cloud-foundation-fabric

• incompatible change removed iam key from logging sink configuration in the project and organization modules
• remove GCS to BQ with Dataflow example, replace by GCS to BQ with least privileges
• the net-vpc and project modules now use the beta provider for shared VPC-related resources
• new iot-core module
• incompatible change the variables for host and service Shared VPCs have changed in the project module
• incompatible change the variable for service identities IAM has changed in the project factory
• add data-catalog-policy-tag module
• new workload identity federetion example
• new api-gateway module and example.
• incompatible change the psn_ranges variable has been renamed to psa_ranges in the net-vpc module and its type changed from list(string) to map(string)
• incompatible change removed iam flag for organization and folder level sinks
• incompatible change removed ingress_settings configuration option in the cloud-functions module.
• new m4ce VM example
• Support for resource management tags in the organization, folder, project, compute-vm, and kms modules

FAST

• new data platform stage 3
• new 02-networking-nva networking stage
• allow customizing the names of custom roles
• added environment and context resource management tags
• use resource management tags to restrict scope of roles/orgpolicy.policyAdmin
• use xpnServiceAdmin (custom role) for stage 3 service accounts that need to attach to a shared VPC
• simplify and standarize ourputs from each stage
• standarize names of projects, service accounts and buckets
• swtich to folder-level xpnAdmin and xpnServiceAdmin
• moved networking projects to folder matching their enviroments

New Contributors

• @eliamaldini made their first contribution in https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/413
• @srs2210 made their first contribution in https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/485
• @ajlopezn made their first contribution in https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/415
• @eeaton made their first contribution in https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/527
• @jwtracy made their first contribution in https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/555

Full Changelog: https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/compare/v13.0.0...v14.0.0

In this release

• initial Fabric Fast implementation
• new net-glb module for Global External Load balancer
• new project-factory module in examples/factories
• add missing service identity accounts (artifactregistry, composer) in project module
• new "Cloud Storage to Bigquery with Cloud Dataflow with least privileges" example
• support service dependencies for crypto key bindings in project module
• refactor project module in multiple files
• add support for per-file option overrides to tfdoc

• new repo structure. All end-to-end examples moved to the top level examples folder

Full Changelog: https://github.com/terraform-google-modules/cloud-foundation-fabric/compare/v11.2.0...v12.0.0

• fix net-vpc subnet factory bug preventing the use of yamls with different shapes

Full Changelog: https://github.com/terraform-google-modules/cloud-foundation-fabric/compare/v11.1.0...v11.2.0

In this release

• add support for additive IAM bindings to kms module

In this release:

• incompatible change remove location from gcs bucket names
• add support for interpolating access levels based on keys to the vpc-sc module

In this release

• remove lifecycle block from vpc sc perimeter resources

In this release

• fix cases where bridge perimeter status resources are null in vpc-sc module
• re-release 9.0.3 as a major release as it contains breaking changes
  • update hierarchical firewall resources to use the newer google_compute_firewall_* resources
  • incompatible change rename firewall_policy_attachments to firewall_policy_association in the organization and folder modules
  • incompatible change updated API for the net-vpc-sc module

• update hierarchical firewall resources to use the newer google_compute_firewall_* resources
• incompatible change rename firewall_policy_attachments to firewall_policy_association in the organization and folder modules
• incompatible change updated API for the net-vpc-sc module

Full Changelog: https://github.com/terraform-google-modules/cloud-foundation-fabric/compare/v9.0.2...v9.0.3

Fix the fix introduced in v9.0.1. :D

Ignore description changes in firewall policy rule to avoid permadiff, add factory example to folder module documentation.

In this release

• new cloud-run module
• added gVNIC support to compute-vm module
• added a rule factory to net-vpc-firewall module
• added a subnet factory to net-vpc module
• incompatible change added support for partitioned tables to organization module sinks
• incompatible change renamed private_service_networking_range variable to psc_ranges in net-vpcmodule, and changed its type to list(string)
• added a firewall policy factory to organization module
• refactored tfdoc
• added support for metric scopes to the project module

Release Highlights

• added support for GCS notifications in gcs module
• added new skip_delete variable to compute-vm module
• incompatible change all modules and examples now require Terraform >= 1.0.0 and Google provider >= 4.0.0

