All notable changes to this project will be documented in this file.
- [#2133] Updated diagram to better reflect code naming. (bswenka)
- [#2135] Rename
modules/cloudsql-instance
deletion protection variables (juliocc) - [#2119] Fix phpipam blueprint (simonebruzzechesse)
- [#2110] Gitlab blueprint (simonebruzzechesse)
- [#1843] incompatible change: Factories refactor (ludoo)
- [#2105] incompatible change: Enable shielded nodes by default on GKE mt blueprint and FAST stage (ludoo)
- [#2082] Fix GKE multitenant blueprint roles (ludoo)
- [#2076] Use Fabric modules in blueprints/networking/psc-glb-and-armor (wiktorn)
- [#2075] Updated path matchers to be more user friendly, added better test exa… (bswenka)
- [#2079] Format python files in blueprints (simonebruzzechesse)
- [#2071] Bswenka/psc glb and armor 2 producers (bswenka)
- [#2072] Fix e2e tests - vertex mlops and net-address (wiktorn)
- [#2064] incompatible change: Extend FAST to support different principal types (ludoo)
- [#2058] glb and armor subnet fix (bswenka)
- [#2061] HA MySQL cluster deployment on GKE (wiktorn)
- [#2059] GKE stateful blueprints (juliocc)
- [#2036] Shielded nodes and custom service account in FAST GKE stage and blueprint (CSPR-related) (ludoo)
- [#2016] incompatible change: Ensure data platform service accounts meet FAST requirements (ludoo)
- [#2134] incompatible change: Add links to factories doc (ludoo)
- [#2120] Implement GKE patterns naming conventions (juliocc)
- [#2110] Gitlab blueprint (simonebruzzechesse)
- [#1843] incompatible change: Factories refactor (ludoo)
- [#2094] update README to add analytics hub module (thinhha)
- [#2060] Data catalog Tag module (lcaggio)
- [#2064] incompatible change: Extend FAST to support different principal types (ludoo)
- [#2061] HA MySQL cluster deployment on GKE (wiktorn)
- [#2059] GKE stateful blueprints (juliocc)
- [#2013] Add Tag Template module (lcaggio)
- [#2115] incompatible change: Align resource names in FAST networking stages (ludoo)
- [#2112] Add support for billing budgets to project factory (ludoo)
- [#1843] incompatible change: Factories refactor (ludoo)
- [#2105] incompatible change: Enable shielded nodes by default on GKE mt blueprint and FAST stage (ludoo)
- [#2101] Make all project_parent_ids fields optional (juliocc)
- [#2086] Support domainless orgs in FAST (ludoo)
- [#2077] incompatible change: Add workforce_identity_federation in 0-bootstrap (simonebruzzechesse)
- [#2064] incompatible change: Extend FAST to support different principal types (ludoo)
- [#2065] Fix imports of org policies (wiktorn)
- [#2057] Postpone setting essential contacts until provisioning using SA (wiktorn)
- [#2056] import default org-level org-policies (wiktorn)
- [#2050] Enable additional recommended org policies (juliocc)
- [#2041] Leverage net-vpc module for DNS logging in FAST (ludoo)
- [#2038] Make Cloud NAT creation optional in FAST net stages. (juliocc)
- [#2036] Shielded nodes and custom service account in FAST GKE stage and blueprint (CSPR-related) (ludoo)
- [#2033] Add DNS query logging to FAST net stages (juliocc)
- [#2032] Selectively enable logging in FAST and firewall policy module rules (CSPR-related) (ludoo)
- [#2031] Clarify relationship with checklist groups in FAST bootstrap docs (ludoo)
- [#2030] logging for default ingress rules in FAST (CSPR-related) (juliocc)
- [#2019] Fix sourcerepo templates and concat call (juliocc)
- [#2016] incompatible change: Ensure data platform service accounts meet FAST requirements (ludoo)
- [#2014] Enforce trusted image projects constraint in FAST bootstrap (CSPR-related) (ludoo)
- [#2010] Add support for essential contacts to FAST (CSPR-related) (ludoo)
- [#2135] Rename
modules/cloudsql-instance
deletion protection variables (juliocc) - [#2134] incompatible change: Add links to factories doc (ludoo)
- [#2130] incompatible change: Add support for service account IAM variables to pf (ludoo)
- [#2129] Remove ignore_changes as terraform-provider-google#16804 is closed (wiktorn)
- [#2125] Add support for PSC network attachments and interfaces in modules (ludoo)
- [#2124] Update docs about role automatically granted to dataform SA (wiktorn)
- [#2122] Define service attachment interface for lb modules and implement in internal LBs (ludoo)
- [#2121] incompatible change: enabling dataform service agent upon activating the API (marcjwo)
- [#2118] Add https security to cloud-functions-v1 module (mibelbahri)
- [#2112] Add support for billing budgets to project factory (ludoo)
- [#2111] Fix pathexpand in firewall policy module (ludoo)
- [#1843] incompatible change: Factories refactor (ludoo)
- [#2107] Time zone support for CloudSQL SQL Server (spica29)
- [#2100] Module Data Catalog Tag - Add support for types (lcaggio)
- [#2104] Fix datacalog type of kubernetes_software_config.component_version and properties (SalehElnagarSecurrency)
- [#2090] add session affinity values: "GENERATED_COOKIE", "HEADER_FIELD", "HTTP_COOKIE" to variables-backend-service.tf (tamartayar)
- [#2102] Allow projects as destinations for log sinks (juliocc)
- [#2098] Fix cors policy type in lb app ext modules (ludoo)
- [#2097] Fix #2095 for other types of load balancers (juliocc)
- [#2096] Do not convert route rules to set (juliocc)
- [#2087] add analytics hub module (thinhha)
- [#2091] Accept email in service account module name (ludoo)
- [#1954] Add support for Cloud Run v2 jobs (wiktorn)
- [#2083] Fix data-catalog tag module (lcaggio)
- [#2081] VPC-SC module factories (ludoo)
- [#2060] Data catalog Tag module (lcaggio)
- [#2064] incompatible change: Extend FAST to support different principal types (ludoo)
- [#2062] Add Tags in project output. (lcaggio)
- [#2056] import default org-level org-policies (wiktorn)
- [#2053] Added destroy_scheduled_duration variable (luigi-bitonti)
- [#2051] fix: auto_provisioning_defaults is not really optional (kumadee)
- [#2035] Fix dnssec_config issue on state off (haraldhaas)
- [#2030] logging for default ingress rules in FAST (CSPR-related) (juliocc)
- [#2008] Updated the DataQualitySpec for Dataplex Datascan (shourya116)
- [#2027] Tag Template - Fix readme tests (lcaggio)
- [#2015] Fix typo in logging sinks implementation (ludoo)
- [#2013] Add Tag Template module (lcaggio)
- [#2012] Add support for target_resources to net-firewall-policy module (bcorbitt-ps)
- [#2002] Fixes and additional support for ssl_mode for CloudSQL module (spica29)
- [#2010] Add support for essential contacts to FAST (CSPR-related) (ludoo)
- [#2132] feat: add e2e test for compute-mig module (andybubu)
- [#2118] Add https security to cloud-functions-v1 module (mibelbahri)
- [#1843] incompatible change: Factories refactor (ludoo)
- [#2109] Once again fix e2e tests (wiktorn)
- [#2108] Fix too long project names in e2e tests (wiktorn)
- [#1954] Add support for Cloud Run v2 jobs (wiktorn)
- [#2079] Format python files in blueprints (simonebruzzechesse)
- [#2056] import default org-level org-policies (wiktorn)
- [#2039] Remove unused tfeditor (juliocc)
29.0.0 - 2024-01-24
- [#2004] incompatible change: Remove default region for Cloud Function and Cloud Run (wiktorn)
- [#1977] Add example to FAST GKE stage, streamline GKE Hub module variables and usage (ludoo)
- [#1992] Fix Data platform foundation (lcaggio)
- [#1976] Network dashboard - fixing 2 bugs: overriden variable and page token … (aurelienlegrand)
- [#1819] Serverless networking program (juliodiez)
- [#1952] Composer blueprints improvements (wiktorn)
- [#1939] Networking Sandbox Blueprint (sruffilli)
- [#1942] Blueprints naming convention update (simonebruzzechesse)
- [#1936] Move squid to __need_fixing (sruffilli)
- [#1931] Quota monitor blueprint: don't fail quota fetch on deleted project (ludoo)
- [#1930] Allow granting network user role on host project from project module and factory (simonebruzzechesse)
- [#1924] Update quota monitor blueprint to support project discovery (maunope)
- [#1912] incompatible change: Custom role factories for organization and project modules (ludoo)
- [#1916] Add triggerer configuration for Composer (wiktorn)
- [#1907] Add support for subnet-level service network user grants to project module, improve docs (ludoo)
- [#1871] Added workstation-cluster module (apichick)
- [#1886] Fixes to F5 blueprint docs (LucaPrete)
- [#1874] Added PSC support to CloudSQL Module (luigi-bitonti)
- [#1883] F5 deployment blueprint (LucaPrete)
- [#2001] Marcwo/dataform module (marcjwo)
- [#1981] Added Cross-region internal application load balancer module (apichick)
- [#1819] Serverless networking program (juliodiez)
- [#1959] net-lb-app-ext example fixes (juliocc)
- [#1899] Read-only service accounts for automation and CI/CD (ludoo)
- [#1902] First version of Cloud Run module v2 (juliodiez)
- [#1949] Update REFERENCES.md (juliodiez)
- [#1939] Networking Sandbox Blueprint (sruffilli)
- [#1942] Blueprints naming convention update (simonebruzzechesse)
- [#1936] Move squid to __need_fixing (sruffilli)
- [#1890] Use TFTEST_E2E_ instead of TF_VAR variables (wiktorn)
- [#1871] Added workstation-cluster module (apichick)
- [#1883] F5 deployment blueprint (LucaPrete)
- [#2009] Tighten up security of automation project (CSPR-related) (ludoo)
- [#2000] Checklist attribution bucket (ludoo)
- [#1997] Update checklist parsing for top-level key (ludoo)
- [#1992] Fix Data platform foundation (lcaggio)
- [#1969] Integrate checklist data in FAST (ludoo)
- [#1967] Add locations on terraform.tfvars.sample for bootstrap stage (simonebruzzechesse)
- [#1899] Read-only service accounts for automation and CI/CD (ludoo)
- [#1945] Fix GitHub CI/CD provider (ludoo)
- [#1943] Revert "Add debug step for JWT tokens" (ludoo)
- [#1940] Add kernels.googleusercontent.com zone in dns response policy (simonebruzzechesse)
- [#1938] Add debug step for JWT tokens (wiktorn)
- [#1932] Simplify organization tags.tf locals (juliocc)
- [#1912] incompatible change: Custom role factories for organization and project modules (ludoo)
- [#1900] Patch Github actions ci google-github-actions/auth@v0 --> v2 (ibrahimparvez2)
- [#2009] Tighten up security of automation project (CSPR-related) (ludoo)
- [#2001] Marcwo/dataform module (marcjwo)
- [#2005] Fix named ranges behaviour if cidr_tpl_file variable not provided. (miromichalicka)
- [#2004] incompatible change: Remove default region for Cloud Function and Cloud Run (wiktorn)
- [#1993] Fix DNS E2E test + add one to net-lb-app-int-cross-region (wiktorn)
- [#1999] Added Enabled Kubernetes Beta APIs feature (luigi-bitonti)
- [#1996] Fix factory default value for rule ports in firewall policy module (ludoo)
- [#1994] DNS response policies e2e changes (dibaskar-google)
- [#1977] Add example to FAST GKE stage, streamline GKE Hub module variables and usage (ludoo)
- [#1987] Specify
docker_repository
field for google_cloudfunctions2_function (kumadee) - [#1990] Fixed README and test for DNS module (apichick)
- [#1988] Added health checked targets for geo routing policy in dns module (apichick)
- [#1979] feat: enable mtls on external application application load balancer (Tazminia)
- [#1982] Add resource manager tags support for instance template (LucaPrete)
- [#1981] Added Cross-region internal application load balancer module (apichick)
- [#1980] Proper validation of empty string value in identity_type (viliampucik)
- [#1978] Fix identity_type (viliampucik)
- [#1970] Add support for service_external_ips_config to GKE cluster modules (luigi-bitonti)
- [#1968] use provided SA for cloud function v2 trigger (juliocc)
- [#1966] Support for ANY_USER_ACCOUNT in module vpc-sc egress rule. (xjantoth)
- [#1964] Use fixtures in net-lb-ext (wiktorn)
- [#1958] Create bigtable service identity with project if api is enabled (steenblik)
- [#1963] net-address end-to-end tests (wiktorn)
- [#1962] Add end-to-end tests for net-lb-app-ext-regional (wiktorn)
- [#1892] New module for external regional application load balancer (juliocc)
- [#1960] Add PNA support to Service Directory module (stribioli)
- [#1957] Add e2e test for net_lb_app_ext module (andybubu)
- [#1956] Support CMEK encryption on Bigtable instances. (steenblik)
- [#1902] First version of Cloud Run module v2 (juliodiez)
- [#1944] Dns e2e (dibaskar-google)
- [#1948] Fix GCVE network policy (LucaPrete)
- [#1947] GCVE: add network policy configuration (LucaPrete)
- [#1946] Minor fix to GCVE module readme (LucaPrete)
- [#1941] Use new resources in GCVE module, bump provider versions (LucaPrete)
- [#1936] Move squid to __need_fixing (sruffilli)
- [#1935] E2E tests fixes (wiktorn)
- [#1933] Add project-scoped secure tags (juliocc)
- [#1932] Simplify organization tags.tf locals (juliocc)
- [#1930] Allow granting network user role on host project from project module and factory (simonebruzzechesse)
- [#1928] incompatible change: Fix health check autocreation and id output in passthrough LB modules (ludoo)
- [#1926] Add support for policy based routes to net-vpc (sruffilli)
- [#1905] gke-cluster-standard : Support upgrade_settings for node auto provisioner (noony)
- [#1923] Removed deprecated variable and added labels (luigi-bitonti)
- [#1922] can_ip_forward in simple-nva examples (sruffilli)
- [#1921] Sync tf version to version used by tests (wiktorn)
- [#1920] Bump tf version (ludoo)
- [#1918] Added missing parameters in kubelet and linux node configuration (luigi-bitonti)
- [#1917] Added the possibility to configure maintenance window and deny maintenance period in Cloud SQL module module (francesco-pavan-huware)
- [#1912] incompatible change: Custom role factories for organization and project modules (ludoo)
- [#1909] net_lb_ext module e2e and example testing changes (dibaskar-google)
- [#1908] README fixes for #1907 (wiktorn)
- [#1906] gke-cluster-standard : Set optional shielded_instance_config block in cluster_autoscaling.auto_provisioning_defaults (noony)
- [#1907] Add support for subnet-level service network user grants to project module, improve docs (ludoo)
- [#1904] gke-cluster-standard : Add possibility to enable image streaming feature at cluster level (noony)
- [#1903] Enable sole tenancy (
node_affinities
) on compute_vm (LucaPrete) - [#1901] Add IPv6 to HA VPN module + test inventories (LucaPrete)
