module for external regional application load balancer (#1892) 
* Initial version of regional external application load balancer.

* Fix tests

* Remove unsupported features in regional app lbs

* update readme with fixtures

* Add ssl-certificate fixture

* Switch examples to regions b c

* Remove redundant NEG examples

* Update README

* Update versions.tf

* Add missing boilerplate
 2024-01-05 16:59:27 +01:00
Stefano Tribioli 0ca3203e52 Capitalize Private Network Access 2024-01-05 15:05:32 +00:00
Stefano Tribioli a4def10c19 Add PNA support to Service Directory module 
Endpoints in Service Directory can be *associated* with a
VPC. In this case, they can be used by supported Google
Cloud products to send requests directly to resources inside
a VPC. This feature is called Private Network Access.

The `google_service_directory_endpoint` resource supports
this configuration with a new argument `network`.
Unfortunately, this argument has an unusual format: it
is similar to a standard VPC ID, but instead of the project ID,
it expects the project number.
 2024-01-05 15:05:32 +00:00
Julio Castillo c13a192755
Use zones b and c for MIG fixture (#1961) 2024-01-05 15:02:12 +00:00
Julio Castillo cc079e3a32
net-lb-app-ext example fixes (#1959) 
* Fix typos

* Small fixes net-lb-app-ext examples
 2024-01-05 13:38:30 +00:00
Andy Bubune Amewuda 3edacd0aba Add e2e test for net_lb_app_ext module 2024-01-05 10:02:23 +01:00
Jason Steenblik 22e9e9e950
Support CMEK encryption on Bigtable instances. (#1956) 2024-01-05 09:29:36 +01:00
Julio Castillo fde7b76036
Allow per-module terraform fixtures (#1914) 
* Allow terraform fixtures for examples

* Allow defining multiple fixtures, and named fixtures under tests/fixtures/

* Enable e2e for wiktorn

* Fix prepare_files call for e2e

* Move fixture to separate file, fix test

* Revert shallow-copying symlinks, performane penalty - 20%

* Update tfdoc.py to list used fixtures

---------

Co-authored-by: Wiktor Niesiobędzki <wiktorn@google.com>
 2023-12-29 09:43:44 +00:00
Julio Diez 9a7c600b6f
Merge branch 'master' into 1849-implement-cloud-run-module-version-2 2023-12-26 11:52:42 +01:00
Julio Diez 81814c3e4e Links to the new module in READMEs 2023-12-26 11:52:13 +01:00
Wiktor Niesiobędzki a5ce58ea22 tfdoc 2023-12-25 08:42:22 +00:00
Wiktor Niesiobędzki a2a767a027 Doc fixes 2023-12-25 08:39:52 +00:00
dibaskar-google 969111f0cf
dns e2e tests (#1944) 2023-12-23 10:29:32 +00:00
Julio Diez 3b7724053b
Merge branch 'master' into 1849-implement-cloud-run-module-version-2 2023-12-22 11:45:56 +01:00
Luca Prete 44b1115b9f
Fix GCVE network policy (#1948) 
Co-authored-by: Luca Prete <lucaprete@google.com>
 2023-12-22 10:29:43 +00:00
Luca Prete 06b2a97291
GCVE: add network policy configuration 2023-12-22 10:02:12 +00:00
Julio Diez fd451c3451 Align with default versions file 2023-12-22 11:01:41 +01:00
Julio Diez f784f47528
Merge branch 'master' into 1849-implement-cloud-run-module-version-2 2023-12-21 22:11:20 +01:00
Julio Diez d08541159d Update README 2023-12-21 22:09:47 +01:00
Luca Prete df5c02aa1e
Minor fix to GCVE module readme (#1946) 
Co-authored-by: Luca Prete <lucaprete@google.com>
Co-authored-by: Simone Ruffilli <sruffilli@google.com>
 2023-12-21 18:29:30 +01:00
Luca Prete c4123044b7
Use new resources in GCVE module, bump up provider versions (#1941) 2023-12-21 13:23:38 +00:00
Wiktor Niesiobędzki 110fd798a7
Fix always succeding test (#1937) 
Co-authored-by: Julio Castillo <jccb@google.com>
 2023-12-21 11:01:08 +00:00
Julio Diez a04f59852f
Merge branch 'master' into 1849-implement-cloud-run-module-version-2 2023-12-20 18:17:15 +01:00
Simone Ruffilli 0255c80e90
Move squid to __need_fixing (#1936) 
* Moved `modules/cloud-config-container/squid` to __need_fixing
* Moved `blueprints/networking/filtering-proxy{,-psc}` to __need_fixing
 2023-12-19 14:27:37 +00:00
Wiktor Niesiobędzki 0d486fb34e E2E tests fixes 2023-12-19 11:01:03 +01:00
Julio Castillo 01bd0b7b01
Add project-scoped secure tags (#1933) 2023-12-18 18:24:05 +01:00
Julio Castillo b6e0557bbb
Simplify organization tags.tf locals (#1932) 
* Simplify organization tags.tf locals

