Building website for v2.12.0 (#2607)

* bundle update and --verbose

* travis_wait 30 in front

* Take out travis_wait 30

* Add Terraform in install

Add Terraform in install

* Update install.md

* added blog post content (#2586)

* added blog post content

* added hyperlinks

* removed line

* added bullet points

* minor changes

* News for 1.0 deprecation announcement (#2580)

* News for 1.0 deprecation announcement

* Update 2019-02-18-deprecate-1.0.md

* Update inventory.md (#2583)

* Update inventory.md

Addresses a typo in preamble for Inventory CLI documentation.

* Update all versions of cli documentation to strip typo

* Updated KMS Scanner documentation with new rules (#2589)

* Updated KMS rules documentation

* added description

* Update descriptions.md

* updated document based on the updated rule for purpose

* updated doc to match with the rules

* Update inventory documentation to include details for composite root.

* Update existing documentation with additional configuration options
added since the last doc refresh.

* Added steps to upgrade from v2.11.0 to v2.12.0 (#2603)

* added upgrade steps

* updated doc with more details

* updated link

* nits

* v2.12.0 doc update (#2605)

* doc updated

* corrected formatting

* updated tag to point to v2.12.0 (#2606)

* generated 2.12 website

_config.yml

@@ -501,3 +501,33 @@ defaults:
       path: _docs/v2.11/faq
     values:
       category: FAQ (v2.11)
+  - scope:
+      path: _docs/v2.12
+    values:
+      category: Overview (v2.12)
+      layout: docs
+  - scope:
+      path: _docs/v2.12/concepts
+    values:
+      category: Concepts (v2.12)
+  - scope:
+      path: _docs/v2.12/setup
+    values:
+      category: Setup (v2.12)
+  - scope:
+      path: _docs/v2.12/use
+    values:
+      category: Use (v2.12)
+  - scope:
+      path: _docs/v2.12/configure
+    values:
+      category: Configure (v2.12)
+  - scope:
+      path: _docs/v2.12/develop
+    values:
+      category: Develop (v2.12)
+  - scope:
+      path: _docs/v2.12/faq
+    values:
+      category: FAQ (v2.12)
+

_data/doc_categories.yml

@@ -176,3 +176,17 @@ v2.11:
   href: docs/$$VERSION$$/develop/
 - title: FAQ
   href: docs/$$VERSION$$/faq/
+v2.12:
+- title: Concepts
+  href: docs/$$VERSION$$/concepts/
+- title: Setup
+  href: docs/$$VERSION$$/setup/
+- title: Configure
+  href: docs/$$VERSION$$/configure/
+- title: Use
+  href: docs/$$VERSION$$/use/
+- title: Develop
+  href: docs/$$VERSION$$/develop/
+- title: FAQ
+  href: docs/$$VERSION$$/faq/
+

_docs/_latest/configure/general/non-org-root.md

@@ -13,7 +13,7 @@ But, you also have the option to run Forseti on a subset of resources:
 1. if you are Org Admin, and you want to run Forseti on a specific folder
 1. if you are Folder Admin, and you want to run Forseti on a specific folder
 1. if you are Project Admin, and you want to run Forseti on projects
-that are only owned by you
+that are only owned by you.
 
 Inventory, Data Model, and Scanner will be supported for use on these subset
 of resources, but Explain will not be supported.
@@ -32,13 +32,18 @@ manually assign the correct roles later.
 to the target folder:
 `folders/<foo_folder_id>`.
 
+1. **NEW for version 2.12.0+**: You can use the `composite_root_resources`
+   configuration to include multiple resources in a single Forseti installation.
+   See [Configure Inventory]({% link _docs/latest/configure/inventory/index.md %})
+   for more details.
+
 1. If Forseti was installed with Org Admin credentials, then the org-level
-roles will be inherited on the folder-level.
+   roles will be inherited on the folder-level.
 
 1. If Foresti was not installed with Org Admin credentails, then you need
-to grant the Forseti server service account to have the same roles on the
-target folder, as was [originally granted on the
-organization]({% link _docs/latest/concepts/service-accounts.md %}#the-server-service-account).
+   to grant the Forseti server service account to have the same roles on the
+   target resources, as was [originally granted on the
+   organization]({% link _docs/latest/concepts/service-accounts.md %}#the-server-service-account).
 
 1. Saving changes.
    1. Save the changes to `forseti_conf_server.yaml` file.
@@ -52,12 +57,20 @@ organization]({% link _docs/latest/concepts/service-accounts.md %}#the-server-se
 
 ## Configure Forseti to Run on Projects
 
+**NEW for version 2.12.0+**: As an alternative, you can use the
+`composite_root_resources` configuration to include multiple resources in a
+single Forseti installation.
+See [Configure Inventory]({% link _docs/latest/configure/inventory/index.md %})
+for more details.
+
 1. This assumes that Forseti is not installed with Org Admin credential, and
 you want Forseti to run on projects that you own. If Forseti is installed
 with Org Admin credential, then all the resources in the organization
 will be returned.
+
 1. Leave the `root_resource_id` pointed to the organization that the Installer
 inferred from the environment.
+
 1. Grant project viewer role to the Forseti server service account,
 on the projects that you own.
 

_docs/_latest/configure/scanner/default-rules.md

@@ -21,17 +21,13 @@ resources.
   * The IP address of any GCP instances should not be listed on
   the [emergingthreats](https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt) website.
 
