Releases: GoogleCloudPlatform/cloud-foundation-fabric
Releases · GoogleCloudPlatform/cloud-foundation-fabric
v36.0.0-rc1
This release implements several breaking changes and new features in FAST. Please refer to the FAST stage1 documentation and the FAST upgrading instructions for more details.
Release contents:
v35.0.0
BLUEPRINTS
- [#2643] Add codespell to pre-commit (wiktorn)
- [#2629] Bump cookie and express in /blueprints/apigee/apigee-x-foundations/functions/instance-monitor (dependabot[bot])
- [#2623] Bump cookie and express in /blueprints/gke/binauthz/image (dependabot[bot])
- [#2609] Add support for bundling net monitoring tool in a Docker image, and deploying via CR Job (ludoo)
- [#2585] Apigee x foundations certificate manager (apichick)
- [#2584] README fixes to FAST docs (skalolazka)
- [#2574] Bump path-to-regexp and express in /blueprints/apigee/apigee-x-foundations/functions/instance-monitor (dependabot[bot])
- [#2573] Bump path-to-regexp and express in /blueprints/gke/binauthz/image (dependabot[bot])
- [#2536] incompatible change: Add support for google provider 6.x (sruffilli)
FAST
- [#2649] Clarify fast-dev purpose (juliocc)
- [#2643] Add codespell to pre-commit (wiktorn)
- [#2641] Adding DNS for GKE control plane to private google access APIs (aurelienlegrand)
- [#2630] [FAST] Fix stage 2 simple NVA wrong location - causing test failures (LucaPrete)
- [#2611] Add TFE integration for backend and CICD (lnesteroff)
- [#2620] added output for tfvars_globals (lnesteroff)
- [#2544] GCVE network mode for 2-networking-b-nva stage (eliamaldini)
- [#2616] Support log exclusions in FAST bootstrap log sinks (ludoo)
- [#2604] fixed tfe wif definition variables (lnesteroff)
- [#2600] FAST: Adds support for PSC transitivity to 2-a (sruffilli)
- [#2598] added terraform enterprise/hcp terraform def to wif providers (lnesteroff)
- [#2584] README fixes to FAST docs (skalolazka)
- [#2582] Make it explicit in FAST docs that stages need to be run once before CI/CD setup (ludoo)
- [#2581] Update FAST stage diagrams (ludoo)
- [#2579] FAST resman mt fixes (ludoo)
- [#2568] Update a few references from 3-project-factory to 2-project-factory (lyricnz)
- [#2558] Update variables.tf (eliamaldini)
- [#2564] Enables compute.setNewProjectDefaultToZonalDNSOnly and essentialcontacts.allowedContactDomains (sruffilli)
- [#2563] Update list of imported org policies (sruffilli)
MODULES
- [#2642] Reorganize ADRs and new versioning ADR (juliocc)
- [#2643] Add codespell to pre-commit (wiktorn)
- [#2645] feat(modules/secret-manager): add support for version_destroy_ttl (frits-v)
- [#2639] incompatible change: Add option to attach multiple snapshot schedule to disks (shujaatsscripts)
- [#2638] Fix ipv6 output in net-vpc module, add support for extra volumes in cloud run v2 module (ludoo)
- [#2625] Add Project Factory Logging Data Option (joshw123)
- [#2617] fix(artifact-registry): fix a move issue with tf>1.7 (NitriKx)
- [#2608] Additional job attributes in cloud run v2 module (ludoo)
- [#2599] incompatible change: Alloydb variables refactor (simonebruzzechesse)
- [#2606] feat: implement the new iam interface in
artifact-registry(NitriKx) - [#2595] Allow manage existing SSM instance (lnesteroff)
- [#2572] Added biglake-catalog module (apichick)
- [#2593] Fix looker README and add custom url for looker instance module (simonebruzzechesse)
- [#2590] Fix permadiff on iap attribute in net-lb-app-int module (eliamaldini)
- [#2565] New looker core module (simonebruzzechesse)
- [#2587] Project Module CMEK: added CloudRun (artemBogdantsev)
- [#2586] Add location for each SSM IAM resource (lnesteroff)
- [#2569] Secure source manager ([apichick](https:...
