Releases: anyscale/terraform-google-anyscale-cloudfoundation-modules
v0.14.2
🐛 Bug Fixes
fix: VPC Firewall for Proxy-Only Subnet @brent-anyscale (#29)
fix: VPC Proxy Subnet Firewall Rule
When the VPC Proxy Subnet was not in the same CIDR range
as the rest of the VPC, the firewall rule was not being
correctly configured for the proxy subnet. This change
fixes the firewall rule to allow traffic from the proxy
subnet to the rest of the VPC and provides a test in the
examples/anyscale-v2-privatenetwork folder.
On branch brent/vpc-fixfirewall
Changes to be committed:
modified: README.md
modified: examples/anyscale-v2-privatenetwork/README.md
modified: examples/anyscale-v2-privatenetwork/main.tf
modified: main.tf
Pull request checklist
Please check if your PR fulfills the following requirements:
- pre-commit has been run
- Tests for the changes have been added (for bug fixes / features)
- All tests passing
- Docs have been reviewed and added / updated if needed (for bug fixes / features)
Pull Request Type
- Bugfix
- New feature
- Refactoring (no functional changes)
- Documentation change
- Other (please describe):
Does this introduce a breaking change?
- Yes
- No
Contributors
Assets 2
v0.14.1
🐛 Bug Fixes
iam: add storage.objects.list to control plane role @hongchaodeng (#28)
The Workspace dependencies tab requires storage.objects.list permissions. Otherwise it is failing with error:
{
"error": {
"detail": "Internal Server Error, 403 GET ... does not have storage.objects.list access to the Google Cloud Storage bucket. Permission 'storage.objects.list' denied on resource (or it may not exist).",
"body": "Forbidden(\"GET ... does not have storage.objects.list access to the Google Cloud Storage bucket. Permission 'storage.objects.list' denied on resource (or it may not exist).\")",
"message": "Internal Server Error, 403 GET ... does not have storage.objects.list access to the Google Cloud Storage bucket. Permission 'storage.objects.list' denied on resource (or it may not exist)."
}
}
Contributors
Assets 2
v0.14.0
🚀 Enhancements
IAM change *_iam_binding to *_iam_members @hongchaodeng (#27)
fix #26
The current use of *_iam_binding resources is authoritative. It doesn't allow users to add or update members.
We change to use *_iam_members which is non-authoritative. This will be more flexbible and easier to integrate for our users.
Pull request checklist
Please check if your PR fulfills the following requirements:
- pre-commit has been run
- Tests for the changes have been added (for bug fixes / features)
- All tests passing
- Docs have been reviewed and added / updated if needed (for bug fixes / features)
Pull Request Type
- Bugfix
- New feature
- Refactoring (no functional changes)
- Documentation change
- Other (please describe):
Does this introduce a breaking change?
- Yes
- No
Contributors
Assets 2
v0.13.1
🐛 Bug Fixes
fix: VPC NAT Port Range min/max values @brent-anyscale (#24)
Update to VPC NAT Configuration if using Private Networking. GCP Dynamic Port Allocation causes problems with advanced Anyscale Network cluster startup processes. Disabling Dynamic Port Allocation and manually setting min/max ports per VM solves this. Added two new variables to the google-anyscale-vpc sub-module to support this configuration. Changed the minimum ports per VM to 32 from 64.
Fixes #23
On branch brent/vpc-natport
Changes to be committed:
modified: CHANGELOG.md
modified: modules/google-anyscale-vpc/README.md
modified: modules/google-anyscale-vpc/nat.tf
modified: modules/google-anyscale-vpc/variables.tf
Pull request checklist
Please check if your PR fulfills the following requirements:
- pre-commit has been run
- Tests for the changes have been added (for bug fixes / features)
- All tests passing
- Docs have been reviewed and added / updated if needed (for bug fixes / features)
Pull Request Type
- Bugfix
- New feature
- Refactoring (no functional changes)
- Documentation change
- Other (please describe):
Does this introduce a breaking change?
- Yes
- No
Contributors
Assets 2
v0.13.0
🚀 Enhancements
feat: Add logging sink module @brent-anyscale (#22)
Add a module for managing the _Default logging sink in Google Cloud Logging. The default configuration for Google Cloud Logging is to enable syslog for all compute instances. This can cause a high volume of logs leading to unexpected costs. This optional module allows you to disable that behavior.
Additional updates include changes to the pre-commit configuration to the latest version, updates to tflint to the latest version, cleanups for the trivy linter, and updates to readme's and changelog.
On branch brent/logging-sink
Changes to be committed:
modified: .pre-commit-config.yaml
modified: .tflint.hcl
modified: CHANGELOG.md
modified: README.md
modified: examples/anyscale-v2-commonname/main.tf
modified: main.tf
modified: modules/google-anyscale-cloudstorage/main.tf
new file: modules/google-anyscale-loggingsink/README.md
new file: modules/google-anyscale-loggingsink/data.tf
new file: modules/google-anyscale-loggingsink/main.tf
new file: modules/google-anyscale-loggingsink/outputs.tf
new file: modules/google-anyscale-loggingsink/variables.tf
new file: modules/google-anyscale-loggingsink/versions.tf
modified: variables.tf
Pull request checklist
Please check if your PR fulfills the following requirements:
- pre-commit has been run
- Tests for the changes have been added (for bug fixes / features)
- All tests passing
- Docs have been reviewed and added / updated if needed (for bug fixes / features)
Pull Request Type
- Bugfix
- New feature
- Refactoring (no functional changes)
- Documentation change
- Other (please describe):
Does this introduce a breaking change?