- [#1898] Use unique names for logging buckets in examples (wiktorn)
- [#1896] e2e test fix for net-vpc-firewall module (rthangaraju)
- [#1895] Add support for firewall tags to compute-vm module (ludoo)
- [#1891] artifact-registry: Support cleanup policies (noony)
- [#1894] e2e test fix for iam-service-account module (rthangaraju)
- [#1893] E2E and examples tests for net-vpc module (rthangaraju)
- [#1861] Added external data configuration support to BigQuery Module (luigi-bitonti)
- [#1871] Added workstation-cluster module (apichick)
- [#1874] Added PSC support to CloudSQL Module (luigi-bitonti)
- [#1885] Fixed envoy file, it has extra character that was preventing envoy to start (apichick)
- [#1985] Better error reporting when missing setup for E2E tests (wiktorn)
- [#1961] Use zones b and c for MIG fixture (juliocc)
- [#1955] Add version check to tools/lint.sh (wiktorn)
- [#1914] Allow per-module terraform fixtures (juliocc)
- [#1953] Fix variable region (andybubu)
- [#1950] Add version check (wiktorn)
- [#1937] Fix always succeding test (wiktorn)
- [#1932] Simplify organization tags.tf locals (juliocc)
- [#1890] Use TFTEST_E2E_ instead of TF_VAR variables (wiktorn)
28.0.0 - 2023-11-24
- [#1882] Fixes/improvements to F5 HA blueprint (LucaPrete)
- [#1787] F5 blueprint (LucaPrete)
- [#1873] Add DLP Service Agent role (wiktorn)
- [#1859] Net dash cfv2 (aurelienlegrand)
- [#1863] End-to-end tests for Vertex blueprint (wiktorn)
- [#1856] Sql user features (Francesco-cloud24)
- [#1739] Added CMEK for Secret auto managed (luigi-bitonti)
- [#1848] Dataproc module bug fix (Francesco-cloud24)
- [#1851] Support multilevel data and allow overriding project id in project factory (ludoo)
- [#1838] Simplify #1836 fix, Avoid map-related casting errors in project factory (wiktorn)
- [#1836] incompatible change: Avoid map-related casting errors in project factory (ludoo)
- [#1832] [Minimal Data Platform] Fix Landing and curated IAM (lcaggio)
- [#1825] Handling SQL IP address issue (aurelienlegrand)
- [#1821] [net-address] enable ipv6 (LucaPrete)
- [#1814] incompatible change: Allow specifying arbitrary project roles for service accounts in project factory (ludoo)
- [#1812] Stop wrapping yamldecode with try() (sruffilli)
- [#1806] Updating network dashboard: fixing Cloud SQL problem, fixing 1 metric… (aurelienlegrand)
- [#1796] Make extended shared vpc attributes optional in project factory (ludoo)
- [#1782] Add upper cap to versions, update copyright notices (sruffilli)
- [#1765] Add support for dual stack and multiple forwarding rules to net-lb-int module (LucaPrete)
- [#1748] Bump golang.org/x/net from 0.7.0 to 0.17.0 in /blueprints/cloud-operations/unmanaged-instances-healthcheck/function/restarter (dependabot[bot])
- [#1747] Bump golang.org/x/net from 0.7.0 to 0.17.0 in /blueprints/cloud-operations/unmanaged-instances-healthcheck/function/healthchecker (dependabot[bot])
- [#1735] Make deletion protection consistent across all modules (juliocc)
- [#1787] F5 blueprint (LucaPrete)
- [#1832] [Minimal Data Platform] Fix Landing and curated IAM (lcaggio)
- [#1831] Update wording in FAST and gcve module READMEs (bluPhy)
- [#1782] Add upper cap to versions, update copyright notices (sruffilli)
- [#1773] Add service usage consumer role to IaC SAs, refactor delegated grants in FAST (ludoo)
- [#1743] Billing account module (ludoo)
- [#1855] Document
fast_features
(juliocc) - [#1864] End to end tests for GCS (wiktorn)
- [#1836] incompatible change: Avoid map-related casting errors in project factory (ludoo)
- [#1818] FAST: rename VPC-related files to
net-*
(sruffilli) - [#1812] Stop wrapping yamldecode with try() (sruffilli)
- [#1810] FAST: Add access transparency logs to the default sinks (sruffilli)
- [#1809] FAST: Add VPC serverless connector NAT ranges to hierarchical fw (sruffilli)
- [#1811] FAST: removed references to kms_defaults (sruffilli)
- [#1802] Less verbose project factory stage outputs (ludoo)
- [#1797] Improve usage of optionals in FAST stage 2 VPN variables (ludoo)
- [#1788] FAST: adds support for wif provider pubkey (sruffilli)
- [#1782] Add upper cap to versions, update copyright notices (sruffilli)
- [#1780] Add sink for workspace logs to bootstrap stage (ludoo)
- [#1775] Add gcp org policy constraints file to bootstrap stage (ludoo)
- [#1773] Add service usage consumer role to IaC SAs, refactor delegated grants in FAST (ludoo)
- [#1765] Add support for dual stack and multiple forwarding rules to net-lb-int module (LucaPrete)
- [#1760] Add support for psa peered domains to fast stages (ludoo)
- [#1759] Minor edits to FAST network stage READMEs (ludoo)
- [#1743] Billing account module (ludoo)
- [#1735] Make deletion protection consistent across all modules (juliocc)
- [#1734] Update to lint.sh and wording to some tf (bluPhy)
- [#1733] Fix typo in FAST stage 2 README (bluPhy)
- [#1884] Fix failing E2E tests for folders (wiktorn)
- [#1881] Support boot disk KMS key in GKE cluster modules (ludoo)
- [#1879] Output all neg ids in app lbs (juliocc)
- [#1878] Fix permissions assignments (flaprimo)
- [#1876] Examples and E2e testing for folder module (dibaskar-google)
- [#1869] added missing sql parameters (Francesco-cloud24)
- [#1868] Fix/dlpagent (ddaluka)
- [#1870] End to end tests for Cloud Run + permadiff fixes (wiktorn)
- [#1864] End to end tests for GCS (wiktorn)
- [#1860] Organization module end-to-end tests (wiktorn)
- [#1856] Sql user features (Francesco-cloud24)
- [#1858] Removed options that are not applicable to this load balancer (apichick)
- [#1739] Added CMEK for Secret auto managed (luigi-bitonti)
- [#1845] Extend
cluster_autoscaling
fields in gke-cluster-standard (anthonyhaussman) - [#1848] Dataproc module bug fix (Francesco-cloud24)
- [#1847] Fix validation and dynamic block for optional gpu_driver (Gilfar)
- [#1846] Add support for IAM to vpc sc module (ludoo)
- [#1844] Allow disabling IAM for sink identity in resource manager modules (apichick)
- [#1841] Fix modules to support new Apigee X environment types (Teodelas)
- [#1842] Bump provider version to 5.6.0 (wiktorn)
- [#1823] Add end-to-end tests for project module (wiktorn)
- [#1837] Added envoy as SNI dynamic forward proxy to cloud-config-container (apichick)
- [#1839] Added create_before_destroy = true for self-managed certificates (apichick)
- [#1833] Net VPC Peering: added stack_type field (cmalpe)
- [#1826] Add public_access_prevention field to GCS module (devuonocar)
- [#1817] KMS module: Import job feature (cmalpe)
- [#1822] Billing budget factory (ludoo)
- [#1821] [net-address] enable ipv6 (LucaPrete)
- [#1820] Added iam_bindings and iam_bindings_additive to apigee module (apichick)
- [#1813] empty gpu sharing config fix (ewojtach)
- [#1815] Fix logic for default source range in firewall ingress rules (ludoo)
- [#1812] Stop wrapping yamldecode with try() (sruffilli)
- [#1750] AI models support (ewojtach)
- [#1798] Fix Apigee add-ons configuration (mwarm2)
- [#1808] Allow setting
enable_private_nodes
in GKE nodepool pod range (ludoo) - [#1805] net-lb-ext: Add option to set IPv6 subnetwork for IPv6 external fw rules (LucaPrete)
- [#1804] compute-vm: remove old todo (LucaPrete)
- [#1803] use the repository format in the image_path output (Tutuchan)
- [#1801] Fix Internal App LB serverless NEG backend example (juliocc)
- [#1795] Allow users to optonally specify address names (LucaPrete)
- [#1792] Removed unnecessary try statements from apigee module outputs (apichick)
- [#1786] net-lb-ext: add support for multiple forwarding rules (IPs) and dual-stack (IPv4/IPv6) (LucaPrete)
- [#1782] Add upper cap to versions, update copyright notices (sruffilli)
- [#1774] Added ProtectedApplication feature to GKE Backup (luigi-bitonti)
- [#1775] Add gcp org policy constraints file to bootstrap stage (ludoo)
- [#1771] Fix resource manager tag bindings in compute-vm module (ludoo)
- [#1769] Remove incompatible balancing_mode (wiktorn)
- [#1765] Add support for dual stack and multiple forwarding rules to net-lb-int module (LucaPrete)
- [#1762] Make subnets depend on proxy only subnets (juliocc)
- [#1757] Add autoclass to GCS (jeroenmonteban)
- [#1756] Exposed stack_type variable in compute_vm module (luigi-bitonti)
- [#1743] Billing account module (ludoo)
- [#1752] Add outputs to BigQuery dataset module (devuonocar)
- [#1754] Fix typo in GKE nodepool taints (ludoo)
- [#1746] Module autopilot bug fixes (luigi-bitonti)
- [#1745] Add missing fields to Cloud Storage bucket (devuonocar)
- [#1744] Append "s" to pubsub backoff times (juliocc)
- [#1741] Add PSA peered domains support to
net-vpc
(juliocc) - [#1737] Enforce mandatory types in all variables (juliocc)
- [#1732] Added FQDN Network Policy feature on GKE Cluster (luigi-bitonti)
- [#1735] Make deletion protection consistent across all modules (juliocc)
- [#1726] Add materialized views for bigquery (devuonocar)
- [#1863] End-to-end tests for Vertex blueprint (wiktorn)
- [#1860] Organization module end-to-end tests (wiktorn)
- [#1782] Add upper cap to versions, update copyright notices (sruffilli)
- [#1751] End-to-end tests for terraform modules (wiktorn)
- [#1737] Enforce mandatory types in all variables (juliocc)
- [#1734] Update to lint.sh and wording to some tf (bluPhy)
27.0.0 - 2023-10-04
- [#1730] Minimal Data Platform - Fix (lcaggio)
- [#1725] Fix data platform roles (lcaggio)
- [#1724] Bump provider versions to v5.0.0 (ludoo)
- [#1722] Add support for org policies to project factory (ludoo)
- [#1692] incompatible change: Allow using no service account in compute-vm (ludoo)
- [#1725] Fix data platform roles (lcaggio)
- [#1724] Bump provider versions to v5.0.0 (ludoo)
- [#1707] Only apply org policies when bootstrap user is not set (ludoo)
- [#1697] Define and adopt standard IP ranges for FAST networking (juliocc)
- [#1698] incompatible change: FAST: move organization policies to stage 0 (ludoo)
- [#1695] incompatible change: Rename FAST globals output file (ludoo)
- [#1725] Fix data platform roles (lcaggio)
- [#1724] Bump provider versions to v5.0.0 (ludoo)
- [#1718] FAST: add example of custom org policy condition to bootstrap README (ludoo)
- [#1715] Fix indentation in FAST hierarchical firewall rules (juliocc)
- [#1711] [FAST] Fix tenant folder tag (lcaggio)
- [#1707] Only apply org policies when bootstrap user is not set (ludoo)
- [#1705] Fix typo in bootstrap stage README (giterinhub)
- [#1697] Define and adopt standard IP ranges for FAST networking (juliocc)
- [#1698] incompatible change: FAST: move organization policies to stage 0 (ludoo)
- [#1695] incompatible change: Rename FAST globals output file (ludoo)
- [#1714] Support multiple protocols (L3_DEFAULT) through
net-ilb-in
(LucaPrete) - [#1727] Update GCS IAM (apichick)
- [#1728] Fix dnssec keys lookup (juliocc)
- [#1724] Bump provider versions to v5.0.0 (ludoo)
- [#1723] Add storage billing model to
bigquery-dataset
(devuonocar) - [#1719] Add GLB HTTP to HTTPS redirect example (ludoo)
- [#1717] Apigee module fix try (apichick)
- [#1716] Add retry policy for subscriptions (devuonocar)
- [#1709] Add bug fix in bucket local variable (luigi-bitonti)
- [#1704] Add cloud function secrets tests (wiktorn)
- [#1703] Add bug fix to allow to use Secret Manager secrets to mount files in … (luigi-bitonti)
- [#1701] Add support for default nodepool sa in GKE cluster module (ludoo)
- [#1696] Add deletion_protection_enabled attribute to cloudsql-instance to ena… (steenblik)
- [#1690] incompatible change: Rename instance attachment to match versions 23 and earlier (cygnus8595)
- [#1694] Fix apigee addons config conditional expression (eddern)
- [#1692] incompatible change: Allow using no service account in compute-vm (ludoo)
- [#1688] Fix repd disk attachment in compute-vm module (ludoo)
26.0.0 - 2023-09-18
- [#1684] incompatible change: Update resource-level IAM interface for kms and pubsub modules (juliocc)
- [#1682] GKE cluster modules: add optional kube state metrics (olliefr)
- [#1681] incompatible change: Embed subnet-level IAM in the variables controlling creation of subnets (juliocc)
- [#1680] Upgrades to
monitoring_config
ingke-cluster-*
, docs update, and cosmetics fixes to GKE cluster modules (olliefr) - [#1679] Add lineage on Minimal Data Platform blueprint (lcaggio)
- [#1678] Allow only one of
secondary_range_blocks
orsecondary_range_names
when creating GKE clusters. (juliocc) - [#1671] incompatible change: Fixed, added back environments to each instance, that way we can also… (apichick)
- [#1662] merge labels from data_merges in project factory (Tutuchan)
- [#1651] add AIRFLOW_VAR_ prefix to environment variables in data-platform blueprints (Tutuchan)
- [#1642] New phpIPAM serverless third parties solution in blueprints (simonebruzzechesse)
- [#1654] Fix project factory blueprint and fast stage (LucaPrete)
- [#1647] Bump provider version to 4.80.0 (juliocc)
- [#1638] gke-cluster-standard: change logging configuration (olliefr)
- [#1636] Delete api gateway blueprint (juliodiez)
- [#1607] Trap requests timeout error in quota sync (ludoo)
- [#1595] incompatible change: IAM interface refactor (ludoo)
- [#1601] [Data Platform] Update README.md (lcaggio)
- [#1687] Add IAM variables template to ADR (juliocc)
- [#1686] CONTRIBUTING guide: fix broken links and update "running tests for specific examples" section (olliefr)
- [#1658] incompatible change: Change type of
iam_bindings
variable to allow multiple conditional bindings (ludoo) - [#1642] New phpIPAM serverless third parties solution in blueprints (simonebruzzechesse)
- [#1640] Simplify linting output in workflow (juliocc)
- [#1636] Delete api gateway blueprint (juliodiez)
- [#1595] incompatible change: IAM interface refactor (ludoo)
- [#1684] incompatible change: Update resource-level IAM interface for kms and pubsub modules (juliocc)
- [#1685] Fix psa routing variable in FAST net stages (ludoo)
- [#1682] GKE cluster modules: add optional kube state metrics (olliefr)
- [#1681] incompatible change: Embed subnet-level IAM in the variables controlling creation of subnets (juliocc)
- [#1680] Upgrades to
monitoring_config
ingke-cluster-*
, docs update, and cosmetics fixes to GKE cluster modules (olliefr) - [#1678] Allow only one of
secondary_range_blocks
orsecondary_range_names
