zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
5,385 Commits 3 Branches 352 Tags 59 MiB
Commit Graph

5385 Commits

Author SHA1 Message Date
Luca Prete eb5754e475
[FAST] Rename stage 2-networking-d-separate-envs to 2-netwroking-c-separate-envs (#2328) 
Co-authored-by: Luca Prete <lucaprete@google.com>
 2024-05-31 09:09:31 +03:00
Wiktor Niesiobędzki f8f18734f1
Add pre-commit hook configuration (#2326) 
* Pre-commit config

Run following linters on commit:
Terraform:
- terraform fmt
- terraform tflint

Python specific:
- yapf

Shell scripts
- shellcheck
- shfmt

YAML files:
- yamllint (disabled as of now)
- check-yaml

Other:
- end-of-file-fixer
- trailing-whitespace fixer

Fabric specific
- tools/tfdoc.py
- tools/check_boilerplate.py

* linting fixes

* Fix boilerplate check
 2024-05-30 19:35:09 +02:00
Julio Castillo 23b256ac25
Fix restrictAllowedGenerations org policy example (#2325) 
Fixes #2323
 2024-05-30 12:19:24 +00:00
simonebruzzechesse 941a35ab69
Fixed e2e tests for alloydb module (#2321) 
* fixed e2e tests for alloydb module
 2024-05-30 11:41:15 +02:00
Wiktor Niesiobędzki d1ec3b0499
Fixes for Alloydb E2E tests (#2312) 
* Fixes for Alloydb E2E tests

* too long project name in Sipmle example resulted in:
```
Error: "***-alloydb-prj" name must be 4 to 30 characters with lowercase and uppercase letters, numbers, hyphen, single-quote, double-quote, space, and exclamation point.
```

* using self_link resulted in:
```
Error: Error creating Cluster: googleapi: Error 499: malformed network path: "https://www.googleapis.com/compute/v1/projects/***/global/networks/e2e-test"
```

* Cross region replication stil fails with:
```
│ Error: Error creating cluster. Can not create secondary cluster without secondary_config field.
│
│   with module.alloydb.google_alloydb_cluster.secondary[0],
│   on /usr/local/google/home/wiktorn/git/cloud-foundation-fabric/modules/alloydb/main.tf line 199, in resource "google_alloydb_cluster" "secondary":
│  199: resource "google_alloydb_cluster" "secondary" {
```

* Fix tests

---------

Co-authored-by: Julio Castillo <jccb@google.com>
 2024-05-29 14:46:15 +00:00
Julio Diez c205a692a3
Kong Gateway on GKE offloading to Cloud Run (#2299) 
* First working version including certificates and HTTPS.

It uses a mix of self-managed certificates and the CA Service.

* One CR service only behind the ILB

* Functional deployment including auto-configuration

A k8s job configures the root certificate, service and route in the admin
api to reach the CR service via Kong proxy.

* Admin API exposed internally only, and some cleanup

* Some name changes

* README

* Remove data source for the vpc and subnet

* Remove data source for Kubernetes services

* Update README

---------

Co-authored-by: Julio Castillo <jccb@google.com>
 2024-05-29 16:26:25 +02:00
fulyagonultas 0d60e39aee
resource_labels added to the node_config nodepool (#2317) 
* resource_labels added to the node_config nodepool

* labels added to the gke standard module

* labels set to mandatory

* Updating variables names

* Fix nodepool label variables defaults

* Fix tests

---------

Co-authored-by: Julio Castillo <jccb@google.com>
 2024-05-29 14:56:15 +02:00
Peter Brumblay 772a555b05
Pbrumblay/clarify org policy tags (#2319) 
* fix: clarify org policy tag limitations

* fix: use a more generic term to describe binding possibilities

---------

Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
 2024-05-29 06:19:39 +00:00
Simone Ruffilli 532f1ecfc4
Merge FAST C and E network stages into a new B stage. (#2309) 
Merge FAST C and E network stages into a new B stage.
 2024-05-28 17:27:28 +02:00
Simone Ruffilli 9e1008dcca
FAST: Obsolete assets cleanup (#2315) 
Remove obsolete assets
 2024-05-28 09:35:13 +00:00
Wiktor Niesiobędzki cf31d83b15 Explicit YAPF style 2024-05-28 10:53:13 +02:00
dibaskar-google 3d668170e5
Secret manager e2etests (#2280) 
secret-manager e2e tests
 2024-05-28 09:28:08 +02:00
simonebruzzechesse f4f891d4f1
Gitlab Runner blueprint (#2106) 
* add gitlab runner blueprint