* Fix boilerplate

* Override github provider version for tests
 2023-12-18 16:09:22 +00:00
Simone Ruffilli c5da6b99c3
Fixes typo in README.md 2023-12-18 15:40:16 +01:00
Julio Diez 88b91cdaee Move VPC connector management to specific files 2023-12-18 11:53:28 +01:00
Julio Diez 4c9243017c Rename attribute secret.secret to secret.name 2023-12-18 11:42:57 +01:00
Julio Diez bc4f89d9dc Remove 'traffic' variable, the module is not intended to manage rollouts 2023-12-18 11:39:28 +01:00
simonebruzzechesse c50b732c79
Allow granting network user role on host project from project module and factory (#1930) 
* Update shared vpc config for project factory and project module for more granular Shared VPC configuration

---------

Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
 2023-12-15 14:39:21 +01:00
Simone Ruffilli db31c1b8aa Fixes example in cloud-config-container/squid 2023-12-15 12:31:08 +01:00
Julio Diez c599717856 Refactor the interface 2023-12-14 08:44:51 +01:00
Ludovico Magnocavallo 537237edd6
Fix health check autocreation and id output in passthrough LB modules (#1928) 
* fix health check autocreation and id output

* fix health check exclusion
 2023-12-13 23:39:55 +00:00
Simone Ruffilli ca3c86cb5c
Add support for policy based routes to net-vpc (#1926) 
* Add support for PBR to net-vpc
 2023-12-13 15:19:40 +00:00
Thomas Colomb 201ff284f6
gke-cluster-standard : Support upgrade_settings for node auto provisioner (#1905) 
* gke-cluster-standard : Support upgrade_settings for node auto provisionner

* implement suggestions

* tfdoc

---------

Co-authored-by: Ludo <ludomagno@google.com>
 2023-12-12 19:17:51 +00:00
luigi-bitonti ef4095f000
Removed deprecated variable and added labels (#1923) 
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
 2023-12-12 18:32:48 +00:00
Simone Ruffilli f293847077
can_ip_forward in simple-nva examples (#1922) 2023-12-12 13:09:58 +00:00
Wiktor Niesiobędzki c24d023c23 Sync tf version to version used by tests 2023-12-12 09:43:09 +01:00
Ludovico Magnocavallo b65c57bcc2
bump tf version (#1920) 2023-12-12 09:19:46 +01:00
Ludovico Magnocavallo e2c526c6a2
Merge branch 'master' into 1849-implement-cloud-run-module-version-2 2023-12-12 07:26:56 +01:00
luigi-bitonti 6cb3eb5390
Added missing parameters in kubelet and linux node conf (#1918) 2023-12-11 20:05:23 +01:00
Francesco Pavan d2d62b71e2
Added the possibility to configure maintenance window and deny maintenance period in Cloud SQL module module (#1917) 
* added maintenance window configuration to cloud sql

* Formatted code + generated readme

* Fixed readme errors (missing dots at the end of variables' description)

* Fixed typos + regenerated docs

* Added correct readme

* Collapsed "deny_maintenance_period" and "maintenance_window" variables into a single variable called "maintenance_config"

* Added input validation + some minor fixes

* Add trigger configuration for Composer (#1916)

* Added update_track variable validation

* Formatted variables + regenerated readme

---------

Co-authored-by: Wiktor Niesiobędzki <wiktorn@google.com>
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
 2023-12-11 16:59:00 +00:00
Ludovico Magnocavallo bba814c091
Custom role factories for organization and project modules (#1912) 
* backport custom role factories

