Summary

Model

• Fixed issue where duplicate permissions caused an error with the unique constraint of model permissions table.

All changes

89664bee (HEAD -> release-2.23.3, tag: v2.23.3, origin/release-2.23.3) Forseti patch changes for v2.23.3 (#3789)

Summary

Model

• Fixed issue where duplicate permissions caused an error with the unique constraint of model permissions table.

All changes

a06a4427 (HEAD -> release-2.24.3, tag: v2.24.3, origin/release-2.24.3) Cherry-pick model fix from commit cf6e9d57f1b56d1a797e5cba62788244338dff8f. Cherry-pick unit test fix from commit c9e7cebf9561a5d3bc2a2c86c81c1a98a48aaf5c. Update forseti version. (#3786)

Summary

Model

• Fixed issue where duplicate permissions caused an error with the unique constraint of model permissions table.

All changes

bb8e7f01 (HEAD -> release-2.25.2, tag: v2.25.2, origin/release-2.25.2) Changes to fix model creation for release 2.25.2 (#3781)

Summary

Inventory

• Fixed method calls for organization policies.

All changes

9b5852a9 (HEAD -> release-2.25.1, tag: v2.25.1, origin/release-2.25.1) Update init (#3720) a6b159c5 Fixing method calls for organization policies (#3713) (#3715)

Summary

Inventory

• Add Service Usage Service Resource to Inventory

Scanner

• Add logic for checking if the policy library is setup correctly for the Config Validator Scanner. This will provide more helpful error messages.
• Moving rule validation in to a library and improving tests.
• Update Config Validator violations to use the convention CV_{constraint_name} as the violation type instead of CONFIG_VALIDATOR_VIOLATION. This makes it easier to understand what the violations are for, and will show up in Cloud Security Command Center (CSCC).

Notifier

• Restart Forseti to release used memory so that all the fields in the violations are displayed.

Client/Server

• Add an endpoint to run the server processes end-to-end (e.g. inventory/model/scan/notify). Use like this: forseti server run.
• Pinned idna==2.8 to satisfy requests[security]==2.21.0.

Thanks to our Contributors!

@aarontp @choonchernlim @zorania

All Changes

e6e675b6 (HEAD -> release-2.25.0, tag: v2.25.0, origin/release-2.25.0) Add sudo to the systemctl restart forseti command. (#3692) 12db15b9 Updated Forseti version to v2.25.0 82587803 (origin/master, master) Merge pull request #3688 from forseti-security/feature/disable-org-access-policy d6d87ef0 (origin/feature/disable-org-access-policy, feature/disable-org-access-policy) Remove Org Policy + Access Policy from the inventory and update unit tests to remove any checks for these resources. c466aaac Update tests for Google Provider 3.7 + reliability/improvements (#3682) 720f8365 Add an endpoint to run the server processes end-to-end. (#3544) 711ee128 Merge pull request #3671 from forseti-security/dekuhn-patch-1 6c3b1033 (origin/dekuhn-patch-1) Merge branch 'master' into dekuhn-patch-1 f756b9d9 Merge pull request #3680 from forseti-security/dekuhn-patch-5 f036f894 (origin/dekuhn-patch-5) Update stale.yml 5bf3ee27 Update the logic for checking if the policy library is setup correctly to be controlled via the server config and default to false. Will add a PR to Terraform to be able to control this. (#3678) 1248dc04 Update GOVERNANCE.md 1917054d Update GOVERNANCE.md 5827167e Update AUTHORS c75c330e Update GOVERNANCE.md db200ea5 Update README.md c1bce2a5 Update GOVERNANCE.md 2a3d0d6c Update GOVERNANCE.md a044bbce Update GOVERNANCE.md ed47c244 Update GOVERNANCE.md 11816ad0 Update README.md c114997d Update GOVERNANCE.md c29d88f2 Update README.md 4e70789c Update README.md b90c97ca Create GOVERNANCE.md 9de43920 Moving rule validation in to a library and improving tests. (#3652) 9ffcfc58 Pinned idna==2.8 to satisfy requests[security]==2.21.0. (#3654) c0de18ac Update Notifier to support CV violations with violation type = CV_{constraint_name}. Update CV e2e test to assert the GCS violations file exists after a scan. (#3634) 8be570cb (feature/gke-platform-for-cv) fixes (#3627) e4ffb1bb [CAI] Add Service Usage Service Resource to Inventory (#3614) a87e80bc Fix for writing access policy resources to the database. (#3613) b5ff3f2f Merge pull request #3612 from forseti-security/manually-restart-forseti 323f4fdc (origin/manually-restart-forseti) Restart Forseti to release used memory be3b617d Org Policy updates (#3571) 783e018a Merge release 2.25.0 changes into master (#3603) 4629fd99 (origin/feature/release2.25-changes, feature/release2.25-changes) Minor changes for inspec.yml

