CHANGELOG.md

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased]

[1.9.15] - 2024-09-18

Changed

• Update npm packages #260

[1.9.14] - 2024-08-30

Changed

• Update npm packages #242

[1.9.13] - 2024-08-06

Changed

• Update npm packages #223

Fixed

• Fix changelog #203

[1.9.12] - 2024-07-11

Changed

• Update npm packages #202

[1.9.11] - 2024-06-11

Changed

• Update npm packages #181

[1.9.10] - 2024-05-22

Changed

• Update npm packages #165

[1.9.9] - 2024-05-09

Fixed

• Fix typo in 'storage-disallow-public-access' #156

Changed

• Update npm packages #155

[1.9.8] - 2024-04-18

Changed

• Update CloudFunctions minimum supported runtime [#141] (#141)
• Update npm packages #142

[1.9.7] - 2024-04-08

Changed

• Update npm packages #132

[1.9.6] - 2024-03-28

Changed

• Update npm packages #123

[1.9.5] - 2024-03-19

Fixed

• KMS CryptoKey rotation policy #117

Changed

• Update npm packages #118

[1.9.4] - 2024-03-15

Removed

• Remove notebooks policies due to deprecation warning #111

Changed

• Update npm packages #110

[1.9.3] - 2024-03-02

Fixed

• Dependabot versioning strategy #96

Changed

• Bump @pulumi/pulumi from 3.108.0 to 3.108.1 #97

[1.9.2] - 2024-03-01

Fixed

• Dependabot versioning strategy #95

Changed

• Bump @types/node from 20.11.20 to 20.11.21 #91
• Bump @pulumi/pulumi from 3.107.0 to 3.108.0 #93
• Bump @types/node from 20.11.22 to 20.11.24 #94

[1.9.1] - 2024-02-27

Changed

• Update packages #90

[1.9.0] - 2024-02-20

Added

• Service Account policies #82
  • disallowUserManagedKeys
• Projects
  • disallowAdminPrivileges
  • disallowServiceAccountTokenCreator
  • disallowServiceAccountUser
  • requireApiKeySourceRestrictions
  • requireApiKeyTargetRestrictions
• Folder
  • disallowAdminPrivileges
  • disallowServiceAccountTokenCreator
  • disallowServiceAccountUser
• Organizations
  • disallowAdminPrivileges
  • disallowServiceAccountTokenCreator
  • disallowServiceAccountUser

Changed

• Update packages #81

[1.8.5] - 2024-02-13

Changed

• Update packages #77

[1.8.4] - 2024-02-01

Changed

• Update packages #66

[1.8.3] - 2024-01-29

Changed

• Update packages #59

[1.8.2] - 2024-01-25

Fixed

• Fix backend service CDN policy #54

Changed

• Update packages #55

[1.8.1] - 2024-01-25

Fixed

• Fix backend service security policy #51

Changed

• Update packages #52

[1.8.0] - 2024-01-23

Added

• Bigtable policies #39
  • requireDeletionProtection
  • requireInstanceCmek
• Vertex AI policies #40
  • requireDatasetCmek
  • requireMetadataStoreCmek
• Notebooks policies #40
  • disallowDefaultNetwork
  • requireInstanceCmek
  • requireNoPublicIp
• Projects policies #41
  • requireApiKeyRestrictions
• Dataproc policies #45
  • requireClusterEncryptionConfig
  • requireClusterInternalIpOnly
  • requireMetastoreServiceEncryptionConfig
• Datafusion policies #45
  • disallowDefaultNetwork
  • requireCryptoKeyConfig
  • requireEnableRbac
  • requireEnableStackdriverLogging
  • requireEnableStackdriverMonitoring
  • requirePrivateInstance

Changed

• Update packages #46

[1.7.0] - 2024-01-22

Added

• Cloud DNS policies #30
  • disallowRsasha1Algorithm
  • requireDnssecStateOn
• Pub/Sub policies #31
  • requireSubscriptionDeadLetterTopic
  • requireTopicCmek
• Redis policies #33
  • Cluster
    • disallowDefaultNetwork
    • requireAuthorizationMode
    • requireTransitEncryptionMode
  • Instance
    • disallowDefaultNetwork
    • disallowEndOfLife
    • requireAuthEnabled
    • requireCustomerManagedKey
    • requireHighAvailabilityTier
    • requireTransitEncryptionMode
• Memcache policies #34
  • disallowDefaultNetwork
  • disallowEndOfLife
  • requireNodeCount
• Artifact Registry policies #35
  • disallowPublicAccess
  • requireCleanupPolicy
  • requireCustomerManagedKey
• KMS policies #36
  • disallowPublicAccess
  • requireRotationPeriod
• Spanner policies #37
  • requireDatabaseCmek
  • requireDeletionProtection
  • requireEnableDropProtection

