Merge branch 'main' into ps-fix-create-dc-generator

Author: Phillip Simonds

.github/workflows/ci.yml

@@ -88,14 +88,13 @@ jobs:
         run: markdownlint "**/*.{md,mdx}"
 
   integration-test:
+    if: |
+      always() && !cancelled() &&
+      !contains(needs.*.result, 'failure') &&
+      !contains(needs.*.result, 'cancelled')
     needs: ["python-lint", "yaml-lint", "markdown-lint"]
     runs-on:
       group: "huge-runners"
-    strategy:
-      fail-fast: false
-      matrix:
-        include:
-          - os: ubuntu-latest
     timeout-minutes: 60
     env:
       INFRAHUB_DB_TYPE: neo4j
@@ -104,6 +103,8 @@ jobs:
       INFRAHUB_TESTING_LOG_LEVEL: INFO
     steps:
       - uses: actions/checkout@v5
+      - name: Install tini
+        run: "apt-get update && apt-get install -y tini"
       - name: Install uv
         uses: astral-sh/setup-uv@v7
         with:
@@ -114,9 +115,7 @@ jobs:
           RUNNER_NAME=$(echo "${{ runner.name }}" | grep -o 'ghrunner[0-9]\+' | sed 's/ghrunner\([0-9]\+\)/ghrunner_\1/')
           echo "PYTEST_DEBUG_TEMPROOT=/var/lib/github/${RUNNER_NAME}/_temp" >> $GITHUB_ENV
       - name: Run tests
-        run: uv run pytest tests/
-        env:
-          REPOSITORY_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: exec tini -s -g -- uv run pytest tests/
 
   documentation:
     defaults:

.github/workflows/update-infrahub.yml

@@ -55,7 +55,7 @@ jobs:
 
       - name: Update testcontainers to workflow version ${{ env.INFRAHUB_VERSION }}
         run: |
-          uv add infrahub-testcontainers==${INFRAHUB_VERSION}
+          uv add --group dev infrahub-testcontainers==${INFRAHUB_VERSION}
 
       - name: Prepare the branch for the update
         id: prepare-branch
@@ -84,4 +84,4 @@ jobs:
             --title "update test-containers to version ${{ env.INFRAHUB_VERSION }} against ${{ matrix.branch-name}}" \
             --body "This PR updates test-containers to version ${{ env.INFRAHUB_VERSION }}." \
             --base ${{ matrix.branch-name}} \
-            --head ${{ env.BRANCH_NAME }}
+            --head ${{ env.BRANCH_NAME }}

.gitignore

@@ -15,7 +15,8 @@
 **/*.tar.xz
 docker-compose.yml
 generated-configs/
+infrahub_backups/
 infrahub_bundle_dc.egg-info
 infrahub-backup
 scripts/debug/
-service_catalog/.streamlit/
+service_catalog/.streamlit/

.vale/styles/spelling-exceptions.txt

@@ -23,6 +23,7 @@ dns
 Docker's
 Dockerfile
 Docusaurus
+ENIs
 env
 envrc
 evolvability
@@ -47,6 +48,8 @@ mermaid
 namespace
 namespaces
 Netbox
+NICs
+NSGs
 netmiko
 npm
 OSPF
@@ -72,5 +75,7 @@ uv
 VIPs
 VLAN
 VLANs
+VNets
+VPCs
 VXLAN
 walkthrough

