zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
cloud-foundation-fabric/CHANGELOG.md

21 KiB
Raw Blame History

Changelog

All notable changes to this project will be documented in this file.

Unreleased

  • new apigee-organization and apigee-x-instance
  • generate email and iam_email statically in the iam-service-account module
  • new billing-budget module
  • fix scheduled-asset-inventory-export-bq module
  • output custom role information from the organization module
  • enable multiple vpc-sc perimeters over multiple modules
  • new cloud operations example showing how to restrict service usage using delegated role grants

5.1.0 - 2021-08-30

  • add support for lifecycle_rule in gcs module
  • create pubsub service identity if service is enabled
  • support for creation of GKE Autopilot clusters
  • add support for CMEK keys in Data Foundation end to end example
  • add support for VPC-SC perimeters in Data Foundation end to end example
  • fix vpc-sc module
  • new networking example showing how to use Private Service Connect to call a Cloud Function from on-premises
  • new networking example showing how to organize decentralized firewall management on GCP

5.0.0 - 2021-06-17

  • fix message_retention_duration variable type in pubsub module
  • move bq robot service account into the robot service account project output
  • add IAM cryptDecrypt role to robot service account on specified keys
  • add Service Identity creation on project module if secretmanager enabled
  • add Data Foundation end to end example

4.9.0 - 2021-06-04

  • incompatible change updated resource name for google_dns_policy on the net-vpc module
  • added support for VPC-SC Ingress Egress policies on the vpc-sc module
  • update CI to Terraform 0.15 and fix minor incompatibilities
  • add deletion_protection to the bigquery-dataset module
  • add support for dataplane v2 to GKE cluster module
  • add BGP peer outputs to HA VPN module

4.8.0 - 2021-05-12

  • added support for CORS to the gcs module
  • make cluster creation optional in the Shared VPC example
  • make service account creation optional in iam-service-account module
  • new third-party-solutions top-level folder with initial openshift example
  • added support for DNS Policies to the net-vpc module

4.7.0 - 2021-04-21

  • incompatible change add support for master_global_access_config block in gke-cluster module
  • add support for group-based IAM to resource management modules
  • add support for private service connect

4.6.1 - 2021-04-01

  • incompatible change support one group per zone in the compute-vm module the group output is now renamed to groups

4.6.0 - 2021-03-31

  • incompatible change logging sinks now create non-authoritative bindings when iam=true
  • fixed IAM bindings for module bigquery not specifying project_id
  • remove device_policy from vpc_sc module as it requires BeyondCorp Enterprise Premium
  • allow using unsuffixed name in compute_vm module

4.5.1 - 2021-03-27

  • allow creating private DNS zones with no visible VPCs in dns module

4.5.0 - 2021-03-20

  • new logging-bucket module to create Cloud Logging Buckets
  • add support to create logging sinks using logging buckets as the destination
  • incompatible change extended logging sinks to support per-sink exclusions
  • new net-vpc-firewall-yaml module
  • add support for regions, device policy and access policy dependency to vpc-sc module
  • add support for joining VPC-SC perimeters in project module
  • add userinfo.email to default scopes in compute-vm module

4.4.2 - 2021-03-05

  • fix versions constraints on modules to avoid the no available releases match the given constraints error

4.4.1 - 2021-03-05

  • depend specific org module resources (eg policies) from IAM bindings
  • set version for google-beta provider in project module

4.4.0 - 2021-03-02

  • new filtering_proxy networking example
  • add support for a second region in the onprem networking example
  • add support for per-tunnel router to VPN HA and VPN dynamic modules
  • incompatible change the attached_disks variable type has changed in the compute-vm module, to add support for regional persistent disks, and attaching existing disks to instances / templates
  • the hub and spoke via peering example now supports project creation, resource prefix, and GKE peering configuration
  • make the project_id output from the project module non-dynamic. This means you can use this output as a key for map fed into a for_each (for example, as a key for iam_project_bindings in the iam-service-accounts module)
  • add support for essential contacts in the in the project, folder and organization modules

4.3.0 - 2021-01-11

  • new DNS for Shared VPC example
  • incompatible change removed the logging-sinks module. Logging sinks can now be created the logging_sinks variable in the in the project, folder and organization modules
  • add support for creating logging exclusions in the project, folder and organization modules
  • add support for Confidential Compute to compute-vm module
  • add support for handling IAM policy (bindings, audit config) as fully authoritative in the organization module

4.2.0 - 2020-11-25

  • incompatible change the org_id variable and output in the vpc-sc module have been renamed to organization_id, the variable now accepts values in organizations/nnnnnnnn format
  • incompatible change the forwarders variable in the dns module has a different type, to support specifying forwarding path
  • add support for MTU in net-vpc module
  • incompatible change access variables have been renamed in the bigquery-dataset module
  • add support for IAM to the bigquery-dataset module
  • fix default OAuth scopes in gke-nodepool module
  • add support for hierarchical firewalls to the folder and organization modules
  • incompatible change the org_id variable and output in the organization module have been renamed to organization_id, the variable now accepts values in organizations/nnnnnnnn format