- Yes
- No
Contributors
Assets 2
v0.12.1
🐛 Bug Fixes
fix: IAM Role for Anyscale - logging support @brent-anyscale (#21)
The new logging functionality from Anyscale requires storage.objects.get for the cross account role.
Pull request checklist
Please check if your PR fulfills the following requirements:
- pre-commit has been run
- Tests for the changes have been added (for bug fixes / features)
- All tests passing
- Docs have been reviewed and added / updated if needed (for bug fixes / features)
Pull Request Type
- Bugfix
- New feature
- Refactoring (no functional changes)
- Documentation change
- Other (please describe):
Does this introduce a breaking change?
- Yes
- No
Other information
Contributors
Assets 2
v0.12.0
🚀 Enhancements
feat: Update to TF GCP Provider v5 @brent-anyscale (#20)
This pull request updates the GCP Terraform Provider to version 5.
Additionally, updates have been made to the VPC Submodule and VPC Firewall Submodule to accommodate changes in the GCP APIs. Lastly, this includes a fix that ensures that changes to parameters passed into the root module do not trigger the recreation of unrelated resources.
BUG FIXES:
- VPC Submodule
- Proxy Subnet fix for change to GCP APIs related to IPv6 - GCP released a change and with v5 of the GCP Terraform Provider, the IPv6 parameter for Proxy Only Subnets is not suported/required.
- Subnet Names are now managed by the root module
- The previous behavior was causing the replacement of Subnets on any parameter change to the root module.
- VPC Firewall Submodule
- Update to use VPC ID for attachment instead of dynamically identifying from the name. - The previous behavior was causing the replacement of the VPC Firewall on any parameter change to the root module.
OTHER CHANGES:
- Change from tfsec to trivy for pre-commit
- TFLint updated for GCP Ruleset
- General updates/fixes for all tests in submodule examples for VPC Firewall and CloudStorage
- pre-commit updates to the latest revisions
modified: .pre-commit-config.yaml
modified: .tflint.hcl
modified: CHANGELOG.md
modified: README.md
modified: examples/anyscale-v2-commonname/README.md
modified: examples/anyscale-v2-commonname/main.tf
modified: examples/anyscale-v2-commonname/outputs.tf
modified: examples/anyscale-v2-commonname/versions.tf
modified: examples/anyscale-v2-existingidentityfederation/README.md
modified: examples/anyscale-v2-existingidentityfederation/versions.tf
modified: examples/anyscale-v2-existingproject/README.md
modified: examples/anyscale-v2-existingproject/versions.tf
modified: examples/anyscale-v2-kitchensink/README.md
modified: examples/anyscale-v2-kitchensink/versions.tf
modified: examples/anyscale-v2-privatenetwork/README.md
modified: examples/anyscale-v2-privatenetwork/versions.tf
modified: examples/anyscale-v2-vpc-shared/README.md
modified: examples/anyscale-v2-vpc-shared/versions.tf
modified: examples/anyscale-v2/README.md
modified: examples/anyscale-v2/versions.tf
modified: main.tf
modified: modules/google-anyscale-cloudapis/README.md
modified: modules/google-anyscale-cloudapis/examples/README.md
modified: modules/google-anyscale-cloudapis/examples/versions.tf
modified: modules/google-anyscale-cloudapis/main.tf
modified: modules/google-anyscale-cloudapis/variables.tf
modified: modules/google-anyscale-cloudapis/versions.tf
modified: modules/google-anyscale-cloudstorage/README.md
modified: modules/google-anyscale-cloudstorage/examples/README.md
modified: modules/google-anyscale-cloudstorage/examples/main.tf
modified: modules/google-anyscale-cloudstorage/examples/versions.tf
modified: modules/google-anyscale-cloudstorage/versions.tf
modified: modules/google-anyscale-filestore/README.md
modified: modules/google-anyscale-filestore/examples/README.md
modified: modules/google-anyscale-filestore/examples/versions.tf
modified: modules/google-anyscale-filestore/versions.tf
modified: modules/google-anyscale-iam/README.md
modified: modules/google-anyscale-iam/examples/README.md
modified: modules/google-anyscale-iam/examples/versions.tf
modified: modules/google-anyscale-iam/versions.tf
modified: modules/google-anyscale-memorystore/README.md
modified: modules/google-anyscale-memorystore/examples/README.md
modified: modules/google-anyscale-memorystore/examples/versions.tf
modified: modules/google-anyscale-memorystore/versions.tf
modified: modules/google-anyscale-project/README.md
modified: modules/google-anyscale-project/examples/README.md
modified: modules/google-anyscale-project/examples/versions.tf
modified: modules/google-anyscale-project/versions.tf
modified: modules/google-anyscale-vpc-firewall/README.md
deleted: modules/google-anyscale-vpc-firewall/data.tf
modified: modules/google-anyscale-vpc-firewall/examples/README.md
modified: modules/google-anyscale-vpc-firewall/examples/main.tf
modified: modules/google-anyscale-vpc-firewall/examples/versions.tf
modified: modules/google-anyscale-vpc-firewall/main.tf
