merge fast-dev

.github/workflows/linting.yml

@@ -17,6 +17,7 @@ on:
   pull_request:
     branches:
       - master
+      - fast-dev
 
 jobs:
   linting:

.github/workflows/tests.yml

@@ -19,6 +19,7 @@ on:
   pull_request:
     branches:
       - master
+      - fast-dev
   workflow_dispatch:
     inputs:
       terraform_version:

CHANGELOG.md

@@ -3,7 +3,38 @@
 All notable changes to this project will be documented in this file.
 <!-- markdownlint-disable MD024 -->
 
-## [Unreleased]
+## [Unreleased] <!-- from: 2024-10-30 14:20:58+00:00 to: None since: v35.0.0 -->
+
+## [36.0.0] - 2024-11-22
+
+### BLUEPRINTS
+
+- [[#2648](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/2648)] Refactor of FAST resource management and subsequent stages ([ludoo](https://github.com/ludoo)) <!-- 2024-10-31 15:55:55+00:00 -->
+
+### FAST
+
+- [[#2714](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/2714)] Remove stale resman validation ([juliocc](https://github.com/juliocc)) <!-- 2024-11-18 16:00:06+00:00 -->
+- [[#2707](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/2707)] Expose `factories_config` for resman top level folders ([juliocc](https://github.com/juliocc)) <!-- 2024-11-17 22:54:56+00:00 -->
+- [[#2701](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/2701)] Allow disabling network security stage ([juliocc](https://github.com/juliocc)) <!-- 2024-11-17 09:04:18+00:00 -->
+- [[#2697](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/2697)] Remove REGIONAL/MULTI_REGIONAL buckets from FAST ([juliocc](https://github.com/juliocc)) <!-- 2024-11-16 10:14:47+00:00 -->
+- [[#2693](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/2693)] Unify usage of top level folders short_name ([juliocc](https://github.com/juliocc)) <!-- 2024-11-15 12:56:46+00:00 -->
+- [[#2694](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/2694)] Make project iam viewer name consistent with GCP naming ([juliocc](https://github.com/juliocc)) <!-- 2024-11-15 10:48:37+00:00 -->
+- [[#2688](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/2688)] Streamline environments variable across stages ([ludoo](https://github.com/ludoo)) <!-- 2024-11-15 09:22:18+00:00 -->
+- [[#2685](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/2685)] Add missing billing roles to project factory ro SA in stage 1 ([ludoo](https://github.com/ludoo)) <!-- 2024-11-14 10:41:30+00:00 -->
+- [[#2683](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/2683)] Add missing roles to project factory ro SA in stage 1 ([ludoo](https://github.com/ludoo)) <!-- 2024-11-14 09:25:51+00:00 -->
+- [[#2656](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/2656)] Fix permadiff in bootstrap IAM ([ludoo](https://github.com/ludoo)) <!-- 2024-11-01 14:56:07+00:00 -->
+- [[#2652](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/2652)] Final fixes for v36.0.0-rc1 ([ludoo](https://github.com/ludoo)) <!-- 2024-10-31 16:47:11+00:00 -->
+- [[#2648](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/2648)] **incompatible change:** Refactor of FAST resource management and subsequent stages ([ludoo](https://github.com/ludoo)) <!-- 2024-10-31 15:55:55+00:00 -->
+
+### MODULES
+
+- [[#2648](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/2648)] Refactor of FAST resource management and subsequent stages ([ludoo](https://github.com/ludoo)) <!-- 2024-10-31 15:55:55+00:00 -->
+
+### TOOLS
+
+- [[#2688](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/2688)] Streamline environments variable across stages ([ludoo](https://github.com/ludoo)) <!-- 2024-11-15 09:22:18+00:00 -->
+- [[#2660](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/2660)] Refactor changelog for the new release process ([ludoo](https://github.com/ludoo)) <!-- 2024-11-11 10:59:45+00:00 -->
+- [[#2648](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/2648)] Refactor of FAST resource management and subsequent stages ([ludoo](https://github.com/ludoo)) <!-- 2024-10-31 15:55:55+00:00 -->
 
