github GoogleCloudPlatform/cloud-foundation-fabric v53.1.0
on GitHub

latest release: v54.0.0
7 hours ago

Breaking Changes

  • modules/gke-cluster-autopilot: The type of the access_config.dns_access variable attribute has changed, check your code if you set it explicitly. [#3781]
  • modules/gke-cluster-standard: The type of the access_config.dns_access variable attribute has changed, check your code if you set it explicitly. [#3781]
  • fast/stages/3-gke-dev: The type of the access_config.dns_access variable attribute has changed, check your code if you set it explicitly. [#3781]
  • modules/kms: they key for IAM authoritative and additive bindings has changed, reapply twice to preserve bindings after updating the module. [#3775]
  • modules/net-lb-app-int: neg_configs.cloudrun.target_service.tag has been moved to neg_configs.cloudrun.tag, the old location is still supported but will be deprecated in the future. [#3771]
  • modules/gke-nodepool: Disk configuration has moved to a new node_config.boot_disk block to align with upcoming provider changes. Support for the legacy flat attributes has been kept to ensure backward compatibility. [#3767]
  • modules/bigquery-dataset: the resource names for IAM bindings have changed and will trigger recreation [#3755]

What's Changed

  • Allow PSC and PSA connections on Cloud SQL by @vennemp in #3539
  • Add optional secondary read pool support to the alloydb module by @sshcherbakov in #3529
  • Fix aprover -> approver by @juliocc in #3540
  • Fix factory budget check with threshold_rules[*].percent by @kovagoadam in #3542
  • Add backup vault module by @yashwantmahawar in #3536
  • Add support for context to dataplex aspect types and data catalog policy tags modules by @ludoo in #3544
  • Configure ADMIN_READ for sts.googleapis.com to enable Workforce Identity logging by @ysolt in #3545
  • Fix org policy service to be enabled before organization policies applied by @vannicktrinquier in #3547
  • Add additional hardened controls for gke, firewall, cloudrun and more by @vannicktrinquier in #3541
  • Update service-agents.yaml by @wiktorn in #3543
  • Context improvements: "all service accounts" principal in folder, org, project modules; custom roles in factory condition vars for FAST stage 0 by @ludoo in #3548
  • Add custom default routes and delete default route in FAST networking datasets by @ludoo in #3549
  • fix http2 and ssl health-checks for load balancers by @wiktorn in #3551
  • Auto-grant editor role for cloudservices in project module, expand project ids context in project factory module by @ludoo in #3552
  • Re-enable billing budget association in project factory for projects and extend to folders by @ludoo in #3554
  • Added PSC connection id to outputs, which is required, for instance f… by @apichick in #3560
  • Align locations in networking stage with other stages by @vannicktrinquier in #3559
  • Update stage 0 README by @ludoo in #3565
  • Add support for CMEK in logging bucket, big query dataset and gke notifications by @vannicktrinquier in #3558
  • Add GEMINI.md file by @drebes in #3563
  • feat(net-lb-app): support Google-Managed IAP and add tests by @drebes in #3564
  • Updates to GKE modules to support Secret Sync by @woodham1 in #3562
  • Workforce identity: migrate to iam.managed.allowedPolicyMembers Organizational Policy by @ysolt in #3546
  • Add Direct VPC Egress support to modules/cloud-function-v2 by @juliocc in #3567
  • Cursed knowledge for ignore_changes by @wiktorn in #3568
  • fix e2e tests - move c4* tests to c zone by @wiktorn in #3569
  • add labels support to dns module by @borijani in #3572
  • Add retain_backups_on_delete and final_backup_configuration to cloudsql-instance by @justkmark in #3574
  • added role required for support ticket creation by @aumohr in #3578
  • fixed project-factory module to pass service account description by @fenyvesi-levi in #3579
  • Add yq snippets for IAM imports into factory files by @wiktorn in #3580
