Gruntwork release 2024-07
Guides / Update Guides / Releases / 2024-07
This page is lists all the updates to the Gruntwork Infrastructure as Code
Library that were released in 2024-07. For instructions
on how to use these updates in your code, check out the updating
documentation.
Here are the repos that were updated:
Published: 7/2/2024 | Release notes
This is the next major release of Patcher, which has features designed to support the next version of our promotion workflows.
⭐ Patcher now supports publishing the results of an upgrade as a GitHub Pull Request. ⭐
The update
command now supports three additional flags:
--publish
: Publish the changes to the remote Git repository and open a pull request.
--pr-branch
: The branch to create.
--pr-title
: The pull request's title.
You can publish the result of an upgrade like this:
patcher update --non-interactive --update-strategy next-breaking --publish --pr-title "Update Dependencies" --pr-branch "patcher-update-deps"
Patcher will perform the upgrade as usual, check out a new Git branch, commit the changes, push them to GitHub, and open a pull request.
The following environment variables must be configured when using the --publish
flag:
GIT_AUTHOR_NAME
: The Git Author Name. e.g: Patcher CI
.
GIT_AUTHOR_EMAIL
: The Git Author Email. e.g: patcher@gruntwork.io
.
Note: You can only use the publish features when using the update
command in non-interactive mode.
Patcher now supports Upgrade Plan and Spec files, which make upgrades more deterministic. Previously, a new dependency version could be released while Patcher was upgrading separate accounts (e.g., ' devand
stage`). Patcher would correctly promote the change to the next environment, e.g., dev -> stage, but it didn't guarantee the exact version was used.
Here is an overview of each type.
An upgrade plan contains detailed information on all discovered dependencies, their current versions, and available updates. It also contains information about matched files and patterns used for discovery. When you use an upgrade plan with the update
command, Patcher will skip resolving dependencies and use the metadata encoded in the plan. You can write an upgrade plan to a file by using the report
command with the --output-flag
flag:
patcher report --output-plan plan.json
cat plan.json | jq "."
Note: We’ve omitted the contents for brevity.
While an upgrade plan comprehensively represents the current state and all possible updates, an upgrade spec is a simplified, target-orientated representation of the desired end state after an upgrade. It is used to promote consistent upgrades across different environments, even if dependency usages are located in different files.
Here’s the contents of an example spec file:
{
"IncludeDirPattern": "{*dev*}
The report
command has been changed to now show the upgrade spec by default.
The report
command can now include or exclude directories used for discovery using double-star glob patterns. This feature can generate a report of outdated dependencies for select accounts. For example you might have a number of "dev" accounts in your infrastructure-live
directory e.g: team-alpha-dev-account
and team-beta-dev-account
. Use the discovery filters to generate a report with dev accounts only:
patcher report --include-dirs "*-dev-*/**" test/fixtures/report/infrastructure-live-cis-large | jq "."
Or generate a report on standalone accounts only. e.g: logs
, security
, and shared
:
patcher report --exclude-dirs "&
Previously, the apply
command was the only command that supported a dry-run mode when testing patches. Patcher can now simulate all operations when running the update
command in non-interactive mode, which makes it especially useful for validating CI test workflows.
You can invoke the dry run mode by specifying the --dry-run
flag:
patcher update --non-interactive --update-strategy next-breaking --dry-run
- Add the ability to include or exclude report command dependencies.
- Add support for outputting plan and spec files.
- Add support for publishing pull requests using the
update
command.
- Add support for a global dry-run mode to simulate operations.
- Change the
report
command to output upgrade specifications.
- Bump upstream dependencies.
Full Changelog: https://github.com/gruntwork-io/patcher-cli/compare/v0.8.4...v0.9.0
Published: 7/31/2024 | Release notes
Published: 7/31/2024 | Release notes
Published: 7/30/2024 | Release notes
Published: 7/30/2024 | Release notes
Published: 7/29/2024 | Release notes
Published: 7/26/2024 | Release notes
Published: 7/24/2024 | Release notes
Published: 7/23/2024 | Release notes
Published: 7/19/2024 | Release notes
Published: 7/18/2024 | Release notes
The aws_accounts
block has now become a nested configuration in the new aws
block. The intention behind this change is to provide a more generic location for storage of AWS configurations.
While this is a breaking change, it is not currently in use by any customers in production.
