Fix permadiff in FAST bootstrap IAM #3089
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…raform. Co-authored-by: Luca Prete <[email protected]>
* bug: mark policy_controller as optional * Fix documentation --------- Co-authored-by: Julio Castillo <[email protected]>
github-actions
bot
added
on:FAST
on:tools
…d-foundation-fabric into ludo/issue-3085
juliocc
approved these changes
May 16, 2025
EmileHofsink
pushed a commit
to withriley/cloud-foundation-fabric
that referenced
this pull request
May 22, 2025
* update changelog * Deprecate composer-2 blueprint * Workflow templating fix (GoogleCloudPlatform#2864) Fixed some issue with WIF and providers templating in workflows. * update docs: clarify 0-bootstrap.auto.tfvars creation and outputs_location use (GoogleCloudPlatform#2862) Co-authored-by: Zoran Zaric <[email protected]> * Make id and project_id match for project module * Disable E2E test for direct VPC Egress Resources in subnet are in use for ~1-2h after removal of Cloud Run instance (see: https://cloud.google.com/run/docs/configuring/vpc-direct-vpc#delete-subnet) b/332419038 * add toc to dns module readme * Expose parameters module in org policy variables * Bump provider version * Update examples and tests * Fix tests * Fix tests * Add dependency for compute-vm schedule * Make id and project_id match when universe is set * Add bucket IAM policy read (GoogleCloudPlatform#2872) Allow the Project factory read only SA to retrieve buckets IAM policy for buckets created by the PF * Add prefix to KMS ring, to allow easy recreate * Create var.prefix in sandbox, copy all files for setup * Add note about the use of n-stagename/moved/ files during upgrade (GoogleCloudPlatform#2874) * redraw cross-stage diagram (GoogleCloudPlatform#2875) * Add context to organization policiy factories (GoogleCloudPlatform#2876) * Update pull_request_template.md * Move DRS and essential contact domains to factory (GoogleCloudPlatform#2878) * Move DRS and essential contact domains to factory * Update docs * Address outstanding load balancer FRs (GoogleCloudPlatform#2879) * fix GoogleCloudPlatform#2877 * fix GoogleCloudPlatform#2866 * fixes GoogleCloudPlatform#2865 * fixes GoogleCloudPlatform#2865 * moved block * fix standalone test * blueprints * prepare v37.2.0 release * Fix ipv6 and align loadbalancer address types * Release v37.3.0 * Add new set of org policies with managed constraints to FAST bootstrap (GoogleCloudPlatform#2884) * Managed org policies example * Add folder with managed org policies * Add tests for managed org policies * Document new managed org policy set * Add compute.restrictProtocolForwardingCreationForTypes to importable policy set (GoogleCloudPlatform#2888) * Address DNS issues with googleapis RPZ and forwarding (GoogleCloudPlatform#2891) * add empty DNS zone for googleapis to net stages * add ipv6 records for private/restricted * avoid permadiff in rpz ipv6 addresses * Update VPC-SC module and FAST stage (GoogleCloudPlatform#2887) * Update VPC-SC module to support vpc subnets * Update FAST VPC-SC variables * Fix tests * Add universe support to iam-service-accounts (GoogleCloudPlatform#2892) * Make service account universe aware * Add service account universe tests * Add support for project-level log sinks to FAST stage 0 (GoogleCloudPlatform#2893) * Fix ipv6 and align loadbalancer address types * Release v37.3.0 * add support for project-level log sinks to stage 0 --------- Co-authored-by: Wiktor Niesiobędzki <[email protected]> * Make service agents work in different universes (GoogleCloudPlatform#2894) * Make service agents work in different universes * Use templatestring and two passes for service agent emails * Fix tests * FAST project templates example (GoogleCloudPlatform#2897) * wip * project factory providers * working example * copyright, tfdoc * rewording * rewording * tfdoc * tfdoc * tfdoc again * fix tests * tests * Project factory additions, project module reuse implementation (GoogleCloudPlatform#2899) * add support for buckets * add project-level interpolation for own SAs * docs * project reuse changes * fix example * tfdoc * update check documentation tool * fast tests * blueprints * typo * New SecOps anonymization pipeline (GoogleCloudPlatform#2794) * new secops anonymization pipeline Co-authored-by: Ludovico Magnocavallo <[email protected]> * Add support for locality policies to