v34.1.0
Final Release before provider upgrade to 6.x
What's Changed
BLUEPRINTS
FAST
- [#2545] Add documentation instructions for potential issues in cicd-github and bootstrap stages (ludoo)
MODULES
- [#2557] Bump provider to 5.43.1 ahead of next release (juliocc)
- [#2556] Updated the auto pilot gke security posture configuration (oluakingcp)
- [#2553] Added the GKE security_posture configuration (oluakingcp)
- [#2546] Full examples for CMEK examples (wiktorn)
TOOLS
- [#2557] Bump provider to 5.43.1 ahead of next release (juliocc)
- [#2552] Upload hidden files (wiktorn)
New Contributors
- @oluakingcp made their first contribution in #2553
Full Changelog: v34.0.0...v34.1.0
Contributors
oluakingcp
Assets 2
v34.0.0
From this release we are adding a few changes that should facilitate upgrading between FAST versions:
- high level migration considerations in the release notes (here)
- a set of pre-computed
movedblocks that transition resources to the new formats where possible for bootstrap, resource management, and networking "a" stages - the release version embedded as a comment in
versions.tffiles across the whole repository
We emphasize that upgrading FAST is not one of the stated goals of this project, whose main goal is not to publish a product but to produce a set of modules and a Landing Zones toolkit that dynamically evolve to capture patterns seen in the field, and improved designs supporting new product features. One of the many discussions on this topic can be found in #2512.
FAST migration from v33.0.0 to v34.0.0
Bootstrap stage
No destructive changes. A few IAM bindings are re-applied cleanly.
Resource management stage
Network security IaC resources change names from resman-netsec to resman-nsec and need recreation. Network security state should be transitioned to local before applying resource management, and re-transitioned to remote after refreshing resman output files and netsec provider.
Project factory dev and prod resources will change internal names, the moved blocks in the provided file should seamlessly rename them in state. You might get errors during apply on the service accounts, but a second apply cycle succeeds.
Release changelog
BLUEPRINTS
- [#2543] Prepare v34.0.0 release (ludoo)
- [#2542] Use generic project name in HA VPN over IC blueprint (juliocc)
- [#2530] Add managed folders support to
gcsmodule (juliocc) - [#2531] Update stable provider too to 5.43 (juliocc)
- [#2525] Bump provider to last release of version 5 (juliocc)
- [#2502] Add
deletion_policyto project module (juliocc) - [#2469] Fix E2E tests (wiktorn)
- [#2463] Typo in README: well know -> well-known (derailed-dash)
FAST
- [#2543] Prepare v34.0.0 release (ludoo)
- [#2541] Moved blocks and fix to resman for FAST v33-v34 transition (ludoo)
- [#2484] [FAST] TLS inspection support for NGFW Enterprise (LucaPrete)
- [#2530] Add managed folders support to
gcsmodule (juliocc) - [#2511] [FAST] Add permissions to nsec-r SA (LucaPrete)
- [#2509] Depend network security stage from fast features in FAST resman stage (ludoo)
- [#2505] incompatible change: Refactor FAST project factory and supporting documentation (ludoo)
- [#2499] Firewall policy module factory schema (ludoo)
- [#2498] DNS rpz module factory schema (ludoo)
- [#2497] Net vpc firewall factory schema (ludoo)
- [#2494] Additional module schemas (ludoo)
- [#2491] Organization module factory schemas (ludoo)
- [#2483] Add boostrap output with log destination ids (juliocc)
- [#2482] [FAST] Rename netsec stage to nsec (LucaPrete)
- [#2477] VPC-SC factory JSON Schemas (ludoo)
- [#2471] Rename 1-vpc-sc stage to 1-vpcsc (juliocc)
- [#2470] Make policyReader binding additive in bootstrap (juliocc)
- [#2466] [FAST] Sets projects_data_path optional, as in the project factory module (LucaPrete)
- [#2464] Fix peering routes config in fast a network stage (ludoo)
- [#2460] incompatible change: VPC-SC as separate FAST stage 1 (ludoo)
MODULES
- [#2543] Prepare v34.0.0 release (ludoo)
- [#2538] Module net-vpc fix for reserved ranges (jamesdalf)
- [#2539] Exposing aws_v4_authentication configuration in global external alb (okguru1)
- [#2537] Add send_secondary_ip_range_if_empty=true to google_compute_subnetwork (sruffilli)
- [#2533] Added the possibility of setting the duration of a GCE instance. (luigi-bitonti)
- [#2535] Allow customizable prefix in net-vpc module PSA configs (ludoo)
- [#2528] Support budget restriction read only (kejti23)
- [#2530] Add managed folders support to
gcsmodule (juliocc) - [#2531] Update stable provider too to 5.43 (juliocc)
- [#2525] Bump provider to last release of version 5 (juliocc)
- [#2523] feat: Add security_policy to backend service configuration (EmileHofsink)
- [#2521] net-vpc module add overlap CIDR subnet attribute (jamesdalf)
- [[#2518](https://github.com/...