4.1.0 - 2020-11-16

  • incompatible change rename prefix for node configuration variables in gke-nodepool module #156
  • add support for internally managed service account in gke-nodepool module #156
  • made examples in READMEs runnable and testable [#157]
  • incompatible change iam_additive is now keyed by role to be more resilient with dynamic values, a new iam_additive_members variable has been added for backwards compatibility.
  • add support for node taints in gke-nodepool module
  • add support for CMEK in gke-nodepool module

4.0.0 - 2020-11-06

  • This is a major refactor adding support for Terraform 0.13 features
  • incompatible change minimum required terraform version is now 0.13.0
  • incompatible change folders module renamed to folder
  • incompatible change iam-service-accounts module renamed to iam-service-account
  • incompatible change all iam_roles and iam_member variables merged into a single iam variable. This change affects most modules
  • incompatible change modules like folder, gcs, iam-service-account now create a single resource. Use for_each at the module level if you need multiple instances
  • added basic variable validations to some modules

3.5.0 - 2020-10-27

  • end to end example for scheduled Cloud Asset Inventory export to Bigquery
  • decouple Cloud Run from Istio in GKE cluster module
  • depend views on tables in bigquery dataset module
  • bring back logging options for firewall rules in net-vpc-firewall module
  • removed interpolation-only expressions causing terraform warnings
  • incompatible change simplify alias IP specification in compute-vm. We now use a map (alias range name to list of IPs) instead of a list of maps.
  • allow using alias IPs with instance_count in compute-vm
  • add support for virtual displays in compute-vm
  • add examples of alias IPs in compute-vm module
  • fix support for creating disks from images in compute-vm
  • allow creating single-sided peerings in net-vpc and net-vpc-peering
  • use service project registration to Shared VPC in GKE example to remove need for two-step apply

3.4.0 - 2020-09-24

  • add support for logging and better type for the retention_policies variable in gcs module
  • incompatible change deprecate bucket_policy_only in favor of uniform_bucket_level_access in gcs module
  • incompatible change allow project module to configure itself as both shared VPC service and host project

3.3.0 - 2020-09-01

  • remove extra readers in gcs-to-bq-with-dataflow example (issue: 128)
  • make VPC creation optional in net-vpc module to allow managing a pre-existing VPC
  • make HA VPN gateway creation optional in net-vpn-ha module
  • add retention_policy in gcs module
  • refactor net-address module variables, and add support for internal address purpose

3.2.0 - 2020-08-29

  • incompatible change add alias IP support in cloud-vm module
  • add tests for data-solutions examples
  • fix apply errors on dynamic resources in dataflow example
  • make zone creation optional in dns module
  • new quota-monitoring end-to-end example in cloud-operations

3.1.1 - 2020-08-26

  • fix error in project module

  • incompatible change make HA VPN Gateway creation optional for net-vpn-ha module. Now an existing HA VPN Gateway can be used. Updating to the new version of the module will cause VPN Gateway recreation which can be handled by terraform state rm/terraform import operations.

3.1.0 - 2020-08-16

  • incompatible change add support for specifying a different project id in the GKE cluster module; if using the peering_config variable, peering_config.project_id now needs to be explicitly set, a null value will reuse the project_id variable for the peering

3.0.0 - 2020-08-15

  • incompatible change the top-level infrastructure folder has been renamed to networking
  • add end-to-end example for ILB as next hop
  • add basic tests for foundations and networking end-to-end examples
  • fix Shared VPC end-to-end example and documentation

2.8.0 - 2020-08-01

  • fine-grained Cloud DNS IAM via Service Directory example
  • add feed id output dependency on IAM roles in pubsub module

2.7.1 - 2020-07-24

  • fix provider issue in bigquery module

2.7.0 - 2020-07-24

  • add support for VPC connector and ingress settings to cloud-function module
  • add support for logging to net-cloudnat module

2.6.0 - 2020-07-19

  • incompatible changes setting zone in the compute-vm module is now done via an optional zones variable, that accepts a list of zones
  • fix optional IAM permissions in folder unit module

2.5.0 - 2020-07-10

  • new vpc-sc module
  • add support for Shared VPC to the project module
  • fix bug with compute-vm address reservations introduced in 2.4.1

2.4.2 - 2020-07-09

  • add support for Shielded VM to compute-vm

2.4.1 - 2020-07-06

  • better fix external IP assignment in compute-vm

2.4.0 - 2020-07-06

  • fix external IP assignment in compute-vm
  • new top-level cloud-operations example folder
  • Cloud Asset Inventory end to end example in cloud-operations

