Skip to content

CHANGELOG.md

Latest commit

 

History

History
1348 lines (1110 loc) · 202 KB

CHANGELOG.md

File metadata and controls

1348 lines (1110 loc) · 202 KB

Changelog

All notable changes to this project will be documented in this file.

Unreleased

41.0.0 - 2025-06-29

BREAKING CHANGES

  • fast/stages/0-bootstrap: two new custom roles for KMS keys have been added: re-run stage 0 so that they are available to the resman stage, where they are required. [#3147]

BLUEPRINTS

  • [#3195] Add default route action to internal app lb path matcher (sepehrjavid)

FAST

  • [#3199] Rename workflows config variable introduced in #3198 (ludoo)
  • [#3198] Support user-defined tfvar files in resman CI/CD definitions (ludoo)
  • [#3195] Add default route action to internal app lb path matcher (sepehrjavid)
  • [#3190] Added option for tag factory in resman (lnesteroff)
  • [#3185] Bypass accounts.google.com in FAST DNS policy rules (ludoo)
  • [#3183] Revert "Bypass accounts.google.com in FAST DNS policy rules" (ludoo)
  • [#3179] Bypass accounts.google.com in FAST DNS policy rules (ludoo)
  • [#3163] Allow custom roles in context, add support for shared VPC IAM to project and project factory (ludoo)
  • [#3160] Add notebooks, appengine and appspot to dns policy routing in FAST networking stage (wiktorn)
  • [#3162] Improve and document org policy tags use in FAST resman stage (ludoo)
  • [#3154] Allow configuring project key format in project factory (ludoo)
  • [#3147] Fix IAM delegation for project factory on security KMS keys (ludoo)

MODULES

  • [#3199] Rename workflows config variable introduced in #3198 (ludoo)
  • [#3195] Add default route action to internal app lb path matcher (sepehrjavid)
  • [#3178] Added tag factory option for organization module (lnesteroff)
  • [#3181] Support new style service account principalsets in project factory (ludoo)
  • [#3179] Bypass accounts.google.com in FAST DNS policy rules (ludoo)
  • [#3163] Allow custom roles in context, add support for shared VPC IAM to project and project factory (ludoo)
  • [#3154] Allow configuring project key format in project factory (ludoo)
  • [#3106] Revert "Make automation project in project factory module optional" (ludoo)

TOOLS

  • [#3195] Add default route action to internal app lb path matcher (sepehrjavid)
  • [#3179] Bypass accounts.google.com in FAST DNS policy rules (ludoo)
  • [#3160] Add notebooks, appengine and appspot to dns policy routing in FAST networking stage (wiktorn)

40.2.0 - 2025-06-29

BREAKING CHANGES

  • modules/ai-applications: renamed agentspace module to ai-applications [#3184]
  • fast/stages/0-bootstrap: two new custom roles for KMS keys have been added: re-run stage 0 so that they are available to the resman stage, where they are required. [#3147]
  • modules/gke-nodepool: renamed variable network_config.additional_pod_network_config to network_config.additional_pod_network_configs [#3134]

BLUEPRINTS

FAST

  • [#3199] Rename workflows config variable introduced in #3198 (ludoo)
  • [#3198] Support user-defined tfvar files in resman CI/CD definitions (ludoo)
  • [#3195] Add default route action to internal app lb path matcher (sepehrjavid)
  • [#3193] Only consider active projects to default VPC SC perimeter (juliocc)
  • [#3190] Added option for tag factory in resman (lnesteroff)
  • [#3180] Fixed hard-coded resource management tags (!var.tag_names) (lnesteroff)
  • [#3187] Clean fast 2 security from vpcsc (aumohr)
  • [#3185] Bypass accounts.google.com in FAST DNS policy rules (ludoo)
  • [#3183] Revert "Bypass accounts.google.com in FAST DNS policy rules" (ludoo)
  • [#3179] Bypass accounts.google.com in FAST DNS policy rules (ludoo)
  • [#3174] Fixed option to set descriptions for environment tag values (lnesteroff)
  • [#3163] Allow custom roles in context, add support for shared VPC IAM to project and project factory (ludoo)
  • [#3160] Add notebooks, appengine and appspot to dns policy routing in FAST networking stage (wiktorn)
  • [#3162] Improve and document org policy tags use in FAST resman stage (ludoo)
  • [#3154] Allow configuring project key format in project factory (ludoo)
  • [#3147] Fix IAM delegation for project factory on security KMS keys (ludoo)
  • [#3146] Bump requests from 2.32.2 to 2.32.4 in /fast/project-templates/secops-anonymization-pipeline/source (dependabot[bot])
  • [#3145] Add KMS keys interpolation to project factory (ludoo)
  • [#3134] fix additional pod networks config creation in GKE node pool (jacek-jablonski)
  • [#3126] Allow multiple types in JSON schema docs tool (ludoo)
  • [#3120] Bump Terraform to 1.11 (juliocc)
  • [#3114] Allow creation of regional templates in compute-vm module (ludoo)
  • [#3112] Add support for service agent expansion to project factory IAM (ludoo)

MODULES

  • [#3201] Update service-agents.yaml (juliocc)
  • [#3202] Fix ai-applications provider_meta (juliocc)
  • [#3197] Create (or import) subnets with empty description (lnesteroff)
  • [#3196] Added node_pool_auto_config to GKE cluster (apichick)
  • [#3195] Add default route action to internal app lb path matcher (sepehrjavid)
  • [#3192] Added option to set force_destroy on pf buckets (lnesteroff)
  • [#3191] fix failing E2E test for net-vpc (wiktorn)
  • [#3178] Added tag factory option for organization module (lnesteroff)
  • [#3189] [module/ai-applications] fix module for unexpected updates from APIs (LucaPrete)
  • [#3169] Addition of Cloud Deploy Module (vineeteldochan)
  • [#3177] Add support for IPv6 only subnets and IP collections (cmm-cisco)
  • [#3184] Rename agentspace module to ai-applications (LucaPrete)
  • [#3181] Support new style service account principalsets in project factory (ludoo)
  • [#3179] Bypass accounts.google.com in FAST DNS policy rules (ludoo)
  • [#3170] Add new Agentspace module (LucaPrete)
  • [#3172] feat: Update session affinity validation for ALB (williamsmt)
  • [#3165] Cloud run direct iap (msikora-rtb)
  • [#3149] Add support for DNS zones to Apigee module (apichick)
  • [#3161] feat: ignores labels added by gh action in unmanaged cloud run service / job (msikora-rtb)
  • [#3163] Allow custom roles in context, add support for shared VPC IAM to project and project factory (ludoo)
  • [#3156] Allow to directly specify service agents for CMEK in project module (Composer v2 support) (jnahelou)
  • [#3157] Fixed problem with backend preference, changed it to boolean. Backend… (apichick)
  • [#3154] Allow configuring project key format in project factory (ludoo)
  • [#3153] Bring back master ipv4 cidr block (jacklever-hub24)
  • [#3140] Added recipe for Apigee X with SWP (apichick)
  • [#3150] Added default compute network tier to project module (apichick)
  • [#3151] Added network tier to network interfaces in compute-vm module (apichick)
  • [#3145] Add KMS keys interpolation to project factory (ludoo)
  • [#3139] Added backend preference to global application load balancers (apichick)
  • [#3144] Fix #3142 (juliocc)
  • [#3143] Fixed mistake in net-vpn-ha module docs (apichick)
  • [#3141] Improve SWP transparent gateway example (wiktorn)
  • [#3129] Cloud Run with IAP recipe (apichick)
  • [#3137] Return instance ID not IP address (kkrtbhouse)
  • [#3135] CloudSQL - Create password resource only when needed (wiktorn)
  • [#3134] fix additional pod networks config creation in GKE node pool (jacek-jablonski)
  • [#3133] Add explicit errors when VPC-SC perimeters reference undefined directional policies (juliocc)
  • [#3128] Added multi-region API Gateway recipe, that was removed by accident (apichick)
  • [#3127] Interpolate egress_to resources in enforced perimeter config (juliocc)
  • [#3126] Allow multiple types in JSON schema docs tool (ludoo)
  • [#3125] Document x-referencing HCs in net-lb-int (sruffilli)
  • [#3124] Allow explicit definition of automation prefix in project factory (ludoo)
  • [#3119] Expose private_endpoint_enforcement_enabled in gke modules (juliocc)
  • [#3120] Bump Terraform to 1.11 (juliocc)
  • [#3083] Remove default values for access_config.ip_config for gke cluster modules (jaiakt)
  • [#3117] adds revision label (msikora-rtb)
  • [#3116] Add support for binary authorization policy to cloud function v2 module (ludoo)
  • [#3114] Allow creation of regional templates in compute-vm module (ludoo)
  • [#3113] Allow creating disks with no name in compute-vm (ludoo)
  • [#3112] Add support for service agent expansion to project factory IAM (ludoo)
  • [#3105] Add option to specify any port on https protocol (Stepanenko-Alexey)
  • [#3110] Support iam_sa_roles in project factory service accounts (ludoo)

