v38.1.0

What's Changed

• Bump requests from 2.27.1 to 2.32.2 in /fast/project-templates/secops-anonymization-pipeline/source by @dependabot in #2918
• Add execution/invocation commands to outputs by @wiktorn in #2921
• Fix CICD SA access by @c-jason-kim in #2923
• Fix E2E tests using modules/project project_create by @wiktorn in #2925
• Add limits for stage_names and environment by @wiktorn in #2924
• fix(bootstrap): fix custom roles billing viewer duplicate permissions by @Ameausoone in #2927
• Fixed title: from Artifact Registry to Binary Authorization by @ggalloro in #2931
• Fix failing E2E test for module/project by @wiktorn in #2933
• Introduce test isolation and fix missing GCS service account by @wiktorn in #2935
• Fix broken link in GCP Data Services blueprints by @javiergp in #2936
• Fix localfile project factory readme by @Alhossril in #2938
• Fast 2-networking-a README update by @sruffilli in #2941
• Allow un-managed reverse lookup zones by @wiktorn in #2942
• Use full type definition in project-factory by @wiktorn in #2948
• net-vpc: fix permadiff in docs by @sruffilli in #2949
• Bump golang.org/x/net from 0.33.0 to 0.36.0 in /blueprints/cloud-operations/unmanaged-instances-healthcheck/function/restarter by @dependabot in #2953
• feat(artifact-registry): Add possibility to setup Docker common remote repository configuration by @anthonyhaussman in #2952
• Update GKE addons and features by @juliocc in #2956
• cloudsql: Align replica attributes to primary instance by @wiktorn in #2960
• Adding enterprise_config -> desired_tier feature to GKE autopilot and… by @fpreli in #2962
• Fix broken upgrades of TF provider for routes by @wiktorn in #2964
• Revert "Fix broken upgrades of TF provider for routes" by @wiktorn in #2965
• Add custom routes for directpath to net-vpc module by @ludoo in #2966
• Allow to specify function egress settings without using a VPC connector by @LucaPrete in #2967
• Add transparent proxy example and e2e test to net-swp module by @wiktorn in #2968
• Bump golang.org/x/net from 0.33.0 to 0.36.0 in /blueprints/cloud-operations/unmanaged-instances-healthcheck/function/healthchecker by @dependabot in #2969
• Bump google.golang.org/protobuf from 1.28.1 to 1.33.0 in /blueprints/cloud-operations/unmanaged-instances-healthcheck/function/healthchecker by @dependabot in #2970
• Bump google.golang.org/grpc from 1.53.0 to 1.56.3 in /blueprints/cloud-operations/unmanaged-instances-healthcheck/function/healthchecker by @dependabot in #2971
• Add support for any ports to net-lb-app modules by @wiktorn in #2973
• Fix push subscription in pubsub module by @simonebruzzechesse in #2974
• Add dependency on VPC-SC resources to project factory by @LFicteam in #2981

New Contributors

• @c-jason-kim made their first contribution in #2923
• @Ameausoone made their first contribution in #2927
• @ggalloro made their first contribution in #2931
• @Alhossril made their first contribution in #2938
• @fpreli made their first contribution in #2962
• @LFicteam made their first contribution in #2981

Full Changelog: v38.0.0...v38.1.0

v38.0.0

FAST Upgrading Notes

• the moved/v37.4.0-v38.0.0.tf file can be used in the resource management stage to move several changed resources, link or copy it in the stage before applying the new version
• the project factory service accounts and buckets have been renamed, move project factory state to a local file before running the updated resource management, then restart project factory from local state with the new provider

Breaking Changes

• modules/vpc-sc: Referencing ingress/egress policies that are not defined results in an error (previously, undefined directional policies were silently ignored) [#2909]
• modules/project-factory: The automation.buckets attribute has been changed to automation.bucket and support for multiple state buckets has been dropped. Save your state to a local file for any automation-enabled project before applying changes in the project factory. [#2914]
• modules/project: Move input variable service_agents_config.services_enabled to project_reuse.project_attributes.services_enabled [#2900]
• fast/stages/0-boostrap: Enabled restrictProtocolForwardingCreationForTypes organization policy to internal only by default [#2884]
• fast/stages/0-boostrap/data/org-policies-managed: New set of org policies using managed constraints [#2884]
• fast/stages/0-boostrap: If you use var.org_policies_config.constraints.allowed_policy_member_domains or var.org_policies_config.constraints.allowed_policy_member_domains, move their values to a YAML file under bootstrap's org policy factory. [#2878]

