v4.0.0

4.0.0 (2024-01-10)

⚠ BREAKING CHANGES

• Add support for Log Analytics and Remove BigQuery log destination (#1025)
• Enable CMEK for Terraform state buckets (#1030)
• Network Refactoring (#991)
• deps: update terraform terraform-google-modules/network/google to v7 (#956)

Features

• add assured workload example (#934) (be568ab)
• add instructions for deployment using GitHub Actions (#955) (56450bd)
• add instructions for deployment using GitLab pipelines (#1047) (0805878)
• add support for fine grained configuration of VPC-flow logs (#1035) (ee3a1d8)
• Add support for Log Analytics and Remove BigQuery log destination (#1025) (25c61c4)
• Add support to proxy-only subnetworks and new IP CIDR allocation (#1040) (79b217e)
• CAI Monitoring Cloud Function (#1015) (141f067)
• change budget alerts to alarm by forecast (#1037) (8a4c106)
• Change old firewall to new network-firewall (#1041) (f2469c1)
• create projects for KMS resources (#1032) (f16e805)
• create subfolders for business units in 4-projects step (#1039) (06084be)
• deps: Expand Terraform Google Provider to v5 (major) (#1004) (511f5cb)
• deps: Update Terraform google to v5 (#1059) (87f3832)
• Enable CMEK for Terraform state buckets (#1030) (63906d8)
• Firewall policy rule with resource manager tag (#1005) (a92e31b)
• implementing terraform cloud deploy with agents (#1034) (2c96a2f)
• make sed and find commands portable between Linux (GNU) and Mac OS (BSD) (#1043) (62e8c23)
• Network Refactoring (#991) (5f698ed)
• Remove "compute.disableGuestAttributesAccess" org policy (#1019) (9fac80f)
• update tf-wrapper.sh script to deal with generic folder hierarchy (#992) (4d7e822)

Bug Fixes

• add cloud build bucket location (#921) (cf3f117)
• add VPC Flow logs exceptions for REGIONAL_MANAGED_PROXY and INTERNAL_HTTPS_LOAD_BALANCER (#976) (dd4ff91)
• alternative deployment methods minor issues fix (#1065) (e09d174)
• change priority of 'allow-google-apis' firewall rules to prevent collision with the deny all rule (#972) (7205518)
• CI: bump request_timeout for 1-org (#1070) (336487b)
• correct terraform required_version for optional (#1003) (5ef089c)
• deps: update terraform terraform-google-modules/network/google to v7 (#956) (2f54ad6)
• Fix missing Terraform module attribution (#973) (d1d2973)
• replace text example of private key with an image in the jenkins readme (#1027) (325785c)
• set the build timeout for the build that creates the Terraform and gcloud image to 20 minutes (#1071) (7f5ce28)

v3.0.0

3.0.0 (2022-12-16)

⚠ BREAKING CHANGES

• use random_project_id_length (#891)
• remove unused variables in network-dual-svpc/shared (#853)
• bump min TF version to 1.3.0 and use optionals (#831)
• use remote state to read data from previous steps (#782)
• Configure bring your own service account in bootstrap (#777)
• add granular service accounts (#724)
• deps: update terraform null to v3 (#750)
• use branch main for the gcp-policies repository and use controller for Jenkins master (#738)
• split network step (#735)

Features

• add granular service accounts (#724) (4c84d80)
• add optional groups creation (#757) (5d9f867)
• Add support for new organization policies (#863) (9c17c13)
• Add support for tags (#829) (a0604b3)
• Bring your on Service Account for the App Infra Pipeline (#824) (0d6be42)
• bump min TF version to 1.3.0 and use optionals (#831) (6207113)
• Configure bring your own service account in bootstrap (#777) (015fe3d)
• Create a workspace for 0-bootstrap (#866) (6e9c575)
• Create base environment module for step 4-projects (#669) (7a533bf)
• default configuration for VPC-SC should have all supported services (#864) (a496744)
• deps: update terraform null to v3 (#750) (b2e8bfc)
• Enable Essential Contacts (#783) (86fcb2a)
• Feature/private service connect module (#722) (b3b9145)
• ingress egress support for vpc sc (#784) (c6f12e2)
• Inline App Infra Pipeline sa_roles (#867) (33a6619)
• Modularize logging components (#781) (a1d636e)
• new org policies (#791) (878da45)
• Refactor/centralized network variable (#665) (cdb97bf)
• remove default SA editor role from Seed and CICD projects (#896) (465d3dd)
• Remove redundant optional firewall rules (#647) (6e17729)
• split network step (#735) (512430b)
• update 3-networks to support TPG 4 and other updates (#733) (d940f6e)
• update document and script to use gcloud beta terraform vet (#729) (d1a56d4)
• use branch main for the gcp-policies repository and use controller for Jenkins master (#738) (afc9d71)
• Use Cloud build private pools (#868) (ca06365)
• use random_project_id_length (dd063aa)
• use random_project_id_length (#891) (dd063aa)
• use remote state to read data from previous steps (#782) (a761a99)
• validate requirements script (#765) (84bbd25)

