All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
Extending the adopted spec, each change should have a link to its corresponding pull request appended.
- Support for Forseti v2.24.0 #386
- Parameterized Kubernetes version #385
- GCS bucket location to tutorials and examples #382
- Improved existing resource import in v5.0.0 #354
- Starting Forseti service automatically at boot (#286) #275
- Ignoring the size of the CloudSQL disk on re-apply #371
- Root outputs.tf to include forseti-cai-storage-bucket #374
- The On GKE end-to-end example to have the same machine type and disk type as the defaults for GCE. Moved these variables out of main.tf into the variables.tf file. #369
- setup.sh to reuse existing deployer service account #357
- GCS as a policy-library store for on-GKE #356
- Support for the case where the user is syncing from GCS and not SSH key is present #362
- CIS Annotations CIS 2.1 #348 #349 #350 #351
- GKE module support for custom Cloud SQL database names #314
- Changing the branch names to branches without special characters #383
- Test fixtures to use master branch of Forseti #378
- Correct server bucket variable being passed to helm_release resource. #320
- Issue templates #365
Version 5.0.0 is a backwards-incompatible release. Please see the upgrade instructions for details.
- Support for Forseti v2.23.0 #329
- Updated README and Cloud Shell Tutorial #330
- Added additional submodules for Forseti infrastructure components #284
- Update Cloud Shell tutorial #309
- Add variable to enable mailjet_rest library #302
- Updating helper scripts to include GKE related roles #306
- Setting the GKE version to a specific version #307
- Fix serviceusage test #308
- Adding cscc vars to on_gke examples #304
- Optionally Enable Cloud Profiler #297
- Add Service Usage API #276
- Cleaning up unused input variables. #300
- Add ability to set net_write_timeout for CloudSQL #299
- Update server config template to reflect CSCC notifier changes #292
v4.3.0 - 2019-10-03
- Upgraded default forseti server vm and cloud sql instance size #268
- Add READMEs to submodules #270
- Set the crontab minute to be random #280
- Fix to helper script #282
- Only clone head of desired Forseti branch #283
v4.2.1 - 2019-09-23
- Support for Forseti v2.22.0 #266
- Verbose logging for the Forseti Server startup script #257
- CloudSQL instance created in the same zone as GCE instances #253
- Support for importing existing deployments created by the deprecated Python Installer. #197
- A variable to override the random resource name suffix
- A variable to toggle management of rules
- An import helper script
v4.1.0 - 2019-09-06
v4.0.1 - 2019-08-23
- Support for Forseti v2.19.1 #233
- Added boot disk type and boot disk size variables, with increased default disk size. #232
- Fixed race condition in server VM roles. #231
v4.0.0 - 2019-08-07
Version 4.0.0 is a backwards-incompatible release. Please see the upgrade instructions for details.
