Skip to content

Latest commit

 

History

History
2083 lines (1813 loc) · 300 KB

CHANGELOG.md

File metadata and controls

2083 lines (1813 loc) · 300 KB

Changelog

All notable changes to this project will be documented in this file.

BLUEPRINTS

  • [#2133] Updated diagram to better reflect code naming. (bswenka)
  • [#2135] Rename modules/cloudsql-instance deletion protection variables (juliocc)
  • [#2119] Fix phpipam blueprint (simonebruzzechesse)
  • [#2110] Gitlab blueprint (simonebruzzechesse)
  • [#1843] incompatible change: Factories refactor (ludoo)
  • [#2105] incompatible change: Enable shielded nodes by default on GKE mt blueprint and FAST stage (ludoo)
  • [#2082] Fix GKE multitenant blueprint roles (ludoo)
  • [#2076] Use Fabric modules in blueprints/networking/psc-glb-and-armor (wiktorn)
  • [#2075] Updated path matchers to be more user friendly, added better test exa… (bswenka)
  • [#2079] Format python files in blueprints (simonebruzzechesse)
  • [#2071] Bswenka/psc glb and armor 2 producers (bswenka)
  • [#2072] Fix e2e tests - vertex mlops and net-address (wiktorn)
  • [#2064] incompatible change: Extend FAST to support different principal types (ludoo)
  • [#2058] glb and armor subnet fix (bswenka)
  • [#2061] HA MySQL cluster deployment on GKE (wiktorn)
  • [#2059] GKE stateful blueprints (juliocc)
  • [#2036] Shielded nodes and custom service account in FAST GKE stage and blueprint (CSPR-related) (ludoo)
  • [#2016] incompatible change: Ensure data platform service accounts meet FAST requirements (ludoo)

DOCUMENTATION

FAST

  • [#2115] incompatible change: Align resource names in FAST networking stages (ludoo)
  • [#2112] Add support for billing budgets to project factory (ludoo)
  • [#1843] incompatible change: Factories refactor (ludoo)
  • [#2105] incompatible change: Enable shielded nodes by default on GKE mt blueprint and FAST stage (ludoo)
  • [#2101] Make all project_parent_ids fields optional (juliocc)
  • [#2086] Support domainless orgs in FAST (ludoo)
  • [#2077] incompatible change: Add workforce_identity_federation in 0-bootstrap (simonebruzzechesse)
  • [#2064] incompatible change: Extend FAST to support different principal types (ludoo)
  • [#2065] Fix imports of org policies (wiktorn)
  • [#2057] Postpone setting essential contacts until provisioning using SA (wiktorn)
  • [#2056] import default org-level org-policies (wiktorn)
  • [#2050] Enable additional recommended org policies (juliocc)
  • [#2041] Leverage net-vpc module for DNS logging in FAST (ludoo)
  • [#2038] Make Cloud NAT creation optional in FAST net stages. (juliocc)
  • [#2036] Shielded nodes and custom service account in FAST GKE stage and blueprint (CSPR-related) (ludoo)
  • [#2033] Add DNS query logging to FAST net stages (juliocc)
  • [#2032] Selectively enable logging in FAST and firewall policy module rules (CSPR-related) (ludoo)
  • [#2031] Clarify relationship with checklist groups in FAST bootstrap docs (ludoo)
  • [#2030] logging for default ingress rules in FAST (CSPR-related) (juliocc)
  • [#2019] Fix sourcerepo templates and concat call (juliocc)
  • [#2016] incompatible change: Ensure data platform service accounts meet FAST requirements (ludoo)
  • [#2014] Enforce trusted image projects constraint in FAST bootstrap (CSPR-related) (ludoo)
  • [#2010] Add support for essential contacts to FAST (CSPR-related) (ludoo)

MODULES

  • [#2135] Rename modules/cloudsql-instance deletion protection variables (juliocc)
  • [#2134] incompatible change: Add links to factories doc (ludoo)
  • [#2130] incompatible change: Add support for service account IAM variables to pf (ludoo)
  • [#2129] Remove ignore_changes as terraform-provider-google#16804 is closed (wiktorn)
  • [#2125] Add support for PSC network attachments and interfaces in modules (ludoo)
  • [#2124] Update docs about role automatically granted to dataform SA (wiktorn)
  • [#2122] Define service attachment interface for lb modules and implement in internal LBs (ludoo)
  • [#2121] incompatible change: enabling dataform service agent upon activating the API (marcjwo)
  • [#2118] Add https security to cloud-functions-v1 module (mibelbahri)
  • [#2112] Add support for billing budgets to project factory (ludoo)
  • [#2111] Fix pathexpand in firewall policy module (ludoo)
  • [#1843] incompatible change: Factories refactor (ludoo)
  • [#2107] Time zone support for CloudSQL SQL Server (spica29)
  • [#2100] Module Data Catalog Tag - Add support for types (lcaggio)
  • [#2104] Fix datacalog type of kubernetes_software_config.component_version and properties (SalehElnagarSecurrency)
  • [#2090] add session affinity values: "GENERATED_COOKIE", "HEADER_FIELD", "HTTP_COOKIE" to variables-backend-service.tf (tamartayar)
  • [#2102] Allow projects as destinations for log sinks (juliocc)
  • [#2098] Fix cors policy type in lb app ext modules (ludoo)
  • [#2097] Fix #2095 for other types of load balancers (juliocc)
  • [#2096] Do not convert route rules to set (juliocc)
  • [#2087] add analytics hub module (thinhha)
  • [#2091] Accept email in service account module name (ludoo)
  • [#1954] Add support for Cloud Run v2 jobs (wiktorn)
  • [#2083] Fix data-catalog tag module (lcaggio)
  • [#2081] VPC-SC module factories (ludoo)
  • [#2060] Data catalog Tag module (lcaggio)
  • [#2064] incompatible change: Extend FAST to support different principal types (ludoo)
  • [#2062] Add Tags in project output. (lcaggio)
  • [#2056] import default org-level org-policies (wiktorn)
  • [#2053] Added destroy_scheduled_duration variable (luigi-bitonti)
  • [#2051] fix: auto_provisioning_defaults is not really optional (kumadee)
  • [#2035] Fix dnssec_config issue on state off (haraldhaas)
  • [#2030] logging for default ingress rules in FAST (CSPR-related) (juliocc)
  • [#2008] Updated the DataQualitySpec for Dataplex Datascan (shourya116)
  • [#2027] Tag Template - Fix readme tests (lcaggio)
  • [#2015] Fix typo in logging sinks implementation (ludoo)
  • [#2013] Add Tag Template module (lcaggio)
  • [#2012] Add support for target_resources to net-firewall-policy module (bcorbitt-ps)
  • [#2002] Fixes and additional support for ssl_mode for CloudSQL module (spica29)
  • [#2010] Add support for essential contacts to FAST (CSPR-related) (ludoo)

TOOLS

29.0.0 - 2024-01-24

BLUEPRINTS

DOCUMENTATION

FAST

  • [#2009] Tighten up security of automation project (CSPR-related) (ludoo)
  • [#2000] Checklist attribution bucket (ludoo)
  • [#1997] Update checklist parsing for top-level key (ludoo)
  • [#1992] Fix Data platform foundation (lcaggio)
  • [#1969] Integrate checklist data in FAST (ludoo)
  • [#1967] Add locations on terraform.tfvars.sample for bootstrap stage (simonebruzzechesse)
  • [#1899] Read-only service accounts for automation and CI/CD (ludoo)
  • [#1945] Fix GitHub CI/CD provider (ludoo)
  • [#1943] Revert "Add debug step for JWT tokens" (ludoo)
  • [#1940] Add kernels.googleusercontent.com zone in dns response policy (simonebruzzechesse)
  • [#1938] Add debug step for JWT tokens (wiktorn)
  • [#1932] Simplify organization tags.tf locals (juliocc)
  • [#1912] incompatible change: Custom role factories for organization and project modules (ludoo)
  • [#1900] Patch Github actions ci google-github-actions/auth@v0 --> v2 (ibrahimparvez2)

MODULES

  • [#2009] Tighten up security of automation project (CSPR-related) (ludoo)
  • [#2001] Marcwo/dataform module (marcjwo)
  • [#2005] Fix named ranges behaviour if cidr_tpl_file variable not provided. (miromichalicka)
  • [#2004] incompatible change: Remove default region for Cloud Function and Cloud Run (wiktorn)
  • [#1993] Fix DNS E2E test + add one to net-lb-app-int-cross-region (wiktorn)
  • [#1999] Added Enabled Kubernetes Beta APIs feature (luigi-bitonti)
  • [#1996] Fix factory default value for rule ports in firewall policy module (ludoo)
  • [#1994] DNS response policies e2e changes (dibaskar-google)
  • [#1977] Add example to FAST GKE stage, streamline GKE Hub module variables and usage (ludoo)
  • [#1987] Specify docker_repository field for google_cloudfunctions2_function (kumadee)
  • [#1990] Fixed README and test for DNS module (apichick)
  • [#1988] Added health checked targets for geo routing policy in dns module (apichick)
  • [#1979] feat: enable mtls on external application application load balancer (Tazminia)
  • [#1982] Add resource manager tags support for instance template (LucaPrete)
  • [#1981] Added Cross-region internal application load balancer module (apichick)
  • [#1980] Proper validation of empty string value in identity_type (viliampucik)
  • [#1978] Fix identity_type (viliampucik)
  • [#1970] Add support for service_external_ips_config to GKE cluster modules (luigi-bitonti)
  • [#1968] use provided SA for cloud function v2 trigger (juliocc)
  • [#1966] Support for ANY_USER_ACCOUNT in module vpc-sc egress rule. (xjantoth)
  • [#1964] Use fixtures in net-lb-ext (wiktorn)
  • [#1958] Create bigtable service identity with project if api is enabled (steenblik)
  • [#1963] net-address end-to-end tests (wiktorn)
  • [#1962] Add end-to-end tests for net-lb-app-ext-regional (wiktorn)
  • [#1892] New module for external regional application load balancer (juliocc)
  • [#1960] Add PNA support to Service Directory module (stribioli)
  • [#1957] Add e2e test for net_lb_app_ext module (andybubu)
  • [#1956] Support CMEK encryption on Bigtable instances. (steenblik)
  • [#1902] First version of Cloud Run module v2 (juliodiez)
  • [#1944] Dns e2e (dibaskar-google)
  • [#1948] Fix GCVE network policy (LucaPrete)
  • [#1947] GCVE: add network policy configuration (LucaPrete)
  • [#1946] Minor fix to GCVE module readme (LucaPrete)
  • [#1941] Use new resources in GCVE module, bump provider versions (LucaPrete)
  • [#1936] Move squid to __need_fixing (sruffilli)
  • [#1935] E2E tests fixes (wiktorn)
  • [#1933] Add project-scoped secure tags (juliocc)
  • [#1932] Simplify organization tags.tf locals (juliocc)
  • [#1930] Allow granting network user role on host project from project module and factory (simonebruzzechesse)
  • [#1928] incompatible change: Fix health check autocreation and id output in passthrough LB modules (ludoo)
  • [#1926] Add support for policy based routes to net-vpc (sruffilli)
  • [#1905] gke-cluster-standard : Support upgrade_settings for node auto provisioner (noony)
  • [#1923] Removed deprecated variable and added labels (luigi-bitonti)
  • [#1922] can_ip_forward in simple-nva examples (sruffilli)
  • [#1921] Sync tf version to version used by tests (wiktorn)
  • [#1920] Bump tf version (ludoo)
  • [#1918] Added missing parameters in kubelet and linux node configuration (luigi-bitonti)
  • [#1917] Added the possibility to configure maintenance window and deny maintenance period in Cloud SQL module module (francesco-pavan-huware)
  • [#1912] incompatible change: Custom role factories for organization and project modules (ludoo)
  • [#1909] net_lb_ext module e2e and example testing changes (dibaskar-google)
  • [#1908] README fixes for #1907 (wiktorn)
  • [#1906] gke-cluster-standard : Set optional shielded_instance_config block in cluster_autoscaling.auto_provisioning_defaults (noony)
  • [#1907] Add support for subnet-level service network user grants to project module, improve docs (ludoo)
  • [#1904] gke-cluster-standard : Add possibility to enable image streaming feature at cluster level (noony)
  • [#1903] Enable sole tenancy (node_affinities) on compute_vm (LucaPrete)
  • [#1901] Add IPv6 to HA VPN module + test inventories (LucaPrete)
  • [#1898] Use unique names for logging buckets in examples (wiktorn)
  • [#1896] e2e test fix for net-vpc-firewall module (rthangaraju)
  • [#1895] Add support for firewall tags to compute-vm module (ludoo)
  • [#1891] artifact-registry: Support cleanup policies (noony)
  • [#1894] e2e test fix for iam-service-account module (rthangaraju)
  • [#1893] E2E and examples tests for net-vpc module (rthangaraju)
  • [#1861] Added external data configuration support to BigQuery Module (luigi-bitonti)
  • [#1871] Added workstation-cluster module (apichick)
  • [#1874] Added PSC support to CloudSQL Module (luigi-bitonti)
  • [#1885] Fixed envoy file, it has extra character that was preventing envoy to start (apichick)