* backport from fast ci/cd branch

* indent

* tfdoc

* fix module tests
 2023-12-11 14:16:39 +00:00
dibaskar-google c65e242685
net_lb_ext module e2e and example testing changes (#1909) 
E2E tests for net_lb_ext
 2023-12-08 10:04:07 +01:00
Wiktor Niesiobędzki 84a15c4d77 README fixes for #1907 2023-12-07 09:51:48 +00:00
Thomas Colomb e4c55bc4c9
gke-cluster-standard : Set optional shielded_instance_config block in cluster_autoscaling.auto_provisioning_defaults (#1906) 
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
Co-authored-by: Julio Castillo <jccb@google.com>
 2023-12-07 09:37:13 +00:00
Ludovico Magnocavallo f548b65b1c
Add support for subnet-level service network user grants to project module, improve docs (#1907) 
* improve project factory example

* light refactor of project modules shared vpc internals and docs

* add support for subnet-level grants on host project
 2023-12-07 09:07:48 +00:00
Thomas Colomb b92389066e
gke-cluster-standard : Add possibility to enable image streaming feature at cluster level (#1904) 2023-12-07 06:36:21 +01:00
Luca Prete fa7664434b
Enable sole tenancy (`node_affinities`) on compute_vm (#1903) 2023-12-05 18:05:23 +01:00
Luca Prete 7916cd2081
Add IPv6 to HA VPN module + test inventories (#1901) 
---------

Co-authored-by: Luca Prete <lucaprete@google.com>
 2023-12-04 23:38:41 +01:00
Julio Diez 4c80442f53 First version of Cloud Run module v2 2023-12-04 20:20:46 +01:00
Wiktor Niesiobędzki d9f9410ae5 Use unique names for logging buckets in examples 
Logging bucket name can be reused only after 7 days (when it is actually
deleted). When different tests reuse the same name, the ones that are
executed as 2nd and later will fail with message:
```
Error updating Logging Bucket Config [...]: googleapi: Error 400: Buckets
must be in an ACTIVE state to be modified
```

As their actual state is:
```
lifecycleState: DELETE_REQUESTED
```
 2023-12-03 10:03:22 +00:00
Thangaraju R e2d170c1a6
e2e tests for net-vpc-firewall module (#1896) 
e2e tests for net-vpc-firewall module
 2023-12-01 13:50:56 +01:00
Ludovico Magnocavallo 42fa742528
Add support for firewall tags to compute-vm module (#1895) 
* add support for firewall tags to compute-vm module

* add support for firewall tags to compute-vm module
 2023-12-01 11:27:37 +00:00
Thomas Colomb 3a2484843c
artifact-registry: Support cleanup policies (#1891) 2023-12-01 10:33:02 +00:00
Thangaraju R da5371b391
e2e test fix for iam-service-account module (#1894) 2023-12-01 09:23:37 +01:00
Thangaraju Rajasekaran 224b98c786 removed prefix and updated net-vpc shared-vpc for e2e test 2023-11-30 14:03:49 +00:00
Thangaraju Rajasekaran d9cd46d8a7 fixed e2e test for shared-vpc and subnet-iam 2023-11-30 14:03:49 +00:00
Thangaraju Rajasekaran 0af5e31ca3 E2E tests for net-vpc module 2023-11-30 14:03:49 +00:00
luigi-bitonti b5cd2d8088
Updated bigquery module (#1861) 2023-11-30 14:33:50 +01:00
apichick 66bd9d5160 Added workstation-cluster module 2023-11-30 07:02:28 +01:00
luigi-bitonti 98accdb3ad
Added PSC support to CloudSQL Module (#1874) 
* Added Feature

* Added PSC to CloudSQL module

* Added psc to read replica

* Changed variables

* Updated README

* Ran fmt

* Removed old variables

* Fix README

* Fixed blueprints

* Fix README

* Fixed output

* Added more outputs and bug fixes

* Changed variable structure

* Bug fix

* Added PSC example.
 2023-11-24 15:47:45 +01:00
apichick 27c3d9424a Fixed envoy file, it has extra character 2023-11-24 10:34:51 +01:00
Wiktor Niesiobędzki 55f308cbea
Fix failing E2E tests for folders (#1884) 
* Run tests requiring uniqueness on org level serially (organization tags, firewall policies)
* make gcs bucket name globally unique

---------

Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
 2023-11-24 08:09:13 +00:00
Ludovico Magnocavallo 637926fb68
Support boot disk KMS key in GKE cluster modules (#1881) 
* gke cluster standard

* tfdoc

* gke cluster autopilot

* fix autopilot tags test
 2023-11-23 11:52:13 +00:00
Julio Castillo 7baa1f98d4
Output all neg ids in app lbs (#1879) 
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
 2023-11-23 08:41:31 +01:00
flaprimo 2997bdeee5
Fix permissions assignments (#1878) 
Fix permission assignments to cloud init configuration.