Bug Fixes

• add a chmod command for project infra pipeline runners(#657) (2730050)
• add note about updating transitivity firewall rules in the Hub and Spoke network mode (#906) (4211162)
• add onprem_dc variable and add missing routers in hub and spoke base and restricted modules (#912) ([83cf3...

terraform-example-foundation v2.3.1

Bug Fixes

• upgrade cloud router module version (#559) (b67e62a)

terraform-example-foundation v2.3.0

Features

• replace scc gcloud provisioner with native resource (#514) (d2cdfb6)

terraform-example-foundation v2.2.0

Features

• Add permissions for SFB recommended groups (#446) (a18b203)

Bug Fixes

• added link to FAQ in 1-org (#497) (a266e02)
• Update project-factory module to 10.1 (#499) (f46e2e8)

v2.1.2

2.1.2 (2021-07-14)

Bug Fixes

• added link to FAQ in 1-org (#497) (a266e02)
• Update project-factory module to 10.1 (#499) (f46e2e8)

terraform-example-foundation v2.1.1

Bug Fixes

• add browser role to cloud build sa for provided folders (#484) (b3996e2)
• upgrade terraform to 0.13.7 (#490) (a9150a7)

terraform-example-foundation v2.1.0

Features

• add DNS zone for artifact registry (#480) (7e9f496)

Bug Fixes

• Update bootstrap README.md steps & terraform.example.tfvars (#470) (86c2547)

v2.0.1

2.0.1 (2021-05-03)

Bug Fixes

• Update bootstrap README.md steps & terraform.example.tfvars (#470) (86c2547)

terraform-example-foundation v2.0.0

Features

• 4-projects GCS CMEK example (#346) (d74ff33)
• add FAQ, Glossary & Troubleshooting docs (#466) (57643a6)
• Add GAR in infra pipelines and tests (#395) (2a2e4fe)
• Add hub and spoke network architecture (#298) (d9468db)
• add iam.automaticIamGrantsForDefaultServiceAccounts org policy constraint (#386) (f6b0387)
• Add log export GCS bucket object versioning (#317) (cb0e622)
• add Shielded VMs & OS Login org policies (#283) (07a201e)
• Add step 5-app-infra (#382) (fd5329c)
• add support for hierarchical firewall policies (#343) (e7bb1bc)
• Add terraform validator and add policy-library (#263) (f220588)
• Adds prefix to projects and folder name (#289) (66dacf2)
• App Infra pipelines (#337) (c3b19e8)
• enable hub & spoke transitivity via gateway VMs (#322) (f6cd9ad)
• example-foundations test modes (#309) (34a6d75)
• implement support for Partner Interconnect (#345) (70501ec)
• Make BigQuery log destinations partitioned (#277) (f40c5fe)
• Move Cloud Source Repo definition to variable. (#302) (48037c9)
• Replace container registry with artifact registry in CloudBuild (#367) (6b6469b)
• Update terraform-validator version, instructions and CMEK bucket (#397) (8f7c58e)
• updates to support TF 0.13 (#268) (c5c6c6c)

Bug Fixes

• 1-org README.md add setting up Security Command Center to Prerequisites (#467) (ee04cb5)
• add bucket prefix for bootstrap (#407) (03bd05a)
• add cloudbuild api to seed proj (#358) (1fda12b)
• add CMEK project name prefix and root readme project names (#414) (141c059)
• add impersonate to gcloud builds submit command in infra-pipeline module (#458) (1d3fbf8)
• add infra pipeline CB SA role test (#450) (e30fe8c)
• add missing google apis to policy constraint (#370) (2ac0466)
• Add missing symlink in shared network env (#328) (48c2318)
• add network fixture prepare to lint test (#323) (c120d55)
• add standalone repo for terraform-validator policies (#403) (b170478)
• Adding KMS API in bootstrap project (#385) (39b8da3)
• Bugfix/fix 4-projects issues (#374) (f5f5224)
• clone policies repo once per build (#329) (3e95111)
• default sa deprivilege (ea5fcc2)
• Documentation fixes (#327) (ce610d0)
• Documentation language inconsistencies, typos and tests (#419) ([71b633f](https://www.github.com/terraform-google-modules/terraform-example-foundation/commit/71b633f...