[FORSETI RELEASE] Update Forseti version to v2.23.1 (#476)

* Patch release v2.23.1 * Fix bigquery and Google provider issue for the 5.0.1 patch * Updated version to v2.23.1 * Set version constraint for google provider on the install simple example * Fix typos * Pinned helm provider version to 0.10.* Co-authored-by: Gregg Kowalski <[email protected]>
forseti-security · Feb 11, 2020 · cf5e3ff · cf5e3ff
1 parent 041cc03
commit cf5e3ff
Show file tree

Hide file tree

Showing 21 changed files with 49 additions and 21 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,6 +6,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 Extending the adopted spec, each change should have a link to its corresponding pull request appended.
 
+## Unreleased
+
+## [v5.0.1] - 2020-01-31
+
+### Added
+
+- Support for Forseti v2.23.1 [#476]
+
 ## [5.0.0] - 2019-10-17
 Version 5.0.0 is a backwards-incompatible release. Please see the [upgrade instructions](./docs/upgrading_to_v5.0.md) for details.
 
@@ -16,7 +24,7 @@ Version 5.0.0 is a backwards-incompatible release. Please see the [upgrade instr
 - Added additional submodules for Forseti infrastructure components [#284]
 - Update Cloud Shell tutorial [#309]
 - Add variable to enable mailjet_rest library [#302]
-- Updating helper scripts to include GKE related roles [#306]
+- Updating helper scripts to include GKE related roles [#306]gi
 - Setting the GKE version to a specific version [#307]
 - Fix serviceusage test [#308]
 - Adding cscc vars to on_gke examples [#304]
@@ -289,7 +297,9 @@ Version 4.0.0 is a backwards-incompatible release. Please see the [upgrade instr
 [v4.2.1]: https://github.com/terraform-google-modules/terraform-google-forseti/compare/v4.1.0...v4.2.1
 [v4.3.0]: https://github.com/terraform-google-modules/terraform-google-forseti/compare/v4.2.1...v4.3.0
 [v5.0.0]: https://github.com/terraform-google-modules/terraform-google-forseti/compare/v4.3.0...v5.0.0
+[v5.0.1]: https://github.com/terraform-google-modules/terraform-google-forseti/compare/v5.0.0...v5.0.1
 
+[#476]: https://github.com/forseti-security/terraform-google-forseti/pull/476
 [#330]: https://github.com/forseti-security/terraform-google-forseti/pull/330
 [#329]: https://github.com/forseti-security/terraform-google-forseti/pull/329
 [#309]: https://github.com/forseti-security/terraform-google-forseti/pull/309

diff --git a/README.md b/README.md
@@ -238,7 +238,7 @@ For this module to work, you need the following APIs enabled on the Forseti proj
 | forseti\_home | Forseti installation directory | string | `"$USER_HOME/forseti-security"` | no |
 | forseti\_repo\_url | Git repo for the Forseti installation | string | `"https://github.com/forseti-security/forseti-security"` | no |
 | forseti\_run\_frequency | Schedule of running the Forseti scans | string | `"null"` | no |
-| forseti\_version | The version of Forseti to install | string | `"v2.23.0"` | no |
+| forseti\_version | The version of Forseti to install | string | `"v2.23.1"` | no |
 | forwarding\_rule\_enabled | Forwarding rule scanner enabled. | bool | `"false"` | no |
 | forwarding\_rule\_violations\_should\_notify | Notify for forwarding rule violations | bool | `"true"` | no |
 | group\_enabled | Group scanner enabled. | bool | `"true"` | no |

diff --git a/examples/install_simple/versions.tf b/examples/install_simple/versions.tf
@@ -16,4 +16,7 @@
 
 terraform {
   required_version = ">= 0.12"
+  required_providers {
+    google = "~> 2.11"
+  }
 }
diff --git a/examples/on_gke_end_to_end/README.md b/examples/on_gke_end_to_end/README.md
@@ -72,8 +72,8 @@ This script will also activate necessary APIs required for Terraform to deploy F
 | gsuite\_admin\_email | G-Suite administrator email address to manage your Forseti installation | string | n/a | yes |
 | helm\_repository\_url | The Helm repository containing the 'forseti-security' Helm charts | string | `"https://forseti-security-charts.storage.googleapis.com/release/"` | no |
 | k8s\_forseti\_namespace | The Kubernetes namespace in which to deploy Forseti. | string | `"forseti"` | no |
-| k8s\_forseti\_orchestrator\_image\_tag | The tag for the container image for the Forseti orchestrator | string | `"v2.23.0"` | no |
-| k8s\_forseti\_server\_image\_tag | The tag for the container image for the Forseti server | string | `"v2.23.0"` | no |
+| k8s\_forseti\_orchestrator\_image\_tag | The tag for the container image for the Forseti orchestrator | string | `"v2.23.1"` | no |
+| k8s\_forseti\_server\_image\_tag | The tag for the container image for the Forseti server | string | `"v2.23.1"` | no |
 | k8s\_tiller\_sa\_name | The Kubernetes Service Account used by Tiller | string | `"tiller"` | no |
 | network | The name of the VPC being created | string | `"forseti-gke-network"` | no |
 | network\_description | An optional description of the network. The resource must be recreated to modify this field. | string | `""` | no |

