Release v2.22.0
Summary
Forseti GitHub repository
Instead of maintaining two main branches (dev and master), we are going to consolidate into only using the master branch. In the past we have used the dev branch for merging feature changes and we recommended to fork from this branch. Going forward we will be merging changes directly to master. This work will be completed during the week of October 7th. If this causes any issues for your forked repository, please contact us on Slack.
Installer
We are postponing the Python installer deprecation to align with the sub-modularization Terraform changes coming in the next release. The Python installer will still be supported to upgrade from v2.21.0 to v2.22.0. We are planning to fully remove support for this installation method in the next release.
Inventory
- Added new resources from Cloud Asset Inventory.
- Compute Security Policy
- Fix for the Groups Settings inventory for G Suite. Previously the allowExternalMembers setting would always be interpreted as true.
Scanner
- Fix for the Location and Groups Settings Rules Engines to format violation data in a more helpful format. This will be used by the Notifier to produce helpful messages for Slack Notification, and other notification methods.
- Updated the Firewall Rule Scanner to support firewall rules that targeted a protocol (other than TCP/UDP) and a port. Previously these rules were throwing an exception and causing the scanner to not complete.
Infrastructure
- Upgraded the default size for the Forseti Server VM and the CloudSQL instance.
- Improved performance of the startup script by only pulling in the current head of the Forseti branch.
- Updated the startup script to use a random minute for the periodic scan. This will help reduce rate throttling that was seen by some instances in regards to getting a Cloud Asset Inventory (CAI) export.
Thanks to our contributors!
- Bob Klein
All changes
134f552 (HEAD -> release-2.22.0, tag: v2.22.0, origin/release-2.22.0) Updated Forseti version
8b6676e (dev) Merge pull request #2706 from forseti-security/servicemanagement-getconfig
6195553 Merge branch 'dev' into servicemanagement-getconfig
cbb6d62 Merge pull request #3243 from forseti-security/fe-dup-name-error
015d24c (origin/fe-dup-name-error) Merge branch 'dev' into fe-dup-name-error
0307d00 Update Firewall Rule Validation (#3249)
ad837ea Updated Group Settings Rules Engine to return an array of settings that are in violation for blacklist/whitelist rules, instead of a string. Added new tests for the blacklist/whitelist methods. (#3245)
c039b30 Added SecurityPolicy from CAI (#3246)
866f03c Merge pull request #3242 from forseti-security/feature/fix-violation-data-for-location-rules-engine
a11a018 Add additional exceptions to catch statements.
d237b4e (origin/feature/fix-violation-data-for-location-rules-engine, feature/fix-violation-data-for-location-rules-engine) Updated the location rules engine to format violation data as a dictionary because the Slack notifier expects this. Updated the Slack notifier to log the issue and not throw an exception, otherwise this prevents other violations from being sent to Slack.
0b706a6 Merge pull request #3233 from forseti-security/dekuhn-patch-5
d878e51 (origin/dekuhn-patch-5) Merge branch 'dev' into dekuhn-patch-5
119e627 Update stale.yml
bc9cc9f Fixed the groups settings from_json method to correctly identify groups that have allow external members = false. (#3237)
da9390f Update stale.yml
240abbd Add files via upload
a4b8f36 Merge pull request #3226 from forseti-security/release-2.21.0
6c73bb1 (origin/servicemanagement-getconfig) Merge branch 'dev' into servicemanagement-getconfig
002919a Merge branch 'dev' into servicemanagement-getconfig
d03a4ff Fix json formatting errors in test
8f1582c Fix final pylint error