Skip to content

Release 2.7.0
Compare
Choose a tag to compare
@Halimer Halimer released this 30 Nov 18:07
· 148 commits to main since this release
v2.7.0
978d571
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

November 17, 2023 Release Notes - 2.7.0

  1. CIS Compliance Script Gets Network Topology
  2. CIS Compliance Script Gets All Resources
  3. Landing Zone Architecture to CIS OCI Benchmark Documentation
  4. Terraform Updates

CIS Compliance Script Gets Network Topology

The CIS compliance Script now queries the OCI Network Visualizer to download a text version of the tenancy's network topology in JSON and PKL file format. This feature is run using the --obp --raw flags or the all-resources flag.

CIS Compliance Script Gets All Resources

The CIS compliance Script now uses the Search service to query all available resources in a tenancy. The data returned is in a JSON file and is limited to resource types supported by Search and the fields for each resource are limited to the additional details available to the Search service. This feature is run using the --all-resources flag.

Landing Zone Architecture to CIS OCI Benchmark Documentation

The CIS OCI Benchmark to CIS Landing Zone Architecture Mapping document details how the OCI CIS Landing Zone configuration aligns with the CIS Benchmark v1.2.

Terraform Updates

config module

  • Existing dynamic groups can now be selected in Resource Manager UI.
  • All IAM remote modules have been pinned to version 0.1.7. If you are managing the Landing Zone with terraform CLI, make sure to run terraform init -upgrade when adopting this release.
  • Bug fix: when extending Landing Zone to another region, groups were being processed and an "invalid index" error generated during terraform plan. With this fix, groups are no longer processed when extending the Landing Zone.
  • Bug fix: when running Landing Zone config as a user with limited permissions, service policies were being processed and failing during terraform apply due to insufficient permissions. With this fix, service policies are no longer processed when running config as a user with limited permissions.

pre-config module

  • Storage admin group has been added.
  • Existing provisioning group can now be selected in Resource Manager UI.
  • Policies for dynamic groups have been removed, as they can be managed in the config module.
  • Ability to use existing dynamic groups has been removed, as the feature is already present in the config module.
  • deploy_dynamic_groups variable added, set to true by default. If reusing existing dynamic groups is needed, set this variable to false and select the existing dynamic groups in the config module.
Assets 2
Loading