-## Cloud Storage (legacy ACL policies)
-  * Buckets ACLs should not be publicly accessible (`AllUsers`).
-  * Buckets ACLs should not be accessible by any authenticated user (`AllAuthenticatedUsers`).
-
 ## Cloud SQL
   * Cloud SQL instances should not allow access from anywhere (authorized networks).
   * Cloud SQL instances should not allow access over SSL from anywhere (authorized networks).
-
-## G Suite
-  * Your company users (@domain.tld) and all gmail users are allowed to be members of your G Suite
-  groups.
+  
+## Cloud Storage (legacy ACL policies)
+  * Buckets ACLs should not be publicly accessible (`AllUsers`).
+  * Buckets ACLs should not be accessible by any authenticated user (`AllAuthenticatedUsers`).
 
 ## Cloud Identity and Access Management (Cloud IAM) policies
   * Only Cloud IAM users and group members in my domain may be granted the role `Organization Admin`.
@@ -46,6 +42,17 @@ resources.
 ## Firewall
   * Prevent allow all ingress (used to detect allow ingress to all policies)
 
+## G Suite
+  * Your company users (@domain.tld) and all gmail users are allowed to be members of your G Suite
+  groups.
+
+## KMS
+  * Crypto keys with the following config should be rotated in 100 days.
+    algorithm: GOOGLE_SYMMETRIC_ENCRYPTION
+    protection_level: SOFTWARE
+    purpose: ENCRYPT_DECRYPT
+    state: ENABLED
+
 ## Kubernetes Engine Version
   * Only allow the following supported versions:
     * For major version 1.8, the minor version must be at least 12-gke.1

_docs/_latest/configure/scanner/descriptions.md

@@ -100,17 +100,6 @@ For examples of how to define scanner rules for your firewall rules scanner, see
 [`firewall_rules.yaml`](https://github.com/GoogleCloudPlatform/forseti-security/blob/stable/rules/firewall_rules.yaml)
 rule file.
 
-## Load balancer forwarding rules scanner
-
-You can configure load balancer forwarding rules to direct unauthorized external
-traffic to your target instances. The forwarding rule scanner supports a
-whitelist mode, to ensure each forwarding rule only directs to the intended
-target instances.
-
-For examples of how to define scanner rules for your forwarding rules, see the
-[`forwarding_rules.yaml`](https://github.com/GoogleCloudPlatform/forseti-security/blob/stable/rules/forwarding_rules.yaml)
-rule file.
-
 ## Groups scanner
 
 Because groups can be added to Cloud Identity and Access Management (Cloud IAM)
@@ -159,6 +148,16 @@ For examples of how to define scanner rules for network interfaces, see the
 [`instance_network_interface_rules.yaml`](https://github.com/GoogleCloudPlatform/forseti-security/blob/stable/rules/instance_network_interface_rules.yaml)
 rule file.
 
+## KMS scanner
+
+Alert or notify if the crypto keys in the organization are not rotated within the 
+time specified. This scanner can ensure that all the cryptographic keys are 
+properly configured. 
+
+For examples of how to define scanner rules for your crypto keys, see the
+[`kms_rules.yaml`](https://github.com/GoogleCloudPlatform/forseti-security/blob/dev/rules/kms_rules.yaml)
+rule file.
+
 ## Kubernetes Engine scanner
 
 Kubernetes Engine clusters have a wide-variety of options.  You might
@@ -200,6 +199,17 @@ For examples of how to define scanner rules for lien, see the
 [`lien_rules.yaml`](https://github.com/GoogleCloudPlatform/forseti-security/blob/dev/rules/lien_rules.yaml)
 rule file.
 
+## Load balancer forwarding rules scanner
+
+You can configure load balancer forwarding rules to direct unauthorized external
+traffic to your target instances. The forwarding rule scanner supports a
+whitelist mode, to ensure each forwarding rule only directs to the intended
+target instances.
+
+For examples of how to define scanner rules for your forwarding rules, see the
+[`forwarding_rules.yaml`](https://github.com/GoogleCloudPlatform/forseti-security/blob/stable/rules/forwarding_rules.yaml)
+rule file.
+
 ## Location scanner
 Allow customers to ensure their resources are located only in the intended 
 locations. Set guards around locations as part of automated project deployment.
@@ -216,6 +226,12 @@ For examples of how to define scanner rules for log sink, see the
 [`log_sink_rules.yaml`](https://github.com/GoogleCloudPlatform/forseti-security/blob/dev/rules/log_sink_rules.yaml)
 rule file.
 
+## Retention scanner
+
+Allow customers to ensure the retention policies on their resources are set as intended.
+
+For examples of how to define scanner rules for retention, see the ['retention_rules.yaml'](https://github.com/GoogleCloudPlatform/forseti-security/blob/dev/rules/retention_rules.yaml) rule file.
+
 ## Service Account Key scanner
 
 It's best to periodically rotate your user-managed service account
@@ -228,17 +244,3 @@ For examples of how to define scanner rules for your service account keys, see t
 [`service_account_key_rules.yaml`](https://github.com/GoogleCloudPlatform/forseti-security/blob/stable/rules/service_account_key_rules.yaml)
 file.
 
-## Retention scanner
-
-Allow customers to ensure the retention policies on their resources are set as intended.
-
-For examples of how to define scanner rules for retention, see the ['retention_rules.yaml'](https://github.com/GoogleCloudPlatform/forseti-security/blob/dev/rules/retention_rules.yaml) rule file.
-
-## KMS scanner
-
-This scanner checks if the crypto keys in the organization are rotated within 
-the time specified, and notifies if they are not. 
-
-For examples of how to define scanner rules for your crypto keys, see the
-[`kms_rules.yaml`](https://github.com/GoogleCloudPlatform/forseti-security/blob/dev/rules/kms_rules.yaml)
-rule file.