TOOLS

  • [#3203] Add PEP 723 dependencies to tfdoc.py, versions.py and build_service_agents.py (juliocc)
  • [#3200] Remove blueprint metadata validation (juliocc)
  • [#3126] Allow multiple types in JSON schema docs tool (ludoo)
  • [#3120] Bump Terraform to 1.11 (juliocc)

40.1.0 - 2025-05-21

BLUEPRINTS

FAST

MODULES

TOOLS

40.0.0 - 2025-05-21

BREAKING CHANGES

  • fast/stages/0-boostrap: the default set of organization policies now prevents the creation of bridge perimeters. [#3098]
  • modules/vpc-sc: perimeter bridge are no longer supported. Please migrate to directional policies (ingress/egress rules) for more granular and secure perimeter configurations. modules/vpc-sc: service_perimeters_regular renamed to perimeters [#3062]

BLUEPRINTS

FAST

MODULES

  • [#3100] Project Factory: fix reference to automation SAs in IAM block for service accounts (LucaPrete)
  • [#3091] Make automation project in project factory module optional (LucaPrete)
  • [#3094] Enable context replacements for IAM principals in project factory module (ludoo)
  • [#3093] Add support for additive perimeter resources to vpc-sc module (ludoo)
  • [#3089] Fix permadiff in FAST bootstrap IAM (ludoo)
  • [#3062] VPC SC module refactor (juliocc)
  • [#3070] JSON schema documentation tool (ludoo)
  • [#3066] New FAST data platform (ludoo)
  • [#3051] Add ability to reuse existing projects in project factory (LucaPrete)

TOOLS

39.2.0 - 2025-05-21

FAST

  • [#3088] Add GitLab SaaS support in fast/extras/0-cicd-gitlab (Alhossril)
  • [#2944] fix: remove file starting by 1 and 2 to avoid copying 1-resman-provid… (Alhossril)

MODULES

39.1.0 - 2025-05-05

BLUEPRINTS

  • [#3068] vertex-mlops: fix permadiff after apply (wiktorn)
  • [#3063] Enable repd tag bindings in compute-vm module (ludoo)

FAST

  • [#3063] Enable repd tag bindings in compute-vm module (ludoo)
  • [#3052] Updated network config variables in GKE node pool (apichick)
  • [#3050] New Dataplex Aspect Types module (ludoo)

MODULES

  • [#3069] [cloudsql-instance] Add cloudsql_iam_authentication flag to fix example in readme (LucaPrete)
  • [#3067] fix reference to boot disk in snapshots when using independent disks (wiktorn)
  • [#3063] Enable repd tag bindings in compute-vm module (ludoo)
  • [#3060] Add deletion_policy to project-factory module (tyler-sommer)
  • [#3059] Better cert manager module examples (ludoo)
  • [#3057] [cloud-run-v2] Add ability to control code deployments outside Terraform (LucaPrete)
  • [#3056] Default vulnerability scanning to null in ar module (ludoo)
  • [#3054] New Managed Kafka module (juliocc)
  • [#3053] Rename Dataplex Aspects module to Dataplex Aspect Types (ludoo)
  • [#3052] Updated network config variables in GKE node pool (apichick)
  • [#3049] [#3048] Fix serverless NEG example in net-lb-app-ext (LucaPrete)
  • [#3050] New Dataplex Aspect Types module (ludoo)

TOOLS

  • [#3063] Enable repd tag bindings in compute-vm module (ludoo)

39.0.0 - 2025-04-18

UPDATING FAST

  • the 1-resman stage has a new stage 2 definition for secops that depends on a previously not needed group; create the group or edit the groups variable in stage 0 and apply if you need the secops stage, delete the secops stage definition if you don't
  • the 1-vpcsc stage has a moved file to help you transition resources to a new internal naming scheme
  • the 2-project-factory stage is changing internal project keys following the changes to the underlying project factory module; you need to manually move (or re-import) all stage resources and tere's no sane way for us to provide you with pre-made move definitions; to buy time, you can change the source of the only module in the stage to point the previous version's project-factory module

BREAKING CHANGES

  • fast/stages/2-project-factory: project keys now contain the relative path prefix. [#3030]
  • modules/project-factory: project keys now contain the relative path prefix. [#3030]
  • fast/stages/1-vpcsc: the perimeters variable now matches the type of the variable service_perimeters_regular in modules/vpc-sc. To migrate, remove the dry_run field and use the use_explicit_dry_run_spec, spec, and status fields [#2928]

BLUEPRINTS

  • [#3046] Fix automation object names in project factory (ludoo)
  • [#3022] Replace all instances of stackdriver.googleapis.com with log+mon (sruffilli)

FAST

MODULES

  • [#3046] Fix automation object names in project factory (ludoo)
  • [#3030] Use path as keys in project factory (wiktorn)
  • [#3027] Apply recent changes to factory-projects-object.tf to vpc-factory (wiktorn)
  • [#3022] Replace all instances of stackdriver.googleapis.com with log+mon (sruffilli)
  • [#3014] Properly support org policy tags in resman/project factory (ludoo)
  • [#3007] Implement support for VPC-SC perimeter membership from project factory (ludoo)
  • [#2990] Merge master to fast dev (wiktorn)
  • [#2986] Mongodb Atlas cluster project template (ludoo)
  • [#2961] Update FAST stage diagram (ludoo)
  • [#2959] Rationalize project factory context interpolations for automation service accounts (ludoo)
  • [#2958] Fix subnet schema in net-vpc module & hybrid subnets example implementation (SamuPert)
  • [#2929] Expose tags in project factory (juliocc)
  • [#2928] Use VPC-SC perimeter factory in FAST 1-vpcsc stage (juliocc)
  • [#2926] Fix project ids in ingress policy resources (juliocc)
  • [#2919] Add perimeter factory to modules/vpc-sc (karpok78)
  • [#2920] Fix KMS service agent when universe is set (dgourillon)

TOOLS

38.2.0 - 2025-04-18

BREAKING CHANGES

  • modules/iam-service-account: removed public_keys_directory variable. Use bare google_service_account_key resources if this functionality is needed. [#3008]
  • modules/gke-cluster-standard, modules/gke-cluster-autopilot: Default value for access_config.ip_access changed from {} to null; explicitly set to keep IP access enabled. [#2997]

BLUEPRINTS

  • [#3043] Bump golang.org/x/net from 0.36.0 to 0.38.0 in /blueprints/cloud-operations/unmanaged-instances-healthcheck/function/restarter (dependabot[bot])
  • [#2982] Module: net-vpc-factory (sruffilli)
  • [#3008] Add support to attach tags to service accounts (juliocc)
  • [#2997] Allow disabling GKE IP endpoints and setting GKE VPC scope DNS domain (juliocc)
  • [#2989] Fix Cloud SQL deployment and use local remote docker hub for pulling gitlab docker image (simonebruzzechesse)