TOOLS

28.0.0 - 2023-11-24

BLUEPRINTS

  • [#1882] Fixes/improvements to F5 HA blueprint (LucaPrete)
  • [#1787] F5 blueprint (LucaPrete)
  • [#1873] Add DLP Service Agent role (wiktorn)
  • [#1859] Net dash cfv2 (aurelienlegrand)
  • [#1863] End-to-end tests for Vertex blueprint (wiktorn)
  • [#1856] Sql user features (Francesco-cloud24)
  • [#1739] Added CMEK for Secret auto managed (luigi-bitonti)
  • [#1848] Dataproc module bug fix (Francesco-cloud24)
  • [#1851] Support multilevel data and allow overriding project id in project factory (ludoo)
  • [#1838] Simplify #1836 fix, Avoid map-related casting errors in project factory (wiktorn)
  • [#1836] incompatible change: Avoid map-related casting errors in project factory (ludoo)
  • [#1832] [Minimal Data Platform] Fix Landing and curated IAM (lcaggio)
  • [#1825] Handling SQL IP address issue (aurelienlegrand)
  • [#1821] [net-address] enable ipv6 (LucaPrete)
  • [#1814] incompatible change: Allow specifying arbitrary project roles for service accounts in project factory (ludoo)
  • [#1812] Stop wrapping yamldecode with try() (sruffilli)
  • [#1806] Updating network dashboard: fixing Cloud SQL problem, fixing 1 metric… (aurelienlegrand)
  • [#1796] Make extended shared vpc attributes optional in project factory (ludoo)
  • [#1782] Add upper cap to versions, update copyright notices (sruffilli)
  • [#1765] Add support for dual stack and multiple forwarding rules to net-lb-int module (LucaPrete)
  • [#1748] Bump golang.org/x/net from 0.7.0 to 0.17.0 in /blueprints/cloud-operations/unmanaged-instances-healthcheck/function/restarter (dependabot[bot])
  • [#1747] Bump golang.org/x/net from 0.7.0 to 0.17.0 in /blueprints/cloud-operations/unmanaged-instances-healthcheck/function/healthchecker (dependabot[bot])
  • [#1735] Make deletion protection consistent across all modules (juliocc)

DOCUMENTATION

  • [#1787] F5 blueprint (LucaPrete)
  • [#1832] [Minimal Data Platform] Fix Landing and curated IAM (lcaggio)
  • [#1831] Update wording in FAST and gcve module READMEs (bluPhy)
  • [#1782] Add upper cap to versions, update copyright notices (sruffilli)
  • [#1773] Add service usage consumer role to IaC SAs, refactor delegated grants in FAST (ludoo)
  • [#1743] Billing account module (ludoo)

FAST

  • [#1855] Document fast_features (juliocc)
  • [#1864] End to end tests for GCS (wiktorn)
  • [#1836] incompatible change: Avoid map-related casting errors in project factory (ludoo)
  • [#1818] FAST: rename VPC-related files to net-* (sruffilli)
  • [#1812] Stop wrapping yamldecode with try() (sruffilli)
  • [#1810] FAST: Add access transparency logs to the default sinks (sruffilli)
  • [#1809] FAST: Add VPC serverless connector NAT ranges to hierarchical fw (sruffilli)
  • [#1811] FAST: removed references to kms_defaults (sruffilli)
  • [#1802] Less verbose project factory stage outputs (ludoo)
  • [#1797] Improve usage of optionals in FAST stage 2 VPN variables (ludoo)
  • [#1788] FAST: adds support for wif provider pubkey (sruffilli)
  • [#1782] Add upper cap to versions, update copyright notices (sruffilli)
  • [#1780] Add sink for workspace logs to bootstrap stage (ludoo)
  • [#1775] Add gcp org policy constraints file to bootstrap stage (ludoo)
  • [#1773] Add service usage consumer role to IaC SAs, refactor delegated grants in FAST (ludoo)
  • [#1765] Add support for dual stack and multiple forwarding rules to net-lb-int module (LucaPrete)
  • [#1760] Add support for psa peered domains to fast stages (ludoo)
  • [#1759] Minor edits to FAST network stage READMEs (ludoo)
  • [#1743] Billing account module (ludoo)
  • [#1735] Make deletion protection consistent across all modules (juliocc)
  • [#1734] Update to lint.sh and wording to some tf (bluPhy)
  • [#1733] Fix typo in FAST stage 2 README (bluPhy)

MODULES

TOOLS

27.0.0 - 2023-10-04

BLUEPRINTS

  • [#1730] Minimal Data Platform - Fix (lcaggio)
  • [#1725] Fix data platform roles (lcaggio)
  • [#1724] Bump provider versions to v5.0.0 (ludoo)
  • [#1722] Add support for org policies to project factory (ludoo)
  • [#1692] incompatible change: Allow using no service account in compute-vm (ludoo)

DOCUMENTATION

  • [#1725] Fix data platform roles (lcaggio)
  • [#1724] Bump provider versions to v5.0.0 (ludoo)
  • [#1707] Only apply org policies when bootstrap user is not set (ludoo)
  • [#1697] Define and adopt standard IP ranges for FAST networking (juliocc)
  • [#1698] incompatible change: FAST: move organization policies to stage 0 (ludoo)
  • [#1695] incompatible change: Rename FAST globals output file (ludoo)

FAST

  • [#1725] Fix data platform roles (lcaggio)
  • [#1724] Bump provider versions to v5.0.0 (ludoo)
  • [#1718] FAST: add example of custom org policy condition to bootstrap README (ludoo)
  • [#1715] Fix indentation in FAST hierarchical firewall rules (juliocc)
  • [#1711] [FAST] Fix tenant folder tag (lcaggio)
  • [#1707] Only apply org policies when bootstrap user is not set (ludoo)
  • [#1705] Fix typo in bootstrap stage README (giterinhub)
  • [#1697] Define and adopt standard IP ranges for FAST networking (juliocc)
  • [#1698] incompatible change: FAST: move organization policies to stage 0 (ludoo)
  • [#1695] incompatible change: Rename FAST globals output file (ludoo)

MODULES

  • [#1714] Support multiple protocols (L3_DEFAULT) through net-ilb-in (LucaPrete)
  • [#1727] Update GCS IAM (apichick)
  • [#1728] Fix dnssec keys lookup (juliocc)
  • [#1724] Bump provider versions to v5.0.0 (ludoo)
  • [#1723] Add storage billing model to bigquery-dataset (devuonocar)
  • [#1719] Add GLB HTTP to HTTPS redirect example (ludoo)
  • [#1717] Apigee module fix try (apichick)
  • [#1716] Add retry policy for subscriptions (devuonocar)
  • [#1709] Add bug fix in bucket local variable (luigi-bitonti)
  • [#1704] Add cloud function secrets tests (wiktorn)
  • [#1703] Add bug fix to allow to use Secret Manager secrets to mount files in … (luigi-bitonti)
  • [#1701] Add support for default nodepool sa in GKE cluster module (ludoo)
  • [#1696] Add deletion_protection_enabled attribute to cloudsql-instance to ena… (steenblik)
  • [#1690] incompatible change: Rename instance attachment to match versions 23 and earlier (cygnus8595)
  • [#1694] Fix apigee addons config conditional expression (eddern)
  • [#1692] incompatible change: Allow using no service account in compute-vm (ludoo)
  • [#1688] Fix repd disk attachment in compute-vm module (ludoo)

26.0.0 - 2023-09-18

BLUEPRINTS

  • [#1684] incompatible change: Update resource-level IAM interface for kms and pubsub modules (juliocc)
  • [#1682] GKE cluster modules: add optional kube state metrics (olliefr)
  • [#1681] incompatible change: Embed subnet-level IAM in the variables controlling creation of subnets (juliocc)
  • [#1680] Upgrades to monitoring_config in gke-cluster-*, docs update, and cosmetics fixes to GKE cluster modules (olliefr)
  • [#1679] Add lineage on Minimal Data Platform blueprint (lcaggio)
  • [#1678] Allow only one of secondary_range_blocks or secondary_range_names when creating GKE clusters. (juliocc)
  • [#1671] incompatible change: Fixed, added back environments to each instance, that way we can also… (apichick)
  • [#1662] merge labels from data_merges in project factory (Tutuchan)
  • [#1651] add AIRFLOW_VAR_ prefix to environment variables in data-platform blueprints (Tutuchan)
  • [#1642] New phpIPAM serverless third parties solution in blueprints (simonebruzzechesse)
  • [#1654] Fix project factory blueprint and fast stage (LucaPrete)
  • [#1647] Bump provider version to 4.80.0 (juliocc)
  • [#1638] gke-cluster-standard: change logging configuration (olliefr)
  • [#1636] Delete api gateway blueprint (juliodiez)
  • [#1607] Trap requests timeout error in quota sync (ludoo)
  • [#1595] incompatible change: IAM interface refactor (ludoo)
  • [#1601] [Data Platform] Update README.md (lcaggio)

DOCUMENTATION

  • [#1687] Add IAM variables template to ADR (juliocc)
  • [#1686] CONTRIBUTING guide: fix broken links and update "running tests for specific examples" section (olliefr)
  • [#1658] incompatible change: Change type of iam_bindings variable to allow multiple conditional bindings (ludoo)
  • [#1642] New phpIPAM serverless third parties solution in blueprints (simonebruzzechesse)
  • [#1640] Simplify linting output in workflow (juliocc)
  • [#1636] Delete api gateway blueprint (juliodiez)
  • [#1595] incompatible change: IAM interface refactor (ludoo)

FAST

  • [#1684] incompatible change: Update resource-level IAM interface for kms and pubsub modules (juliocc)
  • [#1685] Fix psa routing variable in FAST net stages (ludoo)
  • [#1682] GKE cluster modules: add optional kube state metrics (olliefr)
  • [#1681] incompatible change: Embed subnet-level IAM in the variables controlling creation of subnets (juliocc)
  • [#1680] Upgrades to monitoring_config in gke-cluster-*, docs update, and cosmetics fixes to GKE cluster modules (olliefr)
  • [#1678] Allow only one of secondary_range_blocks or secondary_range_names when creating GKE clusters. (juliocc)
  • [#1664] Align pf stage sample data to new format (ludoo)
  • [#1663] [#1661] Make FAST stage 1 resman tf destroy more reliable (LucaPrete)
  • [#1659] Link project factory documentation from FAST stage (ludoo)
  • [#1658] incompatible change: Change type of iam_bindings variable to allow multiple conditional bindings (ludoo)
  • [#1654] Fix project factory blueprint and fast stage (LucaPrete)
  • [#1638] gke-cluster-standard: change logging configuration (olliefr)
  • [#1634] [revert(revert(patch))] Remove unused ASN numbers for CloudNAT in FAST (LucaPrete)
  • [#1631] Allow single hfw policy association in folder and organization modules (juliocc)
  • [#1626] Revert "Remove unused ASN numbers from CloudNAT to avoid provider errors" (LucaPrete)
  • [#1623] Fix role name for delegated grants in FAST bootstrap (juliocc)
  • [#1612] Fix: align stage-2-e-nva-bgp to the latest APIs (LucaPrete)
  • [#1610] Fix: use existing variable to optionally name fw policies (LucaPrete)
  • [#1595] incompatible change: IAM interface refactor (ludoo)
  • [#1597] fix null object exception in bootstrap output when using cloudsource (sm3142)
  • [#1593] Fix FAST CI/CD for Gitlab (ludoo)
  • [#1583] Fix module path for teams cicd (ludoo)

MODULES

  • [#1684] incompatible change: Update resource-level IAM interface for kms and pubsub modules (juliocc)
  • [#1683] Fix subnet iam_bindings to use arbitrary keys (juliocc)
  • [#1682] GKE cluster modules: add optional kube state metrics (olliefr)
  • [#1681] incompatible change: Embed subnet-level IAM in the variables controlling creation of subnets (juliocc)
  • [#1680] Upgrades to monitoring_config in gke-cluster-*, docs update, and cosmetics fixes to GKE cluster modules (olliefr)
  • [#1678] Allow only one of secondary_range_blocks or secondary_range_names when creating GKE clusters. (juliocc)
  • [#1675] GKE Autopilot module: add network tags (olliefr)
  • [#1676] fixed up nit from PR 1666 (dgulli)
  • [#1672] Added possibility to use gcs push endpoint on pubsub subscription (luigi-bitonti)
  • [#1671] incompatible change: Fixed, added back environments to each instance, that way we can also… (apichick)
  • [#1666] added support for global proxy only subnets (dgulli)
  • [#1669] Fix for partner interconnect (apichick)
  • [#1668] fix(compute-mig): add correct type optionality for metrics in autosca… (NotArpit)
  • [#1667] fix(compute-mig): add mode property to compute_region_autoscaler (NotArpit)
  • [#1658] incompatible change: Change type of iam_bindings variable to allow multiple conditional bindings (ludoo)
  • [#1653] Fixes to the apigee module (juliocc)
  • [#1642] New phpIPAM serverless third parties solution in blueprints (simonebruzzechesse)
  • [#1650] Make net-vpc variables non-nullable (juliocc)
  • [#1647] Bump provider version to 4.80.0 (juliocc)
  • [#1646] gke-cluster-autopilot: add monitoring configuration (olliefr)
  • [#1645] gke-cluster-autopilot: add validation for release_channel input variable (olliefr)
  • [#1638] gke-cluster-standard: change logging configuration (olliefr)
  • [#1625] gke-cluster-autopilot: add logging configuration (olliefr)
  • [#1637] GRPC variable is misnamed "GRCP" in modules/cloud-run/variables.tf, causing liveness probe and startup probe to fail (zacharysmithdatatonic)
  • [#1632] Vpc sc allow null for identity type (LudovicEmo)
  • [#1633] Do not set default ASN number (LucaPrete)
  • [#1631] Allow single hfw policy association in folder and organization modules (juliocc)
  • [#1630] [Fix] Add explicit dependency between CR peers and NCC RA spoke creation (LucaPrete)
  • [#1613] Cloud SQL activation policy selectable (cmvalla)
  • [#1619] Adding support for NAT in Apigee (billabongrob)
  • [#1620] Remove net-firewall-policy match variable validation (richard-olson)
  • [#1614] Fix net-firewall-policy factory name and action (richard-olson)
  • [#1584] add support for object upload to gcs module (ehorning)
  • [#1609] incompatible change: Use cloud run bindings for cf v2 invoker role, refactor iam handling in cf v2 and cloud run (ludoo)
  • [#1590] GCVE module first release (eliamaldini)
  • [#1595] incompatible change: IAM interface refactor (ludoo)
  • [#1600] fix(cloud-run): move cpu boost annotation to revision (LiuVII)
  • [#1599] Fixing some typos (bluPhy)
  • [#1598] feat(cloud-run): add startup cpu boost option (JSchwerberg)
  • [#1594] Add support for conditions to iam_members module variables (ludoo)
  • [#1591] feat: 🎸 (modules/cloudsql-instance):add project_id for ssl cert (erabusi)
  • [#1589] Add new iam_members variable to IAM additive module interfaces (ludoo)
  • [#1588] feat: 🎸 (modules/cloudsql-instance): enable require_ssl cert support (erabusi)
  • [#1587] incompatible change: Fix factory rules key in net firewall policy module (ludoo)
  • [#1578] Fix: Instance level stateful disk config (beardedsamwise)
  • [#1582] feat(modules/cloud-run): add gen2 exec env support (LiuVII)