Summary

Python Setup

Pinned IDNA to version 2.8.

All changes

7507911f (HEAD -> release-2.24.2, tag: v2.24.2, origin/release-2.24.2) Pinned idna==2.8 to satisfy requests[security]==2.21.0. (#3654) (#3667) 6cb6518a Initial commit for release v2.24.2

Summary

Python Setup

Pinned IDNA to version 2.8.

All changes

f803f64e (HEAD -> release-2.23.2, tag: v2.23.2, origin/release-2.23.2) Pinned idna==2.8 to satisfy requests[security]==2.21.0. (#3654) (#3659) 6a3adc79 Initial commit for v2.23.2

Summary

Notifier

• Restart Forseti to release used memory so that all the fields in the violations are displayed.

Summary

Notifier

• Restart Forseti to release used memory so that all the fields in the violations are displayed.

Summary

This release contains major optimizations that significantly improve the performance of the Inventory and Config Validator processes. We recommend everyone to get this release.

More [details can be found below and on our website.

We would love to hear your feedback on slack on how these optimizations work for you.

Inventory

• Optimized inventory process with many improvements to be faster and more efficient.
• Added new resources using CAI: bigquery table, region disk.
• Bugfix for unbound exception in Inventory Summary.
• Bugfix to avoid using stale model by cron job.

Scanner

• Improved Forseti Config Validator to be faster and more efficient by evaluating multiple policies on the same dataset in parallel.

Notifier

• Added new email connector for Mailjet.

Infrastructure

• Forseti on GKE enters Beta.
• Added Service Usage API.
• Deprecate python installer.
• Restructured Terraform Forseti module to support flexible deployment scenarios.
• Added Integration Testing POC
• Added Mock Data Generator for load testing.
• Updated Terraform Cloud Shell Tutorial to be more user friendly.

Website

• Updated Install page with more information about deploying Forseti with Terraform.

Thanks to our contributors!

• @jf-marquis-Adeo

All changes

97be8564 (HEAD -> release-2.23.0, tag: v2.23.0) feat: send mailjet email with HTML content (#3326) 7157a202 (origin/release-2.23.0) Adding back mapping from user -> users for Compute Addresses (#3341) e9f4f581 Remove Validation on Firewall Names (#3335) e6a56201 Updated Forseti version to 2.23.0 fe640e26 Updated CV to the latest version w/ parallel policy evaluation. (#3310) 1ad4cfdb Update CloudBuild config + minor updates (#3311) e8a45827 Minor updates to readme and travis files for the dev -> master branch switch (#3308) 6b5fc433 Added Explain test for all roles (#3278) 5ece3dfa Added Explain test to list permission in storage role (#3280) cccd0df6 (origin/dev, origin/HEAD) Adding google-cloud-profiler to container image (#3286) fdfc1f90 Inventory optimization fixes (#3285) a50788e3 removing quotes from db name (#3296) ee9917e1 Updating docker entrypoint to support custom DB name for Forseti on GKE (#3292) 92c1dbbc Updated to run on cron jobs (#3293) 662aea27 Removed the mapping for CAI resources from the old CAI field names to the API field names. Ran some tests to verify that the updated resources are showing up properly in the CAI expot. (#3276) 956c1772 Fix for unbound exception (#3284) c5eafea1 feat: add mailjet email connector (#3290) 295d809f Removing old Dockerfiles (#3270) cfa134ae Python Installer Deprecation (#3273) d4421afa Updated Forseti version (#3269) d066aa10 [PoC] Continuous Integration and Release Automation (#3202) 8526e074 (origin/fixmodelstate) Ensure we don't use stale models (#3260)