v53.0.0

Breaking Changes

• modules/project-factory: the factories-config variable has changed type, please review your tfvars configuration before applying.
  fast: the factories-config variable has changed type across stages, please review your tfvars configuration before applying. [#3728]

What's Changed

• Updated schema regex and checks in 0-org-setup by @lnesteroff in #3705
• Refactor subnets mgmt in net-vpc-factory by @sruffilli in #3715
• Change factories_config type in FAST and project/vpc factory modules, add YAML schema validation by @ludoo in #3728

Full Changelog: v52.1.0...v53.0.0

v52.1.0

Breaking Changes

• modules/looker-core: the looker-core module no longer manages OAuth credentials. [#3727]
• modules/project-factory: tags value and key IAM bindings have been moved to a different module call to fully support context expansion. No moved blocks are provided, as the change is resolved within a single apply. [#3714]

What's Changed

• Use LEGACY_DATAPATH when enable_features.dataplane_v2 is false by @singhal0306 in #3692
• cloudsql maintenance window day made optional by @singhal0306 in #3693
• Fix project-factory observability factory by @juliocc in #3695
• Fix id in service account module when reusing in a universe by @ludoo in #3698
• Add support for security command center mute rules in module organization, folder and project by @vannicktrinquier in #3694
• Net-vpc-factory by @sruffilli in #3696
• Add missing IAM interface attributes to service account module by @ludoo in #3700
• Fix broken links in Markdown files by @SamuPert in #3703
• Add asset_search to folder, project, and organization modules. by @juliocc in #3707
• fix(project-factory): Correctly interpolate IAM principals in tags by @lopezvit in #3704
• Fix regression in project factory module context by @ludoo in #3708
• Add support for bucket logging configuration in module gcs and project-factory by @vannicktrinquier in #3699
• Revert #3704 by @ludoo in #3713
• Remove resman mentions from FAST files by @ludoo in #3709
• docu: without specifying the asn to be 16550 this example gives an error by @lopezvit in #3706
• Ensure fast-links works regardless of bash path by @LucaPrete in #3711
• Support project-level tag key/value contexts in project factory by @ludoo in #3714
• Add custom bucket name for project-factory module by @kovagoadam in #3682
• Expose additional workforce identity attributes by @juliocc in #3717
• Update billing-0.yaml in gcd dataset by @juliocc in #3719
• Revert "Update billing-0.yaml in gcd dataset" by @ludoo in #3721
• Retry #3719 and fix broken link by @juliocc in #3723
• Add basic observability example to classic dataset by @juliocc in #3697
• Looker PSC support by @ajlopezn in #3724
• ADR on dataset overall base path by @ludoo in #3725
• Additional PSC related improvements to module/looker-core by @juliocc in #3727
• feat: pass variable for additive by principal by @ashley-abbott in #3731

New Contributors

• @ashley-abbott made their first contribution in #3731

Full Changelog: v52.0.0...v52.1.0

v52.0.0

Breaking Changes

• fast/stages/0-org-setup: custom constraints are moved to module "organization-iam" for provisioning. Manual state migration is required to avoid destroying existing constraints. Refer to UPGRADING.md documentation for more information on the steps to be executed. [#3661]

What's Changed

• Fix observability in stage 0 defaults by @ludoo in #3646
• Implement various compliance configuration and principle of least privilege for hardened dataset by @vannicktrinquier in #3635
• Improve fallback behaviour documentation for hardened dataset in 0-org-setup by @kovagoadam in #3621
• Add context support for constraints and additional controls for hardened datasets (IAM, GKE and others) by @vannicktrinquier in #3661

Full Changelog: v51.1.0...v52.0.0

v51.1.0

Breaking Changes

• modules/vpc-sc, fast/stages/1-vpcsc: Perimeter definitions now refer to access levels and policies using context syntax, perimeter definitions need to be upgraded. [#3678]
• modules/vpc-sc: perimeters defined with ignore_resource_changes will recreate resource membership via additional resources. [#3628]

What's Changed

• Support public DNS attributes in FAST network stage by @ericyz in #3618
• Fix workforce identity federation provider configuration by @ooshrioo in #3626
• Add support for labels to global addresses in net-vpc module by @LaoZhuBaba in #3622
• Use additive resource for perimeter resources in vpc-sc module when ignore changes is set by @ludoo in #3628
• Reintroduce support for resource sets in VPC SC module additive perimeters by @ludoo in #3629
• Revert "Reintroduce support for resource sets in VPC SC module additive perimeters" by @ludoo in #3630
• Revert "Use additive resource for perimeter resources in vpc-sc module when ignore changes is set" by @ludoo in #3631
• feat: Implement target secure tags for hierarchical firewall policies by @ericyz in #3633
• Add support to VPC flow logs for PSC subnet by @vannicktrinquier in #3639
• Allow any VPC for (secure) network_tags by @ericyz in #3634
• Add support for mirroring rules to modules/net-firewall-policy by @juliocc in #3636
• Added locality_lb_policy and http_cookie regional ext alb module by @labbott-hub24 in #3638
• Add folder_ids to project condition vars in project factory module by @ludoo in #3642
• Expose bigquery encryption in project schemas by @ludoo in #3645
• fixed bug where label field is ignored for policy based routes by @LaoZhuBaba in #3648
• Introduce iam_by_principals_conditional by @juliocc in #3649
• Resolve permadiff for docker_config immutable in artifact registry module by @singhal0306 in #3652
• feat(logging-bucket): support locked parameter for project parent types by @singhal0306 in #3650
• Add ability to use existing source files in GCS. by @LucaPrete in #3653
• Support CMEK configuration in org module logging settings, expose identities in FAST context by @ludoo in #3656
• Support org-level logging cmek config in schema, use context for org-level logging config, update schema docs. by @ludoo in #3657
• Add asset_feeds to resman modules by @juliocc in #3658
• Add missing context interpolations by @juliocc in #3659
• Minor doc improvements for FAST bootstrap by @drebes in #3643
• Add support for the Assured Workloads in the project factory by @lopezvit in #3666
• Add service connection policies to modules/net-vpc by @juliocc in #3667
• Fix domains of default service accounts when universe is present by @juliocc in #3670
• Support universe-specific package domain in artifact registry module by @ludoo in #3671
• improve configurability and resource references for internal ALB by @singhal0306 in #3654
• Update GCD Readme by @juliocc in #3672
• Enable source tag support for hierarchical firewall rules by @ludoo in #3673
• Add support for budget filter custom period to billig-account module budgets factory by @ludoo in #3674
• Update README-GCD.md by @zabela in #3677
• Add KMS, Confidential Compute and Shielded VM to 2-networking by @sruffilli in #3676
• Use context syntax for VPC-SC access levels and policies by @ludoo in #3678
• fix(gke-cluster-standard): Avoid perpetual diff on network tags in node_pool_auto_config block by @noony in #3680
• Remove observability from classic dataset by @juliocc in #3681
• feat: create new dataset classic-gcd (based on dataset classic) to enable deployment on GCD by @SvenPistre in #3679
• Clarify GCD install process by @juliocc in #3683
• Add template revision to ignore_changes list by @wehm2000 in #3685
• Add PSC-I support to Agent Engine module by @LucaPrete in #3686
• Fix Agent Engine PSC-I configuration by @LucaPrete in #3687
• fix: extract and validate links within HTML blocks in Markdown files by @SamuPert in #3688
• Fix resource policies for regional disks in compute-vm module by @ludoo in #3689
• Allow null prefixes in project factory when override is not set by @ludoo in #3691

New Contributors

• @LaoZhuBaba made their first contribution in #3622
• @labbott-hub24 made their first contribution in #3638
• @lopezvit made their first contribution in #3666
• @zabela made their first contribution in #3677
• @SvenPistre made their first contribution in #3679
• @wehm2000 made their first contribution in #3685

Full Changelog: v51.0.0...v51.1.0

v51.0.0

What's Changed

• Add controls related to CMEK encryption and support to FAST by @vannicktrinquier in #3556
• Fix inconsistent provider plan for FAST outputs by @wiktorn in #3601
• Fix bucket name for versions.txt in 0-org-setup stage by @wiktorn in #3605
• Add support for pubsub to project factory by @ludoo in #3608
• FAST CI/CD Azure Devops support via project template by @ludoo in #3616
• Preliminary doc for stage 0 setup in GCD by @ludoo in #3623

Full Changelog: v50.1.0...v51.0.0

v50.1.0

Breaking Changes

• modules/agent-engine: refactored module variables to support source based deployments and added support for new features (resource limits, min/max instances, concurrent instances). [#3609]

What's Changed

• Fix CI/CD dataset files and provider workflow variable in FAST stage 0 by @ludoo in #3587
• Fix typo in sample CI/CD YAML file by @ludoo in #3590
• Add support for descriptive name to projects by @ludoo in #3591
• Add import snippet for IAM to 0-org-setup by @wiktorn in #3592
• Fixed issue with cross region load balancer IP address assigment by @apichick in #3593
• Upgrade Terraform provider to 7.13 by @LucaPrete in #3600
• Password for initial_user for AlloyDB is no longer required by @LucaPrete in #3596
• feat: project-factory folders support deletion_protection by @joshmyers in #3595
• Add audiences for cicd_workflows local in 0-org-setup by @kovagoadam in #3602
• Correct documentation for Direct VPC Egress for Cloud Functions 2 by @wiktorn in #3603
• Fix project-factory stage version output file name by @kovagoadam in #3606
• Fix pytest -s in CONTRIBUTING.md by @LucaPrete in #3610
• Add service attachments for cross regional load balancer by @sepehrjavid in #3612
• Bump qs and @google-cloud/functions-framework in /modules/api-gateway/recipe-multi-region/function by @dependabot[bot] in #3614
• Fix disk architecture validation in compute-vm module by @singhal0306 in #3615
• AlloyDB - Enable multiple automated backup per day by @RamBSn in #3604
• Refactor Agent Engine module to support new source based deployments by @LucaPrete in #3609
• Prevent recreation for key_revocation_action in compute-vm module by @singhal0306 in #3620
• feat: Add group attribute to NCC spoke configurations. by @ericyz in #3617
• ADR on context passing by @wiktorn in #3405