net-lb-app-ext module (GoogleCloudPlatform#2898) * Fix the missing locality_lb_policy value and add validation for it * Added variables, dynamic blocks and validation to support locality_lb_policy/ies * Formatting * tfdoc generation * Fix net-lb-app-ext readme * Fixes for Ludo, coalesce and brevity * fmt * Revert null check due to failing tests --------- Co-authored-by: Jack Lever <[email protected]> Co-authored-by: Ludo <[email protected]> * add chain output (GoogleCloudPlatform#2901) * Allow passing explicit regions in net test addon subnets (GoogleCloudPlatform#2902) * allow passing explicit regions in net-test addon subnets * checkout repo in labeler * checkout repo in labeler * revert labeler changes * update changelog * Increase the default complexity of Cloud SQL DB passwords (GoogleCloudPlatform#2886) * Increase the default complexity of DB passwords in order to meet password_validation_policy.default_complexity * Use password_validation_policy.min_length if provided * Explicitly generate a root_password if not provided * Use object (password, random_password) for root_password config * Make root_password non-nullable, and add validation against specifying both a password and `random_password`. Fix test for stronger password generation. * Add example for root_password and password_validation_policy * Rerun tfdoc.py --------- Co-authored-by: Julio Castillo <[email protected]> * Fix default compute.restrictProtocolForwardingCreationForTypes value (GoogleCloudPlatform#2904) * Update default FAST org policies (GoogleCloudPlatform#2906) * Update org default org policies * Update default FAST org policies * Remove Service Account key generation * Fix tests * Add breaking changes to changelog (GoogleCloudPlatform#2908) * Update pull_request_template.md * Update pull_request_template.md * Add ssl_mode support to cloudsql-instance replicas (GoogleCloudPlatform#2910) * Add ssl_mode support for cloudsql-instance replicas * Rename var.ssl.ssl_mode to var.ssl.mode * add support for max workstations, refactor timeouts in workstation-cluster module (GoogleCloudPlatform#2911) * update changelog * Add ability to refer to other project service accounts in Project Factory * Add tftests for project factory * Fix tests * feat: adding generated_id for backends to net-lb-app-ext (GoogleCloudPlatform#2913) * Add provider output files to project factory stage, single automation bucket in module (GoogleCloudPlatform#2914) * single automation bucket, provider output files for project factory * tfdoc * fix outputs * Add title to VPC-SC directional policies (GoogleCloudPlatform#2909) * Add title to VPC-SC directional policies * Ignore versions.tf in diffs * Update versions.tf * Fail if a perimeter uses unknown directional policies * output dns_keys instead of a list (GoogleCloudPlatform#2915) * output dns_keys instead of a list * access list items with square brackets according to linter * move ilb as next hop blueprint to module-level recipe * linting * Add support for custom error response policies to net_lb_app_ext module (GoogleCloudPlatform#2916) * Add support for default custom error response policy This update introduces the ability to define a default custom error response policy in the URL map module. It includes support for specifying error services and error response rules with match response codes, paths, and override response codes. This enhancement increases flexibility in handling custom error responses. * Update error_service handling in URL map Modified the error_service assignment to include a fallback lookup mechanism for backend IDs when the value is not null. This ensures robustness and avoids null references while maintaining existing behavior. * Add custom error response policies in lower levels of URL map * Update net-lb-app-ext README.md * Add error messages for failing interpolations * v37.4.0 * v38.0.0 * v38.0.0 * fast moved file * Bump requests (GoogleCloudPlatform#2918) Bumps [requests](https://github.com/psf/requests) from 2.27.1 to 2.32.2. - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](psf/requests@v2.27.1...v2.32.2) --- updated-dependencies: - dependency-name: requests dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Ludovico Magnocavallo <[email protected]> * Fix KMS service agent when universe is set (GoogleCloudPlatform#2920) * propose the changes to the service agent config