What's Changed

• Flexible stage 2s in FAST resource manager by @ludoo in #2840
• Support mulitple universes in bootstrap by @juliocc in #2851
• Allow addons to any flex stage 2 by @juliocc in #2853
• Expose custom constraint factory in bootstrap by @juliocc in #2854
• Workflow fix by @karpok78 in #2864
• Add bucket IAM policy read by @karpok78 in #2872
• New FAST stages diagram by @ludoo in #2875
• Move DRS and essential contact domains to factory by @juliocc in #2878
• Add new set of org policies with managed constraints to FAST bootstrap by @juliocc in #2884
• Add restrictProtocolForwardingCreationForTypes to FAST import policies by @juliocc in #2888
• Address DNS issues with googleapis RPZ and forwarding by @ludoo in #2891
• Update VPC-SC module and FAST stage by @juliocc in #2887
• Add universe support to iam-service-account by @juliocc in #2892
• Add support for project-level log sinks to FAST stage 0 by @ludoo in #2893
• Make service agents work in different universes by @juliocc in #2894
• FAST project templates example by @ludoo in #2897
• Project factory additions, project module reuse implementation by @ludoo in #2899
• New SecOps anonymization pipeline by @simonebruzzechesse in #2794
• Allow passing explicit regions in net test addon subnets by @ludoo in #2902
• Fix default compute.restrictProtocolForwardingCreationForTypes value by @juliocc in #2904
• Update default FAST org policies by @juliocc in #2906
• Add ability to refer to other project service accounts in Project Factory by @wiktorn in #2900
• Add provider output files to project factory stage, single automation bucket in module by @ludoo in #2914
• Add title to VPC-SC directional policies by @juliocc in #2909
• Add error messages for failing interpolations in project-factory by @wiktorn in #2917

New Contributors

• @karpok78 made their first contribution in #2864

Full Changelog: v37.4.0...v38.0.0

v37.4.0

Breaking changes in this release:

• modules/workstation-cluster: Changed the interface for configuration timeouts to object, timeouts are now specified as numbers. [#2911]
• modules/cloudsql-instance: Changed the name of the var.ssl.ssl_mode attribute to var.ssl.mode. [#2910]
• modules/iam-service-account: Removed service account key generation functionality [#2907]
• modules/net-lb-app-ext: Adds the two missing fields for locality_lb_policy and locality_lb_policies with field and block set, validation for both and tests. [#2898]

What's Changed

• Add support for locality policies to net-lb-app-ext module by @jacklever-hub24 in #2898
• Add CA chain output to CAS module by @ludoo in #2901
• Increase the default complexity of Cloud SQL DB passwords by @lyricnz in #2886
• Remove Service Account key generation by @wiktorn in #2907
• Add breaking changes to changelog by @juliocc in #2908
• Add ssl_mode support to cloudsql-instance replicas by @sruffilli in #2910
• Add support for max workstations, refactor timeouts in workstation-cluster module by @ludoo in #2911
• Add generated_id backends output to net-lb-app-ext by @danistrebel in #2913
• Fix dns_keys output in dns module by @nathou in #2915
• Add support for custom error response policies to net_lb_app_ext module by @peter-norton in #2916

New Contributors

• @jacklever-hub24 made their first contribution in #2898
• @peter-norton made their first contribution in #2916

Full Changelog: v37.3.0...v37.4.0

v37.3.0

What's Changed

• Fix ipv6 and align loadbalancer address types by @wiktorn in #2883

Full Changelog: v37.2.0...v37.3.0

v37.2.0

This release addresses several fixes and new features in modules.

What's Changed

• Refactor data catalog tag template module by @ludoo in #2842
• Support project creation in different universes by @juliocc in #2848
• Allow universe-bound projects to exclude services by @juliocc in #2852
• Add cAdvisor Metrics to Autopilot/Standard GKE Cluster by @HeiglAnna in #2841
• Add support for advanced machine features to compute-vm by @ludoo in #2855
• Deprecate composer-2 blueprint by @wiktorn in #2863
• update docs: clarify 0-bootstrap.auto.tfvars creation and outputs_loc… by @ZoranBatman in #2862
• Disable E2E test for direct VPC Egress by @wiktorn in #2867
• Expose org policy parameters by @juliocc in #2869
• Add dependency for compute-vm schedule by @wiktorn in #2870
• Fix KMS E2E tests by @wiktorn in #2871
• Add note about the use of n-stagename/moved/ files during upgrade by @lyricnz in #2874
• Add context to organization policy factories by @juliocc in #2876
• Address outstanding load balancer FRs by @ludoo in #2879

New Contributors

• @HeiglAnna made their first contribution in #2841
• @ZoranBatman made their first contribution in #2862

Full Changelog: v37.1.0...v37.2.0

v37.1.0

This release reverts a breaking change to the FAST project factory introduced in v37.0.0.

