CHANGELOG.md

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

Extending the adopted spec, each change should have a link to its corresponding pull request appended.

17.0.0 (2024-09-10)

⚠ BREAKING CHANGES

• deletion_policy PREVENT as default (#940)
• TPG>=5.41: add deletion_policy (#938)

Features

• deletion_policy PREVENT as default (#940) (1c1e018)
• deps: Update Terraform Google Provider to v6 (major) (#933) (392453e)
• TPG>=5.41: add deletion_policy (#938) (b0ed8a5)

16.0.1 (2024-08-28)

Bug Fixes

• switch svpc access to explicit dep on service enablement (#934) (105be42)

16.0.0 (2024-08-14)

⚠ BREAKING CHANGES

• TPG>=5.33: add support for setting cloud armor tier of the project (#921)

Features

• TPG>=5.33: add support for setting cloud armor tier of the project (#921) (895b501)

Bug Fixes

• ignore changes on firebase label (#931) (e424a35)

15.0.1 (2024-05-17)

Bug Fixes

• core_project_factory: ignore if SA already exists (#910) (cfd7f3f)

15.0.0 (2024-05-02)

⚠ BREAKING CHANGES

• TPG >5.22: added vpc sc dry run mode option (#894)

Features

• TPG >5.22: added vpc sc dry run mode option (#894) (0cade7f)

14.5.0 (2024-03-01)

Features

• added networkconnectivity in shared VPC host access (#876) (0f12598)
• support optional tag binding (#885) (87648a1)

Bug Fixes

• make org id optional (#838) (8509793)
• shared_vpc_access - Grant notebooks.googleapi.com SA the networkUser role (#856) (661e916)

14.4.0 (2023-10-20)

Features

• add support for tpg v5 (#843) (4bbe4a0)

Bug Fixes

• lint for dev-tools and CI (#839) (50e4ea2)

14.3.0 (2023-07-27)

Features

• budget: Only read project data when budget will be created (#829) (ee3865b)

14.2.1 (2023-06-22)

Bug Fixes

• add service account access for gke in shared vpc (#822) (e133faf)

14.2.0 (2023-03-09)

Features

• added datastream support in shared_vpc_access module (#788) (a03c5e8)

Bug Fixes

• removes policy id env var from int build config (#791) (7e7c37d)
• workaround for import issue when SA is unknown (#795) (13ec49f)

14.1.0 (2022-11-17)

Features

• configure propagation time (time sleep) for inclusion of the created project in a VPC-SC perimeter (#766) (086210b)

14.0.0 (2022-08-30)

⚠ BREAKING CHANGES

• Increase to minimum TPG version 4.28 (#738)

Features

• add random_project_id_length (#735) (773ea4b)
• Add support for custom time periods in budget module (#738) (9273052)

13.1.0 (2022-08-17)

Features

• Add support to project cloud storage public access prevention (#740) (e9ba8a2)
• update test/setup to pfactory 13.0 (321bed2)

Bug Fixes

• add propagation to test/setup (#708) (321bed2)
• ensure test/setup/outputs.folder_id returns proper ID (#712) (8f72474)

13.0.0 (2022-04-12)

⚠ BREAKING CHANGES

• add upgrade guide, update provider constraints (#705)
• Add dimensions argument to consumer quota override (#683)
• replace grant_services_network_role with grant_network_role for networkUser role management (#697)

Features

• Add dimensions argument to consumer quota override (#683) (d1d7624)
• replace grant_services_network_role with grant_network_role for networkUser role management (#697) (d309270)
• setup-sa.sh use add-iam-policy-binding (#689) (616ede9)

Bug Fixes

• add upgrade guide, update provider constraints (#705) (644f596)
• update TPG version constraints to allow 4.0 and TF v0.13+ format (#700) (b66a080)
• use module release rather than repo head (#704) (522f3cc)
• VPC-SC SA destroy sequence with default SA (#691) (0e5420b)

12.0.0 (2022-03-02)

⚠ BREAKING CHANGES

• Budget module should support filtering on labels (#627)
• Minimum provider version increased to v4.5 (#627)

Features

• Add Essential Contacts support (#617) (f89e1a0)
• Budget module should support filtering on labels (#627) (44a9fec)
• expose spend_basis for budget alerts (#681) (ea3961c)

11.3.1 (2022-01-11)

Bug Fixes

• ConflictsWith in project org_id & folder_id (#676) (2e59c9a)
• grant roles/billing.viewer to the seed service account in helper. (#666) (e444e2a)
• Wrap budget_name output with length check (#673) (21871b2)

11.3.0 (2021-12-01)

Features

• add network service tier setting (#640) (f5cce9e)
• update TPG version constraints to allow 4.0 (#636) (dd9beb3)

11.2.3 (2021-10-20)