  • feat(compute-mig): add instance_lifecycle_policy support by @frits-v in #3577
  • Implement additional GCS attributes in project factory by @ludoo in #3583
  • Add script to programmatically replace the path in schema declarations by @ludoo in #3584
  • feat: Allow empty prefix for project_factory buckets by @joshmyers in #3575
  • fix(compute-mig): correctly map allow_changing_zone by @frits-v in #3585
  • Add more detailed version of yq by @wiktorn in #3581
  • Use project numbers in billing budget filter by @kovagoadam in #3555
  • Fix CI/CD dataset files and provider workflow variable in FAST stage 0 by @ludoo in #3587
  • Fix typo in sample CI/CD YAML file by @ludoo in #3590
  • Add support for descriptive name to projects by @ludoo in #3591
  • Add import snippet for IAM to 0-org-setup by @wiktorn in #3592
  • Fixed issue with cross region load balancer IP address assigment by @apichick in #3593
  • Add controls related to CMEK encryption and support to FAST by @vannicktrinquier in #3556
  • Fix inconsistent provider plan for FAST outputs by @wiktorn in #3601
  • Upgrade Terraform provider to 7.13 by @LucaPrete in #3600
  • Password for initial_user for AlloyDB is no longer required by @LucaPrete in #3596
  • feat: project-factory folders support deletion_protection by @joshmyers in #3595
  • Add audiences for cicd_workflows local in 0-org-setup by @kovagoadam in #3602
  • Correct documentation for Direct VPC Egress for Cloud Functions 2 by @wiktorn in #3603
  • Fix project-factory stage version output file name by @kovagoadam in #3606
  • Fix bucket name for versions.txt in 0-org-setup stage by @wiktorn in #3605
  • Add support for pubsub to project factory by @ludoo in #3608
  • Fix pytest -s in CONTRIBUTING.md by @LucaPrete in #3610
  • Add service attachments for cross regional load balancer by @sepehrjavid in #3612
  • Bump qs and @google-cloud/functions-framework in /modules/api-gateway/recipe-multi-region/function by @dependabot[bot] in #3614
  • Fix disk architecture validation in compute-vm module by @singhal0306 in #3615
  • AlloyDB - Enable multiple automated backup per day by @RamBSn in #3604
  • FAST CI/CD Azure Devops support via project template by @ludoo in #3616
  • Refactor Agent Engine module to support new source based deployments by @LucaPrete in #3609
  • Prevent recreation for key_revocation_action in compute-vm module by @singhal0306 in #3620
  • feat: Add group attribute to NCC spoke configurations. by @ericyz in #3617
  • ADR on context passing by @wiktorn in #3405
  • Preliminary doc for stage 0 setup in GCD by @ludoo in #3623
  • Support public DNS attributes in FAST network stage by @ericyz in #3618
  • Fix workforce identity federation provider configuration by @ooshrioo in #3626
  • Add support for labels to global addresses in net-vpc module by @LaoZhuBaba in #3622
  • Use additive resource for perimeter resources in vpc-sc module when ignore changes is set by @ludoo in #3628
  • Reintroduce support for resource sets in VPC SC module additive perimeters by @ludoo in #3629
  • Revert "Reintroduce support for resource sets in VPC SC module additive perimeters" by @ludoo in #3630
  • Revert "Use additive resource for perimeter resources in vpc-sc module when ignore changes is set" by @ludoo in #3631
  • feat: Implement target secure tags for hierarchical firewall policies by @ericyz in #3633
  • Add support to VPC flow logs for PSC subnet by @vannicktrinquier in #3639
  • Allow any VPC for (secure) network_tags by @ericyz in #3634
  • Add support for mirroring rules to modules/net-firewall-policy by @juliocc in #3636
  • Added locality_lb_policy and http_cookie regional ext alb module by @labbott-hub24 in #3638
  • Add folder_ids to project condition vars in project factory module by @ludoo in #3642
  • Expose bigquery encryption in project schemas by @ludoo in #3645
  • Fix observability in stage 0 defaults by @ludoo in #3646
  • fixed bug where label field is ignored for policy based routes by @LaoZhuBaba in #3648
  • Introduce iam_by_principals_conditional by @juliocc in #3649
  • Resolve permadiff for docker_config immutable in artifact registry module by @singhal0306 in #3652
  • feat(logging-bucket): support locked parameter for project parent types by @singhal0306 in #3650
  • Add ability to use existing source files in GCS. by @LucaPrete in #3653
  • Implement various compliance configuration and principle of least privilege for hardened dataset by @vannicktrinquier in #3635
  • Support CMEK configuration in org module logging settings, expose identities in FAST context by @ludoo in #3656
  • Support org-level logging cmek config in schema, use context for org-level logging config, update schema docs. by @ludoo in #3657
  • Add asset_feeds to resman modules by @juliocc in #3658
  • Add missing context interpolations by @juliocc in #3659
  • Minor doc improvements for FAST bootstrap by @drebes in #3643
  • Improve fallback behaviour documentation for hardened dataset in 0-org-setup by @kovagoadam in #3621
  • Add context support for constraints and additional controls for hardened datasets (IAM, GKE and others) by @vannicktrinquier in #3661
  • Add support for the Assured Workloads in the project factory by @lopezvit in #3666
  • Add service connection policies to modules/net-vpc by @juliocc in #3667
  • Fix domains of default service accounts when universe is present by @juliocc in #3670
  • Support universe-specific package domain in artifact registry module by @ludoo in #3671
  • improve configurability and resource references for internal ALB by @singhal0306 in #3654
  • Update GCD Readme by @juliocc in #3672
  • Enable source tag support for hierarchical firewall rules by @ludoo in #3673
  • Add support for budget filter custom period to billig-account module budgets factory by @ludoo in #3674
  • Update README-GCD.md by @zabela in #3677
  • Add KMS, Confidential Compute and Shielded VM to 2-networking by @sruffilli in #3676
  • Use context syntax for VPC-SC access levels and policies by @ludoo in #3678
  • fix(gke-cluster-standard): Avoid perpetual diff on network tags in node_pool_auto_config block by @noony in #3680
  • Remove observability from classic dataset by @juliocc in #3681
  • feat: create new dataset classic-gcd (based on dataset classic) to enable deployment on GCD by @SvenPistre in #3679
  • Clarify GCD install process by @juliocc in #3683
  • Add template revision to ignore_changes list by @wehm2000 in #3685
  • Add PSC-I support to Agent Engine module by @LucaPrete in #3686
  • Fix Agent Engine PSC-I configuration by @LucaPrete in #3687
  • fix: extract and validate links within HTML blocks in Markdown files by @SamuPert in #3688
  • Fix resource policies for regional disks in compute-vm module by @ludoo in #3689
  • Allow null prefixes in project factory when override is not set by @ludoo in #3691
  • Use LEGACY_DATAPATH when enable_features.dataplane_v2 is false by @singhal0306 in #3692
  • cloudsql maintenance window day made optional by @singhal0306 in #3693
  • Fix project-factory observability factory by @juliocc in #3695
  • Fix id in service account module when reusing in a universe by @ludoo in #3698
  • Add support for security command center mute rules in module organization, folder and project by @vannicktrinquier in #3694
  • Net-vpc-factory by @sruffilli in #3696
  • Add missing IAM interface attributes to service account module by @ludoo in #3700
  • Fix broken links in Markdown files by @SamuPert in #3703
  • Updated schema regex and checks in 0-org-setup by @lnesteroff in #3705
  • Add asset_search to folder, project, and organization modules. by @juliocc in #3707
  • fix(project-factory): Correctly interpolate IAM principals in tags by @lopezvit in #3704
  • Fix regression in project factory module context by @ludoo in #3708
  • Add support for bucket logging configuration in module gcs and project-factory by @vannicktrinquier in #3699
  • Revert #3704 by @ludoo in #3713
  • Remove resman mentions from FAST files by @ludoo in #3709
