Skip to content

1.4.0
Compare
Choose a tag to compare
@servicesenablement servicesenablement released this 08 Sep 12:48
· 1873 commits to main since this release
1.4.0
5a821af
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Breaking changes

  • PostgreSQL new default storage type: the default storage type is now set as 'io1' (provisioned IOPS SSD). Previously the default used 'gp2' (general purpose SSD). Users who previously had custom plans should add the property "storage_type":"gp2" to the plan definition, to ensure the storage type is not amended on any update.
  • Removal of S3 and Postgres default plans: There are no default plans defined. Plans must be configured through the environment variable: GSB_SERVICE_CSB_AWS_S3_BUCKET_PLANS and GSB_SERVICE_CSB_AWS_POSTGRESQL_PLANS. To continue using the existing plans you should re-add them through the env vars above.

Features

  • Region property is no longer enumerated enabling selection of any region available in the Cloud Provider
  • Beta tag: all service offerings tagged as beta and will not be displayed by default in the marketplace. Set the environment variable.
  • Terraform upgrade (from 0.12.30 to 1.1.9) has been added.
  • Provider display name for service offerings that set a value it is now returned in the catalog
  • Improved services metadata: documentation url now links to Tanzu docs. Name includes CSB to differentiate services from other broker's offerings
  • Aurora PostgreSQL: an experimental foundation has been added for development and test purposes only
  • Aurora MySQL: an experimental foundation has been added for development and test purposes onlyGSB_COMPATIBILITY_ENABLE_BETA_SERVICES to true to enable them.
  • S3 General Availability: S3 service offering is no longer Beta and can be used in production environments.
    • Region updates for existing buckets are now blocked by the broker resulting in faster feedback and improved error message.
    • ACL can now be specified on creation if the plan does not specify a value for it. Previously it was a plan-only input and as such could only be specified in the plan definition.
    • Bucket Ownership controls can now be specified in a plan or on creation if the plan does not specify a value for it. It defaults to ObjectOwnershipEnforced and this disables ACLs by default. If you have custom plans refer to the upgrading instructions for information regarding this change.
    • Blocking public access to Amazon S3 storage. This feature provides settings for buckets to help manage public access to Amazon S3 resources. S3 Block Public Access settings override policies and permissions so that it is possible to limit public access to these resources.
    • Server Side encryption can now be enabled and configured. This feature provides settings for configuring encryption of data in an S3 bucket.
    • Object Lock. This feature allows storing objects using a write-once-read-many (WORM) model. Object Lock can help prevent objects from being deleted or overwritten for a fixed amount of time.
    • There are no default plans defined. Plans must be configured through the environment variable: GSB_SERVICE_CSB_AWS_S3_BUCKET_PLANS.
    • Allow versioning updates. We add the ability to modify the versioning of an S3 bucket, to enable such functionality in step after its creation. Once versioning is enabled, it can no longer be disabled as the IaaS will throw an error.
  • PostgreSQL General Availability: PostgreSQL service offering is no longer Beta and can be used in production environments.
    • When creating a binding, by default the PostgreSQL connection will be secured via the "verify-full" PostgreSQL configuration. This will require the AWS certificate bundle to be installed, or it can be disabled by setting "use_tls=false"
    • A new "provider_verify_certificate" property allows for the PostgreSQL Terraform provider to skip the verification of the server certificate.
    • Server can reject non-SSL connections by default. Renamed "use_tls" to "require_ssl". When the "require_ssl" property is true, it will make the server require SSL connections. When false (default), the server will accept SSL and non-SSL connections.
    • Exposed enhanced Monitoring. Amazon RDS provides metrics in real time for the operating system (OS) of the DB instance. Enhanced Monitoring enables all the system metrics and process information for the RDS DB instances on the console.
    • Only "instance_class" are now exposed when provisioning or updating an instance. The previous “cores” abstraction is deprecated, in favour of using the underlying AWS instance class property.
    • Automated backups can now be scheduled through "backup_window". By default, the automated backups are disabled.
    • Automated backups can be customised through the following properties: "delete_automated_backups" - delete backups when deleting the instance, defaults to true; "copy_tags_to_snapshot" - copy all instance tags to snapshots, defaults to true.
    • Enable encryption with a custom key. Amazon RDS encrypted DB instances provide an additional layer of data protection by securing data from unauthorized access to the underlying storage. Amazon RDS uses an AWS KMS key to encrypt these resources, and now a custom key with the desired configuration can be used.
    • Added deprecation warning to cores property and made it optional. It is recommended to use the instance_class property instead.
    • Performance Insights can now be enabled and a kms key can be provided to encrypt the performance insights data. Performance insights is disabled by default.
    • The storage type can now be defined through the property "storage_type". In addition to this, if using the provisioned IOPS SSD (io1) storage type, then the 'iops' value can also be defined through the property "iops".
    • There are no default plans defined. Plans must be configured through the environment variable: GSB_SERVICE_CSB_AWS_POSTGRESQL_PLANS.
    • db_name property is no longer updatable. Previously updating this field would have led to data loss as a new database would be created on update.
    • subsume functionality has been removed from the PostgreSQL offering. The previously available plan and associated properties have been removed due to the functionality not working.

Fix:

  • Enforced minimum constraints on MySQL and PostgreSQL storage_gb
  • Added lifecycle.prevent_destroy to all data services to provide an extra layer of protection against data loss
  • Modification of the region generates the same service without eliminating the existing one in the newly established region. Blocking updating operation of such property to avoid the generation of infrastructure unintentionally.
  • PostgreSQL role is now always cleanly deleted during unbinding
  • PostgreSQL JDBC URL includes the valid query parameter to use SSL. The parameter is now always set to true since RDS for PostgreSQL uses and expects all clients to connect using SSL.
  • PostgreSQL: The properties for setting the maintenance and backup window no longer use magic default values
  • image_url value has been fixed on service offerings so an image will now display for GUI applications.
Assets 3
Loading