FAST

MODULES

  • [#3033] Pathexpand all factory data paths (sruffilli)
  • [#3040] Add vulnerability scanning to artifact registry module (LucaPrete)
  • [#3034] Added recipe HA VPN between AWS and GCP (apichick)
  • [#3031] Use path as keys in project factory (wiktorn)
  • [#3029] Allow IAP configuration with default IdP (stribioli)
  • [#3023] secops-rules module (simonebruzzechesse)
  • [#3024] Use factory-projects-object to normalize inputs for project module in net-vpc-factory (wiktorn)
  • [#2982] Module: net-vpc-factory (sruffilli)
  • [#2999] Added variable for activating nat and implementation in google_apigee… (jacklever-hub24)
  • [#2998] Fix handling of data_overrides in project factory (wiktorn)
  • [#3008] Add support to attach tags to service accounts (juliocc)
  • [#3006] Better lifecycle management description in VPC-SC module (ludoo)
  • [#3004] Add support for non-destructive tag bindings to compute-vm module (ludoo)
  • [#3003] Cross-project serverless neg example for internal app load balancer (ludoo)
  • [#3000] Add roles support to VPC-SC (juliocc)
  • [#2997] Allow disabling GKE IP endpoints and setting GKE VPC scope DNS domain (juliocc)
  • [#2994] Fr/timhiatt/invoker iam disable (timbohiatt)
  • [#2993] feat: add gcp_public_cidrs_access_enabled to gke modules (domcyrus)
  • [#2987] Project object c14n in separate file (wiktorn)
  • [#2984] compute-vm: Add graceful shutdown configuration and some missing GPUs. (rosmo)

TOOLS

  • [#3034] Added recipe HA VPN between AWS and GCP (apichick)
  • [#3024] Use factory-projects-object to normalize inputs for project module in net-vpc-factory (wiktorn)
  • [#2997] Allow disabling GKE IP endpoints and setting GKE VPC scope DNS domain (juliocc)
  • [#2996] Improve failure message for tests (wiktorn)
  • [#2987] Project object c14n in separate file (wiktorn)

38.1.0 - 2025-03-22

BREAKING CHANGES

  • modules/cloud-function-v2: Make function compatible with direct egress settings - allow to specify function egress settings without using a VPC connector. [#2967]
  • modules/dns: Reverse zones are by default created as unmanaged now. To keep your zone as managed, please set var.zone_config.private.reverse_managed to true [#2942]

BLUEPRINTS

  • [#2971] Bump google.golang.org/grpc from 1.53.0 to 1.56.3 in /blueprints/cloud-operations/unmanaged-instances-healthcheck/function/healthchecker (dependabot[bot])
  • [#2970] Bump google.golang.org/protobuf from 1.28.1 to 1.33.0 in /blueprints/cloud-operations/unmanaged-instances-healthcheck/function/healthchecker (dependabot[bot])
  • [#2969] Bump golang.org/x/net from 0.33.0 to 0.36.0 in /blueprints/cloud-operations/unmanaged-instances-healthcheck/function/healthchecker (dependabot[bot])
  • [#2966] Add custom routes for directpath to net-vpc module (ludoo)
  • [#2965] Revert "Fix broken upgrades of TF provider for routes" (wiktorn)
  • [#2964] Fix broken upgrades of TF provider for routes (wiktorn)
  • [#2953] Bump golang.org/x/net from 0.33.0 to 0.36.0 in /blueprints/cloud-operations/unmanaged-instances-healthcheck/function/restarter (dependabot[bot])
  • [#2936] Fix broken link in GCP Data Services blueprints (javiergp)

FAST

MODULES

  • [#2981] Add dependency on VPC-SC resources to project factory (LFicteam)
  • [#2974] Fix push subscription in pubsub module (simonebruzzechesse)
  • [#2973] Add support for any ports to net-lb-app modules (wiktorn)
  • [#2968] Add transparent proxy example and e2e test to net-swp module (wiktorn)
  • [#2967] Allow to specify function egress settings without using a VPC connector (LucaPrete)
  • [#2966] Add custom routes for directpath to net-vpc module (ludoo)
  • [#2965] Revert "Fix broken upgrades of TF provider for routes" (wiktorn)
  • [#2964] Fix broken upgrades of TF provider for routes (wiktorn)
  • [#2962] Adding enterprise_config -> desired_tier feature to GKE autopilot and… (fpreli)
  • [#2960] cloudsql: Align replica attributes to primary instance (wiktorn)
  • [#2956] Update GKE addons and features (juliocc)
  • [#2952] feat(artifact-registry): Add possibility to setup Docker common remote repository configuration (anthonyhaussman)
  • [#2949] net-vpc: fix permadiff in docs (sruffilli)
  • [#2948] Use full type definition in project-factory (wiktorn)
  • [#2942] incompatible change: Allow un-managed reverse lookup zones (wiktorn)
  • [#2935] Introduce test isolation and fix missing GCS service account (wiktorn)
  • [#2933] Fix failing E2E test for module/project (wiktorn)
  • [#2931] Fixed title: from Artifact Registry to Binary Authorization (ggalloro)
  • [#2925] Fix E2E tests using modules/project project_create (wiktorn)
  • [#2921] Add execution/invocation commands to outputs (wiktorn)

TOOLS

  • [#2965] Revert "Fix broken upgrades of TF provider for routes" (wiktorn)
  • [#2964] Fix broken upgrades of TF provider for routes (wiktorn)

38.0.0 - 2025-02-21

BREAKING CHANGES

  • modules/vpc-sc: Referencing ingress/egress policies that are not defined results in an error (previously, undefined directional policies were silently ignored) [#2909]
  • modules/project-factory: The automation.buckets attribute has been changed to automation.bucket and support for multiple state buckets has been dropped. Save your state to a local file for any automation-enabled project before applying changes in the project factory. [#2914]
  • modules/project: move input variable service_agents_config.services_enabled to project_reuse.project_attributes.services_enabled [#2900]
  • fast/stages/0-boostrap: enabled restrictProtocolForwardingCreationForTypes to internal only by default [#2884]
  • fast/stages/0-boostrap/data/org-policies-managed: new set of org policies using managed constraints [#2884]
  • fast/stages/0-boostrap: if you use var.org_policies_config.constraints.allowed_policy_member_domains or var.org_policies_config.constraints.allowed_policy_member_domains, move their values to a YAML file under bootstrap's org policy factory. [#2878]

BLUEPRINTS

FAST

  • [#2909] Add title to VPC-SC directional policies (juliocc)
  • [#2914] incompatible change: Add provider output files to project factory stage, single automation bucket in module (ludoo)
  • [#2906] Update default FAST org policies (juliocc)
  • [#2904] Fix default compute.restrictProtocolForwardingCreationForTypes value (juliocc)
  • [#2902] Allow passing explicit regions in net test addon subnets (ludoo)
  • [#2794] New SecOps anonymization pipeline (simonebruzzechesse)
  • [#2899] Project factory additions, project module reuse implementation (ludoo)
  • [#2897] FAST project templates example (ludoo)
  • [#2893] Add support for project-level log sinks to FAST stage 0 (ludoo)
  • [#2887] Update VPC-SC module and FAST stage (juliocc)
  • [#2891] Address DNS issues with googleapis RPZ and forwarding (ludoo)
  • [#2888] Add restrictProtocolForwardingCreationForTypes to FAST import policies (juliocc)
  • [#2884] Add new set of org policies with managed constraints to FAST bootstrap (juliocc)
  • [#2878] Move DRS and essential contact domains to factory (juliocc)
  • [#2875] New FAST stages diagram (ludoo)
  • [#2872] Add bucket IAM policy read (karpok78)
  • [#2864] Workflow fix (karpok78)
  • [#2854] Expose custom constraint factory in bootstrap (juliocc)
  • [#2853] Allow addons to any flex stage 2 (juliocc)
  • [#2851] Support mulitple universes in bootstrap (juliocc)
  • [#2840] Flexible stage 2s in FAST resource manager (ludoo)

MODULES

  • [#2917] Add error messages for failing interpolations (wiktorn)
  • [#2909] Add title to VPC-SC directional policies (juliocc)
  • [#2914] incompatible change: Add provider output files to project factory stage, single automation bucket in module (ludoo)
  • [#2900] incompatible change: Add ability to refer to other project service accounts in Project Factory (wiktorn)
  • [#2906] Update default FAST org policies (juliocc)
  • [#2899] Project factory additions, project module reuse implementation (ludoo)
  • [#2897] FAST project templates example (ludoo)
  • [#2894] Make service agents work in different universes (juliocc)
  • [#2893] Add support for project-level log sinks to FAST stage 0 (ludoo)
  • [#2892] Add universe support to iam-service-account (juliocc)
  • [#2887] Update VPC-SC module and FAST stage (juliocc)

