Skip to content

v34.0.0
Compare
Choose a tag to compare
@ludoo ludoo released this 30 Aug 08:18
· 156 commits to master since this release
v34.0.0
e6bd1c6
This commit was signed with the committer’s verified signature.
ludoo Ludovico Magnocavallo
SSH Key Fingerprint: TGAavPP9QXs+lvOPUAwAl3hDsyZeFYdtgqWKDqQXI8Y Learn about vigilant mode.

From this release we are adding a few changes that should facilitate upgrading between FAST versions:

  • high level migration considerations in the release notes (here)
  • a set of pre-computed moved blocks that transition resources to the new formats where possible for bootstrap, resource management, and networking "a" stages
  • the release version embedded as a comment in versions.tf files across the whole repository

We emphasize that upgrading FAST is not one of the stated goals of this project, whose main goal is not to publish a product but to produce a set of modules and a Landing Zones toolkit that dynamically evolve to capture patterns seen in the field, and improved designs supporting new product features. One of the many discussions on this topic can be found in #2512.

FAST migration from v33.0.0 to v34.0.0

Bootstrap stage

No destructive changes. A few IAM bindings are re-applied cleanly.

Resource management stage

Network security IaC resources change names from resman-netsec to resman-nsec and need recreation. Network security state should be transitioned to local before applying resource management, and re-transitioned to remote after refreshing resman output files and netsec provider.

Project factory dev and prod resources will change internal names, the moved blocks in the provided file should seamlessly rename them in state. You might get errors during apply on the service accounts, but a second apply cycle succeeds.

Release changelog

BLUEPRINTS

FAST

  • [#2543] Prepare v34.0.0 release (ludoo)
  • [#2541] Moved blocks and fix to resman for FAST v33-v34 transition (ludoo)
  • [#2484] [FAST] TLS inspection support for NGFW Enterprise (LucaPrete)
  • [#2530] Add managed folders support to gcs module (juliocc)
  • [#2511] [FAST] Add permissions to nsec-r SA (LucaPrete)
  • [#2509] Depend network security stage from fast features in FAST resman stage (ludoo)
  • [#2505] incompatible change: Refactor FAST project factory and supporting documentation (ludoo)
  • [#2499] Firewall policy module factory schema (ludoo)
  • [#2498] DNS rpz module factory schema (ludoo)
  • [#2497] Net vpc firewall factory schema (ludoo)
  • [#2494] Additional module schemas (ludoo)
  • [#2491] Organization module factory schemas (ludoo)
  • [#2483] Add boostrap output with log destination ids (juliocc)
  • [#2482] [FAST] Rename netsec stage to nsec (LucaPrete)
  • [#2477] VPC-SC factory JSON Schemas (ludoo)
  • [#2471] Rename 1-vpc-sc stage to 1-vpcsc (juliocc)
  • [#2470] Make policyReader binding additive in bootstrap (juliocc)
  • [#2466] [FAST] Sets projects_data_path optional, as in the project factory module (LucaPrete)
  • [#2464] Fix peering routes config in fast a network stage (ludoo)
  • [#2460] incompatible change: VPC-SC as separate FAST stage 1 (ludoo)

MODULES

  • [#2543] Prepare v34.0.0 release (ludoo)
  • [#2538] Module net-vpc fix for reserved ranges (jamesdalf)
  • [#2539] Exposing aws_v4_authentication configuration in global external alb (okguru1)
  • [#2537] Add send_secondary_ip_range_if_empty=true to google_compute_subnetwork (sruffilli)
  • [#2533] Added the possibility of setting the duration of a GCE instance. (luigi-bitonti)
  • [#2535] Allow customizable prefix in net-vpc module PSA configs (ludoo)
  • [#2528] Support budget restriction read only (kejti23)
  • [#2530] Add managed folders support to gcs module (juliocc)
  • [#2531] Update stable provider too to 5.43 (juliocc)
  • [#2525] Bump provider to last release of version 5 (juliocc)
  • [#2523] feat: Add security_policy to backend service configuration (EmileHofsink)
  • [#2521] net-vpc module add overlap CIDR subnet attribute (jamesdalf)
  • [#2518] Fix CMEK typo in project module. Part 2 :) (artemBogdantsev)
  • [#2517] Fix CMEK typo in project module (artemBogdantsev)
  • [#2516] Key inconsistency in project-factory (V0idC0de)
  • [#2515] Add ca pool object to certification-authority-service module (LucaPrete)
  • [#2508] Add support for disable default snat (okguru1)
  • [#2510] net-swp module cleanup (sruffilli)
  • [#2505] incompatible change: Refactor FAST project factory and supporting documentation (ludoo)
  • [#2501] Use the google_tags_location_tag_binding Terraform resource to bind tags on KMS key rings (arnodasilva)
  • [#2502] Add deletion_policy to project module (juliocc)
  • [#2420] Add name overrides for Internal and External Load Balancers (cvanwijck-hub24)
  • [#2499] Firewall policy module factory schema (ludoo)
  • [#2498] DNS rpz module factory schema (ludoo)
  • [#2497] Net vpc firewall factory schema (ludoo)
  • [#2496] [fix] certificate authority service returning bad pool id (LucaPrete)
  • [#2493] [fix] Fixes errors in certificate-authority-service module (LucaPrete)
  • [#2495] ensure dns_keys output freshness (nathou)
  • [#2494] Additional module schemas (ludoo)
  • [#2491] Organization module factory schemas (ludoo)
  • [#2490] Bind schemas to factory files, add support for groups in VPC-SC schema (wiktorn)
  • [#2489] Extend test collector to include yaml files under tests/schemas/ and fast data files (juliocc)
  • [#2486] Fix failing tests for CloudSQL (wiktorn)
  • [#2485] Project factory module JSON schemas (ludoo)
  • [#2481] Adds a new certification authority service (CAS) module (LucaPrete)
  • [#2480] Add support for PSC global access to net-address (juliocc)
  • [#2477] VPC-SC factory JSON Schemas (ludoo)
  • [#2474] [fix] Pass optional location variable at certificates creation (LucaPrete)
  • [#2476] Cloud run v2 custom audiences (apichick)
  • [#2475] Cloud run v2 output uri (apichick)
  • [#2472] Fix grammar in net-vpc-peering preconditions (juliocc)
  • [#2469] Fix E2E tests (wiktorn)
  • [#2460] incompatible change: VPC-SC as separate FAST stage 1 (ludoo)

TOOLS

Assets 2
Loading