diff --git a/.release-please-manifest.json b/.release-please-manifest.json index 10978d07..bd8fba56 100644 --- a/.release-please-manifest.json +++ b/.release-please-manifest.json @@ -1,13 +1 @@ -{ - "catalog/bucket": "0.3.0", - "catalog/empty": "0.3.0", - "catalog/gitops": "0.3.0", - "catalog/gke": "0.3.0", - "catalog/hierarchy": "0.3.0", - "catalog/landing-zone": "0.3.0", - "catalog/log-export": "0.3.0", - "catalog/networking": "0.3.0", - "catalog/project": "0.3.0", - "catalog/redis-bucket": "0.3.0", - "catalog/spanner": "0.3.0" -} +{"catalog/bucket":"0.4.0","catalog/empty":"0.3.0","catalog/gitops":"0.4.0","catalog/gke":"0.3.0","catalog/hierarchy":"0.3.0","catalog/landing-zone":"0.4.0","catalog/log-export":"0.4.0","catalog/networking":"0.4.0","catalog/project":"0.4.0","catalog/redis-bucket":"0.3.0","catalog/spanner":"0.3.0"} \ No newline at end of file diff --git a/catalog/bucket/CHANGELOG.md b/catalog/bucket/CHANGELOG.md new file mode 100644 index 00000000..2ccf8311 --- /dev/null +++ b/catalog/bucket/CHANGELOG.md @@ -0,0 +1,8 @@ +# Changelog + +## [0.4.0](https://www.github.com/GoogleCloudPlatform/blueprints/compare/bucket-blueprint-v0.3.0...bucket-blueprint-v0.4.0) (2021-09-14) + + +### Features + +* Add explicit location to bucket.yaml ([#71](https://www.github.com/GoogleCloudPlatform/blueprints/issues/71)) ([aec839e](https://www.github.com/GoogleCloudPlatform/blueprints/commit/aec839ed8124150c0670bc74d4f2aca113fa566d)) diff --git a/catalog/gitops/CHANGELOG.md b/catalog/gitops/CHANGELOG.md new file mode 100644 index 00000000..85e74891 --- /dev/null +++ b/catalog/gitops/CHANGELOG.md @@ -0,0 +1,13 @@ +# Changelog + +## [0.4.0](https://www.github.com/GoogleCloudPlatform/blueprints/compare/gitops-blueprint-v0.3.0...gitops-blueprint-v0.4.0) (2021-09-14) + + +### Features + +* Switch to using IAMPartialPolicy instead of IAMPolicyMember ([#62](https://www.github.com/GoogleCloudPlatform/blueprints/issues/62)) ([395b921](https://www.github.com/GoogleCloudPlatform/blueprints/commit/395b921fe35bf54677e66df013f3ca4c2a09fdb6)) + + +### Bug Fixes + +* minor fixes in IAMPartialPolicy ([#63](https://www.github.com/GoogleCloudPlatform/blueprints/issues/63)) ([188ad2a](https://www.github.com/GoogleCloudPlatform/blueprints/commit/188ad2ab8d75e696d5127a52b146ca6f8363b8b3)) diff --git a/catalog/gitops/cloudbuild-iam.yaml b/catalog/gitops/cloudbuild-iam.yaml index 1fe392f7..5339125f 100644 --- a/catalog/gitops/cloudbuild-iam.yaml +++ b/catalog/gitops/cloudbuild-iam.yaml @@ -18,7 +18,7 @@ metadata: name: deployment-repo-cloudbuild-write namespace: config-control # kpt-set: ${namespace} annotations: - cnrm.cloud.google.com/blueprint: cnrm/gitops/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/gitops/v0.4.0 cnrm.cloud.google.com/project-id: project-id # kpt-set: ${project-id} spec: resourceRef: @@ -37,7 +37,7 @@ metadata: name: source-repo-cloudbuild-read namespace: config-control # kpt-set: ${namespace} annotations: - cnrm.cloud.google.com/blueprint: cnrm/gitops/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/gitops/v0.4.0 cnrm.cloud.google.com/project-id: project-id # kpt-set: ${project-id} spec: resourceRef: diff --git a/catalog/gitops/configsync/configsync-iam.yaml b/catalog/gitops/configsync/configsync-iam.yaml index 799eb75e..1a921d87 100644 --- a/catalog/gitops/configsync/configsync-iam.yaml +++ b/catalog/gitops/configsync/configsync-iam.yaml @@ -19,7 +19,7 @@ metadata: name: sync-cluster-name # kpt-set: sync-${cluster-name} namespace: config-control # kpt-set: ${namespace} annotations: - cnrm.cloud.google.com/blueprint: cnrm/gitops/configsync/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/gitops/configsync/v0.4.0 cnrm.cloud.google.com/project-id: project-id # kpt-set: ${project-id} spec: displayName: sync-cluster-name # kpt-set: sync-${cluster-name} @@ -31,7 +31,7 @@ metadata: name: sync-cluster-name # kpt-set: sync-${cluster-name} namespace: config-control # kpt-set: ${namespace} annotations: - cnrm.cloud.google.com/blueprint: cnrm/gitops/configsync/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/gitops/configsync/v0.4.0 cnrm.cloud.google.com/project-id: project-id # kpt-set: ${project-id} spec: resourceRef: @@ -50,7 +50,7 @@ metadata: name: source-reader-sync-cluster-name-project-id # kpt-set: source-reader-sync-${cluster-name}-${project-id} namespace: config-control # kpt-set: ${namespace} annotations: - cnrm.cloud.google.com/blueprint: cnrm/gitops/configsync/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/gitops/configsync/v0.4.0 cnrm.cloud.google.com/project-id: project-id # kpt-set: ${project-id} spec: resourceRef: diff --git a/catalog/gitops/hydration-trigger.yaml b/catalog/gitops/hydration-trigger.yaml index 6fdb00b0..185b48ce 100644 --- a/catalog/gitops/hydration-trigger.yaml +++ b/catalog/gitops/hydration-trigger.yaml @@ -22,7 +22,7 @@ metadata: name: source-repo-cicd-trigger # kpt-set: ${source-repo}-cicd-trigger namespace: config-control # kpt-set: ${namespace} annotations: - cnrm.cloud.google.com/blueprint: cnrm/gitops/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/gitops/v0.4.0 cnrm.cloud.google.com/project-id: project-id # kpt-set: ${project-id} spec: build: diff --git a/catalog/gitops/services.yaml b/catalog/gitops/services.yaml index c9279567..263d21b2 100644 --- a/catalog/gitops/services.yaml +++ b/catalog/gitops/services.yaml @@ -17,7 +17,7 @@ metadata: name: sourcerepo.googleapis.com namespace: config-control # kpt-set: ${namespace} annotations: - cnrm.cloud.google.com/blueprint: cnrm/gitops/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/gitops/v0.4.0 cnrm.cloud.google.com/project-id: project-id # kpt-set: ${project-id} --- apiVersion: serviceusage.cnrm.cloud.google.com/v1beta1 @@ -26,5 +26,5 @@ metadata: name: cloudbuild.googleapis.com namespace: config-control # kpt-set: ${namespace} annotations: - cnrm.cloud.google.com/blueprint: cnrm/gitops/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/gitops/v0.4.0 cnrm.cloud.google.com/project-id: project-id # kpt-set: ${project-id} diff --git a/catalog/gitops/source-repositories.yaml b/catalog/gitops/source-repositories.yaml index 56349602..d718e4ff 100644 --- a/catalog/gitops/source-repositories.yaml +++ b/catalog/gitops/source-repositories.yaml @@ -17,7 +17,7 @@ metadata: name: source-repo # kpt-set: ${source-repo} namespace: config-control # kpt-set: ${namespace} annotations: - cnrm.cloud.google.com/blueprint: cnrm/gitops/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/gitops/v0.4.0 cnrm.cloud.google.com/project-id: project-id # kpt-set: ${project-id} --- apiVersion: sourcerepo.cnrm.cloud.google.com/v1beta1 @@ -26,5 +26,5 @@ metadata: name: deployment-repo # kpt-set: ${deployment-repo} namespace: config-control # kpt-set: ${namespace} annotations: - cnrm.cloud.google.com/blueprint: cnrm/gitops/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/gitops/v0.4.0 cnrm.cloud.google.com/project-id: project-id # kpt-set: ${project-id} diff --git a/catalog/landing-zone/CHANGELOG.md b/catalog/landing-zone/CHANGELOG.md new file mode 100644 index 00000000..d210115a --- /dev/null +++ b/catalog/landing-zone/CHANGELOG.md @@ -0,0 +1,15 @@ +# Changelog + +## [0.4.0](https://www.github.com/GoogleCloudPlatform/blueprints/compare/landing-zone-blueprint-v0.3.0...landing-zone-blueprint-v0.4.0) (2021-09-14) + + +### Features + +* **landing-zone:** add automaticIamGrantsForDefaultServiceAccounts org policy ([#67](https://www.github.com/GoogleCloudPlatform/blueprints/issues/67)) ([eed1ebe](https://www.github.com/GoogleCloudPlatform/blueprints/commit/eed1ebe91867e05a17e2d0640b315375b461c670)) +* Switch to using IAMPartialPolicy instead of IAMPolicyMember ([#62](https://www.github.com/GoogleCloudPlatform/blueprints/issues/62)) ([395b921](https://www.github.com/GoogleCloudPlatform/blueprints/commit/395b921fe35bf54677e66df013f3ca4c2a09fdb6)) + + +### Bug Fixes + +* minor fixes in IAMPartialPolicy ([#63](https://www.github.com/GoogleCloudPlatform/blueprints/issues/63)) ([188ad2a](https://www.github.com/GoogleCloudPlatform/blueprints/commit/188ad2ab8d75e696d5127a52b146ca6f8363b8b3)) +* swap IAMPartialPolicy back to IAMPolicyMember for org resourceRefs ([#64](https://www.github.com/GoogleCloudPlatform/blueprints/issues/64)) ([45f5718](https://www.github.com/GoogleCloudPlatform/blueprints/commit/45f571820d091c2046ae6a0541ed89d590014090)) diff --git a/catalog/landing-zone/iam.yaml b/catalog/landing-zone/iam.yaml index 0f2e95af..42f6e4b2 100644 --- a/catalog/landing-zone/iam.yaml +++ b/catalog/landing-zone/iam.yaml @@ -18,7 +18,7 @@ metadata: name: org-admins-iam namespace: config-control # kpt-set: ${management-namespace} annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.4.0 spec: resourceRef: apiVersion: resourcemanager.cnrm.cloud.google.com/v1beta1 @@ -33,7 +33,7 @@ metadata: name: billing-admins-iam namespace: config-control # kpt-set: ${management-namespace} annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.4.0 spec: resourceRef: apiVersion: resourcemanager.cnrm.cloud.google.com/v1beta1 diff --git a/catalog/landing-zone/namespaces/hierarchy.yaml b/catalog/landing-zone/namespaces/hierarchy.yaml index f8788168..55b4d50d 100644 --- a/catalog/landing-zone/namespaces/hierarchy.yaml +++ b/catalog/landing-zone/namespaces/hierarchy.yaml @@ -17,7 +17,7 @@ metadata: name: hierarchy-sa namespace: config-control # kpt-set: ${management-namespace} annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.4.0 cnrm.cloud.google.com/project-id: management-project-id # kpt-set: ${management-project-id} spec: displayName: hierarchy-sa @@ -28,7 +28,7 @@ metadata: name: hierarchy-sa-folderadmin-permissions namespace: config-control # kpt-set: ${management-namespace} annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.4.0 cnrm.cloud.google.com/project-id: management-project-id # kpt-set: ${management-project-id} spec: resourceRef: @@ -44,7 +44,7 @@ metadata: name: hierarchy-sa-workload-identity-binding namespace: config-control # kpt-set: ${management-namespace} annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.4.0 cnrm.cloud.google.com/project-id: management-project-id # kpt-set: ${management-project-id} spec: resourceRef: @@ -83,6 +83,6 @@ metadata: name: configconnectorcontext.core.cnrm.cloud.google.com namespace: hierarchy annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.4.0 spec: googleServiceAccount: hierarchy-sa@management-project-id.iam.gserviceaccount.com # kpt-set: hierarchy-sa@${management-project-id}.iam.gserviceaccount.com diff --git a/catalog/landing-zone/namespaces/logging.yaml b/catalog/landing-zone/namespaces/logging.yaml index 3485e545..b2304bb0 100644 --- a/catalog/landing-zone/namespaces/logging.yaml +++ b/catalog/landing-zone/namespaces/logging.yaml @@ -25,7 +25,7 @@ metadata: name: configconnectorcontext.core.cnrm.cloud.google.com namespace: logging annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.4.0 spec: googleServiceAccount: logging-sa@management-project-id.iam.gserviceaccount.com # kpt-set: logging-sa@${management-project-id}.iam.gserviceaccount.com --- @@ -35,7 +35,7 @@ metadata: name: logging-sa namespace: config-control # kpt-set: ${management-namespace} annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.4.0 cnrm.cloud.google.com/project-id: management-project-id # kpt-set: ${management-project-id} spec: displayName: logging-sa @@ -46,7 +46,7 @@ metadata: name: logging-sa-logadmin-permissions namespace: config-control # kpt-set: ${management-namespace} annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.4.0 cnrm.cloud.google.com/project-id: management-project-id # kpt-set: ${management-project-id} spec: resourceRef: @@ -62,7 +62,7 @@ metadata: name: logging-sa-bigqueryadmin-permissions namespace: config-control # kpt-set: ${management-namespace} annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.4.0 cnrm.cloud.google.com/project-id: management-project-id # kpt-set: ${management-project-id} spec: resourceRef: @@ -78,7 +78,7 @@ metadata: name: logging-sa-workload-identity-binding namespace: config-control # kpt-set: ${management-namespace} annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.4.0 cnrm.cloud.google.com/project-id: management-project-id # kpt-set: ${management-project-id} spec: resourceRef: diff --git a/catalog/landing-zone/namespaces/networking.yaml b/catalog/landing-zone/namespaces/networking.yaml index 17f7b53f..84f59744 100644 --- a/catalog/landing-zone/namespaces/networking.yaml +++ b/catalog/landing-zone/namespaces/networking.yaml @@ -18,7 +18,7 @@ metadata: name: networking-sa namespace: config-control # kpt-set: ${management-namespace} annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.4.0 cnrm.cloud.google.com/project-id: management-project-id # kpt-set: ${management-project-id} spec: displayName: networking-sa @@ -29,7 +29,7 @@ metadata: name: networking-sa-networkadmin-permissions namespace: config-control # kpt-set: ${management-namespace} annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.4.0 cnrm.cloud.google.com/project-id: management-project-id # kpt-set: ${management-project-id} spec: resourceRef: @@ -45,7 +45,7 @@ metadata: name: networking-sa-security-permissions namespace: config-control # kpt-set: ${management-namespace} annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.4.0 cnrm.cloud.google.com/project-id: management-project-id # kpt-set: ${management-project-id} spec: resourceRef: @@ -61,7 +61,7 @@ metadata: name: networking-sa-dns-permissions namespace: config-control # kpt-set: ${management-namespace} annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.4.0 cnrm.cloud.google.com/project-id: management-project-id # kpt-set: ${management-project-id} spec: resourceRef: @@ -77,7 +77,7 @@ metadata: name: networking-sa-service-control-permissions namespace: config-control # kpt-set: ${management-namespace} annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.4.0 cnrm.cloud.google.com/project-id: management-project-id # kpt-set: ${management-project-id} spec: resourceRef: @@ -93,7 +93,7 @@ metadata: name: networking-sa-xpnadmin-permissions namespace: config-control # kpt-set: ${management-namespace} annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.4.0 cnrm.cloud.google.com/project-id: management-project-id # kpt-set: ${management-project-id} spec: resourceRef: @@ -109,7 +109,7 @@ metadata: name: networking-sa-workload-identity-binding namespace: config-control # kpt-set: ${management-namespace} annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.4.0 cnrm.cloud.google.com/project-id: management-project-id # kpt-set: ${management-project-id} spec: resourceRef: @@ -148,6 +148,6 @@ metadata: name: configconnectorcontext.core.cnrm.cloud.google.com namespace: networking annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.4.0 spec: googleServiceAccount: networking-sa@management-project-id.iam.gserviceaccount.com # kpt-set: networking-sa@${management-project-id}.iam.gserviceaccount.com diff --git a/catalog/landing-zone/namespaces/policies.yaml b/catalog/landing-zone/namespaces/policies.yaml index 63f6edea..50271126 100644 --- a/catalog/landing-zone/namespaces/policies.yaml +++ b/catalog/landing-zone/namespaces/policies.yaml @@ -18,7 +18,7 @@ metadata: name: policies-sa namespace: config-control # kpt-set: ${management-namespace} annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.4.0 cnrm.cloud.google.com/project-id: management-project-id # kpt-set: ${management-project-id} spec: displayName: policies-sa @@ -29,7 +29,7 @@ metadata: name: policies-sa-orgpolicyadmin-permissions namespace: config-control # kpt-set: ${management-namespace} annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.4.0 cnrm.cloud.google.com/project-id: management-project-id # kpt-set: ${management-project-id} spec: resourceRef: @@ -45,7 +45,7 @@ metadata: name: policies-sa-workload-identity-binding namespace: config-control # kpt-set: ${management-namespace} annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.4.0 cnrm.cloud.google.com/project-id: management-project-id # kpt-set: ${management-project-id} spec: resourceRef: @@ -70,6 +70,6 @@ metadata: name: configconnectorcontext.core.cnrm.cloud.google.com namespace: policies annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.4.0 spec: googleServiceAccount: policies-sa@management-project-id.iam.gserviceaccount.com # kpt-set: policies-sa@${management-project-id}.iam.gserviceaccount.com diff --git a/catalog/landing-zone/namespaces/projects.yaml b/catalog/landing-zone/namespaces/projects.yaml index 49b57a8b..2017dbd0 100644 --- a/catalog/landing-zone/namespaces/projects.yaml +++ b/catalog/landing-zone/namespaces/projects.yaml @@ -18,7 +18,7 @@ metadata: name: projects-sa namespace: config-control # kpt-set: ${management-namespace} annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.4.0 cnrm.cloud.google.com/project-id: management-project-id # kpt-set: ${management-project-id} spec: displayName: projects-sa @@ -29,7 +29,7 @@ metadata: name: projects-sa-projectcreator-permissions namespace: config-control # kpt-set: ${management-namespace} annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.4.0 cnrm.cloud.google.com/project-id: management-project-id # kpt-set: ${management-project-id} spec: resourceRef: @@ -45,7 +45,7 @@ metadata: name: projects-sa-projectmover-permissions namespace: config-control # kpt-set: ${management-namespace} annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.4.0 cnrm.cloud.google.com/project-id: management-project-id # kpt-set: ${management-project-id} spec: resourceRef: @@ -61,7 +61,7 @@ metadata: name: projects-sa-projectdeleter-permissions namespace: config-control # kpt-set: ${management-namespace} annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.4.0 cnrm.cloud.google.com/project-id: management-project-id # kpt-set: ${management-project-id} spec: resourceRef: @@ -77,7 +77,7 @@ metadata: name: projects-sa-billinguser-permissions namespace: config-control # kpt-set: ${management-namespace} annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.4.0 cnrm.cloud.google.com/project-id: management-project-id # kpt-set: ${management-project-id} spec: resourceRef: @@ -93,7 +93,7 @@ metadata: name: projects-sa-serviceusageadmin-permissions namespace: config-control # kpt-set: ${management-namespace} annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.4.0 cnrm.cloud.google.com/project-id: management-project-id # kpt-set: ${management-project-id} spec: resourceRef: @@ -109,7 +109,7 @@ metadata: name: projects-sa-workload-identity-binding namespace: config-control # kpt-set: ${management-namespace} annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.4.0 cnrm.cloud.google.com/project-id: management-project-id # kpt-set: ${management-project-id} spec: resourceRef: diff --git a/catalog/landing-zone/policies/disable-guest-attributes.yaml b/catalog/landing-zone/policies/disable-guest-attributes.yaml index 64799e65..6a09136d 100644 --- a/catalog/landing-zone/policies/disable-guest-attributes.yaml +++ b/catalog/landing-zone/policies/disable-guest-attributes.yaml @@ -18,7 +18,7 @@ metadata: name: disable-guest-attributes namespace: policies annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.4.0 spec: booleanPolicy: enforced: true diff --git a/catalog/landing-zone/policies/disable-iam-grants-default-sa.yaml b/catalog/landing-zone/policies/disable-iam-grants-default-sa.yaml index ca79cab9..28243698 100644 --- a/catalog/landing-zone/policies/disable-iam-grants-default-sa.yaml +++ b/catalog/landing-zone/policies/disable-iam-grants-default-sa.yaml @@ -18,7 +18,7 @@ metadata: name: disable-iam-grants-default-sa namespace: policies annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.4.0 spec: booleanPolicy: enforced: true diff --git a/catalog/landing-zone/policies/disable-nested-virtualization.yaml b/catalog/landing-zone/policies/disable-nested-virtualization.yaml index 215dfa03..423e2792 100644 --- a/catalog/landing-zone/policies/disable-nested-virtualization.yaml +++ b/catalog/landing-zone/policies/disable-nested-virtualization.yaml @@ -18,7 +18,7 @@ metadata: name: disable-nested-virtualization namespace: policies annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.4.0 spec: booleanPolicy: enforced: true diff --git a/catalog/landing-zone/policies/disable-sa-key-creation.yaml b/catalog/landing-zone/policies/disable-sa-key-creation.yaml index 2312f870..2185375c 100644 --- a/catalog/landing-zone/policies/disable-sa-key-creation.yaml +++ b/catalog/landing-zone/policies/disable-sa-key-creation.yaml @@ -18,7 +18,7 @@ metadata: name: disable-sa-key-creation namespace: policies annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.4.0 spec: booleanPolicy: enforced: true diff --git a/catalog/landing-zone/policies/disable-serial-port.yaml b/catalog/landing-zone/policies/disable-serial-port.yaml index 7dcdbe0f..7487242a 100644 --- a/catalog/landing-zone/policies/disable-serial-port.yaml +++ b/catalog/landing-zone/policies/disable-serial-port.yaml @@ -18,7 +18,7 @@ metadata: name: disable-serial-port namespace: policies annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.4.0 spec: booleanPolicy: enforced: true diff --git a/catalog/landing-zone/policies/disable-vm-external-ip.yaml b/catalog/landing-zone/policies/disable-vm-external-ip.yaml index 99173af7..a1051f78 100644 --- a/catalog/landing-zone/policies/disable-vm-external-ip.yaml +++ b/catalog/landing-zone/policies/disable-vm-external-ip.yaml @@ -18,7 +18,7 @@ metadata: name: disable-vm-external-ip namespace: policies annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.4.0 spec: constraint: "constraints/compute.vmExternalIpAccess" listPolicy: diff --git a/catalog/landing-zone/policies/enforce-uniform-bucket-lvl-access.yaml b/catalog/landing-zone/policies/enforce-uniform-bucket-lvl-access.yaml index e59fe938..df4d1bfe 100644 --- a/catalog/landing-zone/policies/enforce-uniform-bucket-lvl-access.yaml +++ b/catalog/landing-zone/policies/enforce-uniform-bucket-lvl-access.yaml @@ -18,7 +18,7 @@ metadata: name: enforce-uniform-bucket-lvl-access namespace: policies annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.4.0 spec: booleanPolicy: enforced: true diff --git a/catalog/landing-zone/policies/restrict-cloud-sql-public-ip.yaml b/catalog/landing-zone/policies/restrict-cloud-sql-public-ip.yaml