v33.0.0
BLUEPRINTS
- [#2450] Remove "constraints/" from org policy names (juliocc)
- [#2448] incompatible change: Add generic URL output to modules/artifact-registry (juliocc)
- [#2423] incompatible change: Refactor service agent management (juliocc)
- [#2433] incompatible change: Reintroduce docker image path output in AR module (ludoo)
- [#2416] Add support for sqlAssertion AutoDQ rule type in dataplex-datascan (jayBana)
- [#2395] Fix tutorial error. (wiktorn)
- [#2396] incompatible change: Update
modules/artifact-registrywith newly-released features. (juliocc) - [#2392] Added forward_proxy_uri to apigee environments in apigee-x-foundation… (apichick)
- [#2389] Several wording and typos updates (bluPhy)
- [#2382] Fixes related to Apigee KMS keys (apichick)
- [#2372] Added spanner-instance module (apichick)
FAST
- [#2410] [FAST] Add basic NGFW enterprise stage (LucaPrete)
- [#2450] Remove "constraints/" from org policy names (juliocc)
- [#2397] NCC in 2-net-a-simple (sruffilli)
- [#2446] Remove alpha from gcloud storage cp as it moved to GA (LucaPrete)
- [#2444] Add context to net-vpc factory (sruffilli)
- [#2423] incompatible change: Refactor service agent management (juliocc)
- [#2440] FAST ng: stage 0 environments and VPC-SC IaC resources (ludoo)
- [#2430] FAST: IAM cleanups to reflect PF changes (sruffilli)
- [#2417] Allow description to be set for FAST-managed tags (juliocc)
- [#2412] [FAST] Housekeeping in CICD workflow templates and extra stage (jayBana)
- [#2411] [FAST] Fix IAM bindings to impersonate resman CICD SAs at bootstrap stage (jayBana)
- [#2404] Documented new GCVE design options (eliamaldini)
- [#2402] gitlab workflow template fixes #2401 (sudhirrs)
- [#2389] Several wording and typos updates (bluPhy)
- [#2378] Add wording for SCC Enterprise to FAST stage 0 (ludoo)
MODULES
- [#2459] Allow user to override peerings names (juliocc)
- [#2457] update readme with cross project backend external regional/global LB - review (vivianvarela)
- [#2454] Add support for dry-run org policies (juliocc)
- [#2456] Manage lifecycle of cloud functions v2 IAM (ludoo)
- [#2449] Add moved blocks for the service networking service agent and IAM (juliocc)
- [#2448] Add generic URL output to modules/artifiact-registry (juliocc)
- [#2447] Fix wrong expression in compute-mig module (bz-canva)
- [#2445] Override primary flag for the storage transfer service agent (juliocc)
- [#2444] Add context to net-vpc factory (sruffilli)
- [#2443] Project service agents moved block and enabled services (ludoo)
- [#2423] incompatible change: Refactor service agent management (juliocc)
- [#2439] incompatible change: Remove default values to secondary range names in GKE cluster modules (fulyagonultas)
- [#2437] Add coalesce to factory fw policies to support empty yaml files (LucaPrete)
- [#2436] Allow disabling topic creation in GCS module notification (ludoo)
- [#2433] incompatible change: Reintroduce docker image path output in AR module (ludoo)
- [#2424] E2E tests for ncc-spoke-ra (wiktorn)
- [#2427] Fix Cloud Function v1/v2 E2E tests (wiktorn)
- [#2421] fix cloudbuild service account email (nathou)
- [#2418] Adding support for DWS for GKE nodepools (aurelienlegrand)
- [#2416] Add support for sqlAssertion AutoDQ rule type in dataplex-datascan (jayBana)
- [#2406] **incompa...