TOOLS

  • [#2909] Add title to VPC-SC directional policies (juliocc)
  • [#2900] Add ability to refer to other project service accounts in Project Factory (wiktorn)
  • [#2794] New SecOps anonymization pipeline (simonebruzzechesse)
  • [#2899] Project factory additions, project module reuse implementation (ludoo)
  • [#2894] Make service agents work in different universes (juliocc)

37.4.0 - 2025-02-21

BREAKING CHANGES

  • modules/workstation-cluster: changed the interface for configuration timeouts to object, timeouts are now specified as numbers. [#2911]
  • modules/cloudsql-instance: changed the name of the var.ssl.ssl_mode attribute to var.ssl.mode. [#2910]
  • modules/iam-service-account: Removed service account key generation functionality [#2907]
  • modules/net-lb-app-ext: Adds the two missing fields for locality_lb_policy and locality_lb_policies with field and block set, validation for both and tests. [#2898]

BLUEPRINTS

MODULES

  • [#2916] Add support for custom error response policies to net_lb_app_ext module (peter-norton)
  • [#2915] Fix dns_keys output in dns module (nathou)
  • [#2913] Add generated_id backends output to net-lb-app-ext (danistrebel)
  • [#2911] incompatible change: Add support for max workstations, refactor timeouts in workstation-cluster module (ludoo)
  • [#2910] incompatible change: Add ssl_mode support to cloudsql-instance replicas (sruffilli)
  • [#2907] incompatible change: Remove Service Account key generation (wiktorn)
  • [#2886] Increase the default complexity of Cloud SQL DB passwords (lyricnz)
  • [#2901] Add CA chain output to CAS module (ludoo)
  • [#2898] Add support for locality policies to net-lb-app-ext module (jacklever-hub24)

TOOLS

37.3.0 - 2025-02-12

BLUEPRINTS

  • [#2883] incompatible change: Fix ipv6 and align loadbalancer address types (wiktorn)

MODULES

  • [#2883] incompatible change: Fix ipv6 and align loadbalancer address types (wiktorn)

37.2.0 - 2025-02-11

BLUEPRINTS

FAST

  • [#2874] Add note about the use of n-stagename/moved/ files during upgrade (lyricnz)
  • [#2862] update docs: clarify 0-bootstrap.auto.tfvars creation and outputs_loc… (ZoranBatman)

MODULES

  • [#2879] Address outstanding load balancer FRs (ludoo)
  • [#2876] Add context to organization policy factories (juliocc)
  • [#2871] Fix KMS E2E tests (wiktorn)
  • [#2870] Add dependency for compute-vm schedule (wiktorn)
  • [#2869] Expose org policy parameters (juliocc)
  • [#2867] Disable E2E test for direct VPC Egress (wiktorn)
  • [#2855] Add support for advanced machine features to compute-vm (ludoo)
  • [#2841] Add cAdvisor Metrics to Autopilot/Standard GKE Cluster (HeiglAnna)
  • [#2852] Allow universe-bound projects to exclude services (juliocc)
  • [#2848] Support project creation in different universes (juliocc)
  • [#2842] Refactor data catalog tag template module (ludoo)

TOOLS

37.1.0 - 2025-01-26

FAST

  • [#2839] Revert "Allow multiple stage-2 project factories" (ludoo)

37.0.0 - 2025-01-24

FAST

  • [#2836] Interpolate SAs in tag-level iam (juliocc)
  • [#2834] incompatible change: Allow multiple stage-2 project factories (juliocc)
  • [#2831] Allow networking stage to be disabled (juliocc)
  • [#2828] Small fix to net test add-on context expansion (ludoo)
  • [#2826] Fix stage 1 addons provider outputs (juliocc)
  • [#2825] FAST add-on for networking test resources (ludoo)
  • [#2823] Update service activation in ngfw add-on (ludoo)
  • [#2821] FAST SWP networking add-on, refactor CAS module interface (ludoo)
  • [#2818] Top level folder factory support for automation SA IAM (sruffilli)
  • [#2817] Fix permadiff in stage 0 vpc-sc service account, add schemas to hierarchical policy YAML files (ludoo)
  • [#2815] [FAST] Add missing permission to ngfwEnterprise org (LucaPrete)
  • [#2813] feat: restructure how var files are provided to workflow templates (Liam-Johnston)
  • [#2810] Small fixes and improvements to FAST netsec/net (ludoo)
  • [#2800] Implement FAST stage add-ons, refactor netsec as add-on (ludoo)
  • [#2801] Add optional support for fw policies via new vpc_configs variable, refactor factories variable in net stages (ludoo)
  • [#2787] Leverage environments for folder and project creation in FAST resman and security (ludoo)

MODULES

  • [#2821] incompatible change: FAST SWP networking add-on, refactor CAS module interface (ludoo)
  • [#2820] incompatible change: Do not create service agent resources in project module for services not explicitly enabled (ludoo)

36.2.0 - 2025-01-24

BLUEPRINTS

FAST

  • [#2831] Allow networking stage to be disabled (juliocc)
  • [#2828] Small fix to net test add-on context expansion (ludoo)
  • [#2826] Fix stage 1 addons provider outputs (juliocc)
  • [#2825] FAST add-on for networking test resources (ludoo)
  • [#2823] Update service activation in ngfw add-on (ludoo)

36.1.0 - 2025-01-10

  • [#2777] Document tag_bindings definition as map(string) (juliocc)

BLUEPRINTS

  • [#2808] Bump golang.org/x/net from 0.23.0 to 0.33.0 in /blueprints/cloud-operations/unmanaged-instances-healthcheck/function/healthchecker (dependabot[bot])
  • [#2807] Bump golang.org/x/net from 0.23.0 to 0.33.0 in /blueprints/cloud-operations/unmanaged-instances-healthcheck/function/restarter (dependabot[bot])
  • [#2803] New tool versions.py to manage versions.tf/tofu (juliocc)
  • [#2796] Add docker image tag to bindplane config variable (simonebruzzechesse)
  • [#2792] fix non-empty plan after apply for vertex mlops (wiktorn)
  • [#2791] Fabric e2e fixes (juliocc)
  • [#2790] Fix cycle in the autopilot-cluster blueprint (wiktorn)
  • [#2721] New BindPlane OP Management console on GKE SecOps blueprint (simonebruzzechesse)
  • [#2771] Use separate versions.tofu for OpenTofu constraints (wiktorn)
  • [#2768] Support customizable resource names in FAST stage 0 (ludoo)
  • [#2761] Refactor GKE cluster modules access configurations, add support for DNS endpoint (ludoo)
  • [#2736] Add confidential compute support to google_dataproc_cluster module, bump provider versions (steenblik)
  • [#2752] Bump path-to-regexp and express in /blueprints/apigee/apigee-x-foundations/functions/instance-monitor (dependabot[bot])
  • [#2748] Add ability to autogenerate md5 keys in net-vpn-ha (LucaPrete)
  • [#2749] Bump path-to-regexp and express in /blueprints/gke/binauthz/image (dependabot[bot])
  • [#2745] Add optional automated MD5 generation to net-vlan-attachment module (LucaPrete)

FAST

  • [#2798] ADR proposal for FAST add-on stages (ludoo)
  • [#2774] [FAST] Remove unused stage 1 CICD variables (LucaPrete)
  • [#2769] Support customizable resource names to fast stage 1 (ludoo)
  • [#2768] Support customizable resource names in FAST stage 0 (ludoo)
  • [#2767] Fix workspace logs sink in FAST bootstrap stage (ludoo)
  • [#2766] Allow optional creation of billing resources in FAST boostrap stage (ludoo)
  • [#2761] incompatible change: Refactor GKE cluster modules access configurations, add support for DNS endpoint (ludoo)
  • [#2744] Fix parent id lookup for networking and security in resource management stage (ludoo)
  • [#2733] incompatible change: Updating yaml naming in prod subnet folder to match other lifecycles (mtndrew404)