docs/docs/cloud-management.mdx

@@ -0,0 +1,195 @@
+---
+title: Cloud resource management
+---
+
+import Tabs from '@theme/Tabs';
+import TabItem from '@theme/TabItem';
+
+This tutorial shows an example of cloud resource management schema, which provides a vendor-agnostic way to model cloud infrastructure across AWS, GCP, and Azure. You'll load sample cloud data and explore how Infrahub can serve as a unified inventory for multi-cloud environments.
+
+## Overview
+
+The cloud schema enables you to track:
+
+- **Cloud providers** - AWS, GCP, Azure, or other cloud platforms
+- **Cloud accounts** - AWS accounts, GCP projects, Azure subscriptions
+- **Regions and availability zones** - Geographic locations and fault domains
+- **Virtual networks** - VPCs (AWS), VPC networks (GCP), VNets (Azure)
+- **Subnets** - Network segments within virtual networks
+- **Security groups** - Network access control rules (Security Groups, Firewall Rules, NSGs)
+- **Compute instances** - Virtual machines across all providers
+- **Network infrastructure** - Internet gateways, NAT gateways, route tables, elastic IPs
+- **Network interfaces** - ENIs, NICs attached to instances
+
+This vendor-agnostic model allows you to manage multi-cloud infrastructure from a single source of truth, with consistent naming and relationships regardless of the underlying cloud provider.
+
+## Prerequisites
+
+Before starting this tutorial, ensure you have:
+
+- Completed the [installation guide](./install.mdx) and have Infrahub running
+- Loaded the bootstrap data and schemas
+- Access to the Infrahub web interface at `http://localhost:8000`
+
+## Loading cloud demo data
+
+The demo includes sample data for all three major cloud providers with realistic infrastructure examples.
+
+The easiest way to load the cloud demo is using the provided invoke task:
+
+```bash
+uv run invoke demo-cloud
+```
+
+This command:
+
+1. Creates a new branch named `demo-cloud`
+2. Loads all schemas (including the cloud schema)
+3. Loads cloud object files with sample data for AWS, GCP, and Azure
+4. Displays a URL to view the cloud resources
+
+## Exploring cloud resources
+
+After loading the demo data, navigate to the cloud resources in the Infrahub web interface.
+
+### Viewing all cloud resources
+
+1. Ensure you're on the correct branch (for example, `demo-cloud`)
+2. Navigate to **Cloud Resource** in the left sidebar menu
+3. You'll see a list of all cloud resource types
+
+Or access the cloud resources directly:
+
+```text
+http://localhost:8000/objects/CloudResource?branch=demo-cloud
+```
+
+### Sample data structure
+
+The demo includes a comprehensive multi-cloud environment:
+
+#### Cloud providers (3)
+
+- Amazon Web Services (AWS)
+- Google Cloud Platform (GCP)
+- Microsoft Azure
+
+#### Cloud accounts (12)
+
+Each provider has production, staging, and development accounts:
+
+- `opsmill-aws-production`, `opsmill-aws-staging`, `opsmill-aws-dev`
+- `opsmill-gcp-production`, `opsmill-gcp-staging`, `opsmill-gcp-dev`
+- `opsmill-azure-production`, `opsmill-azure-staging`, `opsmill-azure-dev`
+
+#### Regions and availability zones
+
+- **AWS**: US East (N. Virginia), US West (Oregon), EU West (Ireland)
+- **GCP**: US Central (Iowa), US East (South Carolina), Europe West (Belgium)
+- **Azure**: East US, West US 2, West Europe
+
+Each region includes 3 availability zones.
+
+#### Virtual networks (12)
+
+VPCs and VNets across all accounts with various configurations:
+
+- Production VPCs with public and private subnets
+- Staging and development networks
+- DNS support and hostname configuration
+
+#### Compute instances (19)
+
+Various instance types across all providers:
+
+- Web servers, application servers, database servers
+- Linux and Windows instances
+- Different instance sizes (t3.large, m5.xlarge, n1-standard-2, Standard_D2s_v3, etc.)
+
+#### Network infrastructure
+
+- Internet gateways for public connectivity
+- NAT gateways for private subnet outbound access
+- Route tables for traffic routing
+- Elastic/static IP addresses
+- Network interfaces with security group associations
+
+## Schema architecture
+
+The cloud schema uses a hierarchical structure with clear relationships:
+
+```text
+CloudProvider
+  └── CloudAccount
+        └── CloudVirtualNetwork
+              ├── CloudSubnet
+              ├── CloudSecurityGroup
+              ├── CloudInternetGateway
+              └── CloudRouteTable
+
+CloudRegion
+  └── CloudAvailabilityZone
+        └── CloudInstance
+              └── CloudNetworkInterface
+```
+
+### Key relationships
+
+- **CloudAccount** belongs to a **CloudProvider** (parent relationship)
+- **CloudRegion** is associated with a **CloudProvider**
+- **CloudAvailabilityZone** belongs to a **CloudRegion** (parent relationship)
+- **CloudVirtualNetwork** is associated with a **CloudAccount** and **CloudRegion**
+- **CloudSubnet** belongs to a **CloudVirtualNetwork** (parent relationship)
+- **CloudInstance** is associated with a **CloudAccount**, **CloudAvailabilityZone**, and **CloudSubnet**
+- **CloudSecurityGroup** can be attached to **CloudInstance** and **CloudNetworkInterface**
+
+### Common attributes
+
+All cloud resources inherit from the `CloudResource` generic, providing:
+
+- `name` - Resource name
+- `description` - Optional description
+- `cloud_id` - Provider-specific resource identifier (ARN, resource ID, etc.)
+- `status` - Operational status (active, stopped, provisioning, terminating, error)
+- `tags` - Optional tags for categorization
+
+## Use cases
+
+### Multi-cloud inventory
+
+Use Infrahub as a single source of truth for all cloud resources:
+
+- Track resources across AWS, GCP, and Azure in one place
+- Maintain consistent naming conventions
+- Link cloud resources to on-premises infrastructure
+
+### Security auditing
+
+Query security groups and their associations:
+
+- Identify instances with specific security group configurations
+- Audit network access rules across all clouds
+- Track public IP assignments
+
+### Capacity planning
+
+Analyze compute resources across your cloud footprint:
+
+- Count instances by type, region, or provider
+- Track resource utilization patterns
+- Plan for growth and optimization
+
+### Network documentation
+
+Document your cloud network architecture:
+
+- Map virtual networks, subnets, and routing
+- Track NAT and internet gateway configurations
+- Document network interface assignments
+
+## Next steps
+
+For more information on Infrahub concepts, see:
+
+- **[Understanding the concepts](./concepts.mdx)** - Core Infrahub patterns
+- **[Developer guide](./developer-guide.mdx)** - Extending schemas and creating transforms

