Skip to content

Latest commit

 

History

History
814 lines (671 loc) · 78.2 KB

CHANGELOG.md

File metadata and controls

814 lines (671 loc) · 78.2 KB
Raw

Change Log

v2.4.3 (2019-06-24)

Full Changelog

Closed issues:

  • Tag v2.4.3 release #515

v2.4.3 (2019-06-24)

Full Changelog

Closed issues:

  • Tag v2.4.0 release #511

Merged pull requests:

v2.4.0 (2019-03-09)

Full Changelog

Closed issues:

  • Tag v2.4.0 release #503

Merged pull requests:

v2.4.0 (2019-03-07)

Full Changelog

Closed issues:

  • Tag v2.4.0 release #500
  • Tag v2.4.0 release #497
  • Tag v2.4.0 release #494
  • Tag v2.4.0 release #491
  • Tag v2.4.0 release #488
  • Tag v2.4.0 release #485
  • Tag v2.4.0 release #482
  • Tag v2.4.0 release #479
  • Update infosec security role #477
  • Tag v2.3.1 release #474

Merged pull requests:

v2.3.1 (2018-08-21)

Full Changelog

Closed issues:

  • Tag v2.3.0 release #469
  • Tag v2.3.0 release #466
  • Tag v2.3.0 release #463
  • Tag v2.3.0 release #460
  • Tag v2.3.0 release #457
  • Tag v2.3.0 release #454
  • Tag v1.3.0 release #451
  • [tf] Add more recent version of modules #449
  • Tag v2.3.0 release #445
  • [dns] Create an <account-id>.<nubis.allizom.org> zone #443
  • Tag v2.3.0 release #440
  • Pin nubis-pagerduty to current release #437
  • Tag v2.3.0 release #434
  • Upgrade to nubis-terraform-vpn v2.2.1 #432
  • [kubernetes] Correctly tag subnets when Kubernetes is off #430
  • Expose master zone id #428
  • Create state file even in regions that don't exist #425
  • Make kubernetes cluster creation part of account deployment #422
  • Move production deployments away from allizom.org #420
  • [vpc] Add flow logs feature flag #418
  • Version of node we are using on lambda function is EOL #417
  • Open up ports for monitoring security groups #416
  • Expose nubis domain in public state #413
  • [pagerduty] Default pagerduty team_name to account_name #409
  • [pagerduty] When vpc is 0 don't create pagerduty services #408
  • Tag v2.2.0 release #404
  • [Terrafrom] Get ready for TF 0.11.x #401
  • Use VPN module #396
  • Rename nat autoscaling and launch configuration #394
  • Cleanup old pagerduty stuff #392
  • Autospotting url error #388
  • Support monitoring module pagerduty keys #385
  • [autospotting] Pin and Update #383
  • [Terraform] Prepare for TF 0.11 #381
  • Tag v2.1.0 release #378
  • [PagerDuty] Don't require an API key to be set #376
  • Tag v2.1.0 release #373
  • Tag v2.1.0 release #369

Merged pull requests:

v2.3.0 (2018-08-01)

Full Changelog

Closed issues:

  • Tag v2.3.0 release #466
  • Tag v2.3.0 release #463
  • Tag v2.3.0 release #460
  • Tag v2.3.0 release #457
  • Tag v2.3.0 release #454
  • Tag v2.3.0 release #445
  • Tag v2.3.0 release #440
  • Tag v2.3.0 release #434

Merged pull requests:

v1.3.0 (2018-07-26)

Full Changelog

Closed issues:

  • [tf] Add more recent version of modules #449
  • [dns] Create an <account-id>.<nubis.allizom.org> zone #443
  • Pin nubis-pagerduty to current release #437
  • Upgrade to nubis-terraform-vpn v2.2.1 #432
  • [kubernetes] Correctly tag subnets when Kubernetes is off #430
  • Expose master zone id #428
  • Create state file even in regions that don't exist #425
  • Make kubernetes cluster creation part of account deployment #422
  • Move production deployments away from allizom.org #420
  • [vpc] Add flow logs feature flag #418
  • Version of node we are using on lambda function is EOL #417
  • Open up ports for monitoring security groups #416
  • Expose nubis domain in public state #413
  • [pagerduty] Default pagerduty team_name to account_name #409
  • [pagerduty] When vpc is 0 don't create pagerduty services #408
  • Tag v2.2.0 release #404
  • Tag v1.3.0 release #451

Merged pull requests:

v2.2.0 (2018-04-06)

