Release v2.23.3

Summary

Model

• Fixed issue where duplicate permissions caused an error with the unique constraint of model permissions table.

All changes

89664be (HEAD -> release-2.23.3, tag: v2.23.3, origin/release-2.23.3) Forseti patch changes for v2.23.3 (#3789)

Release v2.24.3

Summary

Model

• Fixed issue where duplicate permissions caused an error with the unique constraint of model permissions table.

All changes

a06a442 (HEAD -> release-2.24.3, tag: v2.24.3, origin/release-2.24.3) Cherry-pick model fix from commit cf6e9d5. Cherry-pick unit test fix from commit c9e7ceb. Update forseti version. (#3786)

Release v2.25.2

Summary

Model

• Fixed issue where duplicate permissions caused an error with the unique constraint of model permissions table.

All changes

bb8e7f0 (HEAD -> release-2.25.2, tag: v2.25.2, origin/release-2.25.2) Changes to fix model creation for release 2.25.2 (#3781)

Release v2.25.1

Summary

Inventory

• Fixed method calls for organization policies.

All changes

9b5852a (HEAD -> release-2.25.1, tag: v2.25.1, origin/release-2.25.1) Update init (#3720)
a6b159c Fixing method calls for organization policies (#3713) (#3715)

Release v2.25.0

Summary

Inventory

• Add Service Usage Service Resource to Inventory

Scanner

• Add logic for checking if the policy library is setup correctly for the Config Validator Scanner. This will provide more helpful error messages.
• Moving rule validation in to a library and improving tests.
• Update Config Validator violations to use the convention CV_{constraint_name} as the violation type instead of CONFIG_VALIDATOR_VIOLATION. This makes it easier to understand what the violations are for, and will show up in Cloud Security Command Center (CSCC).

Notifier

• Restart Forseti to release used memory so that all the fields in the violations are displayed.

Client/Server

• Add an endpoint to run the server processes end-to-end (e.g. inventory/model/scan/notify). Use like this: forseti server run.
• Pinned idna==2.8 to satisfy requests[security]==2.21.0.

Thanks to our Contributors!

@aarontp
@choonchernlim
@zorania

All Changes

e6e675b (HEAD -> release-2.25.0, tag: v2.25.0, origin/release-2.25.0) Add sudo to the systemctl restart forseti command. (#3692)
12db15b Updated Forseti version to v2.25.0
8258780 (origin/master, master) Merge pull request #3688 from forseti-security/feature/disable-org-access-policy
d6d87ef (origin/feature/disable-org-access-policy, feature/disable-org-access-policy) Remove Org Policy + Access Policy from the inventory and update unit tests to remove any checks for these resources.
c466aaa Update tests for Google Provider 3.7 + reliability/improvements (#3682)
720f836 Add an endpoint to run the server processes end-to-end. (#3544)
711ee12 Merge pull request #3671 from forseti-security/dekuhn-patch-1
6c3b103 (origin/dekuhn-patch-1) Merge branch 'master' into dekuhn-patch-1
f756b9d Merge pull request #3680 from forseti-security/dekuhn-patch-5
f036f89 (origin/dekuhn-patch-5) Update stale.yml
5bf3ee2 Update the logic for checking if the policy library is setup correctly to be controlled via the server config and default to false. Will add a PR to Terraform to be able to control this. (#3678)
1248dc0 Update GOVERNANCE.md
1917054 Update GOVERNANCE.md
5827167 Update AUTHORS
c75c330 Update GOVERNANCE.md
db200ea Update README.md
c1bce2a Update GOVERNANCE.md
2a3d0d6 Update GOVERNANCE.md
a044bbc Update GOVERNANCE.md
ed47c24 Update GOVERNANCE.md
11816ad Update README.md
c114997 Update GOVERNANCE.md
c29d88f Update README.md
4e70789 Update README.md
b90c97c Create GOVERNANCE.md
9de4392 Moving rule validation in to a library and improving tests. (#3652)
9ffcfc5 Pinned idna==2.8 to satisfy requests[security]==2.21.0. (#3654)
c0de18a Update Notifier to support CV violations with violation type = CV_{constraint_name}. Update CV e2e test to assert the GCS violations file exists after a scan. (#3634)
8be570c (feature/gke-platform-for-cv) fixes (#3627)
e4ffb1b [CAI] Add Service Usage Service Resource to Inventory (#3614)
a87e80b Fix for writing access policy resources to the database. (#3613)
b5ff3f2 Merge pull request #3612 from forseti-security/manually-restart-forseti
323f4fd (origin/manually-restart-forseti) Restart Forseti to release used memory
be3b617 Org Policy updates (#3571)
783e018 Merge release 2.25.0 changes into master (#3603)
4629fd9 (origin/feature/release2.25-changes, feature/release2.25-changes) Minor changes for inspec.yml