Bug Fixes

• Update required_providers in budget submodule (#631) (de67066)

11.2.2 (2021-10-13)

Bug Fixes

• Allow explicit provider configuration in module (#624) (621c527)
• billing_budget resource should use GA provider (#626) (b6d7bf1)
• Don't attempt to activate service identity for compute.googleapis.com (#628) (777092c)

11.2.1 (2021-09-23)

Bug Fixes

• plumb grant_services_network_role for root module (#619) (560396d)

11.2.0 (2021-09-23)

Features

• added the grant_services_network_role flag to control network IAM (#618) (f116dd5)
• Give VPC Access Agent Service Account for Cloud Run permissions on Shared VPC (#615) (87d2df0)

11.1.1 (2021-07-29)

Bug Fixes

• Added dependancies on Shared VPC attachment to work with VPC service controls (#608) (59b7b96)

11.1.0 (2021-07-01)

Features

• allow budget display name customization (#599) (f54adbf)

Bug Fixes

• Using project_id output is not forcing to wait for the fabric-project creation (#601) (551833a)

11.0.0 (2021-06-12)

⚠ BREAKING CHANGES

• Buckets now enable uniform bucket-level access by default. See the upgrade guide for details.

Features

• Add support for enforcing uniform IAM access to project GCS bucket (#585) (d9bd377)

Bug Fixes

• billing budget tests (#594) (64461a2)
• Increasing versions of null & random providers to support arm (#583) (28547ed)
• remove unused vars, add upgrade guide (#596) (e4c9b03)

10.3.2 (2021-04-05)

Bug Fixes

• Simplify project_id output in core_project_factory (#572) (1bde0af)

10.3.1 (2021-03-30)

Bug Fixes

• Add force_destroy option for included GCS bucket (#545) (1774999)
• Change quota manager submodule required versions to allow 0.14 (#569) (448456c)
• Replace "true"/"false" strings with bool values (#559) (2d082f3)

10.3.0 (2021-03-24)

Features

• Allow Cloud Composer environment on the shared vpc. (#566) (0b8509f)
• Allow customizing default service account name (#565) (020e308)
• Allow override of quotas on projects (#468) (045923d)

Bug Fixes

• Provide correct Cloud Composer roles for Shared VPC acces (#567) (1f3130f)

10.2.2 (2021-03-17)

Bug Fixes

• Enable configuring shared_vpc resources at folder level (#560) (d3fa559)

10.2.1 (2021-03-11)

Bug Fixes

• Add explicit depends_on for budget project data source (#556) (454076a)

10.2.0 (2021-03-04)

Features

• Expose service identity Service Account emails (#548) (62c168d)

Bug Fixes

• Change budget module to pass project numbers (#550) (5c715d8)

10.1.1 (2021-01-27)

Bug Fixes

• Additional roles should only granted for Shared VPC when attaching to a service project (#542) (99093de)

10.1.0 (2021-01-20)

Features

• Add labels support to projects bucket (#534) (67a0b04)
• expose grant_services_security_admin_role var (#536) (c41ba36)

Bug Fixes

• Make project service account creation optional (#528) (4350c5d)

10.0.1 (2020-12-16)

Bug Fixes

• Pass service project number for root module (#496) (#520) (29ff90f)

10.0.0 (2020-12-15)

⚠ BREAKING CHANGES

• Minimum Terraform version increased to 0.13.
• All null_resources for executing gcloud scripts have been removed. See the upgrade guide for details.
• Renamed the shared_vpc submodule to svpc_service_project. #517) (86819d7)

Features

• add TF 0.13 constraint and module attribution (#513) (f6df34c)
• support activate_api_identities in shared_vpc submodule (#509) (8c5698c)
• terraform: Add support Terraform 0.14 by bumping version constraint (#505) (8c01c41)

Bug Fixes

• Add billingbudgets.googleapis.com to precondition script. (#493) (f9b53c3)
• Add count variable to does not create the resource when value is keep (#498) (a3deaad)
• Add shared_vpc features back to rood module (#446) (0a6b9b9)
• All dependencies on gcloud have been removed. (#491) (5886a4e)
• readme link to svpc example (#515) (ce1d46e)
• Remove whitespace in test/setup-sa (#495) (6d90ff3)
• Support passing service project number to shared_vpc_access to be Terraform 0.13 compatible (#500) (825d07b)

9.2.0 (2020-10-16)

Features

• Add enable_shared_vpc_host_project to create project as shared VPC host project (#465) (3b269be)
• add apis related outputs to main module (#470) (abc507f)
• Add budget_monitoring_notification_channels to modules including budgets (#476) (d1665d1)
• Add impersonate_service_account to shared_vpc module to pass to core_project_factory (#477) (e9f0c8f)
• Removed preconditions script from Terraform execution (#478) (79f7c95)

