Releases: anyscale/terraform-google-anyscale-cloudfoundation-modules
v0.16.1
fix: E2E test - Additional sleeps for cloud resource deletion @brent-anyscale (#38)
Changes to be committed:
modified: test_cloud_register_manual.py
Pull request checklist
Please check if your PR fulfills the following requirements:
- pre-commit has been run
- Tests for the changes have been added (for bug fixes / features)
- All tests passing
- Docs have been reviewed and added / updated if needed (for bug fixes / features)
Pull Request Type
- Bugfix
- New feature
- Refactoring (no functional changes)
- Documentation change
- Other (please describe):
Does this introduce a breaking change?
- Yes
- No
Contributors
Assets 2
v0.16.0
🚀 Enhancements
fix: Firewall port assignment was not correct @brent-anyscale (#37)
upd: CloudStorage to a member instead of binding for IAM policies. Changed from bucket_iam_member_override_roles to bucket_iam_member_additional_roles
Firewall Port Assignments were not correctly getting pulled in.
Changes to be committed:
modified: .pre-commit-config.yaml
modified: README.md
modified: main.tf
modified: modules/google-anyscale-cloudstorage/README.md
modified: modules/google-anyscale-cloudstorage/examples/README.md
modified: modules/google-anyscale-cloudstorage/examples/main.tf
modified: modules/google-anyscale-cloudstorage/main.tf
deleted: modules/google-anyscale-cloudstorage/test/README.md
deleted: modules/google-anyscale-cloudstorage/test/terraform_google_anyscale_cloudstorage_test.go
modified: modules/google-anyscale-cloudstorage/variables.tf
deleted: modules/google-anyscale-project/test/README.md
deleted: modules/google-anyscale-project/test/terraform_google_anyscale_project_test.go
modified: modules/google-anyscale-vpc-firewall/main.tf
deleted: modules/google-anyscale-vpc/test/terraform_google_anyscale_vpc_test.go
new file: test/anyscale-service/socket_test.py
modified: variables.tf
Pull request checklist
Please check if your PR fulfills the following requirements:
- pre-commit has been run
- Tests for the changes have been added (for bug fixes / features)
- All tests passing
- Docs have been reviewed and added / updated if needed (for bug fixes / features)
Pull Request Type
- Bugfix
- New feature
- Refactoring (no functional changes)
- Documentation change
- Other (please describe):
Does this introduce a breaking change?
- Yes
- No
📚 Documentation/Examples
fix: Firewall port assignment was not correct @brent-anyscale (#37)
Firewall Port Assignments were not properly getting pulled in, leaving all TCP Ports open.
upd: CloudStorage to a member instead of binding for IAM policies. Changed from bucket_iam_member_override_roles to bucket_iam_member_additional_roles
Changes to be committed:
modified: .pre-commit-config.yaml
modified: README.md
modified: main.tf
modified: modules/google-anyscale-cloudstorage/README.md
modified: modules/google-anyscale-cloudstorage/examples/README.md
modified: modules/google-anyscale-cloudstorage/examples/main.tf
modified: modules/google-anyscale-cloudstorage/main.tf
deleted: modules/google-anyscale-cloudstorage/test/README.md
deleted: modules/google-anyscale-cloudstorage/test/terraform_google_anyscale_cloudstorage_test.go
modified: modules/google-anyscale-cloudstorage/variables.tf
deleted: modules/google-anyscale-project/test/README.md
deleted: modules/google-anyscale-project/test/terraform_google_anyscale_project_test.go
modified: modules/google-anyscale-vpc-firewall/main.tf
deleted: modules/google-anyscale-vpc/test/terraform_google_anyscale_vpc_test.go
new file: test/anyscale-service/socket_test.py
modified: variables.tf
Pull request checklist
Please check if your PR fulfills the following requirements:
- pre-commit has been run
- Tests for the changes have been added (for bug fixes / features)
- All tests passing
- Docs have been reviewed and added / updated if needed (for bug fixes / features)
Pull Request Type
- Bugfix
- New feature
- Refactoring (no functional changes)
- Documentation change
- Other (please describe):
Does this introduce a breaking change?
- Yes
- No
Contributors
Assets 2
v0.15.3
🐛 Bug Fixes
fix: google-anyscale-vpc-firewall - Firewall Rule Names @brent-anyscale (#36)
The firewall rule names were not properly getting pulled from the variable when pulling from the predefined_firewall_rules.
Additonal updates:
- E2E test added for Services where functional verification isn't possible
- Removed the unit test for the firewall as it was no longer maintained.
