cloud-foundation-fabric

In this release

• incompatible change support one group per zone in the compute-vm module
  the group output is now renamed to groups

In this release

• incompatible change logging sinks now create non-authoritative bindings when iam=true
• fixed IAM bindings for module bigquery not specifying project_id
• remove device_policy from vpc_sc module as it requires BeyondCorp Enterprise Premium
• allow using unsuffixed name in compute_vm module

This release fixes an issue in the dns module, where it was not possible to create private zones exposed to no networks.

In this release

• new logging-bucket module to create Cloud Logging Buckets
• add support to create logging sinks using logging buckets as the destination
• incompatible change extended logging sinks to support per-sink exclusions
• new net-vpc-firewall-yaml module
• add support for regions, device policy and access policy dependency to vpc-sc module
• add support for joining VPC-SC perimeters in project module
• add userinfo.email to default scopes in compute-vm module

Fix modules versions to avoid incompatibility errors.

In this release

• depend specific org module resources (eg policies) from IAM bindings
• set version for google-beta provider in project module

In this release

• new filtering_proxy networking example
• add support for a second region in the onprem networking example
• dd support for per-tunnel router to VPN HA and VPN dynamic modules
• incompatible change the attached_disks variable type has changed in the compute-vm module, to add support for regional persistent disks, and attaching existing disks to instances / templates
• the hub and spoke via peering example now supports project creation, resource prefix, and GKE peering configuration
• make the project_id output from the project module non-dynamic. This means you can use this output as a key for map fed into a for_each (for example, as a key for iam_project_bindings in the iam-service-accounts module)
• add support for essential contacts in the in the project, folder and organization modules

In this release

• new DNS for Shared VPC example
• incompatible change removed the logging-sinks module. Logging sinks can now be created the logging_sinks variable in the in the project, folder and organization modules
• add support for creating logging exclusions in the project, folder and organization modules
• add support for Confidential Compute to compute-vm module
• add support for handling IAM policy (bindings, audit config) as fully authoritative in the organization module

• incompatible change the org_id variable and output in the vpc-sc module have been renamed to organization_id, the variable now accepts values in organizations/nnnnnnnn format
• incompatible change the forwarders variable in the dns module has a different type, to support specifying forwarding path
• add support for MTU in net-vpc module
• incompatible change access variables have been renamed in the bigquery-dataset module
• add support for IAM to the bigquery-dataset module
• fix default OAuth scopes in gke-nodepool module
• add support for hierarchical firewalls to the folder and organization modules
• incompatible change the org_id variable and output in the organization module have been renamed to organization_id, the variable now accepts values in organizations/nnnnnnnn format

In this release

• incompatible change rename prefix for node configuration variables in gke-nodepool module [#156]
• add support for internally managed service account in gke-nodepool module [#156]
• made examples in READMEs runnable and testable [#157]
• incompatible change iam_additive is now keyed by role to be more resilient with dynamic values, a new iam_additive_members variable has been added for backwards compatibility.
• add support for node taints in gke-nodepool module
• add support for CMEK in gke-nodepool module

This is a major refactor adding support for Terraform 0.13 features

• incompatible change minimum required terraform version is now 0.13.0
• incompatible change folders module renamed to folder
• incompatible change iam-service-accounts module renamed to iam-service-account
• incompatible change all iam_roles and iam_member variables merged into a single iam variable. This change affects most modules
• incompatible change modules like folder, gcs, iam-service-account now create a single resource. Use for_each at the module level if you need multiple instances
• added basic variable validations to some modules

In this release

• end to end example for scheduled Cloud Asset Inventory export to Bigquery
• decouple Cloud Run from Istio in GKE cluster module
• depend views on tables in bigquery dataset module
• bring back logging options for firewall rules in net-vpc-firewall module
• removed interpolation-only expressions causing terraform warnings
• incompatible change simplify alias IP specification in compute-vm. We now use a map (alias range name to list of IPs) instead of a list of maps.
• allow using alias IPs with instance_count in compute-vm
• add support for virtual displays in compute-vm
• add examples of alias IPs in compute-vm module
• fix support for creating disks from images in compute-vm
• allow creating single-sided peerings in net-vpc and net-vpc-peering
• use service project registration to Shared VPC in GKE example to remove need for two-step apply

In this release

• add support for logging and better type for the retention_policies variable in gcs module
• incompatible change deprecate bucket_policy_only in favor of uniform_bucket_level_access in gcs module
• incompatible change allow project module to configure itself as both shared VPC service and host project

In this release

• remove extra readers in gcs-to-bq-with-dataflow example (issue: 128)
• make VPC creation optional in net-vpc module to allow managing a pre-existing VPC
• make HA VPN gateway creation optional in net-vpn-ha module
• add retention_policy in gcs module
• refactor net-address module variables, and add support for internal address purpose

In this release

• incompatible change add alias IP support in cloud-vm module
• add tests for data-solutions examples
• fix apply errors on dynamic resources in dataflow example
• make zone creation optional in dns module
• new quota-monitoring end-to-end example in cloud-operations

This release is a bugfix in the project module.

This release adds support for specifying a different project id for the peering configuration in the GKE module. It's an incompatible change, since peering_config.project_id now needs to be set when using peering_config, a null value is acceptable and will fallback to the previous behaviour of using the project_id variable for the peering.

In this release

• incompatible change the top-level infrastructure folder has been renamed to networking
• add end-to-end example for ILB as next hop
• add basic tests for foundations and networking end-to-end examples
• fix Shared VPC end-to-end example and documentation

In this release

• new end-to-end example on DNS granular IAM via Service Directory
• add missing dependency on IAM roles to feed id output in pubsub module

In this release

• fix provider issue in bigquery module