v32.0.1
v32.0.0
BLUEPRINTS
- [#2361] incompatible change: Support GCS objects in cloud function modules bundles (ludoo)
- [#2358] incompatible change: Support pre-made bundle archives in cloud function modules (ludoo)
- [#2347] Add GCVE Logging and Monitoring Blueprint (KonradSchieban)
- [#2356] Add Terraform installation step to meet the versions.tf requirements (wiktorn)
- [#2355] Bump @grpc/grpc-js from 1.10.7 to 1.10.9 in /blueprints/apigee/apigee-x-foundations/functions/instance-monitor (dependabot[bot])
- [#2341] Alloydb add support for psc (simonebruzzechesse)
- [#2328] [FAST] Rename stage 2-networking-d-separate-envs to 2-networking-c-separate-envs (LucaPrete)
- [#2326] Add pre-commit hook configuration (wiktorn)
- [#2299] Kong Gateway on GKE offloading to Cloud Run (juliodiez)
- [#2317] resource_labels added to the node_config nodepool (fulyagonultas)
- [#2106] Gitlab Runner blueprint (simonebruzzechesse)
- [#2303] incompatible change: Remove default location from gcs module (ludoo)
- [#2296] Bump requests from 2.31.0 to 2.32.0 in /blueprints/cloud-operations/network-quota-monitoring/src (dependabot[bot])
- [#2284] incompatible change: Unify VPN and Peering FAST stages (sruffilli)
DOCUMENTATION
- [#2106] Gitlab Runner blueprint (simonebruzzechesse)
FAST
- [#2353] Add main project factory service account (ludoo)
- [#2352] incompatible change: Remove support for source repositories from FAST CI/CD (ludoo)
- [#2344] Fix typos in documentation (albertogeniola)
- [#2340] Fix wrong documentation reference to tfvars (albertogeniola)
- [#2337] DNS policy fix (sruffilli)
- [#2335] Add perimeter ids in vpc-sc module outputs, fix vpc-sc in project factory module (ludoo)
- [#2334] Support setting IAM for FAST tags in resource management stage (ludoo)
- [#2333] Fix resman top-level folders variable types (ludoo)
- [#2332] Fix dns policy (wiktorn)
- [#2331] Enable hierarchy in fast project factory (ludoo)
- [#2330] Update PGA domains (juliocc)
- [#2329] FAST: Enable networkconnectivity when using NCC-RA in 2-b (sruffilli)
- [#2328] [FAST] Rename stage 2-networking-d-separate-envs to 2-networking-c-separate-envs (LucaPrete)
- [#2325] Fix restrictAllowedGenerations org policy example (juliocc)
- [#2317] resource_labels added to the node_config nodepool (fulyagonultas)
- [#2319] Pbrumblay/clarify org policy tags (pbrumblay)
- [#2309] incompatible change: Merge FAST C and E network stages into a new B stage. (sruffilli)
- [#2315] FAST: Obsolete assets cleanup (sruffilli)
- [#2305] FAST MT: Readme updates and more prefix validation (sruffilli)
- [#2232] New extra stage for FAST gitlab setup (simonebruzzechesse)
- [#2294] Avoid unnecessary terraform plans for closed (unmerged) PRs (pbrumblay)
- [#2298] Adjust list of imported org policies to official docs (wiktorn)
- [#2297] Add support for tenant factory CI/CD (ludoo)
- [#2292] [FAST] fix: tenant-factory logging bucket project (LucaPrete)
- [#2290] Add wif permissions to bootstrap tf SA (simonebruzzechesse)
- [#2289] Fix mt diagram and broken link (ludoo)
- [#2288] Ignore test resource data in new network stage, split out fast variables (ludoo)
- [#2286] Switch FAST stages 0-1s to excalidraw diagrams (ludoo)
- [#2287] incompatible change: FAST: Cleanup/harmonization of Simple and NVA net stages (sruffilli)
- [#2284] incompatible change: Unify VPN and Peering FAST stages (sruffilli)
- [[#2254](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/p...
v31.1.0
v31.0.0
This release will be the last one supporting the (by now) legacy FAST teams and tenants implementations.
