4.0.0 (2024-01-10)
- Add support for Log Analytics and Remove BigQuery log destination (#1025)
- Enable CMEK for Terraform state buckets (#1030)
- Network Refactoring (#991)
- deps: update terraform terraform-google-modules/network/google to v7 (#956)
- add assured workload example (#934) (be568ab)
- add instructions for deployment using GitHub Actions (#955) (56450bd)
- add instructions for deployment using GitLab pipelines (#1047) (0805878)
- add support for fine grained configuration of VPC-flow logs (#1035) (ee3a1d8)
- Add support for Log Analytics and Remove BigQuery log destination (#1025) (25c61c4)
- Add support to proxy-only subnetworks and new IP CIDR allocation (#1040) (79b217e)
- CAI Monitoring Cloud Function (#1015) (141f067)
- change budget alerts to alarm by forecast (#1037) (8a4c106)
- Change old firewall to new network-firewall (#1041) (f2469c1)
- create projects for KMS resources (#1032) (f16e805)
- create subfolders for business units in 4-projects step (#1039) (06084be)
- deps: Expand Terraform Google Provider to v5 (major) (#1004) (511f5cb)
- deps: Update Terraform google to v5 (#1059) (87f3832)
- Enable CMEK for Terraform state buckets (#1030) (63906d8)
- Firewall policy rule with resource manager tag (#1005) (a92e31b)
- implementing terraform cloud deploy with agents (#1034) (2c96a2f)
- make sed and find commands portable between Linux (GNU) and Mac OS (BSD) (#1043) (62e8c23)
- Network Refactoring (#991) (5f698ed)
- Remove "compute.disableGuestAttributesAccess" org policy (#1019) (9fac80f)
- update tf-wrapper.sh script to deal with generic folder hierarchy (#992) (4d7e822)
- add cloud build bucket location (#921) (cf3f117)
- add VPC Flow logs exceptions for REGIONAL_MANAGED_PROXY and INTERNAL_HTTPS_LOAD_BALANCER (#976) (dd4ff91)
- alternative deployment methods minor issues fix (#1065) (e09d174)
- change priority of 'allow-google-apis' firewall rules to prevent collision with the deny all rule (#972) (7205518)
- CI: bump request_timeout for 1-org (#1070) (336487b)
- correct terraform required_version for optional (#1003) (5ef089c)
- deps: update terraform terraform-google-modules/network/google to v7 (#956) (2f54ad6)
- Fix missing Terraform module attribution (#973) (d1d2973)
- replace text example of private key with an image in the jenkins readme (#1027) (325785c)
- set the build timeout for the build that creates the Terraform and gcloud image to 20 minutes (#1071) (7f5ce28)
3.0.0 (2022-12-16)
- use random_project_id_length (#891)
- remove unused variables in network-dual-svpc/shared (#853)
- bump min TF version to 1.3.0 and use optionals (#831)
- use remote state to read data from previous steps (#782)
- Configure bring your own service account in bootstrap (#777)
- add granular service accounts (#724)
- deps: update terraform null to v3 (#750)
- use branch main for the gcp-policies repository and use controller for Jenkins master (#738)
- split network step (#735)
- add granular service accounts (#724) (4c84d80)
- add optional groups creation (#757) (5d9f867)
- Add support for new organization policies (#863) (9c17c13)
- Add support for tags (#829) (a0604b3)
- Bring your on Service Account for the App Infra Pipeline (#824) (0d6be42)
- bump min TF version to 1.3.0 and use optionals (#831) (6207113)
- Configure bring your own service account in bootstrap (#777) (015fe3d)
- Create a workspace for 0-bootstrap (#866) (6e9c575)
- Create base environment module for step 4-projects (#669) (7a533bf)
- default configuration for VPC-SC should have all supported services (#864) (a496744)
- deps: update terraform null to v3 (#750) (b2e8bfc)
- Enable Essential Contacts (#783) (86fcb2a)
- Feature/private service connect module (#722) (b3b9145)
- ingress egress support for vpc sc (#784) (c6f12e2)
- Inline App Infra Pipeline
sa_roles(#867) (33a6619) - Modularize logging components (#781) (a1d636e)
- new org policies (#791) (878da45)
- Refactor/centralized network variable (#665) (cdb97bf)
- remove default SA editor role from Seed and CICD projects (#896) (465d3dd)
- Remove redundant optional firewall rules (#647) (6e17729)
- split network step (#735) (512430b)
- update 3-networks to support TPG 4 and other updates (#733) (d940f6e)
- update document and script to use gcloud beta terraform vet (#729) (d1a56d4)
- use branch main for the gcp-policies repository and use controller for Jenkins master (#738) (afc9d71)
- Use Cloud build private pools (#868) (ca06365)
- use random_project_id_length (dd063aa)
- use random_project_id_length (#891) (dd063aa)
- use remote state to read data from previous steps (#782) (a761a99)
- validate requirements script (#765) (84bbd25)
- add a chmod command for project infra pipeline runners(#657) (2730050)
- add note about updating transitivity firewall rules in the Hub and Spoke network mode (#906) (4211162)
- add onprem_dc variable and add missing routers in hub and spoke base and restricted modules (#912) (83cf36b)
- add vpc flow logs configuration for jenkins subnet (#870) (40e391c)
- always grant view permissions at org to CB SA for TFV (#645) (66d4c5b)
- backend_bucket > remote_state_bucket (#848) (75c5ab3)
- block project-wide SSH keys (#897) (07e9ab5)
- bump the version of project factory to 13.0 (#702) (78c7d90)
- bump the version of the cloudbuild in the bootstrap step (#642) (3f61dba)
- conventional-commit-lint.yaml file must have the default header (#911) (4581750)
- create billing dataset in multi-regional by default (#799) (ca0a4b3)
- data_access_logs_enabled now enables read and write audit logs, defaults to false for cost savings (#630) (8391f1b)
- enable firewall logging for health check firewall rule (#892) (5fda1f0)
- enable missing DNS logging (#893) (9285cd7)
- exclude version
4.31.0from the possible versions for infra pipeline module (#771) (37ba8ba) - firewall priorities to use
65530to align with doc (#869) (1bf4931) - grant permissions required by TFV to CB SA (#629) (ffa6a93)
- Grant role browser to the terraform service account for running gcloud beta terraform vet (#818) (e80a504)
- hardcode the regions variables in the
3-networks/shared(#699) (9c320d8) - Hub and Spoke build (#648) (98a3441)
- Jenkins CI/CD (#882) (26d8fc5)
- make dedicated interconnect comply with guide (#913) (7d77636)
- make first gcloud builds submit wait for the creation of the default cloud build bucket (#719) (3e2ca41)
- make partner interconnect comply with guide (#915) (4b4f8d8)
- psc endpoints (#875) (730acd6)
- Remove depends_on in bootstrap (#850) (741648a)
- remove locals related to hub and spoke from dual shared vpc code (#907) (102df23)
- remove unused variables in network-dual-svpc/shared (#853) (49057b1)
- Review builds with Jenkins (#838) (82aa221)
- sed regex for backend bucket name substitution (#858) (8b5ffc4)
- set random suffix to the same size of other project suffix (#886) (70778eb)
- set the location for cloud build related buckets in step4 based in the default region (#667) (b2b3aca)
- source repos keys in sa_roles map (#895) (8bd7d14)
- tflint fixes (#909) (b437e29)
- update bucket naming to comply with guide definition (#904) (49347f5)
- update cloud build private pool peering network CIDR range (#905) (f5615ee)
- update TPG version constraints to allow 4.0 in 5-app-infra (#721) (90f15f2)
- updates for on-prem connectivity configuration (#827) (70f9e54)
- updates for tfv1 compat (#637) (235698b)
- VPC Flow Logs constraint issue + Adding gcloud terraform vet usage to test (#779) (0019b00)
2.3.1 (2021-10-15)
2.3.0 (2021-09-02)
2.2.0 (2021-07-16)
2.1.1 (2021-06-23)
- add browser role to cloud build sa for provided folders (#484) (b3996e2)
- upgrade terraform to 0.13.7 (#490) (a9150a7)
2.1.0 (2021-05-15)
2.0.0 (2021-05-01)
- 4-projects GCS CMEK example (#346) (d74ff33)
- add FAQ, Glossary & Troubleshooting docs (#466) (57643a6)
- Add GAR in infra pipelines and tests (#395) (2a2e4fe)
- Add hub and spoke network architecture (#298) (d9468db)
- add iam.automaticIamGrantsForDefaultServiceAccounts org policy constraint (#386) (f6b0387)
- Add log export GCS bucket object versioning (#317) (cb0e622)
- add Shielded VMs & OS Login org policies (#283) (07a201e)
- Add step 5-app-infra (#382) (fd5329c)
- add support for hierarchical firewall policies (#343) (e7bb1bc)
- Add terraform validator and add policy-library (#263) (f220588)
- Adds prefix to projects and folder name (#289) (66dacf2)
- App Infra pipelines (#337) (c3b19e8)
- enable hub & spoke transitivity via gateway VMs (#322) (f6cd9ad)
- example-foundations test modes (#309) (34a6d75)
- implement support for Partner Interconnect (#345) (70501ec)
- Make BigQuery log destinations partitioned (#277) (f40c5fe)
- Move Cloud Source Repo definition to variable. (#302) (48037c9)
- Replace container registry with artifact registry in CloudBuild (#367) (6b6469b)
- Update terraform-validator version, instructions and CMEK bucket (#397) (8f7c58e)
- updates to support TF 0.13 (#268) (c5c6c6c)
- 1-org README.md add setting up Security Command Center to Prerequisites (#467) (ee04cb5)
- add bucket prefix for bootstrap (#407) (03bd05a)
- add cloudbuild api to seed proj (#358) (1fda12b)
- add CMEK project name prefix and root readme project names (#414) (141c059)
- add impersonate to gcloud builds submit command in infra-pipeline module (#458) (1d3fbf8)
- add infra pipeline CB SA role test (#450) (e30fe8c)
- add missing google apis to policy constraint (#370) (2ac0466)
- Add missing symlink in shared network env (#328) (48c2318)
- add network fixture prepare to lint test (#323) (c120d55)
- add standalone repo for terraform-validator policies (#403) (b170478)
- Adding KMS API in bootstrap project (#385) (39b8da3)
- Bugfix/fix 4-projects issues (#374) (f5f5224)
- clone policies repo once per build (#329) (3e95111)
- default sa deprivilege (ea5fcc2)
- Documentation fixes (#327) (ce610d0)
- Documentation language inconsistencies, typos and tests (#419) (71b633f)
- Fixes for build stability issues (#406) (c2b8200)
- pin versions of terraform in the code to version 0.13.6 (#398) (b86457c)
- remove shielded VM org policy (#286) (c1a2852)
- rename access_context.tfvars to access_context.auto.tfvars in 4-projects (#396) (91ce3f8)
- set 3-networks service account token lifetime to 1200s (#432) (76efbe8)
- specify ports for ssh & rdp for IAP TCP forwarding rule (#390) (3eed2bc)
- support for hub and spoke transitivity (#427) (a6b43da)
- update 4-projects infra pipeline project name (#404) (7beb5a0)
- update documentation (#301) (54aa58a)
- Update google cloud sdk min version to 319.0.0 and use GA version of gcloud scc notifications (#463) (ebbb4d7)
- update google-beta provider source info (#368) (9924760)
- Update readme files (#399) (d1f29c3)
- upgrade version for dependant CFT modules (#339) (02a4ac5)
- use f1-micro as the machine type for the deploy in 5-app-infra step (#416) (1fad10b)
- version of network_peering in step 4-projects (#384) (16a99bb)
1.1.0 (2021-03-10)
- add integration tests for 4-projects (#232) (0521aeb)
- Add Provider cache (#250) (5c5b8b3)
- add terraform show command to wrapper script (#267) (2a8e9f2)
- adds jenkins agent vpn automation in terraform (#234) (68208ad)
- adds kitchen testes for step 3-networks (#231) (50bab16)
- Adds org policy admin role for admin group (#262) (12f02ec)
- Adds peering project examples (#243) (dc6dd95)
- adds support for bucket retention policy for logs (#266) (cc4ddbc)
- 3-networks inconsistencies and typos (#304) (f87ed16)
- adjust log filters for SHA/CIS compliance (#261) (cd42805)
- deprecated bucket-policy-only parameter and bq table deletion (#264) (3dfda65)
- egress deny fw rule for all protocols (#260) (402c785)
- enable data access logs collection (#249) (6e887e0)
- explicitly add project to scc pub/sub topic creation (#233) (ca7d926)
- Pin network module for terraform 0.12 (#333) (f0218a5)
- set default_service_account value correctly to 'deprivilege' (#282) (6f8a4c0)