We have Changelog documentation here:

https://docs.saltproject.io/en/latest/topics/development/changelog.html

However, this documentation is not integrated or referenced in our documentation on how to create PRs:

https://docs.saltproject.io/en/latest/topics/development/contributing.html

The "Changelog" section appears BEFORE the Contributing section, but should likely be placed INSIDE

When using the Vpc.from_lookup function without the proper permissions the output it produces from for example deploy is just

[Error at /file] You are not authorized to perform this operation.
Found errors

Which makes it very cumbersome to find out what permissions are missing, as otherwise the cdk fails with a specific arn and action why.

Requesting that you add the new Gitlab Provider as a new VCS Provider.

See here for the provider details: https://registry.terraform.io/providers/gitlabhq/gitlab/latest

See: https://nixos.org/manual/nixpkgs/stable/#idm140737317098448

Describe the bug
CKV_GCP_14 requires a backup configuration, but it does not take into consideration read replicas.
A read replica cannot have backup enabled in GCP.

To Reproduce
Steps to reproduce the behavior:

1. Create a google_sql_database_instance with master_instance_name and replica_configuration
2. Chekov will pop up error CKV_GCP_14

Expected behavior
Read replicas

• terrascan version: 1.2
• Operating System: all

Description

When scanning a repo, if the severity field is not all caps (HIGH|MEDIUM|LOW), when violations are output, the color of the severity field does not show up. The compare should be case-insensitive, OR we can normalize the severity field.

What I Did

terrascan scan -d [dir]

Copilot doesn't seem to have correct error behavior when I try to create a Scheduled Job with the same name as an existing service.

For example, in my app right now I have the following:

❯ copilot svc ls
Name                Type
----                ----
fe                  Load Balanced Web Service

I can see this in SSM:

❯ aws ssm get-parameter --name /copilot/applicatio

Garbage collection works by listing everything with the gc-tag. In a busy cluster, we really want that filter to happen server-side and ideally using an index of some sort.

That means we should use a Kubernetes label, not an annotation.

I think this will require a two-step migration plan (write both but continue to read annotation; release; drop support for annotation; release).