2.3.0 - 2020-07-02

  • new 'Cloud Storage to Bigquery with Cloud Dataflow' end to end data solution
  • incompatible change additive IAM bindings are now keyed by identity instead of role, and use a single iam_additive_bindings variable, refer to #103 for details
  • set delete_contents_on_destroy in the foundations examples audit dataset to allow destroying
  • trap errors raised by the project module on destroy

2.2.0 - 2020-06-29

  • make project creation optional in project module to allow managing a pre-existing project
  • new cloud-endpoints module
  • new cloud-function module

2.1.0 - 2020-06-22

  • incompatible change routes in the net-vpc module now interpolate the VPC name to ensure uniqueness, upgrading from a previous version will drop and recreate routes
  • the top-level docker-images folder has been moved inside modules/cloud-config-container/onprem
  • dns_keys output added to the dns module
  • add group-config variable, groups and group_self_links outputs to net-ilb module to allow creating ILBs for externally managed instances
  • make the IAM bindings depend on the compute instance in the compute-vm module

2.0.0 - 2020-06-11

  • new data-solutions section and cmek-via-centralized-kms example
  • incompatible change static VPN routes now interpolate the VPN gateway name to enforce uniqueness, upgrading from a previous version will drop and recreate routes

1.9.0 - 2020-06-10

  • new bigtable-instance module
  • add support for IAM bindings to compute-vm module

1.8.1 - 2020-06-07

  • use all instead of specifying protocols in the admin firewall rule of the net-vpc-firewall module
  • add support for encryption keys in gcs module
  • set next_hop_instance_zone in net-vpc for next hop instance routes to avoid triggering recreation

1.8.0 - 2020-06-03

  • incompatible change the kms module has been refactored and will be incompatible with previous state
  • incompatible change robot and default service accounts outputs in the project module have been refactored and are now exposed via a single service_account output (cf #82)
  • add support for PD CSI driver in GKE module
  • refactor iam-service-accounts module outputs to be more resilient
  • add option to use private GCR to cos-generic-metadata module

1.7.0 - 2020-05-30

  • add support for disk encryption to the compute-vm module
  • new datafusion module
  • new container-registry module
  • new artifact-registry module

1.6.0 - 2020-05-20

  • add output to gke-cluster exposing the cluster's CA certificate
  • fix gke-cluster autoscaling options
  • add support for Service Directory bound zones to the dns module
  • new service-directory module
  • new source-repository module

1.5.0 - 2020-05-11

  • incompatible change the bigquery module has been removed and replaced by the new bigquery-dataset module
  • incompatible change subnets in the net-vpc modules are now passed as a list instead of map, and all related variables for IAM and flow logs use region/name instead of name keys; it's now possible to have the same subnet name in different regions
  • replace all references to the removed resourceviews.googleapis.com API with container.googleapis.com
  • fix advanced options in gke-nodepool module
  • fix health checks in compute-mig and net-ilb modules
  • new cos-generic-metadata module in the cloud-config-container suite
  • new envoy-traffic-director module in the cloud-config-container suite
  • new pubsub module

1.4.1 - 2020-05-02

  • new secret-manager module
  • fix access in bigquery module, this is the last version of this module to support multiple datasets, future versions will be called bigquery-dataset

1.4.0 - 2020-05-01

  • fix DNS module internal zone lookup
  • fix Cloud NAT module internal router name lookup
  • re-enable and update outputs for the foundations environments example
  • add peering route configuration for private clusters to GKE cluster module
  • incompatible changes in the GKE nodepool module
    • rename node_config_workload_metadata_config variable to workload_metadata_config
    • new default for workload_metadata_config is GKE_METADATA_SERVER
  • incompatible change in the compute-vm module
    • removed support for MIG and the group_manager variable
  • add compute-mig and net-ilb modules
  • incompatible change in net-vpc
    • a new name attribute has been added to the subnets variable, allowing to directly set subnet name, to update to the new module add an extra name = false attribute to each subnet

1.3.0 - 2020-04-08

  • add organization policy module
  • add support for organization policies to folders and project modules

1.2.0 - 2020-04-06

  • add squid container to the cloud-config-container module

1.1.0 - 2020-03-27

  • rename the cos-container suite of modules to cloud-config-container
  • refactor the onprem-in-a-box module to only manage the cloud-config configuration, and make it part of the cloud-config-container suite of modules
  • update the onprem-google-access-dns example to use the refactored onprem module
  • fix the external_addresses output in the compute-vm module
  • small tweaks and fixes to the cloud-config-container modules

1.0.0 - 2020-03-27

  • merge development branch with suite of new modules and end-to-end examples