docs/docs/readme.mdx

@@ -35,6 +35,7 @@ This documentation is organized following the [Diataxis framework](https://diata
 | **[User walkthrough](./user-walkthrough.mdx)** | A complete hands-on tutorial that guides you through the end-user experience: creating topologies, managing branches, running generators, creating proposed changes, and validating configurations. Perfect for learning the workflow from start to finish. |
 | **[Deploy a virtual lab with Containerlab](./containerlab-deployment.mdx)** | Learn how to deploy generated configurations to a virtual network lab using Containerlab. Extract device configurations and topology files from Infrahub, spin up virtual Arista cEOS switches, and test your data center fabric before production deployment. |
 | **[Working with security management](./security-management.mdx)** | Explore Infrahub's security management capabilities by examining firewall policies, security zones, and address objects. Learn how structured security data transforms into vendor-specific firewall configurations (Juniper JunOS) and how to modify policies safely using branches. |
+| **[Cloud resource management](./cloud-management.mdx)** | Manage multi-cloud infrastructure (AWS, GCP, Azure) with a vendor-agnostic schema. Load demo cloud data including accounts, regions, virtual networks, instances, and security groups. Learn how Infrahub serves as a unified inventory for cloud resources. |
 | **[Using the service catalog](./service-catalog.mdx)** | Learn how to use the Service Catalog web interface for simplified infrastructure provisioning. Enable the Streamlit application, navigate between branches, view existing infrastructure, and create new data centers through a guided form-based workflow that automates branch creation and generator execution. |
 
 ### Guides
@@ -82,6 +83,7 @@ The demo implements realistic network topologies including:
 - **Point of presence (POP) networks** with edge routers and peering connections
 - **Network segments** with load balancers and service endpoints
 - **Security zones and policies** with firewall rules and access control
+- **Cloud infrastructure** with vendor-agnostic modeling for AWS, GCP, and Azure
 - **Resource pools** for IP address, VLAN, and ASN allocation
 - **Multi-vendor support** (Arista, Juniper, Cisco, and SONiC templates)
 - **Automated topology generation** from abstract design definitions

docs/sidebars.ts

@@ -17,6 +17,7 @@ const sidebars: SidebarsConfig = {
         'user-walkthrough',
         'containerlab-deployment',
         'security-management',
+        'cloud-management',
         'service-catalog',
       ],
     },

objects/cloud/01_cloud_providers.yml

@@ -0,0 +1,21 @@
+# Cloud Providers - AWS, GCP, and Azure
+---
+apiVersion: infrahub.app/v1
+kind: Object
+spec:
+  kind: CloudProvider
+  data:
+    - name: "Amazon Web Services"
+      provider_type: aws
+      console_url: "https://console.aws.amazon.com"
+      organization: "AWS"
+
+    - name: "Google Cloud Platform"
+      provider_type: gcp
+      console_url: "https://console.cloud.google.com"
+      organization: "Google Cloud"
+
+    - name: "Microsoft Azure"
+      provider_type: azure
+      console_url: "https://portal.azure.com"
+      organization: "Azure"