when creating GKE clusters. (juliocc) - [#1664] Align pf stage sample data to new format (ludoo)
- [#1663] [#1661] Make FAST stage 1 resman tf destroy more reliable (LucaPrete)
- [#1659] Link project factory documentation from FAST stage (ludoo)
- [#1658] incompatible change: Change type of
iam_bindings
variable to allow multiple conditional bindings (ludoo) - [#1654] Fix project factory blueprint and fast stage (LucaPrete)
- [#1638] gke-cluster-standard: change logging configuration (olliefr)
- [#1634] [revert(revert(patch))] Remove unused ASN numbers for CloudNAT in FAST (LucaPrete)
- [#1631] Allow single hfw policy association in folder and organization modules (juliocc)
- [#1626] Revert "Remove unused ASN numbers from CloudNAT to avoid provider errors" (LucaPrete)
- [#1623] Fix role name for delegated grants in FAST bootstrap (juliocc)
- [#1612] Fix: align stage-2-e-nva-bgp to the latest APIs (LucaPrete)
- [#1610] Fix: use existing variable to optionally name fw policies (LucaPrete)
- [#1595] incompatible change: IAM interface refactor (ludoo)
- [#1597] fix null object exception in bootstrap output when using cloudsource (sm3142)
- [#1593] Fix FAST CI/CD for Gitlab (ludoo)
- [#1583] Fix module path for teams cicd (ludoo)
- [#1684] incompatible change: Update resource-level IAM interface for kms and pubsub modules (juliocc)
- [#1683] Fix subnet iam_bindings to use arbitrary keys (juliocc)
- [#1682] GKE cluster modules: add optional kube state metrics (olliefr)
- [#1681] incompatible change: Embed subnet-level IAM in the variables controlling creation of subnets (juliocc)
- [#1680] Upgrades to
monitoring_config
ingke-cluster-*
, docs update, and cosmetics fixes to GKE cluster modules (olliefr) - [#1678] Allow only one of
secondary_range_blocks
orsecondary_range_names
when creating GKE clusters. (juliocc) - [#1675] GKE Autopilot module: add network tags (olliefr)
- [#1676] fixed up nit from PR 1666 (dgulli)
- [#1672] Added possibility to use gcs push endpoint on pubsub subscription (luigi-bitonti)
- [#1671] incompatible change: Fixed, added back environments to each instance, that way we can also… (apichick)
- [#1666] added support for global proxy only subnets (dgulli)
- [#1669] Fix for partner interconnect (apichick)
- [#1668] fix(compute-mig): add correct type optionality for metrics in autosca… (NotArpit)
- [#1667] fix(compute-mig): add mode property to compute_region_autoscaler (NotArpit)
- [#1658] incompatible change: Change type of
iam_bindings
variable to allow multiple conditional bindings (ludoo) - [#1653] Fixes to the apigee module (juliocc)
- [#1642] New phpIPAM serverless third parties solution in blueprints (simonebruzzechesse)
- [#1650] Make net-vpc variables non-nullable (juliocc)
- [#1647] Bump provider version to 4.80.0 (juliocc)
- [#1646] gke-cluster-autopilot: add monitoring configuration (olliefr)
- [#1645] gke-cluster-autopilot: add validation for release_channel input variable (olliefr)
- [#1638] gke-cluster-standard: change logging configuration (olliefr)
- [#1625] gke-cluster-autopilot: add logging configuration (olliefr)
- [#1637] GRPC variable is misnamed "GRCP" in
modules/cloud-run/variables.tf
, causing liveness probe and startup probe to fail (zacharysmithdatatonic) - [#1632] Vpc sc allow null for identity type (LudovicEmo)
- [#1633] Do not set default ASN number (LucaPrete)
- [#1631] Allow single hfw policy association in folder and organization modules (juliocc)
- [#1630] [Fix] Add explicit dependency between CR peers and NCC RA spoke creation (LucaPrete)
- [#1613] Cloud SQL activation policy selectable (cmvalla)
- [#1619] Adding support for NAT in Apigee (billabongrob)
- [#1620] Remove net-firewall-policy match variable validation (richard-olson)
- [#1614] Fix net-firewall-policy factory name and action (richard-olson)
- [#1584] add support for object upload to gcs module (ehorning)
- [#1609] incompatible change: Use cloud run bindings for cf v2 invoker role, refactor iam handling in cf v2 and cloud run (ludoo)
- [#1590] GCVE module first release (eliamaldini)
- [#1595] incompatible change: IAM interface refactor (ludoo)
- [#1600] fix(cloud-run): move cpu boost annotation to revision (LiuVII)
- [#1599] Fixing some typos (bluPhy)
- [#1598] feat(cloud-run): add startup cpu boost option (JSchwerberg)
- [#1594] Add support for conditions to
iam_members
module variables (ludoo) - [#1591] feat: 🎸 (modules/cloudsql-instance):add project_id for ssl cert (erabusi)
- [#1589] Add new
iam_members
variable to IAM additive module interfaces (ludoo) - [#1588] feat: 🎸 (modules/cloudsql-instance): enable require_ssl cert support (erabusi)
- [#1587] incompatible change: Fix factory rules key in net firewall policy module (ludoo)
- [#1578] Fix: Instance level stateful disk config (beardedsamwise)
- [#1582] feat(modules/cloud-run): add gen2 exec env support (LiuVII)
- [#1641] Lint script (juliocc)
- [#1640] Simplify linting output in workflow (juliocc)
- [#1635] Silence FAST tests warnings (juliocc)
- [#1595] incompatible change: IAM interface refactor (ludoo)
- [#1585] Print inventory path when a test fails (juliocc)
25.0.0 - 2023-08-09
- [#1581] incompatible change: Remove firewall policy management from resource management modules (ludoo)
- [#1573] Add information about required groups (wiktorn)
- [#1572] incompatible change: More module descriptions (ludoo)
- [#1560] Removed unused attribute in variable of ha-vpn-over-blueprint blueprint (apichick)
- [#1548] Minor fixes in Vertex Ai MLOPs blueprint (javiergp)
- [#1547] incompatible change: Peering module refactor (ludoo)
- [#1542] Grant IAM rights to service identities in host project (wiktorn)
- [#1536] incompatible change: Update and refactor artifact registry module (ludoo)
- [#1533] Make demo pipeline append into BQ tables (danieldeleo)
- [#1510] incompatible change: Refactoring of dns module (apichick)
- [#1504] Bump semver from 5.7.1 to 5.7.2 in /blueprints/serverless/api-gateway/function (dependabot[bot])
- [#1501] Fix in nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg blueprint (apichick)
- [#1498] Return only bucket name of composer, not full url to dags folder (wiktorn)
- [#1581] incompatible change: Remove firewall policy management from resource management modules (ludoo)
- [#1573] Add information about required groups (wiktorn)
- [#1545] add dataplex autodq base module (thinhha)
- [#1557] renaming net-vpc-swp to net-swp (skalolazka)
- [#1553] Added module for Regional Internal Proxy Load Balancer (apichick)
- [#1546] incompatible change: rename cloud-dataplex to dataplex (thinhha)
- [#1506] Document architectural decisions (ludoo)
- [#1500] README: audit logs on org level go to a logging bucket, not bigquery (skalolazka)
- [#1579] Enable team CI/CD impersonation (williamsmt)
- [#1581] incompatible change: Remove firewall policy management from resource management modules (ludoo)
- [#1572] incompatible change: More module descriptions (ludoo)
- [#1566] Remove unused ASN numbers from CloudNAT to avoid provider errors (LucaPrete)
- [#1563] Update FAST CI/CD workflows so it can work with ID_TOKEN and Gitlab 15+ (LucaPrete)
- [#1547] incompatible change: Peering module refactor (ludoo)
- [#1514] Fix FAST stage links script for GKE stage (ludoo)
- [#1510] incompatible change: Refactoring of dns module (apichick)
- [#1581] incompatible change: Remove firewall policy management from resource management modules (ludoo)
- [#1580] Apigee addons (apichick)
- [#1576] incompatible change: Refactor firewall policy module (ludoo)
- [#1575] Expose allow_net_admin feature in gke-cluster-autopilot module (eunanhardy)
- [#1572] incompatible change: More module descriptions (ludoo)
- [#1569] Add support for cost management to GKE module (ludoo)
- [#1568] Add support for ipv6 to net-vpc module (ludoo)
- [#1567] Allow custom route descriptions in net-vpc module (juliocc)
- [#1558] feat(apigee): add retention variable (danistrebel)
- [#1564] Fixed error of inconsistent conditional result types when evaluating … (apichick)
- [#1561] Removed unused attribute in peer_gateway_config variable (apichick)
- [#1545] add dataplex autodq base module (thinhha)
- [#1559] Added IPSEC_INTERCONNECT addresses to net-address module (apichick)
- [#1557] renaming net-vpc-swp to net-swp (skalolazka)
- [#1513] optional description in modules/net-vpc-swp (skalolazka)
- [#1555] Fix permadiff in artifact-registry (juliocc)
- [#1553] Added module for Regional Internal Proxy Load Balancer (apichick)
- [#1554] Fix in IAM bindings of cloud function v2 module (apichick)
- [#1551] Fix in validation of healthchecks variable (apichick)
- [#1552] Add image path output to ar module (ludoo)
- [#1550] Fix in validation of healthchecks variable (apichick)
- [#1547] incompatible change: Peering module refactor (ludoo)
- [#1542] Grant IAM rights to service identities in host project (wiktorn)
- [#1546] incompatible change: rename cloud-dataplex to dataplex (thinhha)
- [#1540] Fixes in cloud function v2 module for trigger service account (apichick)
- [#1536] incompatible change: Update and refactor artifact registry module (ludoo)
- [#1537] Wrong ASN when using partner_interconnect. (sruffilli)
- [#1535] Renamed output.tf in net-vlan-attachment (sruffilli)
- [#1523] Fix in event_filters of trigger_config (apichick)
- [#1519] Improve Dataplex (lcaggio)
- [#1520] feat(cloudsql-instance): Add query insights config (LiuVII)
- [#1512] enable-logging flag can only be true for public zones (apichick)
- [#1510] incompatible change: Refactoring of dns module (apichick)
- [#1509] Add output to org module with custom constraint details and depends_on (juliocc)
- [#1503] Move IAM grant to function level for trigger SA (wiktorn)
- [#1479] Update ncc-spoke-ra module to explicity request ncc hub id when referencing existing hubs (simonebruzzechesse)
- [#1499] Add support for custom description in net-address (simonebruzzechesse)
- [#1497] incompatible change: Implement proper support for data access logs in resource manager modules (ludoo)
- [#1544] Minimal tfdoc refactoring for legibility (ludoo)
- [#1538] Extend tfdoc to generate TOCs (juliocc)
- [#1511] Fail if run with Python below 3.10 (wiktorn)
24.0.0 - 2023-07-07
- [#1496] Allow using a separate resource for boot disk in compute-vm module (ludoo)
- [#1488] incompatible change: Fix and improve quota monitor blueprint (ludoo)
- [#1483] Updating a few files to fix typos (bluPhy)
- [#1474] data-platform-minimal - support web_server_network_access_control (kthhrv)
- [#1482] Add region to quota monitor cloud function (ludoo)
- [#1475] Minimal Data Platform - Shared VPC (lcaggio)
- [#1473] Improve Minimal Data Platform Blueprint (lcaggio)
- [#1468] Dependencies update for API Gateway blueprint (apichick)
- [#1469] Bump semver and @google-cloud/storage in /blueprints/gke/binauthz/image (dependabot[bot])
- [#1466] incompatible change: Rename network load balancer modules (ludoo)
- [#1459] Add preliminary support for partner interconnect (wiktorn)
- [#1464] Fix Shielded folder README (lcaggio)
- [#1458] Fixing typos (bluPhy)
- [#1455] Match readme groups with variables file in shielded folder blueprint (CanburakTumer)
- [#1451] Improve Minimal Data Platform blueprint (lcaggio)
- [#1454] data-platform-minimal - 02-processing.tf typo (kthhrv)
- [#1453] data-platform-minimal - correct typo (kthhrv)
- [#1450] Split Cloud Function module in separate v1 and v2 modules (ludoo)
- [#1447] incompatible change: Refactored apigee module and adjusted the blueprints accordingly (apichick)
- [#1409] Added module for Secure Web Proxy (rosmo)
- [#1420] Move net-dedicated-vlan-attachment module to net-vlan-attachment and … (apichick)
- [#1427] Updating hub-and-spoke peering blueprint to use HA VPN. (mark1000)
- [#1432] Make internal/external addresses optional in compute-vm (juliocc)
- [#1423] Add support for Log Analytics on logging-bucket module and bump provider version (lcaggio)
- [#1416] Fix and improve GCS2BQ blueprint (lcaggio)
- [#1483] Updating a few files to fix typos (bluPhy)
- [#1473] Improve Minimal Data Platform Blueprint (lcaggio)
- [#1466] incompatible change: Rename network load balancer modules (ludoo)
- [#1450] Split Cloud Function module in separate v1 and v2 modules (ludoo)
- [#1444] Fixing typos (bluPhy)
- [#1409] Added module for Secure Web Proxy (rosmo)
- [#1420] Move net-dedicated-vlan-attachment module to net-vlan-attachment and … (apichick)
- [#1418] Network Load Balancer module (ludoo)
- [#1470] FAST: initial implementation of lightweight tenants (ludoo)
- [#1492] Peering dashboard (aurelienlegrand)
- [#1487] Fix primary gke/dp ranges in FAST subnets (juliocc)
- [#1478] FAST: short_name_is_prefix for multi-tenant (drebes)
- [#1483] Updating a few files to fix typos (bluPhy)
- [#1477] Changing the IP range of pods from 100.64.48.0/20 to 100.65.16.0/20 Fixes #1461 (arvindag07)
- [#1466] incompatible change: Rename network load balancer modules (ludoo)
- [#1446] fixup(project-factory): Use the correct KMS Service Agents attribute … (alloveras)
- [#1445] Bump TF version in all workflow templates to coincide with module requirements (kthhrv)
- [#1443] Fix repo names check in extra FAST stage (ludoo)
- [#1432] Make internal/external addresses optional in compute-vm (juliocc)
- [#1429] Use RFC6598 addresses for pods and subnets (wiktorn)
- [#1426] Add custom tag support to FAST (ludoo)
- [#1425] Small fixes (ludoo)
- [#1412] Add VPN monitoring alerts to 2-networking and VPN usage chart (afda16)
- [#1496] Allow using a separate resource for boot disk in compute-vm module (ludoo)
- [#1489] incompatible change: Disable googleapi routes creation when vpc is not created in net-vpc module (ludoo)
- [#1486] Allow external editing of group instances in lb modules (ludoo)
- [#1480] Add bigquery authorized resources (thinhha)
- [#1485] incompatible change: Align group names in lb modules (ludoo)
- [#1456] add missing variable image_uri (jose-bermudez-digitalfemsa)
- [#1471] Add ToCs to resource manager modules (ludoo)
- [#1466] incompatible change: Rename network load balancer modules (ludoo)
- [#1467] Add support for resource policies to compute vm module (ludoo)
- [#1439] modules/vpc-sc: google_access_context_manager_service_perimeter add support for method_selectors/permission (LudovicEmo)