index f3733f5d..8f77c91a 100644 --- a/catalog/landing-zone/policies/restrict-cloud-sql-public-ip.yaml +++ b/catalog/landing-zone/policies/restrict-cloud-sql-public-ip.yaml @@ -18,7 +18,7 @@ metadata: name: restrict-cloud-sql-public-ip namespace: policies annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.4.0 spec: booleanPolicy: enforced: true diff --git a/catalog/landing-zone/policies/restrict-lien-removal.yaml b/catalog/landing-zone/policies/restrict-lien-removal.yaml index 5ae81471..3ebb9af8 100644 --- a/catalog/landing-zone/policies/restrict-lien-removal.yaml +++ b/catalog/landing-zone/policies/restrict-lien-removal.yaml @@ -18,7 +18,7 @@ metadata: name: restrict-lien-removal namespace: policies annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.4.0 spec: booleanPolicy: enforced: true diff --git a/catalog/landing-zone/policies/skip-default-network.yaml b/catalog/landing-zone/policies/skip-default-network.yaml index 9781e954..f2a18797 100644 --- a/catalog/landing-zone/policies/skip-default-network.yaml +++ b/catalog/landing-zone/policies/skip-default-network.yaml @@ -18,7 +18,7 @@ metadata: name: skip-default-network namespace: policies annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.4.0 spec: booleanPolicy: enforced: true diff --git a/catalog/landing-zone/services.yaml b/catalog/landing-zone/services.yaml index d4432973..ff7e3aa4 100644 --- a/catalog/landing-zone/services.yaml +++ b/catalog/landing-zone/services.yaml @@ -18,7 +18,7 @@ metadata: name: management-project-id-cloudbilling # kpt-set: ${management-project-id}-cloudbilling namespace: config-control # kpt-set: ${management-namespace} annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone/v0.4.0 cnrm.cloud.google.com/deletion-policy: "abandon" cnrm.cloud.google.com/project-id: management-project-id # kpt-set: ${management-project-id} spec: diff --git a/catalog/log-export/CHANGELOG.md b/catalog/log-export/CHANGELOG.md new file mode 100644 index 00000000..ff50e06e --- /dev/null +++ b/catalog/log-export/CHANGELOG.md @@ -0,0 +1,8 @@ +# Changelog + +## [0.4.0](https://www.github.com/GoogleCloudPlatform/blueprints/compare/log-export-blueprint-v0.3.0...log-export-blueprint-v0.4.0) (2021-09-14) + + +### Features + +* Switch to using IAMPartialPolicy instead of IAMPolicyMember ([#62](https://www.github.com/GoogleCloudPlatform/blueprints/issues/62)) ([395b921](https://www.github.com/GoogleCloudPlatform/blueprints/commit/395b921fe35bf54677e66df013f3ca4c2a09fdb6)) diff --git a/catalog/log-export/folder/bigquery-export/export.yaml b/catalog/log-export/folder/bigquery-export/export.yaml index 3c6fdc40..03cadff7 100644 --- a/catalog/log-export/folder/bigquery-export/export.yaml +++ b/catalog/log-export/folder/bigquery-export/export.yaml @@ -19,7 +19,7 @@ metadata: name: my-project-id-bigquery # kpt-set: ${project-id}-bigquery namespace: projects annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone:log-export/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone:log-export/v0.4.0 cnrm.cloud.google.com/deletion-policy: abandon cnrm.cloud.google.com/disable-dependent-services: "false" cnrm.cloud.google.com/project-id: my-project-id # kpt-set: ${project-id} @@ -33,7 +33,7 @@ metadata: name: my.folder.k8s.name-bqsink # kpt-set: ${folder-k8s-name}-bqsink namespace: my-namespace # kpt-set: ${namespace} annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone:log-export/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone:log-export/v0.4.0 spec: destination: bigQueryDatasetRef: @@ -50,7 +50,7 @@ metadata: name: bqlogexportdataset namespace: my-namespace # kpt-set: ${namespace} annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone:log-export/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone:log-export/v0.4.0 cnrm.cloud.google.com/delete-contents-on-destroy: "false" # kpt-set: ${delete-contents-on-destroy} spec: defaultTableExpirationMs: 3600000 # kpt-set: ${default-table-expiration-ms} diff --git a/catalog/log-export/folder/bigquery-export/iam.yaml b/catalog/log-export/folder/bigquery-export/iam.yaml index a7b7b651..87e32366 100644 --- a/catalog/log-export/folder/bigquery-export/iam.yaml +++ b/catalog/log-export/folder/bigquery-export/iam.yaml @@ -19,7 +19,7 @@ metadata: name: bq-project-iam-policy namespace: my-namespace # kpt-set: ${namespace} annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone:log-export/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone:log-export/v0.4.0 spec: memberFrom: logSinkRef: diff --git a/catalog/log-export/folder/pubsub-export/export.yaml b/catalog/log-export/folder/pubsub-export/export.yaml index 0490eaf4..bc8e9a5a 100644 --- a/catalog/log-export/folder/pubsub-export/export.yaml +++ b/catalog/log-export/folder/pubsub-export/export.yaml @@ -19,7 +19,7 @@ metadata: name: my-project-id-pubsub # kpt-set: ${project-id}-pubsub namespace: projects annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone:log-export/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone:log-export/v0.4.0 cnrm.cloud.google.com/deletion-policy: "abandon" cnrm.cloud.google.com/disable-dependent-services: "false" cnrm.cloud.google.com/project-id: my-project-id # kpt-set: ${project-id} @@ -33,7 +33,7 @@ metadata: name: my.folder.k8s.name-pubsubsink # kpt-set: ${folder-k8s-name}-pubsubsink namespace: my-namespace # kpt-set: ${namespace} annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone:log-export/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone:log-export/v0.4.0 spec: destination: pubSubTopicRef: diff --git a/catalog/log-export/folder/pubsub-export/iam.yaml b/catalog/log-export/folder/pubsub-export/iam.yaml index b741fad2..45b762cb 100644 --- a/catalog/log-export/folder/pubsub-export/iam.yaml +++ b/catalog/log-export/folder/pubsub-export/iam.yaml @@ -19,7 +19,7 @@ metadata: name: pubsub-iam-policy namespace: my-namespace # kpt-set: ${namespace} annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone:log-export/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone:log-export/v0.4.0 spec: memberFrom: logSinkRef: diff --git a/catalog/log-export/folder/storage-export/export.yaml b/catalog/log-export/folder/storage-export/export.yaml index 5dfd4896..7c43d693 100644 --- a/catalog/log-export/folder/storage-export/export.yaml +++ b/catalog/log-export/folder/storage-export/export.yaml @@ -19,7 +19,7 @@ metadata: name: my-project-id-storage # kpt-set: ${project-id}-storage namespace: projects annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone:log-export/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone:log-export/v0.4.0 cnrm.cloud.google.com/deletion-policy: "abandon" cnrm.cloud.google.com/disable-dependent-services: "false" cnrm.cloud.google.com/project-id: my-project-id # kpt-set: ${project-id} @@ -33,7 +33,7 @@ metadata: name: my.folder.k8s.name-storagesink # kpt-set: ${folder-k8s-name}-storagesink namespace: my-namespace # kpt-set: ${namespace} annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone:log-export/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone:log-export/v0.4.0 spec: destination: storageBucketRef: diff --git a/catalog/log-export/folder/storage-export/iam.yaml b/catalog/log-export/folder/storage-export/iam.yaml index 9d9affac..3d5c8c9b 100644 --- a/catalog/log-export/folder/storage-export/iam.yaml +++ b/catalog/log-export/folder/storage-export/iam.yaml @@ -19,7 +19,7 @@ metadata: name: storage-project-iam-policy namespace: my-namespace # kpt-set: ${namespace} annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone:log-export/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone:log-export/v0.4.0 spec: memberFrom: logSinkRef: diff --git a/catalog/log-export/org/bigquery-export/export.yaml b/catalog/log-export/org/bigquery-export/export.yaml index cdface31..25064f2c 100644 --- a/catalog/log-export/org/bigquery-export/export.yaml +++ b/catalog/log-export/org/bigquery-export/export.yaml @@ -19,7 +19,7 @@ metadata: name: my-project-id-bigquery # kpt-set: ${project-id}-bigquery namespace: projects annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone:log-export/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone:log-export/v0.4.0 cnrm.cloud.google.com/deletion-policy: "abandon" cnrm.cloud.google.com/disable-dependent-services: "false" cnrm.cloud.google.com/project-id: my-project-id # kpt-set: ${project-id} @@ -33,7 +33,7 @@ metadata: name: 123456789012-bqsink # kpt-set: ${org-id}-bqsink namespace: logging # kpt-set: ${namespace} annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone:log-export/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone:log-export/v0.4.0 spec: destination: bigQueryDatasetRef: @@ -52,7 +52,7 @@ metadata: annotations: cnrm.cloud.google.com/delete-contents-on-destroy: "false" # kpt-set: ${delete-contents-on-destroy} cnrm.cloud.google.com/project-id: my-project-id # kpt-set: ${project-id} - cnrm.cloud.google.com/blueprint: cnrm/landing-zone:log-export/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone:log-export/v0.4.0 spec: defaultTableExpirationMs: 3600000 # kpt-set: ${default-table-expiration-ms} description: "BigQuery audit logs for folder" # kpt-set: ${dataset-description} diff --git a/catalog/log-export/org/bigquery-export/iam.yaml b/catalog/log-export/org/bigquery-export/iam.yaml index 541cf505..70790043 100644 --- a/catalog/log-export/org/bigquery-export/iam.yaml +++ b/catalog/log-export/org/bigquery-export/iam.yaml @@ -19,7 +19,7 @@ metadata: name: bq-project-iam-policy namespace: logging # kpt-set: ${namespace} annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone:log-export/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone:log-export/v0.4.0 spec: memberFrom: logSinkRef: @@ -36,7 +36,7 @@ metadata: name: logging-sa-iam-permissions namespace: config-control # kpt-set: ${management-namespace} annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone:log-export/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone:log-export/v0.4.0 spec: resourceRef: apiVersion: resourcemanager.cnrm.cloud.google.com/v1beta1 diff --git a/catalog/log-export/org/pubsub-export/export.yaml b/catalog/log-export/org/pubsub-export/export.yaml index df42a499..cfdf9902 100644 --- a/catalog/log-export/org/pubsub-export/export.yaml +++ b/catalog/log-export/org/pubsub-export/export.yaml @@ -19,7 +19,7 @@ metadata: name: my-project-id-pubsub # kpt-set: ${project-id}-pubsub namespace: projects annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone:log-export/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone:log-export/v0.4.0 cnrm.cloud.google.com/deletion-policy: "abandon" cnrm.cloud.google.com/disable-dependent-services: "false" cnrm.cloud.google.com/project-id: my-project-id # kpt-set: ${project-id} @@ -33,7 +33,7 @@ metadata: name: 123456789012-pubsubsink # kpt-set: ${org-id}-pubsubsink namespace: my-namespace # kpt-set: ${namespace} annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone:log-export/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone:log-export/v0.4.0 spec: destination: pubSubTopicRef: @@ -50,6 +50,6 @@ metadata: name: pubsub-logexport-dataset # kpt-set: ${topic-name} namespace: my-namespace # kpt-set: ${namespace} annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone:log-export/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone:log-export/v0.4.0 # TODO(jcwc): Add support for creating subscribers (either a new blueprint or kpt fn) diff --git a/catalog/log-export/org/pubsub-export/iam.yaml b/catalog/log-export/org/pubsub-export/iam.yaml index 969c5c28..e857b8ba 100644 --- a/catalog/log-export/org/pubsub-export/iam.yaml +++ b/catalog/log-export/org/pubsub-export/iam.yaml @@ -19,7 +19,7 @@ metadata: name: pubsub-iam-policy namespace: my-namespace # kpt-set: ${namespace} annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone:log-export/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone:log-export/v0.4.0 spec: memberFrom: logSinkRef: diff --git a/catalog/log-export/org/storage-export/export.yaml b/catalog/log-export/org/storage-export/export.yaml index 13a87b5c..086b413a 100644 --- a/catalog/log-export/org/storage-export/export.yaml +++ b/catalog/log-export/org/storage-export/export.yaml @@ -19,7 +19,7 @@ metadata: name: my-project-id-storage # kpt-set: ${project-id}-storage namespace: projects annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone:log-export/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone:log-export/v0.4.0 cnrm.cloud.google.com/deletion-policy: "abandon" cnrm.cloud.google.com/disable-dependent-services: "false" cnrm.cloud.google.com/project-id: my-project-id # kpt-set: ${project-id} @@ -33,7 +33,7 @@ metadata: name: 123456789012-storagesink # kpt-set: ${org-id}-storagesink namespace: my-namespace # kpt-set: ${namespace} annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone:log-export/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone:log-export/v0.4.0 spec: destination: storageBucketRef: @@ -51,7 +51,7 @@ metadata: namespace: my-namespace # kpt-set: ${namespace} annotations: cnrm.cloud.google.com/force-destroy: "true" - cnrm.cloud.google.com/blueprint: cnrm/landing-zone:log-export/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone:log-export/v0.4.0 spec: bucketPolicyOnly: false # kpt-set: ${bucket-policy-only} location: US # kpt-set: ${location} diff --git a/catalog/log-export/org/storage-export/iam.yaml b/catalog/log-export/org/storage-export/iam.yaml index 2143059d..c156a8f7 100644 --- a/catalog/log-export/org/storage-export/iam.yaml +++ b/catalog/log-export/org/storage-export/iam.yaml @@ -19,7 +19,7 @@ metadata: name: storage-project-iam-policy namespace: my-namespace # kpt-set: ${namespace} annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone:log-export/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone:log-export/v0.4.0 spec: memberFrom: logSinkRef: diff --git a/catalog/networking/CHANGELOG.md b/catalog/networking/CHANGELOG.md new file mode 100644 index 00000000..70754ed4 --- /dev/null +++ b/catalog/networking/CHANGELOG.md @@ -0,0 +1,8 @@ +# Changelog + +## [0.4.0](https://www.github.com/GoogleCloudPlatform/blueprints/compare/networking-blueprint-v0.3.0...networking-blueprint-v0.4.0) (2021-09-14) + + +### Features + +* adds ha vpn to the networking blueprint ([#61](https://www.github.com/GoogleCloudPlatform/blueprints/issues/61)) ([483a027](https://www.github.com/GoogleCloudPlatform/blueprints/commit/483a027d2fa6f83dcd198823d3dd1209c7172c1b)) diff --git a/catalog/networking/dns/managedzone-forwarding/dns.yaml b/catalog/networking/dns/managedzone-forwarding/dns.yaml index 5cb55045..bd7f94dc 100644 --- a/catalog/networking/dns/managedzone-forwarding/dns.yaml +++ b/catalog/networking/dns/managedzone-forwarding/dns.yaml @@ -18,7 +18,7 @@ metadata: name: dnsmanagedzone-sample # kpt-set: ${managed-zone-name} namespace: networking # kpt-set: ${namespace} annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone:log-export/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone:log-export/v0.4.0 cnrm.cloud.google.com/project-id: project-id # kpt-set: ${project-id} spec: dnsName: "example.com." # kpt-set: ${domain} diff --git a/catalog/networking/dns/managedzone-forwarding/services.yaml b/catalog/networking/dns/managedzone-forwarding/services.yaml index 4291bb5d..ffa1d7bc 100644 --- a/catalog/networking/dns/managedzone-forwarding/services.yaml +++ b/catalog/networking/dns/managedzone-forwarding/services.yaml @@ -18,7 +18,7 @@ metadata: name: project-id-dns # kpt-set: ${project-id}-dns namespace: projects annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone:networking/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone:networking/v0.4.0 cnrm.cloud.google.com/disable-on-destroy: "false" cnrm.cloud.google.com/project-id: project-id # kpt-set: ${project-id} spec: diff --git a/catalog/networking/dns/managedzone-peering/dns.yaml b/catalog/networking/dns/managedzone-peering/dns.yaml index 401573d8..590f11bc 100644 --- a/catalog/networking/dns/managedzone-peering/dns.yaml +++ b/catalog/networking/dns/managedzone-peering/dns.yaml @@ -18,7 +18,7 @@ metadata: name: dnsmanagedzone-sample # kpt-set: ${managed-zone-name} namespace: networking # kpt-set: ${namespace} annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone:networking/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone:networking/v0.4.0 cnrm.cloud.google.com/project-id: project-id # kpt-set: ${project-id} spec: dnsName: "example.com." # kpt-set: ${domain} diff --git a/catalog/networking/dns/managedzone-peering/services.yaml b/catalog/networking/dns/managedzone-peering/services.yaml index 4291bb5d..ffa1d7bc 100644 --- a/catalog/networking/dns/managedzone-peering/services.yaml +++ b/catalog/networking/dns/managedzone-peering/services.yaml @@ -18,7 +18,7 @@ metadata: name: project-id-dns # kpt-set: ${project-id}-dns namespace: projects annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone:networking/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone:networking/v0.4.0 cnrm.cloud.google.com/disable-on-destroy: "false" cnrm.cloud.google.com/project-id: project-id # kpt-set: ${project-id} spec: diff --git a/catalog/networking/dns/managedzone-private/dns.yaml b/catalog/networking/dns/managedzone-private/dns.yaml index 9b360e32..ee63c808 100644 --- a/catalog/networking/dns/managedzone-private/dns.yaml +++ b/catalog/networking/dns/managedzone-private/dns.yaml @@ -18,7 +18,7 @@ metadata: name: dnsmanagedzone-sample # kpt-set: ${managed-zone-name} namespace: networking # kpt-set: ${namespace} annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone:networking/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone:networking/v0.4.0 cnrm.cloud.google.com/project-id: project-id # kpt-set: ${project-id} spec: dnsName: "example.com." # kpt-set: ${domain} diff --git a/catalog/networking/dns/managedzone-private/services.yaml b/catalog/networking/dns/managedzone-private/services.yaml index 4291bb5d..ffa1d7bc 100644 --- a/catalog/networking/dns/managedzone-private/services.yaml +++ b/catalog/networking/dns/managedzone-private/services.yaml @@ -18,7 +18,7 @@ metadata: name: project-id-dns # kpt-set: ${project-id}-dns namespace: projects annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone:networking/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone:networking/v0.4.0 cnrm.cloud.google.com/disable-on-destroy: "false" cnrm.cloud.google.com/project-id: project-id # kpt-set: ${project-id} spec: diff --git a/catalog/networking/dns/policy/policy.yaml b/catalog/networking/dns/policy/policy.yaml index 32ed3cc7..5a1c0d88 100644 --- a/catalog/networking/dns/policy/policy.yaml +++ b/catalog/networking/dns/policy/policy.yaml @@ -17,7 +17,7 @@ metadata: name: default-dns-policy # kpt-set: ${dns-policy-name} namespace: networking # kpt-set: ${namespace} annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone:networking/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone:networking/v0.4.0 cnrm.cloud.google.com/project-id: project-id # kpt-set: ${project-id} spec: enableInboundForwarding: true diff --git a/catalog/networking/dns/recordset/recordset.yaml b/catalog/networking/dns/recordset/recordset.yaml index 39165d44..f258a0a7 100644 --- a/catalog/networking/dns/recordset/recordset.yaml +++ b/catalog/networking/dns/recordset/recordset.yaml @@ -18,7 +18,7 @@ metadata: name: dnsrecordset-sample-a # kpt-set: ${record-set-name} namespace: networking # kpt-set: ${namespace} annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone:networking/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone:networking/v0.4.0 cnrm.cloud.google.com/project-id: project-id # kpt-set: ${project-id} spec: name: "www.example.com." # kpt-set: ${name}${domain} diff --git a/catalog/networking/firewall/common-rules/egress/allow-google-apis.yaml b/catalog/networking/firewall/common-rules/egress/allow-google-apis.yaml index 84e7a8a7..4e686751 100644 --- a/catalog/networking/firewall/common-rules/egress/allow-google-apis.yaml +++ b/catalog/networking/firewall/common-rules/egress/allow-google-apis.yaml @@ -18,7 +18,7 @@ metadata: name: network-name-fw-allow-google-apis # kpt-set: ${network-name}-fw-allow-google-apis namespace: firewalls-namespace # kpt-set: ${firewalls-namespace} annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone:networking/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone:networking/v0.4.0 spec: priority: 65534 allow: diff --git a/catalog/networking/firewall/common-rules/egress/allow-windows-kms.yaml b/catalog/networking/firewall/common-rules/egress/allow-windows-kms.yaml index a4db7713..73d792aa 100644 --- a/catalog/networking/firewall/common-rules/egress/allow-windows-kms.yaml +++ b/catalog/networking/firewall/common-rules/egress/allow-windows-kms.yaml @@ -18,7 +18,7 @@ metadata: name: network-name-fw-allow-windows-kms # kpt-set: ${network-name}-fw-allow-windows-kms namespace: firewalls-namespace # kpt-set: ${firewalls-namespace} annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone:networking/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone:networking/v0.4.0 spec: priority: 100 allow: diff --git a/catalog/networking/firewall/common-rules/egress/deny-all.yaml b/catalog/networking/firewall/common-rules/egress/deny-all.yaml index 0c288dc5..ff7b4968 100644 --- a/catalog/networking/firewall/common-rules/egress/deny-all.yaml +++ b/catalog/networking/firewall/common-rules/egress/deny-all.yaml @@ -18,7 +18,7 @@ metadata: name: network-name-fw-deny-all-egress # kpt-set: ${network-name}-fw-deny-all-egress namespace: firewalls-namespace # kpt-set: ${firewalls-namespace} annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone:networking/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone:networking/v0.4.0 spec: priority: 65535 deny: diff --git a/catalog/networking/firewall/common-rules/ingress/allow-gcp-lb.yaml b/catalog/networking/firewall/common-rules/ingress/allow-gcp-lb.yaml index de22ffab..16e9d387 100644 --- a/catalog/networking/firewall/common-rules/ingress/allow-gcp-lb.yaml +++ b/catalog/networking/firewall/common-rules/ingress/allow-gcp-lb.yaml @@ -18,7 +18,7 @@ metadata: name: network-name-fw-allow-gcp-lb # kpt-set: ${network-name}-fw-allow-gcp-lb namespace: firewalls-namespace # kpt-set: ${firewalls-namespace} annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone:networking/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone:networking/v0.4.0 