v22.0.0

What's Changed

BLUEPRINTS

• [#1389] Bump requests from 2.28.1 to 2.31.0 in /blueprints/cloud-operations/network-dashboard/src (dependabot[bot])
• [#1388] Firewall Validator fix target_service_accounts ref (afda16)
• [#1382] chore: update mlops blueprint metadata (bharathkkb)
• [#1380] Minimal Data Platform - Make components optional (lcaggio)
• [#1378] Updates to blueprints/data-solutions/shielded-folder (bluPhy)
• [#1375] Several updates (bluPhy)
• [#1365] feat(net-cloudnat): add toggle for independent endpoint mapping and dynamic port allocation (JSchwerberg)
• [#1362] Add Minimal Data Platform blueprint (lcaggio)
• [#1364] Cloud Run services in service projects (juliodiez)
• [#1358] update variables files for gke nodepool taints (jackspyder)
• [#1359] Blueprint metadata validator (juliocc)
• [#1355] Fix Shielded Folder - VertexML interoperability (lcaggio)
• [#1353] fix in IAM binding of Apigee BigQuery analytics blueprint (apichick)
• [#1346] incompatible change: FAST: shorten stage 3 prefixes, enforce prefix length in stage 3s (ludoo)
• [#1345] chore: update metadata schema (bharathkkb)
• [#1343] Fix because of changes in the cloud functions module and the Apigee a… (apichick)
• [#1342] Add directory to vertex-mlops blueprint metadata (juliocc)
• [#1337] Improve Vertex mlops blueprint (lcaggio)
• [#1338] Set all resource requests to the autopilot minimum as the existing va… (apichick)
• [#1330] Separating GKE Standard and Autopilot Modules (avinashkumar1289)
• [#1334] Rename mlops blueprint providers file (ludoo)
• [#1333] Add providers to vertex-mlops blueprint (juliocc)
• [#1331] IAP for Cloud Run GA (juliodiez)
• [#1309] [DataPlatform] Fix data-eng role on orchestration project (lcaggio)
• [#1323] fix: create log-export-dataset on shielded-folder when no ecryption keys are defined (bgdanix)
• [#1319] Fixed wait_time in locust script (apichick)
• [#1312] add firewall enforcement variable to VPC (fawzihmouda)
• [#1305] add missing enable_addons reference in gke blueprint for multitenant-… (jackspyder)
• [#1306] Support new fields in bigquery module, bump provider versions, unpin local provider (ludoo)
• [#1293] Refactor cloud run module to use optionals and support all features (ludoo)
• [#1289] incompatible change: Network Dashboard improvements and bug fixing (simonebruzzechesse)
• [#1283] Fixed permissions of files created (apichick)
• [#1274] Add support for VPC Connector and different monitoring project to network dashboard deploy (ludoo)

DOCUMENTATION

• [#1375] Several updates (bluPhy)
• [#1362] Add Minimal Data Platform blueprint (lcaggio)
• [#1357] Add module link to README (prabhaarya)
• [#1347] Fix external documentation links (bobidle)
• [#1330] Separating GKE Standard and Autopilot Modules (avinashkumar1289)
• [#1309] [DataPlatform] Fix data-eng role on orchestration project (lcaggio)
• [#1311] Fixed type in readme for FAST stages (derailed-dash)
• [#892] Add network NVA NCC stage (LucaPrete)
• [#1297] Update CONTRIBUTING.md (juliocc)
• [#1276] DNS Response Policy module (ludoo)

FAST

• [#1394] Allow setting identities in VPC SC module egress policies (ludoo)
• [#1391] fix(stages): only add sandbox SA when sandbox feature is enabled (gustavovalverde)
• [#1385] Add conditional org admin role to sandbox SA (ludoo)
• [[#1383](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric...