agent * Fix formatting * Fix typo --------- Co-authored-by: Julio Castillo <[email protected]> * Add execution/invocation commands to outputs * Add perimeter factory to `modules/vpc-sc` (GoogleCloudPlatform#2919) * Add perimeter factory Proposal to allow the management of perimeters in yaml factory. Project discovery is extended to multiple perimeters with query filtering. Doc clean uo * default perimeters desc to null * linting * Revert changes to FAST * Remove test and schema from FAST * Align vars and perimeter factory * Interpolate resource_sets in more places * Silence linter * Update README.md --------- Co-authored-by: Julio Castillo <[email protected]> Co-authored-by: Ludovico Magnocavallo <[email protected]> * Fix CICD SA access (GoogleCloudPlatform#2923) * Fix E2E tests * Add limits for stage_names and environment * Use value and not key for ingress policy resources (GoogleCloudPlatform#2926) * fix(bootstrap): fix custom roles billing viewer duplicate permissions (GoogleCloudPlatform#2927) * Use VPC-SC perimeter factory in FAST 1-vpcsc stage (GoogleCloudPlatform#2928) * Use VPC-SC perimeter factory in FAST 1-vpcsc stage * Add boilerplate * Fix linter and schema checks * Fix tests * Fix schemas * Expose tags in project factory (GoogleCloudPlatform#2929) * Expose tags in project factory * Update readme * Remove default and update schema * Fix tests * Allow different principal types in bootstrap user variable (GoogleCloudPlatform#2922) * handle the iam_user_bootstrap_bindings with a local.bootstrap_user to handle the case where var.bootstrap_user is a WIF user (starts with principal:// and does not require to be added the prefix user:) * terraform fmt * fix linting * lint fix * reran terraform fmt * Fix condition --------- Co-authored-by: Julio Castillo <[email protected]> * Fixed title: from Artifact Registry to Binary Authorization (GoogleCloudPlatform#2931) * Fix failing E2E test * Introduce test isolation and fix missing GCS service account * Update README.md Fix image link * fix(project_factory): add condition on for_each to avoid creating a local file on non existing directory /providers if outputs_location is empty * fix(project_factory): bucket definition updated due to change on project factory module * Update fast/stages/2-project-factory/outputs.tf Co-authored-by: Wiktor Niesiobędzki <[email protected]> * Fast 2-networking-a: removed obsolete not about lack of PSC transitivity * Allow unmanaged reverse lookup zones * fix module ref in vpc-sc stage output (GoogleCloudPlatform#2947) * Use full type definition in v.shared_vpc_service_config and vpc_sc merges * `net-vpc`: fix permadiff in docs (GoogleCloudPlatform#2949) * Bump golang.org/x/net (GoogleCloudPlatform#2953) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.33.0 to 0.36.0. - [Commits](golang/net@v0.33.0...v0.36.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * feat(artifact-registry): Add possibility to setup Docker common remote repository configuration (GoogleCloudPlatform#2952) * feat(artifact-registry): Add possibility to setup Docker common remote repository configuration Add the possibility to setup Docker common remote repository configuration to be able to have remote of internal Artifact Registry repository. * feat(artifact-registry): Add instructions Readme to setup simple Docker common remote repository configuration * Update GKE addons and features (GoogleCloudPlatform#2956) * Update GKE addons and features * Fix tests * Fix subnet schema in net-vpc module & hybrid subnets example implementation (GoogleCloudPlatform#2958) * Fixed subnet schema by adding "allow_subnet_cidr_routes_overlap" field * Implemented hybrid subnets code example and test code * Rationalize project factory context interpolations for automation service accounts (GoogleCloudPlatform#2959) * use different keys for automation service accounts * inventory * improve error handling on automation buckets * Pass edition and other parameters to replicas * update FAST diagram (GoogleCloudPlatform#2961) * Adding enterprise_config -> desired_tier feature to GKE autopilot and standard (GoogleCloudPlatform#2962) Add * Fix broken upgrades of TF provider for routes * Revert "Fix broken upgrades of TF provider for routes" This reverts commit 7f58f1a. * Add custom routes for directpath to net-vpc module (GoogleCloudPlatform#2966) * add custom routes for directpath to net-vpc module * blueprint tests * blueprint tests * blueprint tests * fast tests * tfdoc * module examples * Allow to specify function egress settings without using a VPC connector (GoogleCloudPlatform#2967) * Add example with transparent proxy and E2E test * update changelog * Bump golang.org/x/net (GoogleCloudPlatform#2969) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.33.0 to 0.36.0. - [Commits](golang/net@v0.33.0...v0.36.