v1.3.0

Updating from 1.2.0

Update the code base via git or redownload and move your env directory into the new download. Then run terraform apply.

Warning

If you manually uploaded tenant config files in Azure, go to the input container and move those files into the scheduled and/or adhoc directory. Files in the root directory of the input storage container will no longer be read.

What's Changed

• feat(m365): add separate directory for adhoc scans by @jacdavi in #21

Full Changelog: v1.2.0...v1.3.0

v1.2.0

What's Changed

• feat(m365): support secondary app for handling both Commercial/GCC High with single instance by @jacdavi in #14
• feat(m365): output to storage in a dated directory yyyy/MM/dd by @jacdavi in #15
• feat(m365): update scubagear to 1.6.0; other container dependency bumps by @jacdavi in #17
• Add PowerBI report to ScubaConnect by @MichaelHicks-MSFT in #16
• bump(m365): bump terraform providers and image dependencies by @jacdavi in #19
• feat(m365): add parameter to output all ScubaGear files by @jacdavi in #20

New Contributors

• @MichaelHicks-MSFT made their first contribution in #16

Upgrading from 1.1.0

• Update the terraform files via git or by redownloading the project and copying your env directory into the new downoad
• Run terraform init -upgrade
• Run terraform apply

Full Changelog: v1.1.0...v1.2.0

v1.1.0

This release adds the ability to use SAS tokens for writing reports to external storage

What's Changed

• feat(m365): Support Shared Access Signatures for Cross-Tenant Reporting by @eagbaya in #13

New Contributors

• @eagbaya made their first contribution in #13

Full Changelog: v1.0.0...v1.1.0

v1.0.0

This release adds a number of security improvements to the repository, M365 container, and the deployed infrastructure. It also adds the ability for specifying tags to apply to all deployed resources and updates the Terraform providers to much more recent versions.

The most important change is the use of a Managed Identity for the Azure Container Instance. This feature was not previously supported by Azure when using a VNET. With this change, we use a managed identity to get the application's certificate from key vault directly rather than using an environment variable. This also removes the need to rotate the certificate on a short period (which was in place to mitigate the risk of passing the certificate as an environment variable.)

What's Changed

• feat: Add support for Tags by @jacdavi in #9
• feat(ci/cd): Add scanning for M365 Image and Terraform Config by @jacdavi in #10
  • Add scanning of the Terraform code and container so that we can better maintain security going forward
• fix(m365): Container security fixes by @jacdavi in #12
  • Update OPA to v1.3.0 inside the container to address security vulnerabilities reported in earlier versions
  • Make it easier to update OPA in the future
  • Change the executing user of the m365 container to not be an administrator
  • Bump azcopy in container to address vulnerabilities (not done in this specific pr)
• feat(m365): Use Managed Identity for Getting Application Certificate in Container by @jacdavi in #6
  • use managed identity to access app certificate directly from container
  • update Terraform providers; change storage urls, add docs for setting subscrption_id
  • remove cert rotation
  • update readme variables and util file
  • fix apply loop with containers by setting ip type to private
  • add instruction for setting environment in provider.tf
  • change keyvault name on serial number change

Full Changelog: v0.1.2...v1.0.0

Updating from v0.1.2

• Copy main.tf, variables.tf, outputs.tf, from env/example into your env/<myenv> directory
• In provider.tf update the versions to match those in env/example/provider.tf
  • Additionally set your subscription_id following the example file
• run terraform init -upgrade
• In variables.tfvars:
  • add serial_number="02" (or increment if previously set)
  • Adjust the names of the input/output storage variables if you have overridden those (replace _id with _url)
  • Optionally add a tags entry to specify a map of strings to apply as tags to resources
• run terraform apply

v0.1.2

This release contains a fix for identifying GCC High environments during deployment

Full Changelog: v0.1.1...v0.1.2

v0.1.1

This release contains a fix for GearConnect accessing the container image during Terraform deployment.

AmbiguousImageResitryCredentialType: The registry credential type in the 'imageRegistryCredentials' of container group 'scubaconnect-adhoc-container' cannot be detected. Please set exactly one of username or identity

After downloading, you must copy m365/terraform/env/example/variables.tf into your environment directory (e.g., m365/terraform/env/<myenv> to fix the issue.

Full Changelog: v0.1.0...v0.1.1

v0.1.0

Version 0.1.0

This is an initial release of ScubaConnect.

The GearConnect (m365) portion of the code is fully functioning, though there will be continued improvements. Notably, #6 which will improve security and lower maintenance requirements.

GogglesConnect (gws) is not container in this release and will be published at a later date.