v21.0.0

BLUEPRINTS

• [#1272] Removed repeated command in script used to deploy API proxy (apichick)
• [#1261] Fix variable terraform.tfvars.sample (dedeco)
• [#1257] Fixes related to boot_disk in compute-vm module (apichick)
• [#1256] incompatible change: Pin local provider (ludoo)
• [#1245] Composer-2 - Fix 1236 (lcaggio)
• [#1243] Autopilot fixes (apichick)
• [#1241] incompatible change: Allow using existing boot disk in compute-vm module (ludoo)
• [#1218] Small fixes on Network Dashboard cloud function code (simonebruzzechesse)
• [#1229] Removed unnecessary files (apichick)
• [#1227] Add CMEK support on BQML blueprint (lcaggio)
• [#1225] Fix on bqml demo (gioconte)
• [#1217] Added autopilot blueprint (apichick)
• [#1210] Blueprint - BigQuery ML and Vertex AI Pipeline (lcaggio)
• [#1208] Fix outdated go deps, dependabot alerts (averbuks)
• [#1150] Blueprint: GLB hybrid NEG internal (LucaPrete)
• [#1201] Add missing tfvars template to the tfc blueprint (averbuks)
• [#1196] Fix compute-vm:CloudKMS test for provider>=4.54.0 (dan-farmer)
• [#1189] Update healthchecker deps (dependabot alerts) (averbuks)
• [#1184] incompatible change: Allow multiple peer gateways in VPN HA module (ludoo)
• [#1143] Test blueprints from README files (juliocc)
• [#1181] Bump golang.org/x/sys from 0.0.0-20220310020820-b874c991c1a5 to 0.1.0 in /blueprints/cloud-operations/unmanaged-instances-healthcheck/function/healthchecker (dependabot[bot])
• [#1180] Bump golang.org/x/sys from 0.0.0-20220310020820-b874c991c1a5 to 0.1.0 in /blueprints/cloud-operations/unmanaged-instances-healthcheck/function/restarter (dependabot[bot])
• [#1175] Serverless networking program (juliodiez)
• [#1179] Added a PSC GCLB example (cgrotz)
• [#1165] DataPlatform: Support project creation (lcaggio)
• [#1167] incompatible change: Simplify org policies in resource management modules (juliocc)
• [#1161] Additional documentation for the Data Platform Dataflow pipeline example (aymanfarhat)
• [#1154] Workaround to mitigate provider issue 9164 (lcaggio)
• [#1146] Serverless networking program (juliodiez)
• [#1142] Fix bq factory docs (juliocc)
• [#1138] New compute-vm examples and tests (juliocc)
• [#1132] Add descriptive name as optional argument (paulwoelfel)
• [#1105] [Feature] Update data platform blue print with Dataflow Flex template (aymanfarhat)
• [#1129] Update KMS blueprint (lcaggio)

DOCUMENTATION

• [#1257] Fixes related to boot_disk in compute-vm module (apichick)
• [#1248] Add link to public serverless networking guide (juliodiez)
• [#1232] Network firewall policy module (ludoo)
• [#1230] Update contributing guide with new test framework (juliocc)
• [#1221] FAQ on installing Fast on a non-empty org (skalolazka)
• [#1217] Added autopilot blueprint (apichick)
• [#1210] Blueprint - BigQuery ML and Vertex AI Pipeline (lcaggio)
• [#1150] Blueprint: GLB hybrid NEG internal (LucaPrete)
• [#1193] Add reference to Cloud Run blueprints (juliodiez)
• [#1188] Add reference to Cloud Run blueprints (juliodiez)
• [#1187] Add references to the serverless chapters (juliodiez)
• [#1179] Added a PSC GCLB example (cgrotz)
• [#1165] DataPlatform: Support project creation (lcaggio)
• [[#1145](https://github.com/GoogleCloudPlatform/cloud-foundati...

v20.0.0

This is the last release before renaming FAST stages. Changes in this release:

BLUEPRINTS

• [#1038] Vertex Pipelines MLOps framework blueprint (javiergp)
• [#1124] Removed unused file package-lock.json (apichick)
• [#1119] incompatible change: Multi-Cluster Ingress gateway api config (wiktorn)
• [#1111] incompatible change: In the apigee module now both the /22 and /28 peering IP ranges are p… (apichick)
• [#1106] Network Dashboard: PSA support for Filestore and Memorystore (aurelienlegrand)
• [#1110] Bump cookiejar from 2.1.3 to 2.1.4 in /blueprints/apigee/bigquery-analytics/functions/export (dependabot[bot])
• [#1097] Use terraform resource to activate Anthos Service Mesh (wiktorn)
• [#1104] Updated apigee hybrid for gke README (apichick)
• [#1107] Check linting for Python dashboard files (ludoo)
• [#1102] Improvements in apigee hybrid-gke: now using workload identity and GLB (apichick)
• [#1098] Add shared-vpc support on data-playground blueprint (lcaggio)
• [#1095] [Data Platform] Fix Table in readme (lcaggio)
• [#1089] Update Data Platform (lcaggio)
• [#1081] Apigee hybrid on GKE (apichick)
• [#1082] Fixes in Apigee Bigquery Analytics blueprint (apichick)
• [#1071] Moved apigee bigquery analytics blueprint, added apigee network patterns (apichick)
• [#1073] Allow setting no ranges in firewall module custom rules (ludoo)
• [#1072] incompatible change: Add gc_policy to Bigtable module, bump provider versions to 4.47 (iht)
• [#1063] Network dashboard: PSA ranges support, starting with Cloud SQL (aurelienlegrand)
• [#1062] Fixes for GKE (wiktorn)
• [#1060] Update src/README.md for Network Dashboard (aurelienlegrand)
• [#1020] Networking dashboard and discovery tool refactor (ludoo)

DOCUMENTATION

• [#1101] First batch of testing updates to core modules (juliocc)
• [#1089] Update Data Platform (lcaggio)
• [#1084] Fixes in Apigee blueprints README files (apichick)
• [#1081] Apigee hybrid on GKE (apichick)
• [#1074] Adding new section for Authentication issues (agutta)
• [#1071] Moved apigee bigquery analytics blueprint, added apigee network patterns (apichick)
• [#1057] Adding new file FAQ and an image (agutta)

FAST

• [#1118] Add missing logging admin role for initial user (ludoo)
• [#1099] Fix destroy in stage 1 outputs (ludoo)
• [#1089] Update Data Platform (lcaggio)
• [#1085] fix restricted services not being added to the perimeter configurations (drebes)
• [#1057] Adding new file FAQ and an image (agutta)
• [#1054] FAST: fix typo in bootstrap stage README (agutta)
• [#1051] FAST: add instructions for billing export to stage 0 README (KPRepos)

MODULES

• [#1127] Skip node config for autopilot (ludoo)
• [#1125] Added mesh_certificates setting in GKE cluster (rosmo)
• [#1094] Added GLB example with MIG as backend (eliamaldini)
• [#1119] incompatible change: Multi-Cluster Ingress gateway api config (wiktorn)
• [#1111] incompatible change: In the apigee module now both the /22 and /28 peering IP ranges are p… (apichick)
• [#1116] Include cloudbuild API in project module (aymanfarhat)
• [#1115] add new parameters support in apigee module (blackillzone)
• [#1112] Add HTTPS frontend with SNEG example (juliodiez)
• [#1097] Use terraform resource to activate Anthos Service Mesh (wiktorn)
• [#1101] First batch of testing updates to core modules (juliocc)
• [[#1098](https://github.com/GoogleCloudPlatform/cloud-foundation-...

v19.0.0

Highlights in this release:

• Core modules (project, organization, folder, net-vpc, net-firewall, etc) updated to support Terraform 1.3 optional() attributes. The API for these modules is now simpler while at the same time exposing more functionalities of the underlying resources.
• New simplified testing framework.
• Many small fixes.