BLUEPRINTS
- [#2278] Bump express from 4.18.2 to 4.19.2 in /blueprints/apigee/apigee-x-foundations/functions/instance-monitor (dependabot[bot])
- [#2275] Add support for reserved_internal_range in net-vpc (sruffilli)
- [#2277] Added missing apigee org attributes to apigee x foundations blueprint (apichick)
- [#2279] Bump protobufjs, @google-cloud/logging-bunyan and @google-cloud/monitoring in /blueprints/apigee/apigee-x-foundations/functions/instance-monitor (dependabot[bot])
- [#2274] Added apigee-x-foundations blueprint (apichick)
- [#2243] Added new attributes Apigee organization and bumped up providers version (apichick)
- [#2239] Update README.md (vicenteg)
- [#2230] docs: 📝 fix error in phpIPAM terraform config by updating VPC pe… (PapaPeskwo)
- [#2227] Bump golang.org/x/net from 0.17.0 to 0.23.0 in /blueprints/cloud-operations/unmanaged-instances-healthcheck/function/healthchecker (dependabot[bot])
- [#2228] Bump golang.org/x/net from 0.17.0 to 0.23.0 in /blueprints/cloud-operations/unmanaged-instances-healthcheck/function/restarter (dependabot[bot])
- [#2226] fix cloud sql PSA after module upgrade (simonebruzzechesse)
- [#2220] Add tflint to pipelines (juliocc)
- [#2218] incompatible change: Allow multiple PSA service providers in net-vpc module (ludoo)
- [#2208] Updated diagram to better reflect PSC terminology (bswenka)
- [#2207] feat(gke-cluster-standard): Add optional
CiliumClusterWideNetworkPolicy(anthonyhaussman) - [#2201] Updating cloud-run-v2 terraform and some typos (bluPhy)
- [#2191] FAST GCVE stage (eliamaldini)
- [#2181] Bump express from 4.17.3 to 4.19.2 in /blueprints/gke/binauthz/image (dependabot[bot])
- [#2174] Bump provider version to 5.18 to fix non-empty plan for google_notebooks_instance (wiktorn)
- [#2171] incompatible change: Fix subnet configuration in cloud nat module (ludoo)
- [#2168] Support advanced_datapath_observability in gke cluster standard module (ludoo)
- [#2169] Add stub READMEs for the removed hub and spoke blueprints (ludoo)
DOCUMENTATION
FAST
- [#2267] Fix 0-bootstrap iam_by_principals not taking into account all principals (wiktorn)
- [#2263] Update docs - gcp-network-admins -> gcp-vpc-network-admins (wiktorn)
- [#2260] Remove data source from folder module (ludoo)
- [#2253] Misc FAST fixes (juliocc)
- [#2235] Update FAST logging (juliocc)
- [#2233] Fix permissions for branch network dev - read sa (LucaPrete)
- [#2221] Enable TFLint in FAST stages (juliocc)
- [#2220] Add tflint to pipelines (juliocc)
- [#2218] incompatible change: Allow multiple PSA service providers in net-vpc module (ludoo)
- [#2219] Remove unused variables/locals from FAST (juliocc)
- [#2215] Add new org policies to FAST (juliocc)
- [#2210] Add support for quotas to project module (ludoo)
- [#2206] Update the description and README for the tags variable (timothy-jabez)
- [#2204] Align exported tfvars in FAST networking stages, add psc and proxy only subnets (ludoo)
- [#2203] incompatible change: FAST security stage refactor (ludoo)
- [#2196] Add variable to resman to control top-level folder IAM (juliocc)
- [#2195] Allow r/o project factory SAs access to folder-level IAM (ludoo)
- [#2191] FAST GCVE stage (eliamaldini)
- [#2178] Add missing permission to org viewer custom role in FAST stage 0 (ludoo)