- [#1460] Added validation for edge_availability_domain value (apichick)
- [#1458] Fixing typos (bluPhy)
- [#1449] Added iam for DNS managed zone to dns module (apichick)
- [#1452] feat(artifact-registry): Add support for CMEK (alloveras)
- [#1450] Split Cloud Function module in separate v1 and v2 modules (ludoo)
- [#1447] incompatible change: Refactored apigee module and adjusted the blueprints accordingly (apichick)
- [#1440] enable_logging variable was not being used (apichick)
- [#1436] Ignore Cloud Run system annotations/labels (wiktorn)
- [#1409] Added module for Secure Web Proxy (rosmo)
- [#1420] Move net-dedicated-vlan-attachment module to net-vlan-attachment and … (apichick)
- [#1434] Add subnets id output, expand net-address outputs (juliocc)
- [#1432] Make internal/external addresses optional in compute-vm (juliocc)
- [#1428] Added support for PSC negs in net-ilb-l7 module (apichick)
- [#1430] Fix serverless neg example in ILB L7 module (ludoo)
- [#1426] Add custom tag support to FAST (ludoo)
- [#1423] Add support for Log Analytics on logging-bucket module and bump provider version (lcaggio)
- [#1425] Small fixes (ludoo)
- [#1419] Fix NLB module (ludoo)
- [#1418] Network Load Balancer module (ludoo)
23.0.0 - 2023-06-05
- [#1410] incompatible change: Ensure all modules have an
id
output (ludoo) - [#1390] HA VPN over Interconnect modules and blueprint (sruffilli)
- [#1403] add alloydb module (prabhaarya)
- [#1407] Multiple Updates in READMEs and wording (bluPhy)
- [#1390] HA VPN over Interconnect modules and blueprint (sruffilli)
- [#1414] Bump GH TF version to coincide with module requirements (davideasaf)
- [#1400] Add default googleapi route creation to net-vpc (juliocc)
- [#1417] Remove hardcoded description from instance groups created under net-lb-int (LucaPrete)
- [#1415] Add notice to net-lb-int module on routes (ludoo)
- [#1403] add alloydb module (prabhaarya)
- [#1411] Add networksecurity to JIT identity list (rosmo)
- [#1410] incompatible change: Ensure all modules have an
id
output (ludoo) - [#1405] Added comment in the dns module, saying that inbound/outbound server … (apichick)
- [#1407] Multiple Updates in READMEs and wording (bluPhy)
- [#1390] HA VPN over Interconnect modules and blueprint (sruffilli)
- [#1404] Add trigger SA for Cloud Run (wiktorn)
- [#1400] Add default googleapi route creation to net-vpc (juliocc)
22.0.0 - 2023-05-24
- [#1389] Bump requests from 2.28.1 to 2.31.0 in /blueprints/cloud-operations/network-dashboard/src (dependabot[bot])
- [#1388] Firewall Validator fix target_service_accounts ref (afda16)
- [#1382] chore: update mlops blueprint metadata (bharathkkb)
- [#1380] Minimal Data Platform - Make components optional (lcaggio)
- [#1378] Updates to blueprints/data-solutions/shielded-folder (bluPhy)
- [#1375] Several updates (bluPhy)
- [#1365] feat(net-cloudnat): add toggle for independent endpoint mapping and dynamic port allocation (JSchwerberg)
- [#1362] Add Minimal Data Platform blueprint (lcaggio)
- [#1364] Cloud Run services in service projects (juliodiez)
- [#1358] update variables files for gke nodepool taints (jackspyder)
- [#1359] Blueprint metadata validator (juliocc)
- [#1355] Fix Shielded Folder - VertexML interoperability (lcaggio)
- [#1353] fix in IAM binding of Apigee BigQuery analytics blueprint (apichick)
- [#1346] incompatible change: FAST: shorten stage 3 prefixes, enforce prefix length in stage 3s (ludoo)
- [#1345] chore: update metadata schema (bharathkkb)
- [#1343] Fix because of changes in the cloud functions module and the Apigee a… (apichick)
- [#1342] Add directory to vertex-mlops blueprint metadata (juliocc)
- [#1337] Improve Vertex mlops blueprint (lcaggio)
- [#1338] Set all resource requests to the autopilot minimum as the existing va… (apichick)
- [#1330] Separating GKE Standard and Autopilot Modules (avinashkumar1289)
- [#1334] Rename mlops blueprint providers file (ludoo)
- [#1333] Add providers to vertex-mlops blueprint (juliocc)
- [#1331] IAP for Cloud Run GA (juliodiez)
- [#1309] [DataPlatform] Fix data-eng role on orchestration project (lcaggio)
- [#1323] fix: create log-export-dataset on shielded-folder when no ecryption keys are defined (bgdanix)
- [#1319] Fixed wait_time in locust script (apichick)
- [#1312] add firewall enforcement variable to VPC (fawzihmouda)
- [#1305] add missing enable_addons reference in gke blueprint for multitenant-… (jackspyder)
- [#1306] Support new fields in bigquery module, bump provider versions, unpin local provider (ludoo)
- [#1293] Refactor cloud run module to use optionals and support all features (ludoo)
- [#1289] incompatible change: Network Dashboard improvements and bug fixing (simonebruzzechesse)
- [#1283] Fixed permissions of files created (apichick)
- [#1274] Add support for VPC Connector and different monitoring project to network dashboard deploy (ludoo)
- [#1393] Update README.md (juliocc)
- [#1379] Update to multiple README.md (bluPhy)
- [#1375] Several updates (bluPhy)
- [#1377] Fixed home path (skalolazka)
- [#1362] Add Minimal Data Platform blueprint (lcaggio)
- [#1357] Add module link to README (prabhaarya)
- [#1347] Fix external documentation links (bobidle)
- [#1330] Separating GKE Standard and Autopilot Modules (avinashkumar1289)
- [#1309] [DataPlatform] Fix data-eng role on orchestration project (lcaggio)
- [#1311] Fixed type in readme for FAST stages (derailed-dash)
- [#892] Add network NVA NCC stage (LucaPrete)
- [#1297] Update CONTRIBUTING.md (juliocc)
- [#1276] DNS Response Policy module (ludoo)
- [#1394] Allow setting identities in VPC SC module egress policies (ludoo)
- [#1391] fix(stages): only add sandbox SA when
sandbox
feature is enabled (gustavovalverde) - [#1385] Add conditional org admin role to sandbox SA (ludoo)
- [#1383] Allows groups from other orgs/domains (drebes)
- [#1375] Several updates (bluPhy)
- [#1376] fixed permissions for security stage SA (alx13)
- [#1367] fix routes priority typo (fawzihmouda)
- [#1358] update variables files for gke nodepool taints (jackspyder)
- [#1352] incompatible change: Switch FAST networking stages to network policies for Google domains (ludoo)
- [#1346] incompatible change: FAST: shorten stage 3 prefixes, enforce prefix length in stage 3s (ludoo)
- [#1344] Add logging details to bootstrap outputs (juliocc)
- [#1324] Fix typo in FAST cicd extra stage variable name (ludoo)
- [#1328] Strip org name from deploy key repo in FAST cicd stage (ludoo)
- [#1318] Allow longer org prefix plus tenant prefix (derailed-dash)
- [#1315] Fix stage links script for multitenant stages (ludoo)
- [#1313] Fixed typo in readme for FAST multitenant (derailed-dash)
- [#892] Add network NVA NCC stage (LucaPrete)
- [#1285] Update YAML schema for hierarchical firewall rules (sruffilli)
- [#1284] Update Provider and Terraform variables section in FAST project factory (gcardamone)
- [#1395] allow to configure stack type in GKE autopilot (NitriKx)
- [#1394] Allow setting identities in VPC SC module egress policies (ludoo)
- [#1387] Add default Cloud Build SA to project module (juliocc)
- [#1386] Support CMEK encryption in logging-bucket module (afda16)
- [#1375] Several updates (bluPhy)
- [#1372] Cloud NAT rules support (juliocc)
- [#1374] added the export_public_ip_routes variable in the net-vpc-peering mod… (itManuel)
- [#1373] Made available CPUs configurable in Cloud Functions module (apichick)
- [#1365] feat(net-cloudnat): add toggle for independent endpoint mapping and dynamic port allocation (JSchwerberg)
- [#1367] fix routes priority typo (fawzihmouda)
- [#1360] Add support for Shared VPC in Cloud Run (juliodiez)
- [#1329] fix: Change net-lb-app-ext serve_while_stale type to number (tobbbles)
- [#1308] Add cloud dataplex module (prabhaarya)
- [#1352] incompatible change: Switch FAST networking stages to network policies for Google domains (ludoo)
- [#1349] Enhance GKE Backup Configuration Support (tacchino)
- [#1348] Ignore entire node config in standard cluster (ludoo)
- [#1337] Improve Vertex mlops blueprint (lcaggio)
- [#1330] Separating GKE Standard and Autopilot Modules (avinashkumar1289)
- [#1336] Certificate renewal through terraform (bjohnrl)
- [#1335] Inconsistent conditional result types error in net-vpc module (jamesmao-xyz)
- [#1332] Add CMEK support on Secret manager module (lcaggio)
- [#1326] Remove net-interconnect-attachment-direct (juliocc)
- [#1322] Add inventories to net-vpc-firewall tests (juliocc)
- [#1320] issue #1303: net-vpc-firewall module supporting source and destination ranges (ajlopezn)
- [#1312] add firewall enforcement variable to VPC (fawzihmouda)
- [#1310] Use labels var in cloud-run module (LiuVII)
- [#1306] Support new fields in bigquery module, bump provider versions, unpin local provider (ludoo)
- [#1301] Add ability to run vtysh from simple-nva vm directly when frr is active (LucaPrete)
- [#1300] Fix vtysh (LucaPrete)
- [#1299] Fix urlmap in ILB L7 module (ludoo)
- [#1298] Add sample vtysh file to remove warnings (LucaPrete)
- [#1293] Refactor cloud run module to use optionals and support all features (ludoo)
- [#1287] incompatible change: Add support for backup and remove deprecated control plane field in GKE module (valeriobponza)
- [#1295] Load all service agents identities from yaml (juliocc)
- [#1294] Add Cloud Batch service identity (wiktorn)
- [#1280] Add Dataplex Service Identity (wiktorn)
- [#1282] Added local firewall management (iptables) on the NVA for dealing with COS default deny on inbound connections (simonebruzzechesse)
- [#1281] Use unique bundle name for Cloud Function (wiktorn)
- [#1278] DNS policy module fixes (ludoo)
- [#1276] DNS Response Policy module (ludoo)
- [#1375] Several updates (bluPhy)
- [#1359] Blueprint metadata validator (juliocc)
- [#1340] Extend tests to use lockfile if available (juliocc)
- [#1339] Deprecate plan runner fixture and all its variants (juliocc)
- [#1327] Migrate more tests (juliocc)
- [#1307] Bump Terraform version (ludoo)
21.0.0 - 2023-03-24
- [#1272] Removed repeated command in script used to deploy API proxy (apichick)
- [#1261] Fix variable terraform.tfvars.sample (dedeco)
- [#1257] Fixes related to boot_disk in compute-vm module (apichick)
- [#1256] incompatible change: Pin local provider (ludoo)
- [#1245] Composer-2 - Fix 1236 (lcaggio)
- [#1243] Autopilot fixes (apichick)
- [#1241] incompatible change: Allow using existing boot disk in compute-vm module (ludoo)
- [#1218] Small fixes on Network Dashboard cloud function code (simonebruzzechesse)
- [#1229] Removed unnecessary files (apichick)
- [#1227] Add CMEK support on BQML blueprint (lcaggio)
- [#1225] Fix on bqml demo (gioconte)
- [#1217] Added autopilot blueprint (apichick)
- [#1210] Blueprint - BigQuery ML and Vertex AI Pipeline (lcaggio)
- [#1208] Fix outdated go deps, dependabot alerts (averbuks)
- [#1150] Blueprint: GLB hybrid NEG internal (LucaPrete)
- [#1201] Add missing tfvars template to the tfc blueprint (averbuks)
- [#1196] Fix compute-vm:CloudKMS test for provider>=4.54.0 (dan-farmer)
- [#1189] Update healthchecker deps (dependabot alerts) (averbuks)
- [#1184] incompatible change: Allow multiple peer gateways in VPN HA module (ludoo)
- [#1143] Test blueprints from README files (juliocc)
- [#1181] Bump golang.org/x/sys from 0.0.0-20220310020820-b874c991c1a5 to 0.1.0 in /blueprints/cloud-operations/unmanaged-instances-healthcheck/function/healthchecker (dependabot[bot])
- [#1180] Bump golang.org/x/sys from 0.0.0-20220310020820-b874c991c1a5 to 0.1.0 in /blueprints/cloud-operations/unmanaged-instances-healthcheck/function/restarter (dependabot[bot])
- [#1175] Serverless networking program (juliodiez)
- [#1179] Added a PSC GCLB example (cgrotz)
- [#1165] DataPlatform: Support project creation (lcaggio)
- [#1167] incompatible change: Simplify org policies in resource management modules (juliocc)
- [#1161] Additional documentation for the Data Platform Dataflow pipeline example (aymanfarhat)
- [#1154] Workaround to mitigate provider issue 9164 (lcaggio)
- [#1146] Serverless networking program (juliodiez)
- [#1142] Fix bq factory docs (juliocc)
- [#1138] New compute-vm examples and tests (juliocc)
- [#1132] Add descriptive name as optional argument (paulwoelfel)
- [#1105] [Feature] Update data platform blue print with Dataflow Flex template (aymanfarhat)
- [#1129] Update KMS blueprint (lcaggio)
- [#1257] Fixes related to boot_disk in compute-vm module (apichick)
- [#1248] Add link to public serverless networking guide (juliodiez)
- [#1232] Network firewall policy module (ludoo)
- [#1230] Update contributing guide with new test framework (juliocc)
- [#1221] FAQ on installing Fast on a non-empty org (skalolazka)
- [#1217] Added autopilot blueprint (apichick)
- [#1210] Blueprint - BigQuery ML and Vertex AI Pipeline (lcaggio)
- [#1150] Blueprint: GLB hybrid NEG internal (LucaPrete)
- [#1193] Add reference to Cloud Run blueprints (juliodiez)
- [#1188] Add reference to Cloud Run blueprints (juliodiez)
- [#1187] Add references to the serverless chapters (juliodiez)
- [#1179] Added a PSC GCLB example (cgrotz)
- [#1165] DataPlatform: Support project creation (lcaggio)
- [#1145] FAST stage docs cleanup (ludoo)
- [#1137] incompatible change: Allow configuring regions from tfvars in FAST networking stages (ludoo)
- [#1105] [Feature] Update data platform blue print with Dataflow Flex template (aymanfarhat)
- [#1052] incompatible change: FAST multitenant bootstrap and resource management, rename org-level FAST stages (ludoo)
- [#1266] FAST plugin system (ludoo)
- [#1273] Small fixes to FAST Networking stage with NVAs (simonebruzzechesse)
- [#1265] Fix FAST hub and spoke with VPN networking stage (ludoo)
- [#1263] Widen scope for prod project factory SA to dev (ludoo)
- [#1240] feat: Enable populating of data directory and .sample files and update dependencies in 0-cicd-github (antonkovach)
- [#1249] Document need to set
outputs_location
explicitly in every stage (ludoo) - [#1247] Fast: resman: location and storage class added to GKE GCS buckets (skalolazka)
- [#1241] incompatible change: Allow using existing boot disk in compute-vm module (ludoo)
- [#1237] Add missing attribute to FAST onprem VPN examples (ludoo)
