feat: add confidential space #131

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Open

renato-rudnicki wants to merge 76 commits into main from confidential-space

Owner

renato-rudnicki commented Jun 18, 2025

No description provided.


          add confidential space

ae79488

daniel-cit reviewed

View reviewed changes

4-projects/modules/base_env/example_confidential_space_project.tf Outdated Show resolved Hide resolved

daniel-cit reviewed

View reviewed changes

5-app-infra/modules/env_base/main.tf Outdated Show resolved Hide resolved

daniel-cit reviewed

View reviewed changes

5-app-infra/modules/env_base/main.tf Outdated Show resolved Hide resolved

daniel-cit reviewed

View reviewed changes

5-app-infra/modules/env_base/main.tf Outdated Show resolved Hide resolved

daniel-cit reviewed

View reviewed changes

5-app-infra/modules/env_base/main.tf Outdated Show resolved Hide resolved

daniel-cit reviewed

View reviewed changes

5-app-infra/modules/env_base/main.tf Outdated Show resolved Hide resolved

daniel-cit reviewed

View reviewed changes

5-app-infra/modules/env_base/main.tf Outdated Show resolved Hide resolved

daniel-cit reviewed

View reviewed changes

5-app-infra/modules/env_base/main.tf Outdated Show resolved Hide resolved

daniel-cit reviewed

View reviewed changes

5-app-infra/modules/env_base/main.tf Outdated Show resolved Hide resolved

daniel-cit reviewed

View reviewed changes

5-app-infra/modules/env_base/main.tf Outdated Show resolved Hide resolved

daniel-cit reviewed

View reviewed changes

5-app-infra/modules/env_base/main.tf Outdated Show resolved Hide resolved

daniel-cit reviewed

View reviewed changes

5-app-infra/modules/env_base/main.tf Outdated Show resolved Hide resolved

daniel-cit reviewed

View reviewed changes

5-app-infra/modules/env_base/main.tf Outdated Show resolved Hide resolved

daniel-cit reviewed

View reviewed changes

5-app-infra/modules/env_base/main.tf Outdated Show resolved Hide resolved

daniel-cit reviewed

View reviewed changes

4-projects/modules/base_env/example_confidential_space_project.tf Outdated Show resolved Hide resolved

renato-rudnicki added 3 commits

June 18, 2025 16:50


          add variables and update APIs

836cf18


          change kms resource to module

a728d6f


          fix remote

61b95d0

daniel-cit reviewed

View reviewed changes

4-projects/modules/base_env/remote.tf Outdated Show resolved Hide resolved

daniel-cit reviewed

View reviewed changes

5-app-infra/business_unit_1/development/main.tf Outdated Show resolved Hide resolved

daniel-cit reviewed

View reviewed changes

5-app-infra/modules/env_base/variables.tf Outdated

    
              variable "image_digest" {

                description = "SHA256 digest of the Docker image."

                type        = string

Collaborator

daniel-cit Jun 19, 2025

tá faltando um default = null nessa variável do image_digest

daniel-cit reviewed

View reviewed changes

5-app-infra/modules/env_base/variables.tf Outdated Show resolved Hide resolved

daniel-cit reviewed

View reviewed changes

5-app-infra/modules/env_base/variables.tf Outdated

    
                description = "SHA256 digest of the Docker image."

                type        = string

              }

Collaborator

daniel-cit Jun 19, 2025

tem que adicioanr uma varivael nova

variable "confidential_space_workload_operator" {
  description = "The person who runs the workload that operates on the combined confidential data. Entries must be in the standard GCP form: `user:[email protected]` or `serviceAccount:[email protected]`."
  type        = string
  default     = null
}

daniel-cit reviewed

View reviewed changes

5-app-infra/modules/env_base/main.tf Outdated

    
               */

              locals {

                default_tee_image_reference = "us-central1-docker.pkg.dev/${local.env_project_id}/${google_artifact_registry_repository.ar_confidential_space.repository_id}/workload-confidential-space:latest"

Collaborator

daniel-cit Jun 19, 2025 •

edited

Loading

não pode estar fixo o us-central1, tem que ser o mesmo valor usado na criação do artifac registry var.artifact_registry_location

daniel-cit reviewed

View reviewed changes

5-app-infra/modules/env_base/main.tf Show resolved Hide resolved

daniel-cit reviewed

View reviewed changes

5-app-infra/modules/env_base/main.tf Outdated

    
              resource "google_project_iam_member" "workload_sa_user" {

                project = local.env_project_id

                role    = "roles/iam.serviceAccountUser"

                member  = "user:${data.google_client_config.default.account_id}"

Collaborator

daniel-cit Jun 19, 2025

Suggested change

      
              member  = "user:${data.google_client_config.default.account_id}"
          
              member  = var.confidential_space_workload_operator"

não existe data.google_client_config no codigo e vc tem que perguntar para o usuario

daniel-cit requested changes

View reviewed changes

Collaborator

daniel-cit left a comment

Tá faltando toda a parte em que tem que criar o cloud build , e gerar a imagem

Collaborator

daniel-cit commented Jun 19, 2025

tem que rodar o make docker_generate_docs e o make docker_test_lint


          creates a new module for confidential space

ea77081

renato-rudnicki added 2 commits

September 5, 2025 12:11


          fix lint

9707d23


          Merge branch 'main' into confidential-space

59aab46

renato-rudnicki changed the title ~~add confidential space~~ feat: add confidential space

renato-rudnicki added 27 commits

September 8, 2025 10:11


          fix build submit cmd

92113e5


          fix key value for log_buckets

a7d8408


          fix storage bucket project

5a9c174


          fix bucket syntax name

a04b4c9


          fix roles and propagation

0a81171


          fix storage role for projects SA

339b91d


          fix roles for 4-projects

6ad60ab


          remove cloudbuild_bucket_admin resource -test

340c7d0


          add missing variable for projects_test.go

ac8bc2e


          fix image_digest variable

1ff8ed8


          update image_digest variable

263c75e


          Merge branch 'main' into confidential-space

5265adf


          Merge branch 'main' into confidential-space

834d3e6


          Merge branch 'main' into confidential-space

1ae2a99


          fix confidential project ID for integration tests

d4a9927


          fix confidential instance name

5c6c8c0


          update app_infra test

5dad2e7


          fix integration test app-infra


          fix list for confidential instance output

4ceee3e


          fix computeInstanceList

01e91f6


          add output for confidential instance

ffaafa2


          fix workload identity test

68e6c23


          fix test for workload pool

16a9fd6


          fix for workload pool provider

1677a26


          update integration tests app-infra

2774bf3


          update test

2a96062


          fix integration test

08bb4e0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet