From cf5e3ff0075a7b7873df8c33158603c713856704 Mon Sep 17 00:00:00 2001 From: red2k18 Date: Tue, 11 Feb 2020 10:01:01 -0500 Subject: [PATCH] [FORSETI RELEASE] Update Forseti version to v2.23.1 (#476) * Patch release v2.23.1 * Fix bigquery and Google provider issue for the 5.0.1 patch * Updated version to v2.23.1 * Set version constraint for google provider on the install simple example * Fix typos * Pinned helm provider version to 0.10.* Co-authored-by: Gregg Kowalski <10247435+gkowalski-google@users.noreply.github.com> --- CHANGELOG.md | 12 +++++++++++- README.md | 2 +- examples/install_simple/versions.tf | 3 +++ examples/on_gke_end_to_end/README.md | 4 ++-- examples/on_gke_end_to_end/variables.tf | 4 ++-- helpers/import.sh | 2 +- main.tf | 2 +- modules/client/variables.tf | 2 +- modules/client/versions.tf | 3 +++ modules/on_gke/README.md | 6 +++--- modules/on_gke/main.tf | 2 +- modules/on_gke/variables.tf | 6 +++--- modules/on_gke/versions.tf | 4 ++++ modules/real_time_enforcer/versions.tf | 3 +++ .../rules/templates/rules/enabled_apis_rules.yaml | 2 +- modules/server/variables.tf | 2 +- modules/server/versions.tf | 3 +++ test/integration/simple_example/controls/client.rb | 2 +- test/integration/simple_example/controls/server.rb | 2 +- variables.tf | 2 +- versions.tf | 2 ++ 21 files changed, 49 insertions(+), 21 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 63862c908..a14700455 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 Extending the adopted spec, each change should have a link to its corresponding pull request appended. +## Unreleased + +## [v5.0.1] - 2020-01-31 + +### Added + +- Support for Forseti v2.23.1 [#476] + ## [5.0.0] - 2019-10-17 Version 5.0.0 is a backwards-incompatible release. Please see the [upgrade instructions](./docs/upgrading_to_v5.0.md) for details. @@ -16,7 +24,7 @@ Version 5.0.0 is a backwards-incompatible release. Please see the [upgrade instr - Added additional submodules for Forseti infrastructure components [#284] - Update Cloud Shell tutorial [#309] - Add variable to enable mailjet_rest library [#302] -- Updating helper scripts to include GKE related roles [#306] +- Updating helper scripts to include GKE related roles [#306]gi - Setting the GKE version to a specific version [#307] - Fix serviceusage test [#308] - Adding cscc vars to on_gke examples [#304] @@ -289,7 +297,9 @@ Version 4.0.0 is a backwards-incompatible release. Please see the [upgrade instr [v4.2.1]: https://github.com/terraform-google-modules/terraform-google-forseti/compare/v4.1.0...v4.2.1 [v4.3.0]: https://github.com/terraform-google-modules/terraform-google-forseti/compare/v4.2.1...v4.3.0 [v5.0.0]: https://github.com/terraform-google-modules/terraform-google-forseti/compare/v4.3.0...v5.0.0 +[v5.0.1]: https://github.com/terraform-google-modules/terraform-google-forseti/compare/v5.0.0...v5.0.1 +[#476]: https://github.com/forseti-security/terraform-google-forseti/pull/476 [#330]: https://github.com/forseti-security/terraform-google-forseti/pull/330 [#329]: https://github.com/forseti-security/terraform-google-forseti/pull/329 [#309]: https://github.com/forseti-security/terraform-google-forseti/pull/309 diff --git a/README.md b/README.md index 92a729a74..68c24246a 100644 --- a/README.md +++ b/README.md @@ -238,7 +238,7 @@ For this module to work, you need the following APIs enabled on the Forseti proj | forseti\_home | Forseti installation directory | string | `"$USER_HOME/forseti-security"` | no | | forseti\_repo\_url | Git repo for the Forseti installation | string | `"https://github.com/forseti-security/forseti-security"` | no | | forseti\_run\_frequency | Schedule of running the Forseti scans | string | `"null"` | no | -| forseti\_version | The version of Forseti to install | string | `"v2.23.0"` | no | +| forseti\_version | The version of Forseti to install | string | `"v2.23.1"` | no | | forwarding\_rule\_enabled | Forwarding rule scanner enabled. | bool | `"false"` | no | | forwarding\_rule\_violations\_should\_notify | Notify for forwarding rule violations | bool | `"true"` | no | | group\_enabled | Group scanner enabled. | bool | `"true"` | no | diff --git a/examples/install_simple/versions.tf b/examples/install_simple/versions.tf index 297042723..b544d679b 100644 --- a/examples/install_simple/versions.tf +++ b/examples/install_simple/versions.tf @@ -16,4 +16,7 @@ terraform { required_version = ">= 0.12" + required_providers { + google = "~> 2.11" + } } diff --git a/examples/on_gke_end_to_end/README.md b/examples/on_gke_end_to_end/README.md index d098bd3d9..d10090531 100644 --- a/examples/on_gke_end_to_end/README.md +++ b/examples/on_gke_end_to_end/README.md @@ -72,8 +72,8 @@ This script will also activate necessary APIs required for Terraform to deploy F | gsuite\_admin\_email | G-Suite administrator email address to manage your Forseti installation | string | n/a | yes | | helm\_repository\_url | The Helm repository containing the 'forseti-security' Helm charts | string | `"https://forseti-security-charts.storage.googleapis.com/release/"` | no | | k8s\_forseti\_namespace | The Kubernetes namespace in which to deploy Forseti. | string | `"forseti"` | no | -| k8s\_forseti\_orchestrator\_image\_tag | The tag for the container image for the Forseti orchestrator | string | `"v2.23.0"` | no | -| k8s\_forseti\_server\_image\_tag | The tag for the container image for the Forseti server | string | `"v2.23.0"` | no | +| k8s\_forseti\_orchestrator\_image\_tag | The tag for the container image for the Forseti orchestrator | string | `"v2.23.1"` | no | +| k8s\_forseti\_server\_image\_tag | The tag for the container image for the Forseti server | string | `"v2.23.1"` | no | | k8s\_tiller\_sa\_name | The Kubernetes Service Account used by Tiller | string | `"tiller"` | no | | network | The name of the VPC being created | string | `"forseti-gke-network"` | no | | network\_description | An optional description of the network. The resource must be recreated to modify this field. | string | `""` | no | diff --git a/examples/on_gke_end_to_end/variables.tf b/examples/on_gke_end_to_end/variables.tf index 7714022b1..d13e45059 100644 --- a/examples/on_gke_end_to_end/variables.tf +++ b/examples/on_gke_end_to_end/variables.tf @@ -111,12 +111,12 @@ variable "k8s_tiller_sa_name" { variable "k8s_forseti_orchestrator_image_tag" { description = "The tag for the container image for the Forseti orchestrator" - default = "v2.23.0" + default = "v2.23.1" } variable "k8s_forseti_server_image_tag" { description = "The tag for the container image for the Forseti server" - default = "v2.23.0" + default = "v2.23.1" } variable "network" { diff --git a/helpers/import.sh b/helpers/import.sh index 784517c6d..ce47fe998 100755 --- a/helpers/import.sh +++ b/helpers/import.sh @@ -150,7 +150,7 @@ printf "\nStarting import of Forseti resources to Terraform\n\n" terraform import "module.$MODULE_LOCAL_NAME.google_project_service.main[0]" "$PROJECT_ID/admin.googleapis.com" terraform import "module.$MODULE_LOCAL_NAME.google_project_service.main[1]" "$PROJECT_ID/appengine.googleapis.com" -terraform import "module.$MODULE_LOCAL_NAME.google_project_service.main[2]" "$PROJECT_ID/bigquery-json.googleapis.com" +terraform import "module.$MODULE_LOCAL_NAME.google_project_service.main[2]" "$PROJECT_ID/bigquery.googleapis.com" terraform import "module.$MODULE_LOCAL_NAME.google_project_service.main[3]" "$PROJECT_ID/cloudbilling.googleapis.com" terraform import "module.$MODULE_LOCAL_NAME.google_project_service.main[4]" "$PROJECT_ID/cloudresourcemanager.googleapis.com" terraform import "module.