Otherwise you obtain error:
$ sudo cloud-init schema --system

Invalid cloud-config /var/lib/cloud/instances/XXX/cloud-config.txt
Error: Cloud config schema errors: write_files.0.permissions: 420 is not of type 'string', write_files.1.permissions: 420 is not of type 'string'

Error: Invalid cloud-config schema: user-data
 2023-11-22 13:16:25 +01:00
dibaskar-google 2d70bb8db2
E2E tests for folder module (#1876) 
E2E tests for folder module
 2023-11-22 10:25:11 +01:00
Francesco Spinelli ad98b839bb
added missing sql parameters (#1869) 
* added missing sql parameters

* fix variables order

---------

Co-authored-by: Francesco Spinelli <francesco.spinelli@nttdata.com>
 2023-11-20 22:27:59 +01:00
ddaluka 543ea6e7f3
Fix/dlpagent (#1868) 
Create DLP Service Account on service activation.
 2023-11-20 14:11:01 +01:00
Wiktor Niesiobędzki 9577ac5c36 Disable EventArc E2E test 
The test fails with:

Error: Error creating Trigger: googleapi: Error 400: Invalid resource state for "": Permission denied while using the Eventarc Service Agent. If you recently started to use Eventarc, it may take a few minutes before all necessary permissions are propagated to the Service Agent. Otherwise, verify that it has Eventarc Service Agent role.

Retryig after 5 minutes fixes that, but thats not an option for
automated tests.
 2023-11-18 10:36:30 +00:00
Wiktor Niesiobędzki 950ad088e9 Remove perma-diff when using VPC connector 
+ fix trigger service account
 2023-11-18 10:09:03 +00:00
Wiktor Niesiobędzki 35c58eb5c1 Fix non-empty plan after apply when using VPC connector 2023-11-18 10:00:25 +00:00
Wiktor Niesiobędzki 28b8edced5 Add end-to-end tests to Cloud Run 2023-11-18 10:00:25 +00:00
Wiktor Niesiobędzki a635534a33 Fix IAM grants for KMS 2023-11-15 09:33:03 +00:00
Wiktor Niesiobędzki 1fbd018f5f E2E tests for GCS 2023-11-15 09:33:03 +00:00
Wiktor Niesiobędzki 03bf0b15b3
Organization module end-to-end tests (#1860) 
* added tag serial to mark tests to be run serially
* always run tests using loadgroup distribution to make use of serial tag
* added end-to-end tests for organization, not adding to custom constraints as the name has to be unique
* fixed granting custom roles created in the same module call
 2023-11-14 18:54:59 +01:00
Francesco Spinelli 1c2f1c7b0d
Sql user features (#1856) 
* added user type feature

* fix readme

* fix comment

* fix blueprint cloudsql users value + minor fix

* readme fix

* variables fix

* local var fix

* fix for in local var

* fix on readme

* fix intentations var in readme

* fix blueprint user quote

---------

Co-authored-by: Francesco Spinelli <francesco.spinelli@nttdata.com>
 2023-11-13 10:27:14 +01:00
apichick c79af78c48 Removed options that are not applicable to this load balancer 2023-11-12 20:21:06 +01:00
luigi-bitonti d07f8fd33d
Added CMEK for Secret auto managed (#1739) 
Allow to specify custom KMS keys for Secret Manager secrets
 2023-11-10 16:45:47 +01:00
Tone 0f446e89d4
Extend `cluster_autoscaling` fields in gke-cluster-standard (#1845) 
* feat(gke-cluster-standard): Add feature to setup `cluster_autoscaling`

* feat(gke-cluster-standard): Add GPUs setup feature for `cluster_autoscaling`

* feat(gke-cluster-standard): Add validation for `autoscaling_profile` and `disk_type` to ensure only valid values are specified

* feat(gke-cluster-standard): Fix validation condition for `cluster_autoscaling`
 2023-11-10 12:39:50 +01:00
Francesco Spinelli 82c74e4ab6
Dataproc module bug fix (#1848) 
* bug fix

* bug fix

* fix dinamic for_each

---------

Co-authored-by: Francesco Spinelli <francesco.spinelli@nttdata.com>
 2023-11-09 15:48:29 +00:00
Artur Pacan fca89b57ed Fix validation and dynamic block for optional gpu_driver 2023-11-08 11:49:15 +00:00
Ludovico Magnocavallo c7bef582e8
add support for IAM to vpc sc module (#1846) 2023-11-08 11:27:44 +01:00
Ludovico Magnocavallo 9068bd7729
Update README.md 2023-11-08 09:20:16 +01:00
apichick 0f91a964da Added back sink iam flag as module users might not have access to the sink destination and the role might need to be granted somewhere else 2023-11-07 08:11:23 +01:00
Teodelas 0f502a8cfb
Fix modules to support new Apigee X environment types (#1841) 
* Update main.tf

* Update variables.tf

* Update main.tf

Updated environment members to be alphabetical order

* fixed linting and terraform fmt

* removed venv

* removed venv directory

---------

Co-authored-by: Teo De Las Heras <teodlh@google.com>
 2023-11-06 09:56:03 +01:00
Wiktor Niesiobędzki ecaa253594
Merge branch 'master' into wiktorn-provider-5.4.0 2023-11-04 08:31:56 +01:00
Wiktor Niesiobędzki fe485414e6
Add end-to-end tests for project module (#1823) 
* Add end-to-end tests for project module
* Add inventory to data tests
* Add files to end-to-end test cases
* Review fixes - use named groups

---------

Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
 2023-11-03 18:04:19 +01:00
Wiktor Niesiobędzki b40ad91629 Bump provider version to 5.4.0 2023-11-03 17:02:00 +00:00
apichick 3648ca0da1
Merge branch 'master' into envoy-sni-dyn-fwd-proxy 2023-11-03 08:22:37 +01:00
apichick 3191dbb769 Added envoy as SNI dynamic forward proxy to cloud-config-container 2023-11-03 08:21:20 +01:00
apichick 26248ba5f5 Added create_before_destroy = true for self-managed certificates 2023-11-02 13:52:46 +01:00
cmalpe 1031076569 added validation for stack_type 2023-11-01 09:18:49 +00:00
cmalpe f1972550fe fixed linting for variables file 2023-11-01 08:02:36 +00:00
cmalpe 17707da60a added stack_type field 2023-11-01 07:58:09 +00:00
alealr 8d06afcdb8 Updating wording 2023-10-31 14:35:27 +00:00
devuonocar 103388bcc9 Update default value 2023-10-31 10:47:28 +01:00
devuonocar e52af05504 Update README.md 2023-10-30 18:34:55 +01:00
devuonocar 96c1342d55 Add public_access_prevention 2023-10-30 18:23:33 +01:00
cmalpe b8bb000073
Merge branch 'master' into cmalpe/kms-import-job 2023-10-30 20:32:50 +05:30
Ludovico Magnocavallo 671f06a3a4
Billing budget factory (#1822) 
* billing budget factory

* review comment changes
 2023-10-29 11:24:52 +01:00
Luca Prete 7c6726e79b
[net-address] enable ipv6 (#1821) 
---------

Co-authored-by: Luca Prete <lucaprete@google.com>
 2023-10-28 15:36:30 +02:00
Ludovico Magnocavallo b29987bb61
Merge branch 'master' into cmalpe/kms-import-job 2023-10-28 01:29:28 +02:00
apichick 022b9f5060 Added iam_bindings and iam_bindings_additive to apigee module 2023-10-27 18:22:07 +02:00
Wiktor Niesiobędzki 5b17c11d01
Merge branch 'master' into fix/ai-models-support 2023-10-27 10:22:47 +02:00
cmalpe af339aad15 corrected readme linting 2023-10-27 07:22:59 +00:00
cmalpe b0e5231f50 Merge branch 'master' into cmalpe/kms-import-job 2023-10-27 07:21:36 +00:00
cmalpe 9a3ac13687 corrected linting and test example 2023-10-27 06:52:55 +00:00
Ewa Wojtach 98dde0c57f review comments 2023-10-27 08:38:37 +02:00
Chaitanya Malpe 8a76b10161 added test for import job 2023-10-27 11:53:35 +05:30
Ludovico Magnocavallo d0b1ced280
fix logic for default source range in firewall ingress rules (#1815) 2023-10-26 15:25:36 +00:00
cmalpe 5d8ff92471 added linting changes for readme file 2023-10-26 15:02:59 +00:00
Chaitanya Malpe d9e09bb9c3 removed unneeded variable 2023-10-26 20:23:06 +05:30
cmalpe c83b6c229f added tfdoc changes 2023-10-26 14:05:39 +00:00
Chaitanya Malpe c2380a88fa added import job support for kms module 2023-10-26 18:12:58 +05:30
Ewa Wojtach 6fc960ea0b empty gpu sharing config fix 2023-10-26 07:23:13 +02:00
Simone Ruffilli 4decc641bb
Stop wrapping yamldecode with try() (#1812) 2023-10-25 16:16:05 +02:00
Ewa Wojtach 33ce0e1db5
AI models support (#1750) 
* nodepool config

