Merge remote-tracking branch 'origin/master' into AlertsMetrics

GoogleCloudPlatform · Dec 18, 2024 · 414c698 · 414c698
2 parents 38153c9 + e241624
commit 414c698
Show file tree

Hide file tree

Showing 239 changed files with 4,081 additions and 263 deletions.
diff --git a/.github/actions/fabric-tests/action.yml b/.github/actions/fabric-tests/action.yml
@@ -72,7 +72,7 @@ runs:
       shell: bash
       run: |
         for f in $(find . -name versions.tf); do
-          sed -i -e 's/>=\(.*# tftest\)/=\1/g' -e 's/required_version = .*$/required_version = ">= ${{ inputs.TERRAFORM_VERSION }}"/g' $f;
+          sed -i 's/>=\(.*# tftest\)/=\1/g' $f;
         done
     - name: Install Python Dependencies
       shell: bash

diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml
@@ -39,12 +39,12 @@ jobs:
       - name: Set up Terraform
         uses: hashicorp/setup-terraform@v3
         with:
-          terraform_version: 1.7.4
+          terraform_version: 1.10.2
 
       - uses: terraform-linters/setup-tflint@v4
         name: Setup TFLint
         with:
-          tflint_version: v0.50.3
+          tflint_version: v0.54.0
 
       - name: Init TFLint
         run: |
@@ -105,6 +105,18 @@ jobs:
       - name: Check modules versions
         id: versions
         run: |
-          OUTPUT=$(find . -type f -name 'versions.tf' -exec diff -ub default-versions.tf {} \;)
-          echo "${OUTPUT}"
-          [[ -z "${OUTPUT}" ]]
+          OUTPUT_TF=$(find . -type f -name 'versions.tf' -exec diff -ub default-versions.tf {} \;)
+          if [[ -n "${OUTPUT_TF}" ]] ; then
+            echo "Terraform versions.tf:"
+            echo "${OUTPUT_TF}"
+          fi
+          OUTPUT_TOFU=$(find . -type f -name 'versions.tofu' -exec diff -ub default-versions.tofu {} \;)
+          if [[ -n "${OUTPUT_TOFU}" ]] ; then
+            echo "Terraform versions.tofu:"
+            echo "${OUTPUT_TOFU}"
+          fi
+          grep -v required_version default-versions.tf > /tmp/versions.tf
+          grep -v required_version default-versions.tofu > /tmp/versions.tofu
+          diff -rub /tmp/versions.tf /tmp/versions.tofu
+          DIFF_EC=$?
+          [[ "${DIFF_EC}" -eq "0" ||  -z "${OUTPUT_TF}" || -z "${OUTPUT_TOFU}" ]]
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -14,8 +14,6 @@
 
 name: "Tests"
 on:
-  # schedule:
-  #   - cron: "45 2 * * *"
   push:
     branches:
       - master
@@ -29,7 +27,7 @@ on:
       terraform_version:
         description: "Use '1.5.7' to test last MPLv2 Terraform version"
         required: true
-        default: 1.7.4
+        default: 1.10.2
         type: string
 
 env:
@@ -39,8 +37,8 @@ env:
   TF_PLUGIN_CACHE_DIR: "/home/runner/.terraform.d/plugin-cache"
   TFTEST_COPY: 1
   DEFAULT_TERRAFORM_FLAVOUR: terraform
-  DEFAULT_TERRAFORM_VERSION: ${{ inputs.terraform_version || '1.7.4' }}
-  DEFAULT_TOFU_VERSION: "1.7.2"
+  DEFAULT_TERRAFORM_VERSION: ${{ inputs.terraform_version || '1.10.2' }}
+  DEFAULT_TOFU_VERSION: "1.8.0"
 
 jobs:
   compute-matrix:

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -56,6 +56,12 @@ repos:
     files: (versions.tf|^default-versions.tf)$
     pass_filenames: false
     entry: /usr/bin/find . -type f -name 'versions.tf' -exec cp default-versions.tf {} \;
+  - id: versions_tofu
+    name: Align OpenTofu provider versions
+    language: script
+    files: (versions.tofu|^default-versions.tofu)$
+    pass_filenames: false
+    entry: /usr/bin/find . -type f -name 'versions.tofu' -exec cp default-versions.tofu {} \;
   - id: validate_metadata
     name: Validate blueprints metadata
     language: system

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,7 @@ All notable changes to this project will be documented in this file.
 
 ### BLUEPRINTS
 
+- [[#2768](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/2768)] Support customizable resource names in FAST stage 0 ([ludoo](https://github.com/ludoo)) <!-- 2024-12-16 16:46:34+00:00 -->
 - [[#2761](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/2761)] Refactor GKE cluster modules access configurations, add support for DNS endpoint ([ludoo](https://github.com/ludoo)) <!-- 2024-12-12 10:02:24+00:00 -->
 - [[#2736](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/2736)] Add confidential compute support to google_dataproc_cluster module, bump provider versions ([steenblik](https://github.com/steenblik)) <!-- 2024-12-10 15:39:48+00:00 -->
 - [[#2752](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/2752)] Bump path-to-regexp and express in /blueprints/apigee/apigee-x-foundations/functions/instance-monitor ([dependabot[bot]](https://github.com/dependabot[bot])) <!-- 2024-12-08 09:34:19+00:00 -->
@@ -16,6 +17,8 @@ All notable changes to this project will be documented in this file.
 