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump google.golang.org/protobuf (GoogleCloudPlatform#2970) Bumps google.golang.org/protobuf from 1.28.1 to 1.33.0. --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump google.golang.org/grpc (GoogleCloudPlatform#2971) Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.53.0 to 1.56.3. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.53.0...v1.56.3) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * net-lb-app-* support any ports now * hotfix push subscription in pubsub module (GoogleCloudPlatform#2974) * Fix issue 2978 (GoogleCloudPlatform#2981) * Fix issue 2978 * Fix linting * v38.1.0 * compute-vm: Add graceful shutdown configuration and some missing GPUs. * Update list of GPUs. * Mongodb Atlas project template (GoogleCloudPlatform#2986) * mongodb project definition * wip * add psc output to net-address module * wip * wip * initial README, test * remove providers file * boilerplate * tfdoc * test * fix unrelated test * outputs, better README * Improve SecOps Anonymization pipeline (GoogleCloudPlatform#2988) * update secops anonymization pipeline with new chronicle APIs * improvements to doc for secops anonymization pipeline --------- Co-authored-by: Ludovico Magnocavallo <[email protected]> * Project object c14n in separte file Create separate file for canonicalization of project factory objects and introduce duplicate-diff lint checker. * update changelog * Add requireInvokerIam constraint to the polices to prevent public exposure of Cloud Run services * feat: add gcp_public_cidrs_access_enabled to gke-cluster-{autopilot,standard} (GoogleCloudPlatform#2993) * Improve failure message * Fr/timhiatt/invoker iam disable (GoogleCloudPlatform#2994) * Staging the New Variable change and the flag endablement for 'invoker_iam_disabled' in the 'google_cloud_run_v2_service' resouece associated with the 'cloud-run-v2' module. * Updating tfdocs to include the new variables for the 'invoker_iam_disabled' flag in the 'google_cloud_run_v2_service' resource in module 'cloud-run-v2' * Updating the testing in the readme for the cloud-run-v2 module. * Fixing an issue with links in README.md Docs * Fixing README.md linting. * Fix Cloud SQL deployment and use local remote docker hub for pulling gitlab docker image (GoogleCloudPlatform#2989) fix gitlab blueprint add docker remote registry * Allow disabling GKE IP endpoints and setting GKE VPC scope DNS domain (GoogleCloudPlatform#2997) * Allow disabling IP access to GKE control plane * Add additive VPC scope DNS domain to gke clusters * Fix typo * Bump provider to 6.27.0 * Update readme * Add roles support to VPC-SC (GoogleCloudPlatform#3000) * cross-project serverless neg example (GoogleCloudPlatform#3003) * Add support for non-destructive tag bindings to compute-vm module (GoogleCloudPlatform#3004) * wip * add support for tag bindings * tfdoc * improve example * tfdoc * Fix stage-3 CICD SA access (GoogleCloudPlatform#3005) * Update VPC-SC README (GoogleCloudPlatform#3006) Fixes GoogleCloudPlatform#2983 * Implement support for VPC-SC perimeter membership from project factory (GoogleCloudPlatform#3007) * support project factory-level vpc-sc perimeter interpolation * fix ro role * add support for IAM on service accounts * fix typo * allow external config of restricted services base set in vpc-sc stage (GoogleCloudPlatform#3009) * Add support to attach tags to service accounts (GoogleCloudPlatform#3008) * Remove service account key upload. Add create_ignore_already_exists * Add tag bindings to service accounts * Add description to create_ignore_already_exists * Remove broken links * Add trusted images projects * Use factory-projects-object for project object normalization * Use the same keys in output as in input for projects * Add type information to project_config attributes * Use null values for data_overrides * Add tests for data_defaults / data_overrides * Allow null