Fixed

• Links to pull requests in CHANGELOG.md #32

[1.6.0] - 2024-01-21

Added

• Compute policies #21
  • Backend Service
    • requireEnableCdn
    • requireLogConfig
    • requireSecurityPolicy
  • Disk
    • requireDiskEncryptionKey
  • Firewall
    • disallowCommonPortsPublicAccess
    • disallowDefaultNetwork
    • disallowPortRangePublicAccess
    • disallowProtocolPublicAccess
    • requireLogConfig
  • Instance
    • disallowDefaultServiceAccount
    • disallowExternalIp
    • disallowIpForward
    • disallowSerialPortEnable
    • requireBlockProjectSSHKeys
    • requireBootDiskEncryption
    • requireConfidentialInstanceConfig
    • requireDeletionProtection
    • requireShieldedInstanceConfig
  • Project Metadata
    • requireOsLogin
  • SSL Policy
    • disallowProfileCompatible
    • disallowWeakChipherSuites
  • Subnetwork
    • requireVpcFlowLogs

Changed

• Update packages #28

[1.5.0] - 2024-01-09

Added

• Container Registry policy #19
  • disallowContainerRegistry
• Container Cluster and NodePool policies #19
  • disallowIssueClientCertificate
  • disallowLegacyAbac
  • requireAutoRepairNodes
  • requireAutoUpgradeNodes
  • requireBinaryAuthorization
  • requireConfidentialNodes
  • requireContainerOptimizedOs
  • requireDatabaseEncryption
  • requireEnableIntegrityMonitoring
  • requireEnableNetworkPolicy
  • requireEnablePrivateEndpoint
  • requireEnableSecureBoot
  • requireEnableShieldedNodes
  • requireLoggingService
  • requireMasterAuthorizedNetworks
  • requireMonitoringService
  • requirePrivateClusterConfig
  • requireRemoveDefaultNodePool
  • requireWorkloadIdentityConfig

Changed

• Update packages and node engine version #20

Fixed

• Fix typo in backendserviceRequireSecuritypolicy policy #18

[1.4.1] - 2024-01-04

Changed

• Split Cloud SQL policies depending on the database engine #17

Fixed

• Fix prettier config #17

[1.4.0] - 2024-01-02

Added

• Cloud SQL policies #12
  • disallowDefaultVpc
  • disallowEndOfLifeVersion
  • disallowImplicitPublicWhitelist
  • disallowPublicIp
  • requireAutomatedBackup
  • requireCmek
  • requireDeletionProtection
  • requireHighAvailability
  • requirePointInTimeRecovery
  • requireSslConnections
• MySQL policies (#14):
  • requireBinaryLogEnabledMysql
  • requireDatabaseFlagsMysql
  • requireRootPasswordMysql
• SQL Server policies (#15):
  • requireDatabaseFlagsSqlServer
• PostgreSQL policies (#16):
  • requireDatabaseFlagsPostgresql

Changed

• Rename BigQuery policies that require CMEK #11
  • datasetRequireCmek -> datasetRequireCmekKms
  • tableRequireCmek -> tableRequireCmekKms
• Update package dependencies #13

[1.3.0] - 2023-12-28

Added

• Cloud Storage policies #9
  • disallowPublicBuckets
  • disallowSelfBucketLogging
  • requireBucketLogging
  • requireBucketVersioning
  • requireCmek
  • requireUniformBucketLevelAccess
• BigQuery policies #10
  • datasetDeletionProtection
  • datasetDisallowPublicAccess
  • datasetRequireCmek
  • tableDeletionProtection
  • tableDisallowPublicAccess
  • tableRequireCmek

[1.2.0] - 2023-12-27

Added

• added .editorconfig file #8
• CloudFunctions 1st and 2nd generation policies #8
  • disallowEndOfLifeRuntime
  • disallowEnvsSecrets
  • disallowPlainHttp
  • disallowPublicIngress
  • disallowVpcConnectorPublicEgress
  • requireCmek

[1.1.1] - 2023-12-26

Added

• CodeQL analysis #4
• dependabot npm scan #4
• cloudrunv2-disallow-public-ingress #5
• disallow environment variables from Secret Manager - cloudrun.Service, cloudrunv2.Service and cloudrunv2.Job #6

Changed

• Update test and code file structure #6

Fixed

• codeql event on push in main branch #6

[1.1.0] - 2023-12-25

Added

• Add gcp:compute:BackendService policy #3
• Add integration tests #3

Chaged

• Update README.md #2

[1.0.0] - 2023-12-25

Added

• Publish gcp-pac to NPM registry #1
• Add GithUb Actions workflows #1
• Add documentation #1
• cloudrun.Service policy #1
• compute.BackendService policy #1

Fixed

Changed

Removed

Security