* use secret manager to store auth token
small updates and improvements
 2024-05-27 10:34:34 +02:00
Simone Ruffilli 1f15c5123f
Update README.md 2024-05-27 07:52:28 +02:00
Ludo ab45e8c1ba
update changelog 2024-05-25 14:38:55 +02:00
Ludovico Magnocavallo c80af8de66
Extend support for tag bindings to more modules (#2307) 
* fix kms tag bindings

* bigquery dataset

* fix bigquery

* cloud run

* normalize variable type

* rename gcs heading

* kms example test

* fix bigquery

* fix cloud run

* cloud run v2
 2024-05-25 10:42:45 +02:00
Ludo 735fd79cce
update changelog 2024-05-24 14:41:28 +02:00
Wiktor Niesiobędzki a3295ae731 Add regional PSC addresses to output 2024-05-24 12:56:28 +02:00
Wiktor Niesiobędzki 439e9a1af9 Internet NEG for net-lb-proxy-int 2024-05-24 12:56:28 +02:00
Simone Ruffilli 11050c46cf
FAST MT: Readme updates and more prefix validation (#2305) 
This change documents the process of deploying FAST on a tenant-factory bootstrapped tenant.

It also fixes changes the validation logic for prefix as follows:

- 0-bootstrap: 9 chars or less
- 1-resman/1-tenant-factory: 9 chars or less if ran at org-level, else 11
- else 11

It also uniforms across all stages the variables.tf and variables-fast.tf breakdown.
 2024-05-24 12:01:55 +02:00
Ludovico Magnocavallo 5068cd9170
remove default location from remaining modules (#2304) 2024-05-24 09:20:53 +02:00
Ludovico Magnocavallo dc686c3a84
Remove default location from gcs module (#2303) 
* gcs module

* blueprints/apigee/bigquery-analytics

* tfdoc

* pubsub README md syntax
 2024-05-24 07:02:33 +00:00
Wiktor Niesiobędzki af814505be
Add AlloyDB service for e2e tests harness (#2302) 2024-05-23 11:44:40 +02:00
Ludo c128f4c110
Merge branch 'master' of github.com:GoogleCloudPlatform/cloud-foundation-fabric 2024-05-23 09:46:32 +02:00
Ludo 3cfd312e32
update changelog 2024-05-23 09:46:26 +02:00
Simone Ruffilli 3fe754167e FAST: Clarify max prefix len for tenant factory 2024-05-23 09:43:23 +02:00
Simone Ruffilli b55e9320ca
Update README.md 2024-05-23 08:44:07 +02:00
Ludovico Magnocavallo 980011806c
fix permadiff in cloud nat module (#2301) 2024-05-23 08:38:03 +02:00
Ludovico Magnocavallo ef5178c929
add support for shared vpc host to project factory (#2300) 2024-05-22 07:56:34 +00:00
simonebruzzechesse 1e149c18fc
New alloydb module (#2285) 
* add alloydb module

---------

Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
 2024-05-22 09:40:25 +02:00
simonebruzzechesse 10ae9bc824
New extra stage for FAST gitlab setup (#2232) 
* new extra stage for gitlab setup

* removed wrong link

* small fixes README.md

---------

Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
 2024-05-22 09:17:14 +02:00
Peter Brumblay a04d63e991
Avoid unnecessary terraform plans for closed (unmerged) PRs (#2294) 
* Avoid unnecessary terraform plans for closed (unmerged) PRs

* fix: also update templates copied to avoid Windows symlink problems.

---------

Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
 2024-05-21 13:03:07 +00:00
Wiktor Niesiobędzki 3368be51bd Adjust list of policies to official docs 2024-05-21 11:27:57 +02:00
Ludovico Magnocavallo be9214f99a
add support for tenant factory CI/CD (#2297) 2024-05-21 10:39:47 +02:00
dependabot[bot] 524390b641
--- (#2296) 
updated-dependencies:
- dependency-name: requests
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-05-21 07:20:53 +00:00
Ricardo Godoy 79b36b614b
IPS support for Firewall Policy (#2291) 
* Adding apply_security_profile_group as action option and be able to
provide a security_profile_group.