modified: modules/google-anyscale-vpc-firewall/variables.tf
modified: modules/google-anyscale-vpc-firewall/versions.tf
modified: modules/google-anyscale-vpc/README.md
modified: modules/google-anyscale-vpc/examples/README.md
modified: modules/google-anyscale-vpc/examples/versions.tf
modified: modules/google-anyscale-vpc/main.tf
modified: modules/google-anyscale-vpc/private-subnet.tf
modified: modules/google-anyscale-vpc/proxy-subnet.tf
modified: modules/google-anyscale-vpc/public-subnet.tf
modified: modules/google-anyscale-vpc/versions.tf
modified: test/anyscale-v2-e2e-private-test/versions.tf
modified: test/anyscale-v2-e2e-public-test/versions.tf
modified: test/requirements.txt
modified: test/test_cloud_register_manual.py
modified: variables.tf
modified: versions.tf
Pull request checklist
Please check if your PR fulfills the following requirements:
- pre-commit has been run
- Tests for the changes have been added (for bug fixes / features)
- All tests passing
- Docs have been reviewed and added / updated if needed (for bug fixes / features)
Pull Request Type
- Bugfix
- New feature
- Refactoring (no functional changes)
- Documentation change
- Other (please describe):
Contributors
Assets 2
v0.11.0
🚀 Enhancements
feat: update cors rules in google-anyscale-cloudstorage module @brent-anyscale (#19)
With some upcoming changes to the front-end, Anyscale has additional
changes for the CORS rules for the Google Cloud Storage bucket.
On branch brent/update-cors
Changes to be committed:
modified: modules/google-anyscale-cloudstorage/README.md
modified: modules/google-anyscale-cloudstorage/variables.tf
modified: README.md
modified: test/anyscale-v2-e2e-public-test/main.tf
modified: variables.tf
Pull request checklist
Please check if your PR fulfills the following requirements:
- pre-commit has been run
- Tests for the changes have been added (for bug fixes / features)
- All tests passing
- Docs have been reviewed and added / updated if needed (for bug fixes / features)
Pull Request Type
- Bugfix
- New feature
- Refactoring (no functional changes)
- Documentation change
- Other (please describe):
Does this introduce a breaking change?
- Yes
- No
Contributors
Assets 2
v0.10.0
🚀 Enhancements
BREAKING CHANGE
This commit introduces new features to support Shared VPCs on GCP. GCP Shared VPCs are a way to share a VPC network across multiple Projects. You can see an example of this in the anyscale-v2-vpc-shared example folder.
It also introduces a minimally scoped IAM Role for GCP to support Anyscale. With this change, the IAM submodule is refactored to better align with GCP names for IAM related resources. This change is a breaking change and should NOT be used to upgrade existing resources. It is recommended to create a new Anyscale Cloud and migrate your resources to the new Cloud.
There are additional fixes and improvements to the Firewall module, allowing traffic from the GCP Health Monitoring CIDR ranges.
Additional updates to pre-commit-config, tflint, and other cleanup to examples.
This update refactors the IAM submodule and should not be used for upgrading existing resources. IAM Service Accounts will be replaced which is not a supported entity to "edit" in an Anyscale Cloud. If you need to upgrade, please create a new Anyscale Cloud with these resources and then migrate your workloads between the clouds.
Pull request checklist
Please check if your PR fulfills the following requirements:
- pre-commit has been run
- Tests for the changes have been added (for bug fixes / features)
- All tests passing
- Docs have been reviewed and added / updated if needed (for bug fixes / features)
Pull Request Type
- Bugfix
- New feature
- Refactoring (no functional changes)
- Documentation change
- Other (please describe):
Does this introduce a breaking change?
- Yes
- No
Contributors
Assets 2
v0.9.0
🚀 Enhancements
feat: Add support for existing identity federation @brent-anyscale (#16)
This commit adds support for existing Workload Identity Federation. This is done by adding a new variable to the module, existing_workload_identity_provider_name and some additional changes to the IAM submodule.
A new example has also been provided to demonstrate the usage of this new feature. Please be aware that you are responsible for creating the Workload Identity Federation pool and provider if using this new example. You can read more about those requirements in the Anyscale Documentation.
Additional updates include:
- Update to E2E test
Pull request checklist
Please check if your PR fulfills the following requirements:
- pre-commit has been run
- Tests for the changes have been added (for bug fixes / features)
- All tests passing
- Docs have been reviewed and added / updated if needed (for bug fixes / features)
Pull Request Type
- Bugfix
- New feature
- Refactoring (no functional changes)
- Documentation change
- Other (please describe):
Does this introduce a breaking change?
- Yes
- No