TOOLS

25.0.0 - 2023-08-09

BLUEPRINTS

  • [#1581] incompatible change: Remove firewall policy management from resource management modules (ludoo)
  • [#1573] Add information about required groups (wiktorn)
  • [#1572] incompatible change: More module descriptions (ludoo)
  • [#1560] Removed unused attribute in variable of ha-vpn-over-blueprint blueprint (apichick)
  • [#1548] Minor fixes in Vertex Ai MLOPs blueprint (javiergp)
  • [#1547] incompatible change: Peering module refactor (ludoo)
  • [#1542] Grant IAM rights to service identities in host project (wiktorn)
  • [#1536] incompatible change: Update and refactor artifact registry module (ludoo)
  • [#1533] Make demo pipeline append into BQ tables (danieldeleo)
  • [#1510] incompatible change: Refactoring of dns module (apichick)
  • [#1504] Bump semver from 5.7.1 to 5.7.2 in /blueprints/serverless/api-gateway/function (dependabot[bot])
  • [#1501] Fix in nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg blueprint (apichick)
  • [#1498] Return only bucket name of composer, not full url to dags folder (wiktorn)

DOCUMENTATION

  • [#1581] incompatible change: Remove firewall policy management from resource management modules (ludoo)
  • [#1573] Add information about required groups (wiktorn)
  • [#1545] add dataplex autodq base module (thinhha)
  • [#1557] renaming net-vpc-swp to net-swp (skalolazka)
  • [#1553] Added module for Regional Internal Proxy Load Balancer (apichick)
  • [#1546] incompatible change: rename cloud-dataplex to dataplex (thinhha)
  • [#1506] Document architectural decisions (ludoo)
  • [#1500] README: audit logs on org level go to a logging bucket, not bigquery (skalolazka)

FAST

  • [#1579] Enable team CI/CD impersonation (williamsmt)
  • [#1581] incompatible change: Remove firewall policy management from resource management modules (ludoo)
  • [#1572] incompatible change: More module descriptions (ludoo)
  • [#1566] Remove unused ASN numbers from CloudNAT to avoid provider errors (LucaPrete)
  • [#1563] Update FAST CI/CD workflows so it can work with ID_TOKEN and Gitlab 15+ (LucaPrete)
  • [#1547] incompatible change: Peering module refactor (ludoo)
  • [#1514] Fix FAST stage links script for GKE stage (ludoo)
  • [#1510] incompatible change: Refactoring of dns module (apichick)

MODULES

  • [#1581] incompatible change: Remove firewall policy management from resource management modules (ludoo)
  • [#1580] Apigee addons (apichick)
  • [#1576] incompatible change: Refactor firewall policy module (ludoo)
  • [#1575] Expose allow_net_admin feature in gke-cluster-autopilot module (eunanhardy)
  • [#1572] incompatible change: More module descriptions (ludoo)
  • [#1569] Add support for cost management to GKE module (ludoo)
  • [#1568] Add support for ipv6 to net-vpc module (ludoo)
  • [#1567] Allow custom route descriptions in net-vpc module (juliocc)
  • [#1558] feat(apigee): add retention variable (danistrebel)
  • [#1564] Fixed error of inconsistent conditional result types when evaluating … (apichick)
  • [#1561] Removed unused attribute in peer_gateway_config variable (apichick)
  • [#1545] add dataplex autodq base module (thinhha)
  • [#1559] Added IPSEC_INTERCONNECT addresses to net-address module (apichick)
  • [#1557] renaming net-vpc-swp to net-swp (skalolazka)
  • [#1513] optional description in modules/net-vpc-swp (skalolazka)
  • [#1555] Fix permadiff in artifact-registry (juliocc)
  • [#1553] Added module for Regional Internal Proxy Load Balancer (apichick)
  • [#1554] Fix in IAM bindings of cloud function v2 module (apichick)
  • [#1551] Fix in validation of healthchecks variable (apichick)
  • [#1552] Add image path output to ar module (ludoo)
  • [#1550] Fix in validation of healthchecks variable (apichick)
  • [#1547] incompatible change: Peering module refactor (ludoo)
  • [#1542] Grant IAM rights to service identities in host project (wiktorn)
  • [#1546] incompatible change: rename cloud-dataplex to dataplex (thinhha)
  • [#1540] Fixes in cloud function v2 module for trigger service account (apichick)
  • [#1536] incompatible change: Update and refactor artifact registry module (ludoo)
  • [#1537] Wrong ASN when using partner_interconnect. (sruffilli)
  • [#1535] Renamed output.tf in net-vlan-attachment (sruffilli)
  • [#1523] Fix in event_filters of trigger_config (apichick)
  • [#1519] Improve Dataplex (lcaggio)
  • [#1520] feat(cloudsql-instance): Add query insights config (LiuVII)
  • [#1512] enable-logging flag can only be true for public zones (apichick)
  • [#1510] incompatible change: Refactoring of dns module (apichick)
  • [#1509] Add output to org module with custom constraint details and depends_on (juliocc)
  • [#1503] Move IAM grant to function level for trigger SA (wiktorn)
  • [#1479] Update ncc-spoke-ra module to explicity request ncc hub id when referencing existing hubs (simonebruzzechesse)
  • [#1499] Add support for custom description in net-address (simonebruzzechesse)
  • [#1497] incompatible change: Implement proper support for data access logs in resource manager modules (ludoo)

TOOLS

24.0.0 - 2023-07-07

BLUEPRINTS

  • [#1496] Allow using a separate resource for boot disk in compute-vm module (ludoo)
  • [#1488] incompatible change: Fix and improve quota monitor blueprint (ludoo)
  • [#1483] Updating a few files to fix typos (bluPhy)
  • [#1474] data-platform-minimal - support web_server_network_access_control (kthhrv)
  • [#1482] Add region to quota monitor cloud function (ludoo)
  • [#1475] Minimal Data Platform - Shared VPC (lcaggio)
  • [#1473] Improve Minimal Data Platform Blueprint (lcaggio)
  • [#1468] Dependencies update for API Gateway blueprint (apichick)
  • [#1469] Bump semver and @google-cloud/storage in /blueprints/gke/binauthz/image (dependabot[bot])
  • [#1466] incompatible change: Rename network load balancer modules (ludoo)
  • [#1459] Add preliminary support for partner interconnect (wiktorn)
  • [#1464] Fix Shielded folder README (lcaggio)
  • [#1458] Fixing typos (bluPhy)
  • [#1455] Match readme groups with variables file in shielded folder blueprint (CanburakTumer)
  • [#1451] Improve Minimal Data Platform blueprint (lcaggio)
  • [#1454] data-platform-minimal - 02-processing.tf typo (kthhrv)
  • [#1453] data-platform-minimal - correct typo (kthhrv)
  • [#1450] Split Cloud Function module in separate v1 and v2 modules (ludoo)
  • [#1447] incompatible change: Refactored apigee module and adjusted the blueprints accordingly (apichick)
  • [#1409] Added module for Secure Web Proxy (rosmo)
  • [#1420] Move net-dedicated-vlan-attachment module to net-vlan-attachment and … (apichick)
  • [#1427] Updating hub-and-spoke peering blueprint to use HA VPN. (mark1000)
  • [#1432] Make internal/external addresses optional in compute-vm (juliocc)
  • [#1423] Add support for Log Analytics on logging-bucket module and bump provider version (lcaggio)
  • [#1416] Fix and improve GCS2BQ blueprint (lcaggio)

DOCUMENTATION

  • [#1483] Updating a few files to fix typos (bluPhy)
  • [#1473] Improve Minimal Data Platform Blueprint (lcaggio)
  • [#1466] incompatible change: Rename network load balancer modules (ludoo)
  • [#1450] Split Cloud Function module in separate v1 and v2 modules (ludoo)
  • [#1444] Fixing typos (bluPhy)
  • [#1409] Added module for Secure Web Proxy (rosmo)
  • [#1420] Move net-dedicated-vlan-attachment module to net-vlan-attachment and … (apichick)
  • [#1418] Network Load Balancer module (ludoo)

FAST

  • [#1470] FAST: initial implementation of lightweight tenants (ludoo)
  • [#1492] Peering dashboard (aurelienlegrand)
  • [#1487] Fix primary gke/dp ranges in FAST subnets (juliocc)
  • [#1478] FAST: short_name_is_prefix for multi-tenant (drebes)
  • [#1483] Updating a few files to fix typos (bluPhy)
  • [#1477] Changing the IP range of pods from 100.64.48.0/20 to 100.65.16.0/20 Fixes #1461 (arvindag07)
  • [#1466] incompatible change: Rename network load balancer modules (ludoo)
  • [#1446] fixup(project-factory): Use the correct KMS Service Agents attribute … (alloveras)
  • [#1445] Bump TF version in all workflow templates to coincide with module requirements (kthhrv)
  • [#1443] Fix repo names check in extra FAST stage (ludoo)
  • [#1432] Make internal/external addresses optional in compute-vm (juliocc)
  • [#1429] Use RFC6598 addresses for pods and subnets (wiktorn)
  • [#1426] Add custom tag support to FAST (ludoo)
  • [#1425] Small fixes (ludoo)
  • [#1412] Add VPN monitoring alerts to 2-networking and VPN usage chart (afda16)

MODULES

  • [#1496] Allow using a separate resource for boot disk in compute-vm module (ludoo)
  • [#1489] incompatible change: Disable googleapi routes creation when vpc is not created in net-vpc module (ludoo)
  • [#1486] Allow external editing of group instances in lb modules (ludoo)
  • [#1480] Add bigquery authorized resources (thinhha)
  • [#1485] incompatible change: Align group names in lb modules (ludoo)
  • [#1456] add missing variable image_uri (jose-bermudez-digitalfemsa)
  • [#1471] Add ToCs to resource manager modules (ludoo)
  • [#1466] incompatible change: Rename network load balancer modules (ludoo)
  • [#1467] Add support for resource policies to compute vm module (ludoo)
  • [#1439] modules/vpc-sc: google_access_context_manager_service_perimeter add support for method_selectors/permission (LudovicEmo)
  • [#1460] Added validation for edge_availability_domain value (apichick)
  • [#1458] Fixing typos (bluPhy)
  • [#1449] Added iam for DNS managed zone to dns module (apichick)
  • [#1452] feat(artifact-registry): Add support for CMEK (alloveras)
  • [#1450] Split Cloud Function module in separate v1 and v2 modules (ludoo)
  • [#1447] incompatible change: Refactored apigee module and adjusted the blueprints accordingly (apichick)
  • [#1440] enable_logging variable was not being used (apichick)
  • [#1436] Ignore Cloud Run system annotations/labels (wiktorn)
  • [#1409] Added module for Secure Web Proxy (rosmo)
  • [#1420] Move net-dedicated-vlan-attachment module to net-vlan-attachment and … (apichick)
  • [#1434] Add subnets id output, expand net-address outputs (juliocc)
  • [#1432] Make internal/external addresses optional in compute-vm (juliocc)
  • [#1428] Added support for PSC negs in net-ilb-l7 module (apichick)
  • [#1430] Fix serverless neg example in ILB L7 module (ludoo)
  • [#1426] Add custom tag support to FAST (ludoo)
  • [#1423] Add support for Log Analytics on logging-bucket module and bump provider version (lcaggio)
  • [#1425] Small fixes (ludoo)
  • [#1419] Fix NLB module (ludoo)
  • [#1418] Network Load Balancer module (ludoo)

TOOLS

  • [#1496] Allow using a separate resource for boot disk in compute-vm module (ludoo)

23.0.0 - 2023-06-05

BLUEPRINTS

  • [#1410] incompatible change: Ensure all modules have an id output (ludoo)
  • [#1390] HA VPN over Interconnect modules and blueprint (sruffilli)

DOCUMENTATION

FAST

  • [#1414] Bump GH TF version to coincide with module requirements (davideasaf)
  • [#1400] Add default googleapi route creation to net-vpc (juliocc)

MODULES

  • [#1417] Remove hardcoded description from instance groups created under net-lb-int (LucaPrete)
  • [#1415] Add notice to net-lb-int module on routes (ludoo)
  • [#1403] add alloydb module (prabhaarya)
  • [#1411] Add networksecurity to JIT identity list (rosmo)
  • [#1410] incompatible change: Ensure all modules have an id output (ludoo)
  • [#1405] Added comment in the dns module, saying that inbound/outbound server … (apichick)
  • [#1407] Multiple Updates in READMEs and wording (bluPhy)
  • [#1390] HA VPN over Interconnect modules and blueprint (sruffilli)
  • [#1404] Add trigger SA for Cloud Run (wiktorn)
  • [#1400] Add default googleapi route creation to net-vpc (juliocc)

