v16.0.0

In this release

• add support for Spot VMs to gke-nodepool module
• incompatible change add support for Spot VMs to compute-vm module
• SQL Server AlwaysOn availability groups example
• fixed Terraform change detection in CloudSQL when backup is disabled
• allow multiple CIDR blocks in the ip_range for Apigee Instance
• add prefix to project factory SA bindings
• incompatible change subnets_l7ilb variable is deprecated in the net-vpc module, instead subnets_proxy_only variable should be used
• add support for Private Service Connect and Proxy-only subnets to net-vpc module
• bump Google provider versions to >= 4.17.0
• bump Terraform version to >= 1.1.0
• add shielded_instance_config support for instance template on compute-vm module
• add support for gke_backup_agent_config to GKE module addons
• add support for subscription filters to PubSub module
• refactor Hub and Spoke with VPN example
• fix tfdoc parsing on newllines in outputs
• fix subnet factory example in vpc module README
• fix condition in subnet factory flow logs
• added new example on GLB and Cloud Armor
• revamped and expanded Contributing Guide

FAST

• add support for Workload Identity Federation and CI/CD repositories
• simplify VPN tunnel configuration in the Hub and Spoke VPN network stage
• fix subnet YAML schema

v15.0.0

In this release:

• incompatible change the variable for PSA ranges in the net-vpc module has changed to support configuring peering routes
• fix permadiff in net-vpc-firewall module rules
• new gke-hub module
• new unmanaged-instances-healthcheck example
• add support for IAM to data-catalog-policy-tag module
• add support for IAM additive to folder module, fixes #580
• optionally turn off gcplogs driver in COS modules
• fix tag output on data-catalog-policy-tag module
• add shared-vpc support on gcs-to-bq-with-least-privileges
• new net-ilb-l7 module

FAST

• new 02-networking-peering networking stage
• incompatible change the variable for PSA ranges in networking stages have changed

v14.0.0

• incompatible change removed iam key from logging sink configuration in the project and organization modules
• remove GCS to BQ with Dataflow example, replace by GCS to BQ with least privileges
• the net-vpc and project modules now use the beta provider for shared VPC-related resources
• new iot-core module
• incompatible change the variables for host and service Shared VPCs have changed in the project module
• incompatible change the variable for service identities IAM has changed in the project factory
• add data-catalog-policy-tag module
• new workload identity federetion example
• new api-gateway module and example.
• incompatible change the psn_ranges variable has been renamed to psa_ranges in the net-vpc module and its type changed from list(string) to map(string)
• incompatible change removed iam flag for organization and folder level sinks
• incompatible change removed ingress_settings configuration option in the cloud-functions module.
• new m4ce VM example
• Support for resource management tags in the organization, folder, project, compute-vm, and kms modules

FAST

• new data platform stage 3
• new 02-networking-nva networking stage
• allow customizing the names of custom roles
• added environment and context resource management tags
• use resource management tags to restrict scope of roles/orgpolicy.policyAdmin
• use xpnServiceAdmin (custom role) for stage 3 service accounts that need to attach to a shared VPC
• simplify and standarize ourputs from each stage
• standarize names of projects, service accounts and buckets
• swtich to folder-level xpnAdmin and xpnServiceAdmin
• moved networking projects to folder matching their enviroments

New Contributors

• @eliamaldini made their first contribution in #413
• @srs2210 made their first contribution in #485
• @ajlopezn made their first contribution in #415
• @eeaton made their first contribution in #527
• @jwtracy made their first contribution in #555

Full Changelog: v13.0.0...v14.0.0

v13.0.0

In this release

• initial Fabric Fast implementation
• new net-glb module for Global External Load balancer
• new project-factory module in examples/factories
• add missing service identity accounts (artifactregistry, composer) in project module
• new "Cloud Storage to Bigquery with Cloud Dataflow with least privileges" example
• support service dependencies for crypto key bindings in project module
• refactor project module in multiple files
• add support for per-file option overrides to tfdoc

v12.0.0

• new repo structure. All end-to-end examples moved to the top level examples folder

Full Changelog: v11.2.0...v12.0.0

v11.2.0

• fix net-vpc subnet factory bug preventing the use of yamls with different shapes

Full Changelog: v11.1.0...v11.2.0

v11.1.0

In this release

• add support for additive IAM bindings to kms module

v11.0.0

In this release:

• incompatible change remove location from gcs bucket names
• add support for interpolating access levels based on keys to the vpc-sc module

v10.0.1

In this release

• remove lifecycle block from vpc sc perimeter resources

v10.0.0

In this release

• fix cases where bridge perimeter status resources are null in vpc-sc module
• re-release 9.0.3 as a major release as it contains breaking changes
  • update hierarchical firewall resources to use the newer google_compute_firewall_* resources
  • incompatible change rename firewall_policy_attachments to firewall_policy_association in the organization and folder modules
  • incompatible change updated API for the net-vpc-sc module