v37.1.0

This release reverts a breaking change to the FAST project factory introduced in v37.0.0.

What's Changed

• Revert "Allow multiple stage-2 project factories" by @ludoo in #2839

Full Changelog: v37.0.0...v37.1.0

v37.0.0

Please be advised this release has a FAST incompatibility and a breaking bug to FAST stage 1 CI/CD support. Use v37.1.0 instead. We will reintroduce a similar change to the project factory in the next major version.

What's Changed

• Leverage environments for folder and project creation in FAST resman and security by @ludoo in #2787
• Add optional support for fw policies via new vpc_configs variable, refactor factories variable in net stages by @ludoo in #2801
• Implement FAST stage add-ons, refactor netsec as add-on by @ludoo in #2800
• Small fixes and improvements to FAST netsec/net by @ludoo in #2810
• feat: restructure how var files are provided to workflow templates by @Liam-Johnston in #2813
• [FAST] Add missing permission to ngfwEnterprise org by @LucaPrete in #2815
• Fix permadiff in stage 0 vpc-sc service account, add schemas to hierarchical policy YAML files by @ludoo in #2817
• Top level folder factory support for automation SA IAM by @sruffilli in #2818
• Do not create service agent resources in project module for services not explicitly enabled by @ludoo in #2820
• FAST SWP networking add-on, refactor CAS module interface by @ludoo in #2821
• Update service activation in ngfw add-on by @ludoo in #2823
• FAST add-on for networking test resources by @ludoo in #2825
• Fix stage 1 addons provider outputs by @juliocc in #2826
• Small fix to net test add-on context expansion by @ludoo in #2828
• Allow networking stage to be disabled by @juliocc in #2831
• Allow multiple stage-2 project factories by @juliocc in #2834
• Interpolate SAs in tag-level iam by @juliocc in #2836

New Contributors

• @Liam-Johnston made their first contribution in #2813

Full Changelog: v36.2.0...v37.0.0

v36.2.0

Point release just before releasing v37.0.0

What's Changed

• Simplify versions tf and update FAST workflows by @juliocc in #2812
• Add iam_by_principals_additive to project, organization and folder modules by @juliocc in #2814
• Update logging_data_access type by @juliocc in #2816
• modules/compute-vm end-to-end tests and fixes by @wiktorn in #2819
• feat(certificate-manager): add dns_authorizations output by @frits-v in #2830
• Add bucket_create to modules/gcs by @juliocc in #2827
• fix(certificate-manager): reference dns_authz by fully qualified id by @frits-v in #2833
• Update module metadata format and prep v36.2.0 by @juliocc in #2837

Full Changelog: v36.1.0...v36.2.0

v37.0.0-rc2

This release fixes some minor issues in the previous release candidate, and expands on FAST support for add-ons.

FAST

• [#2821] FAST SWP networking add-on, refactor CAS module interface (ludoo)
• [#2818] Top level folder factory support for automation SA IAM (sruffilli)
• [#2817] Fix permadiff in stage 0 vpc-sc service account, add schemas to hierarchical policy YAML files (ludoo)
• [#2815] [FAST] Add missing permission to ngfwEnterprise org (LucaPrete)
• [#2813] feat: restructure how var files are provided to workflow templates (Liam-Johnston)
• [#2810] Small fixes and improvements to FAST netsec/net (ludoo)
• [#2800] Implement FAST stage add-ons, refactor netsec as add-on (ludoo)
• [#2801] Add optional support for fw policies via new vpc_configs variable, refactor factories variable in net stages (ludoo)
• [#2787] Leverage environments for folder and project creation in FAST resman and security (ludoo)

MODULES

• [#2821] incompatible change: FAST SWP networking add-on, refactor CAS module interface (ludoo)
• [#2820] incompatible change: Do not create service agent resources in project module for services not explicitly enabled (ludoo)

v37.0.0-rc1

This is a preview of the upcoming v37.0.0 release, containing breaking changes to FAST.

• [#2800] Implement FAST stage add-ons, refactor netsec as add-on (ludoo)
• [#2801] Add optional support for fw policies via new vpc_configs variable, refactor factories variable in net stages (ludoo)
• [#2787] Leverage environments for folder and project creation in FAST resman and security (ludoo)

v36.1.0

This release will be shortly followed by a release candidate for v37.0.0 containing the FAST changes, as has become our custom.

What's Changed

• Updating yaml naming in prod subnet folder to match other lifecycles by @mtndrew404 in #2733
• SWP module refactor by @ludoo in #2737
• Add basename to SWP policy rules factory by @LucaPrete in #2739
• Support switchover in alloydb module by @simonebruzzechesse in #2738
• Allow override of GKE Nodepool SA Display Name by @robrankin in #2734
• Add support for secret manager config to gke cluster modules by @ludoo in #2741
• Fix parent id lookup for networking and security in resource management stage by @ludoo in #2744
• Add optional automated MD5 generation to net-vlan-attachment module by @LucaPrete in #2745
• Bump path-to-regexp and express in /blueprints/gke/binauthz/image by @dependabot in #2749
• Add ability to autogenerate md5 keys in net-vpn-ha by @LucaPrete in #2748
• Bump path-to-regexp and express in /blueprints/apigee/apigee-x-foundations/functions/instance-monitor by @dependabot in #2752
• Add support for routing mode to net-swp module by @ludoo in #2751
• remove default location in tag value - cloud-run-v2 tags.tf by @Mattible in #2755
• Add path_template_match and path_template_rewrite support to net-lb-app-ext by @rosmo in #2718
• Add disk encyption key to the google_compute_instance_template - Sovereign support by @rune92 in #2750
• Add support for password validation policy to cloudsql module by @ludoo in #2740
• Add confidential compute support to google_dataproc_cluster module, bump provider versions by @steenblik in #2736
• Update net-vlan-attachment module readme by @LucaPrete in #2757
• Ignore ssl certificates if none are passed in net-lb-app-int module by @ludoo in #2764
• Refactor GKE cluster modules access configurations, add support for DNS endpoint by @ludoo in #2761
• Update issue templates by @juliocc in #2765
• Allow optional creation of billing resources in FAST boostrap stage by @ludoo in #2766
• Fix workspace logs sink in FAST bootstrap stage by @ludoo in #2767
• Support customizable resource names in FAST stage 0 by @ludoo in #2768
• Support customizable resource names to fast stage 1 by @ludoo in #2769
• Use separate versions.tofu for OpenTofu constraints by @wiktorn in #2771
• Fix for perma-diff when using PSC NEGs. by @wiktorn in #2772
• [FAST] Remove unused stage 1 CICD variables by @LucaPrete in #2774
• New BindPlane OP Management console on GKE SecOps blueprint by @simonebruzzechesse in #2721
• Add support for log views and log scopes by @juliocc in #2776
• Document tag_bindings definition as map(string) by @juliocc in #2777
• Fix failing tests for OpenTofu by @wiktorn in #2778
• Fix handling of SSL certificates in external load balancer modules by @rodriguezsergio in #2780
• Fix bindplane cos module by @simonebruzzechesse in #2781
• Update net-lb-app-ext security_settings variables by @wenzizone in #2783
• Fix validation message in cas module by @ludoo in #2784
• Make PSA connection more robust by @wiktorn in #2786
• Fix cycle in the autopilot-cluster blueprint by @wiktorn in #2790
• Fabric e2e fixes by @juliocc in #2791
• fix non-empty plan after apply for vertex mlops by @wiktorn in #2792
• Add docker image tag to bindplane config variable by @simonebruzzechesse in #2796
• ADR proposal for FAST add-on stages by @ludoo in #2798
• Add Alerts, Logging, Channels Factories by @joshw123 in #2758
• Added BGP priority variable for dedicated interconnect because it was… by @apichick in #2802
• New tool versions.py to manage versions.tf/tofu by @juliocc in #2803
• Bump golang.org/x/net from 0.23.0 to 0.33.0 in /blueprints/cloud-operations/unmanaged-instances-healthcheck/function/restarter by @dependabot in #2807
• ASN should be optional in router_config variable as it is not necessa… by @apichick in #2806
• Add intercepting sinks to the organization and folder modules by @rshokati2 in #2799
• Bump golang.org/x/net from 0.23.0 to 0.33.0 in /blueprints/cloud-operations/unmanaged-instances-healthcheck/function/healthchecker by @dependabot in #2808

New Contributors

• @mtndrew404 made their first contribution in #2733
• @Mattible made their first contribution in #2755
• @rune92 made their first contribution in #2750
• @rodriguezsergio made their first contribution in #2780
• @wenzizone made their first contribution in #2783
• @rshokati2 made their first contribution in #2799

Full Changelog: v36.0.1...v36.1.0

v36.0.1

This release fixes an issue in FAST when using an organization-managed billing account, which was introduced in v36.0.0.

What's Changed

• Run tests and linting when pushing to master or fast-dev by @juliocc in #2730
• Add missing role to FAST stage 0 org-level delegated IAM grants by @ludoo in #2731

Full Changelog: v36.0.0...v36.0.1

v36.0.0

What's Changed

• Extend tests to fast-dev by @ludoo in #2646
• Refactor of FAST resource management and subsequent stages by @ludoo in #2648
• Final fixes for v36.0.0-rc1 by @ludoo in #2652
• Fix permadiff in bootstrap IAM by @ludoo in #2656
• Refactor changelog for the new release process by @ludoo in #2660
• Add missing roles to project factory ro SA in stage 1 by @ludoo in #2683
• Add missing billing roles to project factory ro SA in stage 1 by @ludoo in #2685
• Streamline environments variable across stages by @ludoo in #2688
• Make project iam viewer name consistent with GCP naming by @juliocc in #2694
• Unify usage of top level folders short_name by @juliocc in #2693
• Remove REGIONAL/MULTI_REGIONAL buckets from FAST by @juliocc in #2697
• Allow disabling network security stage by @juliocc in #2701
• Expose factories_config for resman top level folders by @juliocc in #2707
• Remove stale resman validation by @juliocc in #2714

Full Changelog: v35.1.0...v36.0.0

v35.1.0

What's Changed

• Add required enabled field introduced in Terraform version 5.41.0 by @jacobmammoliti in #2653
• fix Vertex-ML-Ops e2e tests by @wiktorn in #2631
• Migrate blueprints/data-solutions/vertex-mlops to google_workbench_instance by @wiktorn in #2632
• Fix Vertex MLOps blueprint by @wiktorn in #2659
• Update service agents spec by @juliocc in #2658
• New SecOps blueprints section and SecOps GKE Forwarder by @simonebruzzechesse in #2514
• add enable_object_retention argument by @kejti23 in #2657
• Update SWP by @LucaPrete in #2666
• SWP: remove condition from addresses variable and make it null by default by @LucaPrete in #2668
• Additional examples for Cloud Run and Cloud SQL by @wiktorn in #2669
• Fix the location of the GCS and NFS attributes by @wintermi in #2670
• bump modules/README github tag reference by @kaue in #2673
• Fix "inconsistent conditional result types" error in modules/vpc-sc by @joelvoss in #2676
• Swap groups_iam/iam_group for iam_by_principals in bootstrap README by @robrankin in #2680
• Keeping my contributor status :) by @drebes in #2681
• Add support for service account in pubsub module bigquery subscriptions by @ludoo in #2682
• Fix gcs & NFS mounts for cloud-run-v2 service by @wiktorn in #2686
• Fix initial user on secondary cluster issue by @simonebruzzechesse in #2687
• Fix examples for GCS mount by @wiktorn in #2692
• Fix E2E tests by @wiktorn in #2699
• Fix non-empty plan after mixing CloudSQL with other mounts by @wiktorn in #2700
• Move direct vpc out of BETA by @wiktorn in #2702
• Added outputs to apigee-x-foundations blueprint (instances and lbs) by @apichick in #2704
• Add Automation Service Accounts Output by @joshw123 in #2640
• Added outputs to apigee-x-foundations blueprint (PSC NEGs) by @apichick in #2705
• Allow providing network for Direct VPC access by @wiktorn in #2711
• Add hierarchical namespace support to GCS module by @juliocc in #2712
• add GPU options to compute-vm module by @ooshrioo in #2689
• Allow setting GCS location default/override in project factory by @ludoo in #2715
• Change tfdoc pre-commit hook script to use while read by @rosmo in #2717
• Add location to cert-manager issuance config and fix issuance config reference by @LucaPrete in #2720
• Add support for workload_metadata_config in Standard GKE clusters by @Tirthankar17 in #2716
• Fix not setting user defined password by @wiktorn in #2723
• Allow factory files to be empty by @LucaPrete in #2719
• Added min_instances, max_instances, min_throughput and max_throughtpu… by @apichick in #2706
• Fix typo on maintenance config by @simonebruzzechesse in #2727
• enable_private_path_for_google_cloud_services added to CloudSQL by @fulyagonultas in #2726

New Contributors

• @jacobmammoliti made their first contribution in #2653
• @wintermi made their first contribution in #2670
• @kaue made their first contribution in #2673
• @joelvoss made their first contribution in #2676
• @robrankin made their first contribution in #2680
• @ooshrioo made their first contribution in #2689
• @Tirthankar17 made their first contribution in #2716

Full Changelog: v35.0.0...v35.1.0

v36.0.0-rc1

This release implements several breaking changes and new features in FAST. Please refer to the FAST stage1 documentation and the FAST upgrading instructions for more details.

Release contents:

• [#2649] Final fixes for v36.0.0-rc1 (ludoo)
• [#2648] incompatible change: Refactor of FAST resource management and subsequent stages (ludoo)