Changes to be committed:
modified: ../modules/google-anyscale-vpc-firewall/main.tf
deleted: ../modules/google-anyscale-vpc-firewall/test/terraform_google_anyscale_vpc_firewall_test.go
new file: anyscale-service/service.py
Pull request checklist
Please check if your PR fulfills the following requirements:
- pre-commit has been run
- Tests for the changes have been added (for bug fixes / features)
- All tests passing
- Docs have been reviewed and added / updated if needed (for bug fixes / features)
Pull Request Type
- Bugfix
- New feature
- Refactoring (no functional changes)
- Documentation change
- Other (please describe):
Does this introduce a breaking change?
- Yes
- No
Contributors
Assets 2
v0.15.2
🐛 Bug Fixes
upd: google-anyscale-iam - Provide additional outputs and roles for K8s deployments @brent-anyscale (#35)
The new Anyscale K8s Operator has additional permission requirements which have been added to this.
Additional changes to support memberoutputs for IAM Service Accounts.
Pull request checklist
Please check if your PR fulfills the following requirements:
- pre-commit has been run
- Tests for the changes have been added (for bug fixes / features)
- All tests passing
- Docs have been reviewed and added / updated if needed (for bug fixes / features)
Pull Request Type
- Bugfix
- New feature
- Refactoring (no functional changes)
- Documentation change
- Other (please describe):
Does this introduce a breaking change?
- Yes
- No
Github Chores
upd: google-anyscale-iam - Provide additional outputs and roles for K8s deployments @brent-anyscale (#35)
The new Anyscale K8s Operator has additional permission requirements which have been added to this.
Additional changes to support memberoutputs for IAM Service Accounts.
Pull request checklist
Please check if your PR fulfills the following requirements:
- pre-commit has been run
- Tests for the changes have been added (for bug fixes / features)
- All tests passing
- Docs have been reviewed and added / updated if needed (for bug fixes / features)
Pull Request Type
- Bugfix
- New feature
- Refactoring (no functional changes)
- Documentation change
- Other (please describe):
Does this introduce a breaking change?
- Yes
- No
Contributors
Assets 2
v0.15.1
🐛 Bug Fixes
upd: google-anyscale-vpc-firewall module - Additional AMP Ports @brent-anyscale (#34)
Additional ports opened up for AMP in the google-anyscale-vpc-firewall module. The initial ports were only fro AMP and did not include Ray specific ports.
On branch brent/upd-amp-firewall
Changes to be committed:
modified: google-anyscale-vpc-firewall/README.md
modified: google-anyscale-vpc-firewall/variables.tf
Pull request checklist
Please check if your PR fulfills the following requirements:
- pre-commit has been run
- Tests for the changes have been added (for bug fixes / features)
- All tests passing
- Docs have been reviewed and added / updated if needed (for bug fixes / features)
Pull Request Type
- Bugfix
- New feature
- Refactoring (no functional changes)
- Documentation change
- Other (please describe):
Does this introduce a breaking change?
- Yes
- No
Other information
Contributors
Assets 2
v0.15.0
🚀 Enhancements
add: Optional VPC Firewall ingress rule for Anyscale Machine Pools @brent-anyscale (#33)
Anyscale Machine Pools requires a specific set of ports to be open from the AMP Node into (ingress) the head node running in the cloud. This update includes an optional parameter ingress_from_machine_pool_cidr_ranges which, when provided, will create a new Firewall Rule allowing the appropriate ports for Anyscale Machine Poolss.
Changes to be committed:
modified: README.md
modified: examples/anyscale-v2-kitchensink/README.md
modified: examples/anyscale-v2-kitchensink/main.tf
modified: main.tf
modified: modules/google-anyscale-vpc-firewall/README.md
modified: modules/google-anyscale-vpc-firewall/examples/main.tf
modified: modules/google-anyscale-vpc-firewall/main.tf
modified: modules/google-anyscale-vpc-firewall/variables.tf
modified: test/test_cloud_register_manual.py
modified: variables.tf
Pull request checklist
Please check if your PR fulfills the following requirements:
- pre-commit has been run
- Tests for the changes have been added (for bug fixes / features)
- All tests passing
- Docs have been reviewed and added / updated if needed (for bug fixes / features)
Pull Request Type
- Bugfix
- New feature
- Refactoring (no functional changes)
- Documentation change
- Other (please describe):
Does this introduce a breaking change?
- Yes
- No
Depending on the Anyscale Firewall currently in place, it may be replaced.
📚 Documentation/Examples
add: Optional VPC Firewall ingress rule for Anyscale Machine Pools @brent-anyscale (#33)
Anyscale Machine Pools requires a specific set of ports to be open from the AMP Node into (ingress) the head node running in the cloud. This update includes an optional parameter ingress_from_machine_pool_cidr_ranges which, when provided, will create a new Firewall Rule allowing the appropriate ports for Anyscale Machine Poolss.