 ## [35.1.0] - 2024-11-22
 
@@ -59,11 +90,6 @@ All notable changes to this project will be documented in this file.
 - [[#2631](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/2631)] fix Vertex-ML-Ops e2e tests ([wiktorn](https://github.com/wiktorn)) <!-- 2024-11-04 09:13:33+00:00 -->
 - [[#2653](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/2653)] Add required enabled field introduced in Terraform version 5.41.0 ([jacobmammoliti](https://github.com/jacobmammoliti)) <!-- 2024-11-01 07:01:14+00:00 -->
 
-### TOOLS
-
-- [[#2717](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/2717)] Change tfdoc pre-commit hook script to use while read ([rosmo](https://github.com/rosmo)) <!-- 2024-11-19 08:01:15+00:00 -->
-- [[#2712](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/2712)] Add hierarchical namespace support to GCS module ([juliocc](https://github.com/juliocc)) <!-- 2024-11-18 11:41:49+00:00 -->
-
 ## [35.0.0] - 2024-10-30
 <!-- None < 2024-09-05 10:07:19+00:00 -->
 
@@ -2593,7 +2619,8 @@ All notable changes to this project will be documented in this file.
 - merge development branch with suite of new modules and end-to-end examples
 
 <!-- markdown-link-check-disable -->
-[Unreleased]: https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/compare/v35.1.0...HEAD
+[Unreleased]: https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/compare/v36.0.0...HEAD
+[36.0.0]: https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/compare/v35.1.0...v36.0.0
 [35.1.0]: https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/compare/v35.0.0...v35.1.0
 [35.0.0]: https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/compare/v34.1.0...v35.0.0
 [34.1.0]: https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/compare/v34.0.0...v34.1.0

