terraform-controller-v0.2.5

Controller used to provision a terraform workflow within kubernetes

terraform-controller-v0.2.4

Controller used to provision a terraform workflow within kubernetes

Release v0.1.6

New Features

• [FEATURE] - Record Configuration Cost Metrics - adds the predicted costs of the configuration as exposed prometheus metrics. By @gambol99 in #96
• [FEATURE] - Adding the UID Labels - adding the UIDs on the labels for resources to make pinpointing the source configuration easier. By @gambol99 in #100
• [FEATURE] - Adding Value From fields - The current implementation only allows for variables to come from the spec. In most cases this is fine, but if we take a database password supplied to an RDS module, it's not. These should be kept kubernetes secrets and sources into the terraform module. By @gambol99 in #103

Bug Fixes

• [BUGFIX] - Terraform State Decoding by @gambol99 in #104
• [HELM] - Exposing the Metrics by @gambol99 in #95

What's Changed

• [BUILD] - Adding Dependabot Config by @gambol99 in #70
• Bump github.com/onsi/gomega from 1.18.1 to 1.19.0 by @dependabot in #71
• [BUILD] - Changing Workflow by @gambol99 in #83
• [HELM] - Minior Changes by @gambol99 in #84
• [BUILD] - Ginkgo Update by @gambol99 in #80
• Update features in README linking to docs by @KashifSaadat in #81
• [DOCS] - Adding Architecture Image by @gambol99 in #85
• Update README.md by @gambol99 in #87
• [HELM] - Ignore Existing Releases by @gambol99 in #88
• Update README.md by @gambol99 in #89
• lookup bash executable instead by @myjaffoo in #90
• Bump sigs.k8s.io/controller-tools from 0.8.0 to 0.9.0 by @dependabot in #92
• Bump gotest.tools/gotestsum from 1.8.0 to 1.8.1 by @dependabot in #91
• Bump k8s.io/client-go from 0.23.5 to 0.24.1 by @dependabot in #78
• [DEPS] - Updating the Dependencies by @gambol99 in #94
• [BUGFIX] - Terraform State Decoding by @gambol99 in #104
• [HELM] - Bumping Application Version by @gambol99 in #106
• [RELEASE] - Release v0.1.6 by @gambol99 in #86

New Contributors

• @KashifSaadat made their first contribution in #81
• @myjaffoo made their first contribution in #90

Full Changelog: v0.1.5...v0.1.6

terraform-controller-v0.2.3

Controller used to provision a terraform workflow within kubernetes

terraform-controller-v0.2.1

Controller used to provision a terraform workflow within kubernetes

Release v0.1.5

Build

• Fixed up the chart directory structure in order to properly supprt the helm tools and deployment #67

What's Changed

• [HELM] - Directory Stucture by @gambol99 in #67
• [HELM] - Bumping Helm Releaser Version by @gambol99 in #68

Full Changelog: v0.1.4...v0.1.5

Release v0.1.4

New Featues

• Disable Terraform Version Override (#50) Currently all configurations have the ability to override the terraform version on their spec (this effectively overrides the terraform image tag). There might be times where you want this disabled though. This PR adds the ability to the platform teams to switch off the feature (which is enabled by default).
• Module Selector (#58): The current module constraint is global, adding a selector here you can target specific resources or namespaces and provides a means for additional permissions. Note as with all selectors here, a empty selector indicates it applies to all.
• External Checks for Checkov (#64): Adding the ability to source in external checks to be included in the scan.

Build

• Workflow Speed (#61): sped up the execution time of the images by breaking them up

Testing

• Deduplicating the E2E (#63): Much of the E2E is the we can dedup the workflow and reuse across all the providers
• Constraint Checks (#65): adding Constraint Checks
• Added E2E for Azure
• Adding E2E for Google #42

What's Changed

• [E2E] - Adding Azure E2E by @gambol99 in #54
• [FEATURE] - Resource Lock by @gambol99 in #57
• [RELEASE] v0.1.4 by @gambol99 in #59

Full Changelog: v0.1.3...v0.1.4

Release v0.1.3

Bug Fixes

• Fixed a issue with the API type for Provider. A enum was stopping an Azure provider from being added as it had azure not azurerm defined. #51

What's Changed

• [CI] - Reuse E2E Workflow by @gambol99 in #46
• Update README.md by @gambol99 in #48
• [DOCS] - Fixing the README links by @gambol99 in #49
• [BUGFIX] - Provider Enum on API Types by @gambol99 in #51

Full Changelog: v0.1.2...v0.1.3

Release v0.1.2

New Features

• RBAC Support: Added support for RBAC on the Providers. This allows platform teams to specify a collection of selectors which are used to match namespace and resource labels to determine if the Configuration is permitted to use it. Click here for full details #29
• Connection Secret Keys: added the ability for Configuration's to filter which keys from the terraform ouput they want to see in the connection secret. Click here for details. #34
• Kubernetes Events: crucial events were being recorded in the status conditions only. This change raises those same conditions as Kubernetes events themselves which can be used to trigger off notifications. #31

Bug Fixes

• Fixed an issue where the service account from the provider was not correctly being set on the terraform #35

Documentation

• Added a additional docs on the types types #26
• Updated the repository readme #25

What's Changed

• [DOCS] Updating the README by @gambol99 in #25
• [DOCS] Updating the API Documentation by @gambol99 in #26
• [CI] - E2E Workflow by @gambol99 in #33
• [BUGFIX] - Provider Service Accounts by @gambol99 in #35
• [DOCS] - Adding License File by @gambol99 in #38
• [CI] - Dependency Review by @gambol99 in #37
• [FEATURE] - Connection Secret Keys by @gambol99 in #34
• [FEATURE] - Kubernetes Events by @gambol99 in #31
• [FEATURE] - Provider RBAC by @gambol99 in #29
• [CI] - Dependency Check by @gambol99 in #44
• [RELEASE] - Version v0.1.2 by @gambol99 in #45

Full Changelog: v0.1.1...v0.1.2

Release v0.1.1

Features

Introduced the ability for the platform administrators to enforce a security profile against the terraform modules.

apiVersion: terraform.appvia.io/v1alpha1
kind: Policy
metadata:
  name: checkov
spec:
  constraints:
    checkov:
      # See: https://www.checkov.io/5.Policy%20Index/terraform.html
      checks: []
      # See: https://www.checkov.io/5.Policy%20Index/terraform.html
      skipChecks: []

Where necessary an exception can be added, targetting by namespace and resource labels; which will override the above.

---
# Create an exception to the above policy and force configurations
# in the specific namespace to use this instead
---
apiVersion: terraform.appvia.io/v1alpha1
kind: Policy
metadata:
  name: checkov-override
spec:
  constraints:
    checkov:
      selector:
        namespace:
          matchExpressions:
            - key: kubernetes.io/metadata.name
              operator: In
              values: [apps2]
      # See: https://www.checkov.io/5.Policy%20Index/terraform.html
      skipChecks:
        - <NAME>

What's Changed

• [CI] - Fixing Github Workflow (Release) by @gambol99 in #18
• [BUGFIX] - Decreasing Backoff Limit by @gambol99 in #19
• [DOCS] - Development Readme by @gambol99 in #21
• [FIX] - Supported Providers by @gambol99 in #22
• [FEATURE] - Adding Checkov Security Policy by @gambol99 in #20
• Release v0.1.1 by @gambol99 in #23
• [CI] - Fixing the Release Step by @gambol99 in #24

Full Changelog: v0.1.0...v0.1.1