Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Sync with public repo (GoogleCloudPlatform#46)
* Initial commit * Updated README * [Fix] Review Comments addressed * Updated README and variables * Removed iam_binding from CHANGELOG * Review comments addressed * Test case and README updated * Updated IAM Role and README * chore: release 0.1.0 Release-As: 0.1.0 * chore: switch to release-please action (GoogleCloudPlatform#14) * Revert "chore: switch to release-please action (GoogleCloudPlatform#14)" (GoogleCloudPlatform#17) This reverts commit d06513c. * chore: fix release-please config * chore: fix readme to match release version (GoogleCloudPlatform#16) * chore: release 0.1.0 (GoogleCloudPlatform#18) Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com> * fix: Updates to README and descriptions (GoogleCloudPlatform#19) * fix: Updates to README and descriptions * fix: domain map resource * Update README.md Co-authored-by: Bharath KKB <bbaiju@google.com> Co-authored-by: Bharath KKB <bbaiju@google.com> * chore: Added CODEOWNERS * chore: release 0.1.1 (GoogleCloudPlatform#20) Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com> * feat: update TPG version constraints to allow 4.0 (GoogleCloudPlatform#25) * feat: update TPG version constraints to allow 4.0 * skip verify version * chore(main): release 0.2.0 (GoogleCloudPlatform#26) Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com> * chore: update readme to reflect TPG version constraints (GoogleCloudPlatform#27) * feat: add cmek support (GoogleCloudPlatform#33) * Add CMEK variable, add configuration to template_annotations to support CMEK configuration * Add description to variable * Add example and test fixture * Adds integration test for cloud run + cmek example * Adds integration test * Fixes linting issues * Fix typo * Fix code review issues * Change mode to get annotations * Fix software requirements for cmek example * Fix code review issues: remove commented code, remove swap step in integration build, fix readme title for new example * fix: Set default container limits and concurrency value (GoogleCloudPlatform#31) * Set default container limits and concurrency value * Update README.md Update defaults to match new variables file * Fixed limits variable block * variables.tf formatting * terraform fmt * generated docs * updates variables to null * generated_docs Co-authored-by: Jonathan Greger <jmgreger@google.com> * chore(main): release 0.3.0 (GoogleCloudPlatform#34) Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com> * Adds initial version of security cloud run security module * Adds meta info * Test enabling compute engine api * Keeps default service account enabled * Removes compute sa keep test * Fixed code review issues, add vscode files on gitignore * chore: Add service account creation in each example (GoogleCloudPlatform#38) * Adds service account creation in each example * Updates README * Fixes linting * Adds initial version of security cloud run core module * Updating Cloud Armor rules to version 3.3 * chore: add anamer to CODEOWNERS (GoogleCloudPlatform#44) Requesting approval and merge permissions to this repo. * Apply suggestions from code review Co-authored-by: Daniel Andrade <dandrade@ciandt.com> Co-authored-by: Bharath KKB <bharathkrishnakb@gmail.com> * renaming serverless_project_id variable to project_id * removing unnecessary outputs * update source to point to registry paths * updating source to point to local module * update source to point to registry paths * update source to point to local module * update owasp_rules variable description * updating value signal * fix lint * chore: add mitchelljamie to CODEOWNERS (GoogleCloudPlatform#47) * Add 'secure-cloud-run-net' sub-module (GoogleCloudPlatform#40) * Module cloud-run-net * Remove null default variable for subnet_name * Update readme * Moving source and target tags to locals. * Using module to create firewall rules. * Lint fixes. * Add comparison for the connectors on readme * BYO subnet * Log config for subnetwork. * User customization for flow_sampling. * Fixes for connector and subnetwork. * Fix lint. * secure-cloud-run-net fixes. (GoogleCloudPlatform#49) * Change connector_on_host_project variable default to false. * Change SA role to networkUser. * Update readme. * Adds secure-cloud-run main submodule (GoogleCloudPlatform#48) * Adding secure-cloud-run submodule * removing provider beta from google_artifact_registry_repository_iam_member * adding defaults for resources which we do not need explicitly need from the user. * Providing defaults for all of the resource which we do not need explicitly need from the user. * chanign resource google_project_service for modules/project_services * updating serverless_negs version * adding create_subnet variable on secure-cloud-run module * switching permission validation for artifact_registry * adding domain variable on secure-cloud-run module * Adding option to setup where org-policies will be applied (GoogleCloudPlatform#50) adding option to setup where org-policies will be applied * DRAFT - Adds secure-cloud-run example (GoogleCloudPlatform#51) * Adds secure-cloud-run example * fixing lint * fixing lint and outputs * adding integration tests for org-policies location * Including support