Skip to content

Latest commit

 

History

History
67 lines (40 loc) · 5.36 KB

CHANGELOG.md

File metadata and controls

67 lines (40 loc) · 5.36 KB

Changelog

3.1.0 (2025-02-20)

Features

  • allow non cf panel projects (4018b7c)

3.0.2 (2025-02-19)

Bug Fixes

  • douplicate project_id parameter (ff3337e)
  • passing repo to bootstrap causes failure (0ad82d0)

3.0.1 (2025-02-11)

Bug Fixes

  • add missing on-prem landing zone (518581a)

3.0.0 (2025-02-06)

⚠ BREAKING CHANGES

  • The module no longer automatically configures the default VPC. NAT gateways are created with automatic IP allocation mode.
  • The module is now fully authoritative on the IAM policy of the project as well as the IAM policy of service accounts created by this module. This implementation replaces the non-authoritative one which relied on external shell scripts and is now fully Terraform-native. All changes required from consumers of this module are now outlined in a migration guide.
  • Removed move-blocks from previous Releases. Ensure configuration runs with the latest 2.x release of the module before upgrading to this major release.
  • To match the Cloud Security Baseline, the module creates fewer firewall rules. Previously created firewall rules are automatically removed. The new input variable firewall_rules allows to configure which firewall rules are created.
  • To comply with Security Policies, the module no longer grants the roles/editor role to the Compute Engine default service account. The previously existing toggle to remove this role from the service account is now removed, as this is now the default behaviour.
  • The module no longer outputs METRO net blocks as those are fetched from an DNS record that is not very well maintained. Firewall rules should also not rely on the fact that traffic originates from METRO's public IPs to consider it trustworthy.

Features

  • dns logging policy (88ea167)
  • iam for service accounts is optional (22f702a)
  • improved bootstrap (b6732df)

Bug Fixes

  • correct default value for VPC DNS logging (7233d5b)
  • correct invalid terraform syntax (758fe4a)
  • fix output file generation in bootstrap (9597074)
  • GCP project name and number retrieval in bootstrap script (#62) (d355b67)
  • improve default VPC handling (8ef834f)
  • pin state bucket module using pessimistic version constraint (fc2d0b8)
  • trim .git from repos should the user not have done so themselves (1fa91f2)

Reverts

  • change back change log to default type (fa1d1e9)

Code Refactoring

  • always deprivilege compute engine sa (f87ecb6)
  • delete move blocks (4a58051)
  • new default VPC handling (c6f931d)
  • new firewall handling (9c40968)
  • new iam handling (1444f83)
  • remove metro_netblocks output (98b596d)