Changes to be committed:
modified: README.md
modified: examples/anyscale-v2-kitchensink/README.md
modified: examples/anyscale-v2-kitchensink/main.tf
modified: main.tf
modified: modules/google-anyscale-vpc-firewall/README.md
modified: modules/google-anyscale-vpc-firewall/examples/main.tf
modified: modules/google-anyscale-vpc-firewall/main.tf
modified: modules/google-anyscale-vpc-firewall/variables.tf
modified: test/test_cloud_register_manual.py
modified: variables.tf
Pull request checklist
Please check if your PR fulfills the following requirements:
- pre-commit has been run
- Tests for the changes have been added (for bug fixes / features)
- All tests passing
- Docs have been reviewed and added / updated if needed (for bug fixes / features)
Pull Request Type
- Bugfix
- New feature
- Refactoring (no functional changes)
- Documentation change
- Other (please describe):
Does this introduce a breaking change?
- Yes
- No
Depending on the Anyscale Firewall currently in place, it may be replaced.
Contributors
Assets 2
v0.14.4
🐛 Bug Fixes
fix: Firewall Ingress - GCP Health check @brent-anyscale (#32)
The GCP Health Check only needs to be valid for port 8000. The previous fix removed that limitation and opened up all TCP ports.
On branch brent/firewall-ingress
Changes to be committed:
modified: README.md
modified: examples/main.tf
modified: main.tf
modified: variables.tf
Pull request checklist
Please check if your PR fulfills the following requirements:
- pre-commit has been run
- Tests for the changes have been added (for bug fixes / features)
- All tests passing
- Docs have been reviewed and added / updated if needed (for bug fixes / features)
Pull Request Type
- Bugfix
- New feature
- Refactoring (no functional changes)
- Documentation change
- Other (please describe):
Does this introduce a breaking change?
- Yes
- No
Contributors
Assets 2
v0.14.3
🐛 Bug Fixes
fix: VPC Firewall when using CIDR Ingress Range @brent-anyscale (#31)
On branch brent/firewallfix
Changes to be committed:
modified: .pre-commit-config.yaml
modified: modules/google-anyscale-iam/README.md
modified: modules/google-anyscale-iam/roles.tf
modified: modules/google-anyscale-vpc-firewall/README.md
modified: modules/google-anyscale-vpc-firewall/examples/README.md
modified: modules/google-anyscale-vpc-firewall/examples/main.tf
modified: modules/google-anyscale-vpc-firewall/main.tf
modified: modules/google-anyscale-vpc-firewall/variables.tf
Pull request checklist
Please check if your PR fulfills the following requirements:
- pre-commit has been run
- Tests for the changes have been added (for bug fixes / features)
- All tests passing
- Docs have been reviewed and added / updated if needed (for bug fixes / features)
Pull Request Type
- Bugfix
- New feature
- Refactoring (no functional changes)
- Documentation change
- Other (please describe):
Does this introduce a breaking change?
- Yes
- No
Contributors
Assets 2
v0.14.2
🐛 Bug Fixes
fix: VPC Firewall for Proxy-Only Subnet @brent-anyscale (#29)
fix: VPC Proxy Subnet Firewall Rule
When the VPC Proxy Subnet was not in the same CIDR range
as the rest of the VPC, the firewall rule was not being
correctly configured for the proxy subnet. This change
fixes the firewall rule to allow traffic from the proxy
subnet to the rest of the VPC and provides a test in the
examples/anyscale-v2-privatenetwork folder.
On branch brent/vpc-fixfirewall
Changes to be committed:
modified: README.md
modified: examples/anyscale-v2-privatenetwork/README.md
modified: examples/anyscale-v2-privatenetwork/main.tf
modified: main.tf
Pull request checklist
Please check if your PR fulfills the following requirements:
- pre-commit has been run
- Tests for the changes have been added (for bug fixes / features)
- All tests passing
- Docs have been reviewed and added / updated if needed (for bug fixes / features)
Pull Request Type
- Bugfix
- New feature
- Refactoring (no functional changes)
- Documentation change
- Other (please describe):
Does this introduce a breaking change?
- Yes
- No
Contributors
Assets 2
v0.14.1
🐛 Bug Fixes
iam: add storage.objects.list to control plane role @hongchaodeng (#28)
The Workspace dependencies tab requires storage.objects.list permissions. Otherwise it is failing with error:
{
"error": {
"detail": "Internal Server Error, 403 GET ... does not have storage.objects.list access to the Google Cloud Storage bucket. Permission 'storage.objects.list' denied on resource (or it may not exist).",
"body": "Forbidden(\"GET ... does not have storage.objects.list access to the Google Cloud Storage bucket. Permission 'storage.objects.list' denied on resource (or it may not exist).\")",
"message": "Internal Server Error, 403 GET ... does not have storage.objects.list access to the Google Cloud Storage bucket. Permission 'storage.objects.list' denied on resource (or it may not exist)."
}
}