parent and prefix * Allow same filename in different directories As long, as they do override default project name using `name`. * Ensure vpc_sc has correct type for overrides * fix merge * Properly support org policy tags in resman/project factory (GoogleCloudPlatform#3014) * allow setting IAM for org policy tags, add org policy tags to pf context * allow tag id substitution * tfdoc * Added variable for activating nat and implementation in google_apigee… (GoogleCloudPlatform#2999) * Added variable for activating nat and implementation in google_apigee_net_address resource * Regenerated readme * Added tests for nat & activation * Removed unnecessary coalesce * Fixed test params * Added test to confirm activate is working * Add OKTA WIF provider definition (GoogleCloudPlatform#3015) Co-authored-by: Julio Castillo <[email protected]> * Enable storage.restrictAuthTypes org policy (GoogleCloudPlatform#3017) * [FAST] Remove object creator permission from storage viewer custom role (GoogleCloudPlatform#3020) * allow configuring dns zone names in FAST networking stages (GoogleCloudPlatform#3021) * Module: net-vpc-factory (GoogleCloudPlatform#2982) This pull request introduces the `net-vpc-factory` module. This new factory handles: * Project setup (most of what's supported by the `project` module) * VPC setup * Routing * Subnets * Connectivity options * NCC (hub, VPC spokes and VPN hybrid spokes) * Peerings * VPN (GCP-to-onprem and GCP-to-GCP) * NAT (everything supported by the `net-cloudnat` module) * DNS (everything supported by the `dns` module) * Firewall (everything supported by the `net-vpc-firewall` module) * Use factory-projects-object to normalize inputs for project module * Replace all instances of stackdriver.googleapis.com with log+mon (GoogleCloudPlatform#3022) Replace all instances of stackdriver.googleapis.com with logging.googleapis.com and monitoring.googleapis.com. Fixes GoogleCloudPlatform#2932 * SecOps Anonymization improvements (GoogleCloudPlatform#3013) * update secops anonymization pipeline with new chronicle APIs * secops-rules module (GoogleCloudPlatform#3023) * secops-rules module * Apply recent changes to factory-projects-object.tf to vpc-factory * Add FAST to Python linting check (GoogleCloudPlatform#3026) * turn on Python linting for fast * remove secops.py --------- Co-authored-by: bruzzechesse <[email protected]> * add tag binding for stage folder config (GoogleCloudPlatform#3028) * add tag binding for stage folder config * update readme * address comment --------- Co-authored-by: Ludovico Magnocavallo <[email protected]> * Allow IAP configuration with default IdP Load balancers can be configured with IAP-enabled backends. They can either be configured to use external Identity Providers (IdP) or to use Cloud Identity. The latter is the default and is used when the OAuth2 parameters are not specified. The iap_config parameter in the backend_service_configs variable already supported the external IdP option, but did not support the default one. * Use path as keys in project factory * Use path as keys in project factory * Update CICD section of 0-bootstrap. (GoogleCloudPlatform#3032) Update CICD section of 0-bootstrap. Fixes GoogleCloudPlatform#2930 * PF SA fix for budget alert (GoogleCloudPlatform#3036) Allowing PF RO SA to parse budget alerts * Added recipe HA VPN between AWS and GCP (GoogleCloudPlatform#3034) * Added recipe HA VPN between AWS and GCP * Fix typo * Update providers to work without credentials * Add AWS resource to tools/lockfile/main.tf * Fixed error in recipe docs --------- Co-authored-by: Julio Castillo <[email protected]> * Add vulnerability scanning to artifact registry module (GoogleCloudPlatform#3040) * Add vulnerability scanning to artifact registry module * make variable nullable = false * tfdoc --------- Co-authored-by: Luca Prete <[email protected]> * Add managed Kafka (GoogleCloudPlatform#3035) * Add managed Kafka project template with configuration and variable definitions * Refactor managed Kafka configuration to use a single kafka_config object for improved clarity and maintainability * Add Apache License 2.0 header to managed Kafka template files * Update README and add project.yaml for Managed Kafka cluster setup * Update README to skip tftest validation for managed Kafka module * update changelog * rename stage_config output/variables to stage_configs (GoogleCloudPlatform#3042) * Pathexpand all factory data paths (GoogleCloudPlatform#3033) * Pathexpand all factory data paths * fix net monitoring paths * fix file paths --------- Co-authored-by: Ludovico Magnocavallo <[email protected]> * Bump golang.org/x/net (GoogleCloudPlatform#3043) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.36.0 to 0.38.0. - [Commits](golang/net@v0.36.0...v0.38.