DRAFT - Adds secure-cloud-run example #51
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
mitchelljamie
requested review from
a team,
prabhu34,
anamer and
mitchelljamie
as code owners
amandakarina
added a commit
to amandakarina/terraform-google-cloud-run
that referenced
this pull request
Mar 2, 2023
* Initial commit * Updated README * [Fix] Review Comments addressed * Updated README and variables * Removed iam_binding from CHANGELOG * Review comments addressed * Test case and README updated * Updated IAM Role and README * chore: release 0.1.0 Release-As: 0.1.0 * chore: switch to release-please action (GoogleCloudPlatform#14) * Revert "chore: switch to release-please action (GoogleCloudPlatform#14)" (GoogleCloudPlatform#17) This reverts commit d06513c. * chore: fix release-please config * chore: fix readme to match release version (GoogleCloudPlatform#16) * chore: release 0.1.0 (GoogleCloudPlatform#18) Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com> * fix: Updates to README and descriptions (GoogleCloudPlatform#19) * fix: Updates to README and descriptions * fix: domain map resource * Update README.md Co-authored-by: Bharath KKB <bbaiju@google.com> Co-authored-by: Bharath KKB <bbaiju@google.com> * chore: Added CODEOWNERS * chore: release 0.1.1 (GoogleCloudPlatform#20) Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com> * feat: update TPG version constraints to allow 4.0 (GoogleCloudPlatform#25) * feat: update TPG version constraints to allow 4.0 * skip verify version * chore(main): release 0.2.0 (GoogleCloudPlatform#26) Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com> * chore: update readme to reflect TPG version constraints (GoogleCloudPlatform#27) * feat: add cmek support (GoogleCloudPlatform#33) * Add CMEK variable, add configuration to template_annotations to support CMEK configuration * Add description to variable * Add example and test fixture * Adds integration test for cloud run + cmek example * Adds integration test * Fixes linting issues * Fix typo * Fix code review issues * Change mode to get annotations * Fix software requirements for cmek example * Fix code review issues: remove commented code, remove swap step in integration build, fix readme title for new example * fix: Set default container limits and concurrency value (GoogleCloudPlatform#31) * Set default container limits and concurrency value * Update README.md Update defaults to match new variables file * Fixed limits variable block * variables.tf formatting * terraform fmt * generated docs * updates variables to null * generated_docs Co-authored-by: Jonathan Greger <jmgreger@google.com> * chore(main): release 0.3.0 (GoogleCloudPlatform#34) Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com> * Adds initial version of security cloud run security module * Adds meta info * Test enabling compute engine api * Keeps default service account enabled * Removes compute sa keep test * Fixed code review issues, add vscode files on gitignore * chore: Add service account creation in each example (GoogleCloudPlatform#38) * Adds service account creation in each example * Updates README * Fixes linting * Adds initial version of security cloud run core module * Updating Cloud Armor rules to version 3.3 * chore: add anamer to CODEOWNERS (GoogleCloudPlatform#44) Requesting approval and merge permissions to this repo. * Apply suggestions from code review Co-authored-by: Daniel Andrade <dandrade@ciandt.com> Co-authored-by: Bharath KKB <bharathkrishnakb@gmail.com> * renaming serverless_project_id variable to project_id * removing unnecessary outputs * update source to point to registry paths * updating source to point to local module * update source to point to registry paths * update source to point to local module * update owasp_rules variable description * updating value signal * fix lint * chore: add mitchelljamie to CODEOWNERS (GoogleCloudPlatform#47) * Add 'secure-cloud-run-net' sub-module (GoogleCloudPlatform#40) * Module cloud-run-net * Remove null default variable for subnet_name * Update readme * Moving source and target tags to locals. * Using module to create firewall rules. * Lint fixes. * Add comparison for the connectors on readme * BYO subnet * Log config for subnetwork. * User customization for flow_sampling. * Fixes for connector and subnetwork. * Fix lint. * secure-cloud-run-net fixes. (GoogleCloudPlatform#49) * Change connector_on_host_project variable default to false. * Change SA role to networkUser. * Update readme. * Adds secure-cloud-run main submodule (GoogleCloudPlatform#48) * Adding secure-cloud-run submodule * removing provider beta from google_artifact_registry_repository_iam_member * adding defaults for resources which we do not need explicitly need from the user. * Providing defaults for all of the resource which we do not need explicitly need from the user. * chanign resource google_project_service for modules/project_services * updating serverless_negs version * adding create_subnet variable on secure-cloud-run module * switching permission validation for artifact_registry * adding domain variable on secure-cloud-run module * Adding option to setup where org-policies will be applied (GoogleCloudPlatform#50) adding option to setup where org-policies will be applied * DRAFT - Adds secure-cloud-run example (GoogleCloudPlatform#51) * Adds secure-cloud-run example * fixing lint * fixing lint and outputs * adding