diff --git a/examples/on_gke_end_to_end/variables.tf b/examples/on_gke_end_to_end/variables.tf
@@ -111,12 +111,12 @@ variable "k8s_tiller_sa_name" {
 
 variable "k8s_forseti_orchestrator_image_tag" {
   description = "The tag for the container image for the Forseti orchestrator"
-  default     = "v2.23.0"
+  default     = "v2.23.1"
 }
 
 variable "k8s_forseti_server_image_tag" {
   description = "The tag for the container image for the Forseti server"
-  default     = "v2.23.0"
+  default     = "v2.23.1"
 }
 
 variable "network" {

diff --git a/helpers/import.sh b/helpers/import.sh
@@ -150,7 +150,7 @@ printf "\nStarting import of Forseti resources to Terraform\n\n"
 
 terraform import "module.$MODULE_LOCAL_NAME.google_project_service.main[0]" "$PROJECT_ID/admin.googleapis.com"
 terraform import "module.$MODULE_LOCAL_NAME.google_project_service.main[1]" "$PROJECT_ID/appengine.googleapis.com"
-terraform import "module.$MODULE_LOCAL_NAME.google_project_service.main[2]" "$PROJECT_ID/bigquery-json.googleapis.com"
+terraform import "module.$MODULE_LOCAL_NAME.google_project_service.main[2]" "$PROJECT_ID/bigquery.googleapis.com"
 terraform import "module.$MODULE_LOCAL_NAME.google_project_service.main[3]" "$PROJECT_ID/cloudbilling.googleapis.com"
 terraform import "module.$MODULE_LOCAL_NAME.google_project_service.main[4]" "$PROJECT_ID/cloudresourcemanager.googleapis.com"
 terraform import "module.$MODULE_LOCAL_NAME.google_project_service.main[5]" "$PROJECT_ID/sql-component.googleapis.com"

diff --git a/main.tf b/main.tf
@@ -46,7 +46,7 @@ locals {
   services_list = [
     "admin.googleapis.com",
     "appengine.googleapis.com",
-    "bigquery-json.googleapis.com",
+    "bigquery.googleapis.com",
     "cloudbilling.googleapis.com",
     "cloudresourcemanager.googleapis.com",
     "sql-component.googleapis.com",

diff --git a/modules/client/variables.tf b/modules/client/variables.tf
@@ -23,7 +23,7 @@ variable "project_id" {
 
 variable "forseti_version" {
   description = "The version of Forseti to install"
-  default     = "v2.23.0"
+  default     = "v2.23.1"
 }
 
 variable "forseti_repo_url" {

diff --git a/modules/client/versions.tf b/modules/client/versions.tf
@@ -17,4 +17,7 @@
 
 terraform {
   required_version = ">= 0.12"
+  required_providers {
+    google = "~> 2.11"
+  }
 }
diff --git a/modules/on_gke/README.md b/modules/on_gke/README.md
@@ -79,7 +79,7 @@ This sub-module deploys Forseti on GKE.  In short, this deploys a server contain
 | forseti\_home | Forseti installation directory | string | `"$USER_HOME/forseti-security"` | no |
 | forseti\_repo\_url | Git repo for the Forseti installation | string | `"https://github.com/forseti-security/forseti-security"` | no |
 | forseti\_run\_frequency | Schedule of running the Forseti scans | string | `"null"` | no |
-| forseti\_version | The version of Forseti to install | string | `"v2.23.0"` | no |
+| forseti\_version | The version of Forseti to install | string | `"v2.23.1"` | no |
 | forwarding\_rule\_enabled | Forwarding rule scanner enabled. | bool | `"false"` | no |
 | forwarding\_rule\_violations\_should\_notify | Notify for forwarding rule violations | bool | `"true"` | no |
 | git\_sync\_image | The container image used by the config-validator git-sync side-car | string | `"gcr.io/google-containers/git-sync"` | no |
@@ -113,9 +113,9 @@ This sub-module deploys Forseti on GKE.  In short, this deploys a server contain
 | k8s\_config\_validator\_image\_tag | The tag for the config-validator image. | string | `"latest"` | no |
 | k8s\_forseti\_namespace | The Kubernetes namespace in which to deploy Forseti. | string | `"forseti"` | no |
 | k8s\_forseti\_orchestrator\_image | The container image for the Forseti orchestrator | string | `"gcr.io/forseti-containers/forseti"` | no |
-| k8s\_forseti\_orchestrator\_image\_tag | The tag for the container image for the Forseti orchestrator | string | `"v2.23.0"` | no |
+| k8s\_forseti\_orchestrator\_image\_tag | The tag for the container image for the Forseti orchestrator | string | `"v2.23.1"` | no |
 | k8s\_forseti\_server\_image | The container image for the Forseti server | string | `"gcr.io/forseti-containers/forseti"` | no |
-| k8s\_forseti\_server\_image\_tag | The tag for the container image for the Forseti server | string | `"v2.23.0"` | no |
+| k8s\_forseti\_server\_image\_tag | The tag for the container image for the Forseti server | string | `"v2.23.1"` | no |
 | k8s\_forseti\_server\_ingress\_cidr | If network_policy is true, k8s_forseti_server_ingress_cidr will restrict connections to the Forseti Server service from the CIDR's specified | string | `""` | no |
 | k8s\_tiller\_sa\_name | The Kubernetes Service Account used by Tiller | string | `"tiller"` | no |
 | ke\_scanner\_enabled | KE scanner enabled. | bool | `"false"` | no |