New Contributors

• @singhal0306 made their first contribution in #3615
• @RamBSn made their first contribution in #3604
• @ericyz made their first contribution in #3617

Full Changelog: v50.0.0...v50.1.0

v50.0.0

What's Changed

• Add support for context to dataplex aspect types and data catalog policy tags modules by @ludoo in #3544
• Configure ADMIN_READ for sts.googleapis.com to enable Workforce Identity logging by @ysolt in #3545
• Add additional hardened controls for gke, firewall, cloudrun and more by @vannicktrinquier in #3541
• Align locations in networking stage with other stages by @vannicktrinquier in #3559
• Workforce identity: migrate to iam.managed.allowedPolicyMembers Organizational Policy by @ysolt in #3546
• Implement additional GCS attributes in project factory by @ludoo in #3583
• Add script to programmatically replace the path in schema declarations by @ludoo in #3584

Full Changelog: v49.3.0...v50.0.0

v49.3.0

What's Changed

• Add retain_backups_on_delete and final_backup_configuration to cloudsql-instance by @justkmark in #3574
• added role required for support ticket creation by @aumohr in #3578
• fixed project-factory module to pass service account description by @fenyvesi-levi in #3579
• Add yq snippets for IAM imports into factory files by @wiktorn in #3580
• feat(compute-mig): add instance_lifecycle_policy support by @frits-v in #3577
• feat: Allow empty prefix for project_factory buckets by @joshmyers in #3575
• fix(compute-mig): correctly map allow_changing_zone by @frits-v in #3585
• Add more detailed version of yq by @wiktorn in #3581
• Use project numbers in billing budget filter by @kovagoadam in #3555

Full Changelog: v49.2.0...v49.3.0

v49.2.0

What's Changed

• fix http2 and ssl health-checks for load balancers by @wiktorn in #3551
• Auto-grant editor role for cloudservices in project module, expand project ids context in project factory module by @ludoo in #3552
• Re-enable billing budget association in project factory for projects and extend to folders by @ludoo in #3554
• Added PSC connection id to outputs, which is required, for instance f… by @apichick in #3560
• Update stage 0 README by @ludoo in #3565
• Add support for CMEK in logging bucket, big query dataset and gke notifications by @vannicktrinquier in #3558
• Add GEMINI.md file by @drebes in #3563
• feat(net-lb-app): support Google-Managed IAP and add tests by @drebes in #3564
• Updates to GKE modules to support Secret Sync by @woodham1 in #3562
• Add Direct VPC Egress support to modules/cloud-function-v2 by @juliocc in #3567
• Cursed knowledge for ignore_changes by @wiktorn in #3568
• fix e2e tests - move c4* tests to c zone by @wiktorn in #3569
• add labels support to dns module by @borijani in #3572

New Contributors

• @woodham1 made their first contribution in #3562
• @borijani made their first contribution in #3572

Full Changelog: v49.1.0...v49.2.0

v49.1.0

This is an interim release, to quickly publish small updates to service identities in the project module, and the new iam_principalsets context replacements for organizations, folders, projects.

What's Changed

• Allow PSC and PSA connections on Cloud SQL by @vennemp in #3539
• Add optional secondary read pool support to the alloydb module by @sshcherbakov in #3529
• Fix aprover -> approver by @juliocc in #3540
• Fix factory budget check with threshold_rules[*].percent by @kovagoadam in #3542
• Add backup vault module by @yashwantmahawar in #3536
• Fix org policy service to be enabled before organization policies applied by @vannicktrinquier in #3547
• Update service-agents.yaml by @wiktorn in #3543
• Context improvements: "all service accounts" principal in folder, org, project modules; custom roles in factory condition vars for FAST stage 0 by @ludoo in #3548
• Add custom default routes and delete default route in FAST networking datasets by @ludoo in #3549

New Contributors

• @vennemp made their first contribution in #3539
• @sshcherbakov made their first contribution in #3529
• @yashwantmahawar made their first contribution in #3536

Full Changelog: v49.0.0...v49.1.0