  • docu: without specifying the asn to be 16550 this example gives an error by @lopezvit in #3706
  • Ensure fast-links works regardless of bash path by @LucaPrete in #3711
  • Support project-level tag key/value contexts in project factory by @ludoo in #3714
  • Refactor subnets mgmt in net-vpc-factory by @sruffilli in #3715
  • Add custom bucket name for project-factory module by @kovagoadam in #3682
  • Expose additional workforce identity attributes by @juliocc in #3717
  • Update billing-0.yaml in gcd dataset by @juliocc in #3719
  • Revert "Update billing-0.yaml in gcd dataset" by @ludoo in #3721
  • Retry #3719 and fix broken link by @juliocc in #3723
  • Add basic observability example to classic dataset by @juliocc in #3697
  • Looker PSC support by @ajlopezn in #3724
  • ADR on dataset overall base path by @ludoo in #3725
  • Additional PSC related improvements to module/looker-core by @juliocc in #3727
  • Change factories_config type in FAST and project/vpc factory modules, add YAML schema validation by @ludoo in #3728
  • feat: pass variable for additive by principal by @ashley-abbott in #3731
  • Dataset configuration template for custom BGP advertisements on Cloud Router and BGP Peers by @SamuPert in #3730
  • Bump qs from 6.14.1 to 6.14.2 in /modules/api-gateway/recipe-multi-region/function by @dependabot[bot] in #3737
  • Fix permadiff on E2E test by @wiktorn in #3740
  • Allow specifying "network_tier" for Compute Engine VM Templates by @hexa2k9 in #3741
  • Fix vpc-sc role name by @wiktorn in #3742
  • docs(organization): document external IAM management for logging sinks at scale by @mInrOz in #3746
  • Refactor Github Action per b/485167538 by @google-admin in #3748
  • Bump ajv from 8.17.1 to 8.18.0 in /modules/api-gateway/recipe-multi-region/function by @dependabot[bot] in #3749
  • [project-factory] Add service_agent outputs by @LucaPrete in #3750
  • Fix project factory service agents outputs from iamEmail to iam_email by @LucaPrete in #3752
  • Fix regional resource policy attachment in compute-vm module by @ludoo in #3753
  • Fix network references in FAST gcve stage by @norbert-loderer in #3747
  • Support additional attributes for buckets/datasets in project factory module by @ludoo in #3755
  • Fix example for snapshot schedules by @wiktorn in #3756
  • Added custom prefix support for automation SA by @kovagoadam in #3757
  • Bugfix/maintenance exclusion by @lyricnz in #3759
  • Fixed psc connection id in net-address module output by @apichick in #3763
  • Add parameter to modules/pubsub to support message_storage_policy.enforce_in_transit by @lyricnz in #3761
  • Fix support for credit types in billing module budgets by @ludoo in #3765
  • Support TLS settings in app load balancer modules by @ludoo in #3766
  • Support hyperdisk-balanced options on gke-nodepool module by @ludoo in #3767
  • Add support for regional health checks to net-lb-int module by @ludoo in #3770
  • Allow specifying cloudrun target without service name in net-lb-app-int module by @ludoo in #3771
  • fix(net-lb-app-ext-regional): use list(string) for route_rules cors_policy attributes by @cvanwijck-hub24 in #3776
  • Allow reusing IAM binding key across objects in kms module by @ludoo in #3775
  • Comment alerting policy in FAST stage 0 classic dataset to prevent e2e errors by @ludoo in #3777
  • Add missing folder features to project factory and align logging across folder/org modules by @ludoo in #3779
  • Support additional dns_access attributes in GKE cluster modules by @ludoo in #3781
  • Add Cilium Clusterwide Network Policy and FQDN Network Policy for Autopilot Clusters by @robrankin in #3778
  • fix(cloudsql): always render backup_configuration block to allow disabling backups by @brokenthumbs in #3780

New Contributors

Full Changelog: v49.0.0...v53.1.0

Check out latest releases or
releases around GoogleCloudPlatform/cloud-foundation-fabric v53.1.0

Don't miss a new cloud-foundation-fabric release

NewReleases is sending notifications on new releases.

Get notifications