- [#1228] incompatible change: Simplify VPN implementation in FAST networking stages (ludoo)
- [#1222] Manage billing.creator role authoritatively in FAST bootstrap. (juliocc)
- [#1213] feat: Add Pull Request support to 0-cicd-github (antonkovach)
- [#1203] Update subnet sample yaml files to use subnet_secondary_ranges (jmound)
- [#1212] feat: skip committing unchanged files in 0-cicd-github (antonkovach)
- [#1211] incompatible change: Add support for proxy and psc subnets to net-vpc module factory (ludoo)
- [#1209] Billing exclusion support for FAST mt resman (ludoo)
- [#1207] Allow preventing creation of billing IAM roles in FAST, add instructions on delayed billing association (ludoo)
- [#1184] incompatible change: Allow multiple peer gateways in VPN HA module (ludoo)
- [#1165] DataPlatform: Support project creation (lcaggio)
- [#1170] Add documentation about referring modules stored on CSR (wiktorn)
- [#1167] incompatible change: Simplify org policies in resource management modules (juliocc)
- [#1164] fix module_prefix in fast extras 0-cicd-github (antonkovach)
- [#1162] Fix Terraform formatting and add module_prefix attribute to modules_config (antonkovach)
- [#1145] FAST stage docs cleanup (ludoo)
- [#1137] incompatible change: Allow configuring regions from tfvars in FAST networking stages (ludoo)
- [#1133] Align VPN peer interface to module in FAST net VPN stage (simonebruzzechesse)
- [#1135] Post PR message in GitHub workflow on init or validate failure (ludoo)
- [#1134] Fix stage 1 output file names and stage links script (ludoo)
- [#1128] Remove info about non-existing vpc-peering-*.tf files (skalolazka)
- [#1052] incompatible change: FAST multitenant bootstrap and resource management, rename org-level FAST stages (ludoo)
- [#1270] Add static gateway id to outputs of VPN ha module (ludoo)
- [#1269] Ignore changes to metadata.0.annotations in Cloud Run module (juliocc)
- [#1267] Improvements to NCC-RA spoke module. (LucaPrete)
- [#1268] simple-nva: add ability to parse BGP configs as strings. (LucaPrete)
- [#1258] Add backend service names to outputs for net-lb-app-ext and net-lb-app-int (rosmo)
- [#1259] Add support for
iam_additive
and simplify factory interface in net VPC module (ludoo) - [#1255] incompatible change: Change
target_vpcs
variable in firewall policy module to support dynamic values (ludoo) - [#1256] incompatible change: Pin local provider (ludoo)
- [#1246] Delay creation of SVPC host bindings until APIs and JIT SAs are done (juliocc)
- [#1241] incompatible change: Allow using existing boot disk in compute-vm module (ludoo)
- [#1239] Allow overriding name in net-vpc subnet factory (ludoo)
- [#1226] Fix policy_based_routing.sh script on simple-nva module (simonebruzzechesse)
- [#1234] Fixed connection tracking configuration on LB backend in net-lb-int module (simonebruzzechesse)
- [#1232] Network firewall policy module (ludoo)
- [#1219] Network Connectivity Center module (juliodiez)
- [#1227] Add CMEK support on BQML blueprint (lcaggio)
- [#1224] Fix JIT notebook service account. (lcaggio)
- [#1195] Extended simple-nva module to manage BGP service running on FR routing docker container (simonebruzzechesse)
- [#1211] incompatible change: Add support for proxy and psc subnets to net-vpc module factory (ludoo)
- [#1206] Dataproc module. Fix output. (lcaggio)
- [#1205] Fix issue with GKE cluster notifications topic & static output for pubsub module (rosmo)
- [#1204] Fix url_redirect issue on net-lb-app-ext module (erabusi)
- [#1199] [Dataproc module] Fix Variables (lcaggio)
- [#1200] Add test for #1197 (juliocc)
- [#1198] Fix secondary ranges in net-vpc readme (ludoo)
- [#1196] Fix compute-vm:CloudKMS test for provider>=4.54.0 (dan-farmer)
- [#1194] Fix HTTPS health check mismapped to HTTP in compute-mig and net-lb-int modules (jogoldberg)
- [#1192] Dataproc module: Fix outputs (lcaggio)
- [#1190] Dataproc Module (lcaggio)
- [#1191] Fix external gateway in VPN HA module (ludoo)
- [#1186] Fix Workload Identity for ASM in GKE hub module (valeriobponza)
- [#1184] incompatible change: Allow multiple peer gateways in VPN HA module (ludoo)
- [#1177] Implemented conditional dynamic blocks for
google_access_context_manager_service_perimeter
spec
andstatus
(calexandre) - [#1178] adding meshconfig.googleapis.com to JIT list. (valeriobponza)
- [#1174] Don't define nor use health checks with SNEGs (juliodiez)
- [#1172] Allow to not use any health check (juliodiez)
- [#1171] Modifications related to autopilot and workload identity. Added workl… (apichick)
- [#1167] incompatible change: Simplify org policies in resource management modules (juliocc)
- [#1168] Remove unused attribute from project module README example (juliodiez)
- [#1166] Fix variable name in VPC-SC module examples (juliodiez)
- [#1153] net-vpc - add missing iam properties to factory_subnets (jamesdalf)
- [#1163] Projects-data-source module new version (averbuks)
- [#1160] Allow additive IAM grants by robots name (wiktorn)
- [#1158] changed pod_range reference to include secondary_pod_range issue #1157 (chemapolo)
- [#1156] Add 'max_time_travel_hours ' support on BQ module (lcaggio)
- [#1151] Add example about referencing existing MIGs to net-lb-int module readme (LucaPrete)
- [#1149] Add documentation about JIT-ed service accounts (wiktorn)
- [#1131] Add Autopilot Support for cluster_autoscaling Configuration in GKE Module (tacchino)
- [#1140] CloudSQL Backup Configuration: Support Point In Time Recovery (tacchino)
- [#1147] Fix gke-cluster dns config feature (juliocc)
- [#1144] Fixes for service-mesh example in gke-hub (wiktorn)
- [#1138] New compute-vm examples and tests (juliocc)
- [#1052] incompatible change: FAST multitenant bootstrap and resource management, rename org-level FAST stages (ludoo)
- [#1266] FAST plugin system (ludoo)
- [#1242] Remove container image workflows (kunzese)
- [#1231] Simplify testing workflow (juliocc)
- [#1216] Use composite action for test workflow prerequisite steps (ludoo)
- [#1215] Try plugin cache, split examples tests (ludoo)
- [#1211] incompatible change: Add support for proxy and psc subnets to net-vpc module factory (ludoo)
- [#1209] Billing exclusion support for FAST mt resman (ludoo)
- [#1208] Fix outdated go deps, dependabot alerts (averbuks)
- [#1182] Bump actions versions (juliocc)
- [#1052] incompatible change: FAST multitenant bootstrap and resource management, rename org-level FAST stages (ludoo)
20.0.0 - 2023-02-04
- [#1038] Vertex Pipelines MLOps framework blueprint (javiergp)
- [#1124] Removed unused file package-lock.json (apichick)
- [#1119] incompatible change: Multi-Cluster Ingress gateway api config (wiktorn)
- [#1111] incompatible change: In the apigee module now both the /22 and /28 peering IP ranges are p… (apichick)
- [#1106] Network Dashboard: PSA support for Filestore and Memorystore (aurelienlegrand)
- [#1110] Bump cookiejar from 2.1.3 to 2.1.4 in /blueprints/apigee/bigquery-analytics/functions/export (dependabot[bot])
- [#1097] Use terraform resource to activate Anthos Service Mesh (wiktorn)
- [#1104] Updated apigee hybrid for gke README (apichick)
- [#1107] Check linting for Python dashboard files (ludoo)
- [#1102] Improvements in apigee hybrid-gke: now using workload identity and GLB (apichick)
- [#1098] Add shared-vpc support on data-playground blueprint (lcaggio)
- [#1095] [Data Platform] Fix Table in readme (lcaggio)
- [#1089] Update Data Platform (lcaggio)
- [#1081] Apigee hybrid on GKE (apichick)
- [#1082] Fixes in Apigee Bigquery Analytics blueprint (apichick)
- [#1071] Moved apigee bigquery analytics blueprint, added apigee network patterns (apichick)
- [#1073] Allow setting no ranges in firewall module custom rules (ludoo)
- [#1072] incompatible change: Add gc_policy to Bigtable module, bump provider versions to 4.47 (iht)
- [#1063] Network dashboard: PSA ranges support, starting with Cloud SQL (aurelienlegrand)
- [#1062] Fixes for GKE (wiktorn)
- [#1060] Update src/README.md for Network Dashboard (aurelienlegrand)
- [#1020] Networking dashboard and discovery tool refactor (ludoo)
- [#1101] First batch of testing updates to core modules (juliocc)
- [#1089] Update Data Platform (lcaggio)
- [#1084] Fixes in Apigee blueprints README files (apichick)
- [#1081] Apigee hybrid on GKE (apichick)
- [#1074] Adding new section for Authentication issues (agutta)
- [#1071] Moved apigee bigquery analytics blueprint, added apigee network patterns (apichick)
- [#1057] Adding new file FAQ and an image (agutta)
- [#1118] Add missing logging admin role for initial user (ludoo)
- [#1099] Fix destroy in stage 1 outputs (ludoo)
- [#1089] Update Data Platform (lcaggio)
- [#1085] fix restricted services not being added to the perimeter configurations (drebes)
- [#1057] Adding new file FAQ and an image (agutta)
- [#1054] FAST: fix typo in bootstrap stage README (agutta)
- [#1051] FAST: add instructions for billing export to stage 0 README (KPRepos)
- [#1127] Skip node config for autopilot (ludoo)
- [#1125] Added mesh_certificates setting in GKE cluster (rosmo)
- [#1094] Added GLB example with MIG as backend (eliamaldini)
- [#1119] incompatible change: Multi-Cluster Ingress gateway api config (wiktorn)
- [#1111] incompatible change: In the apigee module now both the /22 and /28 peering IP ranges are p… (apichick)
- [#1116] Include cloudbuild API in project module (aymanfarhat)
- [#1115] add new parameters support in apigee module (blackillzone)
- [#1112] Add HTTPS frontend with SNEG example (juliodiez)
- [#1097] Use terraform resource to activate Anthos Service Mesh (wiktorn)
- [#1101] First batch of testing updates to core modules (juliocc)
- [#1098] Add shared-vpc support on data-playground blueprint (lcaggio)
- [#1096] [VPC-SC] Add support for scoped Policies (lcaggio)
- [#1093] Added tags to gke-cluster module (apichick)
- [#1078] Fixed delete_rule in compute-mig module for stateful disks (rosmo)
- [#1080] Added device_name field to compute-vm attached_disks parameter (rosmo)
- [#1079] Reorder org policy rules (juliocc)
- [#1075] incompatible change: Add cluster replicas to Bigtable module. (iht)
- [#1073] Allow setting no ranges in firewall module custom rules (ludoo)
- [#1072] incompatible change: Add gc_policy to Bigtable module, bump provider versions to 4.47 (iht)
- [#1070] Fix MIG health check variable (ludoo)
- [#1069] Allow tables with several column families in Bigtable (iht)
- [#1068] Added endpoint_attachment_hosts output to apigee module (apichick)
- [#1067] Corrected load balancing scheme in backend service (apichick)
- [#1066] Refactor GCS module and tests for Terraform 1.3 (ludoo)
- [#1062] Fixes for GKE (wiktorn)
- [#1061] incompatible change: Allow using dynamically generated address in LB modules NEGs (ludoo)
- [#1059] Read ranges from correct fields in firewall factory (juliocc)
- [#1056] Feature - CloudSQL pre-allocation private IP range and GKE Cluster ignore_change lifecycle hook. (itsavvy-ankur)
- [#1107] Check linting for Python dashboard files (ludoo)
- [#1101] First batch of testing updates to core modules (juliocc)
- [#1091] Fix check_documentation output (juliocc)
- [#1053] Extend inventory-based testing to examples (juliocc)
19.0.0 - 2022-12-13
- [#1045] Assorted module fixes (ludoo)
- [#1044] incompatible change: Refactor net-lb-app-ext module for Terraform 1.3 (ludoo)
- [#982] Adding Secondary IP Utilization calculation (brianhmj)
- [#1037] Bump qs and formidable in /blueprints/cloud-operations/apigee/functions/export (dependabot[bot])
- [#1034] feat(blueprints): get audience from tfc environment variable (Thomgrus)
- [#1024] Fix Apigee PAYG environment node config (g-greatdevaks)
- [#1019] Added endpoint attachments to Apigee module (apichick)
- [#1000] ADFS blueprint fixes (apichick)
- [#1001] Binauthz blueprint fixes related to project creation (apichick)
- [#1009] Fix encryption in Data Playground blueprint (lcaggio)
- [#1003] Normalize prefix handling in blueprints (kunzese)
- [#995] Push container images to GitHub instead of Google Container Registry (kunzese)
- [#984] incompatible change: Apigee module and blueprint (apichick)
- [#980] Have Squid log to /dev/stdout to stream logs to Cloud Logging (kunzese)
- [#929] Updated list of enabled APIs for network dashboard (maunope)
- [#968] Enforce PROXY protocol in
filtering-proxy-psc
blueprint (kunzese) - [#962] Add filtering-proxy-psc blueprint (kunzese)
- [#913] Adding support for PSA ranges, starting with Redis instances. (aurelienlegrand)
- [#952] Remove duplicate GLB+CA blueprint folder (ludoo)
- [#949] incompatible change: Refactor VPC firewall module for Terraform 1.3 (ludoo)
- [#945] Org policy factory (juliocc)
- [#941] incompatible change: Refactor ILB module for Terraform 1.3 (ludoo)
- [#939] Temporarily duplicate cloud armor example (ludoo)
- [#936] Enable org policy service and add README notice to modules (ludoo)
- [#931] incompatible change: Refactor compute-mig module for Terraform 1.3 (ludoo)
- [#932] feat(project-factory): introduce additive iam bindings to project-fac… (Malet)
- [#925] Network dashboard: update main.tf and README following #922 (brianhmj)
- [#924] Fix formatting for gcloud dataflow job launch command (aymanfarhat)
- [#921] Align documentation, move glb blueprint (ludoo)
- [#915] TFE OIDC with GCP WIF blueprint added (averbuks)
- [#899] Static routes monitoring metrics added to network dashboard BP (maunope)
- [#909] GCS2BQ: Move images and templates in sub-folders (lcaggio)
- [#907] Fix CloudSQL blueprint (lcaggio)
- [#897] Project-factory: allow folder_id to be defined in defaults_file (Malet)
- [#900] Improve net dashboard variables (juliocc)
- [#896] Network Dashboard: CFv2 and performance improvements (aurelienlegrand)
- [#871] Firewall Policy Metrics, parallel writes, aligned timestamps (maunope)
- [#884] BigQuery factory blueprint (marcjwo)
- [#889] Minor fixes to PSC hybrid blueprint readmes (LucaPrete)
- [#888] Let the cloudsql module generate a random password (skalolazka)
- [#879] New PSC hybrid blueprint (LucaPrete)
- [#880] incompatible change: Refactor net-vpc module for Terraform 1.3 (ludoo)
- [#872] added support 2nd generation cloud function (som-nitjsr)