MODULES

  • [#2799] Add intercepting sinks to the organization and folder modules (rshokati2)
  • [#2806] ASN should be optional in router_config variable as it is not necessa… (apichick)
  • [#2803] New tool versions.py to manage versions.tf/tofu (juliocc)
  • [#2802] Added BGP priority variable for dedicated interconnect because it was… (apichick)
  • [#2758] Add Alerts, Logging, Channels Factories (joshw123)
  • [#2791] Fabric e2e fixes (juliocc)
  • [#2786] Make PSA connection more robust (wiktorn)
  • [#2784] Fix validation message in cas module (ludoo)
  • [#2783] Update net-lb-app-ext security_settings variables (wenzizone)
  • [#2781] Fix bindplane cos module (simonebruzzechesse)
  • [#2780] Fix handling of SSL certificates in external load balancer modules (rodriguezsergio)
  • [#2776] Add support for log views and log scopes (juliocc)
  • [#2772] Fix for perma-diff when using PSC NEGs. (wiktorn)
  • [#2771] Use separate versions.tofu for OpenTofu constraints (wiktorn)
  • [#2768] Support customizable resource names in FAST stage 0 (ludoo)
  • [#2761] incompatible change: Refactor GKE cluster modules access configurations, add support for DNS endpoint (ludoo)
  • [#2764] Ignore ssl certificates if none are passed in net-lb-app-int module (ludoo)
  • [#2757] Update net-vlan-attachment module readme (LucaPrete)
  • [#2736] Add confidential compute support to google_dataproc_cluster module, bump provider versions (steenblik)
  • [#2740] Add support for password validation policy to cloudsql module (ludoo)
  • [#2750] Add disk encyption key to the google_compute_instance_template - Sovereign support (rune92)
  • [#2718] Add path_template_match and path_template_rewrite support to net-lb-app-ext (rosmo)
  • [#2755] remove default location in tag value - cloud-run-v2 tags.tf (Mattible)
  • [#2751] Add support for routing mode to net-swp module (ludoo)
  • [#2748] Add ability to autogenerate md5 keys in net-vpn-ha (LucaPrete)
  • [#2745] Add optional automated MD5 generation to net-vlan-attachment module (LucaPrete)
  • [#2741] Add support for secret manager config to gke cluster modules (ludoo)
  • [#2734] Allow override of GKE Nodepool SA Display Name (robrankin)
  • [#2738] Support switchover in alloydb module (simonebruzzechesse)
  • [#2739] Add basename to SWP policy rules factory (LucaPrete)
  • [#2737] incompatible change: SWP module refactor (ludoo)

TOOLS

  • [#2803] New tool versions.py to manage versions.tf/tofu (juliocc)
  • [#2791] Fabric e2e fixes (juliocc)
  • [#2778] Fix failing tests for OpenTofu (wiktorn)
  • [#2721] New BindPlane OP Management console on GKE SecOps blueprint (simonebruzzechesse)
  • [#2771] Use separate versions.tofu for OpenTofu constraints (wiktorn)
  • [#2769] Support customizable resource names to fast stage 1 (ludoo)
  • [#2768] Support customizable resource names in FAST stage 0 (ludoo)
  • [#2765] Update issue templates (juliocc)
  • [#2736] Add confidential compute support to google_dataproc_cluster module, bump provider versions (steenblik)

36.0.1 - 2024-11-23

FAST

  • [#2731] Add missing role to FAST stage 0 org-level delegated IAM grants (ludoo)

TOOLS

  • [#2730] Run tests and linting when pushing to master or fast-dev (juliocc)

36.0.0 - 2024-11-22

BLUEPRINTS

  • [#2648] Refactor of FAST resource management and subsequent stages (ludoo)

FAST

  • [#2714] Remove stale resman validation (juliocc)
  • [#2707] Expose factories_config for resman top level folders (juliocc)
  • [#2701] Allow disabling network security stage (juliocc)
  • [#2697] Remove REGIONAL/MULTI_REGIONAL buckets from FAST (juliocc)
  • [#2693] Unify usage of top level folders short_name (juliocc)
  • [#2694] Make project iam viewer name consistent with GCP naming (juliocc)
  • [#2688] Streamline environments variable across stages (ludoo)
  • [#2685] Add missing billing roles to project factory ro SA in stage 1 (ludoo)
  • [#2683] Add missing roles to project factory ro SA in stage 1 (ludoo)
  • [#2656] Fix permadiff in bootstrap IAM (ludoo)
  • [#2652] Final fixes for v36.0.0-rc1 (ludoo)
  • [#2648] incompatible change: Refactor of FAST resource management and subsequent stages (ludoo)

MODULES

  • [#2648] Refactor of FAST resource management and subsequent stages (ludoo)

TOOLS

  • [#2688] Streamline environments variable across stages (ludoo)
  • [#2660] Refactor changelog for the new release process (ludoo)
  • [#2648] Refactor of FAST resource management and subsequent stages (ludoo)

35.1.0 - 2024-11-22

BLUEPRINTS

  • [#2706] Added min_instances, max_instances, min_throughput and max_throughtpu… (apichick)
  • [#2712] Add hierarchical namespace support to GCS module (juliocc)
  • [#2705] Added outputs to apigee-x-foundations blueprint (PSC NEGs) (apichick)
  • [#2704] Added outputs to apigee-x-foundations blueprint (instances and lbs) (apichick)
  • [#2514] New SecOps blueprints section and SecOps GKE Forwarder (simonebruzzechesse)
  • [#2658] Update service agents spec (juliocc)
  • [#2659] Fix Vertex MLOps blueprint (wiktorn)
  • [#2632] Migrate blueprints/data-solutions/vertex-mlops to google_workbench_instance (wiktorn)
  • [#2631] fix Vertex-ML-Ops e2e tests (wiktorn)

FAST

  • [#2715] Allow setting GCS location default/override in project factory (ludoo)
  • [#2640] Add Automation Service Accounts Output (joshw123)
  • [#2681] Keeping my contributor status :) (drebes)
  • [#2680] Swap groups_iam/iam_group for iam_by_principals in bootstrap README (robrankin)

MODULES

35.0.0 - 2024-10-30

BLUEPRINTS

  • [#2643] Add codespell to pre-commit (wiktorn)
  • [#2629] Bump cookie and express in /blueprints/apigee/apigee-x-foundations/functions/instance-monitor (dependabot[bot])
  • [#2623] Bump cookie and express in /blueprints/gke/binauthz/image (dependabot[bot])
  • [#2609] Add support for bundling net monitoring tool in a Docker image, and deploying via CR Job (ludoo)
  • [#2585] Apigee x foundations certificate manager (apichick)
  • [#2584] README fixes to FAST docs (skalolazka)
  • [#2574] Bump path-to-regexp and express in /blueprints/apigee/apigee-x-foundations/functions/instance-monitor (dependabot[bot])
  • [#2573] Bump path-to-regexp and express in /blueprints/gke/binauthz/image (dependabot[bot])
  • [#2536] incompatible change: Add support for google provider 6.x (sruffilli)

FAST

MODULES

TOOLS

  • [#2536] incompatible change: Add support for google provider 6.x (sruffilli)

34.1.0 - 2024-09-05

BLUEPRINTS

  • [#2557] Bump provider to 5.43.1 ahead of next release (juliocc)

FAST

  • [#2545] Add documentation instructions for potential issues in cicd-github and bootstrap stages (ludoo)

MODULES

TOOLS

34.0.0 - 2024-08-30

BLUEPRINTS

FAST

  • [#2543] Prepare v34.0.0 release (ludoo)
  • [#2541] Moved blocks and fix to resman for FAST v33-v34 transition (ludoo)
  • [#2484] [FAST] TLS inspection support for NGFW Enterprise (LucaPrete)
  • [#2530] Add managed folders support to gcs module (juliocc)
  • [#2511] [FAST] Add permissions to nsec-r SA (LucaPrete)
  • [#2509] Depend network security stage from fast features in FAST resman stage (ludoo)
  • [#2505] incompatible change: Refactor FAST project factory and supporting documentation (ludoo)
  • [#2499] Firewall policy module factory schema (ludoo)
  • [#2498] DNS rpz module factory schema (ludoo)
  • [#2497] Net vpc firewall factory schema (ludoo)
  • [#2494] Additional module schemas (ludoo)
  • [#2491] Organization module factory schemas (ludoo)
  • [#2483] Add bootstrap output with log destination ids (juliocc)
  • [#2482] [FAST] Rename netsec stage to nsec (LucaPrete)
  • [#2477] VPC-SC factory JSON Schemas (ludoo)
  • [#2471] Rename 1-vpc-sc stage to 1-vpcsc (juliocc)
  • [#2470] Make policyReader binding additive in bootstrap (juliocc)
  • [#2466] [FAST] Sets projects_data_path optional, as in the project factory module (LucaPrete)
  • [#2464] Fix peering routes config in fast a network stage (ludoo)
  • [#2460] incompatible change: VPC-SC as separate FAST stage 1 (ludoo)