Full Changelog

Closed issues:

  • [Terrafrom] Get ready for TF 0.11.x #401
  • Use VPN module #396
  • Rename nat autoscaling and launch configuration #394
  • Cleanup old pagerduty stuff #392
  • Autospotting url error #388
  • Support monitoring module pagerduty keys #385
  • [autospotting] Pin and Update #383
  • [Terraform] Prepare for TF 0.11 #381
  • Tag v2.2.0 release #404

Merged pull requests:

  • Update CHANGELOG for v2.2.0 release [skip ci] #406 (nubis-automation)
  • Update CHANGELOG for v2.2.0 release [skip ci] #405 (nubis-automation)
  • Restore images module #403 (limed)
  • Prepare for TF 0.11.x #402 (gozer)
  • Revert "Small optimization, make our top-level zone use the same DNS delegation set (#399)" #400 (gozer)
  • Small optimization, make our top-level zone use the same DNS delegation set as the rest of our region public zones #399 (gozer)
  • Replace vpc vpn code with vpn module #397 (limed)
  • Rename autoscaling group and launch config to be the same as the project #395 (limed)
  • Remove monitoring_pagerduty_service_key variable #393 (limed)
  • Some lint fixes #391 (limed)
  • Terraform github source fix #390 (limed)
  • Added pagerduty module support #389 (limed)
  • Switch to nubis-travis container and fix lint errors #387 (tinnightcap)
  • Make monitoring module aware of pagerduty arguments #386 (limed)
  • Upgrade autospotting and pin it at a revision #384 (gozer)
  • Prepare for Terraform 0.11.x #382 (gozer)

v2.1.0 (2018-02-06)

Full Changelog

Closed issues:

  • [PagerDuty] Don't require an API key to be set #376
  • [rds] Enable slow-query-log by default in our MySQL parameter group #367
  • [ci] Add support for newrelic API key #365
  • [monitoring] apply specified instance_type #363
  • Tag v2.1.0 release #378
  • Tag v2.1.0 release #373
  • Tag v2.1.0 release #369
  • Cleanup app-state bucket #293
  • Remove support for my_ip #145

Merged pull requests:

v2.0.4 (2017-12-18)

Full Changelog

Implemented enhancements:

  • Expose r53 delegation id in app state bucket #355

Closed issues:

  • Update travis.yml #350
  • Support for versioning of various modules #348
  • Tag v2.0.4 release #360

Merged pull requests:

  • Update CHANGELOG for v2.0.4 release [skip ci] #361 (tinnightcap)
  • Set force_destroy and tag the app-state bucket #359 (gozer)
  • Get rid of my_ip, it was a debugging mechanism #358 (gozer)
  • Expose delegation set id #356 (limed)
  • Let the NAT instances know which side they are #354 (gozer)
  • Fix Travis checks #353 (gozer)
  • Fully support versioninng of fluent and jumphost modules #349 (limed)

v2.0.3 (2017-11-02)

Full Changelog

Closed issues:

  • Expose new Prometheus tunables #343
  • Tag v2.0.3 release #345

Merged pull requests:

v2.0.2 (2017-10-24)

Full Changelog

Implemented enhancements:

  • [nat] Enable versioning #337

Fixed bugs:

  • Update fluent-collector/sso/consul modules to v2.0.1 #328

Closed issues:

  • Tag v2.0.2 release #340

Merged pull requests:

v2.0.1 (2017-10-17)

Full Changelog

Implemented enhancements:

  • Extend monitoring port range #300

Closed issues:

  • [ci] Make instance_type and root volume size configurable #322
  • aws_iam_instance_profile supports a single role only #280
  • Replace environments with arenas for account deployment #279
  • [datadog] Get rid of it #244
  • Remove all instances of CloudFormation left #200
  • Output Jumphost EIPs #188
  • Remove jumphosts from the platform Consul ACLs #97
  • [datadog] Use Role delegation for setting up AWS integration #89
  • Create a module framework to make Atlas optionnal #21
  • Move JSON policy payloads into separate files #9
  • Tag v2.0.1 release #334
  • Tag v2.0.1 release #331
  • Tag v2.0.1 release #325

Merged pull requests:

v2.0.0 (2017-10-06)

Full Changelog

Closed issues:

  • [unicreds] Cleanup resources on destruction #310
  • Updating module versions #308
  • [consul] Allow versioning for nubis-consul #297
  • [monitoring] Expose versioning for monitoring module #286
  • Tag v2.0.0 release #319
  • Tag v2.0.0 release #315
  • Tag v2.0.0 release #312
  • Tag v2.0.0 release #305
  • Tag v2.0.0 release #302