TOOLS

  • [#1410] incompatible change: Ensure all modules have an id output (ludoo)

22.0.0 - 2023-05-24

BLUEPRINTS

  • [#1389] Bump requests from 2.28.1 to 2.31.0 in /blueprints/cloud-operations/network-dashboard/src (dependabot[bot])
  • [#1388] Firewall Validator fix target_service_accounts ref (afda16)
  • [#1382] chore: update mlops blueprint metadata (bharathkkb)
  • [#1380] Minimal Data Platform - Make components optional (lcaggio)
  • [#1378] Updates to blueprints/data-solutions/shielded-folder (bluPhy)
  • [#1375] Several updates (bluPhy)
  • [#1365] feat(net-cloudnat): add toggle for independent endpoint mapping and dynamic port allocation (JSchwerberg)
  • [#1362] Add Minimal Data Platform blueprint (lcaggio)
  • [#1364] Cloud Run services in service projects (juliodiez)
  • [#1358] update variables files for gke nodepool taints (jackspyder)
  • [#1359] Blueprint metadata validator (juliocc)
  • [#1355] Fix Shielded Folder - VertexML interoperability (lcaggio)
  • [#1353] fix in IAM binding of Apigee BigQuery analytics blueprint (apichick)
  • [#1346] incompatible change: FAST: shorten stage 3 prefixes, enforce prefix length in stage 3s (ludoo)
  • [#1345] chore: update metadata schema (bharathkkb)
  • [#1343] Fix because of changes in the cloud functions module and the Apigee a… (apichick)
  • [#1342] Add directory to vertex-mlops blueprint metadata (juliocc)
  • [#1337] Improve Vertex mlops blueprint (lcaggio)
  • [#1338] Set all resource requests to the autopilot minimum as the existing va… (apichick)
  • [#1330] Separating GKE Standard and Autopilot Modules (avinashkumar1289)
  • [#1334] Rename mlops blueprint providers file (ludoo)
  • [#1333] Add providers to vertex-mlops blueprint (juliocc)
  • [#1331] IAP for Cloud Run GA (juliodiez)
  • [#1309] [DataPlatform] Fix data-eng role on orchestration project (lcaggio)
  • [#1323] fix: create log-export-dataset on shielded-folder when no ecryption keys are defined (bgdanix)
  • [#1319] Fixed wait_time in locust script (apichick)
  • [#1312] add firewall enforcement variable to VPC (fawzihmouda)
  • [#1305] add missing enable_addons reference in gke blueprint for multitenant-… (jackspyder)
  • [#1306] Support new fields in bigquery module, bump provider versions, unpin local provider (ludoo)
  • [#1293] Refactor cloud run module to use optionals and support all features (ludoo)
  • [#1289] incompatible change: Network Dashboard improvements and bug fixing (simonebruzzechesse)
  • [#1283] Fixed permissions of files created (apichick)
  • [#1274] Add support for VPC Connector and different monitoring project to network dashboard deploy (ludoo)

DOCUMENTATION

FAST

  • [#1394] Allow setting identities in VPC SC module egress policies (ludoo)
  • [#1391] fix(stages): only add sandbox SA when sandbox feature is enabled (gustavovalverde)
  • [#1385] Add conditional org admin role to sandbox SA (ludoo)
  • [#1383] Allows groups from other orgs/domains (drebes)
  • [#1375] Several updates (bluPhy)
  • [#1376] fixed permissions for security stage SA (alx13)
  • [#1367] fix routes priority typo (fawzihmouda)
  • [#1358] update variables files for gke nodepool taints (jackspyder)
  • [#1352] incompatible change: Switch FAST networking stages to network policies for Google domains (ludoo)
  • [#1346] incompatible change: FAST: shorten stage 3 prefixes, enforce prefix length in stage 3s (ludoo)
  • [#1344] Add logging details to bootstrap outputs (juliocc)
  • [#1324] Fix typo in FAST cicd extra stage variable name (ludoo)
  • [#1328] Strip org name from deploy key repo in FAST cicd stage (ludoo)
  • [#1318] Allow longer org prefix plus tenant prefix (derailed-dash)
  • [#1315] Fix stage links script for multitenant stages (ludoo)
  • [#1313] Fixed typo in readme for FAST multitenant (derailed-dash)
  • [#892] Add network NVA NCC stage (LucaPrete)
  • [#1285] Update YAML schema for hierarchical firewall rules (sruffilli)
  • [#1284] Update Provider and Terraform variables section in FAST project factory (gcardamone)

MODULES

  • [#1395] allow to configure stack type in GKE autopilot (NitriKx)
  • [#1394] Allow setting identities in VPC SC module egress policies (ludoo)
  • [#1387] Add default Cloud Build SA to project module (juliocc)
  • [#1386] Support CMEK encryption in logging-bucket module (afda16)
  • [#1375] Several updates (bluPhy)
  • [#1372] Cloud NAT rules support (juliocc)
  • [#1374] added the export_public_ip_routes variable in the net-vpc-peering mod… (itManuel)
  • [#1373] Made available CPUs configurable in Cloud Functions module (apichick)
  • [#1365] feat(net-cloudnat): add toggle for independent endpoint mapping and dynamic port allocation (JSchwerberg)
  • [#1367] fix routes priority typo (fawzihmouda)
  • [#1360] Add support for Shared VPC in Cloud Run (juliodiez)
  • [#1329] fix: Change net-lb-app-ext serve_while_stale type to number (tobbbles)
  • [#1308] Add cloud dataplex module (prabhaarya)
  • [#1352] incompatible change: Switch FAST networking stages to network policies for Google domains (ludoo)
  • [#1349] Enhance GKE Backup Configuration Support (tacchino)
  • [#1348] Ignore entire node config in standard cluster (ludoo)
  • [#1337] Improve Vertex mlops blueprint (lcaggio)
  • [#1330] Separating GKE Standard and Autopilot Modules (avinashkumar1289)
  • [#1336] Certificate renewal through terraform (bjohnrl)
  • [#1335] Inconsistent conditional result types error in net-vpc module (jamesmao-xyz)
  • [#1332] Add CMEK support on Secret manager module (lcaggio)
  • [#1326] Remove net-interconnect-attachment-direct (juliocc)
  • [#1322] Add inventories to net-vpc-firewall tests (juliocc)
  • [#1320] issue #1303: net-vpc-firewall module supporting source and destination ranges (ajlopezn)
  • [#1312] add firewall enforcement variable to VPC (fawzihmouda)
  • [#1310] Use labels var in cloud-run module (LiuVII)
  • [#1306] Support new fields in bigquery module, bump provider versions, unpin local provider (ludoo)
  • [#1301] Add ability to run vtysh from simple-nva vm directly when frr is active (LucaPrete)
  • [#1300] Fix vtysh (LucaPrete)
  • [#1299] Fix urlmap in ILB L7 module (ludoo)
  • [#1298] Add sample vtysh file to remove warnings (LucaPrete)
  • [#1293] Refactor cloud run module to use optionals and support all features (ludoo)
  • [#1287] incompatible change: Add support for backup and remove deprecated control plane field in GKE module (valeriobponza)
  • [#1295] Load all service agents identities from yaml (juliocc)
  • [#1294] Add Cloud Batch service identity (wiktorn)
  • [#1280] Add Dataplex Service Identity (wiktorn)
  • [#1282] Added local firewall management (iptables) on the NVA for dealing with COS default deny on inbound connections (simonebruzzechesse)
  • [#1281] Use unique bundle name for Cloud Function (wiktorn)
  • [#1278] DNS policy module fixes (ludoo)
  • [#1276] DNS Response Policy module (ludoo)

TOOLS

21.0.0 - 2023-03-24

BLUEPRINTS

  • [#1272] Removed repeated command in script used to deploy API proxy (apichick)
  • [#1261] Fix variable terraform.tfvars.sample (dedeco)
  • [#1257] Fixes related to boot_disk in compute-vm module (apichick)
  • [#1256] incompatible change: Pin local provider (ludoo)
  • [#1245] Composer-2 - Fix 1236 (lcaggio)
  • [#1243] Autopilot fixes (apichick)
  • [#1241] incompatible change: Allow using existing boot disk in compute-vm module (ludoo)
  • [#1218] Small fixes on Network Dashboard cloud function code (simonebruzzechesse)
  • [#1229] Removed unnecessary files (apichick)
  • [#1227] Add CMEK support on BQML blueprint (lcaggio)
  • [#1225] Fix on bqml demo (gioconte)
  • [#1217] Added autopilot blueprint (apichick)
  • [#1210] Blueprint - BigQuery ML and Vertex AI Pipeline (lcaggio)
  • [#1208] Fix outdated go deps, dependabot alerts (averbuks)
  • [#1150] Blueprint: GLB hybrid NEG internal (LucaPrete)
  • [#1201] Add missing tfvars template to the tfc blueprint (averbuks)
  • [#1196] Fix compute-vm:CloudKMS test for provider>=4.54.0 (dan-farmer)
  • [#1189] Update healthchecker deps (dependabot alerts) (averbuks)
  • [#1184] incompatible change: Allow multiple peer gateways in VPN HA module (ludoo)
  • [#1143] Test blueprints from README files (juliocc)
  • [#1181] Bump golang.org/x/sys from 0.0.0-20220310020820-b874c991c1a5 to 0.1.0 in /blueprints/cloud-operations/unmanaged-instances-healthcheck/function/healthchecker (dependabot[bot])
  • [#1180] Bump golang.org/x/sys from 0.0.0-20220310020820-b874c991c1a5 to 0.1.0 in /blueprints/cloud-operations/unmanaged-instances-healthcheck/function/restarter (dependabot[bot])
  • [#1175] Serverless networking program (juliodiez)
  • [#1179] Added a PSC GCLB example (cgrotz)
  • [#1165] DataPlatform: Support project creation (lcaggio)
  • [#1167] incompatible change: Simplify org policies in resource management modules (juliocc)
  • [#1161] Additional documentation for the Data Platform Dataflow pipeline example (aymanfarhat)
  • [#1154] Workaround to mitigate provider issue 9164 (lcaggio)
  • [#1146] Serverless networking program (juliodiez)
  • [#1142] Fix bq factory docs (juliocc)
  • [#1138] New compute-vm examples and tests (juliocc)
  • [#1132] Add descriptive name as optional argument (paulwoelfel)
  • [#1105] [Feature] Update data platform blue print with Dataflow Flex template (aymanfarhat)
  • [#1129] Update KMS blueprint (lcaggio)

DOCUMENTATION

  • [#1257] Fixes related to boot_disk in compute-vm module (apichick)
  • [#1248] Add link to public serverless networking guide (juliodiez)
  • [#1232] Network firewall policy module (ludoo)
  • [#1230] Update contributing guide with new test framework (juliocc)
  • [#1221] FAQ on installing Fast on a non-empty org (skalolazka)
  • [#1217] Added autopilot blueprint (apichick)
  • [#1210] Blueprint - BigQuery ML and Vertex AI Pipeline (lcaggio)
  • [#1150] Blueprint: GLB hybrid NEG internal (LucaPrete)
  • [#1193] Add reference to Cloud Run blueprints (juliodiez)
  • [#1188] Add reference to Cloud Run blueprints (juliodiez)
  • [#1187] Add references to the serverless chapters (juliodiez)
  • [#1179] Added a PSC GCLB example (cgrotz)
  • [#1165] DataPlatform: Support project creation (lcaggio)
  • [#1145] FAST stage docs cleanup (ludoo)
  • [#1137] incompatible change: Allow configuring regions from tfvars in FAST networking stages (ludoo)
  • [#1105] [Feature] Update data platform blue print with Dataflow Flex template (aymanfarhat)
  • [#1052] incompatible change: FAST multitenant bootstrap and resource management, rename org-level FAST stages (ludoo)

FAST

  • [#1266] FAST plugin system (ludoo)
  • [#1273] Small fixes to FAST Networking stage with NVAs (simonebruzzechesse)
  • [#1265] Fix FAST hub and spoke with VPN networking stage (ludoo)
  • [#1263] Widen scope for prod project factory SA to dev (ludoo)
  • [#1240] feat: Enable populating of data directory and .sample files and update dependencies in 0-cicd-github (antonkovach)
  • [#1249] Document need to set outputs_location explicitly in every stage (ludoo)
  • [#1247] Fast: resman: location and storage class added to GKE GCS buckets (skalolazka)
  • [#1241] incompatible change: Allow using existing boot disk in compute-vm module (ludoo)
  • [#1237] Add missing attribute to FAST onprem VPN examples (ludoo)
  • [#1228] incompatible change: Simplify VPN implementation in FAST networking stages (ludoo)
  • [#1222] Manage billing.creator role authoritatively in FAST bootstrap. (juliocc)
  • [#1213] feat: Add Pull Request support to 0-cicd-github (antonkovach)
  • [#1203] Update subnet sample yaml files to use subnet_secondary_ranges (jmound)
  • [#1212] feat: skip committing unchanged files in 0-cicd-github (antonkovach)
  • [#1211] incompatible change: Add support for proxy and psc subnets to net-vpc module factory (ludoo)
  • [#1209] Billing exclusion support for FAST mt resman (ludoo)
  • [#1207] Allow preventing creation of billing IAM roles in FAST, add instructions on delayed billing association (ludoo)
  • [#1184] incompatible change: Allow multiple peer gateways in VPN HA module (ludoo)
  • [#1165] DataPlatform: Support project creation (lcaggio)
  • [#1170] Add documentation about referring modules stored on CSR (wiktorn)
  • [#1167] incompatible change: Simplify org policies in resource management modules (juliocc)
  • [#1164] fix module_prefix in fast extras 0-cicd-github (antonkovach)
  • [#1162] Fix Terraform formatting and add module_prefix attribute to modules_config (antonkovach)
  • [#1145] FAST stage docs cleanup (ludoo)
  • [#1137] incompatible change: Allow configuring regions from tfvars in FAST networking stages (ludoo)
  • [#1133] Align VPN peer interface to module in FAST net VPN stage (simonebruzzechesse)
  • [#1135] Post PR message in GitHub workflow on init or validate failure (ludoo)
  • [#1134] Fix stage 1 output file names and stage links script (ludoo)
  • [#1128] Remove info about non-existing vpc-peering-*.tf files (skalolazka)
  • [#1052] incompatible change: FAST multitenant bootstrap and resource management, rename org-level FAST stages (ludoo)