MODULES

  • [#2543] Prepare v34.0.0 release (ludoo)
  • [#2538] Module net-vpc fix for reserved ranges (jamesdalf)
  • [#2539] Exposing aws_v4_authentication configuration in global external alb (okguru1)
  • [#2537] Add send_secondary_ip_range_if_empty=true to google_compute_subnetwork (sruffilli)
  • [#2533] Added the possibility of setting the duration of a GCE instance. (luigi-bitonti)
  • [#2535] Allow customizable prefix in net-vpc module PSA configs (ludoo)
  • [#2528] Support budget restriction read only (kejti23)
  • [#2530] Add managed folders support to gcs module (juliocc)
  • [#2531] Update stable provider too to 5.43 (juliocc)
  • [#2525] Bump provider to last release of version 5 (juliocc)
  • [#2523] feat: Add security_policy to backend service configuration (EmileHofsink)
  • [#2521] net-vpc module add overlap CIDR subnet attribute (jamesdalf)
  • [#2518] Fix CMEK typo in project module. Part 2 :) (artemBogdantsev)
  • [#2517] Fix CMEK typo in project module (artemBogdantsev)
  • [#2516] Key inconsistency in project-factory (V0idC0de)
  • [#2515] Add ca pool object to certification-authority-service module (LucaPrete)
  • [#2508] Add support for disable default snat (okguru1)
  • [#2510] net-swp module cleanup (sruffilli)
  • [#2505] incompatible change: Refactor FAST project factory and supporting documentation (ludoo)
  • [#2501] Use the google_tags_location_tag_binding Terraform resource to bind tags on KMS key rings (arnodasilva)
  • [#2502] Add deletion_policy to project module (juliocc)
  • [#2420] Add name overrides for Internal and External Load Balancers (cvanwijck-hub24)
  • [#2499] Firewall policy module factory schema (ludoo)
  • [#2498] DNS rpz module factory schema (ludoo)
  • [#2497] Net vpc firewall factory schema (ludoo)
  • [#2496] [fix] certificate authority service returning bad pool id (LucaPrete)
  • [#2493] [fix] Fixes errors in certificate-authority-service module (LucaPrete)
  • [#2495] ensure dns_keys output freshness (nathou)
  • [#2494] Additional module schemas (ludoo)
  • [#2491] Organization module factory schemas (ludoo)
  • [#2490] Bind schemas to factory files, add support for groups in VPC-SC schema (wiktorn)
  • [#2489] Extend test collector to include yaml files under tests/schemas/ and fast data files (juliocc)
  • [#2486] Fix failing tests for CloudSQL (wiktorn)
  • [#2485] Project factory module JSON schemas (ludoo)
  • [#2481] Adds a new certification authority service (CAS) module (LucaPrete)
  • [#2480] Add support for PSC global access to net-address (juliocc)
  • [#2477] VPC-SC factory JSON Schemas (ludoo)
  • [#2474] [fix] Pass optional location variable at certificates creation (LucaPrete)
  • [#2476] Cloud run v2 custom audiences (apichick)
  • [#2475] Cloud run v2 output uri (apichick)
  • [#2472] Fix grammar in net-vpc-peering preconditions (juliocc)
  • [#2469] Fix E2E tests (wiktorn)
  • [#2460] incompatible change: VPC-SC as separate FAST stage 1 (ludoo)

TOOLS

33.0.0 - 2024-08-01

BLUEPRINTS

  • [#2450] Remove "constraints/" from org policy names (juliocc)
  • [#2448] Add generic URL output to modules/artifiact-registry (juliocc)
  • [#2423] incompatible change: Refactor service agent management (juliocc)
  • [#2433] incompatible change: Reintroduce docker image path output in AR module (ludoo)
  • [#2416] Add support for sqlAssertion AutoDQ rule type in dataplex-datascan (jayBana)
  • [#2395] Fix tutorial error. (wiktorn)
  • [#2396] incompatible change: Update modules/artifact-registry with newly-released features. (juliocc)
  • [#2392] Added forward_proxy_uri to apigee environments in apigee-x-foundation… (apichick)
  • [#2389] Several wording and typos updates (bluPhy)
  • [#2382] Fixes related to Apigee KMS keys (apichick)
  • [#2372] Added spanner-instance module (apichick)

FAST

  • [#2410] [FAST] Add basic NGFW enterprise stage (LucaPrete)
  • [#2450] Remove "constraints/" from org policy names (juliocc)
  • [#2397] NCC in 2-net-a-simple (sruffilli)
  • [#2446] Remove alpha from gcloud storage cp as it moved to GA (LucaPrete)
  • [#2444] Add context to net-vpc factory (sruffilli)
  • [#2423] incompatible change: Refactor service agent management (juliocc)
  • [#2440] FAST ng: stage 0 environments and VPC-SC IaC resources (ludoo)
  • [#2430] FAST: IAM cleanups to reflect PF changes (sruffilli)
  • [#2417] Allow description to be set for FAST-managed tags (juliocc)
  • [#2412] [FAST] Housekeeping in CICD workflow templates and extra stage (jayBana)
  • [#2411] [FAST] Fix IAM bindings to impersonate resman CICD SAs at bootstrap stage (jayBana)
  • [#2404] Documented new GCVE design options (eliamaldini)
  • [#2402] gitlab workflow template fixes #2401 (sudhirrs)
  • [#2389] Several wording and typos updates (bluPhy)
  • [#2378] Add wording for SCC Enterprise to FAST stage 0 (ludoo)

MODULES

  • [#2459] Allow user to override peerings names (juliocc)
  • [#2457] update readme with cross project backend external regional/global LB - review (vivianvarela)
  • [#2454] Add support for dry-run org policies (juliocc)
  • [#2456] Manage lifecycle of cloud functions v2 IAM (ludoo)
  • [#2449] Add moved blocks for the service networking service agent and IAM (juliocc)
  • [#2448] incompatible change: Add generic URL output to modules/artifact-registry (juliocc)
  • [#2447] Fix wrong expression in compute-mig module (bz-canva)
  • [#2445] Override primary flag for the storage transfer service agent (juliocc)
  • [#2444] Add context to net-vpc factory (sruffilli)
  • [#2443] Project service agents moved block and enabled services (ludoo)
  • [#2423] incompatible change: Refactor service agent management (juliocc)
  • [#2439] incompatible change: Remove default values to secondary range names in GKE cluster modules (fulyagonultas)
  • [#2437] Add coalesce to factory fw policies to support empty yaml files (LucaPrete)
  • [#2436] Allow disabling topic creation in GCS module notification (ludoo)
  • [#2433] incompatible change: Reintroduce docker image path output in AR module (ludoo)
  • [#2424] E2E tests for ncc-spoke-ra (wiktorn)
  • [#2427] Fix Cloud Function v1/v2 E2E tests (wiktorn)
  • [#2421] fix cloudbuild service account email (nathou)
  • [#2418] Adding support for DWS for GKE nodepools (aurelienlegrand)
  • [#2416] Add support for sqlAssertion AutoDQ rule type in dataplex-datascan (jayBana)
  • [#2406] incompatible change: Adding TPU limits for GKE cluster node auto-provisioning (NAP) (aurelienlegrand)
  • [#2415] Added certificate_manager_certificates to app load balancers (apichick)
  • [#2413] incompatible change: Add E2E tests for Cloud Functions and fix perma-diff (wiktorn)
  • [#2409] Adds support for external SPGs to net-firewall-policy (LucaPrete)
  • [#2407] Allow project factory projects to override name (juliocc)
  • [#2405] Adding placement_policy for GKE nodepools (ex: GPU compact placement or TPU topology) (aurelienlegrand)
  • [#2400] Add info about roles for connectors service agent (wiktorn)
  • [#2396] incompatible change: Update modules/artifact-registry with newly-released features. (juliocc)
  • [#2393] Add support for SSL policy to net-lb-app-int module (ludoo)
  • [#2387] Added certificate-manager module (apichick)
  • [#2390] Add AssuredWorkload support to the folder module (averbuks)
  • [#2384] Allow Cloud NAT to only use secondary ranges (juliocc)
  • [#2388] Added missing links to firestore module is READMEs. (apichick)
  • [#2389] Several wording and typos updates (bluPhy)
  • [#2374] Added firestore module (apichick)
  • [#2380] Added private_endpoint_subnetwork parameters to GKE standard and autopilot modules (luigi-bitonti)
  • [#2370] Apigee - Add forward_proxy_uri support on environment resource (diogo-j-n-teixeira)
  • [#2376] Removed advertised_groups ALL_VPC_SUBNETS, ALL_VPC_SUBNETS as they ar… (apichick)
  • [#2375] Minor fixes in workstations IAM (apichick)
  • [#2372] Added spanner-instance module (apichick)
  • [#2373] Added expire_time option to the secret-manager module (deanosaurx)
  • [#2371] Support build service account in cloud function v2 module (ludoo)
  • [#2369] Add example, tests and fix for Google APIs PSC endpoint (wiktorn)
  • [#2368] Fix for plan not in sync when creating billing budgets in project factory #2365 (sudhirrs)
  • [#2366] Added additional range field to GKE standand and autopilot (luigi-bitonti)