Bug Fixes

• Fix Terraform 0.12+ warning on project_services (#467) (e223f77)
• Restore usage of var.enable_apis variable for project services submodule (#473) (05d1465)

9.1.0 (2020-09-23)

Features

• Add budget notification channel (#456) (9bc317e)
• Add Dataflow to Shared VPC API service accounts (#458) (0c5adf3)
• Add service identity provisioning support (#450) (3954a89)

Bug Fixes

• Restore shared VPC outputs (#441) (1b558f3), closes #438
• Upgrade gcloud module to 2.0.0 (#449) (099cdcc)

9.0.0 (2020-08-13)

⚠ BREAKING CHANGES

• This change requires that you use the shared_vpc submodule to manage service account access. See the upgrade guide for details.

Features

• Added shared_vpc_access submodule to enable GKE and Dataproc Service Account access. (#434) (f16fd05)

Bug Fixes

• Fix regression in shared VPC service account submodule (#438) (dd2dd99)
• relax version to allow 0.13 (#437) (9eb64e2)

8.1.0 (2020-07-22)

Features

• Add support for attaching projects to a VPC Service Controls perimeter (#428) (7ec34ef)
• Enable GCS bucket versioning (#431) (7a0d746)

Bug Fixes

• Add dependency on Shared VPC attachment (#432) (c954990)

8.0.2 (2020-07-01)

Bug Fixes

• Correct SA custom name flag check in setup, fixes #416 (#418) (9da8158)

8.0.1 (2020-05-05)

Bug Fixes

• Remove appengine.googleapis.com from required APIs (#390) (b995924)

8.0.0 (2020-04-21)

⚠ BREAKING CHANGES

• Using the gcloud module now requires curl to be installed. See the upgrade guide for details.

Bug Fixes

• Bump version of terraform-google-gcloud module to 1.0.0 (#399) (2889db1)

Miscellaneous Chores

• Add upgrade guide for v8.0 (#401) (dd1e204)

7.1.0 (2020-03-17)

Features

• Add option for skipping the gcloud CLI download (#393) (a534603)
• Add use_tf_var_google_credentials_env_var variable (#377) (64459de)

Bug Fixes

• Add dependency on service enablement. (#387) (d3bd3ee)

7.0.2 (2020-02-23)

Bug Fixes

• Issue with empty subnet defaults and Shared VPC (#382) (d31e068)

7.0.1 (2020-02-10)

Bug Fixes

• Allow 3.x provider version in fabric-project submodule. (#361) (2b32b68)
• Allow users to supply dynamically generated list of subnets (#362) (4f372dd)

7.0.0 - 2020-01-15

Fixed

• Added back on_failure = continue to precondition's local-exec #357

Added

• The optional budget_amount variable will create a budget on the new project. Separate submodule budget for additional options. #354

Changed

• BREAKING: Addition of google_billing_budget increases google provider minimum to >=3.1. #354

6.2.1 - 2019-12-18

Changed

• Changed required google provider version to >= 2.1, < 4.0 #350

6.2.0 - 2019-12-27

Added

• The pip_executable_path variable which can be altered to support execution in a Windows environment. #343
• The modify-service-account.sh steps are now executed in the context of the terraform-google-gcloud module so there is no longer a dependency on having gcloud installed on the host. #343

Fixed

• The precondition script is fixed and will run successfully. on_failure = "continue" was also removed to prevent silent failures. #343

6.1.0 - 2019-12-18

Added

• The python_interpreter_path variable which can be altered to support execution in a Windows environment. #265
• Support for importing existing projects. #138

Changed

• When deleting a service account, deprivilege first to remove IAM binding #341
• The preconditions script checks for the existence of gcloud. #331
• The service account setup script only requests the specified project. #338

Fixed

• Fixed typo in default_service_account variable's default value from depriviledge to deprivilege. #345
• The feature_settings variable on the app_engine submodule has a valid default. #324

6.0.0 - 2019-11-26

6.0.0 is a backwards incompatible release. See the upgrade guide for details.

Added

• Option to disable the default compute service account. #313

Changed

• Breaking: Default for default compute service account changed to disable from delete. #313

Fixed

• Fixed an issue with passing an empty list to activate_apis. #300
• Fixed issues with running project factory requiring org-level permissions. #320

5.0.0 - 2019-11-04

5.0.0 is a backwards incompatible release for modules/fabric-project. See the upgrade guide for details.

Fixed

• Manage service activation in modules/fabric-project with a resource instead of relying on modules/project-services, so that output dependency on services works again. Fixes #308. #309

4.0.1 - 2019-10-30

Fixed

• Add G Suite group name output in G Suite modules. #288
• Fix issue with dynamic API activation. #303

4.0.0 - 2019-10-21

4.0.0 is a major backwards incompatible release. See the upgrade guide for details.