 ### FAST
 
+- [[#2769](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/2769)] Support customizable resource names to fast stage 1 ([ludoo](https://github.com/ludoo)) <!-- 2024-12-16 18:07:28+00:00 -->
+- [[#2768](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/2768)] Support customizable resource names in FAST stage 0 ([ludoo](https://github.com/ludoo)) <!-- 2024-12-16 16:46:34+00:00 -->
 - [[#2767](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/2767)] Fix workspace logs sink in FAST bootstrap stage ([ludoo](https://github.com/ludoo)) <!-- 2024-12-13 13:22:42+00:00 -->
 - [[#2766](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/2766)] Allow optional creation of billing resources in FAST boostrap stage ([ludoo](https://github.com/ludoo)) <!-- 2024-12-13 11:32:17+00:00 -->
 - [[#2761](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/2761)] **incompatible change:** Refactor GKE cluster modules access configurations, add support for DNS endpoint ([ludoo](https://github.com/ludoo)) <!-- 2024-12-12 10:02:24+00:00 -->
@@ -24,6 +27,7 @@ All notable changes to this project will be documented in this file.
 
 ### MODULES
 
+- [[#2768](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/2768)] Support customizable resource names in FAST stage 0 ([ludoo](https://github.com/ludoo)) <!-- 2024-12-16 16:46:34+00:00 -->
 - [[#2761](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/2761)] **incompatible change:** Refactor GKE cluster modules access configurations, add support for DNS endpoint ([ludoo](https://github.com/ludoo)) <!-- 2024-12-12 10:02:24+00:00 -->
 - [[#2764](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/2764)] Ignore ssl certificates if none are passed in net-lb-app-int module ([ludoo](https://github.com/ludoo)) <!-- 2024-12-12 09:37:37+00:00 -->
 - [[#2757](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/2757)] Update net-vlan-attachment module readme ([LucaPrete](https://github.com/LucaPrete)) <!-- 2024-12-11 08:00:28+00:00 -->
@@ -43,6 +47,8 @@ All notable changes to this project will be documented in this file.
 
 ### TOOLS
 
+- [[#2769](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/2769)] Support customizable resource names to fast stage 1 ([ludoo](https://github.com/ludoo)) <!-- 2024-12-16 18:07:28+00:00 -->
+- [[#2768](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/2768)] Support customizable resource names in FAST stage 0 ([ludoo](https://github.com/ludoo)) <!-- 2024-12-16 16:46:34+00:00 -->
 - [[#2765](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/2765)] Update issue templates ([juliocc](https://github.com/juliocc)) <!-- 2024-12-12 12:40:47+00:00 -->
 - [[#2736](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/2736)] Add confidential compute support to google_dataproc_cluster module, bump provider versions ([steenblik](https://github.com/steenblik)) <!-- 2024-12-10 15:39:48+00:00 -->
 

diff --git a/blueprints/gke/patterns/autopilot-cluster/versions.tf b/blueprints/gke/patterns/autopilot-cluster/versions.tf
@@ -15,7 +15,7 @@
 # Fabric release: v36.0.1
 
 terraform {
-  required_version = ">= 1.7.4"
+  required_version = ">= 1.10.2"
   required_providers {
     google = {
       source  = "hashicorp/google"

diff --git a/blueprints/gke/patterns/autopilot-cluster/versions.tofu b/blueprints/gke/patterns/autopilot-cluster/versions.tofu
@@ -0,0 +1,29 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Fabric release: v36.0.1
+
+terraform {
+  required_version = ">= 1.8.0"
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+      version = ">= 6.13.0, < 7.0.0" # tftest
+    }
+    google-beta = {
+      source  = "hashicorp/google-beta"
+      version = ">= 6.13.0, < 7.0.0" # tftest
+    }
+  }
+}
diff --git a/blueprints/gke/patterns/batch/versions.tf b/blueprints/gke/patterns/batch/versions.tf
@@ -15,7 +15,7 @@
 # Fabric release: v36.0.1
 
 terraform {
-  required_version = ">= 1.7.4"
+  required_version = ">= 1.10.2"
   required_providers {
     google = {
       source  = "hashicorp/google"

diff --git a/blueprints/gke/patterns/batch/versions.tofu b/blueprints/gke/patterns/batch/versions.tofu
@@ -0,0 +1,29 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Fabric release: v36.0.1
+
+terraform {
+  required_version = ">= 1.8.0"
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+      version = ">= 6.13.0, < 7.0.0" # tftest
+    }
+    google-beta = {
+      source  = "hashicorp/google-beta"
+      version = ">= 6.13.0, < 7.0.0" # tftest
+    }
+  }
+}
diff --git a/blueprints/gke/patterns/kafka/versions.tf b/blueprints/gke/patterns/kafka/versions.tf
@@ -15,7 +15,7 @@
 # Fabric release: v36.0.1
 