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-version: 0.38.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix names in project factory automation resources (GoogleCloudPlatform#3046) * 2-secops stage (GoogleCloudPlatform#3038) * new 2-secops stage * new 3-secops-dev stage --------- Co-authored-by: Ludovico Magnocavallo <[email protected]> * Fix dependabot reported vulnerability * streamline vpc-sc moved file * prepare v38.2.0 * prepare v39.0.0 * New Dataplex Aspect Types module (GoogleCloudPlatform#3050) * README and tests missing * default location value * tested * READMEs * Fix serverless NEG example in net-lb-app-ext (GoogleCloudPlatform#3049) * update changelog * Add ability to reuse existing projects in project factory (GoogleCloudPlatform#3051) * Updated network config variables in GKE node pool (GoogleCloudPlatform#3052) * rename dataplex aspects module (GoogleCloudPlatform#3053) * New Managed Kafka module (GoogleCloudPlatform#3054) * default scanning to null (GoogleCloudPlatform#3056) * [cloud-run-v2] Add ability to control code deployments outside Terraform * better cert manager examples (GoogleCloudPlatform#3059) * update changelog * Add deletion_policy to project-factory module (GoogleCloudPlatform#3060) * Add deletion_policy to project-factory module * Use project deletion_policy in object normalization * Replicate changes in net-vpc-factory --------- Co-authored-by: Julio Castillo <[email protected]> * Enable repd tag bindings in compute-vm module (GoogleCloudPlatform#3063) * enable repd tag bindings in compute-vm module * tfdoc * fix reference to boot disk in snapshots when using independent disks * New FAST data platform (GoogleCloudPlatform#3066) * copy from broken dp dev branch * remove extra excalidraw file * fix networking yaml * tfdoc * tfdoc * nuke old data platform * fix tests * tests * tflint * high level diagram * make location optional in composer schema * add composer outputs * docs * remove schema docs * tfdoc * update service agent encryption composer def for composer 3 * encryption keys * typo * typo * fix security IAM * inventory * tflint * Fix roles and diagram. * Fix tflint * Fix test DP. * Fix test * Diagrams excalidraw gz --------- Co-authored-by: lcaggio <[email protected]> * update changelog * fix permadiff after apply * [cloudsql-instance] Add cloudsql_iam_authentication flag to fix example in readme (GoogleCloudPlatform#3069) Co-authored-by: Luca Prete <[email protected]> * prep v39.1.0 * prep v40.0.0-rc1 * JSON schema documentation tool (GoogleCloudPlatform#3070) * wip * wip * wip * generate schema docs * formatting * typo * fix details * fix details * revert dp change * tfdoc * Added versions.tf to net-vpc-factory (GoogleCloudPlatform#3073) * [cloud-run-v2] Add ability to deploy OpenTelemetry Collector sidecar (GoogleCloudPlatform#3071) * [cloud-run-v2] Add ability to deploy OpenTelemetry Collector sidecar - Adds `depends_on` flag to container definition - Adds `port` to HTTP liveness & startup probes * fix: add port to unmanaged resource's startup & liveness probes * fix: add copyright boilerplate * Fix README --------- Co-authored-by: Julio Castillo <[email protected]> * Fix no VPC composer scenario and roles (GoogleCloudPlatform#3075) Fix no VPC composer scenario and roles * AlloyDB read poll support and various usability fixes (GoogleCloudPlatform#3061) * AlloyDB read poll support and various usability fixes * Added support for read poll instances. * Added support for public (outbound) IPs. * Added new arguments: `machine_type`, `skip_await_major_version_upgrade`, and `subscription_type`. * Added outputs for key cluster attributes, including ID and name. * Improved input variable validations and simplified configurations. * Fixed bug where AlloyDB user accounts always had null passwords. * Resolved Terraform state drift issues for `network_config` and `psc_config`. * Fixed `continuous_backup_config` always being implicitly or explicitly enabled. * Fixed `automated_backup_policy` and `maintenance_update_policy`, which do not support non-zero minutes, seconds and nanos. * Fixed various typos. * Aligned the format of test examples. * Fixed invalid condition: authorized external networks require enabled public IP, however enabled public IP can have empty authorized external networks * Formatting * Fix PSA block --------- Co-authored-by: Julio Castillo <[email protected]> * VPC SC module refactor (GoogleCloudPlatform#3062) * Remove bridge perimeters * Update FAST stages * Allow project ids in perimeter definitions * Preserve order order for ingress/egress policies * Use CAI * Use CAI * Fix tests * Add ability to optionally update Cloud Run job containers outside Terraform. Co-authored-by: Luca Prete <[email protected]> * Map secops group to security by default (GoogleCloudPlatform#3080) * Map secops group to security by default * Update readmes * Fix bootstrap inventories * bug: mark policy_controller as optional (GoogleCloudPlatform#3086) * bug: mark policy_controller as optional * Fix documentation --------- Co-authored-by: Julio Castillo <[email protected]> * Fix permadiff in FAST bootstrap IAM (GoogleCloudPlatform#3089) * Add ability to optionally update Cloud Run job containers outside Terraform. Co-authored-by: Luca Prete <[email protected]> * bug: mark policy_controller as optional (GoogleCloudPlatform#3086) * bug: mark policy_controller as optional * Fix documentation --------- Co-authored-by: Julio Castillo <[email protected]> * fix bootstrap permadiff * inventory * inventory --------- Co-authored-by: Luca Prete <[email protected]> Co-authored-by: Luca Prete <[email protected]> Co-authored-by: Falcon Taylor-Carter <[email protected]> Co-authored-by: Julio Castillo <[email protected]> * relax wif org policy in IaC project (GoogleCloudPlatform#3090) * fix: remove file starting by 1 and 2 to avoid copying 1-resman-provid… (GoogleCloudPlatform#2944) * fix: remove file starting by 1 and 2 to avoid copying 1-resman-providers.tf, 2-project-factory-providers.tf ... * feat: add schemas to repository files --------- Co-authored-by: Ludovico Magnocavallo <[email protected]> * Add GitLab SaaS support in fast/extras/0-cicd-gitlab (GoogleCloudPlatform#3088) * feat: add support to SaaS gitlab instance * fix: fmt terraform * Update README.md * fix: validation && add gitlab url local * fix: adapt readme.md to include gitlab_config modifications --------- Co-authored-by: Ludovico Magnocavallo <[email protected]> Co-authored-by: Ludovico Magnocavallo <[email protected]> * Add support for additive perimeter resources to vpc-sc module (GoogleCloudPlatform#3093) * add support for additive perimeter resources * FAST stage variable * feat(gke): add kubelet_readonly_port_enabled (GoogleCloudPlatform#3092) Thanks for this! * Enable context replacements for IAM principals in project factory module (GoogleCloudPlatform#3094) * enable context replacements for iam principals in pf module * test changes * Enable multi-network GKE (GoogleCloudPlatform#3096) * feat: enable multi networking feature * enable multi nerworking * enable multi nerworking * fmt * regenerate docs * feat: enables multinetwork in autopilot clusters * Make automation project in project factory module optional (GoogleCloudPlatform#3091) * Disable creation of bridge perimeters (GoogleCloudPlatform#3098) * Disable creation of bridge perimeters * Simplify bootsstrap test manifests * Fix net vpc firewall module schema (GoogleCloudPlatform#3099) * fix ports in net vpc firewall module schema * default ports to [] * Simplify Cloud SQL backup enablement logic * Project Factory: fix reference to automation SAs in IAM block for service accounts (GoogleCloudPlatform#3100) * PF: fix reference to automation SAs in IAM block in service accounts for PF * add test --------- Co-authored-by: Luca Prete <[email protected]> Co-authored-by: Ludo <[email protected]> * feat: enables blue-green upgrades (GoogleCloudPlatform#3102) * Added auto-provisioning-locations to gke-cluster-standard module (GoogleCloudPlatform#3103) * prep v39.2.0 * Improves fast/data-platform-ng README for clarity (GoogleCloudPlatform#3074) * Improves Data Platform README for clarity * Quick fix to table of contents capitalization * Fix broken link to stages README.md * Fix broken link to stages README.md * Add 2 diagrams. * Update README. * Update README. * Fix