MODULES

  • [#1270] Add static gateway id to outputs of VPN ha module (ludoo)
  • [#1269] Ignore changes to metadata.0.annotations in Cloud Run module (juliocc)
  • [#1267] Improvements to NCC-RA spoke module. (LucaPrete)
  • [#1268] simple-nva: add ability to parse BGP configs as strings. (LucaPrete)
  • [#1258] Add backend service names to outputs for net-lb-app-ext and net-lb-app-int (rosmo)
  • [#1259] Add support for iam_additive and simplify factory interface in net VPC module (ludoo)
  • [#1255] incompatible change: Change target_vpcs variable in firewall policy module to support dynamic values (ludoo)
  • [#1256] incompatible change: Pin local provider (ludoo)
  • [#1246] Delay creation of SVPC host bindings until APIs and JIT SAs are done (juliocc)
  • [#1241] incompatible change: Allow using existing boot disk in compute-vm module (ludoo)
  • [#1239] Allow overriding name in net-vpc subnet factory (ludoo)
  • [#1226] Fix policy_based_routing.sh script on simple-nva module (simonebruzzechesse)
  • [#1234] Fixed connection tracking configuration on LB backend in net-lb-int module (simonebruzzechesse)
  • [#1232] Network firewall policy module (ludoo)
  • [#1219] Network Connectivity Center module (juliodiez)
  • [#1227] Add CMEK support on BQML blueprint (lcaggio)
  • [#1224] Fix JIT notebook service account. (lcaggio)
  • [#1195] Extended simple-nva module to manage BGP service running on FR routing docker container (simonebruzzechesse)
  • [#1211] incompatible change: Add support for proxy and psc subnets to net-vpc module factory (ludoo)
  • [#1206] Dataproc module. Fix output. (lcaggio)
  • [#1205] Fix issue with GKE cluster notifications topic & static output for pubsub module (rosmo)
  • [#1204] Fix url_redirect issue on net-lb-app-ext module (erabusi)
  • [#1199] [Dataproc module] Fix Variables (lcaggio)
  • [#1200] Add test for #1197 (juliocc)
  • [#1198] Fix secondary ranges in net-vpc readme (ludoo)
  • [#1196] Fix compute-vm:CloudKMS test for provider>=4.54.0 (dan-farmer)
  • [#1194] Fix HTTPS health check mismapped to HTTP in compute-mig and net-lb-int modules (jogoldberg)
  • [#1192] Dataproc module: Fix outputs (lcaggio)
  • [#1190] Dataproc Module (lcaggio)
  • [#1191] Fix external gateway in VPN HA module (ludoo)
  • [#1186] Fix Workload Identity for ASM in GKE hub module (valeriobponza)
  • [#1184] incompatible change: Allow multiple peer gateways in VPN HA module (ludoo)
  • [#1177] Implemented conditional dynamic blocks for google_access_context_manager_service_perimeter spec and status (calexandre)
  • [#1178] adding meshconfig.googleapis.com to JIT list. (valeriobponza)
  • [#1174] Don't define nor use health checks with SNEGs (juliodiez)
  • [#1172] Allow to not use any health check (juliodiez)
  • [#1171] Modifications related to autopilot and workload identity. Added workl… (apichick)
  • [#1167] incompatible change: Simplify org policies in resource management modules (juliocc)
  • [#1168] Remove unused attribute from project module README example (juliodiez)
  • [#1166] Fix variable name in VPC-SC module examples (juliodiez)
  • [#1153] net-vpc - add missing iam properties to factory_subnets (jamesdalf)
  • [#1163] Projects-data-source module new version (averbuks)
  • [#1160] Allow additive IAM grants by robots name (wiktorn)
  • [#1158] changed pod_range reference to include secondary_pod_range issue #1157 (chemapolo)
  • [#1156] Add 'max_time_travel_hours ' support on BQ module (lcaggio)
  • [#1151] Add example about referencing existing MIGs to net-lb-int module readme (LucaPrete)
  • [#1149] Add documentation about JIT-ed service accounts (wiktorn)
  • [#1131] Add Autopilot Support for cluster_autoscaling Configuration in GKE Module (tacchino)
  • [#1140] CloudSQL Backup Configuration: Support Point In Time Recovery (tacchino)
  • [#1147] Fix gke-cluster dns config feature (juliocc)
  • [#1144] Fixes for service-mesh example in gke-hub (wiktorn)
  • [#1138] New compute-vm examples and tests (juliocc)
  • [#1052] incompatible change: FAST multitenant bootstrap and resource management, rename org-level FAST stages (ludoo)

TOOLS

  • [#1266] FAST plugin system (ludoo)
  • [#1242] Remove container image workflows (kunzese)
  • [#1231] Simplify testing workflow (juliocc)
  • [#1216] Use composite action for test workflow prerequisite steps (ludoo)
  • [#1215] Try plugin cache, split examples tests (ludoo)
  • [#1211] incompatible change: Add support for proxy and psc subnets to net-vpc module factory (ludoo)
  • [#1209] Billing exclusion support for FAST mt resman (ludoo)
  • [#1208] Fix outdated go deps, dependabot alerts (averbuks)
  • [#1182] Bump actions versions (juliocc)
  • [#1052] incompatible change: FAST multitenant bootstrap and resource management, rename org-level FAST stages (ludoo)

20.0.0 - 2023-02-04

BLUEPRINTS

  • [#1038] Vertex Pipelines MLOps framework blueprint (javiergp)
  • [#1124] Removed unused file package-lock.json (apichick)
  • [#1119] incompatible change: Multi-Cluster Ingress gateway api config (wiktorn)
  • [#1111] incompatible change: In the apigee module now both the /22 and /28 peering IP ranges are p… (apichick)
  • [#1106] Network Dashboard: PSA support for Filestore and Memorystore (aurelienlegrand)
  • [#1110] Bump cookiejar from 2.1.3 to 2.1.4 in /blueprints/apigee/bigquery-analytics/functions/export (dependabot[bot])
  • [#1097] Use terraform resource to activate Anthos Service Mesh (wiktorn)
  • [#1104] Updated apigee hybrid for gke README (apichick)
  • [#1107] Check linting for Python dashboard files (ludoo)
  • [#1102] Improvements in apigee hybrid-gke: now using workload identity and GLB (apichick)
  • [#1098] Add shared-vpc support on data-playground blueprint (lcaggio)
  • [#1095] [Data Platform] Fix Table in readme (lcaggio)
  • [#1089] Update Data Platform (lcaggio)
  • [#1081] Apigee hybrid on GKE (apichick)
  • [#1082] Fixes in Apigee Bigquery Analytics blueprint (apichick)
  • [#1071] Moved apigee bigquery analytics blueprint, added apigee network patterns (apichick)
  • [#1073] Allow setting no ranges in firewall module custom rules (ludoo)
  • [#1072] incompatible change: Add gc_policy to Bigtable module, bump provider versions to 4.47 (iht)
  • [#1063] Network dashboard: PSA ranges support, starting with Cloud SQL (aurelienlegrand)
  • [#1062] Fixes for GKE (wiktorn)
  • [#1060] Update src/README.md for Network Dashboard (aurelienlegrand)
  • [#1020] Networking dashboard and discovery tool refactor (ludoo)

DOCUMENTATION

FAST

  • [#1118] Add missing logging admin role for initial user (ludoo)
  • [#1099] Fix destroy in stage 1 outputs (ludoo)
  • [#1089] Update Data Platform (lcaggio)
  • [#1085] fix restricted services not being added to the perimeter configurations (drebes)
  • [#1057] Adding new file FAQ and an image (agutta)
  • [#1054] FAST: fix typo in bootstrap stage README (agutta)
  • [#1051] FAST: add instructions for billing export to stage 0 README (KPRepos)

MODULES

  • [#1127] Skip node config for autopilot (ludoo)
  • [#1125] Added mesh_certificates setting in GKE cluster (rosmo)
  • [#1094] Added GLB example with MIG as backend (eliamaldini)
  • [#1119] incompatible change: Multi-Cluster Ingress gateway api config (wiktorn)
  • [#1111] incompatible change: In the apigee module now both the /22 and /28 peering IP ranges are p… (apichick)
  • [#1116] Include cloudbuild API in project module (aymanfarhat)
  • [#1115] add new parameters support in apigee module (blackillzone)
  • [#1112] Add HTTPS frontend with SNEG example (juliodiez)
  • [#1097] Use terraform resource to activate Anthos Service Mesh (wiktorn)
  • [#1101] First batch of testing updates to core modules (juliocc)
  • [#1098] Add shared-vpc support on data-playground blueprint (lcaggio)
  • [#1096] [VPC-SC] Add support for scoped Policies (lcaggio)
  • [#1093] Added tags to gke-cluster module (apichick)
  • [#1078] Fixed delete_rule in compute-mig module for stateful disks (rosmo)
  • [#1080] Added device_name field to compute-vm attached_disks parameter (rosmo)
  • [#1079] Reorder org policy rules (juliocc)
  • [#1075] incompatible change: Add cluster replicas to Bigtable module. (iht)
  • [#1073] Allow setting no ranges in firewall module custom rules (ludoo)
  • [#1072] incompatible change: Add gc_policy to Bigtable module, bump provider versions to 4.47 (iht)
  • [#1070] Fix MIG health check variable (ludoo)
  • [#1069] Allow tables with several column families in Bigtable (iht)
  • [#1068] Added endpoint_attachment_hosts output to apigee module (apichick)
  • [#1067] Corrected load balancing scheme in backend service (apichick)
  • [#1066] Refactor GCS module and tests for Terraform 1.3 (ludoo)
  • [#1062] Fixes for GKE (wiktorn)
  • [#1061] incompatible change: Allow using dynamically generated address in LB modules NEGs (ludoo)
  • [#1059] Read ranges from correct fields in firewall factory (juliocc)
  • [#1056] Feature - CloudSQL pre-allocation private IP range and GKE Cluster ignore_change lifecycle hook. (itsavvy-ankur)

TOOLS

  • [#1107] Check linting for Python dashboard files (ludoo)
  • [#1101] First batch of testing updates to core modules (juliocc)
  • [#1091] Fix check_documentation output (juliocc)
  • [#1053] Extend inventory-based testing to examples (juliocc)

19.0.0 - 2022-12-13

BLUEPRINTS

  • [#1045] Assorted module fixes (ludoo)
  • [#1044] incompatible change: Refactor net-lb-app-ext module for Terraform 1.3 (ludoo)
  • [#982] Adding Secondary IP Utilization calculation (brianhmj)
  • [#1037] Bump qs and formidable in /blueprints/cloud-operations/apigee/functions/export (dependabot[bot])
  • [#1034] feat(blueprints): get audience from tfc environment variable (Thomgrus)
  • [#1024] Fix Apigee PAYG environment node config (g-greatdevaks)
  • [#1019] Added endpoint attachments to Apigee module (apichick)
  • [#1000] ADFS blueprint fixes (apichick)
  • [#1001] Binauthz blueprint fixes related to project creation (apichick)
  • [#1009] Fix encryption in Data Playground blueprint (lcaggio)
  • [#1003] Normalize prefix handling in blueprints (kunzese)
  • [#995] Push container images to GitHub instead of Google Container Registry (kunzese)
  • [#984] incompatible change: Apigee module and blueprint (apichick)
  • [#980] Have Squid log to /dev/stdout to stream logs to Cloud Logging (kunzese)
  • [#929] Updated list of enabled APIs for network dashboard (maunope)
  • [#968] Enforce PROXY protocol in filtering-proxy-psc blueprint (kunzese)
  • [#962] Add filtering-proxy-psc blueprint (kunzese)
  • [#913] Adding support for PSA ranges, starting with Redis instances. (aurelienlegrand)
  • [#952] Remove duplicate GLB+CA blueprint folder (ludoo)
  • [#949] incompatible change: Refactor VPC firewall module for Terraform 1.3 (ludoo)
  • [#945] Org policy factory (juliocc)
  • [#941] incompatible change: Refactor ILB module for Terraform 1.3 (ludoo)
  • [#939] Temporarily duplicate cloud armor example (ludoo)
  • [#936] Enable org policy service and add README notice to modules (ludoo)
  • [#931] incompatible change: Refactor compute-mig module for Terraform 1.3 (ludoo)
  • [#932] feat(project-factory): introduce additive iam bindings to project-fac… (Malet)
  • [#925] Network dashboard: update main.tf and README following #922 (brianhmj)
  • [#924] Fix formatting for gcloud dataflow job launch command (aymanfarhat)
  • [#921] Align documentation, move glb blueprint (ludoo)
  • [#915] TFE OIDC with GCP WIF blueprint added (averbuks)
  • [#899] Static routes monitoring metrics added to network dashboard BP (maunope)
  • [#909] GCS2BQ: Move images and templates in sub-folders (lcaggio)
  • [#907] Fix CloudSQL blueprint (lcaggio)
  • [#897] Project-factory: allow folder_id to be defined in defaults_file (Malet)
  • [#900] Improve net dashboard variables (juliocc)
  • [#896] Network Dashboard: CFv2 and performance improvements (aurelienlegrand)
  • [#871] Firewall Policy Metrics, parallel writes, aligned timestamps (maunope)
  • [#884] BigQuery factory blueprint (marcjwo)
  • [#889] Minor fixes to PSC hybrid blueprint readmes (LucaPrete)
  • [#888] Let the cloudsql module generate a random password (skalolazka)
  • [#879] New PSC hybrid blueprint (LucaPrete)
  • [#880] incompatible change: Refactor net-vpc module for Terraform 1.3 (ludoo)
  • [#872] added support 2nd generation cloud function (som-nitjsr)
  • [#875] incompatible change: Refactor GKE nodepool for Terraform 1.3, refactor GKE blueprints and FAST stage (ludoo)
  • [#873] Fix docker tag command and link to Cloud Shell in WP blueprint (skalolazka)
  • [#870] Temporarily revert to Terraform 1.3.1 to support Cloud Shell (skalolazka)
  • [#856] Add network firewall metrics to network dashboard (maunope)
  • [#868] incompatible change: Refactor GKE module for Terraform 1.3 (ludoo)
  • [#818] Example wordpress (skalolazka)
  • [#861] Leverage new shared VPC project config defaults across the repo (juliocc)
  • [#854] Added an example of a Nginx reverse proxy cluster using RMIGs (rosmo)
  • [#850] Made sample alert creation optional (maunope)
  • [#837] Network dashboard: Subnet IP utilization update (aurelienlegrand)
  • [#848] updated quota monitoring CF doc (maunope)
  • [#847] incompatible change: Quotas monitoring, time series format update (maunope)
  • [#839] incompatible change: Update to terraform 1.3 (juliocc)
  • [#828] Update firewall rules. (lcaggio)
  • [#813] Add documentation example test for pf (ludoo)
  • [#809] Renaming and moving blueprints (juliocc)