* Removing default null for optional variable.

* Updating README.

---------

Co-authored-by: Julio Castillo <jccb@google.com>
 2024-05-21 04:38:43 +00:00
Wiktor Niesiobędzki 1ecd637932
Internet NEG for net-lb-app-int (#2293) 
Internet NEG for net-lb-app-int
 2024-05-20 21:12:39 +02:00
Luca Prete 0afaa84026
[FAST] fix: tenant-factory logging bucket project (#2292) 2024-05-20 16:51:12 +00:00
simonebruzzechesse 79af34b69e
Add wif permissions to bootstrap tf SA (#2290) 
* add wif permissions to bootstrap tf SA
 2024-05-20 18:15:23 +02:00
Ludovico Magnocavallo 98126f2ab8
Update README.md 2024-05-20 07:55:42 +02:00
Ludovico Magnocavallo 8e8ff7825c
Update README.md 2024-05-20 07:54:31 +02:00
Ludovico Magnocavallo 116c1292ab
Update README.md 2024-05-20 07:54:03 +02:00
Ludovico Magnocavallo 32907924e1
update diagrams (#2289) 2024-05-18 23:53:49 +02:00
Ludovico Magnocavallo db44be9803
Ignore test resource data in new network stage, split out fast variables (#2288) 
* ignore test resource data, split out fast vars

* tfdoc
 2024-05-17 15:30:57 +02:00
Ludo 92f88d6cbf
update changelog 2024-05-17 12:09:37 +02:00
Ludovico Magnocavallo 8014121be1
switch stages 0-1s to excalidraw diagrams (#2286) 2024-05-17 09:10:13 +00:00
Simone Ruffilli 21f3b733ab
FAST: Cleanup/harmonization of Simple and NVA net stages (#2287) 
Cleanup/harmonization of Simple and NVA net stages
 2024-05-16 16:49:15 +03:00
Simone Ruffilli 887c7e7926
Unify VPN and Peering FAST stages (#2284) 
* Unify VPN and Peering FAST stages
 2024-05-16 12:18:32 +03:00
Ludovico Magnocavallo 7a5dd4e6db
FAST: add top-level folders and restructure teams/tenants in resman (#2254) 
* remove teams and tenants from resman

* move fast features to stage 1, fix test inventories

* folders

* fix factory, add top level folder resources to outputs

* tfdoc

* stage 0 log sink defs

* tfdoc

* enable toc in resman readme

* simple tenants

* fast compatibility automation and logging

* testing fast-compatible tenants

* testing fast-compatible tenants

* tfdoc

* remove mt stages

* remove tests, fix links

* disable tflint

* fast tests

* make organization conditional in resman

* check names tool

* export real prefix to tfvars, prevent destroy errors

* prefix validation

* fix billing account export format

* tfdoc

* root node folder

* resman changes

* tenant resman roles

* first apply of tenant resman

* tenant log sinks in stage 1

* fix test vars

* tfdoc

* tenant vpc-sc access policy

* fix tests expected values

* tenant CI/CD

* identity providers

* wif

* tfdoc

* add comments to identity locals

* full-feature tenant resman apply

* tenant billing IAM

* stage test

* fix CI/CD comments

* tenant net stage verified

* tenant sec stage verified

* fix test

* README work

* tfdoc

* README

* README rewording

* README rewording

* tfdoc

* FAST excalidraw

* review comments

* diagram review changes

* add iam log sink for tenants

* remove redundant try from security stage

* Implement tflint-fast in Python driven by tftest.yaml files

* tflint

* test ci changes

* revert linting changes

* disable tflint for fast

* Create junit-style report for FAST tflint

* Remove junit-reporter

* YAPF tflint-fast.py

* Output tflint FAST to job summary

* Step summary

* Disable step_summary as output is not useful

* ignore tflint warning

* re-enable tflint on FAST

---------

Co-authored-by: Wiktor Niesiobędzki <wiktorn@google.com>
 2024-05-15 09:17:13 +00:00
Ludo d3137be655
update changelog 2024-05-15 11:05:22 +02:00