v1.21.0

1.21.0 (2024-05-02)

Features

• added latest service targets (#436) (803c097):

  • "IAM" (All IAM Account Management services)
  • "context-based-restrictions"
  • "globalcatalog-collection" (Catalog Management)
  • "logdna" (IBM Log Analysis)
  • "logdnaat" (IBM Cloud Activity Tracker)
  • "mqcloud" (MQ)
  • "sysdig-monitor" (IBM Cloud Monitoring)
  • "sysdig-secure" (Security and Compliance Center Workload Protection)

v1.20.1

1.20.1 (2024-03-28)

Bug Fixes

• updated multiservice example (#423)
  * This release fixes the multi-service-profile example with location update.
  * location variable of cbr-service-profile submodule is now required (no default) (4098bd6)

v1.20.0

1.20.0 (2024-03-18)

Features

• create global 'deny' rule when more narrow scoped rules are created by the module (#396)
  * minimum required provider version is 1.62.0.
  * Ability to scope a rule per region.
  * Support for multiple attributes per rule for a service.
  * Remove public default context set to 1.1.1.1
  * 0 context rule for services by default, which will deny all requests made to a service. (Note: By default enforcement mode is set to report-only).
  * option create a global 'deny' rule for all the scoped rule for a service. By default it is set to true. (512a33b)

v1.19.1

1.19.1 (2024-02-27)

Bug Fixes

• extend the required terraform version to < 1.7 (#407) (c62077d)

v1.19.0

1.19.0 (2024-02-22)

Features

• added pre-wired rule for Event Notification (Messagehub) to HPCS (#406) (acd3d60)

v1.18.1

1.18.1 (2024-02-14)

Bug Fixes

• deps: updated required provider constraints to not allow major version updates (#400) (ecacb57)

v1.18.0

1.18.0 (2024-01-16)

Features

• Custom explicit naming option added for CBR rules and zones. (#313) (2818c80)

v1.17.1

1.17.1 (2023-12-11)

Bug Fixes

• update fscloud submodule to require >= 1.56.1 of ibm provider (#366) (2d13504)

v1.17.0

1.17.0 (2023-12-07)

Features

• Split containers-kubernetes rules in the secure-by-default submodule (#336) (fab3300) . The module now supports the pseudo-service names containers-kubernetes-management and containers-kubernetes-cluster to distinguish between the cluster and management APIs.

v1.16.0

1.16.0 (2023-11-15)

Features

• The KMS CBR context are now set to target HPCS in the fscloud module by default, starting with version 1.16.0, instead of Key Protect.

Important Changes:

• This update replaces the previous default Key Protect rule with HPCS. As a result, when you upgrade to v1.16.0, the context will no longer be the set for the key protect CBR rule.
• To maintain the behavior from previous versions when upgrading to v1.16.0, you should set the new variable kms_service_targeted_by_prewired_rules variable to include 'key-protect.' This ensures that the 'key-protect' CBR context continues to be set. For detailed instructions on configuring this variable, please refer to the fscloud module's variables.tf file.