DOCUMENTATION

FAST

  • [#1023] incompatible change: Small fix: uniform region in Fast in networking-nva (skalolazka)
  • [#1032] FAST: fix VPC-SC example in security documentation (imp14a)
  • [#1007] fast README, one line fix: 00-cicd stage got moved to extras/ (skalolazka)
  • [#976] FAST: fixes to GitHub workflow and 02/net outputs (ludoo)
  • [#966] FAST: improve GitHub workflow, stage 01 output fixes (ludoo)
  • [#963] incompatible change: Refactor vps-sc module for Terraform 1.3 (ludoo)
  • [#956] FAST: bootstrap and extra stage CI/CD improvements and fixes (ludoo)
  • [#949] incompatible change: Refactor VPC firewall module for Terraform 1.3 (ludoo)
  • [#943] Update bootstrap README.md with unique project id requirements (KPRepos)
  • [#948] Use display_name instead of description for FAST service accounts (juliocc)
  • [#947] Use org policy factory for resman stage (juliocc)
  • [#941] incompatible change: Refactor ILB module for Terraform 1.3 (ludoo)
  • [#935] FAST: enable org policy API, fix run.allowedIngress value (ludoo)
  • [#931] incompatible change: Refactor compute-mig module for Terraform 1.3 (ludoo)
  • [#930] incompatible change: Update organization/folder/project modules to use new org policies API and tf1.3 optionals (juliocc)
  • [#911] FAST: Additional PGA DNS records (sruffilli)
  • [#903] Initial replacement for CI/CD stage (ludoo)
  • [#898] Update FAST bootstrap README.md (juliocc)
  • [#880] incompatible change: Refactor net-vpc module for Terraform 1.3 (ludoo)
  • [#875] incompatible change: Refactor GKE nodepool for Terraform 1.3, refactor GKE blueprints and FAST stage (ludoo)
  • [#566] FAST: Separate network environment (sruffilli)
  • [#870] Temporarily revert to Terraform 1.3.1 to support Cloud Shell (skalolazka)
  • [#868] incompatible change: Refactor GKE module for Terraform 1.3 (ludoo)
  • [#867] FAST: Replace NVAs in 02-networking-nva with COS-based VMs (sruffilli)
  • [#865] Enable FAST 00-cicd provider test (ludoo)
  • [#861] Leverage new shared VPC project config defaults across the repo (juliocc)
  • [#858] Default gcp-support to gcp-devops (juliocc)
  • [#842] Comment redundant role in bootstrap stage, align IAM.md files, improve IAM tool (ludoo)
  • [#841] FAST: revert 00-cicd provider changes (ludoo)
  • [#835] Fix workflow-gitlab.yaml template rendering (muresan)
  • [#828] Update firewall rules. (lcaggio)
  • [#807] FAST: refactor Gitlab template (ludoo)

MODULES

  • [#1049] Add ssl certs to cloudsql instance (prabhaarya)
  • [#1045] Assorted module fixes (ludoo)
  • [#1040] Fix name in google_pubsub_schema resource (VictorCavalcanteLG)
  • [#1043] added reverse lookup feature to module dns #1042 (chemapolo)
  • [#1044] incompatible change: Refactor net-lb-app-ext module for Terraform 1.3 (ludoo)
  • [#1036] incompatible change: Fix status ingress/egress policies in vpc-sc module (ludoo)
  • [#1033] strongSwan: switch base image to debian-slim (kunzese)
  • [#1026] add lifecycle ignore_changes for apigee PAYG env (g-greatdevaks)
  • [#1031] Fix default_rules_config description in firewall module (ludoo)
  • [#1028] incompatible change: Align rest of vpn modules with #1027 (juliocc)
  • [#1027] incompatible change: Update VPN-HA module to tf1.3 (juliocc)
  • [#1025] fix apigee PAYG env node config dynamic block (g-greatdevaks)
  • [#1024] Fix Apigee PAYG environment node config (g-greatdevaks)
  • [#1019] Added endpoint attachments to Apigee module (apichick)
  • [#1018] Apigee instance doc examples (danistrebel)
  • [#1016] Fix memory/cpu typo in gke cluster module (joeheaton)
  • [#1012] Fix tag outputs in organization module (ludoo)
  • [#1006] Add settings for autoscaling to Bigtable module. (iht)
  • [#999] Default nodepool creation fix (astianseb)
  • [#1005] Only set partitioned table when sink type is bigquery (juliocc)
  • [#997] Add BigQuery subscriptions to Pubsub module. (iht)
  • [#995] Push container images to GitHub instead of Google Container Registry (kunzese)
  • [#994] Add schemas to Pubsub topic module. (iht)
  • [#979] Add network tags support to the organization module (LucaPrete)
  • [#991] Allow cross-project backend services in ILB L7 module (ludoo)
  • [#984] incompatible change: Apigee module and blueprint (apichick)
  • [#988] Merge cloud function v1 and v2 tests (juliocc)
  • [#965] incompatible change: Add triggers to Cloud Functions v2 (wiktorn)
  • [#980] Have Squid log to /dev/stdout to stream logs to Cloud Logging (kunzese)
  • [#983] incompatible change: Add support for serverless NEGs to ILB L7 module (ludoo)
  • [#978] Worker pool support for cloud-function (maunope)
  • [#977] Replace Docker's gcplogs driver with the GCP COS logging agent (kunzese)
  • [#975] Add validation for health check port specification to ILB L7 module (ludoo)
  • [#974] incompatible change: Refactor net-lb-app-int module for Terraform 1.3 (ludoo)
  • [#970] Update logging sinks to tf1.3 in resman modules (juliocc)
  • [#969] Update folder and project org policy tests (juliocc)
  • [#964] prefix variable consistency across modules (skalolazka)
  • [#963] incompatible change: Refactor vps-sc module for Terraform 1.3 (ludoo)
  • [#958] Add support for org policy custom constraints (averbuks)
  • [#960] Fix README typo in firewall module (valeriobponza)
  • [#953] Added IAM Additive and converted some outputs to static (muresan)
  • [#951] cloud-functions v2 - fix reference to bucket_name (wiktorn)
  • [#949] incompatible change: Refactor VPC firewall module for Terraform 1.3 (ludoo)
  • [#946] incompatible change: Deprecate organization-policy module (juliocc)
  • [#945] Org policy factory (juliocc)
  • [#941] incompatible change: Refactor ILB module for Terraform 1.3 (ludoo)
  • [#940] Ensure the implementation of org policies is consistent (juliocc)
  • [#936] Enable org policy service and add README notice to modules (ludoo)
  • [#931] incompatible change: Refactor compute-mig module for Terraform 1.3 (ludoo)
  • [#930] incompatible change: Update organization/folder/project modules to use new org policies API and tf1.3 optionals (juliocc)
  • [#926] Fix backwards compatibility for vpc subnet descriptions (ludoo)
  • [#927] Add support for deployment type and api proxy type for Apigee org (kmucha555)
  • [#923] Fix service account creation error in gke nodepool module (ludoo)
  • [#908] GKE module: autopilot fixes (ludoo)
  • [#906] GKE module: add managed_prometheus to features (apichick)
  • [#916] Add support for DNS routing policies (juliocc)
  • [#918] Fix race condition in SimpleNVA (sruffilli)
  • [#914] incompatible change: Update DNS module (juliocc)
  • [#904] Add missing description field (dsbutler101)
  • [#891] Add internal_ips output to compute-vm module (LucaPrete)
  • [#890] Add auto_delete and instance_redistribution_type to compute-vm and compute-mig modules. (giovannibaratta)
  • [#883] Fix csi-driver, logging and monitoring default values when autopilot … (danielmarzini)
  • [#880] incompatible change: Refactor net-vpc module for Terraform 1.3 (ludoo)
  • [#872] added support 2nd generation cloud function (som-nitjsr)
  • [#877] fix autoscaling block (ludoo)
  • [#875] incompatible change: Refactor GKE nodepool for Terraform 1.3, refactor GKE blueprints and FAST stage (ludoo)
  • [#870] Temporarily revert to Terraform 1.3.1 to support Cloud Shell (skalolazka)
  • [#869] Fix optionals for resource_usage_export field in gke-cluster (juliocc)
  • [#868] incompatible change: Refactor GKE module for Terraform 1.3 (ludoo)
  • [#866] Update ipprefix_by_netmask.sh in nva module (sruffilli)
  • [#860] incompatible change: Refactor compute-vm for Terraform 1.3 (ludoo)
  • [#861] Leverage new shared VPC project config defaults across the repo (juliocc)
  • [#859] Make project shared VPC fields optional (juliocc)
  • [#853] Fixes NVA issue when health checks are not enabled (sruffilli)
  • [#846] COS based simple networking appliance (sruffilli)
  • [#851] nginx-tls: only use hostname part for TLS certificate (rosmo)
  • [#844] Management of GCP project default service accounts (ddaluka)
  • [#845] added root password support for MS SQL Server (cmalpe)
  • [#843] Add support for disk encryption to instance templates in compute-vm module (ludoo)
  • [#840] incompatible change: Refactor net-address module for 1.3 (ludoo)
  • [#839] incompatible change: Update to terraform 1.3 (juliocc)
  • [#824] Add simple composer 2 blueprint (lcaggio)
  • [#834] Add support for service_label property in internal load balancer (kmucha555)
  • [#833] regional MySQL DBs - automatic backup conf (skalolazka)
  • [#827] Project module: Add Artifactregistry Service Identity SA creation. (lcaggio)
  • [#826] Added new binary_authorization argument in gke-cluster module (sirohia)
  • [#819] Removed old and unused modules (juliocc)

TOOLS

  • [#1048] Document new testing approach (ludoo)
  • [#1029] Testing framework revamp (juliocc)
  • [#1022] Replace set-output with env variable and remove single quotes on labels (kunzese)
  • [#1021] Add OpenContainers annotations to published container images (kunzese)
  • [#1017] Fix auto-labeling (ludoo)
  • [#1013] Update labeler.yml (ludoo)
  • [#1010] Enforce nonempty descriptions ending in a dot (juliocc)
  • [#1004] Use actions/labeler to automatically label pull requests (kunzese)
  • [#998] Add missing write_package permission (kunzese)
  • [#996] Fix repository name must be lowercase on docker build (kunzese)
  • [#993] Fix variable and output sort check (juliocc)
  • [#950] Add a pytest fixture to convert tfvars to yaml (ludoo)
  • [#942] Bump tftest and improve dns tests (juliocc)
  • [#919] Rename workflow names (juliocc)
  • [#902] Bring back sorted variables check (juliocc)
  • [#887] Disable parallel execution of tests and plugin cache (ludoo)
  • [#886] Revert "Improve handling of tf plugin cache in tests" (ludoo)
  • [#885] Improve handling of tf plugin cache in tests (ludoo)
  • [#881] Run tests in parallel using pytest-xdist (ludoo)
  • [#876] Make changelog tool slower to work around inconsistencies in API results (ludoo)
  • [#865] Enable FAST 00-cicd provider test (ludoo)
  • [#864] incompatible change: Bump terraform required version (ludoo)
  • [#842] Comment redundant role in bootstrap stage, align IAM.md files, improve IAM tool (ludoo)
  • [#811] Fix changelog generator (ludoo)
  • [#810] Fully recursive e2e test runner for examples (juliocc)

