v36.0.0

What's Changed

• Extend tests to fast-dev by @ludoo in #2646
• Refactor of FAST resource management and subsequent stages by @ludoo in #2648
• Final fixes for v36.0.0-rc1 by @ludoo in #2652
• Fix permadiff in bootstrap IAM by @ludoo in #2656
• Refactor changelog for the new release process by @ludoo in #2660
• Add missing roles to project factory ro SA in stage 1 by @ludoo in #2683
• Add missing billing roles to project factory ro SA in stage 1 by @ludoo in #2685
• Streamline environments variable across stages by @ludoo in #2688
• Make project iam viewer name consistent with GCP naming by @juliocc in #2694
• Unify usage of top level folders short_name by @juliocc in #2693
• Remove REGIONAL/MULTI_REGIONAL buckets from FAST by @juliocc in #2697
• Allow disabling network security stage by @juliocc in #2701
• Expose factories_config for resman top level folders by @juliocc in #2707
• Remove stale resman validation by @juliocc in #2714

Full Changelog: v35.1.0...v36.0.0

v35.1.0

What's Changed

• Add required enabled field introduced in Terraform version 5.41.0 by @jacobmammoliti in #2653
• fix Vertex-ML-Ops e2e tests by @wiktorn in #2631
• Migrate blueprints/data-solutions/vertex-mlops to google_workbench_instance by @wiktorn in #2632
• Fix Vertex MLOps blueprint by @wiktorn in #2659
• Update service agents spec by @juliocc in #2658
• New SecOps blueprints section and SecOps GKE Forwarder by @simonebruzzechesse in #2514
• add enable_object_retention argument by @kejti23 in #2657
• Update SWP by @LucaPrete in #2666
• SWP: remove condition from addresses variable and make it null by default by @LucaPrete in #2668
• Additional examples for Cloud Run and Cloud SQL by @wiktorn in #2669
• Fix the location of the GCS and NFS attributes by @wintermi in #2670
• bump modules/README github tag reference by @kaue in #2673
• Fix "inconsistent conditional result types" error in modules/vpc-sc by @joelvoss in #2676
• Swap groups_iam/iam_group for iam_by_principals in bootstrap README by @robrankin in #2680
• Keeping my contributor status :) by @drebes in #2681
• Add support for service account in pubsub module bigquery subscriptions by @ludoo in #2682
• Fix gcs & NFS mounts for cloud-run-v2 service by @wiktorn in #2686
• Fix initial user on secondary cluster issue by @simonebruzzechesse in #2687
• Fix examples for GCS mount by @wiktorn in #2692
• Fix E2E tests by @wiktorn in #2699
• Fix non-empty plan after mixing CloudSQL with other mounts by @wiktorn in #2700
• Move direct vpc out of BETA by @wiktorn in #2702
• Added outputs to apigee-x-foundations blueprint (instances and lbs) by @apichick in #2704
• Add Automation Service Accounts Output by @joshw123 in #2640
• Added outputs to apigee-x-foundations blueprint (PSC NEGs) by @apichick in #2705
• Allow providing network for Direct VPC access by @wiktorn in #2711
• Add hierarchical namespace support to GCS module by @juliocc in #2712
• add GPU options to compute-vm module by @ooshrioo in #2689
• Allow setting GCS location default/override in project factory by @ludoo in #2715
• Change tfdoc pre-commit hook script to use while read by @rosmo in #2717
• Add location to cert-manager issuance config and fix issuance config reference by @LucaPrete in #2720
• Add support for workload_metadata_config in Standard GKE clusters by @Tirthankar17 in #2716
• Fix not setting user defined password by @wiktorn in #2723
• Allow factory files to be empty by @LucaPrete in #2719
• Added min_instances, max_instances, min_throughput and max_throughtpu… by @apichick in #2706
• Fix typo on maintenance config by @simonebruzzechesse in #2727
• enable_private_path_for_google_cloud_services added to CloudSQL by @fulyagonultas in #2726

New Contributors

• @jacobmammoliti made their first contribution in #2653
• @wintermi made their first contribution in #2670
• @kaue made their first contribution in #2673
• @joelvoss made their first contribution in #2676
• @robrankin made their first contribution in #2680
• @ooshrioo made their first contribution in #2689
• @Tirthankar17 made their first contribution in #2716

Full Changelog: v35.0.0...v35.1.0

v36.0.0-rc1

This release implements several breaking changes and new features in FAST. Please refer to the FAST stage1 documentation and the FAST upgrading instructions for more details.

Release contents:

• [#2649] Final fixes for v36.0.0-rc1 (ludoo)
• [#2648] incompatible change: Refactor of FAST resource management and subsequent stages (ludoo)

v35.0.0

BLUEPRINTS

• [#2643] Add codespell to pre-commit (wiktorn)
• [#2629] Bump cookie and express in /blueprints/apigee/apigee-x-foundations/functions/instance-monitor (dependabot[bot])
• [#2623] Bump cookie and express in /blueprints/gke/binauthz/image (dependabot[bot])
• [#2609] Add support for bundling net monitoring tool in a Docker image, and deploying via CR Job (ludoo)
• [#2585] Apigee x foundations certificate manager (apichick)
• [#2584] README fixes to FAST docs (skalolazka)
• [#2574] Bump path-to-regexp and express in /blueprints/apigee/apigee-x-foundations/functions/instance-monitor (dependabot[bot])
• [#2573] Bump path-to-regexp and express in /blueprints/gke/binauthz/image (dependabot[bot])
• [#2536] incompatible change: Add support for google provider 6.x (sruffilli)

FAST

• [#2649] Clarify fast-dev purpose (juliocc)
• [#2643] Add codespell to pre-commit (wiktorn)
• [#2641] Adding DNS for GKE control plane to private google access APIs (aurelienlegrand)
• [#2630] [FAST] Fix stage 2 simple NVA wrong location - causing test failures (LucaPrete)
• [#2611] Add TFE integration for backend and CICD (lnesteroff)
• [#2620] added output for tfvars_globals (lnesteroff)
• [#2544] GCVE network mode for 2-networking-b-nva stage (eliamaldini)
• [#2616] Support log exclusions in FAST bootstrap log sinks (ludoo)
• [#2604] fixed tfe wif definition variables (lnesteroff)
• [#2600] FAST: Adds support for PSC transitivity to 2-a (sruffilli)
• [#2598] added terraform enterprise/hcp terraform def to wif providers (lnesteroff)
• [#2584] README fixes to FAST docs (skalolazka)
• [#2582] Make it explicit in FAST docs that stages need to be run once before CI/CD setup (ludoo)
• [#2581] Update FAST stage diagrams (ludoo)
• [#2579] FAST resman mt fixes (ludoo)
• [#2568] Update a few references from 3-project-factory to 2-project-factory (lyricnz)
• [#2558] Update variables.tf (eliamaldini)
• [#2564] Enables compute.setNewProjectDefaultToZonalDNSOnly and essentialcontacts.allowedContactDomains (sruffilli)
• [#2563] Update list of imported org policies (sruffilli)

MODULES

• [#2642] Reorganize ADRs and new versioning ADR (juliocc)
• [#2643] Add codespell to pre-commit (wiktorn)
• [#2645] feat(modules/secret-manager): add support for version_destroy_ttl (frits-v)
• [#2639] incompatible change: Add option to attach multiple snapshot schedule to disks (shujaatsscripts)
• [#2638] Fix ipv6 output in net-vpc module, add support for extra volumes in cloud run v2 module (ludoo)
• [#2625] Add Project Factory Logging Data Option (joshw123)
• [#2617] fix(artifact-registry): fix a move issue with tf>1.7 (NitriKx)
• [#2608] Additional job attributes in cloud run v2 module (ludoo)
• [#2599] incompatible change: Alloydb variables refactor (simonebruzzechesse)
• [#2606] feat: implement the new iam interface in artifact-registry (NitriKx)
• [#2595] Allow manage existing SSM instance (lnesteroff)
• [#2572] Added biglake-catalog module (apichick)
• [#2593] Fix looker README and add custom url for looker instance module (simonebruzzechesse)
• [#2590] Fix permadiff on iap attribute in net-lb-app-int module (eliamaldini)
• [#2565] New looker core module (simonebruzzechesse)
• [#2587] Project Module CMEK: added CloudRun (artemBogdantsev)
• [#2586] Add location for each SSM IAM resource (lnesteroff)
• [#2569] Secure source manager ([apichick](https:...

v34.1.0

Final Release before provider upgrade to 6.x

What's Changed

BLUEPRINTS

• [#2557] Bump provider to 5.43.1 ahead of next release (juliocc)

FAST

• [#2545] Add documentation instructions for potential issues in cicd-github and bootstrap stages (ludoo)

MODULES

• [#2557] Bump provider to 5.43.1 ahead of next release (juliocc)
• [#2556] Updated the auto pilot gke security posture configuration (oluakingcp)
• [#2553] Added the GKE security_posture configuration (oluakingcp)
• [#2546] Full examples for CMEK examples (wiktorn)

TOOLS

• [#2557] Bump provider to 5.43.1 ahead of next release (juliocc)
• [#2552] Upload hidden files (wiktorn)

New Contributors

• @oluakingcp made their first contribution in #2553

Full Changelog: v34.0.0...v34.1.0

v34.0.0

From this release we are adding a few changes that should facilitate upgrading between FAST versions:

• high level migration considerations in the release notes (here)
• a set of pre-computed moved blocks that transition resources to the new formats where possible for bootstrap, resource management, and networking "a" stages
• the release version embedded as a comment in versions.tf files across the whole repository

We emphasize that upgrading FAST is not one of the stated goals of this project, whose main goal is not to publish a product but to produce a set of modules and a Landing Zones toolkit that dynamically evolve to capture patterns seen in the field, and improved designs supporting new product features. One of the many discussions on this topic can be found in #2512.

FAST migration from v33.0.0 to v34.0.0

Bootstrap stage

No destructive changes. A few IAM bindings are re-applied cleanly.

Resource management stage

Network security IaC resources change names from resman-netsec to resman-nsec and need recreation. Network security state should be transitioned to local before applying resource management, and re-transitioned to remote after refreshing resman output files and netsec provider.

Project factory dev and prod resources will change internal names, the moved blocks in the provided file should seamlessly rename them in state. You might get errors during apply on the service accounts, but a second apply cycle succeeds.

Release changelog

BLUEPRINTS

• [#2543] Prepare v34.0.0 release (ludoo)
• [#2542] Use generic project name in HA VPN over IC blueprint (juliocc)
• [#2530] Add managed folders support to gcs module (juliocc)
• [#2531] Update stable provider too to 5.43 (juliocc)
• [#2525] Bump provider to last release of version 5 (juliocc)
• [#2502] Add deletion_policy to project module (juliocc)
• [#2469] Fix E2E tests (wiktorn)
• [#2463] Typo in README: well know -> well-known (derailed-dash)

FAST

• [#2543] Prepare v34.0.0 release (ludoo)
• [#2541] Moved blocks and fix to resman for FAST v33-v34 transition (ludoo)
• [#2484] [FAST] TLS inspection support for NGFW Enterprise (LucaPrete)
• [#2530] Add managed folders support to gcs module (juliocc)
• [#2511] [FAST] Add permissions to nsec-r SA (LucaPrete)
• [#2509] Depend network security stage from fast features in FAST resman stage (ludoo)
• [#2505] incompatible change: Refactor FAST project factory and supporting documentation (ludoo)
• [#2499] Firewall policy module factory schema (ludoo)
• [#2498] DNS rpz module factory schema (ludoo)
• [#2497] Net vpc firewall factory schema (ludoo)
• [#2494] Additional module schemas (ludoo)
• [#2491] Organization module factory schemas (ludoo)
• [#2483] Add boostrap output with log destination ids (juliocc)
• [#2482] [FAST] Rename netsec stage to nsec (LucaPrete)
• [#2477] VPC-SC factory JSON Schemas (ludoo)
• [#2471] Rename 1-vpc-sc stage to 1-vpcsc (juliocc)
• [#2470] Make policyReader binding additive in bootstrap (juliocc)
• [#2466] [FAST] Sets projects_data_path optional, as in the project factory module (LucaPrete)
• [#2464] Fix peering routes config in fast a network stage (ludoo)
• [#2460] incompatible change: VPC-SC as separate FAST stage 1 (ludoo)

MODULES

• [#2543] Prepare v34.0.0 release (ludoo)
• [#2538] Module net-vpc fix for reserved ranges (jamesdalf)
• [#2539] Exposing aws_v4_authentication configuration in global external alb (okguru1)
• [#2537] Add send_secondary_ip_range_if_empty=true to google_compute_subnetwork (sruffilli)
• [#2533] Added the possibility of setting the duration of a GCE instance. (luigi-bitonti)
• [#2535] Allow customizable prefix in net-vpc module PSA configs (ludoo)
• [#2528] Support budget restriction read only (kejti23)
• [#2530] Add managed folders support to gcs module (juliocc)
• [#2531] Update stable provider too to 5.43 (juliocc)
• [#2525] Bump provider to last release of version 5 (juliocc)
• [#2523] feat: Add security_policy to backend service configuration (EmileHofsink)
• [#2521] net-vpc module add overlap CIDR subnet attribute (jamesdalf)
• [[#2518](https://github.com/...

v33.0.0

BLUEPRINTS

• [#2450] Remove "constraints/" from org policy names (juliocc)
• [#2448] incompatible change: Add generic URL output to modules/artifact-registry (juliocc)
• [#2423] incompatible change: Refactor service agent management (juliocc)
• [#2433] incompatible change: Reintroduce docker image path output in AR module (ludoo)
• [#2416] Add support for sqlAssertion AutoDQ rule type in dataplex-datascan (jayBana)
• [#2395] Fix tutorial error. (wiktorn)
• [#2396] incompatible change: Update modules/artifact-registry with newly-released features. (juliocc)
• [#2392] Added forward_proxy_uri to apigee environments in apigee-x-foundation… (apichick)
• [#2389] Several wording and typos updates (bluPhy)
• [#2382] Fixes related to Apigee KMS keys (apichick)
• [#2372] Added spanner-instance module (apichick)

FAST

• [#2410] [FAST] Add basic NGFW enterprise stage (LucaPrete)
• [#2450] Remove "constraints/" from org policy names (juliocc)
• [#2397] NCC in 2-net-a-simple (sruffilli)
• [#2446] Remove alpha from gcloud storage cp as it moved to GA (LucaPrete)
• [#2444] Add context to net-vpc factory (sruffilli)
• [#2423] incompatible change: Refactor service agent management (juliocc)
• [#2440] FAST ng: stage 0 environments and VPC-SC IaC resources (ludoo)
• [#2430] FAST: IAM cleanups to reflect PF changes (sruffilli)
• [#2417] Allow description to be set for FAST-managed tags (juliocc)
• [#2412] [FAST] Housekeeping in CICD workflow templates and extra stage (jayBana)
• [#2411] [FAST] Fix IAM bindings to impersonate resman CICD SAs at bootstrap stage (jayBana)
• [#2404] Documented new GCVE design options (eliamaldini)
• [#2402] gitlab workflow template fixes #2401 (sudhirrs)
• [#2389] Several wording and typos updates (bluPhy)
• [#2378] Add wording for SCC Enterprise to FAST stage 0 (ludoo)

MODULES

• [#2459] Allow user to override peerings names (juliocc)
• [#2457] update readme with cross project backend external regional/global LB - review (vivianvarela)
• [#2454] Add support for dry-run org policies (juliocc)
• [#2456] Manage lifecycle of cloud functions v2 IAM (ludoo)
• [#2449] Add moved blocks for the service networking service agent and IAM (juliocc)
• [#2448] Add generic URL output to modules/artifiact-registry (juliocc)
• [#2447] Fix wrong expression in compute-mig module (bz-canva)
• [#2445] Override primary flag for the storage transfer service agent (juliocc)
• [#2444] Add context to net-vpc factory (sruffilli)
• [#2443] Project service agents moved block and enabled services (ludoo)
• [#2423] incompatible change: Refactor service agent management (juliocc)
• [#2439] incompatible change: Remove default values to secondary range names in GKE cluster modules (fulyagonultas)
• [#2437] Add coalesce to factory fw policies to support empty yaml files (LucaPrete)
• [#2436] Allow disabling topic creation in GCS module notification (ludoo)
• [#2433] incompatible change: Reintroduce docker image path output in AR module (ludoo)
• [#2424] E2E tests for ncc-spoke-ra (wiktorn)
• [#2427] Fix Cloud Function v1/v2 E2E tests (wiktorn)
• [#2421] fix cloudbuild service account email (nathou)
• [#2418] Adding support for DWS for GKE nodepools (aurelienlegrand)
• [#2416] Add support for sqlAssertion AutoDQ rule type in dataplex-datascan (jayBana)
• [#2406] **incompa...

v32.0.1

In this release:

• [#2447] Fix wrong expression in compute-mig module (bz-canva)

v32.0.0

BLUEPRINTS

• [#2361] incompatible change: Support GCS objects in cloud function modules bundles (ludoo)
• [#2358] incompatible change: Support pre-made bundle archives in cloud function modules (ludoo)
• [#2347] Add GCVE Logging and Monitoring Blueprint (KonradSchieban)
• [#2356] Add Terraform installation step to meet the versions.tf requirements (wiktorn)
• [#2355] Bump @grpc/grpc-js from 1.10.7 to 1.10.9 in /blueprints/apigee/apigee-x-foundations/functions/instance-monitor (dependabot[bot])
• [#2341] Alloydb add support for psc (simonebruzzechesse)
• [#2328] [FAST] Rename stage 2-networking-d-separate-envs to 2-networking-c-separate-envs (LucaPrete)
• [#2326] Add pre-commit hook configuration (wiktorn)
• [#2299] Kong Gateway on GKE offloading to Cloud Run (juliodiez)
• [#2317] resource_labels added to the node_config nodepool (fulyagonultas)
• [#2106] Gitlab Runner blueprint (simonebruzzechesse)
• [#2303] incompatible change: Remove default location from gcs module (ludoo)
• [#2296] Bump requests from 2.31.0 to 2.32.0 in /blueprints/cloud-operations/network-quota-monitoring/src (dependabot[bot])
• [#2284] incompatible change: Unify VPN and Peering FAST stages (sruffilli)

DOCUMENTATION

• [#2106] Gitlab Runner blueprint (simonebruzzechesse)

FAST

• [#2353] Add main project factory service account (ludoo)
• [#2352] incompatible change: Remove support for source repositories from FAST CI/CD (ludoo)
• [#2344] Fix typos in documentation (albertogeniola)
• [#2340] Fix wrong documentation reference to tfvars (albertogeniola)
• [#2337] DNS policy fix (sruffilli)
• [#2335] Add perimeter ids in vpc-sc module outputs, fix vpc-sc in project factory module (ludoo)
• [#2334] Support setting IAM for FAST tags in resource management stage (ludoo)
• [#2333] Fix resman top-level folders variable types (ludoo)
• [#2332] Fix dns policy (wiktorn)
• [#2331] Enable hierarchy in fast project factory (ludoo)
• [#2330] Update PGA domains (juliocc)
• [#2329] FAST: Enable networkconnectivity when using NCC-RA in 2-b (sruffilli)
• [#2328] [FAST] Rename stage 2-networking-d-separate-envs to 2-networking-c-separate-envs (LucaPrete)
• [#2325] Fix restrictAllowedGenerations org policy example (juliocc)
• [#2317] resource_labels added to the node_config nodepool (fulyagonultas)
• [#2319] Pbrumblay/clarify org policy tags (pbrumblay)
• [#2309] incompatible change: Merge FAST C and E network stages into a new B stage. (sruffilli)
• [#2315] FAST: Obsolete assets cleanup (sruffilli)
• [#2305] FAST MT: Readme updates and more prefix validation (sruffilli)
• [#2232] New extra stage for FAST gitlab setup (simonebruzzechesse)
• [#2294] Avoid unnecessary terraform plans for closed (unmerged) PRs (pbrumblay)
• [#2298] Adjust list of imported org policies to official docs (wiktorn)
• [#2297] Add support for tenant factory CI/CD (ludoo)
• [#2292] [FAST] fix: tenant-factory logging bucket project (LucaPrete)
• [#2290] Add wif permissions to bootstrap tf SA (simonebruzzechesse)
• [#2289] Fix mt diagram and broken link (ludoo)
• [#2288] Ignore test resource data in new network stage, split out fast variables (ludoo)
• [#2286] Switch FAST stages 0-1s to excalidraw diagrams (ludoo)
• [#2287] incompatible change: FAST: Cleanup/harmonization of Simple and NVA net stages (sruffilli)
• [#2284] incompatible change: Unify VPN and Peering FAST stages (sruffilli)
• [[#2254](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/p...

v31.1.0

This release reflects a change in the Google provider that fixes a bug with secondary VPC subnet ranges:

• [#2282] Disable reserved_internal_range in net-vpc due to provider bug (sruffilli)