v28.0.0

In this release:

BLUEPRINTS

• [#1882] Fixes/improvements to F5 HA blueprint (LucaPrete)
• [#1787] F5 blueprint (LucaPrete)
• [#1873] Add DLP Service Agent role (wiktorn)
• [#1859] Net dash cfv2 (aurelienlegrand)
• [#1863] End-to-end tests for Vertex blueprint (wiktorn)
• [#1856] Sql user features (Francesco-cloud24)
• [#1739] Added CMEK for Secret auto managed (luigi-bitonti)
• [#1848] Dataproc module bug fix (Francesco-cloud24)
• [#1851] Support multilevel data and allow overriding project id in project factory (ludoo)
• [#1838] Simplify #1836 fix, Avoid map-related casting errors in project factory (wiktorn)
• [#1836] incompatible change: Avoid map-related casting errors in project factory (ludoo)
• [#1832] [Minimal Data Platform] Fix Landing and curated IAM (lcaggio)
• [#1825] Handling SQL IP address issue (aurelienlegrand)
• [#1821] [net-address] enable ipv6 (LucaPrete)
• [#1814] incompatible change: Allow specifying arbitrary project roles for service accounts in project factory (ludoo)
• [#1812] Stop wrapping yamldecode with try() (sruffilli)
• [#1806] Updating network dashboard: fixing Cloud SQL problem, fixing 1 metric… (aurelienlegrand)
• [#1796] Make extended shared vpc attributes optional in project factory (ludoo)
• [#1782] Add upper cap to versions, update copyright notices (sruffilli)
• [#1765] Add support for dual stack and multiple forwarding rules to net-lb-int module (LucaPrete)
• [#1748] Bump golang.org/x/net from 0.7.0 to 0.17.0 in /blueprints/cloud-operations/unmanaged-instances-healthcheck/function/restarter (dependabot[bot])
• [#1747] Bump golang.org/x/net from 0.7.0 to 0.17.0 in /blueprints/cloud-operations/unmanaged-instances-healthcheck/function/healthchecker (dependabot[bot])
• [#1735] Make deletion protection consistent across all modules (juliocc)

DOCUMENTATION

• [#1787] F5 blueprint (LucaPrete)
• [#1832] [Minimal Data Platform] Fix Landing and curated IAM (lcaggio)
• [#1831] Update wording in FAST and gcve module READMEs (bluPhy)
• [#1782] Add upper cap to versions, update copyright notices (sruffilli)
• [#1773] Add service usage consumer role to IaC SAs, refactor delegated grants in FAST (ludoo)
• [#1743] Billing account module (ludoo)

FAST

• [#1855] Document fast_features (juliocc)
• [#1864] End to end tests for GCS (wiktorn)
• [#1836] incompatible change: Avoid map-related casting errors in project factory (ludoo)
• [#1818] FAST: rename VPC-related files to net-* (sruffilli)
• [#1812] Stop wrapping yamldecode with try() (sruffilli)
• [#1810] FAST: Add access transparency logs to the default sinks (sruffilli)
• [#1809] FAST: Add VPC serverless connector NAT ranges to hierarchical fw (sruffilli)
• [#1811] FAST: removed references to kms_defaults (sruffilli)
• [#1802] Less verbose project factory stage outputs (ludoo)
• [#1797] Improve usage of optionals in FAST stage 2 VPN variables (ludoo)
• [#1788] FAST: adds support for wif provider pubkey (sruffilli)
• [#1782] Add upper cap to versions, update copyright notices (sruffilli)
• [#1780] Add sink for workspace logs to bootstrap stage (ludoo)
• [#1775] Add gcp org policy constraints file to bootstrap stage (ludoo)
• [#1773] Add service usage consumer role to IaC SAs, refactor delegated grants in FAST (ludoo)
• [#1765] Add support for dual stack and multiple forwarding rules to net-lb-int module (LucaPrete)
• [#1760] Add support for psa peered domains to fast stages (ludoo)
• [#1759] Minor edits to FAST network stage READMEs (ludoo)
• [#1743] Billing account module (ludoo)
• [#1735] Make deletion protection consistent across all modules (juliocc)
• [#1734] Update to lint.sh and wording to some tf (bluPhy)
• [#1733] Fix typo in FAST stage 2 README (bluPhy)