blueprints/README.md

@@ -8,7 +8,7 @@ Currently available blueprints:
 - **cloud operations** - [Active Directory Federation Services](./cloud-operations/adfs), [Cloud Asset Inventory feeds for resource change tracking and remediation](./cloud-operations/asset-inventory-feed-remediation), [Fine-grained Cloud DNS IAM via Service Directory](./cloud-operations/dns-fine-grained-iam), [Cloud DNS & Shared VPC design](./cloud-operations/dns-shared-vpc), [Delegated Role Grants](./cloud-operations/iam-delegated-role-grants), [Network Quota Monitoring](./cloud-operations/network-quota-monitoring), [Managing on-prem service account keys by uploading public keys](./cloud-operations/onprem-sa-key-management), [Compute Image builder with Hashicorp Packer](./cloud-operations/packer-image-builder), [Packer example](./cloud-operations/packer-image-builder/packer), [Compute Engine quota monitoring](./cloud-operations/compute-quota-monitoring), [Scheduled Cloud Asset Inventory Export to Bigquery](./cloud-operations/scheduled-asset-inventory-export-bq), [Configuring workload identity federation with Terraform Cloud/Enterprise workflows](./cloud-operations/terraform-cloud-dynamic-credentials), [TCP healthcheck and restart for unmanaged GCE instances](./cloud-operations/unmanaged-instances-healthcheck), [Migrate for Compute Engine (v5) blueprints](./cloud-operations/vm-migration), [Configuring workload identity federation to access Google Cloud resources from apps running on Azure](./cloud-operations/workload-identity-federation)
 - **data solutions** - [GCE and GCS CMEK via centralized Cloud KMS](./data-solutions/cmek-via-centralized-kms), [Cloud Composer version 2 private instance, supporting Shared VPC and external CMEK key](./data-solutions/composer-2), [Cloud SQL instance with multi-region read replicas](./data-solutions/cloudsql-multiregion), [Data Platform](./data-solutions/data-platform-foundations), [Minimal Data Platform](./data-solutions/data-platform-minimal), [Spinning up a foundation data pipeline on Google Cloud using Cloud Storage, Dataflow and BigQuery](./data-solutions/gcs-to-bq-with-least-privileges), [#SQL Server Always On Groups blueprint](./data-solutions/sqlserver-alwayson), [Data Playground](./data-solutions/data-playground), [MLOps with Vertex AI](./data-solutions/vertex-mlops), [Shielded Folder](./data-solutions/shielded-folder), [BigQuery ML and Vertex AI Pipeline](./data-solutions/bq-ml)
 - **factories** - [Fabric resource factories](./factories)
-- **GKE** - [Binary Authorization Pipeline Blueprint](./gke/binauthz), [Storage API](./gke/binauthz/image), [Multi-cluster mesh on GKE (fleet API)](./gke/multi-cluster-mesh-gke-fleet-api), [GKE Multitenant Blueprint](./gke/multitenant-fleet), [Shared VPC with GKE support](./networking/shared-vpc-gke/), [GKE Autopilot](./gke/autopilot)
+- **GKE** - [Binary Authorization Pipeline Blueprint](./gke/binauthz), [Storage API](./gke/binauthz/image), [Multi-cluster mesh on GKE (fleet API)](./gke/multi-cluster-mesh-gke-fleet-api), [GKE Multitenant](../fast/stages/3-gke-dev), [Shared VPC with GKE support](./networking/shared-vpc-gke/), [GKE Autopilot](./gke/autopilot)
 - **networking** - [Calling a private Cloud Function from On-premises](./networking/private-cloud-function-from-onprem), [HA VPN over Interconnect](./networking/ha-vpn-over-interconnect/), [GLB and multi-regional daisy-chaining through hybrid NEGs](./networking/glb-hybrid-neg-internal), [Hybrid connectivity to on-premise services through PSC](./networking/psc-hybrid), [HTTP Load Balancer with Cloud Armor](./networking/glb-and-armor), [Internal Load Balancer as Next Hop](./networking/ilb-next-hop), On-prem DNS and Google Private Access,  [PSC Producer](./networking/psc-hybrid/psc-producer), [PSC Consumer](./networking/psc-hybrid/psc-consumer), [Shared VPC with optional GKE cluster](./networking/shared-vpc-gke), [VPC Connectivity Lab](./networking/vpc-connectivity-lab/)
 - **SecOps** - [SecOps GKE Forwarder](./secops/secops-gke-forwarder)
 - **serverless** - [Cloud Run series](./serverless/cloud-run-explore)

blueprints/data-solutions/data-platform-foundations/README.md

@@ -23,7 +23,7 @@ The approach adapts to different high-level requirements:
 - least privilege principle
 - rely on service account impersonation
 
-The code in this blueprint doesn't address Organization-level configurations (Organization policy, VPC-SC, centralized logs). We expect those elements to be managed by automation stages external to this script like those in [FAST](../../../fast) and this blueprint deployed on top of them as one of the [stages](../../../fast/stages/3-data-platform/dev/README.md).
+The code in this blueprint doesn't address Organization-level configurations (Organization policy, VPC-SC, centralized logs). We expect those elements to be managed by automation stages external to this script like those in [FAST](../../../fast).
 
 ### Project structure
 

blueprints/data-solutions/data-platform-minimal/README.md

@@ -49,7 +49,7 @@ The approach adapts to different high-level requirements:
 - least privilege principle
 - rely on service account impersonation
 
-The code in this blueprint doesn't address Organization-level configurations (Organization policy, VPC-SC, centralized logs). We expect those elements to be managed by automation stages external to this script like those in [FAST](../../../fast) and this blueprint deployed on top of them as one of the [stages](../../../fast/stages/3-data-platform/dev/README.md).
+The code in this blueprint doesn't address Organization-level configurations (Organization policy, VPC-SC, centralized logs). We expect those elements to be managed by automation stages external to this script like those in [FAST](../../../fast).
 
 ## Project structure