# Changelog
All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](,
and this project adheres to [Semantic Versioning](
## [8.2.0] - 2023-07-04

Roy Harrington
### Added
- Added new variable `pre_deploy_job_environment_variables` to optionally override `environment_variables` for pre-deploy jobs.
## [8.1.0] - 2023-06-20
### Added
- Added new `pre-deploy` job to run tasks such as database migrations before deploying a new version of the webapp.
## [8.0.0] - 2023-06-16
### Added
- BREAKING CHANGE: Add a default SSL policy restricting TLS to >= 1.2 and setting the SSL profile to MODERN.
- BREAKING CHANGE: Upgrade to v3 of the gcp-site-monitoring module. This could cause previously deployed uptime check functions to be destroyed/re-created during the next Terraform apply.
### Fixed
- Add new annotations and labels to the `ignore_changes` map in the `lifecycle` block of the `google_cloud_run_service.webapp` resource.
## [7.1.0] - 2023-05-15
### Changed
- Added the load balancer(s) as an output from the module.
- Added new variable to pass in an `ssl_policy` self-link that is used in the load balancer
(if present).
## [7.0.0] - 2022-12-19
### Fixed
- Issue #39 - Broken `for_each` on initial deployment.
- This is a **BREAKING CHANGE** and will force previously deployed load balancers to be redeployed.
You can work around this by using a [moved](
block in the calling terraform configuration when moving to v7.x of this module.
## [6.0.0] - 2022-11-09
### Changed
- Migrate `google.stackdriver` provider alias to use the latest `configuration_aliases` syntax.
- Update `` to use `templatefile` built-in func.
- Use boolean variable to grant sql service account permissions.
- This is a **BREAKING CHANGE**. Users will need to add `grant_sql_client_role_to_webapp_sa = true`
to module calls that require the `roles/cloudsql.client` role to be granted to the webapp service account.
This was previously determined by the `sql_instance_connection_name` variable, however, this was problematic when the value
was unknown until after a terraform apply.
### Fixed
- Fix local.monitor_hosts issue caused by map key values being unknown.
## [5.0.0] - 2022-05-23 ??
### Changed
- Made permitted versions of google providers and terraform itself more broad.
## [4.1.5] - 2022-03-30
### Added
- Ensure default -> null vpc_connector network changes are not applied on every deploy
## [4.1.4] - 2022-03-21
### Added
- Remove Beta launch stage flag that was required for referencing Secret Manager
secrets. See
### Added
- Add a monitoring dashboard, defined in ./dashboard.json, for the Cloud Run service.
The dashboard contains charts for Request count and latency, CPU and memory utilisation,
and container instance count and billable time.
## [4.1.2] - 2022-01-10
### Fixed
- Correct logic used to decide if custom domains can be monitored.
## [4.1.1] - 2022-01-06
### Fixed
- Remove use of hard-coded resource name in data resource.
## [4.1.0] - 2021-07-28
### Added
- Support load balancer ingress style alongside Cloud Run domain mapping.
- Surface Cloud NAT variable for minimum number of SNAT tuples, supporting a larger
number of outbound connections if required.
## [4.0.0] - 2021-06-29
### Changed
- Add the requirement for an explicit image_name to deploy, which breaks previous
versions that ignored image updates.
## [3.1.3] - 2021-07-16
### Changed
- Added interface for authentication proxy Cloud Function egress settings. Required
for uptime check configuration of internal services.
## [3.1.2] - 2021-07-15
### Changed
- Surface Cloud NAT variable for minimum number of SNAT tuples, supporting a larger
number of outbound connections id required.
## [3.1.1] - 2021-06-16
### Changed
- Surface the alerting success threshold variable from the monitoring module.
## [3.1.0] - 2021-06-16
### Changed
- Cloud Run service account is given permissions to access all Secret Manager secrets
passed via secrets_envars and secrets_volumes variables.
## [3.0.0] - 2021-06-08
### Added
- Raised the provider to 3.70, adding the BETA requirement and the capability to
directly expose secrets manager secrets as files and env vars.
## [2.0.5] - 2021-05-28
### Changed
- Remove the requirement of BETA staging when the minimum instance number is above 0
or when using internal or load balancer ingresses.
## [2.0.4] - 2021-04-19
### Changed
- Replace 'placeholder' with 'gvisor' for '' annotation
## [2.0.3] - 2021-04-15
### Changed
- Ensure that static egress ips cannot be accidentally destroyed.
## [2.0.2] - 2021-04-07
### Changed
- Allow cloud run instances which required authentication to be monitored.
## [2.0.1] - 2021-03-09
### Changed
- Add some more attributes to those ignored to reduce terraform noise in plans.
## [2.0.0] - 2021-01-27
### Added
- Initial version