integration tests for org-policies location * Including support to Secrets Manager (GoogleCloudPlatform#52) * including support to Secrets Manager * Updating README.md and removing annotations variables * adding missing variables on main.tf * Removing env_secret_vars * removing empty service_account_email variable * Update README.md (GoogleCloudPlatform#45) * Update README.md Environment variables (Secret Manager) is now GA * chore: updated variable * chore: updated beta variables Co-authored-by: prabhu34 <18209477+prabhu34@users.noreply.github.com> * Adds submodule for secure harness creation (GoogleCloudPlatform#54) * Adds submodule for secure harness creation * Fixes output * fix issue: rule_canary should likely be called rule_rce (GoogleCloudPlatform#57) * Add secure standalone example (GoogleCloudPlatform#55) * Adds submodule for secure harness creation * Adds standalone example * Fixes output * Adds discover test * Fixes test command line * Fixes discover location * Updates go.mod * Adds accesscontextmanager.googleapis.com * Adds access context manager on setup project * Comment previous steps in build * uncomment build steps * Comment steps * Adds organization policy admin role * Fixes org_iam_member * Uncomment steps * Fix domain variable * Removes init credential * Fixes access policy * Adds folder creator * Enables billing API * Undo changes on setup for standalone * Removes dependency of prepare step * Removes env var * Adds folder admin, policy admin and billing user for setup SA * Adds cloud billing to be enabled * Adds init_credentials * Adds project creator and deleter * Adds service account on perimeter * Fixes variable * Grant Org Policy admin * Uncomment build steps * Fixes indentation * Adds sleep when destroying * Adds time_sleep in service perimeter * Improves Harness and Standalone READMEs (GoogleCloudPlatform#58) Improves Harness and Standalone readmes * Feat/integration tests for secure cloud run (GoogleCloudPlatform#56) * Adds integration tests for secure_cloud_run example * fix lint * fix impersionate * fix impersonate position * changing terraformSA call * split terraformSA * setting access-context-manager on int.cloudbuild * fixing cloudbuild syntax * fixes concurrency errors in build * fixes SA for terraform * increasing time_sleep * test:removing kms integration tests * adding impersonate to KMS test * reset and update ip_cidr_range variable * fix missing fields * Adds instructions in cloud run core sub-module (GoogleCloudPlatform#59) * Adds instructions in cloud run core sub-module * Fixes missing variables * Adds requirements on secure-cloud-run-net module (GoogleCloudPlatform#60) * fixes requirements section place (GoogleCloudPlatform#61) Adds Requirements in secure-cloud-run-security sub-module * Standalone updates - Readmes and variables (GoogleCloudPlatform#62) * Readme and variables update to standalone and harness * Secure-cloud-run readme update (GoogleCloudPlatform#63) * Adds usage steps at README * update README for secure-cloud-run module * fix readme lint * fix lint * update variable description * retry build * Fix some minor issues * Fix lint Co-authored-by: Samir-Cit <samir@ciandt.com> * Changes services accounts/identities description (GoogleCloudPlatform#64) * Adds provider to standalone example. (GoogleCloudPlatform#65) * Adds provider to secure_cloud_run_standalone example * fixing providers for standalone example * Adds improvements to access_context_manager (GoogleCloudPlatform#70) * Fix roles - example/secure-cloud-run (GoogleCloudPlatform#68) Fix roles for secure-cloud-run example - README.md * Readme to customize Foundation v2.3.1 for Secure Cloud Run (GoogleCloudPlatform#66) * chore: update .github/renovate.json * feat/Allow to map multiple subdomains on CloudRun main module (GoogleCloudPlatform#72) Allow to add a list of subdomains on CloudRun main module Co-authored-by: Jamie Mitchell <95890357+mitchelljamie@users.noreply.github.com> * chore: update .github/workflows/stale.yml * Remove hardcoded values for scaling on Cloud Run (GoogleCloudPlatform#74) * feat: added variables for mix/max container instances * feat: added variable to specify egress rules * Adds flag to disable cloud armor creation and add variable to re-use one (GoogleCloudPlatform#73) * Adds flag to disable cloud armor creation and add variable to re-use an existing cloud armor Co-authored-by: prabhu34 <18209477+prabhu34@users.noreply.github.com> Co-authored-by: bharathkkb <bharathkrishnakb@gmail.com> Co-authored-by: Bharath KKB <bbaiju@google.com> Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com> Co-authored-by: Wybren Kortstra <Langstra@users.noreply.github.com> Co-authored-by: Jonathan Greger <43762185+jmgreger@users.noreply.github.com> Co-authored-by: Jonathan Greger <jmgreger@google.com> Co-authored-by: Renato Rudnicki <renatojr@ciandt.com> Co-authored-by: Assaf Namer <assaf.namer@gmail.com> Co-authored-by: Renato Rudnicki <77694243+renato-rudnicki@users.noreply.github.com> Co-authored-by: Daniel Andrade <dandrade@ciandt.com> Co-authored-by: Jamie Mitchell <95890357+mitchelljamie@users.noreply.github.com> Co-authored-by: Samir Ribeiro <42391123+Samir-Cit@users.noreply.github.com> Co-authored-by: Samir-Cit <samir@ciandt.com> Co-authored-by: CFT Bot <cloud-foundation-bot@google.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds secure-cloud-run example and its integration tests in Golang.