MODULES

• [#1884] Fix failing E2E tests for folders (wiktorn)
• [#1881] Support boot disk KMS key in GKE cluster modules (ludoo)
• [#1879] Output all neg ids in app lbs (juliocc)
• [#1878] Fix permissions assignments (flaprimo)
• [#1876] Examples and E2e testing for folder module (dibaskar-google)
• [#1869] added missing sql parameters (Francesco-cloud24)
• [#1868] Fix/dlpagent (ddaluka)
• [#1870] End to end tests for Cloud Run + permadiff fixes (wiktorn)
• [#1864] End to end tests for GCS (wiktorn)
• [#1860] Organization module end-to-end tests (wiktorn)
• [#1856] Sql user features (Francesco-cloud24)
• [#1858] Removed options that are not applicable to this load balancer (apichick)
• [#1739] Added CMEK for Secret auto managed (luigi-bitonti)
• [#1845] Extend cluster_autoscaling fields in gke-cluster-standard (anthonyhaussman)
• [#1848] Dataproc module bug fix (Francesco-cloud24)
• [#1847] Fix validation and dynamic block for optional gpu_driver (Gilfar)
• [#1846] Add support for IAM to vpc sc module (ludoo)
• [#1844] Allow disabling IAM for sink identity in resource manager modules (apichick)
• [#1841] Fix modules to support new Apigee X environment types (Teodelas)
• [#1842] Bump provider version to 5.4.0 (wiktorn)
• [#1823] Add end-to-end tests for project module (wiktorn)
• [#1837] Added envoy as SNI dynamic forward proxy to cloud-config-container (apichick)
• [#1839] Added create_before_destroy = true for self-managed certificates (apichick)
• [#1833] Net VPC Peering: added stack_type field (cmalpe)
• [#1826] Add public_access_prevention field to GCS module (devuonocar)
• [#1817] KMS module: Import job feature (cmalpe)
• [#1822] Billing budget factory (ludoo)
• [#1821] [net-address] enable ipv6 (LucaPrete)
• [#1820] Added iam_bindings and iam_bindings_additive to apigee module (apichick)
• [#1813] empty gpu sharing config fix (ewojtach)
• [#1815] Fix logic for default source range in firewall ingress rules (ludoo)
• [#1812] Stop wrapping yamldecode with try() (sruffilli)
• [#1750] AI models support (ewojtach)
• [#1798] Fix Apigee add-ons configuration (mwarm2)
• [#1808] Allow setting enable_private_nodes in GKE nodepool pod range (ludoo)
• [#1805] net-lb-ext: Add option to set IPv6 subnetwork for IPv6 external fw rules (LucaPrete)
• [#1804] compute-vm: remove old todo (LucaPrete)
• [#1803] use the repository format in the image_path output (Tutuchan)
• [#1801] Fix Internal App LB serverless NEG backend example (juliocc)
• [#1795] Allow users to optonally specify address names (LucaPrete)
• [#1792] Removed unnecessary try statements from apigee module outputs (apichick)
• [#1786] net-lb-ext: add support for multiple forwarding rules (IPs) and dual-stack (IPv4/IPv6) (LucaPrete)
• [#1782] Add upper cap to versions, update copyright notices (sruffilli)
• [#1774] Added ProtectedApplication feature to GKE Backup (luigi-bitonti)
• [#1775] Add gcp org policy constraints file to bootstrap stage (ludoo)
• [#1771] Fix resource manager tag bindings in compute-vm module (ludoo)
• [#1769] Remove incompatible balancing_mode (wiktorn)
• [#1765] Add support for dual stack and multiple forwarding rules to net-lb-int module (LucaPrete)
• [#1762] Make subnets depend on proxy only subnets (juliocc)
• [#1757] Add autoclass to GCS (jeroenmonteban)
• [#1756] Exposed stack_type variable in compute_vm module (luigi-bitonti)
• [#1743] Billing account module (ludoo)
• [#1752] Add outputs to BigQuery dataset module (devuonocar)
• [#1754] Fix typo in GKE nodepool taints (ludoo)
• [#1746] Module autopilot bug fixes (luigi-bitonti)
• [#1745] Add missing fields to Cloud Storage bucket (devuonocar)
• [#1744] Append "s" to pubsub backoff times (juliocc)
• [#1741] Add PSA peered domains support to net-vpc (juliocc)
• [#1737] Enforce mandatory types in all variables (juliocc)
• [#1732] Added FQDN Network Policy feature on GKE Cluster (luigi-bitonti)
• [#1735] Make deletion protection consistent across all modules (juliocc)
• [#1726] Add materialized views for bigquery (devuonocar)

TOOLS

• [#1863] End-to-end tests for Vertex blueprint (wiktorn)
• [#1860] Organization module end-to-end tests (wiktorn)
• [#1782] Add upper cap to versions, update copyright notices (sruffilli)
• [#1751] End-to-end tests for terraform modules (wiktorn)
• [#1737] Enforce mandatory types in all variables (juliocc)
• [#1734] Update to lint.sh and wording to some tf (bluPhy)