* added gpu driver configuration

* documentation update

* regenerated docs

* review comments

* review comments

* blocks structure

* documentation update

* test fix and doc update

* review comments

* doc

* Extend inventory

* Update README

---------

Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
Co-authored-by: Julio Castillo <jccb@google.com>
 2023-10-25 09:42:36 +00:00
mwarm2 e28f7c3237
Fix Apigee add-ons configuration (#1798) 
* Revert "Merge pull request #1694 from eddern/eddern/fix-apigee-addons-config"

This reverts commit ec7a7a9605, reversing
changes made to df5daab6cc.

* Flip for_each ternary: use true to enable an add-on

When a given add-on's variable is set to true, do instantiate the block.

---------

Co-authored-by: Julio Castillo <jccb@google.com>
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
 2023-10-25 07:37:45 +00:00
Ludovico Magnocavallo 1b3a4d627b
allow setting enable_private_nodes in gke nodepool pod range (#1808) 2023-10-24 17:34:04 +00:00
Luca Prete 019cca735d
net-lb-ext: add option to set IPv6 subnetwork for IPv6 external fw rules 2023-10-24 13:37:33 +00:00
Luca Prete feef3909db
compute-vm: remove old todo (#1804) 2023-10-24 10:45:53 +00:00
Pierre Formont 43f78194e9
use the repository format in the image_path output (#1803) 
* use the repository format in the image_path output

* use local.format_string instead of var.format
 2023-10-24 10:24:53 +00:00
Julio Castillo b2201f69b7
Fix Internal App LB serverless NEG backend example (#1801) 
* Fix Internal App LB serverless NEG backed example

* Silence linter
 2023-10-24 07:25:43 +00:00
Luca Prete f54b4f88b8
net-address: allow users to optionally specify address names (#1795) 2023-10-23 15:17:06 +00:00
apichick 378960cfc6 Removed unnecessary try statements 2023-10-22 17:50:57 +02:00
Luca Prete a23b3d62ae
net-lb-ext: add support for multiple forwarding rules (IPs) and dual-stack (IPv4/IPv6) 2023-10-21 18:19:18 +02:00
Simone Ruffilli 6d89b88149
versions.tf maintenance + copyright notice bump (#1782) 
* Bump copyright notice to 2023

* Delete versions.tf on blueprints

* Pin provider to major version 5

* Remove comment

* Fix lint

* fix bq-ml blueprint readme

---------

Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
Co-authored-by: Julio Castillo <jccb@google.com>
 2023-10-20 18:17:47 +02:00
Wiktor Niesiobędzki d07daf966a
End-to-end tests for terraform modules (#1751) 
Add end-to-end tests (apply, plan, destroy) for examples.

When run, `tests/examples_e2e`:
1. Create an environment for tests to run (folder, project vpc network) 
2. For each marked example (with `e2e` tftest directive), run apply, plan, destroy
3. Verify:
* no failure in apply
* empty plan after apply
* no failure during destroy
4. When all tests are done, destroy test environment

More details in `tests/examples_e2e/README.md`
 2023-10-20 09:59:52 +02:00
luigi-bitonti 4e439720aa
Added ProtectedApplication feature to GKE Backup (#1774) 
* Added ProtectedApplication feature to GKE Backup

* Fixed location name and added example

* Modified test module

* Changed test

* Changed test

* Changed test

* Restore old "all_namespaces" logic

* Bug fix

* Ran fmt on README example

* Modified variable structure

* Fix test

* Fix
 2023-10-19 19:54:22 +02:00
Ludovico Magnocavallo 77a4696aa6
Add gcp org policy constraints file to bootstrap stage (#1775) 
* add gcp org policy constraints file to bootstrap

