Skip to content

@gkowalski-google gkowalski-google released this Sep 19, 2019 · 48 commits to dev since this release

Summary

Installer

This release includes a migration script for users of the Forseti Python installer. This script can be used to import existing GCP resources into a Terraform state, which can then be used to upgrade the existing Forseti installation. The Python installer is officially deprecated on September 30, 2019. If you have any questions/issues, please contact us on Slack or Email.

Inventory

  • Added new resources from Cloud Asset Inventory.
    • Bigtable
  • Fix for errors generated by BigQuery authorized views when CAI is disabled.

Scanner

  • Fix for Kubernetes scanners that were unable to scan some Kubernetes resources that did not have a unique id.

Infrastructure

  • Kubernetes Alpha 2 release - Config Validator and Policy Library sync is now supported.
  • Updated database migrator script (db_migrator.py) to support custom names for the database, which can be specified through Terraform.
  • Initial changes to support Turbinia
  • Additional logging for the Forseti startup script within Google Compute Engine (GCE). The startup script was also updated to not remove the Forseti installation folder if there is no internet connection.
  • The Cloud SQL database will be created in the same GCP zone as the Forseti server/client GCE instances.

Thanks to our contributors!

  • Johan Berggren

All changes

17f6c15 Updated Forseti version to 2.21.0
e081e90 Turbinia terraform (#3009)
f5ab85e Merge pull request #3206 from forseti-security/feature/fix-db-migrator-for-custom-db-name
6867a8f Updated the db_migrator.py script by using the FORSETI_DB_NAME environment variable for the Forseti database name. This is set via Terraform and the startup script. Will have some additional PRs for the GKE changes.
07ef0c7 PyMySQL (#3190)
a745272 Merge pull request #3193 from forseti-security/feature/add-cai-resources-bigtable
cc5d12c Merge branch 'dev' into feature/add-cai-resources-bigtable
25fea6f Merge pull request #3192 from forseti-security/feature/bigquery-ignore-authorized-views
92e28e7 Fixing lint issues
1f06454 Adding Bigtable Cluster, Instance, and Table resources from CAI.
1c960ef When Inventory CAI is disabled, the BigQuery API will return any authorized views as part of a dataset policy. These do not have any roles associated with them and should be ignored.
ce6b113 Merge pull request #3187 from forseti-security/feature/fix-resource-hash-function
361a44c moving pylint to same line.
84071a1 Switching from xxhash to blake2b hash function.
9576727 Changing the hash function used by size_t_hash() to be idempotent between different runs. The builtin hash() method is salted with a random value determined at the start of each process. This was causing certain resource IDs to change between runs of the inventory, and breaking some scanners when they are run separately from the inventory process.
44dc251 Allow specification of config-validator host via env var (#3175)

Assets 2
You can’t perform that action at this time.