What's Changed

• Added GCS notification support by @caiotavaresdito in https://github.com/terraform-google-modules/cloud-foundation-fabric/pull/335
• Update CHANGELOG.md by @caiotavaresdito in https://github.com/terraform-google-modules/cloud-foundation-fabric/pull/338
• Feature/GitHub actions by @caiotavaresdito in https://github.com/terraform-google-modules/cloud-foundation-fabric/pull/343
• add colors to pytest output by @juliocc in https://github.com/terraform-google-modules/cloud-foundation-fabric/pull/345
• Project module support for skip_delete flag on google_project resource by @christopher-avila-ditoweb in https://github.com/terraform-google-modules/cloud-foundation-fabric/pull/352
• Fix SA IAM dynamic interpolation by @drebes in https://github.com/terraform-google-modules/cloud-foundation-fabric/pull/353
• Use the same versions file everywhere, pin to tf 1.0+ provider 4.0+ by @ludoo in https://github.com/terraform-google-modules/cloud-foundation-fabric/pull/355

New Contributors

• @christopher-avila-ditoweb made their first contribution in https://github.com/terraform-google-modules/cloud-foundation-fabric/pull/352

Full Changelog: https://github.com/terraform-google-modules/cloud-foundation-fabric/compare/v7.0.0...v8.0.0

In this release:

• new cloud operations example showing how to deploy infrastructure for Compute Engine image builder based on Hashicorp Packer
• incompatible change the format of the records variable in the dns module has changed, to better support dynamic values
• new naming-convention module
• new cloudsql-instance module
• added support for website to gcs module, and removed auto-set labels
• new factories top-level folder with initial subnets, firewall-hierarchical-policies, firewall-vpc-rules and example-environments examples
• added new description variable to compute-vm module
• added support for L7 ILB subnets to net-vpc module
• added support to override default description in compute-vm
• added support for backup retention count in cloudsql-instance
• added new description variable to cloud-function module
• added new description variable to bigquery-dataset module
• added new description variable to iam-service-account module
• incompatible change fix deprecated message from gke-nodepool, change your workload_metadata_config to correct values (GCE_METADATA or GKE_METADATA)
• incompatible change changed maintenance window definition from maintenance_start_time to maintenance_config in gke-cluster
• added monitoring_config,logging_config, dns_config and enable_l4_ilb_subsetting to gke-cluster

In this release

• new apigee-organization and apigee-x-instance
• generate email and iam_email statically in the iam-service-account module
• new billing-budget module
• fix scheduled-asset-inventory-export-bq module
• output custom role information from the organization module
• enable multiple vpc-sc perimeters over multiple modules
• new cloud operations example showing how to restrict service usage using delegated role grants
• incompatible change multiple instance support has been removed from the compute-vm module, to bring its interface in line with other modules and enable simple use of for_each at the module level; its variables have also slightly changed (attached_disks, boot_disk_delete, crate_template, zone)
• incompatible change dropped the admin_ranges_enabled variable in net-vpc-firewall. Set admin_ranges = [] to get the same effect
• added the named_ranges variable to net-vpc-firewall

• add support for lifecycle_rule in gcs module
• create pubsub service identity if service is enabled
• support for creation of GKE Autopilot clusters
• add support for CMEK keys in Data Foundation end to end example
• add support for VPC-SC perimeters in Data Foundation end to end example
• fix vpc-sc module
• new networking example showing how to use Private Service Connect to call a Cloud Function from on-premises
• new networking example showing how to organize decentralized firewall management on GCP

In this release

• Fix message_retention_duration variable type in pubsub module
• Move bq robot service account into the robot service account project output
• Add IAM cryptDecrypt role to robot service account on specified keys
• Add Service Identity creation on project module if secretmanager enabled
• add Data Foundation end to end example

In this release

• incompatible change updated resource name for google_dns_policy on the net-vpc module
• added support for VPC-SC Ingress Egress policies on the vpc-sc module
• update CI to Terraform 0.15 and fix minor incompatibilities
• add deletion_protection to the bigquery-dataset module
• add support for dataplane v2 to GKE cluster module
• add BGP peer outputs to HA VPN module

In this release

• added support for CORS to the gcs module
• make cluster creation optional in the Shared VPC example
• make service account creation optional in iam-service-account module
• new third-party-solutions top-level folder with initial openshift example
• added support for DNS Policies to the net-vpc module

• incompatible change add support for master_global_access_config block in gke-cluster module
• add support for group-based IAM to resource management modules
• add support for private service connect