- [#875] incompatible change: Refactor GKE nodepool for Terraform 1.3, refactor GKE blueprints and FAST stage (ludoo)
- [#873] Fix docker tag command and link to Cloud Shell in WP blueprint (skalolazka)
- [#870] Temporarily revert to Terraform 1.3.1 to support Cloud Shell (skalolazka)
- [#856] Add network firewall metrics to network dashboard (maunope)
- [#868] incompatible change: Refactor GKE module for Terraform 1.3 (ludoo)
- [#818] Example wordpress (skalolazka)
- [#861] Leverage new shared VPC project config defaults across the repo (juliocc)
- [#854] Added an example of a Nginx reverse proxy cluster using RMIGs (rosmo)
- [#850] Made sample alert creation optional (maunope)
- [#837] Network dashboard: Subnet IP utilization update (aurelienlegrand)
- [#848] updated quota monitoring CF doc (maunope)
- [#847] incompatible change: Quotas monitoring, time series format update (maunope)
- [#839] incompatible change: Update to terraform 1.3 (juliocc)
- [#828] Update firewall rules. (lcaggio)
- [#813] Add documentation example test for pf (ludoo)
- [#809] Renaming and moving blueprints (juliocc)
- [#1048] Document new testing approach (ludoo)
- [#1045] Assorted module fixes (ludoo)
- [#1014] Update typos in
net-vpc-firewall
README.md (aymanfarhat) - [#1044] incompatible change: Refactor net-lb-app-ext module for Terraform 1.3 (ludoo)
- [#1009] Fix encryption in Data Playground blueprint (lcaggio)
- [#1006] Add settings for autoscaling to Bigtable module. (iht)
- [#1007] fast README, one line fix: 00-cicd stage got moved to extras/ (skalolazka)
- [#1003] Normalize prefix handling in blueprints (kunzese)
- [#987] Add tests to factory examples (juliocc)
- [#972] Add note about TF_PLUGIN_CACHE_DIR (wiktorn)
- [#961] Remove extra file from root (ludoo)
- [#943] Update bootstrap README.md with unique project id requirements (KPRepos)
- [#937] Fix typos in blueprints README.md (kumar-dhanagopal)
- [#921] Align documentation, move glb blueprint (ludoo)
- [#898] Update FAST bootstrap README.md (juliocc)
- [#878] chore: update cft and fabric (bharathkkb)
- [#863] Fabric vs CFT doc (ludoo)
- [#806] FAST Companion Guide (ajlopezn)
- [#1023] incompatible change: Small fix: uniform region in Fast in networking-nva (skalolazka)
- [#1032] FAST: fix VPC-SC example in security documentation (imp14a)
- [#1007] fast README, one line fix: 00-cicd stage got moved to extras/ (skalolazka)
- [#976] FAST: fixes to GitHub workflow and 02/net outputs (ludoo)
- [#966] FAST: improve GitHub workflow, stage 01 output fixes (ludoo)
- [#963] incompatible change: Refactor vps-sc module for Terraform 1.3 (ludoo)
- [#956] FAST: bootstrap and extra stage CI/CD improvements and fixes (ludoo)
- [#949] incompatible change: Refactor VPC firewall module for Terraform 1.3 (ludoo)
- [#943] Update bootstrap README.md with unique project id requirements (KPRepos)
- [#948] Use display_name instead of description for FAST service accounts (juliocc)
- [#947] Use org policy factory for resman stage (juliocc)
- [#941] incompatible change: Refactor ILB module for Terraform 1.3 (ludoo)
- [#935] FAST: enable org policy API, fix run.allowedIngress value (ludoo)
- [#931] incompatible change: Refactor compute-mig module for Terraform 1.3 (ludoo)
- [#930] incompatible change: Update organization/folder/project modules to use new org policies API and tf1.3 optionals (juliocc)
- [#911] FAST: Additional PGA DNS records (sruffilli)
- [#903] Initial replacement for CI/CD stage (ludoo)
- [#898] Update FAST bootstrap README.md (juliocc)
- [#880] incompatible change: Refactor net-vpc module for Terraform 1.3 (ludoo)
- [#875] incompatible change: Refactor GKE nodepool for Terraform 1.3, refactor GKE blueprints and FAST stage (ludoo)
- [#566] FAST: Separate network environment (sruffilli)
- [#870] Temporarily revert to Terraform 1.3.1 to support Cloud Shell (skalolazka)
- [#868] incompatible change: Refactor GKE module for Terraform 1.3 (ludoo)
- [#867] FAST: Replace NVAs in 02-networking-nva with COS-based VMs (sruffilli)
- [#865] Enable FAST 00-cicd provider test (ludoo)
- [#861] Leverage new shared VPC project config defaults across the repo (juliocc)
- [#858] Default gcp-support to gcp-devops (juliocc)
- [#842] Comment redundant role in bootstrap stage, align IAM.md files, improve IAM tool (ludoo)
- [#841] FAST: revert 00-cicd provider changes (ludoo)
- [#835] Fix workflow-gitlab.yaml template rendering (muresan)
- [#828] Update firewall rules. (lcaggio)
- [#807] FAST: refactor Gitlab template (ludoo)
- [#1049] Add ssl certs to cloudsql instance (prabhaarya)
- [#1045] Assorted module fixes (ludoo)
- [#1040] Fix name in google_pubsub_schema resource (VictorCavalcanteLG)
- [#1043] added reverse lookup feature to module dns #1042 (chemapolo)
- [#1044] incompatible change: Refactor net-lb-app-ext module for Terraform 1.3 (ludoo)
- [#1036] incompatible change: Fix status ingress/egress policies in vpc-sc module (ludoo)
- [#1033] strongSwan: switch base image to debian-slim (kunzese)
- [#1026] add lifecycle ignore_changes for apigee PAYG env (g-greatdevaks)
- [#1031] Fix default_rules_config description in firewall module (ludoo)
- [#1028] incompatible change: Align rest of vpn modules with #1027 (juliocc)
- [#1027] incompatible change: Update VPN-HA module to tf1.3 (juliocc)
- [#1025] fix apigee PAYG env node config dynamic block (g-greatdevaks)
- [#1024] Fix Apigee PAYG environment node config (g-greatdevaks)
- [#1019] Added endpoint attachments to Apigee module (apichick)
- [#1018] Apigee instance doc examples (danistrebel)
- [#1016] Fix memory/cpu typo in gke cluster module (joeheaton)
- [#1012] Fix tag outputs in organization module (ludoo)
- [#1006] Add settings for autoscaling to Bigtable module. (iht)
- [#999] Default nodepool creation fix (astianseb)
- [#1005] Only set partitioned table when sink type is bigquery (juliocc)
- [#997] Add BigQuery subscriptions to Pubsub module. (iht)
- [#995] Push container images to GitHub instead of Google Container Registry (kunzese)
- [#994] Add schemas to Pubsub topic module. (iht)
- [#979] Add network tags support to the organization module (LucaPrete)
- [#991] Allow cross-project backend services in ILB L7 module (ludoo)
- [#984] incompatible change: Apigee module and blueprint (apichick)
- [#988] Merge cloud function v1 and v2 tests (juliocc)
- [#965] incompatible change: Add triggers to Cloud Functions v2 (wiktorn)
- [#980] Have Squid log to /dev/stdout to stream logs to Cloud Logging (kunzese)
- [#983] incompatible change: Add support for serverless NEGs to ILB L7 module (ludoo)
- [#978] Worker pool support for
cloud-function
(maunope) - [#977] Replace Docker's
gcplogs
driver with the GCP COS logging agent (kunzese) - [#975] Add validation for health check port specification to ILB L7 module (ludoo)
- [#974] incompatible change: Refactor net-lb-app-int module for Terraform 1.3 (ludoo)
- [#970] Update logging sinks to tf1.3 in resman modules (juliocc)
- [#969] Update folder and project org policy tests (juliocc)
- [#964] prefix variable consistency across modules (skalolazka)
- [#963] incompatible change: Refactor vps-sc module for Terraform 1.3 (ludoo)
- [#958] Add support for org policy custom constraints (averbuks)
- [#960] Fix README typo in firewall module (valeriobponza)
- [#953] Added IAM Additive and converted some outputs to static (muresan)
- [#951] cloud-functions v2 - fix reference to bucket_name (wiktorn)
- [#949] incompatible change: Refactor VPC firewall module for Terraform 1.3 (ludoo)
- [#946] incompatible change: Deprecate organization-policy module (juliocc)
- [#945] Org policy factory (juliocc)
- [#941] incompatible change: Refactor ILB module for Terraform 1.3 (ludoo)
- [#940] Ensure the implementation of org policies is consistent (juliocc)
- [#936] Enable org policy service and add README notice to modules (ludoo)
- [#931] incompatible change: Refactor compute-mig module for Terraform 1.3 (ludoo)
- [#930] incompatible change: Update organization/folder/project modules to use new org policies API and tf1.3 optionals (juliocc)
- [#926] Fix backwards compatibility for vpc subnet descriptions (ludoo)
- [#927] Add support for deployment type and api proxy type for Apigee org (kmucha555)
- [#923] Fix service account creation error in gke nodepool module (ludoo)
- [#908] GKE module: autopilot fixes (ludoo)
- [#906] GKE module: add managed_prometheus to features (apichick)
- [#916] Add support for DNS routing policies (juliocc)
- [#918] Fix race condition in SimpleNVA (sruffilli)
- [#914] incompatible change: Update DNS module (juliocc)
- [#904] Add missing description field (dsbutler101)
- [#891] Add internal_ips output to compute-vm module (LucaPrete)
- [#890] Add auto_delete and instance_redistribution_type to compute-vm and compute-mig modules. (giovannibaratta)
- [#883] Fix csi-driver, logging and monitoring default values when autopilot … (danielmarzini)
- [#880] incompatible change: Refactor net-vpc module for Terraform 1.3 (ludoo)
- [#872] added support 2nd generation cloud function (som-nitjsr)
- [#877] fix autoscaling block (ludoo)
- [#875] incompatible change: Refactor GKE nodepool for Terraform 1.3, refactor GKE blueprints and FAST stage (ludoo)
- [#870] Temporarily revert to Terraform 1.3.1 to support Cloud Shell (skalolazka)
- [#869] Fix optionals for resource_usage_export field in
gke-cluster
(juliocc) - [#868] incompatible change: Refactor GKE module for Terraform 1.3 (ludoo)
- [#866] Update ipprefix_by_netmask.sh in nva module (sruffilli)
- [#860] incompatible change: Refactor compute-vm for Terraform 1.3 (ludoo)
- [#861] Leverage new shared VPC project config defaults across the repo (juliocc)
- [#859] Make project shared VPC fields optional (juliocc)
- [#853] Fixes NVA issue when health checks are not enabled (sruffilli)
- [#846] COS based simple networking appliance (sruffilli)
- [#851] nginx-tls: only use hostname part for TLS certificate (rosmo)
- [#844] Management of GCP project default service accounts (ddaluka)
- [#845] added root password support for MS SQL Server (cmalpe)
- [#843] Add support for disk encryption to instance templates in compute-vm module (ludoo)
- [#840] incompatible change: Refactor net-address module for 1.3 (ludoo)
- [#839] incompatible change: Update to terraform 1.3 (juliocc)
- [#824] Add simple composer 2 blueprint (lcaggio)
- [#834] Add support for service_label property in internal load balancer (kmucha555)
- [#833] regional MySQL DBs - automatic backup conf (skalolazka)
- [#827] Project module: Add Artifactregistry Service Identity SA creation. (lcaggio)
- [#826] Added new binary_authorization argument in gke-cluster module (sirohia)
- [#819] Removed old and unused modules (juliocc)
- [#1048] Document new testing approach (ludoo)
- [#1029] Testing framework revamp (juliocc)
- [#1022] Replace
set-output
with env variable and remove single quotes on labels (kunzese) - [#1021] Add OpenContainers annotations to published container images (kunzese)
- [#1017] Fix auto-labeling (ludoo)
- [#1013] Update labeler.yml (ludoo)
- [#1010] Enforce nonempty descriptions ending in a dot (juliocc)
- [#1004] Use
actions/labeler
to automatically label pull requests (kunzese) - [#998] Add missing
write_package
permission (kunzese) - [#996] Fix
repository name must be lowercase
on docker build (kunzese) - [#993] Fix variable and output sort check (juliocc)
- [#950] Add a pytest fixture to convert tfvars to yaml (ludoo)
- [#942] Bump tftest and improve dns tests (juliocc)
- [#919] Rename workflow names (juliocc)
- [#902] Bring back sorted variables check (juliocc)
- [#887] Disable parallel execution of tests and plugin cache (ludoo)
- [#886] Revert "Improve handling of tf plugin cache in tests" (ludoo)
- [#885] Improve handling of tf plugin cache in tests (ludoo)
- [#881] Run tests in parallel using
pytest-xdist
(ludoo) - [#876] Make changelog tool slower to work around inconsistencies in API results (ludoo)
- [#865] Enable FAST 00-cicd provider test (ludoo)
- [#864] incompatible change: Bump terraform required version (ludoo)
- [#842] Comment redundant role in bootstrap stage, align IAM.md files, improve IAM tool (ludoo)
- [#811] Fix changelog generator (ludoo)
- [#810] Fully recursive e2e test runner for examples (juliocc)
18.0.0 - 2022-09-09
- [#804] GKE CI/CD (ludoo)
- [#803] FAST: fix GCS location in stage 00 and 01 (miklosn)
- [#700] FAST: GKE multitenant infrastructure (ludoo)
- [#800] FAST: add support for storage locations in stages 0 and 1 (ludoo)
- [#799] FAST: add support for project parents to bootstrap stage (ludoo)
- [#793] FAST: fix typo in CI/CD stage outputs. (fawzihmouda)
- [#774] FAST: fix data-platform-dev folder in stage 03-data-platform (sttomm)
- [#770] FAST: fix to move without
output_location
(daisuky-jp) - [#767] Allow interpolating SAs in project factory subnet IAM bindings (ludoo)
- [#766] FAST: refactor teams branch (ludoo)
- [#765] FAST: move region trigrams to a variable in network stages (ludoo)
- [#759] FAST: fix missing value to format principalSet (imp14a)
- [#753] Add support for IAM bindings on service accounts to project factory (ludoo)
- [#745] FAST: specify gitlab / github providers in CI/CD stage (imp14a)
- [#734] FAST: Use spot VMs for test VM and for NVAs (sruffilli)
- [#733] FAST: fix data platform drop BQ dataset name (juliocc)
- [#730] FAST: add billing IAM for billing group (ludoo)
- [#721] FAST: add billing.costManager role to project factory SAs (sruffilli)
- [#716] FAST: added missing format argument to project factory CI/CD IAM bindings (mgfeller)
- [#715] FAST: fix optional service accounts in networking stages (ludoo)
- [#711] FAST: update several stage READMEs about usage of *.auto.tfvars files (mgfeller)
- [#703] FAST: configuration switches for features (ludoo)
- [#706] Bump providers versions and pin versions for tests (juliocc)
- [#702] FAST: also trigger GitHub workflow on PR synchronize event (mgfeller)
- [#692] FAST: fix KMS delegation role in security stage (lcaggio)
- [#699] FAST: add
repository_owner
to GitHub identity attributes (ludoo) - [#694] FAST: add 00-cicd stage to allow managing repositories in Gitlab/GitHub, other CI/CD improvements (rosmo)
- [#690] FAST: fix stage tfvars link paths in documentation (lcaggio)