For details on changes please see our CHANGELOG.

v18.0.0

This is our most comprehensive release to date, for details on changes please see our CHANGELOG.

v16.0.0

In this release

• add support for Spot VMs to gke-nodepool module
• incompatible change add support for Spot VMs to compute-vm module
• SQL Server AlwaysOn availability groups example
• fixed Terraform change detection in CloudSQL when backup is disabled
• allow multiple CIDR blocks in the ip_range for Apigee Instance
• add prefix to project factory SA bindings
• incompatible change subnets_l7ilb variable is deprecated in the net-vpc module, instead subnets_proxy_only variable should be used
• add support for Private Service Connect and Proxy-only subnets to net-vpc module
• bump Google provider versions to >= 4.17.0
• bump Terraform version to >= 1.1.0
• add shielded_instance_config support for instance template on compute-vm module
• add support for gke_backup_agent_config to GKE module addons
• add support for subscription filters to PubSub module
• refactor Hub and Spoke with VPN example
• fix tfdoc parsing on newllines in outputs
• fix subnet factory example in vpc module README
• fix condition in subnet factory flow logs
• added new example on GLB and Cloud Armor
• revamped and expanded Contributing Guide

FAST

• add support for Workload Identity Federation and CI/CD repositories
• simplify VPN tunnel configuration in the Hub and Spoke VPN network stage
• fix subnet YAML schema

v15.0.0

In this release:

• incompatible change the variable for PSA ranges in the net-vpc module has changed to support configuring peering routes
• fix permadiff in net-vpc-firewall module rules
• new gke-hub module
• new unmanaged-instances-healthcheck example
• add support for IAM to data-catalog-policy-tag module
• add support for IAM additive to folder module, fixes #580
• optionally turn off gcplogs driver in COS modules
• fix tag output on data-catalog-policy-tag module
• add shared-vpc support on gcs-to-bq-with-least-privileges
• new net-ilb-l7 module

FAST

• new 02-networking-peering networking stage
• incompatible change the variable for PSA ranges in networking stages have changed

v14.0.0

• incompatible change removed iam key from logging sink configuration in the project and organization modules
• remove GCS to BQ with Dataflow example, replace by GCS to BQ with least privileges
• the net-vpc and project modules now use the beta provider for shared VPC-related resources
• new iot-core module
• incompatible change the variables for host and service Shared VPCs have changed in the project module
• incompatible change the variable for service identities IAM has changed in the project factory
• add data-catalog-policy-tag module
• new workload identity federetion example
• new api-gateway module and example.
• incompatible change the psn_ranges variable has been renamed to psa_ranges in the net-vpc module and its type changed from list(string) to map(string)
• incompatible change removed iam flag for organization and folder level sinks
• incompatible change removed ingress_settings configuration option in the cloud-functions module.
• new m4ce VM example
• Support for resource management tags in the organization, folder, project, compute-vm, and kms modules

FAST

• new data platform stage 3
• new 02-networking-nva networking stage
• allow customizing the names of custom roles
• added environment and context resource management tags
• use resource management tags to restrict scope of roles/orgpolicy.policyAdmin
• use xpnServiceAdmin (custom role) for stage 3 service accounts that need to attach to a shared VPC
• simplify and standarize ourputs from each stage
• standarize names of projects, service accounts and buckets
• swtich to folder-level xpnAdmin and xpnServiceAdmin
• moved networking projects to folder matching their enviroments

New Contributors

• @eliamaldini made their first contribution in #413
• @srs2210 made their first contribution in #485
• @ajlopezn made their first contribution in #415
• @eeaton made their first contribution in #527
• @jwtracy made their first contribution in #555

Full Changelog: v13.0.0...v14.0.0

v13.0.0

In this release

• initial Fabric Fast implementation
• new net-glb module for Global External Load balancer
• new project-factory module in examples/factories
• add missing service identity accounts (artifactregistry, composer) in project module
• new "Cloud Storage to Bigquery with Cloud Dataflow with least privileges" example
• support service dependencies for crypto key bindings in project module
• refactor project module in multiple files
• add support for per-file option overrides to tfdoc

v12.0.0

• new repo structure. All end-to-end examples moved to the top level examples folder

Full Changelog: v11.2.0...v12.0.0