Merged pull requests:

v1.5.1 (2017-08-29)

Full Changelog

Closed issues:

  • Deploy script tweaks #284
  • Create a S3 bucket for storing deployed app state #277
  • Upgrade to Terraform 0.10.x #275
  • [security] Clear default security-group rules #262
  • [sso] Allow versioning of sso module #261
  • [route53] Tag our zones with Version #258
  • [fluentd] Allow configuration of instance_type #256
  • Upgrade to Terraform 0.9 #234
  • Tag v1.5.1 release #290
  • Tag v1.5.1 release #288
  • Tag v1.5.1 release #281
  • Tag v1.5.1 release #272
  • Tag v1.5.1 release #268
  • Tag v1.5.1 release #265

Merged pull requests:

v1.5.0 (2017-06-27)

Full Changelog

Closed issues:

  • sso option #248
  • Cleanup GitHub OAuth tokens #245
  • Tag v1.5.0 release #253
  • Tag v1.5.0 release #250

Merged pull requests:

v1.4.2 (2017-05-03)

Full Changelog

Closed issues:

  • Move aws_security_group.nubis_version to the global things #225
  • Don't ignore lambda runtime anymore #218
  • Move nubis-limed to accounts repo #214
  • [iam] The Administrators Group shouldn't have the Admin Access policy attached #144
  • Fix warnings #111
  • Standardize a depends_on argument to modules for implicit/indirect dependencies #83
  • Ensure forward-compatiblilty with upcoming Terraform 0.7 #76
  • mig #8
  • Tag v1.4.2 release #239
  • Tag v1.4.2 release #236

Merged pull requests:

v1.4.1 (2017-04-11)

Full Changelog

Closed issues:

  • Tag v1.4.1 release #230
  • Tag v1.4.1 release #227

Merged pull requests:

v1.4.0 (2017-04-03)

Full Changelog

Closed issues:

  • switch remote module branch to develop #210
  • [ci] Incorrect handling of multi-regions accounts #208
  • Simplify Admin IAM policies for MFA control #201
  • Tag v1.4.0 release #222
  • Tag v1.4.0 release #189

Merged pull requests:

v1.3.0-iam1 (2017-03-02)

Full Changelog

Closed issues:

  • [meta] Publish shared state even when VPC is disabled #199
  • Remove Atlas in favor of Terraform native aws_ami searching #195
  • [cloudtrail] Enable logfile validation #193
  • Enable versionning on our state bucket #190

Merged pull requests:

  • Simplify our IAM policy for Admins and MFA access #202 (gozer)
  • Making it terraform 0.8 compatible #197 (limed)
  • Create an images/ TF module to search for Nubis AMIs #196 (gozer)
  • Enable Cloudtrail logfile validation #194 (gozer)
  • Convert to Terraform 0.8 #192 (gozer)
  • Enable versionning on our state S3 bucket #191 (gozer)

Full Changelog

Implemented enhancements:

  • [user-management] Rename variables #177
  • Bubble up nubis_*_groups user data to various deploy components #174
  • [user-managment] Support specifying multiple groups #157
  • [user-management] Bump up timeout for lambda function #129
  • [user-management] Split up IAM roles for user management #125
  • [user-management] Terraform for user management IAM #124
  • [user-management] Specify consul port in cloudwatch event #123

Fixed bugs:

  • \[user-management\] Bump up timeout for lambda function #129

Closed issues:

  • [user-management] Fix credstash dependency #172
  • [ci] Pass monitoring_security_group_id #169
  • [ci] Support slack notifications #165
  • [user management] Bubble up new inputs for jumphost module #164
  • [pagerduty] Support PagerDuty #160
  • [fluentd] Support SQS arguments #158
  • [jumphost] Remove from the trusted platform components #153
  • [security] Add Prometheus to the trusted platform components #150
  • [monitoring] Deploy nubis-prometheus #148
  • CI shouldn't be in the credstash policies for stage/prod #135
  • make sure user-managment can be deployed to a single-region account successfully #128
  • Add a vpc feature flag #117
  • Enable features.stack_compat for nubis-lab #114
  • [MFA] Deactivating a MFA device should require using a valid MFA device #108
  • Tag v1.2.3 release #106
  • Labnda function must be stored in a S3 bucket in the same region as its deployed #10
  • Tag v1.3.0 release #185
  • [user-management] Manage nubis-user-management secret config through terraform #122
  • [datadog] Update IAM permissions granted to DataDog #95

Merged pull requests:

  • Update CHANGELOG for v1.3.0 release #187 (tinnightcap)
  • Update pinned release version for v1.3.0 release #186 (tinnightcap)
  • Update doc with resource tables #182 (tinnightcap)
  • Expose nubis_sudo_groups and nubis_user_groups to ci module #181 (limed)
  • Exposing nubis_sudo_groups and nubis_user_groups #180 (limed)
  • Expose nubis_sudo_groups and nubis_user_groups to monitoring module #179 (limed)
  • Rename variables so that it doesn't sound confusing #178 (limed)
  • Accept user data arguments for consul module #176 (limed)
  • Fluent userdata #175 (limed)
  • Fixes dependency issue when uplading user_management config to credstash #173 (limed)
  • Ability to accept multiple groups for user_management #171 (limed)
  • Pass in CI's now needed monitoring_security_group_id #170 (gozer)
  • [review] Bubble up userdata for nubis user groups #168 (limed)
  • Admin pruning nubis-limed #167 (limed)
  • [ci] Enable Slack Notification #166 (gozer)
  • Terraform fmt #162 (gozer)
  • Enable PagerDuty support #161 (gozer)
  • Add fluent SQS settings #159 (gozer)
  • Add support for nubis-prometheus #156 (gozer)
  • Don't give the jumphost access to the platform ACL #155 (gozer)
  • Manage user_management config file #154 (limed)
  • features.vpc currently defaults to 1 on my configuration, so setting it to 0 just in case #152 (limed)
  • Give prometheus nodes access to platform credstash secrets #151 (gozer)
  • Deploy nubis-prometheus when feature.monitoring is enabled #149 (gozer)
  • Add a feature.monitoring option, defaults to disabled #147 (gozer)
  • Adding deployment config for nubis-limed account #146 (limed)
  • Adding deployment config for the nubis-jd account #143 (tinnightcap)
  • Updates to the readme #141 (tinnightcap)
  • Strange issue with admin user modification causing unnecessary resource churn #137 (gozer)
  • make sure the CI instances get only placed into the admin credstash policy #136 (gozer)
  • Big refactoring exercise of the user-managment IAM stuff #134 (gozer)
  • Set consulPort #132 (limed)
  • Bump up lambda timeout for user management iam lambda function #131 (limed)
  • Better names #130 (gozer)
  • [Needs-review] Create user management IAM #127 (limed)
  • Add consul port parameter #126 (limed)
  • [do not merge] User management #121 (limed)
  • Enable stack compat #119 (limed)
  • Create a vpc feature flag, disabling all VPCs in one go and everyhign in them #118 (gozer)
  • Add 2 more outputs to our state - monitoring_security_group - instance_security_group (synthetic merge of ssh/internet/shared services SGs) #116 (gozer)
  • upgrade lab to v1.3.0-dev #115 (gozer)
  • When nat=0, still create some IAM foo, as we have dependencies we can't avoid atm #113 (gozer)
  • [complex] Generate a discoverable and accessible fake TF output module with metadata #110 (gozer)
  • Require MFA device to deregister a MFA device #109 (gozer)
  • Upgrade to Nubis v1.2.3 #107 (gozer)
  • Upgrade bugzilla-aws and nubis-lab to v1.2.2 #105 (gozer)

v1.2.2 (2016-08-02)

Full Changelog

Closed issues:

  • Tag v1.2.2 release #102

Merged pull requests:

v1.2.1 (2016-07-30)

Full Changelog

Closed issues:

  • Tag v1.2.1 release #98

Merged pull requests:

v1.2.0 (2016-07-11)

Full Changelog

Implemented enhancements:

  • [nat] Bump up instance type #67

Closed issues:

  • Turn Atlas token into a variable #20
  • Use tf_module (https://github.com/mengesb/tf\_filemodule\) for generating files #12
  • ipsec_targets is now ipsec_target (singular) #91
  • Update external module references to v1.2.0 #90
  • Tag v1.2.0 release #87
  • For global resources, pick the first region instead of hard-coding us-east-1 #82
  • Create a resource with NubisVersion #77
  • Document the usage of aws-vault #73
  • Make NAT a disableable tunable #69
  • Deploy a single, global opsec security audit stack #64
  • Add new credstash_key paramater to nubis-ci #62
  • Ensure we don't require an Atlas Token #60
  • [dummy] PrivateAvailabilityZone[1-3] #57
  • create read-only guest accounts too #52
  • Output IAM roles for admins #50
  • remove references to aws_profile and just rely on AWS* keys to be in the environment #49
  • Create a read-only policy and allow all admin users to assume it for convenience #46
  • Enable and enforce MFA for all admin accounts #44
  • get rid of my_ip, it's really just for debugging #43
  • [opsec] Remove useless variables #39
  • [ci] Attach to the correct credstash policy to make it part of the platorm ACL #38
  • [ci] Github OAuth client id is incorrectly passed in #36
  • [opsec] enable cloudtrail logs everywhere #34
  • Output the actual top-level public route53 zones to facilitate hooking up in inventory #32
  • [proxy] Front internal proxies with an ELB so the fallback proxy DNS entry always works #31

Merged pull requests:

  • Add config for nubis-market Upgrade to v1.2.0 ( and rotate datadog api key ) #94 (gozer)
  • Upgrade external TF module references to v1.2.0 #93 (gozer)
  • ipsec_targets was renamed ipsec_target #92 (gozer)
  • Update CHANGELOG for v1.2.0 release #88 (tinnightcap)
  • We only need one IPSec target on the DC side #86 (gozer)
  • Fix default ipsec_targets target #85 (gozer)
  • Use the first region for global resources instead of hard-coding an arbitrairy one #84 (gozer)
  • Provisions for HA NAT #70 (limed)
  • Enforce MFA policies on all admin users #45 (gozer)

bugzilla (2016-05-27)

Full Changelog

Implemented enhancements:

  • Use t2.small for nat instance #72 (limed)

Merged pull requests:

  • Just remove documentation references to aws_profile. #80 (gozer)
  • Add dummy SG for version tracking #79 (gozer)
  • Add 'nat' as en enable flag #78 (gozer)
  • Tyops #75 (tinnightcap)
  • Initial drop of aws-vault documentation #74 (gozer)
  • Revert "Use a bigger instance" #71 (tinnightcap)
  • Use a bigger instance #68 (limed)
  • Deploy a single, global opsec security audit stack #65 (gozer)
  • Add new required credstash_key to nubis-ci #63 (gozer)
  • Create an atlas_token variable, defaults to 'anonymous' #61 (gozer)
  • update bugzilla GitHub settings #59 (gozer)
  • Provide PrivateAvailabilityZone[1-3] inputs #58 (gozer)
  • Name the NAT instances like other platform instances Name (v0.0.0) for account in environment #56 (gozer)
  • terraform fmt #55 (gozer)
  • Add support for read-only guest accounts #53 (gozer)
  • Add admin roles as outputs #51 (gozer)
  • Move readonly role to the /nubis/ path, to avoid calshes with usernames #48 (gozer)
  • Add a readonly IAM role intended for Nubis Admins #47 (gozer)

v1.1.0 (2016-04-26)

Closed issues:

  • Figure out what to do with each account's config file in the long run #29
  • Create a README #26
  • NATs don't need EIPs #25
  • Add cloudhealth module #23
  • [state] Create the state user and credentials #22
  • Use Route53 delegation sets for all our zones #19
  • Add technical_contact input variable #18
  • Handle VPN connections #17
  • create fake stacks for stage and prod #16
  • Enable support for nubis-ci #15
  • Fix Consul TechnicalOwner => TechnicalContact #14
  • Assign a public EIP to NAT instances so we can do IP whitelists for the admin #13
  • s/TechnicalOwner/TechnicalContact/ #11
  • Datadog #7
  • datadog #6
  • Create the state holding bucket #5
  • Add all missing account buckets #4
  • Need separate Credstash IAM policies per environments #3
  • Credstash Policy missing from NAT instance IAM role #2
  • Publish fluentd outputs into Consul #1

Merged pull requests:

  • Rollbak local change that shouldn't have been pushed #42 (gozer)
  • Create an ELB-based proxy endpoint for initial bootstrap #41 (gozer)
  • Cleanup useless stuff #40 (gozer)
  • Correctly pass in ci_github_oauth_client_id where needed #37 (gozer)
  • Enable global cloudtrail as per opsec's request #35 (gozer)
  • Large PR with leftover bits. #33 (gozer)
  • Update CHANGELOG for v1.1.0 release #30 (tinnightcap)
  • Issue/26/readme #28 (gozer)
  • EIPs are not needed for the NATs, and once released, we are done. #27 (gozer)
  • Issue/23/cloudhealth #24 (gozer)

* This Change Log was automatically generated by github_changelog_generator