Fixed

• Allow impersonating service accounts in G Suite submodule. #285
• Breaking: Updated service activation to use for_each to enable reordering of services safely. #282

3.3.1 - 2019-10-08

Fixed

• Make the custom_roles output in modules/fabric-project v0.12 compliant. #268

3.3.0 - 2019-09-18

Fixed

• Allow creation of project_bucket within the project we are creating. #261

3.2.0 - 2019-08-14

Added

• Added a shared_vpc submodule which enables the Shared VPC project ID to be a computed value. #257

Changed

• Replace 'parent_type' and 'parent_id' input variables with single parent variable for fabric submodule. #259

3.1.0 - 2019-08-12

Added

• Adding support for service account impersonation and short lived tokens. #246

3.0.0 - 2019-07-12

Added

• Automatic installation of preconditions.py requirements. #239

Changed

• The supported version of Terraform is 0.12. #237

Fixed

• Documentation for setup-sa.sh. #230
• project_idoutput depends on project_services_authority. #234

2.4.1 - 2019-06-21

Fixed

• Propagation of apis_authority variable. #233

2.4.0 - 2019-06-12

Added

• Cloud Services service account output on Fabric submodule. #223

2.3.1 - 2019-05-31

Fixed

• Preconditions script handles projects with a large number of enabled APIs. #220

2.3.0 - 2019-05-28

Added

• Feature that toggles authoritative management of project services. #213
• Option that provides ability to choose the region of the bucket #207
• Added option to deprivilege or keep default compute service account. #186

Fixed

• credentials_path is no longer be required for gsuite_enabled module. #205
• Dependencies on gcloud and jq are documented. #203
• The preconditions script accepts personal credentials. #212

2.2.1 - 2019-05-15

Fixed

• Add Fabric submodule for simple project creation. #201
• Fix module and tests in minimal test suite (group_email). #200
• Versions of providers has been fixed for examples/shared_vpc. #198
• GCP subnet share conditions not working correctly. #194

2.2.0 - 2019-05-03

Added

• The ability to change bucket location. #170
• The argument disable_dependent_services and corresponding variable. #188

2.1.3 - 2019-04-03

Fixed

• Unconditional check for optional resourcemanager.organization.get permission in preconditions script. #178
• The project_id output depends on project service activation. #180

2.1.2 - 2019-04-01

Fixed

• Error when verifying billing account permissions #175

2.1.1 - 2019-03-25

Fixed

• Removed requirement of roles/resourcemanager.organizationViewer when var.domain is provided. #172

2.1.0 - 2019-03-11

ADDED

• The optional project_id variable enables a disconnect between the project name and the project ID. #154

FIXED

• Shared VPC IAM bindings. #164

2.0.0 - 2019-03-05

2.0.0 is a major backwards incompatible release. See the upgrade guide for details.

ADDED

• Added separate App Engine module. #144
• Support for v2.X of the Google provider and the Google Beta provider.

REMOVED

• Removed app_engine argument (config block).

1.2.0 - 2019-03-05

CHANGED

• The credentials_path variable is now optional; Application Default Credentials may be used instead. #58

1.1.2 - 2019-03-01

FIXED

• Stabilized terraform plan to prevent the default service account resource from being recreated each time. #153

1.1.1 - 2019-02-25

FIXED

• Drop dependency on gsuite provider from core module. #147

1.1.0 - 2019-02-22

ADDED

• Preconditions script checks billing account format. #117
• Add project_services submodule. #133

FIXED

• Fix race conditions when creating a new G Suite Group. #141
• Drop unnecessary permissions checks in preconditions script. #143
• Support numeric folder_id and folders/folder_id in preconditions script. #143

1.0.2 - 2019-01-23

FIXED

• Fixed deprecation notice for google-beta provider in core_project_factory module. #104

1.0.1 - 2019-01-22

FIXED

• Replaced missing forward of var.disable_services_on_destroy from root module to core_project_factory module. #125

1.0.0 - 2019-01-18

1.0.0 is a major backwards incompatible release. See the upgrade guide for details.

ADDED

• Support for disable_services_on_destroy flag to leave service active on delete. #91

CHANGED

• Refactored project factory to eliminate the dependenency on the G Suite provider for all projects. #94

0.3.0 - 2018-12-27

ADDED

• Implement billing account role. #53
• Remove CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE. #34
• Lien support. #64

FIXED

• Fix/refactor helpers/init_debian.sh. #69

0.2.1 - 2018-10-10

ADDED

• Explicit dependency on google_project_service. #42

0.2.0 - 2018-09-06

ADDED

• Make IAM bindings non-authoritative. #17

0.1.0

ADDED

• This is the initial release of the Project Factory Module.