18.0.0 - 2022-09-09

FAST

  • [#804] GKE CI/CD (ludoo)
  • [#803] FAST: fix GCS location in stage 00 and 01 (miklosn)
  • [#700] FAST: GKE multitenant infrastructure (ludoo)
  • [#800] FAST: add support for storage locations in stages 0 and 1 (ludoo)
  • [#799] FAST: add support for project parents to bootstrap stage (ludoo)
  • [#793] FAST: fix typo in CI/CD stage outputs. (fawzihmouda)
  • [#774] FAST: fix data-platform-dev folder in stage 03-data-platform (sttomm)
  • [#770] FAST: fix to move without output_location (daisuky-jp)
  • [#767] Allow interpolating SAs in project factory subnet IAM bindings (ludoo)
  • [#766] FAST: refactor teams branch (ludoo)
  • [#765] FAST: move region trigrams to a variable in network stages (ludoo)
  • [#759] FAST: fix missing value to format principalSet (imp14a)
  • [#753] Add support for IAM bindings on service accounts to project factory (ludoo)
  • [#745] FAST: specify gitlab / github providers in CI/CD stage (imp14a)
  • [#734] FAST: Use spot VMs for test VM and for NVAs (sruffilli)
  • [#733] FAST: fix data platform drop BQ dataset name (juliocc)
  • [#730] FAST: add billing IAM for billing group (ludoo)
  • [#721] FAST: add billing.costManager role to project factory SAs (sruffilli)
  • [#716] FAST: added missing format argument to project factory CI/CD IAM bindings (mgfeller)
  • [#715] FAST: fix optional service accounts in networking stages (ludoo)
  • [#711] FAST: update several stage READMEs about usage of *.auto.tfvars files (mgfeller)
  • [#703] FAST: configuration switches for features (ludoo)
  • [#706] Bump providers versions and pin versions for tests (juliocc)
  • [#702] FAST: also trigger GitHub workflow on PR synchronize event (mgfeller)
  • [#692] FAST: fix KMS delegation role in security stage (lcaggio)
  • [#699] FAST: add repository_owner to GitHub identity attributes (ludoo)
  • [#694] FAST: add 00-cicd stage to allow managing repositories in Gitlab/GitHub, other CI/CD improvements (rosmo)
  • [#690] FAST: fix stage tfvars link paths in documentation (lcaggio)
  • [#676] FAST: add group creation GIF to documentation (amgoogle)
  • [#687] FAST: fix service identity/SA mismatch in project factory (dosti-tee)
  • [#668] FAST: add cleanup instructions to documentation (ajlopezn)
  • [#682] FAST: fix CI/CD source repositories in stage 01 (imp14a)
  • [#675] FAST: fix audit logs when using pubsub as destination (juliocc)
  • [#674] FAST: remove team folders comment from 01 variables, clarify README (ludoo)
  • [#671] FAST: fix Gitlab WIF attributes (ludoo)
  • [#669] FAST: CI/CD support for Source Repository and Cloud Build (ludoo)

EXAMPLES

MODULES

  • [#805] Change modules/project service_config default (juliocc)
  • [#787] Support manager role in cloud identity group module (lcaggio)
  • [#786] Secret manager flag sensitive output (ddaluka)
  • [#775] net-lb-app-ext: Added support for regional external HTTP(s) load balancing (rosmo)
  • [#784] fix envoy-traffic-director config for xDS v3 (drebes)
  • [#785] nginx-tls module (drebes)
  • [#783] fix service unit indent on cloud-config-container module (drebes)
  • [#782] typo fix (max_scale -> min_scale) (skalolazka)
  • [#778] incompatible change: instance_termination_action must be set for compute-vm spot instances (sruffilli)
  • [#727] Fix ip_range variable description in apigee-x-instance module (alexlo03)
  • [#773] incompatible change: Refactor Cloud Run module (ludoo)
  • [#754] Add support to a public access to cloudsql-instance (alefmreis)
  • [#768] Add egress / ingress policy example to VPC SC module (ludoo)
  • [#767] Allow interpolating SAs in project factory subnet IAM bindings (ludoo)
  • [#764] Add dependency on shared vpc service project attachment to project module outputs (apichick)
  • [#761] Fix gke hub module features condition (ludoo)
  • [#760] incompatible change: GKE hub module refactor (ludoo)
  • [#756] Set cluster id output to sensitive in GKE module (apichick)
  • [#752] Also depend on shared vpc host in project module (apichick)
  • [#747] Added gkehub.googleapis.com to jit services (apichick)
  • [#744] Fixed issue with missing project reference in Cloud DNS data source (rosmo)
  • [#741] Added servicemesh feature to GKE hub and included fleet robot service… (apichick)
  • [#737] Move Cloud Run VPC Connector annotations to template metadata (#735) (sethmoon)
  • [#732] Add support for topic message duration to pubsub module (ludoo)
  • [#731] Avoid setting empty IAM binding in subnet factory (ludoo)
  • [#729] Fix connector create logic in cloud run module (ludoo)
  • [#726] Fix documentation for organization-policy module (averbuks)
  • [#722] OrgPolicy module (factory) using new org-policy API, #698 (averbuks)
  • [#695] Modified reserved IP address outputs in net-lb-app-ext module (apichick)
  • [#709] Fix incompatibility between logging and monitor config/service arguments in GKE module (psabhishekgoogle)
  • [#708] Fix incompatibility between backup and autopilot in GKE module (ludoo)
  • [#707] Fix addons for autopilot clusters and add specific tests in GKE module (juliocc)
  • [#706] Bump providers versions and pin versions for tests (juliocc)
  • [#704] Add consumer_accept_list to apigee-x-instance (juliocc)
  • [#696] Added missing image in GLB and Cloud Armor example (apichick)
  • [#689] New binary authorization module and example (apichick)
  • [#686] Revert "Binary authorization module and example" (ludoo)
  • [#683] Binary authorization module and example (apichick)
  • [#684] Cloud function module: add support for secrets (ludoo)

TOOLS

  • [#796] Remove duplicate path component from doc_examples test names. (juliocc)
  • [#794] Test documentation examples in the examples/ folder (juliocc)
  • [#788] fix yaml quotes for merge-pr workflow (drebes)
  • [#763] Changelog generator (ludoo)
  • [#762] Update changelog on pull request merge (ludoo)
  • [#680] Tools: fix ValueError raised in check_names.py when overlong names are detected (27Bslash6)
  • [#672] Module attribution and version updater tool, plus release automation (rosmo)

16.0.0 - 2022-06-06

  • add support for Spot VMs to gke-nodepool module
  • incompatible change add support for Spot VMs to compute-vm module
  • SQL Server AlwaysOn availability groups example
  • fixed Terraform change detection in CloudSQL when backup is disabled
  • allow multiple CIDR blocks in the ip_range for Apigee Instance
  • add prefix to project factory SA bindings
  • incompatible change subnets_l7ilb variable is deprecated in the net-vpc module, instead subnets_proxy_only variable should be used
  • add support for Private Service Connect and Proxy-only subnets to net-vpc module
  • bump Google provider versions to >= 4.17.0
  • bump Terraform version to >= 1.1.0
  • add shielded_instance_config support for instance template on compute-vm module
  • add support for gke_backup_agent_config to GKE module addons
  • add support for subscription filters to PubSub module
  • refactor Hub and Spoke with VPN example
  • fix tfdoc parsing on newllines in outputs
  • fix subnet factory example in vpc module README
  • fix condition in subnet factory flow logs
  • added new example on GLB and Cloud Armor
  • revamped and expanded Contributing Guide
  • add support for Workload Identity Federation and CI/CD repositories
  • simplify VPN tunnel configuration in the Hub and Spoke VPN network stage
  • fix subnet YAML schema

15.0.0 - 2022-04-05

  • incompatible change the variable for PSA ranges in the net-vpc module has changed to support configuring peering routes
  • fix permadiff in net-vpc-firewall module rules
  • new gke-hub module
  • new unmanaged-instances-healthcheck example
  • add support for IAM to data-catalog-policy-tag module
  • add support for IAM additive to folder module, fixes #580
  • optionally turn off gcplogs driver in COS modules
  • fix tag output on data-catalog-policy-tag module
  • add shared-vpc support on gcs-to-bq-with-least-privileges
  • new net-lb-app-int module
  • new 02-networking-peering networking stage
  • incompatible change the variable for PSA ranges in networking stages have changed

14.0.0 - 2022-02-25

  • incompatible change removed iam key from logging sink configuration in the project and organization modules
  • remove GCS to BQ with Dataflow example, replace by GCS to BQ with least privileges
  • the net-vpc and project modules now use the beta provider for shared VPC-related resources
  • new iot-core module
  • incompatible change the variables for host and service Shared VPCs have changed in the project module
  • incompatible change the variable for service identities IAM has changed in the project factory
  • add data-catalog-policy-tag module
  • new workload identity federetion example
  • new api-gateway module and example
  • incompatible change the psn_ranges variable has been renamed to psa_ranges in the net-vpc module and its type changed from list(string) to map(string)
  • incompatible change removed iam flag for organization and folder level sinks
  • incompatible change removed ingress_settings configuration option in the cloud-functions module.
  • new m4ce VM example
  • Support for resource management tags in the organization, folder, project, compute-vm, and kms modules
  • new data platform stage 3
  • new 02-networking-nva networking stage
  • allow customizing the names of custom roles
  • added environment and context resource management tags
  • use resource management tags to restrict scope of roles/orgpolicy.policyAdmin
  • use xpnServiceAdmin (custom role) for stage 3 service accounts that need to attach to a shared VPC
  • simplify and standardize ourputs from each stage
  • standardize names of projects, service accounts and buckets
  • switch to folder-level xpnAdmin and xpnServiceAdmin
  • moved networking projects to folder matching their environments

13.0.0 - 2022-01-27

  • initial Fabric FAST implementation
  • new net-lb-app-ext module for Global External Load balancer
  • new project-factory module in blueprints/factories
  • add missing service identity accounts (artifactregistry, composer) in project module
  • new "Cloud Storage to Bigquery with Cloud Dataflow with least privileges" example
  • support service dependencies for crypto key bindings in project module
  • refactor project module in multiple files
  • add support for per-file option overrides to tfdoc

12.0.0 - 2022-01-11

  • new repo structure. All end-to-end examples moved to the top level examples folder

11.2.0 - 2022-01-11

  • fix net-vpc subnet factory bug preventing the use of yamls with different shapes

11.1.0 - 2022-01-11

  • add support for additive IAM bindings to kms module

11.0.0 - 2022-01-04

  • incompatible change remove location from gcs bucket names
  • add support for interpolating access levels based on keys to the vpc-sc module

10.0.1 - 2022-01-03

  • remove lifecycle block from vpc sc perimeter resources

10.0.0 - 2021-12-31

  • fix cases where bridge perimeter status resources are null in vpc-sc module
  • re-release 9.0.3 as a major release as it contains breaking changes
  • update hierarchical firewall resources to use the newer google_compute_firewall_* resources
  • incompatible change rename firewall_policy_attachments to firewall_policy_association in the organization and folder modules
  • incompatible change updated API for the net-vpc-sc module

9.0.3 - 2021-12-31

  • update hierarchical firewall resources to use the newer google_compute_firewall_* resources
  • incompatible change rename firewall_policy_attachments to firewall_policy_association in the organization and folder modules
  • incompatible change updated API for the net-vpc-sc module

9.0.2 - 2021-12-22

  • ignore description changes in firewall policy rule to avoid permadiff, add factory example to folder module documentation

9.0.0 - 2021-12-22

  • new cloud-run module
  • added gVNIC support to compute-vm module
  • added a rule factory to net-vpc-firewall module
  • added a subnet factory to net-vpc module
  • incompatible change added support for partitioned tables to organization module sinks
  • incompatible change renamed private_service_networking_range variable to psc_ranges in net-vpcmodule, and changed its type to list(string)
  • added a firewall policy factory to organization and firewall module
  • refactored tfdoc
  • added support for metric scopes to the project module

8.0.0 - 2021-10-21

  • added support for GCS notifications in gcs module
  • added new skip_delete variable to compute-vm module
  • incompatible change all modules and examples now require Terraform >= 1.0.0 and Google provider >= 4.0.0

7.0.0 - 2021-10-21

  • new cloud operations example showing how to deploy infrastructure for Compute Engine image builder based on Hashicorp Packer
  • incompatible change the format of the records variable in the dns module has changed, to better support dynamic values
  • new naming-convention module
  • new cloudsql-instance module
  • added support for website to gcs module, and removed auto-set labels
  • new factories top-level folder with initial subnets, firewall-hierarchical-policies, firewall-vpc-rules and example-environments examples
  • added new description variable to compute-vm module
  • added support for L7 ILB subnets to net-vpc module
  • added support to override default description in compute-vm
  • added support for backup retention count in cloudsql-instance
  • added new description variable to cloud-function module
  • added new description variable to bigquery-dataset module
  • added new description variable to iam-service-account module
  • incompatible change fix deprecated message from gke-nodepool, change your workload_metadata_config to correct values (GCE_METADATA or GKE_METADATA)
  • incompatible change changed maintenance window definition from maintenance_start_time to maintenance_config in gke-cluster
  • added monitoring_config,logging_config, dns_config and enable_l4_ilb_subsetting to gke-cluster

6.0.0 - 2021-10-04

  • new apigee-organization and apigee-x-instance
  • generate email and iam_email statically in the iam-service-account module
  • new billing-budget module
  • fix scheduled-asset-inventory-export-bq module
  • output custom role information from the organization module
  • enable multiple vpc-sc perimeters over multiple modules
  • new cloud operations example showing how to restrict service usage using delegated role grants
  • incompatible change multiple instance support has been removed from the compute-vm module, to bring its interface in line with other modules and enable simple use of for_each at the module level; its variables have also slightly changed (attached_disks, boot_disk_delete, crate_template, zone)
  • incompatible change dropped the admin_ranges_enabled variable in net-vpc-firewall. Set admin_ranges = [] to get the same effect
  • added the named_ranges variable to net-vpc-firewall