What's Changed

• Revert "Allow multiple stage-2 project factories" by @ludoo in #2839

Full Changelog: v37.0.0...v37.1.0

v37.0.0

Please be advised this release has a FAST incompatibility and a breaking bug to FAST stage 1 CI/CD support. Use v37.1.0 instead. We will reintroduce a similar change to the project factory in the next major version.

What's Changed

• Leverage environments for folder and project creation in FAST resman and security by @ludoo in #2787
• Add optional support for fw policies via new vpc_configs variable, refactor factories variable in net stages by @ludoo in #2801
• Implement FAST stage add-ons, refactor netsec as add-on by @ludoo in #2800
• Small fixes and improvements to FAST netsec/net by @ludoo in #2810
• feat: restructure how var files are provided to workflow templates by @Liam-Johnston in #2813
• [FAST] Add missing permission to ngfwEnterprise org by @LucaPrete in #2815
• Fix permadiff in stage 0 vpc-sc service account, add schemas to hierarchical policy YAML files by @ludoo in #2817
• Top level folder factory support for automation SA IAM by @sruffilli in #2818
• Do not create service agent resources in project module for services not explicitly enabled by @ludoo in #2820
• FAST SWP networking add-on, refactor CAS module interface by @ludoo in #2821
• Update service activation in ngfw add-on by @ludoo in #2823
• FAST add-on for networking test resources by @ludoo in #2825
• Fix stage 1 addons provider outputs by @juliocc in #2826
• Small fix to net test add-on context expansion by @ludoo in #2828
• Allow networking stage to be disabled by @juliocc in #2831
• Allow multiple stage-2 project factories by @juliocc in #2834
• Interpolate SAs in tag-level iam by @juliocc in #2836

New Contributors

• @Liam-Johnston made their first contribution in #2813

Full Changelog: v36.2.0...v37.0.0

v36.2.0

Point release just before releasing v37.0.0

What's Changed

• Simplify versions tf and update FAST workflows by @juliocc in #2812
• Add iam_by_principals_additive to project, organization and folder modules by @juliocc in #2814
• Update logging_data_access type by @juliocc in #2816
• modules/compute-vm end-to-end tests and fixes by @wiktorn in #2819
• feat(certificate-manager): add dns_authorizations output by @frits-v in #2830
• Add bucket_create to modules/gcs by @juliocc in #2827
• fix(certificate-manager): reference dns_authz by fully qualified id by @frits-v in #2833
• Update module metadata format and prep v36.2.0 by @juliocc in #2837

Full Changelog: v36.1.0...v36.2.0

v37.0.0-rc2

This release fixes some minor issues in the previous release candidate, and expands on FAST support for add-ons.

FAST

• [#2821] FAST SWP networking add-on, refactor CAS module interface (ludoo)
• [#2818] Top level folder factory support for automation SA IAM (sruffilli)
• [#2817] Fix permadiff in stage 0 vpc-sc service account, add schemas to hierarchical policy YAML files (ludoo)
• [#2815] [FAST] Add missing permission to ngfwEnterprise org (LucaPrete)
• [#2813] feat: restructure how var files are provided to workflow templates (Liam-Johnston)
• [#2810] Small fixes and improvements to FAST netsec/net (ludoo)
• [#2800] Implement FAST stage add-ons, refactor netsec as add-on (ludoo)
• [#2801] Add optional support for fw policies via new vpc_configs variable, refactor factories variable in net stages (ludoo)
• [#2787] Leverage environments for folder and project creation in FAST resman and security (ludoo)

MODULES

• [#2821] incompatible change: FAST SWP networking add-on, refactor CAS module interface (ludoo)
• [#2820] incompatible change: Do not create service agent resources in project module for services not explicitly enabled (ludoo)

v37.0.0-rc1

This is a preview of the upcoming v37.0.0 release, containing breaking changes to FAST.

• [#2800] Implement FAST stage add-ons, refactor netsec as add-on (ludoo)
• [#2801] Add optional support for fw policies via new vpc_configs variable, refactor factories variable in net stages (ludoo)
• [#2787] Leverage environments for folder and project creation in FAST resman and security (ludoo)