TOOLS

  • [#2452] Add --extra-files option to plan_summary.py cmd (LucaPrete)
  • [#2445] Override primary flag for the storage transfer service agent (juliocc)
  • [#2423] incompatible change: Refactor service agent management (juliocc)
  • [#2441] Add commit id at the end of README (juliocc)
  • [#2413] incompatible change: Add E2E tests for Cloud Functions and fix perma-diff (wiktorn)
  • [#2399] Test different versions of Terraform (wiktorn)

32.0.1 - 2024-07-26

MODULES

32.0.0 - 2024-06-16

BLUEPRINTS

  • [#2361] incompatible change: Support GCS objects in cloud function modules bundles (ludoo)
  • [#2358] incompatible change: Support pre-made bundle archives in cloud function modules (ludoo)
  • [#2347] Add GCVE Logging and Monitoring Blueprint (KonradSchieban)
  • [#2356] Add Terraform installation step to meet the versions.tf requirements (wiktorn)
  • [#2355] Bump @grpc/grpc-js from 1.10.7 to 1.10.9 in /blueprints/apigee/apigee-x-foundations/functions/instance-monitor (dependabot[bot])
  • [#2341] Alloydb add support for psc (simonebruzzechesse)
  • [#2328] [FAST] Rename stage 2-networking-d-separate-envs to 2-networking-c-separate-envs (LucaPrete)
  • [#2326] Add pre-commit hook configuration (wiktorn)
  • [#2299] Kong Gateway on GKE offloading to Cloud Run (juliodiez)
  • [#2317] resource_labels added to the node_config nodepool (fulyagonultas)
  • [#2106] Gitlab Runner blueprint (simonebruzzechesse)
  • [#2303] incompatible change: Remove default location from gcs module (ludoo)
  • [#2296] Bump requests from 2.31.0 to 2.32.0 in /blueprints/cloud-operations/network-quota-monitoring/src (dependabot[bot])
  • [#2284] incompatible change: Unify VPN and Peering FAST stages (sruffilli)

DOCUMENTATION

FAST

  • [#2353] Add main project factory service account (ludoo)
  • [#2352] incompatible change: Remove support for source repositories from FAST CI/CD (ludoo)
  • [#2344] Fix typos in documentation (albertogeniola)
  • [#2340] Fix wrong documentation reference to tfvars (albertogeniola)
  • [#2337] DNS policy fix (sruffilli)
  • [#2335] Add perimeter ids in vpc-sc module outputs, fix vpc-sc in project factory module (ludoo)
  • [#2334] Support setting IAM for FAST tags in resource management stage (ludoo)
  • [#2333] Fix resman top-level folders variable types (ludoo)
  • [#2332] Fix dns policy (wiktorn)
  • [#2331] Enable hierarchy in fast project factory (ludoo)
  • [#2330] Update PGA domains (juliocc)
  • [#2329] FAST: Enable networkconnectivity when using NCC-RA in 2-b (sruffilli)
  • [#2328] [FAST] Rename stage 2-networking-d-separate-envs to 2-networking-c-separate-envs (LucaPrete)
  • [#2325] Fix restrictAllowedGenerations org policy example (juliocc)
  • [#2317] resource_labels added to the node_config nodepool (fulyagonultas)
  • [#2319] Pbrumblay/clarify org policy tags (pbrumblay)
  • [#2309] incompatible change: Merge FAST C and E network stages into a new B stage. (sruffilli)
  • [#2315] FAST: Obsolete assets cleanup (sruffilli)
  • [#2305] FAST MT: Readme updates and more prefix validation (sruffilli)
  • [#2232] New extra stage for FAST gitlab setup (simonebruzzechesse)
  • [#2294] Avoid unnecessary terraform plans for closed (unmerged) PRs (pbrumblay)
  • [#2298] Adjust list of imported org policies to official docs (wiktorn)
  • [#2297] Add support for tenant factory CI/CD (ludoo)
  • [#2292] [FAST] fix: tenant-factory logging bucket project (LucaPrete)
  • [#2290] Add wif permissions to bootstrap tf SA (simonebruzzechesse)
  • [#2289] Fix mt diagram and broken link (ludoo)
  • [#2288] Ignore test resource data in new network stage, split out fast variables (ludoo)
  • [#2286] Switch FAST stages 0-1s to excalidraw diagrams (ludoo)
  • [#2287] incompatible change: FAST: Cleanup/harmonization of Simple and NVA net stages (sruffilli)
  • [#2284] incompatible change: Unify VPN and Peering FAST stages (sruffilli)
  • [#2254] incompatible change: FAST: add top-level folders and restructure teams/tenants in resman (ludoo)

MODULES

  • [#2364] Relax dataproc master config type (ludoo)
  • [#2363] Add support for different endpoint types for Cloud NAT (wiktorn)
  • [#2362] Strip bucket name from bundle URI in cloud function modules (ludoo)
  • [#2361] incompatible change: Support GCS objects in cloud function modules bundles (ludoo)
  • [#2360] Validate bundle, use pathexpand in cloud function modules (ludoo)
  • [#2359] Don't compute checksum in cloud function modules for static bundles (ludoo)
  • [#2358] incompatible change: Support pre-made bundle archives in cloud function modules (ludoo)
  • [#2357] Add use_table_schema parameter for PubSub subscription to BigQuery (mdaddetta)
  • [#2354] Use var.vpc_config.subnetwork in NEGs when var.neg_config.*.subnetwork is not provided (wiktorn)
  • [#2351] Added missing validation values for backend services (deanosaurx)
  • [#2350] Add network tags outputs and examples to project module (ludoo)
  • [#2341] Alloydb add support for psc (simonebruzzechesse)
  • [#2339] Enable stateful ha in gke cluster standard module (ludoo)
  • [#2336] Add documentation for load balancer changes (wiktorn)
  • [#2335] Add perimeter ids in vpc-sc module outputs, fix vpc-sc in project factory module (ludoo)
  • [#2321] Fixed e2e tests for alloydb module (simonebruzzechesse)
  • [#2312] Fixes for Alloydb E2E tests (wiktorn)
  • [#2317] resource_labels added to the node_config nodepool (fulyagonultas)
  • [#2280] Secret manager e2etests (dibaskar-google)
  • [#2307] Extend support for tag bindings to more modules (ludoo)
  • [#2306] Internet NEG for internal proxy LB (wiktorn)
  • [#2304] incompatible change: Remove default location from container-registry, datacatalog-policy-tag, workstation-cluster (ludoo)
  • [#2303] incompatible change: Remove default location from gcs module (ludoo)
  • [#2301] Fix permadiff in cloud nat module (ludoo)
  • [#2300] Add support for shared vpc host to project factory (ludoo)
  • [#2285] New alloydb module (simonebruzzechesse)
  • [#2291] IPS support for Firewall Policy (rickygodoy)
  • [#2293] Internet NEG for net-lb-app-int (wiktorn)