diff --git a/modules/on_gke/main.tf b/modules/on_gke/main.tf
@@ -53,7 +53,7 @@ locals {
   services_list = [
     "admin.googleapis.com",
     "appengine.googleapis.com",
-    "bigquery-json.googleapis.com",
+    "bigquery.googleapis.com",
     "cloudbilling.googleapis.com",
     "cloudresourcemanager.googleapis.com",
     "sql-component.googleapis.com",

diff --git a/modules/on_gke/variables.tf b/modules/on_gke/variables.tf
@@ -80,7 +80,7 @@ variable "gsuite_admin_email" {
 
 variable "forseti_version" {
   description = "The version of Forseti to install"
-  default     = "v2.23.0"
+  default     = "v2.23.1"
 }
 
 variable "forseti_repo_url" {
@@ -879,7 +879,7 @@ variable "k8s_forseti_orchestrator_image" {
 
 variable "k8s_forseti_orchestrator_image_tag" {
   description = "The tag for the container image for the Forseti orchestrator"
-  default     = "v2.23.0"
+  default     = "v2.23.1"
 }
 
 variable "k8s_forseti_server_image" {
@@ -889,7 +889,7 @@ variable "k8s_forseti_server_image" {
 
 variable "k8s_forseti_server_image_tag" {
   description = "The tag for the container image for the Forseti server"
-  default     = "v2.23.0"
+  default     = "v2.23.1"
 }
 
 variable "k8s_forseti_server_ingress_cidr" {

diff --git a/modules/on_gke/versions.tf b/modules/on_gke/versions.tf
@@ -17,4 +17,8 @@
 
 terraform {
   required_version = ">= 0.12"
+  required_providers {
+    google = "~> 2.12"
+    helm   = "~> 0.10"
+  }
 }
diff --git a/modules/real_time_enforcer/versions.tf b/modules/real_time_enforcer/versions.tf
@@ -17,4 +17,7 @@
 
 terraform {
   required_version = ">= 0.12"
+  required_providers {
+    google = "~> 2.11"
+  }
 }
diff --git a/modules/rules/templates/rules/enabled_apis_rules.yaml b/modules/rules/templates/rules/enabled_apis_rules.yaml
@@ -21,7 +21,7 @@
 #         resource_ids:
 #           - '*'
 #     services:
-#       - 'bigquery-json.googleapis.com'
+#       - 'bigquery.googleapis.com'
 #       - 'clouddebugger.googleapis.com'
 #       - 'cloudtrace.googleapis.com'
 #       - 'compute.googleapis.com'

diff --git a/modules/server/variables.tf b/modules/server/variables.tf
@@ -23,7 +23,7 @@ variable "project_id" {
 
 variable "forseti_version" {
   description = "The version of Forseti to install"
-  default     = "v2.23.0"
+  default     = "v2.23.1"
 }
 
 variable "forseti_repo_url" {

diff --git a/modules/server/versions.tf b/modules/server/versions.tf
@@ -17,4 +17,7 @@
 
 terraform {
   required_version = ">= 0.12"
+  required_providers {
+    google = "~> 2.11"
+  }
 }
diff --git a/test/integration/simple_example/controls/client.rb b/test/integration/simple_example/controls/client.rb
@@ -15,7 +15,7 @@
 require "yaml"
 
 forseti_server_vm_ip = attribute("forseti-server-vm-ip")
-forseti_version = "2.23.0"
+forseti_version = "2.23.1"
 
 control "client" do
   title "Forseti client instance resources"

diff --git a/test/integration/simple_example/controls/server.rb b/test/integration/simple_example/controls/server.rb
@@ -14,7 +14,7 @@
 
 require "yaml"
 
-forseti_version = "2.23.0"
+forseti_version = "2.23.1"
 
 control "server" do
   title "Forseti server instance resources"

diff --git a/variables.tf b/variables.tf
@@ -28,7 +28,7 @@ variable "gsuite_admin_email" {
 
 variable "forseti_version" {
   description = "The version of Forseti to install"
-  default     = "v2.23.0"
+  default     = "v2.23.1"
 }
 
 variable "forseti_repo_url" {

diff --git a/versions.tf b/versions.tf
@@ -18,6 +18,8 @@
 terraform {
   required_version = ">= 0.12"
   required_providers {
+    google   = "~> 2.11"
+    helm     = "~> 0.10"
     null     = "~> 2.0"
     template = "~> 2.0"
     random   = "~> 2.0"