- Support for Forseti v2.19.0. #225
- Add on_gke submodule #182
- Add
excluded_resourcesvariable to forseti_conf_server.yaml. #213
- Remove roles/bigquery.dataViewer role from server. #210
- Flip
inventory_email_summary_enableddefault tofalseand requiresendgrid_api_keyto be non-empty whentrue. #211
v3.0.0 - 2019-07-19
- Supported version of Terraform is 0.12. #201
v2.3.0 - 2019-07-11
- Support for Forseti v2.18.0. [#200]
- Support for Forseti Real-Time Enforcer VM private IP address. #180
- Updated ke_rules.yaml file to scan for new vulnerabilities. [#200]
v2.2.0 - 2019-06-20
- Support for Forseti v2.17.0 [#184]
- Add Kubernetes resources to CAI asset inventory
- Do not add email configuration if
sendgrid_api_keyis unset #174
v2.1.0 - 2019-05-30
- Support for Forseti v2.16.0. #170
v2.0.0 - 2019-05-16
- Removed public IP address outputs. #163
- Enable CSCC API when violations are enabled. #158
- Add 50052 port in Firewall rule for Config Validator. #155
- Check for both empty values org_id and folder_id. #152
- Updated server firewall rule to restrict by service accounts. #157
v1.6.0 - 2019-05-14
- Support for Forseti v2.15.0. #145
v1.5.1 - 2019-05-09
- The required roles are documented in the README. #134
- The
forseti-server-vm-public-ipoutput and theforseti-client-vm-public-ipoutput are restored. #146
v1.5.0 - 2019-05-07
var.client_privateandvar.server_privatetoggle the existence of public IP addresses for the client and server VMs. #76
- Add
groupssettings.googleapis.comAPI. #137
v1.4.2 - 2019-04-23
var.config_validator_violations_should_notifywould not disable notifications when set tofalse. #126- Add CSCC findings IAM role. #131
var.composite_root_resourcesandvar.servicesdefault to empty lists. #132
v1.4.1 - 2019-04-05
- Real time enforcer containers will restart when encountering errors. #120
v1.4.0 - 2019-04-04
- Checks for errors in the client and server startup scripts. #79
- Database migration script is invoked in forseti server startup script. #77
helpers/setup.shactivates required services in project. #66- Added real_time_enforcer submodule. #75 [#90]
- Added real_time_enforcer_roles submodule. #80
- Added real_time_enforcer_organization_sink. #86
- Added real time enforcer roles to
helpers/setup.shandhelpers/cleanup.sh[#91] - Added groups_settings scanner. #100
- Added licensing information to real time enforcer policies. #107 #111
- Added config validator. #116
helpers/setup.shandhelpers/cleanup.shnow use flags for setting arguments. #66- Optionally send real time enforcer logs to stackdriver. #85
- Updated real time enforcer policy from upstream. [#89]
- Move real time enforcer pubsub sink definition into sink modules. #88
- Update ke_scanner_rules.yaml #102
- Update cscc violations to use GA API. #103
- Update real time enforcer versioning policy. #112
- Update forseti_version to v2.14.0
- Refreshed Terraform variables and outputs documentation. #115
- Fix misnamed variable in
helpers/setup.sh. #108 - Fix getopts option string in
helpers/setup.shandhelpers/cleanup.sh. #114
v1.3.0 - 2019-03-14
1.3.0 is a backwards compatible feature release. This module release supports Forseti v2.13.0.
- Added server service account to the
roles/bigquery.metadataViewerrole. #71
- Changed
forseti_versiondefault to v2.13.0. #73
v1.2.0 - 2019-02-28
1.2.0 is a backwards compatible feature and bugfix release. This module release supports Forseti v2.12.0.
- Added new
shared-vpcexample, fix firewall rules for client SSH access. #32 - Firewall rule source ranges are now user-controllable. #32, #67
- Update forseti_version to v2.12.0. #61
terraform destroynow removes non-empty CAI export buckets #56- Add missing
kms_rules.yamlrules file. #64
v1.1.1 - 2019-02-15
1.1.1 is a backward compatible feature release. This module release supports Forseti v2.11.1.
- Update forseti_version to v2.11.1. #59
v1.1.0 - 2019-02-15
1.1.0 is a backward compatible feature release. This module release supports Forseti v2.11.0.
- Add "roles/orgpolicy.policyViewer" to server service account roles. #44
- Add variables to configure forseti_conf_server.yaml. #50
- Add host integration tests for Forseti server and client. #48
- Install forseti pip requirements on client instance #55
- Never prompt for user input from Apt in Forseti startup scripts. #45
- Rebuild Forseti server when forseti_conf_server.yaml changes. #46
- Fix cron default frequency to be every 2 hours. #47
- Update forseti_version to v2.11.0. #58
v1.0.0 - 2019-01-29
1.0.0 is a backwards incompatible release and is a full rewrite of the module.
- Terraform now installs and manages all Forseti resources instead of using the Deployment Manager. #33
v0.1.0 - 2018-09-13
- This is the initial release of the Forseti module.