5.1.0 - 2021-08-30

  • add support for lifecycle_rule in gcs module
  • create pubsub service identity if service is enabled
  • support for creation of GKE Autopilot clusters
  • add support for CMEK keys in Data Foundation end to end example
  • add support for VPC-SC perimeters in Data Foundation end to end example
  • fix vpc-sc module
  • new networking example showing how to use Private Service Connect to call a Cloud Function from on-premises
  • new networking example showing how to organize decentralized firewall management on GCP

5.0.0 - 2021-06-17

  • fix message_retention_duration variable type in pubsub module
  • move bq robot service account into the robot service account project output
  • add IAM cryptDecrypt role to robot service account on specified keys
  • add Service Identity creation on project module if secretmanager enabled
  • add Data Foundation end to end example

4.9.0 - 2021-06-04

  • incompatible change updated resource name for google_dns_policy on the net-vpc module
  • added support for VPC-SC Ingress Egress policies on the vpc-sc module
  • update CI to Terraform 0.15 and fix minor incompatibilities
  • add deletion_protection to the bigquery-dataset module
  • add support for dataplane v2 to GKE cluster module
  • add BGP peer outputs to HA VPN module

4.8.0 - 2021-05-12

  • added support for CORS to the gcs module
  • make cluster creation optional in the Shared VPC example
  • make service account creation optional in iam-service-account module
  • new third-party-solutions top-level folder with initial openshift example
  • added support for DNS Policies to the net-vpc module

4.7.0 - 2021-04-21

  • incompatible change add support for master_global_access_config block in gke-cluster module
  • add support for group-based IAM to resource management modules
  • add support for private service connect

4.6.1 - 2021-04-01

  • incompatible change support one group per zone in the compute-vm module

4.6.0 - 2021-03-31

  • incompatible change logging sinks now create non-authoritative bindings when iam=true
  • fixed IAM bindings for module bigquery not specifying project_id
  • remove device_policy from vpc_sc module as it requires BeyondCorp Enterprise Premium
  • allow using unsuffixed name in compute_vm module

4.5.1 - 2021-03-27

  • allow creating private DNS zones with no visible VPCs in dns module

4.5.0 - 2021-03-20

  • new logging-bucket module to create Cloud Logging Buckets
  • add support to create logging sinks using logging buckets as the destination
  • incompatible change extended logging sinks to support per-sink exclusions
  • new net-vpc-firewall-yaml module
  • add support for regions, device policy and access policy dependency to vpc-sc module
  • add support for joining VPC-SC perimeters in project module
  • add userinfo.email to default scopes in compute-vm module

4.4.2 - 2021-03-05

  • fix versions constraints on modules to avoid the no available releases match the given constraints error

4.4.1 - 2021-03-05

  • depend specific org module resources (eg policies) from IAM bindings
  • set version for google-beta provider in project module

4.4.0 - 2021-03-02

  • new filtering_proxy networking example
  • add support for a second region in the onprem networking example
  • add support for per-tunnel router to VPN HA and VPN dynamic modules
  • incompatible change the attached_disks variable type has changed in the compute-vm module, to add support for regional persistent disks, and attaching existing disks to instances / templates
  • the hub and spoke via peering example now supports project creation, resource prefix, and GKE peering configuration
  • make the project_id output from the project module non-dynamic. This means you can use this output as a key for map fed into a for_each (for example, as a key for iam_project_bindings in the iam-service-accounts module)
  • add support for essential contacts in the in the project, folder and organization modules

4.3.0 - 2021-01-11

  • new DNS for Shared VPC example
  • incompatible change removed the logging-sinks module. Logging sinks can now be created the logging_sinks variable in the in the project, folder and organization modules
  • add support for creating logging exclusions in the project, folder and organization modules
  • add support for Confidential Compute to compute-vm module
  • add support for handling IAM policy (bindings, audit config) as fully authoritative in the organization module

4.2.0 - 2020-11-25

  • incompatible change the org_id variable and output in the vpc-sc module have been renamed to organization_id, the variable now accepts values in organizations/nnnnnnnn format
  • incompatible change the forwarders variable in the dns module has a different type, to support specifying forwarding path
  • add support for MTU in net-vpc module
  • incompatible change access variables have been renamed in the bigquery-dataset module
  • add support for IAM to the bigquery-dataset module
  • fix default OAuth scopes in gke-nodepool module
  • add support for hierarchical firewalls to the folder and organization modules
  • incompatible change the org_id variable and output in the organization module have been renamed to organization_id, the variable now accepts values in organizations/nnnnnnnn format

4.1.0 - 2020-11-16

  • incompatible change rename prefix for node configuration variables in gke-nodepool module [#156]
  • add support for internally managed service account in gke-nodepool module [#156]
  • made examples in READMEs runnable and testable [#157]
  • incompatible change iam_additive is now keyed by role to be more resilient with dynamic values, a new iam_additive_members variable has been added for backwards compatibility.
  • add support for node taints in gke-nodepool module
  • add support for CMEK in gke-nodepool module

4.0.0 - 2020-11-06

  • This is a major refactor adding support for Terraform 0.13 features
  • incompatible change minimum required terraform version is now 0.13.0
  • incompatible change folders module renamed to folder
  • incompatible change iam-service-accounts module renamed to iam-service-account
  • incompatible change all iam_roles and iam_member variables merged into a single iam variable. This change affects most modules
  • incompatible change modules like folder, gcs, iam-service-account now create a single resource. Use for_each at the module level if you need multiple instances
  • added basic variable validations to some modules

3.5.0 - 2020-10-27

  • end to end example for scheduled Cloud Asset Inventory export to Bigquery
  • decouple Cloud Run from Istio in GKE cluster module
  • depend views on tables in bigquery dataset module
  • bring back logging options for firewall rules in net-vpc-firewall module
  • removed interpolation-only expressions causing terraform warnings
  • incompatible change simplify alias IP specification in compute-vm. We now use a map (alias range name to list of IPs) instead of a list of maps.
  • allow using alias IPs with instance_count in compute-vm
  • add support for virtual displays in compute-vm
  • add examples of alias IPs in compute-vm module
  • fix support for creating disks from images in compute-vm
  • allow creating single-sided peerings in net-vpc and net-vpc-peering
  • use service project registration to Shared VPC in GKE example to remove need for two-step apply

3.4.0 - 2020-09-24

  • add support for logging and better type for the retention_policies variable in gcs module
  • incompatible change deprecate bucket_policy_only in favor of uniform_bucket_level_access in gcs module
  • incompatible change allow project module to configure itself as both shared VPC service and host project

3.3.0 - 2020-09-01

  • remove extra readers in gcs-to-bq-with-dataflow example (issue: 128)
  • make VPC creation optional in net-vpc module to allow managing a pre-existing VPC
  • make HA VPN gateway creation optional in net-vpn-ha module
  • add retention_policy in gcs module
  • refactor net-address module variables, and add support for internal address purpose

3.2.0 - 2020-08-29

  • incompatible change add alias IP support in cloud-vm module
  • add tests for data-solutions examples
  • fix apply errors on dynamic resources in dataflow example
  • make zone creation optional in dns module
  • new quota-monitoring end-to-end example in cloud-operations

3.1.1 - 2020-08-26

  • fix error in project module
  • incompatible change make HA VPN Gateway creation optional for net-vpn-ha module. Now an existing HA VPN Gateway can be used. Updating to the new version of the module will cause VPN Gateway recreation which can be handled by terraform state rm/terraform import operations.

3.1.0 - 2020-08-16

  • incompatible change add support for specifying a different project id in the GKE cluster module; if using the peering_config variable, peering_config.project_id now needs to be explicitly set, a null value will reuse the project_id variable for the peering

3.0.0 - 2020-08-15

  • incompatible change the top-level infrastructure folder has been renamed to networking
  • add end-to-end example for ILB as next hop
  • add basic tests for foundations and networking end-to-end examples
  • fix Shared VPC end-to-end example and documentation

2.8.0 - 2020-08-01

  • fine-grained Cloud DNS IAM via Service Directory example
  • add feed id output dependency on IAM roles in pubsub module

2.7.1 - 2020-07-24

  • fix provider issue in bigquery module

2.7.0 - 2020-07-24

  • add support for VPC connector and ingress settings to cloud-function module
  • add support for logging to net-cloudnat module

2.6.0 - 2020-07-19

  • incompatible changes setting zone in the compute-vm module is now done via an optional zones variable, that accepts a list of zones
  • fix optional IAM permissions in folder unit module

2.5.0 - 2020-07-10

  • new vpc-sc module
  • add support for Shared VPC to the project module
  • fix bug with compute-vm address reservations introduced in 2.4.1

2.4.2 - 2020-07-09

  • add support for Shielded VM to compute-vm

2.4.1 - 2020-07-06

  • better fix external IP assignment in compute-vm

2.4.0 - 2020-07-06

  • fix external IP assignment in compute-vm
  • new top-level cloud-operations example folder
  • Cloud Asset Inventory end to end example in cloud-operations

2.3.0 - 2020-07-02

  • new 'Cloud Storage to Bigquery with Cloud Dataflow' end to end data solution
  • incompatible change additive IAM bindings are now keyed by identity instead of role, and use a single iam_additive_bindings variable, refer to [#103] for details
  • set delete_contents_on_destroy in the foundations examples audit dataset to allow destroying
  • trap errors raised by the project module on destroy

2.2.0 - 2020-06-29

  • make project creation optional in project module to allow managing a pre-existing project
  • new cloud-endpoints module
  • new cloud-function module

2.1.0 - 2020-06-22

  • incompatible change routes in the net-vpc module now interpolate the VPC name to ensure uniqueness, upgrading from a previous version will drop and recreate routes
  • the top-level docker-images folder has been moved inside modules/cloud-config-container/onprem
  • dns_keys output added to the dns module
  • add group-config variable, groups and group_self_links outputs to net-lb-int module to allow creating ILBs for externally managed instances
  • make the IAM bindings depend on the compute instance in the compute-vm module

2.0.0 - 2020-06-11

  • new data-solutions section and cmek-via-centralized-kms example
  • incompatible change static VPN routes now interpolate the VPN gateway name to enforce uniqueness, upgrading from a previous version will drop and recreate routes

1.9.0 - 2020-06-10

  • new bigtable-instance module
  • add support for IAM bindings to compute-vm module

1.8.1 - 2020-06-07

  • use all instead of specifying protocols in the admin firewall rule of the net-vpc-firewall module
  • add support for encryption keys in gcs module
  • set next_hop_instance_zone in net-vpc for next hop instance routes to avoid triggering recreation

1.8.0 - 2020-06-03

  • incompatible change the kms module has been refactored and will be incompatible with previous state
  • incompatible change robot and default service accounts outputs in the project module have been refactored and are now exposed via a single service_account output (cf [#82])
  • add support for PD CSI driver in GKE module
  • refactor iam-service-accounts module outputs to be more resilient
  • add option to use private GCR to cos-generic-metadata module

1.7.0 - 2020-05-30

  • add support for disk encryption to the compute-vm module
  • new datafusion module
  • new container-registry module
  • new artifact-registry module

1.6.0 - 2020-05-20

  • add output to gke-cluster exposing the cluster's CA certificate
  • fix gke-cluster autoscaling options
  • add support for Service Directory bound zones to the dns module
  • new service-directory module
  • new source-repository module

1.5.0 - 2020-05-11

  • incompatible change the bigquery module has been removed and replaced by the new bigquery-dataset module
  • incompatible change subnets in the net-vpc modules are now passed as a list instead of map, and all related variables for IAM and flow logs use region/name instead of name keys; it's now possible to have the same subnet name in different regions
  • replace all references to the removed resourceviews.googleapis.com API with container.googleapis.com
  • fix advanced options in gke-nodepool module
  • fix health checks in compute-mig and net-lb-int modules
  • new cos-generic-metadata module in the cloud-config-container suite
  • new envoy-traffic-director module in the cloud-config-container suite
  • new pubsub module

1.4.1 - 2020-05-02

  • new secret-manager module
  • fix access in bigquery module, this is the last version of this module to support multiple datasets, future versions will be called bigquery-dataset

1.4.0 - 2020-05-01

  • fix DNS module internal zone lookup
  • fix Cloud NAT module internal router name lookup
  • re-enable and update outputs for the foundations environments example
  • add peering route configuration for private clusters to GKE cluster module
  • incompatible changes in the GKE nodepool module: rename node_config_workload_metadata_config variable to workload_metadata_config, new default for workload_metadata_config is GKE_METADATA_SERVER
  • incompatible change in the compute-vm module: removed support for MIG and the group_manager variable
  • add compute-mig and net-lb-int modules
  • incompatible change in net-vpc: a new name attribute has been added to the subnets variable, allowing to directly set subnet name, to update to the new module add an extra name = false attribute to each subnet

1.3.0 - 2020-04-08

  • add organization policy module
  • add support for organization policies to folders and project modules

1.2.0 - 2020-04-06

  • add squid container to the cloud-config-container module

1.1.0 - 2020-03-27

  • rename the cos-container suite of modules to cloud-config-container
  • refactor the onprem-in-a-box module to only manage the cloud-config configuration, and make it part of the cloud-config-container suite of modules
  • update the onprem-google-access-dns example to use the refactored onprem module
  • fix the external_addresses output in the compute-vm module
  • small tweaks and fixes to the cloud-config-container modules

1.0.0 - 2020-03-27

  • merge development branch with suite of new modules and end-to-end examples