- [#2172] Fix subnet names in FAST net stage c nva (ludoo)
MODULES
v30.0.0
BLUEPRINTS
- [#2141] Dataproc module cleanup & fixes (wiktorn)
- [#2131] Introduce mandatory OWNERS file for blueprint maintainership (juliocc)
- [#2133] Updated diagram to better reflect code naming. (bswenka)
- [#2135] Rename
modules/cloudsql-instancedeletion protection variables (juliocc) - [#2119] Fix phpipam blueprint (simonebruzzechesse)
- [#2110] Gitlab blueprint (simonebruzzechesse)
- [#1843] incompatible change: Factories refactor (ludoo)
- [#2105] incompatible change: Enable shielded nodes by default on GKE mt blueprint and FAST stage (ludoo)
- [#2082] Fix GKE multitenant blueprint roles (ludoo)
- [#2076] Use Fabric modules in blueprints/networking/psc-glb-and-armor (wiktorn)
- [#2075] Updated path matchers to be more user friendly, added better test exa… (bswenka)
- [#2079] Format python files in blueprints (simonebruzzechesse)
- [#2071] Bswenka/psc glb and armor 2 producers (bswenka)
- [#2072] Fix e2e tests - vertex mlops and net-address (wiktorn)
- [#2064] incompatible change: Extend FAST to support different principal types (ludoo)
- [#2058] glb and armor subnet fix (bswenka)
- [#2061] HA MySQL cluster deployment on GKE (wiktorn)
- [#2059] GKE stateful blueprints (juliocc)
- [#2036] Shielded nodes and custom service account in FAST GKE stage and blueprint (CSPR-related) (ludoo)
- [#2016] incompatible change: Ensure data platform service accounts meet FAST requirements (ludoo)
DOCUMENTATION
- [#2143] Update README.md (Fixed typos in /cloud-foundation-fabric/tree/master/blueprints/cloud-operations) (Tianyou3)
- [#2131] Introduce mandatory OWNERS file for blueprint maintainership (juliocc)
- [#2138] Updating README.md file for fixing some typo (NayeemShaMd)
- [#2136] Update FAST state IAM files (ludoo)
- [#2134] incompatible change: Add links to factories doc (ludoo)
- [#2120] Implement GKE patterns naming conventions (juliocc)
- [#2110] Gitlab blueprint (simonebruzzechesse)
- [#1843] incompatible change: Factories refactor (ludoo)
- [#2094] update README to add analytics hub module (thinhha)
- [#2060] Data catalog Tag module (lcaggio)
- [#2064] incompatible change: Extend FAST to support different principal types (ludoo)
- [#2061] HA MySQL cluster deployment on GKE (wiktorn)
- [#2059] GKE stateful blueprints (juliocc)
- [#2013] Add Tag Template module (lcaggio)
FAST
- [#2139] Logging updates (juliocc)
- [#2115] incompatible change: Align resource names in FAST networking stages (ludoo)
- [#2112] Add support for billing budgets to project factory (ludoo)
- [#1843] incompatible change: Factories refactor (ludoo)
- [#2105] incompatible change: Enable shielded nodes by default on GKE mt blueprint and FAST stage (ludoo)
- [#2101] Make all project_parent_ids fields optional (juliocc)
- [#2086] Support domainless orgs in FAST (ludoo)
- [#2077] incompatible change: Add workforce_identity_federation in 0-bootstrap (simonebruzzechesse)
- [#2064] incompatible change: Extend FAST to support different principal types (ludoo)
- [#2065] Fix imports of org policies (wiktorn)
- [#2057] Postpone setting essential contacts until provisioning using SA (wiktorn)
- [#2056] import default org-level org-policies (wiktorn)
- [#2050] Enable additional recommended org policies (juliocc) <!-- 2024-02-05 09:46:3...