Release v2.24.2

Summary

Python Setup

Pinned IDNA to version 2.8.

All changes

7507911 (HEAD -> release-2.24.2, tag: v2.24.2, origin/release-2.24.2) Pinned idna==2.8 to satisfy requests[security]==2.21.0. (#3654) (#3667)
6cb6518 Initial commit for release v2.24.2

Release v2.23.2

Summary

Python Setup

Pinned IDNA to version 2.8.

All changes

f803f64 (HEAD -> release-2.23.2, tag: v2.23.2, origin/release-2.23.2) Pinned idna==2.8 to satisfy requests[security]==2.21.0. (#3654) (#3659)
6a3adc7 Initial commit for v2.23.2

Release v2.24.1

Summary

Notifier

• Restart Forseti to release used memory so that all the fields in the violations are displayed.

Release v2.23.1

Summary

Notifier

• Restart Forseti to release used memory so that all the fields in the violations are displayed.

Release v2.23.0

Summary

This release contains major optimizations that significantly improve the performance of the Inventory and Config Validator processes. We recommend everyone to get this release.

More [details can be found below and on our website.

We would love to hear your feedback on slack on how these optimizations work for you.

Inventory

• Optimized inventory process with many improvements to be faster and more efficient.
• Added new resources using CAI: bigquery table, region disk.
• Bugfix for unbound exception in Inventory Summary.
• Bugfix to avoid using stale model by cron job.

Scanner

• Improved Forseti Config Validator to be faster and more efficient by evaluating multiple policies on the same dataset in parallel.

Notifier

• Added new email connector for Mailjet.

Infrastructure

• Forseti on GKE enters Beta.
• Added Service Usage API.
• Deprecate python installer.
• Restructured Terraform Forseti module to support flexible deployment scenarios.
• Added Integration Testing POC
• Added Mock Data Generator for load testing.
• Updated Terraform Cloud Shell Tutorial to be more user friendly.

Website

• Updated Install page with more information about deploying Forseti with Terraform.

Thanks to our contributors!

• @jf-marquis-Adeo

All changes

97be856 (HEAD -> release-2.23.0, tag: v2.23.0) feat: send mailjet email with HTML content (#3326)
7157a20 (origin/release-2.23.0) Adding back mapping from user -> users for Compute Addresses (#3341)
e9f4f58 Remove Validation on Firewall Names (#3335)
e6a5620 Updated Forseti version to 2.23.0
fe640e2 Updated CV to the latest version w/ parallel policy evaluation. (#3310)
1ad4cfd Update CloudBuild config + minor updates (#3311)
e8a4582 Minor updates to readme and travis files for the dev -> master branch switch (#3308)
6b5fc43 Added Explain test for all roles (#3278)
5ece3df Added Explain test to list permission in storage role (#3280)
cccd0df (origin/dev, origin/HEAD) Adding google-cloud-profiler to container image (#3286)
fdfc1f9 Inventory optimization fixes (#3285)
a50788e removing quotes from db name (#3296)
ee9917e Updating docker entrypoint to support custom DB name for Forseti on GKE (#3292)
92c1dbb Updated to run on cron jobs (#3293)
662aea2 Removed the mapping for CAI resources from the old CAI field names to the API field names. Ran some tests to verify that the updated resources are showing up properly in the CAI expot. (#3276)
956c177 Fix for unbound exception (#3284)
c5eafea feat: add mailjet email connector (#3290)
295d809 Removing old Dockerfiles (#3270)
cfa134a Python Installer Deprecation (#3273)
d4421af Updated Forseti version (#3269)
d066aa1 [PoC] Continuous Integration and Release Automation (#3202)
8526e07 (origin/fixmodelstate) Ensure we don't use stale models (#3260)