$MODULE_LOCAL_NAME.google_project_service.main[5]" "$PROJECT_ID/sql-component.googleapis.com" diff --git a/main.tf b/main.tf index 3ff2b9d53..1a65376cb 100644 --- a/main.tf +++ b/main.tf @@ -46,7 +46,7 @@ locals { services_list = [ "admin.googleapis.com", "appengine.googleapis.com", - "bigquery-json.googleapis.com", + "bigquery.googleapis.com", "cloudbilling.googleapis.com", "cloudresourcemanager.googleapis.com", "sql-component.googleapis.com", diff --git a/modules/client/variables.tf b/modules/client/variables.tf index 550346219..160003452 100644 --- a/modules/client/variables.tf +++ b/modules/client/variables.tf @@ -23,7 +23,7 @@ variable "project_id" { variable "forseti_version" { description = "The version of Forseti to install" - default = "v2.23.0" + default = "v2.23.1" } variable "forseti_repo_url" { diff --git a/modules/client/versions.tf b/modules/client/versions.tf index 8b267ac4e..e9176e92f 100644 --- a/modules/client/versions.tf +++ b/modules/client/versions.tf @@ -17,4 +17,7 @@ terraform { required_version = ">= 0.12" + required_providers { + google = "~> 2.11" + } } diff --git a/modules/on_gke/README.md b/modules/on_gke/README.md index 8b044d8fe..3dc14a763 100644 --- a/modules/on_gke/README.md +++ b/modules/on_gke/README.md @@ -79,7 +79,7 @@ This sub-module deploys Forseti on GKE. In short, this deploys a server contain | forseti\_home | Forseti installation directory | string | `"$USER_HOME/forseti-security"` | no | | forseti\_repo\_url | Git repo for the Forseti installation | string | `"https://github.com/forseti-security/forseti-security"` | no | | forseti\_run\_frequency | Schedule of running the Forseti scans | string | `"null"` | no | -| forseti\_version | The version of Forseti to install | string | `"v2.23.0"` | no | +| forseti\_version | The version of Forseti to install | string | `"v2.23.1"` | no | | forwarding\_rule\_enabled | Forwarding rule scanner enabled. | bool | `"false"` | no | | forwarding\_rule\_violations\_should\_notify | Notify for forwarding rule violations | bool | `"true"` | no | | git\_sync\_image | The container image used by the config-validator git-sync side-car | string | `"gcr.io/google-containers/git-sync"` | no | @@ -113,9 +113,9 @@ This sub-module deploys Forseti on GKE. In short, this deploys a server contain | k8s\_config\_validator\_image\_tag | The tag for the config-validator image. | string | `"latest"` | no | | k8s\_forseti\_namespace | The Kubernetes namespace in which to deploy Forseti. | string | `"forseti"` | no | | k8s\_forseti\_orchestrator\_image | The container image for the Forseti orchestrator | string | `"gcr.io/forseti-containers/forseti"` | no | -| k8s\_forseti\_orchestrator\_image\_tag | The tag for the container image for the Forseti orchestrator | string | `"v2.23.0"` | no | +| k8s\_forseti\_orchestrator\_image\_tag | The tag for the container image for the Forseti orchestrator | string | `"v2.23.1"` | no | | k8s\_forseti\_server\_image | The container image for the Forseti server | string | `"gcr.io/forseti-containers/forseti"` | no | -| k8s\_forseti\_server\_image\_tag | The tag for the container image for the Forseti server | string | `"v2.23.0"` | no | +| k8s\_forseti\_server\_image\_tag | The tag for the container image for the Forseti server | string | `"v2.23.1"` | no | | k8s\_forseti\_server\_ingress\_cidr | If network_policy is true, k8s_forseti_server_ingress_cidr will restrict connections to the Forseti Server service from the CIDR's specified | string | `""` | no | | k8s\_tiller\_sa\_name | The Kubernetes Service Account used by Tiller | string | `"tiller"` | no | | ke\_scanner\_enabled | KE scanner enabled. | bool | `"false"` | no | diff --git a/modules/on_gke/main.tf b/modules/on_gke/main.tf index 2f981e1af..a18edf174 100644 --- a/modules/on_gke/main.tf +++ b/modules/on_gke/main.tf @@ -53,7 +53,7 @@ locals { services_list = [ "admin.googleapis.com", "appengine.googleapis.com", - "bigquery-json.googleapis.com", + "bigquery.googleapis.com", "cloudbilling.googleapis.com", "cloudresourcemanager.googleapis.com", "sql-component.googleapis.com", diff --git a/modules/on_gke/variables.tf b/modules/on_gke/variables.tf index d2527d76d..4aca41872 100644 --- a/modules/on_gke/variables.tf +++ b/modules/on_gke/variables.tf @@ -80,7 +80,7 @@ variable "gsuite_admin_email" { variable "forseti_version" { description = "The version of Forseti to install" - default = "v2.23.0" + default = "v2.23.1" } variable "forseti_repo_url" { @@ -879,7 +879,7 @@ variable "k8s_forseti_orchestrator_image" { variable "k8s_forseti_orchestrator_image_tag" { description = "The tag for the container image for the Forseti orchestrator" - default = "v2.23.0" + default = "v2.23.1" } variable "k8s_forseti_server_image" { @@ -889,7 +889,7 @@ variable "k8s_forseti_server_image" { variable "k8s_forseti_server_image_tag" { description = "The tag for the container image for the Forseti server" - default = "v2.23.0" + default = "v2.23.1" } variable "k8s_forseti_server_ingress_cidr" { diff --git a/modules/on_gke/versions.tf b/modules/on_gke/versions.tf index 8b267ac4e..cbb72f943 100644 --- a/modules/on_gke/versions.tf +++ b/modules/on_gke/versions.tf @@ -17,4 +17,8 @@ terraform { required_version = ">= 0.12" + required_providers { + google = "~> 2.12" + helm = "~> 0.10" + } } diff --git a/modules/real_time_enforcer/versions.tf b/modules/real_time_enforcer/versions.tf index 8b267ac4e..e9176e92f 100644 --- a/modules/real_time_enforcer/versions.tf +++ b/modules/real_time_enforcer/versions.tf @@ -17,4 +17,7 @@ terraform { required_version = ">= 0.12" + required_providers { + google = "~> 2.11" + } } diff --git a/modules/rules/templates/rules/enabled_apis_rules.yaml b/modules/rules/templates/rules/enabled_apis_rules.yaml index f5afcf8f4..165385da1 100644 --- a/modules/rules/templates/rules/enabled_apis_rules.yaml +++ b/modules/rules/templates/rules/enabled_apis_rules.yaml @@ -21,7 +21,7 @@ # resource_ids: # - '*' # services: -# - 'bigquery-json.googleapis.com' +# - 'bigquery.googleapis.com' # - 'clouddebugger.googleapis.com' # - 'cloudtrace.googleapis.com' # - 'compute.googleapis.com' diff --git a/modules/server/variables.tf b/modules/server/variables.tf index 970139115..5b052b0a5 100644 --- a/modules/server/variables.tf +++ b/modules/server/variables.tf @@ -23,7 +23,7 @@ variable "project_id" { variable "forseti_version" { description = "The version of Forseti to install" - default = "v2.23.0" + default = "v2.23.1" } variable "forseti_repo_url" { diff --git a/modules/server/versions.tf b/modules/server/versions.tf index 8b267ac4e..e9176e92f 100644 --- a/modules/server/versions.tf +++ b/modules/server/versions.tf @@ -17,4 +17,7 @@ terraform { required_version = ">= 0.12" + required_providers { + google = "~> 2.11" + } } diff --git a/test/integration/simple_example/controls/client.rb b/test/integration/simple_example/controls/client.rb index 26702c5cd..78708d95d 100644 --- a/test/integration/simple_example/controls/client.rb +++ b/test/integration/simple_example/controls/client.rb @@ -15,7 +15,7 @@ require "yaml" forseti_server_vm_ip = attribute("forseti-server-vm-ip") -forseti_version = "2.23.0" +forseti_version = "2.23.1" control "client" do title "Forseti client instance resources" diff --git a/test/integration/simple_example/controls/server.rb b/test/integration/simple_example/controls/server.rb index 7d37214c7..dea13b504 100644 --- a/test/integration/simple_example/controls/server.rb +++ b/test/integration/simple_example/controls/server.rb @@ -14,7 +14,7 @@ require "yaml" -forseti_version = "2.23.0" +forseti_version = "2.23.1" control "server" do title "Forseti server instance resources" diff --git a/variables.tf b/variables.tf index 0df4920f9..912558e2a 100644 --- a/variables.tf +++ b/variables.tf @@ -28,7 +28,7 @@ variable "gsuite_admin_email" { variable "forseti_version" { description = "The version of Forseti to install" - default = "v2.23.0" + default = "v2.23.1" } variable "forseti_repo_url" { diff --git a/versions.tf b/versions.tf index f3e3b0ad2..42425c561 100644 --- a/versions.tf +++ b/versions.tf @@ -18,6 +18,8 @@ terraform { required_version = ">= 0.12" required_providers { + google = "~> 2.11" + helm = "~> 0.10" null = "~> 2.0" template = "~> 2.0" random = "~> 2.0"