section headings in README for consistency * Clarify implementation details in README regarding Data Mesh principles and FAST stage integration * Reposition folder structure diagram * Remove Resource Hierarchy Overview section from README * Remove diagram_resman.png from data platform development stage * Update diagrams in README for Data Platform stage * Refine descriptions of logical components in Data Platform architecture * Refine README and configuration files for Data Platform stage, enhancing clarity and consistency in descriptions and structure. * Add section for Provider and Terraform variables in README * Remove demo files and configurations for Data Platform stage * Fix file paths in IAM management references in README * Add IAM principal for dp-platform and update resource counts in test files * Update README to fix folder structure diagram order and alignment * Fix capitalization and team naming inconsistencies in README * Add note on IAM permissions review for production deployment in README * Refactor IAM roles for dp-platform group in terraform.tfvars.sample * Fix bucket name in product-0.yaml from 'exposed-ew8' to 'exposed' --------- Co-authored-by: lcaggio <[email protected]> Co-authored-by: Ludovico Magnocavallo <[email protected]> * Revert "Make automation project in project factory module optional (GoogleCloudPlatform#3091)" (GoogleCloudPlatform#3106) This reverts commit 33493b3. * Add fast_version.txt to FAST stages (GoogleCloudPlatform#3107) * Add fast_versions.txt file * Fix versions.tf module path * Fix linter * Add version tracking files to FAST (GoogleCloudPlatform#3108) * Add version tracking files to FAST * tfdoc * Update test counts * inventories * tfdoc --------- Co-authored-by: Julio Castillo <[email protected]> * Prep release 40.1.0 * Support iam_sa_roles in project factory service accounts (GoogleCloudPlatform#3110) * support iam_sa_roles to project factory service accounts * README * update changelog --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: Ludo <[email protected]> Co-authored-by: Wiktor Niesiobędzki <[email protected]> Co-authored-by: karpok78 <[email protected]> Co-authored-by: ZoranBatman <[email protected]> Co-authored-by: Zoran Zaric <[email protected]> Co-authored-by: Julio Castillo <[email protected]> Co-authored-by: Simon Roberts <[email protected]> Co-authored-by: simonebruzzechesse <[email protected]> Co-authored-by: jacklever-hub24 <[email protected]> Co-authored-by: Jack Lever <[email protected]> Co-authored-by: Simone Ruffilli <[email protected]> Co-authored-by: Daniel Strebel <[email protected]> Co-authored-by: Nathalie <[email protected]> Co-authored-by: Peter Norton <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: dgourillon <[email protected]> Co-authored-by: Ludovico Magnocavallo <[email protected]> Co-authored-by: JayKim <[email protected]> Co-authored-by: Antoine Méausoone <[email protected]> Co-authored-by: Giovanni Galloro <[email protected]> Co-authored-by: javiergp <[email protected]> Co-authored-by: Laurent Al Hossri <[email protected]> Co-authored-by: Wiktor Niesiobędzki <[email protected]> Co-authored-by: Tone <[email protected]> Co-authored-by: Samuele Perticarari <[email protected]> Co-authored-by: Federico Preli <[email protected]> Co-authored-by: Luca Prete <[email protected]> Co-authored-by: LFicteam <[email protected]> Co-authored-by: Taneli Leppä <[email protected]> Co-authored-by: Marco Cadetg <[email protected]> Co-authored-by: Tim Hiatt <[email protected]> Co-authored-by: Matt <[email protected]> Co-authored-by: bruzzechesse <[email protected]> Co-authored-by: Sepehr Javid <[email protected]> Co-authored-by: Stefano Tribioli <[email protected]> Co-authored-by: apichick <[email protected]> Co-authored-by: Luca Prete <[email protected]> Co-authored-by: Francisco P <[email protected]> Co-authored-by: Tyler Sommer <[email protected]> Co-authored-by: lcaggio <[email protected]> Co-authored-by: Charles Salmon <[email protected]> Co-authored-by: Viliam Pucik <[email protected]> Co-authored-by: Falcon Taylor-Carter <[email protected]> Co-authored-by: Laurent Al Hossri <[email protected]> Co-authored-by: 6uellerBpanda <[email protected]> Co-authored-by: Maciej Sikora <[email protected]> Co-authored-by: Jay Bana <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #3085
This also pulls in recent master changes to fast-dev.