Terraform Provider Release: 23.10¶
23.10.1 - November 6, 2023¶
- Enhancement: Adds support in a CSP Account (
valtix_cloud_account
) resource for onboarding GCP Folder hierarchies to accommodate asset and traffic discovery of all Projects that are contained within a Folder hierarchical structure. Onboarding GCP Folders permits asset and traffic discovery, but does not permit full orchestration. Discovery is beneficial and necessary for creating a dynamic policy that adapts in real time to changes made within the GCP Projects. In order to orchestrate within a Project, each Project where orchestration is required should be onboarded individually. - Enhancement: Adds support for sending Gateway metrics to 3rd-party SIEMs. This introduces a new Metrics Forwarding Profile (
valtix_profile_metrics_forwarding
) resource that can be configured and assigned to Gateway (valtix_gateway
) resources in order for Gateway metrics to be sent to the SIEM. The first implementation supports Datadog as a SIEM. Support for other SIEMs will follow in future releases. - Enhancement: Changes the Gateway (
valtix_gateway
) resourceaws_gateway_lb
argument default value fromfalse
totrue
. When deploying an AWS Egress Gateway, the supported transit architecture is an AWS Gateway Load Balancer (GWLB) architecture. This argument is optional and if not specified should default to the appropriate value. - Enhancement: Adds support for sending Audit and System Logs to Splunk. This introduces an update to the Alert Profile (
valtix_alert_profile
) resource by addingSplunk
as a new value for thetype
argument. - Enhancement: Adds support for sending Audit and System Logs to Microsoft Teams. This introduces an update to the Alert Profile (
valtix_alert_profile
) resource by addingMicrosoftTeams
as a new value for thetype
argument. - Enhancement: Enhances the Forward Proxy policy to validate the server certificate when negotiating the backend (Gateway to Server) TLS session. The certificate validation is disabled by default, but can be configured in a Decryption Profile (
valtix_profile_decryption
) resource for all TLS sessions and in an FQDN Match Object (valtix_profile_fqdn
) resource on a per-domain (or set of domains) basis. -
Enhancement: Adds support for creating an Azure Resource Group (RG) as part of the Service VNet (
valtix_service_vpc
) resource. The RG is required such that all resources orchestrated by the Controller will be associated within the specified (or newly created) RG. -
Fix: Fixes an issue where validation was not being performed when configuring a Forward or Reverse Proxy Service Object (
valtix_service_object
) resource to require a Decryption Profile (valtix_profile_decryption
) to be assigned to thetls_profile
argument when using a secure proxy (TLS
,HTTPS
,WEBSOCKETS
) value assigned to thetransport_mode
argument. If a secure proxy is configured, it must have a Decryption Profile assigned otherwise the proxy will not operate as a secure proxy and TLS encrypted traffic will be denied.