- [#676] FAST: add group creation GIF to documentation (amgoogle)
- [#687] FAST: fix service identity/SA mismatch in project factory (dosti-tee)
- [#668] FAST: add cleanup instructions to documentation (ajlopezn)
- [#682] FAST: fix CI/CD source repositories in stage 01 (imp14a)
- [#675] FAST: fix audit logs when using pubsub as destination (juliocc)
- [#674] FAST: remove team folders comment from 01 variables, clarify README (ludoo)
- [#671] FAST: fix Gitlab WIF attributes (ludoo)
- [#669] FAST: CI/CD support for Source Repository and Cloud Build (ludoo)
- [#801] Update Cloud SQL example (lcaggio)
- [#802] Fix Data Platform example (lcaggio)
- [#790] Cloud Identity Group factory (lcaggio)
- [#740] Update to multiple READMEs (bluPhy)
- [#738] Improve Data Playground example (lcaggio)
- [#771] Example of a multi-cluster mesh on GKE configuring managed control pl… (apichick)
- [#743] Update Readme.md: gcs to bq + cloud armor / glb (bensadikgoogle)
- [#757] Remove key_algorithm from glb/ilb-l7 examples (ludoo)
- [#753] Add support for IAM bindings on service accounts to project factory (ludoo)
- [#746] Update multi region cloud SQL documentation (bensadikgoogle)
- [#733] FAST: fix data platform drop BQ dataset name (juliocc)
- [#712] New AD FS example (apichick)
- [#655] New example for a data playground Terraform setup (aymanfarhat)
- [#706] Bump providers versions and pin versions for tests (juliocc)
- [#805] Change
modules/project
service_config default (juliocc) - [#787] Support manager role in cloud identity group module (lcaggio)
- [#786] Secret manager flag sensitive output (ddaluka)
- [#775] net-lb-app-ext: Added support for regional external HTTP(s) load balancing (rosmo)
- [#784] fix envoy-traffic-director config for xDS v3 (drebes)
- [#785] nginx-tls module (drebes)
- [#783] fix service unit indent on cloud-config-container module (drebes)
- [#782] typo fix (max_scale -> min_scale) (skalolazka)
- [#778] incompatible change: instance_termination_action must be set for compute-vm spot instances (sruffilli)
- [#727] Fix
ip_range
variable description inapigee-x-instance
module (alexlo03) - [#773] incompatible change: Refactor Cloud Run module (ludoo)
- [#754] Add support to a public access to cloudsql-instance (alefmreis)
- [#768] Add egress / ingress policy example to VPC SC module (ludoo)
- [#767] Allow interpolating SAs in project factory subnet IAM bindings (ludoo)
- [#764] Add dependency on shared vpc service project attachment to project module outputs (apichick)
- [#761] Fix gke hub module features condition (ludoo)
- [#760] incompatible change: GKE hub module refactor (ludoo)
- [#756] Set cluster id output to sensitive in GKE module (apichick)
- [#752] Also depend on shared vpc host in project module (apichick)
- [#747] Added gkehub.googleapis.com to jit services (apichick)
- [#744] Fixed issue with missing project reference in Cloud DNS data source (rosmo)
- [#741] Added servicemesh feature to GKE hub and included fleet robot service… (apichick)
- [#737] Move Cloud Run VPC Connector annotations to template metadata (#735) (sethmoon)
- [#732] Add support for topic message duration to pubsub module (ludoo)
- [#731] Avoid setting empty IAM binding in subnet factory (ludoo)
- [#729] Fix connector create logic in cloud run module (ludoo)
- [#726] Fix documentation for organization-policy module (averbuks)
- [#722] OrgPolicy module (factory) using new org-policy API, #698 (averbuks)
- [#695] Modified reserved IP address outputs in net-lb-app-ext module (apichick)
- [#709] Fix incompatibility between logging and monitor config/service arguments in GKE module (psabhishekgoogle)
- [#708] Fix incompatibility between backup and autopilot in GKE module (ludoo)
- [#707] Fix addons for autopilot clusters and add specific tests in GKE module (juliocc)
- [#706] Bump providers versions and pin versions for tests (juliocc)
- [#704] Add
consumer_accept_list
toapigee-x-instance
(juliocc) - [#696] Added missing image in GLB and Cloud Armor example (apichick)
- [#689] New binary authorization module and example (apichick)
- [#686] Revert "Binary authorization module and example" (ludoo)
- [#683] Binary authorization module and example (apichick)
- [#684] Cloud function module: add support for secrets (ludoo)
- [#796] Remove duplicate path component from doc_examples test names. (juliocc)
- [#794] Test documentation examples in the
examples/
folder (juliocc) - [#788] fix yaml quotes for merge-pr workflow (drebes)
- [#763] Changelog generator (ludoo)
- [#762] Update changelog on pull request merge (ludoo)
- [#680] Tools: fix
ValueError
raised incheck_names.py
when overlong names are detected (27Bslash6) - [#672] Module attribution and version updater tool, plus release automation (rosmo)
16.0.0 - 2022-06-06
- add support for Spot VMs to
gke-nodepool
module - incompatible change add support for Spot VMs to
compute-vm
module - SQL Server AlwaysOn availability groups example
- fixed Terraform change detection in CloudSQL when backup is disabled
- allow multiple CIDR blocks in the ip_range for Apigee Instance
- add prefix to project factory SA bindings
- incompatible change
subnets_l7ilb
variable is deprecated in thenet-vpc
module, insteadsubnets_proxy_only
variable should be used - add support for Private Service Connect and Proxy-only subnets to
net-vpc
module - bump Google provider versions to
>= 4.17.0
- bump Terraform version to
>= 1.1.0
- add
shielded_instance_config
support for instance template oncompute-vm
module - add support for
gke_backup_agent_config
to GKE module addons - add support for subscription filters to PubSub module
- refactor Hub and Spoke with VPN example
- fix tfdoc parsing on newllines in outputs
- fix subnet factory example in vpc module README
- fix condition in subnet factory flow logs
- added new example on GLB and Cloud Armor
- revamped and expanded Contributing Guide
- add support for Workload Identity Federation and CI/CD repositories
- simplify VPN tunnel configuration in the Hub and Spoke VPN network stage
- fix subnet YAML schema
15.0.0 - 2022-04-05
- incompatible change the variable for PSA ranges in the
net-vpc
module has changed to support configuring peering routes - fix permadiff in
net-vpc-firewall
module rules - new gke-hub module
- new unmanaged-instances-healthcheck example
- add support for IAM to
data-catalog-policy-tag
module - add support for IAM additive to
folder
module, fixes #580 - optionally turn off gcplogs driver in COS modules
- fix
tag
output ondata-catalog-policy-tag
module - add shared-vpc support on
gcs-to-bq-with-least-privileges
- new
net-lb-app-int
module - new
02-networking-peering
networking stage - incompatible change the variable for PSA ranges in networking stages have changed
14.0.0 - 2022-02-25
- incompatible change removed
iam
key from logging sink configuration in theproject
andorganization
modules - remove GCS to BQ with Dataflow example, replace by GCS to BQ with least privileges
- the
net-vpc
andproject
modules now use the beta provider for shared VPC-related resources - new iot-core module
- incompatible change the variables for host and service Shared VPCs have changed in the project module
- incompatible change the variable for service identities IAM has changed in the project factory
- add
data-catalog-policy-tag
module - new workload identity federetion example
- new
api-gateway
module and example - incompatible change the
psn_ranges
variable has been renamed topsa_ranges
in thenet-vpc
module and its type changed fromlist(string)
tomap(string)
- incompatible change removed
iam
flag for organization and folder level sinks - incompatible change removed
ingress_settings
configuration option in thecloud-functions
module. - new m4ce VM example
- Support for resource management tags in the
organization
,folder
,project
,compute-vm
, andkms
modules - new
data platform
stage 3 - new
02-networking-nva
networking stage - allow customizing the names of custom roles
- added
environment
andcontext
resource management tags - use resource management tags to restrict scope of roles/orgpolicy.policyAdmin
- use
xpnServiceAdmin
(custom role) for stage 3 service accounts that need to attach to a shared VPC - simplify and standardize ourputs from each stage
- standardize names of projects, service accounts and buckets
- switch to folder-level
xpnAdmin
andxpnServiceAdmin
- moved networking projects to folder matching their environments
13.0.0 - 2022-01-27
- initial Fabric FAST implementation
- new
net-lb-app-ext
module for Global External Load balancer - new
project-factory
module inblueprints/factories
- add missing service identity accounts (artifactregistry, composer) in project module
- new "Cloud Storage to Bigquery with Cloud Dataflow with least privileges" example
- support service dependencies for crypto key bindings in project module
- refactor project module in multiple files
- add support for per-file option overrides to tfdoc
12.0.0 - 2022-01-11
- new repo structure. All end-to-end examples moved to the top level
examples
folder
11.2.0 - 2022-01-11
- fix
net-vpc
subnet factory bug preventing the use of yamls with different shapes
11.1.0 - 2022-01-11
- add support for additive IAM bindings to
kms
module
11.0.0 - 2022-01-04
- incompatible change remove location from
gcs
bucket names - add support for interpolating access levels based on keys to the
vpc-sc
module
10.0.1 - 2022-01-03
- remove lifecycle block from vpc sc perimeter resources
10.0.0 - 2021-12-31
- fix cases where bridge perimeter status resources are
null
invpc-sc
module - re-release 9.0.3 as a major release as it contains breaking changes
- update hierarchical firewall resources to use the newer
google_compute_firewall_*
resources - incompatible change rename
firewall_policy_attachments
tofirewall_policy_association
in theorganization
andfolder
modules - incompatible change updated API for the
net-vpc-sc
module
9.0.3 - 2021-12-31
- update hierarchical firewall resources to use the newer
google_compute_firewall_*
resources - incompatible change rename
firewall_policy_attachments
tofirewall_policy_association
in theorganization
andfolder
modules - incompatible change updated API for the
net-vpc-sc
module
9.0.2 - 2021-12-22
- ignore description changes in firewall policy rule to avoid permadiff, add factory example to
folder
module documentation
9.0.0 - 2021-12-22
- new
cloud-run
module - added gVNIC support to
compute-vm
module - added a rule factory to
net-vpc-firewall
module - added a subnet factory to
net-vpc
module - incompatible change added support for partitioned tables to
organization
module sinks - incompatible change renamed
private_service_networking_range
variable topsc_ranges
innet-vpc
module, and changed its type tolist(string)
- added a firewall policy factory to
organization
andfirewall
module - refactored
tfdoc
- added support for metric scopes to the
project
module
8.0.0 - 2021-10-21
- added support for GCS notifications in
gcs
module - added new
skip_delete
variable tocompute-vm
module - incompatible change all modules and examples now require Terraform >= 1.0.0 and Google provider >= 4.0.0
7.0.0 - 2021-10-21
- new cloud operations example showing how to deploy infrastructure for Compute Engine image builder based on Hashicorp Packer
- incompatible change the format of the
records
variable in thedns
module has changed, to better support dynamic values - new
naming-convention
module - new
cloudsql-instance
module - added support for website to
gcs
module, and removed auto-set labels - new
factories
top-level folder with initialsubnets
,firewall-hierarchical-policies
,firewall-vpc-rules
andexample-environments
examples - added new
description
variable tocompute-vm
module - added support for L7 ILB subnets to
net-vpc
module - added support to override default description in
compute-vm
- added support for backup retention count in
cloudsql-instance
- added new
description
variable tocloud-function
module - added new
description
variable tobigquery-dataset
module - added new
description
variable toiam-service-account
module - incompatible change fix deprecated message from
gke-nodepool
, change yourworkload_metadata_config
to correct values (GCE_METADATA
orGKE_METADATA
) - incompatible change changed maintenance window definition from
maintenance_start_time
tomaintenance_config
ingke-cluster
- added
monitoring_config
,logging_config
,dns_config
andenable_l4_ilb_subsetting
togke-cluster
6.0.0 - 2021-10-04
- new
apigee-organization
andapigee-x-instance
- generate
email
andiam_email
statically in theiam-service-account
module - new
billing-budget
module - fix
scheduled-asset-inventory-export-bq
module - output custom role information from the
organization
module - enable multiple
vpc-sc
perimeters over multiple modules - new cloud operations example showing how to restrict service usage using delegated role grants
- incompatible change multiple instance support has been removed from the
compute-vm
module, to bring its interface in line with other modules and enable simple use offor_each
at the module level; its variables have also slightly changed (attached_disks
,boot_disk_delete
,crate_template
,zone
) - incompatible change dropped the
admin_ranges_enabled
variable innet-vpc-firewall
. Setadmin_ranges = []
to get the same effect - added the
named_ranges
variable tonet-vpc-firewall
5.1.0 - 2021-08-30
- add support for
lifecycle_rule
in gcs module - create
pubsub
service identity if service is enabled - support for creation of GKE Autopilot clusters
- add support for CMEK keys in Data Foundation end to end example
- add support for VPC-SC perimeters in Data Foundation end to end example
- fix
vpc-sc
module - new networking example showing how to use Private Service Connect to call a Cloud Function from on-premises
- new networking example showing how to organize decentralized firewall management on GCP
5.0.0 - 2021-06-17
- fix
message_retention_duration
variable type inpubsub
module - move
bq
robot service account into the robot service account project output - add IAM cryptDecrypt role to robot service account on specified keys
- add Service Identity creation on
project
module if secretmanager enabled - add Data Foundation end to end example
4.9.0 - 2021-06-04