* make the org policy factories more resilient
 2023-10-18 18:21:16 +00:00
Ludovico Magnocavallo 02ccc576f5
fix resource manager tag bindings in compute-vm module (#1771) 2023-10-18 09:24:00 +00:00
Wiktor Niesiobędzki c21fa4558f
Remove incompatible balancing_mode (#1769) 
## net-lb-int
* Fix error on apply of example:
```
Error creating RegionBackendService: googleapi: Error 400: Invalid value for field 'resource.backends[0].balancingMode': 'UTILIZATION'. Balancing mode must be CONNECTION for an INTERNAL backend service., invalid
```
* remove unused `balancing_mode` variable, as only one value is possible anyhow

## net-lb-ext
* update in the `backends` description

## net-lb-proxy-int
* update in the `backends` description

## net-lb-app-int
* added validation of `balancing_mode`
* fixed other validations

## net-lb-app-ext
* added validation of `balancing_mode`
* fixed other validations
* removed validation for `locality_lb_policy` as this variable is not used in this module

Closes: #1767
 2023-10-18 08:11:32 +02:00
Luca Prete 6c48512f7e
[#1764] net-lb-int: add support for dual stack and multiple forwarding rules 2023-10-17 09:30:34 +00:00
Julio Castillo 82f14fd6c0
Make subnets depend on proxy only subnets (#1762) 
* Make subnets depend on proxy only subnets

* Add dependency to subnet_ids too

* Update readme
 2023-10-16 11:39:52 +00:00
jeroenmonteban f464557525
Add autoclass to GCS (#1757) 
* Add autoclass to GCS

* Fix linting

* Make autoclass block dynamic

* Fix syntax

---------

Co-authored-by: Julio Castillo <jccb@google.com>
 2023-10-16 07:45:10 +00:00
luigi-bitonti 0195ea6bca
Exposed stack_type variable in compute_vm module (#1756) 
* Exposed stack_type variable in compute_vm module

* Updated README.md

* align instance template, fix variable ordering

---------

Co-authored-by: Ludo <ludomagno@google.com>
 2023-10-16 06:28:56 +00:00
Ludovico Magnocavallo 252127bde5
Billing account module (#1743) 
* initial untested draft

* readme and tests

* folder module tfdoc

* remove redundant billing cost manager role in fast stage 0

* fix FAST test
 2023-10-15 15:02:50 +00:00
devuonocar 3949fdc283
Add outputs to BigQuery dataset module (#1752) 
* Add outputs

* Fix checks

* Fix order

* Fix order

* Fix var

* Fix outputs

* Fix README.md
 2023-10-13 17:02:47 +02:00
Ludovico Magnocavallo 85d2b8b093
Fix typo in GKE nodepool taints (#1754) 
* Fix typo in GKE nodepool taints

Fixes #1749

* fix windows taints
 2023-10-12 12:04:15 +00:00
Ludo 55fc3e226d
Revert "fix windows taints" 
This reverts commit 661b543e08.
 2023-10-12 13:39:42 +02:00
Ludo 661b543e08
fix windows taints 2023-10-12 13:38:37 +02:00
luigi-bitonti 3503e028ae
Module autopilot bug fixes (#1746) 
* Removed unused variables and bug fix

* Ran fmt

* Fix README.md

* Added comments to code
 2023-10-12 12:40:28 +02:00
devuonocar 4f91523a08
Add missing fields to Cloud Storage bucket (#1745) 
* Add new featrures

* Terraform fmt

* Fix README.md

* Delete not allowed validation

* Fix README.md

* Fix README.md

* update var

* update var

* Update var
 2023-10-10 22:40:30 +02:00
Julio Castillo 64d88d90d1
Append "s" to backoff times (#1744) 2023-10-10 13:32:19 +03:00
Julio Castillo 9ab3b49f69
Add PSA peered domains support to `net-vpc` (#1741) 
* Add PSA peered domains support to `net-vpc`

* Fix tests
 2023-10-06 15:31:32 +00:00
Julio Castillo ef290c1c8d
Enforce mandatory types in all variables (#1737) 2023-10-06 09:44:33 +00:00
luigi-bitonti bb76878d0d
Added FQDN Network Policy feature on GKE Cluster (#1732) 
* Added FQDN Network Policy feature on GKE Cluster

* Fix README.md. Added validation into variable.

* README.md updated

---------

Co-authored-by: Bitonti, Luigi <luigi.bitonti@nttdata.com>
 2023-10-06 10:05:54 +02:00