Full Changelog: https://github.com/gruntwork-io/pipelines/compare/v0.20.0...v0.21.0
Published: 7/16/2024 | Release notes
Published: 7/16/2024 | Release notes
Published: 7/16/2024 | Release notes
Published: 7/16/2024 | Release notes
Published: 7/16/2024 | Release notes
Published: 7/16/2024 | Release notes
The telemetry disclosure has been removed when running in CI. This warning was a valuable disclosure for some folks, but cluttered the logs and users didn't find it valuable to have the disclosure continuously emitted.
Addressing usage feedback, the following has changed in Pipelines HCL configurations:
- The
authentication_profile
block has been removed. Authentication configurations must now always be directly defined where authentication is specified.
- The
plan_iam_role
and apply_iam_role
attributes now utilize fully qualified ARNs instead of just the role name.
Full Changelog: https://github.com/gruntwork-io/pipelines/compare/v0.17.9...v0.18.0
Published: 7/12/2024 | Release notes
Published: 7/12/2024 | Release notes
Published: 7/12/2024 | Release notes
Published: 7/11/2024 | Release notes
Published: 7/11/2024 | Release notes
Published: 7/11/2024 | Release notes
Published: 7/10/2024 | Release notes
Published: 7/10/2024 | Release notes
Published: 7/10/2024 | Release notes
Published: 7/10/2024 | Release notes
Published: 7/10/2024 | Release notes
Published: 7/9/2024 | Release notes
Published: 7/9/2024 | Release notes
Published: 7/8/2024 | Release notes
Published: 7/3/2024 | Release notes
Published: 7/3/2024 | Release notes
Published: 7/3/2024 | Release notes
Published: 7/3/2024 | Release notes
Published: 7/2/2024 | Release notes
Published: 7/26/2024 | Release notes
Published: 7/19/2024 | Release notes
Published: 7/17/2024 | Release notes
Published: 7/17/2024 | Release notes
Published: 7/16/2024 | Release notes
Published: 7/13/2024 | Release notes
Published: 7/12/2024 | Release notes
Published: 7/11/2024 | Release notes
Published: 7/2/2024 | Release notes
Published: 7/16/2024 | Modules affected: data-stores/rds | Release notes
Published: 7/31/2024 | Modules affected: landingzone | Release notes
- Add module to create Landing Zone via IaC
Published: 7/30/2024 | Modules affected: landingzone | Release notes
- force quote account_id as it no longer is coming out as a string. This fixes account vends where account_id's start with a 0
Published: 7/15/2024 | Modules affected: landingzone | Release notes
- feat: Propagate
guardduty_findings_kms_key_service_principals
Published: 7/12/2024 | Modules affected: aws-sso | Release notes
Doc only change- fix sso docs, add 2 examples
Published: 8/1/2024 | Release notes
Published: 7/23/2024 | Modules affected: ecs-daemon-service, ecs-service, ecs-cluster | Release notes
- Added support for
managed_draining
variable recently added to the aws_ecs_capacity_provider
resource
- Cleanup of terrascan and dependabot
Published: 7/24/2024 | Modules affected: eks-k8s-karpenter, eks-cluster-managed-workers | Release notes
- Bump AWS Provider Min Version for Karpenter Module
- Allow configuring the ami source
Published: 7/15/2024 | Modules affected: eks-cluster-control-plane, eks-container-logs | Release notes
- Update VPC CNI example to use EKS Addons
- Bump up base monitoring module on eks-container-logs
Published: 7/8/2024 | Modules affected: logs | Release notes
- Added missing PutRetentionPolicy
Published: 7/23/2024 | Modules affected: data-stores | Release notes
- data-stores/rds: fix module variable optional attrs for backwards compatibility with Terraform < 1.2
Published: 7/15/2024 | Modules affected: services/ecs-service | Release notes
ecs-service
: Update lb_listener_rules module fix a missing authenticate_cognito attribute
Published: 7/12/2024 | Modules affected: data-stores/ecr-repos | Release notes
- ECR cross account access ecr:ListTagsForResource
Published: 7/9/2024 | Modules affected: landingzone | Release notes
- feat: Propagate
kms_key_service_principals
Published: 7/3/2024 | Modules affected: data-stores | Release notes
- SME-1100 Fix RDS and Aurora managed pw functionality
Published: 7/2/2024 | Release notes
- Bumped internal dependencies and fixed CI workflows