- incompatible change updated resource name for
google_dns_policy
on thenet-vpc
module - added support for VPC-SC Ingress Egress policies on the
vpc-sc
module - update CI to Terraform 0.15 and fix minor incompatibilities
- add
deletion_protection
to thebigquery-dataset
module - add support for dataplane v2 to GKE cluster module
- add BGP peer outputs to HA VPN module
4.8.0 - 2021-05-12
- added support for
CORS
to thegcs
module - make cluster creation optional in the Shared VPC example
- make service account creation optional in
iam-service-account
module - new
third-party-solutions
top-level folder with initialopenshift
example - added support for DNS Policies to the
net-vpc
module
4.7.0 - 2021-04-21
- incompatible change add support for
master_global_access_config
block in gke-cluster module - add support for group-based IAM to resource management modules
- add support for private service connect
4.6.1 - 2021-04-01
- incompatible change support one group per zone in the
compute-vm
module
4.6.0 - 2021-03-31
- incompatible change logging sinks now create non-authoritative bindings when iam=true
- fixed IAM bindings for module
bigquery
not specifying project_id - remove device_policy from
vpc_sc
module as it requires BeyondCorp Enterprise Premium - allow using unsuffixed name in
compute_vm
module
4.5.1 - 2021-03-27
- allow creating private DNS zones with no visible VPCs in
dns
module
4.5.0 - 2021-03-20
- new
logging-bucket
module to create Cloud Logging Buckets - add support to create logging sinks using logging buckets as the destination
- incompatible change extended logging sinks to support per-sink exclusions
- new
net-vpc-firewall-yaml
module - add support for regions, device policy and access policy dependency to
vpc-sc
module - add support for joining VPC-SC perimeters in
project
module - add
userinfo.email
to default scopes incompute-vm
module
4.4.2 - 2021-03-05
- fix versions constraints on modules to avoid the
no available releases match the given constraints
error
4.4.1 - 2021-03-05
- depend specific org module resources (eg policies) from IAM bindings
- set version for google-beta provider in project module
4.4.0 - 2021-03-02
- new
filtering_proxy
networking example - add support for a second region in the onprem networking example
- add support for per-tunnel router to VPN HA and VPN dynamic modules
- incompatible change the
attached_disks
variable type has changed in thecompute-vm
module, to add support for regional persistent disks, and attaching existing disks to instances / templates - the hub and spoke via peering example now supports project creation, resource prefix, and GKE peering configuration
- make the
project_id
output from theproject
module non-dynamic. This means you can use this output as a key for map fed into afor_each
(for example, as a key foriam_project_bindings
in theiam-service-accounts
module) - add support for essential contacts in the in the
project
,folder
andorganization
modules
4.3.0 - 2021-01-11
- new DNS for Shared VPC example
- incompatible change removed the
logging-sinks
module. Logging sinks can now be created thelogging_sinks
variable in the in theproject
,folder
andorganization
modules - add support for creating logging exclusions in the
project
,folder
andorganization
modules - add support for Confidential Compute to
compute-vm
module - add support for handling IAM policy (bindings, audit config) as fully authoritative in the
organization
module
4.2.0 - 2020-11-25
- incompatible change the
org_id
variable and output in thevpc-sc
module have been renamed toorganization_id
, the variable now accepts values inorganizations/nnnnnnnn
format - incompatible change the
forwarders
variable in thedns
module has a different type, to support specifying forwarding path - add support for MTU in
net-vpc
module - incompatible change access variables have been renamed in the
bigquery-dataset
module - add support for IAM to the
bigquery-dataset
module - fix default OAuth scopes in
gke-nodepool
module - add support for hierarchical firewalls to the
folder
andorganization
modules - incompatible change the
org_id
variable and output in theorganization
module have been renamed toorganization_id
, the variable now accepts values inorganizations/nnnnnnnn
format
4.1.0 - 2020-11-16
- incompatible change rename prefix for node configuration variables in
gke-nodepool
module [#156] - add support for internally managed service account in
gke-nodepool
module [#156] - made examples in READMEs runnable and testable [#157]
- incompatible change
iam_additive
is now keyed by role to be more resilient with dynamic values, a newiam_additive_members
variable has been added for backwards compatibility. - add support for node taints in
gke-nodepool
module - add support for CMEK in
gke-nodepool
module
4.0.0 - 2020-11-06
- This is a major refactor adding support for Terraform 0.13 features
- incompatible change minimum required terraform version is now 0.13.0
- incompatible change
folders
module renamed tofolder
- incompatible change
iam-service-accounts
module renamed toiam-service-account
- incompatible change all
iam_roles
andiam_member
variables merged into a singleiam
variable. This change affects most modules - incompatible change modules like
folder
,gcs
,iam-service-account
now create a single resource. Use for_each at the module level if you need multiple instances - added basic variable validations to some modules
3.5.0 - 2020-10-27
- end to end example for scheduled Cloud Asset Inventory export to Bigquery
- decouple Cloud Run from Istio in GKE cluster module
- depend views on tables in bigquery dataset module
- bring back logging options for firewall rules in
net-vpc-firewall
module - removed interpolation-only expressions causing terraform warnings
- incompatible change simplify alias IP specification in
compute-vm
. We now use a map (alias range name to list of IPs) instead of a list of maps. - allow using alias IPs with
instance_count
incompute-vm
- add support for virtual displays in
compute-vm
- add examples of alias IPs in
compute-vm
module - fix support for creating disks from images in
compute-vm
- allow creating single-sided peerings in
net-vpc
andnet-vpc-peering
- use service project registration to Shared VPC in GKE example to remove need for two-step apply
3.4.0 - 2020-09-24
- add support for logging and better type for the
retention_policies
variable ingcs
module - incompatible change deprecate
bucket_policy_only
in favor ofuniform_bucket_level_access
ingcs
module - incompatible change allow project module to configure itself as both shared VPC service and host project
3.3.0 - 2020-09-01
- remove extra readers in
gcs-to-bq-with-dataflow
example (issue: 128) - make VPC creation optional in
net-vpc
module to allow managing a pre-existing VPC - make HA VPN gateway creation optional in
net-vpn-ha
module - add retention_policy in
gcs
module - refactor
net-address
module variables, and add support for internal addresspurpose
3.2.0 - 2020-08-29
- incompatible change add alias IP support in
cloud-vm
module - add tests for
data-solutions
examples - fix apply errors on dynamic resources in dataflow example
- make zone creation optional in
dns
module - new
quota-monitoring
end-to-end example incloud-operations
3.1.1 - 2020-08-26
- fix error in
project
module - incompatible change make HA VPN Gateway creation optional for
net-vpn-ha
module. Now an existing HA VPN Gateway can be used. Updating to the new version of the module will cause VPN Gateway recreation which can be handled byterraform state rm/terraform import
operations.
3.1.0 - 2020-08-16
- incompatible change add support for specifying a different project id in the GKE cluster module; if using the
peering_config
variable,peering_config.project_id
now needs to be explicitly set, anull
value will reuse theproject_id
variable for the peering
3.0.0 - 2020-08-15
- incompatible change the top-level
infrastructure
folder has been renamed tonetworking
- add end-to-end example for ILB as next hop
- add basic tests for
foundations
andnetworking
end-to-end examples - fix Shared VPC end-to-end example and documentation
2.8.0 - 2020-08-01
- fine-grained Cloud DNS IAM via Service Directory example
- add feed id output dependency on IAM roles in
pubsub
module
2.7.1 - 2020-07-24
- fix provider issue in bigquery module
2.7.0 - 2020-07-24
- add support for VPC connector and ingress settings to
cloud-function
module - add support for logging to
net-cloudnat
module
2.6.0 - 2020-07-19
- incompatible changes setting zone in the
compute-vm
module is now done via an optionalzones
variable, that accepts a list of zones - fix optional IAM permissions in folder unit module
2.5.0 - 2020-07-10
- new
vpc-sc
module - add support for Shared VPC to the
project
module - fix bug with
compute-vm
address reservations introduced in 2.4.1
2.4.2 - 2020-07-09
- add support for Shielded VM to
compute-vm
2.4.1 - 2020-07-06
- better fix external IP assignment in
compute-vm
2.4.0 - 2020-07-06
- fix external IP assignment in
compute-vm
- new top-level
cloud-operations
example folder - Cloud Asset Inventory end to end example in
cloud-operations
2.3.0 - 2020-07-02
- new 'Cloud Storage to Bigquery with Cloud Dataflow' end to end data solution
- incompatible change additive IAM bindings are now keyed by identity instead of role, and use a single
iam_additive_bindings
variable, refer to [#103] for details - set
delete_contents_on_destroy
in the foundations examples audit dataset to allow destroying - trap errors raised by the
project
module on destroy
2.2.0 - 2020-06-29
- make project creation optional in
project
module to allow managing a pre-existing project - new
cloud-endpoints
module - new
cloud-function
module
2.1.0 - 2020-06-22
- incompatible change routes in the
net-vpc
module now interpolate the VPC name to ensure uniqueness, upgrading from a previous version will drop and recreate routes - the top-level
docker-images
folder has been moved insidemodules/cloud-config-container/onprem
dns_keys
output added to thedns
module- add
group-config
variable,groups
andgroup_self_links
outputs tonet-lb-int
module to allow creating ILBs for externally managed instances - make the IAM bindings depend on the compute instance in the
compute-vm
module
2.0.0 - 2020-06-11
- new
data-solutions
section andcmek-via-centralized-kms
example - incompatible change static VPN routes now interpolate the VPN gateway name to enforce uniqueness, upgrading from a previous version will drop and recreate routes
1.9.0 - 2020-06-10
- new
bigtable-instance
module - add support for IAM bindings to
compute-vm
module
1.8.1 - 2020-06-07
- use
all
instead of specifying protocols in the admin firewall rule of thenet-vpc-firewall
module - add support for encryption keys in
gcs
module - set
next_hop_instance_zone
innet-vpc
for next hop instance routes to avoid triggering recreation
1.8.0 - 2020-06-03
- incompatible change the
kms
module has been refactored and will be incompatible with previous state - incompatible change robot and default service accounts outputs in the
project
module have been refactored and are now exposed via a singleservice_account
output (cf [#82]) - add support for PD CSI driver in GKE module
- refactor
iam-service-accounts
module outputs to be more resilient - add option to use private GCR to
cos-generic-metadata
module
1.7.0 - 2020-05-30
- add support for disk encryption to the
compute-vm
module - new
datafusion
module - new
container-registry
module - new
artifact-registry
module
1.6.0 - 2020-05-20
- add output to
gke-cluster
exposing the cluster's CA certificate - fix
gke-cluster
autoscaling options - add support for Service Directory bound zones to the
dns
module - new
service-directory
module - new
source-repository
module
1.5.0 - 2020-05-11
- incompatible change the
bigquery
module has been removed and replaced by the newbigquery-dataset
module - incompatible change subnets in the
net-vpc
modules are now passed as a list instead of map, and all related variables for IAM and flow logs useregion/name
instead ofname
keys; it's now possible to have the same subnet name in different regions - replace all references to the removed
resourceviews.googleapis.com
API withcontainer.googleapis.com
- fix advanced options in
gke-nodepool
module - fix health checks in
compute-mig
andnet-lb-int
modules - new
cos-generic-metadata
module in thecloud-config-container
suite - new
envoy-traffic-director
module in thecloud-config-container
suite - new
pubsub
module
1.4.1 - 2020-05-02
- new
secret-manager
module - fix access in
bigquery
module, this is the last version of this module to support multiple datasets, future versions will be calledbigquery-dataset
1.4.0 - 2020-05-01
- fix DNS module internal zone lookup
- fix Cloud NAT module internal router name lookup
- re-enable and update outputs for the foundations environments example
- add peering route configuration for private clusters to GKE cluster module
- incompatible changes in the GKE nodepool module: rename
node_config_workload_metadata_config
variable toworkload_metadata_config
, new default forworkload_metadata_config
isGKE_METADATA_SERVER
- incompatible change in the
compute-vm
module: removed support for MIG and thegroup_manager
variable - add
compute-mig
andnet-lb-int
modules - incompatible change in
net-vpc
: a newname
attribute has been added to thesubnets
variable, allowing to directly set subnet name, to update to the new module add an extraname = false
attribute to each subnet
1.3.0 - 2020-04-08
- add organization policy module
- add support for organization policies to folders and project modules
1.2.0 - 2020-04-06
- add squid container to the
cloud-config-container
module
1.1.0 - 2020-03-27
- rename the
cos-container
suite of modules tocloud-config-container
- refactor the
onprem-in-a-box
module to only manage thecloud-config
configuration, and make it part of thecloud-config-container
suite of modules - update the
onprem-google-access-dns
example to use the refactoredonprem
module - fix the
external_addresses
output in thecompute-vm
module - small tweaks and fixes to the
cloud-config-container
modules
1.0.0 - 2020-03-27
- merge development branch with suite of new modules and end-to-end examples