 terraform {
-  required_version = ">= 1.7.4"
+  required_version = ">= 1.10.2"
   required_providers {
     google = {
       source  = "hashicorp/google"

diff --git a/blueprints/gke/patterns/kafka/versions.tofu b/blueprints/gke/patterns/kafka/versions.tofu
@@ -0,0 +1,29 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Fabric release: v36.0.1
+
+terraform {
+  required_version = ">= 1.8.0"
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+      version = ">= 6.13.0, < 7.0.0" # tftest
+    }
+    google-beta = {
+      source  = "hashicorp/google-beta"
+      version = ">= 6.13.0, < 7.0.0" # tftest
+    }
+  }
+}
diff --git a/blueprints/gke/patterns/kong-cloudrun/versions.tf b/blueprints/gke/patterns/kong-cloudrun/versions.tf
@@ -15,7 +15,7 @@
 # Fabric release: v36.0.1
 
 terraform {
-  required_version = ">= 1.7.4"
+  required_version = ">= 1.10.2"
   required_providers {
     google = {
       source  = "hashicorp/google"

diff --git a/blueprints/gke/patterns/kong-cloudrun/versions.tofu b/blueprints/gke/patterns/kong-cloudrun/versions.tofu
@@ -0,0 +1,29 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Fabric release: v36.0.1
+
+terraform {
+  required_version = ">= 1.8.0"
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+      version = ">= 6.13.0, < 7.0.0" # tftest
+    }
+    google-beta = {
+      source  = "hashicorp/google-beta"
+      version = ">= 6.13.0, < 7.0.0" # tftest
+    }
+  }
+}
diff --git a/blueprints/gke/patterns/mysql/versions.tf b/blueprints/gke/patterns/mysql/versions.tf
@@ -15,7 +15,7 @@
 # Fabric release: v36.0.1
 
 terraform {
-  required_version = ">= 1.7.4"
+  required_version = ">= 1.10.2"
   required_providers {
     google = {
       source  = "hashicorp/google"

diff --git a/blueprints/gke/patterns/mysql/versions.tofu b/blueprints/gke/patterns/mysql/versions.tofu
@@ -0,0 +1,29 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Fabric release: v36.0.1
+
+terraform {
+  required_version = ">= 1.8.0"
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+      version = ">= 6.13.0, < 7.0.0" # tftest
+    }
+    google-beta = {
+      source  = "hashicorp/google-beta"
+      version = ">= 6.13.0, < 7.0.0" # tftest
+    }
+  }
+}
diff --git a/blueprints/gke/patterns/redis-cluster/versions.tf b/blueprints/gke/patterns/redis-cluster/versions.tf
@@ -15,7 +15,7 @@
 # Fabric release: v36.0.1
 
 terraform {
-  required_version = ">= 1.7.4"
+  required_version = ">= 1.10.2"
   required_providers {
     google = {
       source  = "hashicorp/google"

diff --git a/blueprints/gke/patterns/redis-cluster/versions.tofu b/blueprints/gke/patterns/redis-cluster/versions.tofu
@@ -0,0 +1,29 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Fabric release: v36.0.1
+
+terraform {
+  required_version = ">= 1.8.0"
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+      version = ">= 6.13.0, < 7.0.0" # tftest
+    }
+    google-beta = {
+      source  = "hashicorp/google-beta"
+      version = ">= 6.13.0, < 7.0.0" # tftest
+    }
+  }
+}
diff --git a/blueprints/secops/README.md b/blueprints/secops/README.md
@@ -2,6 +2,13 @@
 
 This repository provides a collection of Terraform blueprints designed to automate the implementation of custom integrations, agents and configurations for Google Cloud Security and Operations SecOps (aka Chronicle).
 
+## BindPlane OP Management on GKE
+
+<a href="./bindplane-gke/" title="BindPlane OP Management console on GKE"><img src="./bindplane-gke/images/diagram.png" align="left" width="280px"></a> This [blueprint](./bindplane-gke/) is a modular and scalable solution for deployment of the BindPlane OP Management Console within a Google Kubernetes Engine (GKE) environment.
+
+<br clear="left">
+
+
 ## SecOps GKE Forwarder
 
 <a href="./secops-gke-forwarder/" title="SecOps GKE Forwarder"><img src="./secops-gke-forwarder/images/diagram.png" align="left" width="280px"></a> This [blueprint](./secops-gke-forwarder/) is a modular and scalable solution for setting up a SecOps forwarder on Google Kubernetes Engine (GKE). This forwarder is designed to handle multi-tenant data ingestion, ensuring secure and efficient log forwarding to your SecOps SIEM instances.

diff --git a/blueprints/secops/bindplane-gke/OWNERS b/blueprints/secops/bindplane-gke/OWNERS
@@ -0,0 +1 @@
+simonebruzzechesse