TOOLS

31.1.0 - 2024-05-15

BLUEPRINTS

  • [#2282] Disable reserved_internal_range in net-vpc due to provider bug (sruffilli)

MODULES

  • [#2282] Disable reserved_internal_range in net-vpc due to provider bug (sruffilli)

31.0.0 - 2024-05-14

BLUEPRINTS

  • [#2278] Bump express from 4.18.2 to 4.19.2 in /blueprints/apigee/apigee-x-foundations/functions/instance-monitor (dependabot[bot])
  • [#2275] Add support for reserved_internal_range in net-vpc (sruffilli)
  • [#2277] Added missing apigee org attributes to apigee x foundations blueprint (apichick)
  • [#2279] Bump protobufjs, @google-cloud/logging-bunyan and @google-cloud/monitoring in /blueprints/apigee/apigee-x-foundations/functions/instance-monitor (dependabot[bot])
  • [#2274] Added apigee-x-foundations blueprint (apichick)
  • [#2243] Added new attributes Apigee organization and bumped up providers version (apichick)
  • [#2239] Update README.md (vicenteg)
  • [#2230] docs: 📝 fix error in phpIPAM terraform config by updating VPC pe… (PapaPeskwo)
  • [#2227] Bump golang.org/x/net from 0.17.0 to 0.23.0 in /blueprints/cloud-operations/unmanaged-instances-healthcheck/function/healthchecker (dependabot[bot])
  • [#2228] Bump golang.org/x/net from 0.17.0 to 0.23.0 in /blueprints/cloud-operations/unmanaged-instances-healthcheck/function/restarter (dependabot[bot])
  • [#2226] fix cloud sql PSA after module upgrade (simonebruzzechesse)
  • [#2220] Add tflint to pipelines (juliocc)
  • [#2218] incompatible change: Allow multiple PSA service providers in net-vpc module (ludoo)
  • [#2208] Updated diagram to better reflect PSC terminology (bswenka)
  • [#2207] feat(gke-cluster-standard): Add optional CiliumClusterWideNetworkPolicy (anthonyhaussman)
  • [#2201] Updating cloud-run-v2 terraform and some typos (bluPhy)
  • [#2191] FAST GCVE stage (eliamaldini)
  • [#2181] Bump express from 4.17.3 to 4.19.2 in /blueprints/gke/binauthz/image (dependabot[bot])
  • [#2174] Bump provider version to 5.18 to fix non-empty plan for google_notebooks_instance (wiktorn)
  • [#2171] incompatible change: Fix subnet configuration in cloud nat module (ludoo)
  • [#2168] Support advanced_datapath_observability in gke cluster standard module (ludoo)
  • [#2169] Add stub READMEs for the removed hub and spoke blueprints (ludoo)

DOCUMENTATION

  • [#2164] Updated CONTRIBUTING.md with a guide to cut a new release (sruffilli)

FAST

  • [#2267] Fix 0-bootstrap iam_by_principals not taking into account all principals (wiktorn)
  • [#2263] Update docs - gcp-network-admins -> gcp-vpc-network-admins (wiktorn)
  • [#2260] Remove data source from folder module (ludoo)
  • [#2253] Misc FAST fixes (juliocc)
  • [#2235] Update FAST logging (juliocc)
  • [#2233] Fix permissions for branch network dev - read sa (LucaPrete)
  • [#2221] Enable TFLint in FAST stages (juliocc)
  • [#2220] Add tflint to pipelines (juliocc)
  • [#2218] incompatible change: Allow multiple PSA service providers in net-vpc module (ludoo)
  • [#2219] Remove unused variables/locals from FAST (juliocc)
  • [#2215] Add new org policies to FAST (juliocc)
  • [#2210] Add support for quotas to project module (ludoo)
  • [#2206] Update the description and README for the tags variable (timothy-jabez)
  • [#2204] Align exported tfvars in FAST networking stages, add psc and proxy only subnets (ludoo)
  • [#2203] incompatible change: FAST security stage refactor (ludoo)
  • [#2196] Add variable to resman to control top-level folder IAM (juliocc)
  • [#2195] Allow r/o project factory SAs access to folder-level IAM (ludoo)
  • [#2191] FAST GCVE stage (eliamaldini)
  • [#2178] Add missing permission to org viewer custom role in FAST stage 0 (ludoo)
  • [#2172] Fix subnet names in FAST net stage c nva (ludoo)

MODULES

  • [#2275] Add support for reserved_internal_range in net-vpc (sruffilli)
  • [#2274] Added apigee-x-foundations blueprint (apichick)
  • [#2270] Cloud function CMEK key support (luigi-bitonti)
  • [#2272] New Bindplane cloud-config-container setup (simonebruzzechesse)
  • [#2269] Implement the full IAM interface for tags (ludoo)
  • [#2268] Add logging settings to folder module (ludoo)
  • [#2242] CloudSQL PSC Endpoints support (wiktorn)
  • [#2265] Fix failing E2E net-vpc test (wiktorn)
  • [#2264] Fix bug from output typo in new project-factory module (JanCVanB)
  • [#2262] Make Simple NVA route IAP traffic through NIC 0 (juliocc)
  • [#2261] Add Hybrid NAT support (juliocc)
  • [#2260] Remove data source from folder module (ludoo)
  • [#2247] Fix workstation-cluster module for private deployment (simonebruzzechesse)
  • [#2252] Add support for labels to GKE backup plans (ludoo)
  • [#2251] Fix factory ingress policy services in vpc-sc module (ludoo)
  • [#2248] Added missing identity when connectors API is enabled (jnahelou)
  • [#2246] Fixed issue with service networking DNS peering (apichick)
  • [#2243] Added new attributes Apigee organization and bumped up providers version (apichick)
  • [#2244] incompatible change: Removed BFD settings from net-vpn-ha module as it is not supported (apichick)
  • [#2241] Use default labels on pubsub subscription when no override is provided (wiktorn)
  • [#2238] fix: allow disabling node autoprovisioning (kumadee)
  • [#2234] Added build environment variables in cloud function v1 (luigi-bitonti)
  • [#2229] incompatible change: Refactor vpc-sc support in project module, add support for dry run (ludoo)
  • [#2226] fix cloud sql PSA after module upgrade (simonebruzzechesse)
  • [#2224] added missing option for exclusion scope (cmalpe)
  • [#2220] Add tflint to pipelines (juliocc)
  • [#2218] incompatible change: Allow multiple PSA service providers in net-vpc module (ludoo)
  • [#2216] Remove data source from net-vpc module (ludoo)
  • [#2214] Net LB App Internal Cross-Region recipe (ludoo)
  • [#2213] Add support for tags to GCS module (ludoo)
  • [#2211] Add project quotas factory (wiktorn)
  • [#2212] Add support for GCS soft-delete retention period (sruffilli)
  • [#2210] Add support for quotas to project module (ludoo)
  • [#2209] Add support for data cache to cloud sql module (ludoo)
  • [#2207] feat(gke-cluster-standard): Add optional CiliumClusterWideNetworkPolicy (anthonyhaussman)
  • [#2205] Add validation rule for DNS module health check targets (ludoo)
  • [#2201] Updating cloud-run-v2 terraform and some typos (bluPhy)
  • [#2202] added force_destroy to dns module (nika-pr)
  • [#2191] FAST GCVE stage (eliamaldini)
  • [#2190] VPC module - PSA configurable service producer (spica29)
  • [#2185] Fix failing e2e tests for Cloud Run CMEK (wiktorn)
  • [#2182] incompatible change: Fix default nodepool defaults in gke standard module (ludoo)
  • [#2177] add cmek option for cloud_run_v2 (SalehElnagarSecurrency)
  • [#2175] feat(gke-cluster-standard): Set optional default_node_pool configuration (anthonyhaussman)
  • [#2174] Bump provider version to 5.18 to fix non-empty plan for google_notebooks_instance (wiktorn)
  • [#2171] incompatible change: Fix subnet configuration in cloud nat module (ludoo)
  • [#2170] Support optional secondary ranges in net-cloudnat module (ludoo)
  • [#2168] Support advanced_datapath_observability in gke cluster standard module (ludoo)
  • [#2166] feat(net-cloudnat): add tcp_time_wait to config_timeouts (frits-v)

TOOLS