to Secrets Manager (GoogleCloudPlatform#52) * including support to Secrets Manager * Updating README.md and removing annotations variables * adding missing variables on main.tf * Removing env_secret_vars * removing empty service_account_email variable * Update README.md (GoogleCloudPlatform#45) * Update README.md Environment variables (Secret Manager) is now GA * chore: updated variable * chore: updated beta variables Co-authored-by: prabhu34 <18209477+prabhu34@users.noreply.github.com> * Adds submodule for secure harness creation (GoogleCloudPlatform#54) * Adds submodule for secure harness creation * Fixes output * fix issue: rule_canary should likely be called rule_rce (GoogleCloudPlatform#57) * Add secure standalone example (GoogleCloudPlatform#55) * Adds submodule for secure harness creation * Adds standalone example * Fixes output * Adds discover test * Fixes test command line * Fixes discover location * Updates go.mod * Adds accesscontextmanager.googleapis.com * Adds access context manager on setup project * Comment previous steps in build * uncomment build steps * Comment steps * Adds organization policy admin role * Fixes org_iam_member * Uncomment steps * Fix domain variable * Removes init credential * Fixes access policy * Adds folder creator * Enables billing API * Undo changes on setup for standalone * Removes dependency of prepare step * Removes env var * Adds folder admin, policy admin and billing user for setup SA * Adds cloud billing to be enabled * Adds init_credentials * Adds project creator and deleter * Adds service account on perimeter * Fixes variable * Grant Org Policy admin * Uncomment build steps * Fixes indentation * Adds sleep when destroying * Adds time_sleep in service perimeter * Improves Harness and Standalone READMEs (GoogleCloudPlatform#58) Improves Harness and Standalone readmes * Feat/integration tests for secure cloud run (GoogleCloudPlatform#56) * Adds integration tests for secure_cloud_run example * fix lint * fix impersionate * fix impersonate position * changing terraformSA call * split terraformSA * setting access-context-manager on int.cloudbuild * fixing cloudbuild syntax * fixes concurrency errors in build * fixes SA for terraform * increasing time_sleep * test:removing kms integration tests * adding impersonate to KMS test * reset and update ip_cidr_range variable * fix missing fields * Adds instructions in cloud run core sub-module (GoogleCloudPlatform#59) * Adds instructions in cloud run core sub-module * Fixes missing variables * Adds requirements on secure-cloud-run-net module (GoogleCloudPlatform#60) * fixes requirements section place (GoogleCloudPlatform#61) Adds Requirements in secure-cloud-run-security sub-module * Standalone updates - Readmes and variables (GoogleCloudPlatform#62) * Readme and variables update to standalone and harness * Secure-cloud-run readme update (GoogleCloudPlatform#63) * Adds usage steps at README * update README for secure-cloud-run module * fix readme lint * fix lint * update variable description * retry build * Fix some minor issues * Fix lint Co-authored-by: Samir-Cit <samir@ciandt.com> * Changes services accounts/identities description (GoogleCloudPlatform#64) * Adds provider to standalone example. (GoogleCloudPlatform#65) * Adds provider to secure_cloud_run_standalone example * fixing providers for standalone example * Adds improvements to access_context_manager (GoogleCloudPlatform#70) * Fix roles - example/secure-cloud-run (GoogleCloudPlatform#68) Fix roles for secure-cloud-run example - README.md * Readme to customize Foundation v2.3.1 for Secure Cloud Run (GoogleCloudPlatform#66) * chore: update .github/renovate.json * feat/Allow to map multiple subdomains on CloudRun main module (GoogleCloudPlatform#72) Allow to add a list of subdomains on CloudRun main module Co-authored-by: Jamie Mitchell <95890357+mitchelljamie@users.noreply.github.com> * chore: update .github/workflows/stale.yml * Remove hardcoded values for scaling on Cloud Run (GoogleCloudPlatform#74) * feat: added variables for mix/max container instances * feat: added variable to specify egress rules * Adds flag to disable cloud armor creation and add variable to re-use one (GoogleCloudPlatform#73) * Adds flag to disable cloud armor creation and add variable to re-use an existing cloud armor Co-authored-by: prabhu34 <18209477+prabhu34@users.noreply.github.com> Co-authored-by: bharathkkb <bharathkrishnakb@gmail.com> Co-authored-by: Bharath KKB <bbaiju@google.com> Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com> Co-authored-by: Wybren Kortstra <Langstra@users.noreply.github.com> Co-authored-by: Jonathan Greger <43762185+jmgreger@users.noreply.github.com> Co-authored-by: Jonathan Greger <jmgreger@google.com> Co-authored-by: Renato Rudnicki <renatojr@ciandt.com> Co-authored-by: Assaf Namer <assaf.namer@gmail.com> Co-authored-by: Renato Rudnicki <77694243+renato-rudnicki@users.noreply.github.com> Co-authored-by: Daniel Andrade <dandrade@ciandt.com> Co-authored-by: Jamie Mitchell <95890357+mitchelljamie@users.noreply.github.com> Co-authored-by: Samir Ribeiro <42391123+Samir-Cit@users.noreply.github.com> Co-authored-by: Samir-Cit <samir@ciandt.com> Co-authored-by: CFT Bot <cloud-foundation-bot@google.com>
- Loading branch information