spec: priority: 10000 # kpt-set: ${priority} allow: diff --git a/catalog/networking/firewall/common-rules/ingress/allow-iap-rdp.yaml b/catalog/networking/firewall/common-rules/ingress/allow-iap-rdp.yaml index eb30338c..9a037674 100644 --- a/catalog/networking/firewall/common-rules/ingress/allow-iap-rdp.yaml +++ b/catalog/networking/firewall/common-rules/ingress/allow-iap-rdp.yaml @@ -18,7 +18,7 @@ metadata: name: network-name-fw-allow-iap-rdp # kpt-set: ${network-name}-fw-allow-iap-rdp namespace: firewalls-namespace # kpt-set: ${firewalls-namespace} annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone:networking/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone:networking/v0.4.0 spec: priority: 10000 # kpt-set: ${priority} allow: diff --git a/catalog/networking/firewall/common-rules/ingress/allow-iap-ssh.yaml b/catalog/networking/firewall/common-rules/ingress/allow-iap-ssh.yaml index 139470e5..9b718ec3 100644 --- a/catalog/networking/firewall/common-rules/ingress/allow-iap-ssh.yaml +++ b/catalog/networking/firewall/common-rules/ingress/allow-iap-ssh.yaml @@ -18,7 +18,7 @@ metadata: name: network-name-fw-allow-iap-ssh # kpt-set: ${network-name}-fw-allow-iap-ssh namespace: firewalls-namespace # kpt-set: ${firewalls-namespace} annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone:networking/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone:networking/v0.4.0 spec: priority: 10000 # kpt-set: ${priority} allow: diff --git a/catalog/networking/firewall/common-rules/ingress/allow-internal-common.yaml b/catalog/networking/firewall/common-rules/ingress/allow-internal-common.yaml index 06d1c55e..58c2f8b8 100644 --- a/catalog/networking/firewall/common-rules/ingress/allow-internal-common.yaml +++ b/catalog/networking/firewall/common-rules/ingress/allow-internal-common.yaml @@ -18,7 +18,7 @@ metadata: name: network-name-fw-allow-internal-common # kpt-set: ${network-name}-fw-allow-internal-common namespace: firewalls-namespace # kpt-set: ${firewalls-namespace} annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone:networking/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone:networking/v0.4.0 spec: priority: 10000 # kpt-set: ${priority} allow: diff --git a/catalog/networking/network/subnet/nat.yaml b/catalog/networking/network/subnet/nat.yaml index 72d95292..12a83450 100644 --- a/catalog/networking/network/subnet/nat.yaml +++ b/catalog/networking/network/subnet/nat.yaml @@ -19,7 +19,7 @@ metadata: namespace: networking # kpt-set: ${namespace} annotations: cnrm.cloud.google.com/project-id: project-id # kpt-set: ${project-id} - cnrm.cloud.google.com/blueprint: cnrm/landing-zone:networking/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone:networking/v0.4.0 spec: natIpAllocateOption: AUTO_ONLY region: us-central1 # kpt-set: ${region} @@ -34,7 +34,7 @@ metadata: namespace: networking # kpt-set: ${namespace} annotations: cnrm.cloud.google.com/project-id: project-id # kpt-set: ${project-id} - cnrm.cloud.google.com/blueprint: cnrm/landing-zone:networking/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone:networking/v0.4.0 spec: description: example router description networkRef: diff --git a/catalog/networking/network/subnet/subnet.yaml b/catalog/networking/network/subnet/subnet.yaml index 7cedd1af..a32bee8a 100644 --- a/catalog/networking/network/subnet/subnet.yaml +++ b/catalog/networking/network/subnet/subnet.yaml @@ -19,7 +19,7 @@ metadata: namespace: networking # kpt-set: ${namespace} annotations: cnrm.cloud.google.com/project-id: project-id # kpt-set: ${project-id} - cnrm.cloud.google.com/blueprint: cnrm/landing-zone:networking/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone:networking/v0.4.0 spec: description: Subnetwork ipCidrRange: 10.2.0.0/16 # kpt-set: ${ip-cidr-range} diff --git a/catalog/networking/network/vpc/services.yaml b/catalog/networking/network/vpc/services.yaml index b765ffc7..7846b444 100644 --- a/catalog/networking/network/vpc/services.yaml +++ b/catalog/networking/network/vpc/services.yaml @@ -18,7 +18,7 @@ metadata: name: project-id-compute # kpt-set: ${project-id}-compute namespace: projects annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone:networking/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone:networking/v0.4.0 cnrm.cloud.google.com/disable-on-destroy: "false" cnrm.cloud.google.com/project-id: project-id # kpt-set: ${project-id} spec: diff --git a/catalog/networking/network/vpc/vpc.yaml b/catalog/networking/network/vpc/vpc.yaml index 27f7881d..8d84fb17 100644 --- a/catalog/networking/network/vpc/vpc.yaml +++ b/catalog/networking/network/vpc/vpc.yaml @@ -18,7 +18,7 @@ metadata: name: network-name # kpt-set: ${network-name} namespace: networking # kpt-set: ${namespace} annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone:networking/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone:networking/v0.4.0 cnrm.cloud.google.com/project-id: project-id # kpt-set: ${project-id} spec: autoCreateSubnetworks: false diff --git a/catalog/networking/network/vpn.yaml b/catalog/networking/network/vpn.yaml index e426cbc3..3bec94ad 100644 --- a/catalog/networking/network/vpn.yaml +++ b/catalog/networking/network/vpn.yaml @@ -19,7 +19,7 @@ metadata: namespace: networking # kpt-set: ${namespace} annotations: cnrm.cloud.google.com/project-id: project-id # kpt-set: ${project-id} - cnrm.cloud.google.com/blueprint: cnrm/landing-zone:networking/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone:networking/v0.4.0 spec: description: "Compute HA VPN Gateway" networkRef: @@ -33,7 +33,7 @@ metadata: namespace: networking # kpt-set: ${namespace} annotations: cnrm.cloud.google.com/project-id: project-id # kpt-set: ${project-id} - cnrm.cloud.google.com/blueprint: cnrm/landing-zone:networking/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone:networking/v0.4.0 spec: redundancyType: "TWO_IPS_REDUNDANCY" interface: @@ -49,7 +49,7 @@ metadata: namespace: networking # kpt-set: ${namespace} annotations: cnrm.cloud.google.com/project-id: project-id # kpt-set: ${project-id} - cnrm.cloud.google.com/blueprint: cnrm/landing-zone:networking/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone:networking/v0.4.0 spec: peerExternalGatewayInterface: 0 peerExternalGatewayRef: @@ -73,7 +73,7 @@ metadata: namespace: networking # kpt-set: ${namespace} annotations: cnrm.cloud.google.com/project-id: project-id # kpt-set: ${project-id} - cnrm.cloud.google.com/blueprint: cnrm/landing-zone:networking/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone:networking/v0.4.0 spec: peerExternalGatewayInterface: 1 peerExternalGatewayRef: diff --git a/catalog/networking/peering/peering.yaml b/catalog/networking/peering/peering.yaml index 25812621..8bf9eff0 100644 --- a/catalog/networking/peering/peering.yaml +++ b/catalog/networking/peering/peering.yaml @@ -18,7 +18,7 @@ metadata: name: local-network-to-peer-network # kpt-set: ${local-network}-to-${peer-network} namespace: namespace # kpt-set: ${namespace} annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone:networking/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone:networking/v0.4.0 spec: exportCustomRoutes: false exportSubnetRoutesWithPublicIp: true @@ -37,7 +37,7 @@ metadata: name: peer-network-to-local-network # kpt-set: ${peer-network}-to-${local-network} namespace: namespace # kpt-set: ${namespace} annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone:networking/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone:networking/v0.4.0 spec: exportCustomRoutes: false exportSubnetRoutesWithPublicIp: true diff --git a/catalog/networking/routes/routes-igw/route.yaml b/catalog/networking/routes/routes-igw/route.yaml index 98d1d8e3..02a26b21 100644 --- a/catalog/networking/routes/routes-igw/route.yaml +++ b/catalog/networking/routes/routes-igw/route.yaml @@ -18,7 +18,7 @@ metadata: namespace: networking # kpt-set: ${namespace} annotations: cnrm.cloud.google.com/project-id: project-id # kpt-set: ${project-id} - cnrm.cloud.google.com/blueprint: cnrm/landing-zone:networking/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone:networking/v0.4.0 spec: priority: 1000 destRange: 0.0.0.0/0 # kpt-set: ${destination-range} diff --git a/catalog/networking/shared-vpc/sharedVPC.yaml b/catalog/networking/shared-vpc/sharedVPC.yaml index 922a04bc..72cc8292 100644 --- a/catalog/networking/shared-vpc/sharedVPC.yaml +++ b/catalog/networking/shared-vpc/sharedVPC.yaml @@ -19,4 +19,4 @@ metadata: namespace: networking # kpt-set: ${namespace} annotations: cnrm.cloud.google.com/project-id: project-id # kpt-set: ${project-id} - cnrm.cloud.google.com/blueprint: cnrm/landing-zone:networking/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone:networking/v0.4.0 diff --git a/catalog/networking/svpc-service-project/serviceproject.yaml b/catalog/networking/svpc-service-project/serviceproject.yaml index d2097230..4c97e94b 100644 --- a/catalog/networking/svpc-service-project/serviceproject.yaml +++ b/catalog/networking/svpc-service-project/serviceproject.yaml @@ -19,7 +19,7 @@ metadata: namespace: networking # kpt-set: ${namespace} annotations: cnrm.cloud.google.com/project-id: host-project # kpt-set: ${host-project-id} - cnrm.cloud.google.com/blueprint: cnrm/landing-zone:networking/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone:networking/v0.4.0 spec: projectRef: name: project-id # kpt-set: ${project-id} diff --git a/catalog/networking/vpc-service-controls/access-policy/policy.yaml b/catalog/networking/vpc-service-controls/access-policy/policy.yaml index eba08854..4416e7dd 100644 --- a/catalog/networking/vpc-service-controls/access-policy/policy.yaml +++ b/catalog/networking/vpc-service-controls/access-policy/policy.yaml @@ -18,7 +18,7 @@ metadata: name: org-access-policy # kpt-set: ${access-policy-name} namespace: networking # kpt-set: ${namespace} annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone:networking/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone:networking/v0.4.0 cnrm.cloud.google.com/organization-id: example-org # kpt-set: ${org-id} spec: title: org-access-policy Policy # kpt-set: ${access-policy-name} Policy diff --git a/catalog/networking/vpc-service-controls/perimeter/access-level.yaml b/catalog/networking/vpc-service-controls/perimeter/access-level.yaml index c76735fd..61e2c857 100644 --- a/catalog/networking/vpc-service-controls/perimeter/access-level.yaml +++ b/catalog/networking/vpc-service-controls/perimeter/access-level.yaml @@ -18,7 +18,7 @@ metadata: name: alregionperimeter # kpt-set: al${perimeter-name}${suffix} namespace: networking # kpt-set: ${namespace} annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone:networking/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone:networking/v0.4.0 cnrm.cloud.google.com/organization-id: example-org # kpt-set: ${org-id} spec: accessPolicyRef: diff --git a/catalog/networking/vpc-service-controls/perimeter/perimeter.yaml b/catalog/networking/vpc-service-controls/perimeter/perimeter.yaml index 303130a0..29b43688 100644 --- a/catalog/networking/vpc-service-controls/perimeter/perimeter.yaml +++ b/catalog/networking/vpc-service-controls/perimeter/perimeter.yaml @@ -18,7 +18,7 @@ metadata: name: spcregionperimeter # kpt-set: sp${perimeter-name}${suffix} namespace: networking # kpt-set: ${namespace} annotations: - cnrm.cloud.google.com/blueprint: cnrm/landing-zone:networking/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone:networking/v0.4.0 spec: status: resources: diff --git a/catalog/project/CHANGELOG.md b/catalog/project/CHANGELOG.md new file mode 100644 index 00000000..bb7543fc --- /dev/null +++ b/catalog/project/CHANGELOG.md @@ -0,0 +1,8 @@ +# Changelog + +## [0.4.0](https://www.github.com/GoogleCloudPlatform/blueprints/compare/project-blueprint-v0.3.0...project-blueprint-v0.4.0) (2021-09-14) + + +### Features + +* Switch to using IAMPartialPolicy instead of IAMPolicyMember ([#62](https://www.github.com/GoogleCloudPlatform/blueprints/issues/62)) ([395b921](https://www.github.com/GoogleCloudPlatform/blueprints/commit/395b921fe35bf54677e66df013f3ca4c2a09fdb6)) diff --git a/catalog/project/kcc-namespace/kcc-project-owner.yaml b/catalog/project/kcc-namespace/kcc-project-owner.yaml index 634897ae..320639db 100644 --- a/catalog/project/kcc-namespace/kcc-project-owner.yaml +++ b/catalog/project/kcc-namespace/kcc-project-owner.yaml @@ -18,7 +18,7 @@ metadata: name: kcc-project-id-owners-permissions # kpt-set: kcc-${project-id}-owners-permissions namespace: projects # kpt-set: ${projects-namespace} annotations: - cnrm.cloud.google.com/blueprint: cnrm/kcc-namespace/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/kcc-namespace/v0.4.0 cnrm.cloud.google.com/project-id: management-project-id # kpt-set: ${management-project-id} spec: resourceRef: diff --git a/catalog/project/kcc-namespace/kcc.yaml b/catalog/project/kcc-namespace/kcc.yaml index 18106f5c..94e60753 100644 --- a/catalog/project/kcc-namespace/kcc.yaml +++ b/catalog/project/kcc-namespace/kcc.yaml @@ -18,7 +18,7 @@ metadata: name: configconnectorcontext.core.cnrm.cloud.google.com namespace: project-id # kpt-set: ${project-id} annotations: - cnrm.cloud.google.com/blueprint: cnrm/kcc-namespace/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/kcc-namespace/v0.4.0 spec: googleServiceAccount: kcc-project-id@management-project-id.iam.gserviceaccount.com # kpt-set: kcc-${project-id}@${management-project-id}.iam.gserviceaccount.com --- @@ -29,7 +29,7 @@ metadata: name: kcc-project-id # kpt-set: kcc-${project-id} namespace: config-control # kpt-set: ${management-namespace} annotations: - cnrm.cloud.google.com/blueprint: cnrm/kcc-namespace/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/kcc-namespace/v0.4.0 cnrm.cloud.google.com/project-id: management-project-id # kpt-set: ${management-project-id} spec: displayName: kcc-project-id # kpt-set: kcc-${project-id} @@ -41,7 +41,7 @@ metadata: name: project-id-sa-workload-identity-binding # kpt-set: ${project-id}-sa-workload-identity-binding namespace: config-control # kpt-set: ${management-namespace} annotations: - cnrm.cloud.google.com/blueprint: cnrm/kcc-namespace/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/kcc-namespace/v0.4.0 cnrm.cloud.google.com/project-id: management-project-id # kpt-set: ${management-project-id} spec: resourceRef: diff --git a/catalog/project/project.yaml b/catalog/project/project.yaml index 11a0bbb8..111b5a89 100644 --- a/catalog/project/project.yaml +++ b/catalog/project/project.yaml @@ -18,7 +18,7 @@ metadata: namespace: projects # kpt-set: ${projects-namespace} annotations: cnrm.cloud.google.com/auto-create-network: "false" - cnrm.cloud.google.com/blueprint: cnrm/landing-zone:project/v0.3.0 + cnrm.cloud.google.com/blueprint: cnrm/landing-zone:project/v0.4.0 spec: name: project-id # kpt-set: ${project-id} billingAccountRef: