fix(deps): update terraform google to v7 (!37) · Merge requests · Information Services / DevOps / Infrastructure / Terraform Modules / ucam-observe remote server on Cloud Run

This MR contains the following updates:

Package	Type	Update	Change
google (source)	required_provider	major	`~> 6.0` -> `~> 7.0`

Release Notes

hashicorp/terraform-provider-google (google)

`v7.14.1`

Compare Source

BUG FIXES:

provider: fixed an issue where error type 409 and 412 were not being correctly retried. This commonly shows up in IAM resources, but can appear in other resources as well (#25596)
servicedirectory: fixed an issue where google_service_directory_endpoint or google_service_directory_service without metadata specified would have other fields removed on update (#25588)

`v7.14.0`

Compare Source

DEPRECATIONS:

managedkafka: added deprecation warning for google_managed_kafka_connect_cluster additional_subnets field (#25487)

FEATURES:

New Data Source: google_artifact_registry_versions (#25512)
New Data Source: google_cloud_identity_policies (#25513)
New Data Source: google_compute_region_security_policy (#25488)
New Data Source: google_compute_storage_pool (#25485)
New Resource: google_compute_cross_site_network (#25479)
New Resource: google_compute_wire_group (#25479)
New Resource: google_network_services_multicast_group_consumer_activation (#25515)
New Resource: google_network_services_multicast_group_producer_activation (#25472)

IMPROVEMENTS:

alloydb: added connection_pool_config, connection_pool_config.enabled and connection_pool_config.flags in google_alloydb_instance resource (#25484)
colab: added software_config.post_startup_script_config field to google_colab_runtime_template (#25509)
compute: added new field instance_flexibility_policy.instance_selection.min_cpu_platform & instance_flexibility_policy.instance_selection.disks to google_compute_region_instance_group_manager (#25444)
dataplex: removed the need for import in google_dataplex_entry when using first party source systems (#25507)
dataproc: added auto_stop_time and idle_stop_ttl to google_dataproc_cluster resource (#25456)
eventarc: added retry_policy field to google_eventarc_trigger resource (#25467)
networksecurity: enabled in-place update for custom_mirroring_profile.mirroring_deployment_groups on google_network_security_security_profile (#25508)
spanner: added autoscaling_config.autoscaling_targets.total_cpu_utilization_percent field to google_spanner_instance resource (#25495)
sql: added changes to ignore changes in backup configuration's fields like enabled, binary_log_enabled, start_time, point_in_time_recovery_enabled, transaction_log_retention_days and backup_retention_settings.retained_backups in google_sql_database_instance if the instance is managed by Google Cloud Backup and Disaster (DR) Recovery Service. (#25516)

BUG FIXES:

compute: fixed google_compute_network in-place update to enable enable_ula_internal_ipv6. (#25468)
iam: fixed error 409 concurrency policy changes by correctly detecting the error type. (#25473)
sql: fixed an issue where the computed psc_service_attachment_link attribute was not being exported properly in google_sql_database_instance resource and datasources (#25510)

`v7.13.0`

Compare Source

NOTES:

alloydb: reverted requiring initial_user.password as required on create for new google_alloydb_cluster resources, instead initial_user.password or initial_user.user must be set if initial_user is specified for google_alloydb_cluster resources (#25366)
privateca: modified encryption_spec field from google_privateca_ca_pool resource to be mutable and allow cmek key rotation (#25267)

DEPRECATIONS:

cloudquotas: deprecated effective_container and effective_enablement fields in the google_cloud_quotas_quota_adjuster_settings resource (#25443)
dlp: deprecated publish_findings_to_cloud_data_catalog field in google_data_loss_prevention_job_trigger resource. Use publish_findings_to_dataplex_catalog field instead. (#25250)
networkservices: removed google_service_binding resource due to service binding support being disabled (#25367)

FEATURES:

New Resource: google_ces_app_version (#25297)
New Resource: google_compute_organization_security_policy (#25322)
New Resource: google_dialogflow_generator (#25340)
New Resource: google_dialogflow_version (#25179)
New Resource: google_discovery_engine_widget_config (#25378)
New Resource: google_iam_workforce_pool_provider_scim_token (#25270)
New Resource: google_network_services_lb_edge_extension (#25299)
New Resource: google_network_services_multicast_consumer_association (#25321)
New Resource: google_network_services_multicast_group_range_activation (#25386)
New Resource: google_network_services_multicast_group_range (#25353)
New Resource: google_network_services_multicast_producer_association (#25291)

IMPROVEMENTS:

alloydb: added password_wo and password_wo_version fields to google_alloydb_user resource (#25266)
apphub: added identity field to google_apphub_service and google_apphub_workload resources (#25363)
backupdr: added encryption_config field to google_backup_dr_backup_vault resource (#25221)
ces: added client_function.parameters.max_items, client_function.parameters.min_items, client_function.parameters.maximum, client_function.parameters.minimum, client_function.parameters.title, client_function.response.max_items, client_function.response.min_items, client_function.response.maximum, client_function.response.minimum, and client_function.response.title fields to google_ces_tool resource (#25309)
ces: added entry_agent field to google_ces_example resource (#25182)
ces: added google_search_tool.context_urls, google_search_tool.preferred_domains, and open_api_tool.api_authentication.bearer_token_config fields to google_ces_tool resource (#25309)
ces: added message.chunk.tool_response and message.chunk.tool_call fields to google_ces_example resource (#25182)
ces: added pinned and variable_declarations.schema.title fields to google_ces_app resource (#25233)
cloudsecuritycompliance: added cloud_control_details.parameters.parameter_value.oneof_value fields to google_cloud_security_compliance_framework_deployment resource (#25382)
cloudsecuritycompliance: added cloud_control_details.parameters.parameter_value.oneof_value fields to google_cloud_security_compliance_framework resource (#25382)
cloudsecuritycompliance: added parameter_spec.default_value.oneof_value and validation.allowed_values.values.oneof_value fields to google_cloud_security_compliance_cloud_control resource (#25441)
cloudsecuritycompliance: added sub_parameters field to google_cloud_security_compliance_cloud_control resource (#25441)
colab: added custom_environment_spec field to google_colab_notebook_execution resource (#25379)
compute: added network_pass_through_lb_traffic_policy field to google_compute_region_backend_service resource. (#25223)
compute: added params field to google_compute_interconnect resource (#25350)
compute: added show_nat_ips and nat_ips fields to google_compute_service_attachment (#25296)
compute: added snapshot_type field to google_compute_snapshot resource (#25348)
compute: added new field instance_flexibility_policy.instance_selection.min_cpu_platform & instance_flexibility_policy.instance_selection.disks to google_compute_region_instance_group_manager (#25444)
container: added autoscaled_rollout_policy field to google_container_node_pool resource (beta) (#25362)
container: added node_kernel_module_loading.policy field to google_container_node_pool and google_container_cluster resources (#25383)
filestore: added support for updating directory_services fields in place in google_filestore_instance (#25315)
iamworkforcepool: added claim_mapping, purge_time, and service_agent fields to google_iam_workforce_pool_provider_scim_tenant resource (#25270)
looker: added controlled_egress_enabled and controlled_egress_config fields to google_looker_instance resource (#25214)
lustre: added kms_key field to google_lustre_instance resource (#25261)
modelarmor: added google_mcp_server_floor_setting field to google_model_armor_floorsetting resource (#25313)
monitoring: fixes an issue with google_monitoring_alert_policy where it ignores the resource project during Import (#25287)
netapp: added public docs link for google_netapp_host_group resource (#25368)
netapp: added 'nfsv4' to custom update export_policy object in google_netapp_volume resource (#25442)
oracledatabase: added properties.cpu_core_count, properties.secret_id, and properties.vault_id fields to google_oracle_database_autonomous resource (#25264)
oracledatabase: added properties.time_zone.version field to google_oracle_database_cloud_vm_cluster resource (#25264)
servicedirectory: promoted google_service_directory_namespace, google_service_directory_service, and google_service_directory_endpoint to GA (#25177)
servicedirectory: replaced metadata KeyValuePair with annotations KeyValueAnnotations in google_service_directory_service, and google_service_directory_endpoint resources (#25177)
sql: added write-only argument for root_password in google_sql_database_instance resource (#25252)
storage: added contexts for resource google_storage_bucket_object (#25346)
vertex_ai: added resourceLimits, minInstances, maxInstances, containerConcurrency and sourceCodeSpec fields to google_vertex_ai_reasoning_engine resource (#25349)

BUG FIXES:

bigquery: fixed the permadiff when email field values contain non-lower-case characters in access in google_bigquery_dataset (#25317)
bigquery: fixed the permadiff when table schema is unchanged for a google_bigquery_table with row access policies (#25256)
cloudrunv2: fixed permadiff if scaling field is unset on resource google_cloud_run_v2_service (#25310)
compute: fixed an issue where the bgp_always_compare_med field could not be unset in in google_compute_network. It can now be unset by configuring the new field delete_bgp_always_compare_med to a value of true. (#25288)
compute: fixed crashes when no network_endpoints block specified in google_compute_network_endpoints resource or no network endpoints exist (#25220)
compute: fixed the terms field in google_compute_router_route_policy to be updatable without forcing resource recreation (#25289)
container: fixed a perpetual diff in google_container_cluster resource when enable_l4_ilb_subsetting is enabled by the GKE control plane and not explicitly set in the configuration (#25323)
dialogflowcx: fixed update_mask in google_dialogflow_cx_playbook where a granular update mask is required. (#25254)
discoveryengine: fixed a permadiff on advanced_site_search_config in google_discovery_engine_data_store resource (#25387)
iamworkforcepool: fixed bug in google_iam_workforce_pool_provider_scim_token where base_uri wasn't set correctly from the API (#25270)
logging: fixed an issue with google_logging_*_sink.include_children fields not being updatable to true (#25247)
memorystore: fixed an issue where a permadiff on desired_auto_created_endpoints caused the google_memorystore_instance resource to recreated. (#25278)
spanner: prevented recreation when kms_key_name and kms_key_names are same for google_spanner_database (#25215)

`v7.12.0`

Compare Source

DEPRECATIONS:

backupdr: deprecated required_type in google_backup_dr_backup_plan_associations and google_backup_dr_data_source_references. Both resources no longer have functionality, and will be removed in the next major release. (#25107)

FEATURES:

New Resource: google_ces_agent (#25106)
New Resource: google_ces_guardrail (#25112)
New Resource: google_ces_tool (#25113)
New Resource: google_cloud_security_compliance_cloud_control (#25137)
New Resource: google_cloud_security_compliance_framework_deployment (#25138)
New Resource: google_cloud_security_compliance_framework (#25111)
New Resource: google_discovery_engine_serving_config (#25105)
New Resource: google_oracle_database_exascale_db_storage_vault (#25129)

IMPROVEMENTS:

apphub: added functional_type, registration_type, and extended_metadata fields to google_apphub_service and google_apphub_workload resources (#25145)
ces: added bearer_token_config field to google_ces_toolset resource (#25119)
ces: added client_certificate_settings field to google_ces_app resource (#25117)
compute: added block_names field to google_compute_reservation resource (#25121)
compute: added sub_block_names field to google_compute_reservation_block data source (#25121)
compute: added tls_settings field to google_compute_regional_backend_service resource (#25068)
container: added end_time_behavior field to google_container_cluster resource (#25120)
container: added writable_cgroups field to node_config.defaults.containerd_config in google_container_cluster resource (#25140)
dataplex: added catalog_publishing_enabled field to data_profile_spec in google_dataplex_datascan resource (#25143)
dns: added forwarding_config.target_name_servers.ipv6_address argument to google_dns_managed_zone resource (#25131)
gkeonprem: added advanced_networking, multiple_network_interfaces_config and bgp_lb_config fields to google_gkeonprem_bare_metal_cluster resource (#25136)
managedkafka: added broker_capacity_config field to google_managed_kafka_cluster resource (#25074)
networksecurity: added endpoint_settings.jumbo_frames_enabled field to google_network_security_firewall_endpoint resource (#25073)
run: added readiness_probe field to cloud_run_service resource (#25114)

BUG FIXES:

backupdr: updated google_backup_dr_backup_plan_associations and google_backup_dr_data_source_references to use LIST APIs, and require the correct List permissions (#25107)
provider: an issue preventing X.509 certificates from being used for authentication when supplied as Application Default Credentials as been resolved (#25144)

`v7.11.0`

Compare Source

DEPRECATIONS:

pubsublite: google_pubsub_lite_reservation will be turned down effective March 18, 2026. Use google_pubsub_reservation instead. (#25058)
pubsublite: google_pubsub_lite_subscription will be turned down effective March 18, 2026. Use google_pubsub_subscription instead. (#25058)
pubsublite: google_pubsub_lite_topic will be turned down effective March 18, 2026. Use google_pubsub_topic instead. (#25058)

BREAKING CHANGES:

netapp: made google_netapp_volume.export_policy.rules.squash_mode not preserve values returned by the API. Without this change, unsetting squash_mode in the provider can cause an API error. (#25059)

FEATURES:

New Data Source: google_artifact_registry_python_packages (#25053)
New Data Source: google_cloud_identity_policy (#24946)
New Data Source: google_compute_reservation_block (#25034)
New Data Source: google_compute_reservation_sub_block (#25034)
New Resource: google_ces_deployment (#24945)
New Resource: google_ces_example (#25056)
New Resource: google_discovery_engine_user_store (#25054)

IMPROVEMENTS:

bigquery: added external_data_configuration.decimal_target_types to google_bigquery_table (#24936)
compute: added internal_ipv6_prefix field to the google_compute_subnetwork resource (#25037)
compute: added ipv6_access_type field and INTERNAL_IPV6_SUBNETWORK_CREATION as a supported value for the mode field in google_compute_public_delegated_prefix resource (#24940)
compute: added ipv6_access_type field to google_compute_public_advertised_prefix resource (#24911)
dataplex: added data_documentation_spec field to google_dataplex_datascan resource to support the DATA_DOCUMENTATION scan type (#25044)
dataproc: added resource_manager_tags to google_dataproc_cluster resource (#25057)
lustre: added placement_policy field to google_lustre_instance resource (#25042)
netapp: added cache_parameters field to google_netapp_volume resource (#24909)
secretmanager: added project and short name support for secret on google_secret_manager_secret_version (#25045)
secretmanager: added project and short name support for secret on ephemeral google_secret_manager_secret_version (#25045)

BUG FIXES:

alloydb: fixed issue with creation when initial_user.password was set to a computed value in google_alloydb_cluster (#25036)
bigquery: fixed extraneous diffs in google_bigquery_table.external_data_configuration.schema (#24936)
compute: fixed a breaking change in google_compute_instance introduced in 7.9.0 where a destroy-diff is prompted for instances with preset GPUs (#25021)
container: added KUBE_DNS as an accepted value for cluster_dns field on google_container_cluster (#24953)
netapp: fixed bug where unsetting export_policy.rules.squash_mode on google_netapp_volume can cause an API error (#25059)
pubsub: fixed bug where google_pubsub_subscription could only be updated if bigquery_config was modified (#24952)
sql: fixed bug where final_backup_description in google_sql_database_instance resource wasn't set on the final backup on delete (#25055)
storage: fixed bug where certain changes to google_storage_bucket_acl.role_entity were ignored (#24949)
workstations: fixed bug in google_workstations_workstation where setting source_workstation caused a permadiff that forced recreation (#24941)
vmwareengine: made deletion of google_vmwareengine_private_cloud wait until the deletion completes (#25040)

`v7.10.0`

Compare Source

BREAKING CHANGES:

alloydb: marked initial_user.password as required on create of new google_alloydb_cluster resources. This change aligns the provider with existing API constraints to surface errors earlier. (#25022)

FEATURES:

New Resource: google_ces_app (#24861)
New Resource: google_ces_toolset (#24885)
New Resource: google_discovery_engine_control (#24883)
New Resource: google_netapp_host_group (#24876)
New Resource: google_network_management_organization_vpc_flow_logs_config (#24896)
New Resource: google_network_services_multicast_domain (#24864)
New Resource: google_privileged_access_manager_settings (#24878)
New Ephemeral Resource: google_client_config (#24900)

IMPROVEMENTS:

cloudfunctions2: added direct_vpc_network_interface and direct_vpc_egress field to google_cloudfunctions2_function resource (#24895)
cloudrunv2: added template.container.depends_on field to google_cloud_run_v2_worker_pool resource (#24893)
compute: added grpc_tls_health_check field to google_compute_healthcheck resource (#24872)
container: added network_tier_config to google_container_cluster resource. (#24877)
eventarc: added labels field to google_eventarc_channel resource (#24854)
netapp: added block_devices field and ISCSI protocol support to goolge_netapp_volume resource, and increased timeouts on its operations (#24898)
netapp: added type field to google_netapp_storage_pool resource (#24867)
vertexai: added psc_automation_configs field to google_vertex_ai_endpoint resource (#24870)
vertexai: added sync_config.continuous field to google_vertex_ai_feature_online_store_featureview (#24881)

BUG FIXES:

accesscontextmanager: fixed issue where google_access_context_manager_service_perimeter_[dry_run_][egress|ingress]_policy caused the provider to crash when a provided identity casing was invalid. (#24886)
apigee: fixed issue where credentials block was not populated in the Terraform state in google_apigee_developer_app resource (#24880)
compute: fixed google_compute_network_firewall_policy_rule staying disabled after apply with disabled = false (#24879)
compute: fixed a breaking change in google_compute_instance introduced in 7.9.0 where a destroy-diff is prompted for instances with preset GPUs (#25020
compute: resolve permadiff for display_name in new deployments of google_compute_organization_security_policy (#24882)
storage: fixed a conversion error in google_storage_bucket state migration. This bug impacted Pulumi users. (#24853)

`v7.9.0`

Compare Source

BREAKING CHANGES:

beyondcorp: made the ports field in endpoint_matchers required in response to a change in the API surface. (#24770)

FEATURES:

New Resource: google_firestore_user_creds (#24794)
New Resource: google_network_security_dns_threat_detector (#24744)

IMPROVEMENTS:

appengine: added ssl_policy to application on google_app_engine_application resource (#24786)
bigquery: added support for IAM conditions in google_bigquery_dataset_iam_* (#24778)
compute: promoted policy_type to GA in google_compute_network_firewall_policy, google_compute_network_firewall_policy_with_rules, google_compute_region_network_firewall_policy, google_compute_region_network_firewall_policy_with_rules. (#24769)
container: added dns_endpoint_confg.enable_k8s_tokens_via_dns and dns_endpoint_config.enable_k8s_certs_via_dns fields to google_container_cluster resource (#24774)
container: added fleet.membership_type field to google_container_cluster resource (#24759)
dataplex: added data_classification field to google_dataplex_aspect_type resource (#24807)
iamworkforcepool: added scim_usage field to workforce_pool_provider resource (#24787)
memorystore: added available_maintenance_versions field to google_memorystore_instance resource (#24745)
memorystore: added maintenance_version field to google_memorystore_instance resource (#24740)
redis: added available_maintenance_versions field to google_redis_cluster resource (#24745)
redis: added maintenance_version field to google_redis_cluster resource (#24740)
storagetransfer: added transfer_manifest field to google_storage_transfer_job resource (#24768)

BUG FIXES:

bigquery: added validation for target_types in google_bigquery_dataset_access (#24810)
cloudquotas: resolved permadiff for preferred_value in google_cloud_quotas_quota_preference (#24776)
compute: fixed scenario where google_compute_instance would not be staged for recreation if guest_accelerator.count was updated to 0 from non-zero value (#24762)
sql: fixed an issue where dataDiskSize was unintentionally null instead of set to the current value in API requests, triggering unrelated errors (#24790)

`v7.8.0`

Compare Source

FEATURES:

New Data Source: google_artifact_registry_packages (#24696)
New Data Source: google_network_management_connectivity_tests (#24635)
New Resource: google_apigee_environment_api_revision_deployment (#24657)
New Resource: google_dataplex_entry_link (#24737)
New Resource: google_discovery_engine_assistant (#24724)
New Resource: google_oracle_database_db_system (#24733)
New Resource: google_saas_runtime_unit (#24692)

IMPROVEMENTS:

compute: added IN_FLIGHT to balancing_mode on google_compute_backend_service resource (#24710)
compute: added new field instance_lifecycle_policy.on_repair.allow_changing_zone to google_compute_region_instance_group_manager & google_compute_instance_group_manager (#24706)
compute: promoted security_policy in compute_region_backend_service resource to GA (#24693)
compute: promoted the google_compute_preview_feature resource to GA. (#24725)
compute: the activation_status attribute within the google_compute_preview_feature resource now uses the ACTIVATION_STATE_UNSPECIFIED value instead of DISABLED. Support for DISABLED will be added in a future release. (#24725)
datastream: added backfill_all.mongodb_excluded_objects and source_config.mongodb_source_config fields to google_datastream_stream (#24727)
datastream: added mongodb_profile field to google_datastream_connection_profile (#24727)
discoveryengine: added connector_modes, sync_mode, incremental_refresh_interval, auto_run_disabled, and incremental_sync_disabled fields to google_discovery_engine_data_connector resource (#24658)
discoveryengine: added kms_key_name field to google_discovery_engine_search_engine resource (#24658)
discoveryengine: added in-place update support for entities.params and entities.key_property_mappings in google_discovery_engine_data_connector (#24739)
dlp: added publish_findings_to_dataplex_catalog field to google_data_loss_prevention_job_trigger (#24722)
iambeta: allowed GKE workload identity pool pattern in workload_identity_pool_id field of google_iam_workload_identity_pool resource. (#24656)
memorystore: added maintenance_version field to google_memorystore_instance resource (#24740)
memorystore: added available_maintenance_versions field to google_memorystore_instance resource (#24745)
networkconnectivity: added HYBRID_INSPECTION enum value to preset_topology field in google_network_connectivity_hub resource (#24738)
networkservices: added isolationConfig on google_network_services_service_lb_policies resource (#24652)
redis: added deletion_protection field to redis_instance to make deleting them require an explicit intent. redis_instance resources now cannot be destroyed unless deletion_protection = false is set for the resource. (#24654)
redis: added maintenance_version field to google_redis_cluster resource (#24740)
redis: added available_maintenance_versions field to google_redis_cluster resource (#24745)
saas_runtime: added default_release field to google_saas_runtime_unit_kind resource (#24726)
sql: added read_pool_auto_scale_config support to sql_database_instance resource (#24723)

BUG FIXES:

bigquery: fixed the issue where google_bigquery_table detected an incorrect schema diff on tables with row access policies when the schema was unchanged. (#24711)
compute: allow requested_link_count to be updated in-place in google_compute_interconnect resource (#24705)

`v7.7.0`

Compare Source

BREAKING CHANGES:

discoveryengine: changed type of google_discovery_engine_data_connector.entities.params. Previously, it was a map of string keys to string values; now, it must be a JSON-encoded string containing an object. This change is being made in a minor release because the field wasn't usable as intended – specifically, all current valid uses require mapping strings to lists of strings. (#24658)

FEATURES:

New Data Source: google_network_management_connectivity_tests (#24635)
New Resource: google_apigee_developer_app (#24625)
New Resource: google_discovery_engine_license_config (#24619)
New Resource: google_iam_workforce_pool_provider_scim_tenant (#24587)
New Resource: google_kms_project_kaj_policy_config (#24622)
New Resource: google_saas_runtime_tenant (#24608)

IMPROVEMENTS:

apigee: updated the scopes argument in google_apigee_api_product resource to be order-insensitive. (#24625)
beyondcorp: added proxy_protocol_config and service_discovery fields to google_beyondcorp_security_gateway resource (#24609)
cloudrunv2: added default_uri_disabled field to google_cloud_run_v2_service resource. (GA promotion) (#24602)
cloudrunv2: added health_check_disabled field to google_cloud_run_v2_service resource. (#24602)
compute: added params field to google_compute_router resource (GA) (#24611)
discoveryengine: added connector_modes, sync_mode, incremental_refresh_interval, auto_run_disabled, and incremental_sync_disabled fields to google_discovery_engine_data_connector resource (#24658)
discoveryengine: added kms_key_name field to google_discovery_engine_search_engine resource (#24658)
dlp: added publish_to_dataplex_catalog field to discovery_config resource (#24621)
gkeonprem: made it possible to set the on_prem_version field on google_gkeonprem_vmware_node_pool (previously output-only) (#24614)
memcache: added deletion_protection field to memcache_instance to make deleting them require an explicit intent. memcache_instance resources now cannot be destroyed unless deletion_protection = false is set for the resource. (#24613)
metastore: added tags field to google_dataproc_metastore_service and 'google_dataproc_metastore_federation' resources to allow setting tags for services and federation at creation time (#24633)
networksecurity: added URL_FILTERING option to enum field type for google_network_security_security_profile resource (#24583)
networksecurity: added url_filtering_profile field to google_network_security_security_profile_group resource (beta) (#24583)
networksecurity: added url_filtering_profile field to google_network_security_security_profile resource (beta) (#24583)
sql: added source_instance_deletion_time field to google_sql_database_instance_latest_recovery_time data source (#24576)
sql: added source_instance_deletion_time field to google_sql_database_instance resource (#24576)

BUG FIXES:

bigqueryanalyticshub: fixed google_bigquery_analytics_hub_listing_subscription import (#24634)
discoveryengine: fixed bug where it wasn't possible to specify values for knowledgeBaseSysId or catalogSysId in google_discovery_engine_data_connector.entities.params. (#24658)

`v7.6.0`

Compare Source

DEPRECATIONS:

networksecurity: deprecated ignore_case, exact, prefix, suffix and contains fields in http_rules.from.not_sources.principals and http_rules.from.sources.principals blocks in google_network_security_authz_policy resource. Use the equivalent fields in http_rules.from.not_sources.principals.principal or http_rules.from.sources.principals.principal instead. (#24543)

BREAKING CHANGES:

container: node_config blocks that had set kubelet_config without explicitly setting cpu_cfs_quota implicitly set cfu_cfs_quota to false when unset. From this version onwards, an unset cpu_cfs_quota will instead match the API default of true true. Resources that are recreated will receive the new value; old resources are unaffected, and may change values by explicitly setting the intended one. (#24569)
storageinsights: removed activity_data_retention_period_days field from google_storage_insights_dataset_config resource due to a delayed launch. It will be readded when the feature launches. (#24570)

FEATURES:

New Resource: google_kms_folder_kaj_policy_config (#24513)
New Resource: google_vertex_ai_cache_config (#24541)
New Resource: google_vertex_ai_reasoning_engine (#24512)

IMPROVEMENTS:

backupdr: added data_source and rules_config_info fields to google_backup_dr_backup_plan_associations datasource (#24517)
beyondcorp: added external, proxy_protocol, and schema fields to google_beyondcorp_security_gateway_application resource (#24542)
beyondcorp: changed endpoint_matchers field to not be required anymore in the google_beyondcorp_security_gateway_application resource (#24542)
cloudrunv2: added default_uri_disabled field to google_cloud_run_v2_service resource (#24556)
compute: added shared_secret_wo and shared_secret_wo_version fields to google_compute_vpn_tunnel resource, enabling write-only management of the shared secret. (#24491)
dlp: added SENSITIVITY_UNKNOWN as possible enum value for actions.tag_resources.tag_conditions.sensitivity_score.score in google_data_loss_prevention_discovery_config resource (#24564)
dlp: added actions.save_findings.output_config.storage_path field to google_data_loss_prevention_job_trigger resource (#24558)
filestore: added file_shares.nfs_export_options.network and networks.psc_config.endpoint_project fields to google_filestore_instance resource (#24567)
lustre: increased creation timeout from 20min to 40min for google_lustre_instance resource (#24559)
netapp: added hybrid_replication_user_commands field with subfield commands to google_netapp_volume_replication resource (#24554)
netapp: added replication_schedule, hybrid_replication_type, large_volume_constituent_count fields to hybrid_replication_parameters field in google_netapp_volume resource (#24554)
networksecurity: added ip_blocks field to google_network_security_authz_policy resource (#24543)
secretmanager: added ephemeral support for google_secret_manager_secret_version resource (#24566)
sql: added source_instance_deletion_time field to google_sql_database_instance_latest_recovery_time data source (#24576)
sql: added source_instance_deletion_time field to google_sql_database_instance resource (#24576)
storagetransfer: added user_project_override and billing_project fields to google_storage_transfer_job resource (#24504)

BUG FIXES:

container: fixed the default for node_config.kubelet_config.cpu_cfs_quota on google_container_cluster, google_container_node_pool, google_container_cluster.node_pool to align with the API. Terraform will now send a true value when the field is unset on creation, and preserve any previously set value when unset. Explicitly set values will work as defined in configuration. (#24569)

`v7.5.0`

Compare Source

BREAKING CHANGES:

netapp: changed peer_ip_addresses field type from String to Array in google_netapp_volume resource, as it was unusable otherwise (#24428)

FEATURES:

New Data Source: google_artifact_registry_maven_artifacts (#24487)
New Data Source: google_artifact_registry_npm_packages (#24486)
New Resource: google_apigee_api_deployment (#24469)
New Resource: google_discovery_engine_data_connector (#24472)
New Resource: google_managed_kafka_connect_cluster (#24443)
New Resource: google_managed_kafka_connector (#24443)
New Resource: google_kms_organization_kaj_policy_config (#24471)
New Resource: google_saas_runtime_rollout_kind (#24447)

IMPROVEMENTS:

cloudrunv2: added mount_options in gcsfuse volumes for google_cloud_run_v2_service, google_cloud_run_v2_job, and google_cloud_run_v2_workerpool resources. (#24413)
cloudrunv2: added startup_probe and liveness_probe to google_cloud_run_v2_worker_pool resource (#24418)
compute: added bandwidth_allocation field to google_compute_wire_group resource (#24460)
compute: added shared_secret_wo and shared_secret_wo_version fields for google_compute_vpn_tunnel resource, enabling write-only management of the shared secret. (#24491)
dialogflow: added new_recognition_result_notification_config field to google_dialogflow_conversation_profile resource (#24468)
discoveryengine: added features field to google_discovery_engine_search_engine resource (#24445)
dlp: added other_cloud_target and other_cloud_starting_location to google_data_loss_prevention_discovery_config (#24463)
gkebackup: added backup_config.selected_namespace_labels field to google_gke_backup_backup_plan resource (#24427)
looker: added gemini_enabled field to google_looker_instance resource (#24461)
netapp: added hot_tier_bypass_mode_enabled and hot_tier_size_used_gib fields to google_netapp_volume (#24454)
netapp: added hot_tier_size_gib, enable_hot_tier_auto_resize, cold_tier_size_used_gib and hot_tier_size_used_gib fields to google_netapp_storage_pool (#24454)
oracledatabase: added gcp_oracle_zone field to google_oracle_database_odb_network resource (#24456)
privilegedaccessmanager: added approval_workflow.steps.id field to google_privileged_access_manager_entitlement resource (#24419)
pubsub: added support for tags field to google_pubsub_topic and google_pubsub_subscription resources (#24442)
sql: added point_in_time_restore_context field to google_sql_database_instance (#24489)
storage: added force_destroy field to google_storage_insights_report_config resource (#24462)
storageinsights: added activity_data_retention_period_days field to google_storage_insights_dataset_config resource (#24459)
vertexai: added endpoint_config.private_service_connect_config block to google_vertex_ai_endpoint_with_model_garden_deployment resource (#24425)
vertexai: added encryption_spec.kms_key_name field to google_vertex_ai_index_endpoint resource (#24490)
vertexai: added encryption_spec.kms_key_name field to google_vertex_ai_index resource (#24441)

BUG FIXES:

apihub: fixed a permadiff on config_template in google_apihub_plugin resource (#24429)
storage: fixed a panic caused by empty cors blocks google_storage_bucket resource (#24476)

`v7.4.0`

Compare Source

DEPRECATIONS:

compute: deprecated the option to deploy a container during VM creation using the container startup agent in google_compute_instance. Use alternative services to run containers on your VMs. Learn more at https://cloud.google.com/compute/docs/containers/migrate-containers. (#24375)

FEATURES:

New Data Source: google_artifact_registry_maven_artifact (#24358)
New Data Source: google_compute_interconnect_location (#24377)
New Resource: google_network_services_wasm_plugin (#24406)
New Resource: google_resource_manager_capability (#24404)

IMPROVEMENTS:

cloudrunv2: added mount_options in gcsfuse volumes for google_cloud_run_v2_service, google_cloud_run_v2_job, and google_cloud_run_v2_workerpool resources. (#24413)
compute: added cipher_suite field to google_compute_vpn_tunnel resource. (#24378)
container: added auto_ipam_config to google_container_cluster resource. (#24396)
storage: added support for timeouts to google_storage_bucket_iam_binding, google_storage_bucket_iam_member, google_storage_bucket_iam_policy resources (#24376)

BUG FIXES:

bigtable: fixed node_scaling_factor forcing new instance on google_bigtable_instance when adding new cluster (#24410)
cloudscheduler: fixed a type assertion panic in google_cloud_scheduler_job when processing HTTP headers with nil or unexpected data types (#24360)
compute: fixed the Network field cannot be modified issue in google_compute_region_backend_service. Now updating the network field will force the resource to be recreated. (#24398)
netapp: fixed incorrect default value handling in google_netapp_volume for export_policy.rules attributes has_root_access and squash_mode. When not specified, these fields will now take on the API default value with no diff. (#24395)
netapp: updated google_netapp_storage_pool to source the default value for the qos_type field from the API. If not specified in the configuration, qos_type will now default to the value provided by the NetApp Volumes API. (#24394)
sql: fixed the permadiffs on disk_size when disk_autoresize is enabled in google_sql_database_instance (#24399)
workbench: added retry for unable to queue the operation 409 errors in google_workbench_instance resource. (#24392)

`v7.3.0`

Compare Source

FEATURES:

New Data Source: google_backup_dr_data_source_reference (#24346)
New Resource: google_bigquery_datapolicyv2_data_policy (#24313)
New Resource: google_saas_runtime_release (#24289)
New Resource: google_secure_source_manager_hook (#24345)

IMPROVEMENTS:

cloudrun: added sub_path field to google_cloud_run_service resource. (#24341)
cloudrunv2: added sub_path field to google_cloud_run_v2_service google_cloud_run_v2_job and google_cloud_run_v2_worker_pool resource. (#24341)
compute: added labels and label_fingerprint fields to google_compute_security_policy resource (#24322)
compute: labels under initialize_params are now updatable on google_compute_instance (#24349)
container: added new fields memory_manager and topology_manager to node_kubelet_config block (#24277)
datastream: added destination_config.bigquery_destination_config.source_hierarchy_datasets.project_id field to google_datastream_stream resource (#24340)
discoveryengine: added app_type field to google_discovery_engine_search_engine resource (#24320)
gkeonprem: added proxy field to google_gkeonprem_vmware_admin_cluster resource (#24338)
healthcare: added validation_config to google_healthcare_fhir_store resource (#24336)
iamworkforcepool: added extended_attributes field to workforce_pool_provider resource (#24308)
netapp: added export_policy.rules.squash_mode field to google_netapp_volume resource. (#24350)
privateca: added encryption_spec field to google_privateca_ca_pool resource (#24328)
run: added connector to vpc_access on google_cloud_run_v2_worker_pool resource (#24337)
tags: added the DATA_GOVERNANCE value to google_tags_tag_key.purpose (#24307)

BUG FIXES:

bigquery: updated the schema change detection for google_bigquery_table to take into account presence of row access policy (#24284)
compute: fixed allow_global_access to correctly be immutable for google_compute_forwarding_rule resources with load balancing scheme of INTERNAL_MANAGED (#24312)
compute: fixed a crash in google_compute_security_policy due to a changed API response for empty match.0.expr_options blocks (#24353)
dialogflow: added support for non-global endpoints for google_dialogflow_conversation_profile (#24351)
publicca: use RawURLEncoding instead of URLEncoding for unpadded base64 encoding (#24283)
secretmanager: fixed a panic in google_secret_manager_secret_version in a secret_manager (#24326)
workbench: fixed issue that resource creation with computed labels field fails in google_workbench_instance resource (#24311)
workbench: made report-notebook-metrics metadata key settable for google_workbench_instance (#24310)

`v7.2.0`

Compare Source

FEATURES:

New Data Source: google_artifact_registry_python_package (#24267)
New Data Source: google_backup_dr_data_source_references (#24268)
New Resource: google_discovery_engine_acl_config (#24276)
New Resource: google_saas_runtime_unit_kind (#24236)

IMPROVEMENTS:

chronicle: made the scope_info field in google_chronicle_reference_list configurable (#24250)
compute: added header_action to path_matcher and default_service level on google_compute_region_url_map resource (#24253)
container: added secret_manager_config.rotation_config field to google_container_cluster resource (#24244)
container: added new fields memory_manager and topology_manager to google_container_cluster.node_config.kubelet_config and google_container_node_pool.node_config.kubelet_config (#24277)
sql: added final_backup_description and final_backup_config fields to google_sql_database_instance resource (#24273)
storage: added aws_s3_compatible_data_source to google_storage_transfer_job resource (#24241)

BUG FIXES:

provider: fixed an issue with universe_domain where the provider tried to connect to "googleapis.com" for user email logging when universe_domain was set (#24238)
container: fixed a faulty diff for arrays on user_managed_keys_config that caused faulty cluster updates to be triggered in google_container_cluster (#24256)
osconfig: fixed a permadiff in google_osconfig_patch_deployment where patch_config.yum.minimal doesn't send false for empty values (#24247)

`v7.1.1`

Compare Source

BUG FIXES:

bigtable: fixed an error encountered when applying google_bigtable_table_iam_* resources after upgrading to 7.x and replacing instance with instance_name (#24255)

`v7.1.0`

Compare Source

DEPRECATIONS:

container: deprecated enterprise_config field in google_container_cluster resource. GKE Enterprise features are now available without an Enterprise tier. (#24210)
storage: removed deprecated status for field to detect_md5hash in google_storage_bucket_object resource (#24147)

FEATURES:

New Data Source: google_iap_web_forwarding_rule_service_iam_policy (#24178)
New Resource: google_iap_web_forwarding_rule_service_iam_binding (#24178)
New Resource: google_iap_web_forwarding_rule_service_iam_member (#24178)
New Resource: google_iap_web_forwarding_rule_service_iam_policy (#24178)

IMPROVEMENTS:

artifactregistry: added registry_uri as attribute to google_artifact_registry_repository (#24164)
backupdr: added 'supported_resource_types' field to google_backup_dr_backup_plan resource (#24189)
backupdr: added create_time field to google_backup_dr_backup data source (#24183)
cloudbuild: added worker_config.enable_nested_virtualization field to google_cloudbuild_worker_pool resource (#24176)
cloudrunv2: added support for multi_region_settings field to google_cloud_run_v2_service resource (#24149)
compute: add params.resource_manager_tags field to the google_compute_region_backend_service (#24191)
compute: added public_delegated_sub_prefixs field to resource google_compute_public_delegated_prefix (#24202)
compute: added update_strategy field to google_compute_network_peering resource (#24180)
firestore: added unique field to google_firestore_index resource (#24163)
netapp: added qos_type and available_throughput_mibps fields to google_netapp_storage_pool resource (#24161)
netapp: added throughput_mibps field to google_netapp_volume resource (#24161)
networkservices: allowed EXPLICIT_ROUTING_MODE for routing_mode on google_network_services_gateway resource (#24151)
sql: added consumer_network_status, ip_address, and status fields to psc_auto_connections field on google_sql_database_instance resource (#24201)
storagetransfer: added service_account field to google_storage_transfer_job resource (#24193)
storagetransfer: added transfer_spec.aws_s3_data_source.credentials_secret to google_storage_transfer_job resource (#24152)

BUG FIXES:

compute: fixed certain spurious diffs for google_compute_region_backend_service.backend.group (#24157)
compute: fixed permadiff on google_compute_region_network_endpoint_group when no network is specified (#24182)
memorystore: fixed permadiffs that cause destroy+recreate on new google_memorystore_instance when desired_psc_auto_connections is set (#24212)
netapp: fixed a permadiff on total_iops in google_netapp_storage_pool resource (#24207)
oracledatabase: fixed permadiffs on google_oracle_database_autonomous_database resource for the odb_network and odb_subnet fields (#24184)

`v7.0.1`

Compare Source

BUG FIXES:

storage: fixed a conversion crash in google_storage_bucket state migration #24186

`v7.0.0`

Compare Source

Terraform Google Provider 7.0.0 Upgrade Guide

BREAKING RESOURCE REMOVALS:

beyondcorp: removed google_beyondcorp_application, its associated IAM resources google_beyondcorp_application_iam_binding, google_beyondcorp_application_iam_member, and google_beyondcorp_application_iam_policy, and the google_beyondcorp_application_iam_policy datasource. Use google_beyondcorp_security_gateway_application instead. #23999
notebooks: removed google_notebooks_location #23607
tpu: removed google_tpu_node. Use google_tpu_v2_vm instead. #23964

BREAKING FIELD REMOVALS:

cloudrunv2: removed template.containers.depends_on within resource google_cloud_run_v2_worker_pool #23815
colab: removed post_startup_script_config field from from google_colab_runtime_template resource #24026
compute: removed field enable_flow_logs from google_compute_subnetwork #23704
gkehub: removed configmanagement.binauthz field in google_gke_hub_feature_membership #24076
gkehub: removed description field in google_gke_hub_membership #23587
memorystore: removed allow_fewer_zones_deployment field from google_memorystore_instance resource because it isn't user-configurable #24079
redis: removed allow_fewer_zones_deployment field from google_redis_cluster resource because it isn't user-configurable #24079
resourcemanager: removed non-functional project field from google_service_account_key datasource #24000
vertexai: removed enable_secure_private_service_connect in google_vertex_ai_endpoint #23843

BREAKING INCREASED VALIDATION:

cloudfunctions2: made event_type a required field for event_trigger in google_cloudfunctions2_function #23918
networkservices: made load_balancing_scheme required in google_network_services_lb_traffic_extension #23748
sql: made password_wo_version required when password_wo is set in google_sql_user #24083
storage: added validation requiring the topic field to be in the form "projects//topics/" in google_storage_notification #24135
storagetransfer: added path validation for GCS path source and sink in google_storage_transfer_job #23493
vertexai: made metadata, and metadata.config required in google_vertex_ai_index. Resource creation would fail without these attributes already, so no change is necessary to existing configurations. #23971

OTHER BREAKING CHANGES:

alloydb: added deletion_protection field with a default value of true to google_alloydb_cluster resource #24024
apigee: changed certs_info field in google_apigee_keystores_aliases_key_cert_file to be output-only #24135
apigee: migrated google_apigee_keystores_aliases_key_cert_file to the plugin framework #24135
artifactregistry: removed the default values for public_repository fields in google_artifact_registry_repository. If your state is reliant on them, they will now need to be manually included in your configuration. #23970
bigquery: removed the default value of view.use_legacy_sql in google_bigquery_table #24065
bigtable: renamed instance to instance_name for bigtable_table_iam objects #23399
billing: made budget_filter.credit types and budget_filter.subaccounts no longer optional+computed, only optional, in google_billing_budget resource #24078
cloudfunctions2: changed service_config.service field in google_cloudfunctions2_function resource to be output-only #23790
compute: subnetworks and instances fields in google_compute_packet_mirroring have been converted from arrays to sets #24021
compute: advertised_ip_ranges field group in google_compute_router has been converted from a list to a set #24030
compute: disk.type, disk.mode and disk.interface no longer use provider configured default values and instead will be set by the API in google_compute_instance_template and google_compute_region_instance_template resources #24055
provider: fixed many import functions throughout the provider that erroneously matched a subset of the provided input, leading to unclear error messages when using terraform input with invalid resource IDs. #24010
resourcemanager: changed disable_on_destroy default value to false in google_project_service #23951
securesourcemanager: changed deletion_policy default value from DELETE to PREVENT #23963
storage: retention_period field in google_storage_bucket has been converted from int to string data type #23535
storage: migrated google_storage_notification to the plugin framework #24135

FEATURES:

New Data Source: google_artifact_registry_npm_package (#24072)
New Data Source: google_certificate_manager_dns_authorization (#24009)
New Resource: google_iap_web_region_forwarding_rule_service_iam_binding (#24041)
New Resource: google_iap_web_region_forwarding_rule_service_iam_member (#24041)
New Resource: google_iap_web_region_forwarding_rule_service_iam_policy (#24041)
New Resource: google_saas_runtime_saas (#24028)

IMPROVEMENTS:

cloudbuild: added developer_connect_event_config field to google_cloudbuild_trigger resource (#24043)
cloudtasks: added desired_state field to google_cloud_tasks_queue resource (#24053)
cloudrunv2: added max_instance_count field to google_cloud_run_v2_service resource. (#24031)
compute: added params.resourceManagerTags field to the google_compute_backend_service (#24062)
compute: added params.resource_manager_tags field to google_compute_backend_bucket (#24068)
compute: added short_name field to google_compute_organization_security_policy resource (#24059)
container: added cluster_autoscaling.default_compute_class_enabled field to google_container_cluster resource (#24023)
dialogflowcx: added enableMultiLanguageTraining, locked, answerFeedbackSettings, personalizationSettings, clientCertificateSettings, startPlaybook, satisfiesPzs, and satisfiesPzi to google_dialogflow_cx_agent resource. (#24007)
lustre: increased google_lustre_instance resource create timeout to 120m from 20m (#24056)
oracledatabase: enabled default_from_api flag for ODB Network related fields in google_oracle_database_cloud_vm_cluster resource (#24045)
sql: added feature to restore google_sql_database_instance using backupdr_backup (#24066)
ssm: made ca_pool argument optional for private instances that use Google-managed trusted certificates.tosecure_source_manager` resource (#24039)

BUG FIXES:

container: fixed issue where a failed creation on google_container_node_pool would result in an unrecoverable tainted state (#24077)
gkeonprem: set default_from_api in image field in google_vmware_node_pool (#24022)
workbench: made install-monitoring-agent metadata key settable for google_workbench_instance (#24080)

`v6.50.0`

Compare Source

NOTES:

bigtable: It is recommended for google_bigtable_table_iam_* resources to upgrade to v6.50.0 and switch from instance to instance_name in your configuration before upgrading to v7.X (#24400)

DEPRECATIONS:

bigtable: deprecated instance in favor of instance_name in google_bigtable_table_iam_* resources (#24400)

IMPROVEMENTS:

bigtable: added instance_name field to google_bigtable_table_iam_* resources (#24400)

`v6.49.3`

Compare Source

BUG FIXES:

compute: fixed a crash in google_compute_security_policy due to a changed API response for empty match.0.expr_options blocks (#24353)

`v6.49.2`

Compare Source

BUG FIXES:

container: fixed issue where a failed creation on google_container_node_pool would result in an unrecoverable tainted state (#10586)

`v6.49.1`

Compare Source

BUG FIXES:

secretmanager: fixed issue where upgrading to 6.49.0 would cause all google_secret_manager_secret_version resources to be recreated unless secret_data_wo_version was set (#24061)

`v6.49.0`

Compare Source

DEPRECATIONS:

beyondcorp: google_beyondcorp_application_iam_binding, google_beyondcorp_application_iam_member and google_beyondcorp_application_iam_policy IAM resources, and the google_beyondcorp_application_iam_policy datasource have been deprecated and will be removed in the upcoming major release (#23995)
tpu: deprecated google_tpu_tensorflow_versions data source. Use google_tpu_v2_runtime_versions instead. (#23958)

BREAKING CHANGES:

vertexai: made the metadata field required in google_vertex_ai_index (#23953)

FEATURES:

New Data Source: google_artifact_registry_tag (#23994)
New Data Source: google_artifact_registry_tags (#23969)
New Resource: google_dialogflow_convesation_profile (#23996)

IMPROVEMENTS:

apikeys: added service_account_email to google_apikeys_key (#24001)
compute: added advanced_options_config field to google_compute_region_security_policy resource (#23914)
container: added eviction_soft, eviction_soft_grace_period, eviction_minimum_reclaim, eviction_max_pod_grace_period_seconds, max_parallel_image_pulls, transparent_hugepage_enabled, transparent_hugepage_defrag and min_node_cpus fields to node_config block of google_container_node_pool and google_container_cluster resources (#23973)
networkmanagement: added subnet and network fields to the google_network_management_vpc_flow_logs_config resource (beta) (#23945)
networkmanagement: added output-only field target_resource_state to the google_network_management_vpc_flow_logs_config resource (#23945)
resourcemanager: added management_project and configured_capabilities fields to the google_folder resource. (#23983)

BUG FIXES:

cloud_tasks: set name field set to required in google_cloud_tasks_queue resource (#23997)
clouddeploy: allowed sending weekly_windows.start_time as an empty object in order to use default values in thegoogle_clouddeploy_deploy_policy resource (#23993)
kms: skip_initial_version_creation field is no longer immutable in google_kms_crypto_key, but is still only settable at-creation (#23984)
netapp: fixed bug where google_netapp_volume.large_capacity was not properly marked as immutable, causing updates to fail (and making it impossible to change the field value after creation) (#24004)
networkconnectivity: added update support for linked_vpc_network in google_network_connectivity_spoke (#23949)

`v6.48.0`

Compare Source

FEATURES:

New Data Source: google_artifact_registry_package (#23901)
New Data Source: google_artifact_registry_repositories (#23906)
New Data Source: google_artifact_registry_version (#23868)
New Resource: google_dialogflow_cx_playbook (initial basic support, full features to follow in a later release) (#23895)
New Resource: google_vertexai_rag_engine_config (#23889)

IMPROVEMENTS:

backupdr: added log_retention_days field to google_backup_dr_backup_plan resource (#23846)
compute: added advanced_options_config field to google_compute_region_security_policy resource (#23914)
compute: added ha_policy field to google_compute_region_backend_service resource (#23905)
compute: added the ability to use global target forwarding rule for target_service field in google_compute_service_attachment resource (#23892)
container: added boot_disk to node_config in google_container_cluster and google_container_node_pool resources (#23840)
container: added node_config.kubelet_config.single_process_oom_kill field to google_container_node_pool and google_container_cluster resources (#23844)
container: added in-place update support for user_managed_keys_config field in google_container_cluster resource (#23883)
dataproc: added cluster_config.cluster_tier field to google_dataproc_cluster resource (#23830)
gkeonprem: added enable_advanced_cluster field to google_gkeonprem_vmware_admin_cluster resource (#23908)
memorystore: added allow_fewer_zones_deployment field to google_memorystore_instance resource (#23845)
sql: added field psa_write_endpoint flag to google_sql_database_instance resource (#23867)
sql: added network_attachment_uri field to google_sql_database_instance resource (#23894)
sql: added node_count field to sql_database_instance resource, and added new value READ_POOL_INSTANCE enum to the instance_type field of sql_database_instance resource (#23897)
storagetransfer: added federated_identity_config field to google_storage_transfer_job resource (#23900)
storagetransfer: added transfer_spec.aws_s3_data_source.cloudfront_domain field to google_storage_transfer_job resource (#23887)

BUG FIXES:

accesscontextmanager: made scopes field as immutable for access_context_manager_access_policy resource. (#23886)
bigquery: fixed handling of non-legacy roles for access block inside google_bigquery_dataset (#23898)
container: fixed an issue causing errors during updates to node_config to be suppressed in google_container_cluster and google_container_node_pool (#23842)

`v6.47.0`

Compare Source

DEPRECATIONS:

compute: deprecated network_self_link field in google_compute_subnetworks data source. Use network_name instead. (#23753)
resourcemanager: deprecated project field in google_service_account_key data source. The field is non functional and can safely be removed from your configuration. (#23813)

FEATURES:

New Data Source: google_artifact_registry_docker_images (#23751)
New Resource: google_apigee_security_action (#23721)
New Resource: google_developer_connect_insights_config (#23789)
New Resource: google_discovery_engine_cmek_config (#23745)
New Resource: google_iam_workforce_pool_iam_binding (#23784)
New Resource: google_iam_workforce_pool_iam_member (#23784)
New Resource: google_iam_workforce_pool_iam_policy (#23784)

IMPROVEMENTS:

backupdr: added backup_retention_inheritance field to google_backup_dr_backup_vault resource (#23817)
bigqueryanalyticshub: added commercial_info and delete_commercial fields in google_bigquery_analytics_hub_listing resource (#23731)
bigqueryanalyticshub: added discovery_type field to google_bigquery_analytics_hub_data_exchange resource (#23801)
bigqueryanalyticshub: added state, discovery_type, and allow_only_metadata_sharing fields to google_bigquery_analytics_hub_listing resource (#23801)
cloudfunction: added automatic_update_policy and on_deploy_update_policy to google_cloudfunctions_function resource (#23819)
cloudrunv2: added gpu_zonal_redundancy_disabled field to google_cloud_run_v2_job resource. (#23811)
compute: added labels field to google_compute_storage_pool resource (#23783)
compute: added network_name field to google_compute_subnetworks data source (#23753)
container: added ip_allocation_policy.additional_ip_ranges_config field to google_container_cluster resource (#23828)
container: added network_config.additional_node_network_configs.subnetwork field to google_container_node_pool resource (#23828)
container: added addons_config.lustre_csi_driver_config field to google_container_cluster resource (#23729)
container: added support for rbac_binding_config in google_container_cluster (#23812)
dataproc: added cluster_config.cluster_tier field to google_dataproc_cluster resource (#23830)
looker: added LOOKER_CORE_TRIAL_STANDARD, LOOKER_CORE_TRIAL_ENTERPRISE, and LOOKER_CORE_TRIAL_EMBED editions to google_looker_instance resource. (#23785)
managedkafka: added tls_config field to google_managed_kafka_cluster resource (#23749)
memorystore: added allow_fewer_zones_deployment field to google_redis_cluster resource (#23800)
storage: added deletion_policy field to google_storage_bucket_object resource (#23816)
vertexai: added custom_delete field to google_vertex_ai_endpoint_with_model_garden_deployment resource (#23788)

BUG FIXES:

bigquery: fixed a crash in google_bigquery_table when configured as an external table with parquet_options (#23808)
cloudrunv2: fixed an issue where manual_instance_count was unable to set to 0 in google_cloud_run_v2_worker_pool. (#23798)
composer: fixed updates failing for recovery_config with explicitly disabled scheduled snapshots (#23715)
iap: fixed an issue where deleting google_iap_settings without setting GOOGLE_PROJECT incorrectly failed (#23724)
storage: removed client-side GCS name validations for google_storage_bucket (#23719)

`v6.46.0`

Compare Source

FEATURES:

New Data Source: google_storage_insights_dataset_config (#23709)
New Resource: google_apigee_api_product (#23648)
New Resource: google_discovery_engine_recommendation_engine (#23692)
New Resource: google_oracle_database_odb_network (#23675)
New Resource: google_oracle_database_odb_subnet (#23694)
New Resource: google_storage_insights_dataset_config (#23707)

IMPROVEMENTS:

compute: added params.resourceManagerTags field to the google_compute_router (#23690)
compute: added in-place update support for provisioned_iops, provisioned_throughput, and access_mode fields in google_compute_region_disk resource (#23697)
dataproc: added authentication_config field to google_dataproc_batch and google_dataproc_session_template resource (#23644)
dataproc: added idle_ttl field to google_dataproc_session_template resource (#23680)
networkconnectivity: added field allocation_options to resource google_network_connectivity_internal_range (#23687)
oracledatabase: added odb_network and odb_subnet fields, and made network and cidr fields optional in google_oracle_database_autonomous_database resource (#23686)
oracledatabase: added odb_network, odb_subnet and backup_odb_subnet fields, and made network, cidr and backup_subnet_cidr fields optional in google_oracle_database_cloud_vm_cluster resource (#23688)
secretmanager: added tags field to google_secret_manager_regional_secret to allow setting tags for regional_secrets at creation time (#23706)
securesourcemanager: added deletion_policy field to google_secure_source_manager_repository resource (#23693)
workbench: added enable_managed_euc field to google_workbench_instance resource. (#23682)
workbench: added reservation_affinity field to google_workbench_instance resource. (#23676)

BUG FIXES:

composer: fixed updates failing for google_composer_environment recovery_config with explicitly disabled scheduled snapshots (#23715)
datastore: fixed a permadiff with google_datastream_connection_profile's create_without_validation field (#23711)
memorystore: fixed bug to allow google_memorystore_instance to be used with no provider default region or with a location that doesn't match the provider default region. (#23666)
networkconnectivity: fixed instances[].ip_address & instances[].virtual_machine fields in linked_router_appliance_instances block being incorrectly treated as immutable for google_network_connectivity_spoke resource (#23705)
resourcemanager: updated service account creation to prevent failures due to eventual consistency in google_service_account resource (#23639)
sql: fixed a provider crash when importing google_sql_database resource (#23643)

`v6.45.0`

Compare Source

DEPRECATIONS:

gemini: deprecated the disable_web_grounding field in the google_gemini_gemini_gcp_enablement_setting resource (#23581)

FEATURES:

New Resource: google_bigtable_schema_bundle (#23585)
New Resource: google_compute_preview_feature (#23631)
New Resource: google_dialogflow_cx_generator (#23605)
New Resource: google_model_armor_floorsetting (#23621)
New Resource: google_vertex_ai_endpoint_with_model_garden_deployment (#23632)

IMPROVEMENTS:

accesscontextmanager: added name to google_access_context_manager_gcp_user_access_binding resource (#23638)
apigee: marked the field access_logging_config immutable in google_apigee_instance resource (#23571)
bigquery: added ignore_auto_generated_schema virtual field to google_bigquery_table resource to ignore server-added columns in the schema field (#23633)
cloudrunv2: added field node_selector in google_cloud_run_v2_job (#23586)
compute: added params.resourceManagerTags field to the google_compute_subnetwork (#23618)
compute: added rule.match.src_secure_tags, rule.target_secure_tags, predefined_rules.match.src_secure_tags and predefined_rules.target_secure_tags fields to google_compute_firewall_policy_with_rules resource (#23635)
dataproc: added cluster_config.security_config.identity_config field to google_dataproc_cluster resource (#23613)
dataproc: updated cluster_config.gce_cluster_config.metadata field to be computed in google_dataproc_cluster resource (#23613)
dialogflowcx: added flexible support to google_dialogflow_cx_webhook resource. (#23582)
gemini: added web_grounding_type field to google_gemini_gemini_gcp_enablement_setting resource (#23581)
netapp: added in-place update support for allow_auto_tiering field in google_netapp_storage_pool resource (#23614)
secretmanager: added tags field to google_secret_manager_secret to allow setting tags for secrets at creation time (#23625)
securesourcemanager: added deletion_policy field to google_secure_source_manager_instance resource (#23606)
sql: added network_attachment_uri field to google_sql_database_instance (#23615)
vmwareengine: added GOOGLE_CLOUD_NETAPP_VOLUMES peering type to resource google_vmwareengine_network_peering (#23628)

BUG FIXES:

modelarmor: fixed conflicting field validation for filter_config.sdp_settings on google_model_armor_template (#23626)
resourcemanager: updated service account creation to prevent failures due to eventual consistency in google_service_account resource (#23639)

`v6.44.0`

Compare Source

FEATURES:

New Data Source: google_compute_network_attachment (#23570)
New Data Source: google_firestore_document (#23553)
New Resource: google_backup_dr_service_config (#23552)
New Resource: google_bigquery_analytics_hub_data_exchange_subscription (#23560)
New Resource: google_gkeonprem_vmware_admin_cluster (#23554)
New Resource: google_network_security_backend_authentication_config (#23555)

IMPROVEMENTS:

alloydb: added machine_config.machine_type field to google_alloydb_instance resource (#23562)
apigee: added access_logging_config field to google_apigee_instance resource (#23522)
apigee: marked access_logging_config field immutable in google_apigee_instance resource (#23571)
backupdr: added in-place update support for google_backup_dr_backup_plan resource (#23537)
compute: added params.resource_manager_tags field to google_compute_firewall resource (#23524)
compute: added application_aware_interconnect and aai_enabled fields to google_compute_interconnect resource (#23567)
compute: added load_balancing_scheme field to google_compute_backend_bucket resource (#23499)
compute: added provisioned_iops and provisioned_throughput fields to google_compute_region_disk resource (#23551)
compute: added specific_reservation.source_instance_template, delete_at_time, delete_after_duration.seconds, delete_after_duration.nanos and reservation_sharing_policy.service_share_type fields to google_compute_reservation resource (#23561)
firestore: added tags field to google_firestore_database resource (#23569)
securesourcemanager: added in-place update support for description field in google_secure_source_manager_repository resource (#23557)
storage: added force_empty_content_type field to google_storage_bucket_object resource (#23568)

BUG FIXES:

artifactregistry: fixed an issue where changes to cleanup_policies were not being applied correctly in google_artifact_registry_repository resource (#23556)
iambeta: fixed perma-diff for jwks_json field when GCP normalizes JSON formatting in google_iam_workload_identity_pool_provider resource (#23526)

`v6.43.0`

Compare Source

DEPRECATIONS:

iap: deprecated google_iap_client and google_iap_brand (#23431)

FEATURES:

New Data Source: google_kms_autokey_config (#23490)
New Data Source: google_kms_key_handle (#23490)
New Data Source: google_kms_key_handles (#23490)
New Data Source: google_network_management_connectivity_test_run (#23497)
New Data Source: google_redis_cluster (#23436)
New Resource: google_contact_center_insights_analysis_rule (#23435)
New Resource: google_kms_autokey_config (#23490)
New Resource: google_kms_key_handle (#23490)
New Resource: google_model_armor_template (#23432)

IMPROVEMENTS:

bigquery: added ignore_schema_changes virtual field to google_bigquery_table resource. Only dataPolicies field is supported in ignore_schema_changes for now. (#23495)
billing: added currency_code to google_billing_account data source (#23474)
compute: added params.resource_manager_tags field to google_compute_network resource (#23421)
compute: added load_balancing_scheme field to google_compute_backend_bucket resource (#23499)
compute: added params.resource_manager_tags field to google_compute_route resource (#23489)
container: added anonymous_authentication_config field to google_container_cluster resource (#23491)
dataplex: added suspended field to google_dataplex_datascan resource (#23456)
discoveryengine: added enable_table_annotation, enable_image_annotation, structured_content_types, exclude_html_elements, exclude_html_classes and exclude_html_ids fields to layout_parsing_config of google_discovery_engine_data_store resource (#23478)
discoveryengine: added kms_key_name field to google_discovery_engine_data_store resource (#23469)
memorystore: added managed_server_ca field to google_memorystore_instance resource (#23430)
secretmanager: added deletion_protection field to google_secret_manager_secret resource to optionally make deleting them require an explicit intent (#23480)
secretmanager: added fetch_secret_data field to google_secret_manager_secret_version to optionally skip fetching the secret data (#23471)

BUG FIXES:

compute: fixed match field in google_compute_router_route_policy resource to be marked as required (#23494)
compute: fixed an issue with bgp_always_compare_med in google_compute_network where it was unable to be set from true to false (#23477)
compute: made no replication status in google_compute_disk_async_replication a retryable error (#23492)
gkeonprem: fixed type of load_balancer.0.bgp_lb_config.0.address_pools.0.manual_assign in google_gkeonprem_bare_metal_cluster, making it a boolean instead of a string (#23472)
integrationconnectors: removed validation from auth configs in google_integration_connectors_connection resource (#23429)

`v6.42.0`

Compare Source

FEATURES:

New Resource: google_apihub_plugin_instance (#23346)
New Resource: google_apihub_plugin (#23407)
New Resource: google_dialogflow_cx_generative_settings (#23394)

IMPROVEMENTS:

cloudidentity: added create_ignore_already_exists field to google_cloud_identity_group_membership resource (#23376)
compute: added access_mode field to google_compute_region_disk resource (#23409)
compute: added match.src_secure_tags and target_secure_tags fields to google_compute_firewall_policy_rule resource (#23414)
compute: added params.resource_manager_tags field to google_compute_network resource (#23421)
compute: added resource_policies.workload_policy field to google_compute_instance_group_manager resource (#23420)
container: added confidential_nodes.confidential_instance_type field to google_container_cluster resource (#23410)
container: added gke_auto_upgrade_config field to google_container_cluster resource (#23411)
container: added node_config.confidential_nodes.confidential_instance_type field to google_container_node_pool resource (#23410)
firestore: revoked deprecation of deletion_policy field in google_firestore_database resource (#23403)
memorystore: added kms_key field to google_memorystore_instance resource (#23396)
redis: added effective_reserved_ip_range field to google_redis_instance resource (#23384)
secretmanager: added deletion_protection field to google_secret_manager_regional_secret resource (#23398)
spanner: added encryption_config.kms_key_name field to google_spanner_backup_schedule resource (#23378)
storage: added allow_cross_org_vpcs and allow_all_service_agent_access fields to google_storage_bucket resource (#23405)

BUG FIXES:

alloydb: removed machine_config.machine_type field from google_alloydb_instance resource because it is not yet supported in GA (#23415)
bigqueryanalyticshub: supported in-place update for log_linked_dataset_query_user_email in google_bigquery_analytics_hub_listing and google_bigquery_analytics_hub_data_exchange resources. Once enabled, this feature cannot be disabled. (#23391)
bigquerydatatransfer: stopped surfacing persistent warnings recommending write-only field when using secret_access_key on google_bigquery_data_transfer_config (#23417)
memorystore: added the ability to set the replica_count field in google_memorystore_instance resource to 0 (#23412)
monitoring: made description and displayName optional and mutable in google_monitoring_metric_descriptor resource (#23381)
redis: fixed reserved_ip_range field not being populated for google_redis_instance data source (#23384)
secretmanager: stopped surfacing persistent warnings recommending write-only field when using secret_data on google_secret_manager_secret_version (#23417)
sql: stopped surfacing persistent warnings recommending write-only field when using password on google_sql_user (#23417)
workbench: added support for setting serial-port-logging-enable key in metadata field in google_workbench_instance resource (#23406)

`v6.41.0`

Compare Source

BREAKING CHANGES:

lustre: added per_unit_storage_throughput as a required field to google_lustre_instance resource in response to a change in the API surface (#23319)

FEATURES:

New Data Source: google_dataplex_data_quality_rules (#23255)
New Resource: google_apihub_plugin_instance (#23346)
New Resource: google_contact_center_insights_view (#23263)
New Resource: google_dataproc_session_template (#23288)
New Resource: google_dialogflow_encryption_spec (#23335)

IMPROVEMENTS:

alloydb: added network_config.allocated_ip_range_override field to google_alloydb_instance resource (#23330)
bigqueryanalyticshub: added log_linked_dataset_query_user_email field to google_bigquery_analytics_hub_data_exchange resource (#23271)
bigqueryanalyticshub: added log_linked_dataset_query_user_email field to google_bigquery_analytics_hub_listing_subscription resource (#23286)
bigqueryanalyticshub: added pubsub_topic field to google_bigquery_analytics_hub_listing resource (#23334)
bigtable: added row_key_schema to google_bigtable_table resource (#23337)
cloudasset: added support for universe domain handling for google_cloud_asset_resources_search_all datasource (#23318)
cloudquotas: added inherited and inherited_from fields to google_cloud_quotas_quota_adjuster_settings resource (#23339)
compute: added CROSS_SITE_NETWORK enum option to requested_features field in google_compute_interconnect resource (#23316)
compute: added TLS_JA4_FINGERPRINT option to enforce_on_key field in google_compute_region_security_policy, google_compute_security_policy, and google_compute_security_policy_rule resources (#23270)
compute: added send_propagated_connection_limit_if_zero to google_compute_service_attachment to resolve an issue where propagated_connection_limit were not working for 0 value previously. Now setting send_propagated_connection_limit_if_zero = true will send propagated_connection_limit = 0 when it's unset or set to 0. (#23325)
compute: promoted default_custom_error_response_policy to GA in google_compute_url_map (#23268)
container: added performance_monitoring_unit in node_config/advanced_machine_features to 'google_container_cluster' resource (#23260)
container: added release_channel_upgrade_target_version to google_container_engine_versions data source (#23336)
dataplex: added support for discovery scan in google_dataplex_datascan resource (#23291)
dns: added target_name_servers.domain_name field to google_dns_managed_zone resource (#23265)
provider: added support for adc impersonation in different universes (#23320)
storage: added source_md5hash field in google_storage_bucket_object (#23267)

BUG FIXES:

compute: fixed google_compute_firewall_policy_rule staying disabled after apply with disabled = false (#23329)
compute: marked name in google_compute_node_group, google_compute_node_template as required as it was impossible to create successfully without a value (#23345)
sql: fixed an error in updating connection_pool_config in google_sql_database_instance (#23332)
tags: fixed perma-diff for parent field in google_tags_location_tag_binding resource (#23331)

`v6.40.0`

Compare Source

DEPRECATIONS:

notebook: google_notebook_runtime is deprecated and will be removed in a future major release. Use google_workbench_instance instead. (#23251)

FEATURES:

New Data Source: google_dataplex_data_quality_rules (#23255)
New Resource: google_dialogflow_cx_tool (#23192)

IMPROVEMENTS:

backupdr: added support for updating in-place to the google_backup_dr_backup_plan_association resource (#23237)
bigqueryanalyticshub: added log_linked_dataset_query_user_email field to google_bigquery_analytics_hub_listing resource (#23238)
compute: added cipher_suite block with phase1 and phase2 encryption configurations to google_compute_vpn_tunnel resource. (#23253)
compute: added fingerprint field in google_compute_target_http_proxy and google_compute_target_https_proxy resources. (#23231)
compute: added headers, expected_output_url, and expected_redirect_response_code fields to test in google_compute_url_map resource and made service field optional (#23199)
compute: added path_matcher.default_route_action fields to google_compute_region_url_map resource (#23226)
compute: added workload_policy and group_placement_policy.gpu_topology fields to google_compute_resource_policy resource (ga) (#23229)
gkehub: added custom_role field to google_gke_hub_scope_rbac_role_binding resource (#23183)
integrationconnectors: added support for log_config.level for google_integration_connectors_connection (#23224)
networkconnectivity: added psc_config.producer_instance_location and psc_config.allowed_google_producers_resource_hierarchy_level fields to google_network_connectivity_service_connection_policy (#23240)
redis: added managed_server_ca to google_redis_cluster resource (#23223)
resourcemanager: allowed dataproc-control.googleapis.com and stackdriverprovisioning.googleapis.com services in google_project_service resource (#23230)
storage: removed the hardcoded 80m timeout used during google_storage_bucket deletion when removing an anywhere cache, polling instead. This should speed up deletion in these cases. (#23198)
vertexai: added region in google_vertex_ai_index_endpoint_deployed_index (#23247)

BUG FIXES:

beyondcorp: fixed the issue where hubs.internet_gateway.assigned_ips was not populated correctly in the google_beyondcorp_security_gateway resource (#23244)
compute: fixed google_compute_router_nat where changes to auto_network_tier are always shown after initial apply (#23190)
compute: fixed validation for target_service field in google_compute_service_attachment resource causing issues when targeting a google_network_services_gateway resource (#23239)
dataflow: fields network, subnetwork, num_workers, max_num_workers and machine_type will no longer cause permadiff on dataflow_flex_template_job (#23222)
dataproc: fixed a permadiff with "prodcurrent" and "prodprevious" within image subminor version for google_dataproc_cluster (#23207)
networksecurity: marked google_network_security_address_group capacity as immutable because it can't be updated in place. (#23209)

`v6.39.0`

Compare Source

FEATURES:

New Resource: google_apihub_curation (#23144)
New Resource: google_compute_interconnect_attachment_group (#23159)
New Resource: google_compute_interconnect_group (#23159)
New Resource: google_compute_snapshot_settings (#23151)

IMPROVEMENTS:

apigee: added client_ip_resolution_config field to google_apigee_environment resource (#23172)
beyondcorp: added delegating_service_account field to google_beyondcorp_security_gateway resource (#23094)
bigquery: added data_source_id to update requests through google_bigquery_data_transfer_config (#23134)
cloudrunv2: added google_cloud_run_v2_job support for depends_on and startup_probe properties (#23179)
container: added network_performance_config field to google_container_cluster resource (#23098)
container: promoted flex_start in google_container_cluster to GA (#23093)
dataplex: added catalog_publishing_enabled field to google_dataplex_datascan resource (#23165)
datastream: added network_attachment support via psc_interface_config attribute in google_datastream_private_connection (#23091)
eventarc: made network_attachment field optional in google_eventarc_pipeline (#23133)
gemini: added disable_web_grounding field to google_gemini_gemini_gcp_enablement_setting resource (#23096)
gemini: added enable_data_sharing field to google_gemini_data_sharing_with_google_setting resource (#23173)
gkehub2: added spec.rbacrolebindingactuation field to resource google_gke_hub_feature (#23102)
gkehub: added custom_role field to google_gke_hub_scope_rbac_role_binding resource (#23183)
iambeta: enforced workload_identity_pool_managed_identity_id field validation per the documented specifications (#23149)
pubsub: added message_transform field to google_pubsub_topic resource (#23161)
pubsub: added message_transforms field to google_pubsub_subscription resource (#23162)

BUG FIXES:

bigquery: modified google_bigquery_dataset_iam_member to no longer remove authorized views and routines (#23177)
colab: fixed perma-diff in google_colab_runtime_template caused by the API returning a non-null default value. (#23137)
colab: fixed perma-diff in google_colab_runtime_template caused by empty blocks. (#23163)
compute: fixed a permadiff in network_profile field of google_compute_network related to specifying partial self-links (#23164)
compute: fixed an issue where google_compute_firewall_policy_with_rules.target_resources could see a diff between the beta and v1 API in the resource's self-link (#23170)
container: fixed nodepool secondary range validation to allow the use of netmasks. (#23142)
gemini: removed overly restrictive product validation on google_gemini_gemini_gcp_enablement_setting_binding, google_gemini_data_sharing_with_google_setting_binding. New values like GOOGLE_CLOUD_ASSIST will now be accepted. (#23178)

`v6.38.0`

Compare Source

DEPRECATIONS:

colab: deprecated post_startup_script_config field in google_colab_runtime_template resource (#23075)

FEATURES:

New Data Source: google_bigquery_datasets (#23059)
New Resource: google_dataplex_entry (#23000)

IMPROVEMENTS:

compute: added numeric_id field to google_compute_region_instance_template resource (#23065)
compute: added source_subnetwork_ip_ranges_to_nat64 and nat64_subnetwork fields to google_compute_router_nat resource (#23078)
container: promoted pod_autoscaling field in google_container_cluster resource to GA (#23002)
datastream: added psc_interface_config field in google_datastream_private_connection resource (#23091)
dns: added dns64_config field to google_dns_policy resource (#23078)
filestore: added effective_replication.role and effective_replication.replicas.peer_instance fields to google_filestore_instance resource (#23001)
netapp: added backup_retention_policy.backup_minimum_enforced_retention_days, backup_retention_policy.daily_backup_immutable, backup_retention_policy.weekly_backup_immutable, backup_retention_policy.monthly_backup_immutable, and backup_retention_policy.manual_backup_immutable fields to google_netapp_backup_vault (#23087)
networkconnectivity: added IPV6 enum to protocol_version field in google_network_connectivity_policy_based_route resource (#23069)
privateca: added support for setting default values for basic constraints for google_privateca_certificate_template via the null_ca and zero_max_issuer_path_length fields (#22981)
privateca: added name_constraints field for google_privateca_certificate_template resource (#22981)
provider: supported service account impersonation in different universes through credential file (#23063)

BUG FIXES:

colab: fixed perma-diff in google_colab_runtime_template caused by the API returning a non-null default value (#23137)
compute: fixed an issue where rules ordering in google_compute_region_security_policy caused a diff after apply (#23076)
filestore: fixed bug where google_filestore_instance.initial_replication field could not be set (#23001)

`v6.37.0`

Compare Source

FEATURES:

New Data Source: google_bigquery_table (#22973)
New Data Source: google_gke_hub_membership (#22972)
New Resource: google_apigee_security_monitoring_condition (#22953)
New Resource: google_beyondcorp_security_gateway_application (#22938)
New Resource: google_cloud_run_v2_worker_pool (#22933)
New Resource: google_compute_future_reservation (#22860)
New Resource: google_dataplex_glossary_category (#22835)
New Resource: google_dataplex_glossary_term (#22835)
New Resource: google_iam_workforce_pool_provider_key (#22960)
New Resource: google_managed_kafka_acl (#22957)

IMPROVEMENTS:

alloydb: added activation_policy field to google_alloydb_instance resource (#22818)
compute: added in-place update support for mtu field in google_compute_network (#22956)
compute: promoted google_compute_region_network_firewall_policy_with_rules, google_compute_network_firewall_policy_with_rules, and compute_firewall_policy_with_rules resources to GA (#22958)
container: added in-place update support for ip_allocation_policy.stack_type field in google_container_cluster resource (#22915)
container: added in-place update support for enable_multi_networking in google_container_cluster resource (#22924)
databasemigrationservice: added create_without_validation field to google_database_migration_service_private_connection resource (#22925)
dataflow: added additional_pipeline_options field to google_dataflow_flex_template_job resource (#22919)
memorystore: added field desired_auto_created_endpoints for google_memorystore_instance resource (#22871)
netapp: added hybrid_peering_details and hybrid_replication_type fields to google_netapp_volume_replication resource (#22975)
netapp: added hybrid_replication_parameters fields to google_netapp_volume resource (#22975)
netblock: added restricted-googleapis-with-directconnectivity and private-googleapis-with-directconnectivity range_types to google_netblock_ip_ranges data source (#22930)
netblock: added ipv6 ranges for restricted-googleapis and private-googleapis range_types to google_netblock_ip_ranges data source (#22930)
privateca: added name_constraints field for google_privateca_certificate_template resource (#22981)
spanner: added field instance_type to the google_spanner_instance resource (#22916)
storage: added ip_filter to google_storage_bucket resource. (#22976)

BUG FIXES:

compute: fixed forced instance recreation when adding a attached_disk with force_attach being false to google_compute_instance (#22954)
gemini: fixed permadiff on product field in google_gemini_logging_setting_binding resource (#22819)
gemini: fixed permadiff on product field in google_gemini_release_channel_setting_binding resource (#22929)
networkservices: fixed validation error when modifying the cache_mode field in edge_cache_service (#22932)
privateca: fixed issue preventing setting 0 and null values for basic constraints in the google_privateca_certificate_template resource via the addition of null_ca and zero_max_issuer_path_length fields (#22981)
vpcaccess: fixed an issue where Terraform config validation conditions could have erroneously invalidated existing google_vpc_access_connector resources (#22837)

`v6.36.1`

Compare Source

BUG FIXES:

compute: fixed forced instance recreation when adding a attached_disk with unset force_attach to google_compute_instance (#22954)

`v6.36.0`

Compare Source

DEPRECATIONS:

beyondcorp: deprecated google_beyondcorp_application. (#22754)
firestore: deprecated deletion_policy field of google_firestore_database resource (#22764)

FEATURES:

New Data Source: google_beyondcorp_security_gateway (#22793)
New Data Source: google_lustre_instance (#22766)
New Resource: google_bigquery_row_access_policy (#22806)
New Resource: google_dataplex_glossary (#22794)
New Resource: google_firebase_app_hosting_default_domain (#22748)
New Resource: google_firebase_app_hosting_domain (#22748)
New Resource: google_firebase_app_hosting_traffic (#22748)
New Resource: google_network_security_intercept_deployment (#22790)
New Resource: google_network_security_intercept_deployment_group (#22790)
New Resource: google_network_security_intercept_endpoint_group (#22790)
New Resource: google_network_security_intercept_endpoint_group_association (#22790)

IMPROVEMENTS:

beyondcorp: increased default timeouts on google_beyondcorp_app_gateway operations from 20m to 40m (#22805)
bigtable: added deletion_protection field to google_bigtable_logical_view resource (#22755)
compute: added 'H2C' as a supported value for protocol in google_compute_backend_service and google_compute_region_backend_service (#22791)
compute: added external_managed_backend_bucket_migration_state and external_managed_backend_bucket_migration_testing_percentage to google_compute_global_forwarding_rule resource. (#22781)
compute: added external_managed_migration_state and external_managed_migration_testing_percentage to google_compute_backend_service resource. (#22781)
compute: added force_attach field to boot_disk and attached_disk of google_compute_instance resource (#22801)
compute: added numeric_id to google_compute_instance_template resource (#22763)
compute: added the numeric id as generated_id attribute to the google_compute_network_endpoint_group (#22780)
compute: added update support for load_balancing_scheme in google_compute_backend_service and google_compute_global_forwarding_rule resources to allow migrating between classic and global external ALB (#22781)
container: added in_transit_encryption_config field in google_container_cluster resource (#22758)
container: allowed in-place update node_config.windows_node_config field in google_container_cluster and google_container_node_pool resource (#22782)
container: allowed in-place update for node_config.storage_pools field in google_container_cluster and google_container_node_pool resource (#22753)
dialogflowcx: added event_handlers.trigger_fulfillment.enable_generative_fallback field to google_dialogflow_cx_flow resource (#22671)
dialogflowcx: added gen_app_builder_settings field to google_dialogflow_cx_agent resource (#22757)
netapp: added custom_performance_enabled, total_throughput_mibps, and total_iops fields to google_netapp_storage_pool resource (#22778)
vmwareengine: increased google_cloud_vmwareengine_private_cloud timeout to 6 hours. (#22762)

BUG FIXES:

compute: added global retry for "resourceNotReady for Networks" 400 errors (#22756)
dialogflowcx: fixed an issue where dialogflow_cx_custom_endpoint is not correctedly handled (#22792)
iamoauthclient: marked google_iam_oauth_client_credential.client_secret as sensitive (#22789)
resourcemanager: fixed an issue in google_projects data source where the provider universe_domain did not overwrite the list URL (#22747)

`v6.35.0`

Compare Source

BREAKING CHANGES:

metastore: removed non-functioning tags field from google_dataproc_metastore_service. It was introduced in v6.31.0 but the feature was not yet GA. (#22636)
redis: removed non-functioning tags field from google_redis_instance . It was introduced in v6.31.0 but the feature was not yet GA. (#22637)

FEATURES:

New Resource: google_compute_cross_site_network (#22632)

IMPROVEMENTS:

alloydb: added psc_auto_connections field to google_alloydb_instance resource (#22630)
apigee: added s_sl_info.enforce field in google_apigee_target_server resource (#22594)
bigquery: added security_mode option for google_bigquery_routine resource (#22643)
bigtable: added support for explicit disable automated backup on create for google_bigtable_table (#22635)
compute: added guest_os_features and architecture to google_compute_instance_template and google_compute_region_instance_template (#22644)
compute: allowed in-place updates for subnetworks, description, producer_accept_lists, and producer_reject_lists on google_compute_network_attachment (#22611)
dialogflowcx: added knowledge_connector_settings field to google_dialogflow_cx_flow and google_dialogflow_cx_page resources (#22631)
netapp: added backup_vault_type, backup_region, source_region, source_backup_vault, and destination_backup_vault fields to google_netapp_backup_vault (#22625)
netapp: added volume_region and backup_region fields to google_netapp_backup (#22625)
networkconnectivity: added immutability field to google_network_connectivity_internal_range resource (#22623)
networkservices: added flex_shielding field to google_network_services_edge_cache_origin resource (#22645)
spanner: added field default_time_zone to google_spanner_database resource (#22628)
storage: added new field content_hexsha512 and content_base64sha512 in data source google_storage_bucket_object_content (#22592)

BUG FIXES:

gemini: fixed bug on google_gemini_code_repository_index where force_destroy field did nothing (#22648)
privateca: removed requirement to specify organization for google_privateca_certificate_authority resource (#22634)
workbench: fixed some metadata changes not being reflected in google_workbench_instance (#22612)

`v6.34.1`

Compare Source

BUG FIXES:

bigtable: fixed forced instance recreation due to addition of cluster.node_scaling_factor for google_bigtable_instance (#22674)

`v6.34.0`

Compare Source

DEPRECATIONS:

tpu: deprecated google_tpu_node resource. google_tpu_node is deprecated and will be removed in a future major release. Use google_tpu_v2_vm instead. (#22552)

FEATURES:

New Resource: google_apigee_security_profile_v2 (#22524)

IMPROVEMENTS:

bigtable: added cluster.node_scaling_factor field to google_bigtable_instance resource (#22560)
cloudrunv2: added scaling_mode and manual_instance_count fields to google_cloud_run_v2_service resource (#22561)
networkconnectivity: added state_reason field to google_network_connectivity_spoke resource (#22525)
sql: added connection_pool_config field to the google_sql_database_instance resource (#22583)
vpcaccess: changed fields min_instances, max_instances, machine_type to allow update google_vpc_access_connector without recreation. (#22572)

BUG FIXES:

compute: fixed the bug when validating the subnetwork project in google_compute_instance resource (#22571)
workbench: fixed a permadiff on metadata of instance-region in google_workbench_instance resource (#22553)

`v6.33.0`

Compare Source

FEATURES:

New Data Source: google_memcache_instance (#22477)
New Resource: google_bigtable_logical_view (#22499)
New Resource: google_bigtable_materialized_view (#22475)
New Resource: google_compute_region_security_policy_rule (ga) (#22443)
New Resource: google_compute_region_security_policy (ga) (#22443)
New Resource: google_os_config_v2_policy_orchestrator_for_folder (#22441)

IMPROVEMENTS:

beyondcorp: added upstreams fields to google_beyondcorp_application resource (#22514)
compute: added fields like raw_key, rsa_encrypted_key, kms_key_service_account to all relevant resources on google_compute_instance_template and google_compute_region_instance_template (#22503)
compute: added disk_id to google_compute_region_disk resource (#22462)
compute: marked location field as required in google_compute_interconnect resource (#22480)
container: added data_cache_count to ephemeral_storage_local_ssd_config for google_container_node_pool (#22456)
container: added update for gvnic to google_container_node_pool (#22421)
dataplex: added notification_report field to google_dataplex_datascan resource (#22464)
gkehub: added configmanagement.config_sync.deployment_overrides field to google_gke_hub_feature_membership resource (#22403)
identityplatform: added response_type field to google_identity_platform_oauth_idp_config (#22463)
networkservices: added metadata field to google_networkservices_lbtrafficextension resource (#22454)
sql: added output-only field dns_names to google_sql_database_instance resource (#22502)
storage: added new fields time_created and updated in google_storage_bucket (#22500)
storagetransfer: added transfer_spec.aws_s3_data_source.managed_private_network field to google_storage_transfer_job resource (#22509)

BUG FIXES:

alloydb: stopped diffs when google_alloydb_instance.network_config is not specified as the API newly returns a value. Removing the field from config will no longer create a diff and will preserve the current value (#22504)
clouddeploy: allowed sending empty block for rollback field in google_clouddeploy_automation resource. (#22501)
compute: fixed an issue preventing terms.priority from being set to priority value 0 in google_compute_router_route_policy resource (#22417)
securesourcemanager: increased default timeouts on google_secure_source_manager_instance operations to 120m from 60m. Operations could take longer than an hour. (#22483)
sql: replaced the Terraform-based default value for settings.disk_type in google_sql_database_instance with a server-assigned default, allowing for compatibility with machine types that require HyperDisk_Balanced (#22485)
workstations: increased default timeouts on google_workstations_workstation_cluster operations to 120m from 60m. Operations could take longer than an hour. (#22482)

`v6.32.0`

Compare Source

NOTES:

6.32.0 contains no changes from 6.31.1. This release is being made to ensure that the version numbers of the google and google-beta provider releases remain aligned, as google-beta's 6.32.0 release contains a beta-only change.

`v6.31.1`

Compare Source

BUG FIXES:

storage: removed extra permission (storage.anywhereCaches.list) required for destroying a resource_storage_bucket (#22442)

`v6.31.0`

Compare Source

DEPRECATIONS:

integrations: deprecated run_as_service_account field in google_integrations_client resource (#22312)

FEATURES:

New Resource: google_compute_resource_policy_attachment (#22400)
New Resource: google_compute_storage_pool (#22343)
New Resource: google_gke_backup_backup_channel (#22393)
New Resource: google_gke_backup_restore_channel (#22393)
New Resource: google_iap_web_cloud_run_service_iam_binding (#22399)
New Resource: google_iap_web_cloud_run_service_iam_member (#22399)
New Resource: google_iap_web_cloud_run_service_iam_policy (#22399)
New Resource: google_storage_batch_operations_job (#22333)

IMPROVEMENTS:

accesscontextmanager: added scoped_access_settings field to gcp_user_access_binding resource (#22308)
alloydb: added machine_type field to google_alloydb_instance resource (#22352)
artifactregistry: added DEBIAN_SNAPSHOT enum value to repository_base in google_artifact_registry_repository (#22315)
bigquery: added external_catalog_dataset_options fields to google_bigquery_dataset resource (#22377)
compute: added log_config.optional_mode, log_config.optional_fields, backend.preference, max_stream_duration and cdn_policy.request_coalescing fields to google_compute_backend_service resource (#22391)
container: added support for updating the confidential_nodes field in google_container_node_pool (#22363)
discoveryengine: added allow_cross_region field to google_discovery_engine_chat_engine resource (#22336)
gkehub: added configmanagement.config_sync.deployment_overrides field to google_gke_hub_feature_membership resource (#22403)
kms: added new enum values for import_method field in google_kms_key_ring_import_job resource (#22314)
metastore: added tags field to google_dataproc_metastore_service resource to allow setting tags for services at creation time (#22313)
monitoring: added log_check_failures to google_monitoring_uptime_check_config (#22351)
networkconnectivity: added IPv6 support to google_network_connectivity_internal_range resource (#22401)
networkconnectivity: added exclude_cidr_ranges field to google_network_connectivity_internal_range resource (#22332)
privateca: added backdate_duration field to the google_privateca_ca_pool resource to add support for backdating the not_before_time of certificates (#22380)
redis: added tags field to google_redis_instance (#22337)
sql: added custom_subject_alternative_names field to instances resource (#22357)
sql: added data_disk_provisioned_iops and data_disk_provisioned_throughput fields to google_sql_database_instance resource (#22398)
sql: added retain_backups_on_delete field to google_sql_database_instance resource (#22334)

BUG FIXES:

colab: fixed perma-diff in google_colab_runtime_template caused by not returning default values. (#22338)
discoveryengine: fixed google_discovery_engine_target_site operations to allow for enough time to index before timing out (#22358)
compute: fixed perma-diff in google_compute_network_firewall_policy_rule when security_profile_group starts with // (#22402)
healthcare: made google_healthcare_pipeline_job wait for creation and update operation to complete (#22339)
identityplatform: fixed perma-diff in google_identity_platform_config when fields in blocking_functions.forward_inbound_credentials are set to false (#22384)
sql: added diff suppression for some version changes togoogle_sql_database_instance. Diffs for database_version for MySQL 8.0 will be suppressed when the version is updated by auto version upgrade.(#22356)
sql: fixed the issue of shortened version of failover_dr_replica_name causes unnecessary diff in google_sql_database_instance (#22319)

`v6.30.0`

Compare Source

FEATURES:

New Resource: google_developer_connect_account_connector (#22270)
New Resource: google_vertex_ai_feature_group_iam_* (#22260)
New Resource: google_vertex_ai_feature_online_store_iam_* (#22260)
New Resource: google_vertex_ai_feature_online_store_featureview_iam_* (#22260)

IMPROVEMENTS:

bigquery: added external_catalog_table_options and schema_foreign_type_info fields to google_bigquery_table resource (#22302)
cloudrunv2: added iap_enabled field to google_cloud_run_v2_service resource (#22301)
compute: added source_disk_encryption_key.kms_key_self_link and source_disk_encryption_key.rsa_encrypted_key fields to google_compute_snapshot resource (#22247)
compute: added source_disk_encryption_key, source_image_encryption_key and source_snapshot_encryption_key fields to google_compute_image resource (#22247)
compute: added type, source_nat_active_ranges and source_nat_drain_ranges fields to google_compute_router_nat resource (#22282)
databasemigrationservice: allowed setting ssl.type in google_database_migration_service_connection_profile resource (#22268)
firestore: added MONGODB_COMPATIBLE_API enum option to api_scope field in google_firestore_index resource (#22287)
firestore: added database_edition field to google_firestore_database resource (#22287)
firestore: added density and multikey fields to google_firestore_index resource (#22287)
memorystore: added managed_backup_source and gcs_source fields to google_memorystore_instance resource (#22295)
monitoring: added password_wo write-only field and password_wo_version field to google_monitoring_uptime_check_config resource (#22242)
redis: added managed_backup_source and gcs_source fields to google_redis_cluster resource (#22277)
storage: added support for deleting pending caches present on bucket when setting force_destory to true in google_storage_bucket resource (#22262)
storagecontrol: added trial_config field to google_storage_control_folder_intelligence_config resource (#22236)
storagecontrol: added trial_config field to google_storage_control_organization_intelligence_config resource (#22236)
storagecontrol: added trial_config field to google_storage_control_project_intelligence_config resource (#22236)

BUG FIXES:

container: fixed perma-diff in fleet field when the fleet.project field being added is null or empty in google_container_cluster resource (#22240)
pubsub: fixed perma-diff by changing allowed_persistence_regions field to set in google_pubsub_topic resource (#22273)

`v6.29.0`

Compare Source

FEATURES:

New Resource: google_apigee_control_plane_access (#22209)
New Resource: google_clouddeploy_deploy_policy (#22190)
New Resource: google_gemini_code_tools_setting_binding (#22226)
New Resource: google_gemini_code_tools_setting (#22203)
New Resource: google_os_config_v2_policy_orchestrator_for_organization (#22192)

IMPROVEMENTS:

accesscontextmanager: added session_settings field to gcp_user_access_binding resource (#22227)
cloudedeploy: added timed_promote_release_rule and repair_rollout_rule fields to google_clouddeploy_automation resource (#22190)
compute: added group_placement_policy.0.tpu_topology field to google_compute_resource_policy resource (#22201)
datastream: added support for creating streams for Salesforce source in google_datastream_stream (#22205)
gkehub: enabled partial results to be returned when a cloud region is unreachable in google_gke_hub_feature (#22218)
gkeonprem: added enable_advanced_cluster field to google_gkeonprem_vmware_admin_cluster resource (#22188)
gkeonprem: added enable_advanced_cluster field to google_gkeonprem_vmware_cluster resource (#22188)
memorystore: added automated_backup_config field to google_memorystore_instance resource, (#22208)
netapp: added tiering_policy to google_netapp_volume_replication resource (#22223)
parametermanagerregional: added kms_key_version field to google_parameter_manager_regional_parameter_version resource and datasource (#22213)
parametermanagerregional: added kms_key field to google_parameter_manager_regional_parameter resource and google_parameter_manager_regional_parameters datasource (#22213)
redis: added automated_backup_config field to google_redis_cluster (#22117)
storage: added md5hexhash field in google_storage_bucket_object (#22229)
workbench: added confidential_instance_config field to google_workbench_instance resource (#22178)

BUG FIXES:

colab: fixed an issue where google_colab_* resources incorrectly required a provider-level region matching the resource location (#22217)
datastream: updated private_keyto be mutable in google_datastream_connection_profile resource. (#22179)

`v6.28.0`

Compare Source

DEPRECATIONS:

compute: deprecated enable_flow_logs in favor of log_config on google_compute_subnetwork resource. If log_config is present, flow logs are enabled, and enable_flow_logs can be safely removed. (#22111)
containerregistry: Deprecated google_container_registry resource, and google_container_registry_image and google_container_registry_repository data sources. Use google_artifact_registry_repository instead. (#22071)

FEATURES:

New Data Source: google_compute_region_backend_service (#21986)
New Data Source: google_organization_iam_custom_roles (#22035)
New Data Source: google_parameter_manager_parameter_version_render (#22099)
New Data Source: google_parameter_manager_parameter_version (#22099)
New Data Source: google_parameter_manager_parameter (#22099)
New Data Source: google_parameter_manager_parameters (#22099)
New Data Source: google_parameter_manager_regional_parameter_version_render (#22099)
New Data Source: google_parameter_manager_regional_parameter_version (#22099)
New Data Source: google_parameter_manager_regional_parameter (#22099)
New Data Source: google_parameter_manager_regional_parameters (#22099)
New Data Source: google_storage_control_folder_intelligence_config (#22077)
New Data Source: google_storage_control_organization_intelligence_config (#22077)
New Data Source: google_storage_control_project_intelligence_config (#22077)
New Resource: google_apigee_dns_zone (#21992)
New Resource: google_chronicle_data_access_scope (#21982)
New Resource: google_chronicle_referencelist (#22090)
New Resource: google_chronicle_retrohunt (#22092)
New Resource: google_chronicle_rule (#22089)
New Resource: google_chronicle_rule_deployment (#22093)
New Resource: google_chronicle_watchlist (#21989)
New Resource: google_dataproc_metastore_database_iam_* resources (#21985)
New Resource: google_dataproc_metastore_table_iam_* (#22064)
New Resource: google_discovery_engine_sitemap (#21976)
New Resource: google_eventarc_enrollment (#22028)
New Resource: google_firebase_app_hosting_build (#22063)
New Resource: google_memorystore_instance_desired_user_created_endpoints (#22073)
New Resource: google_parameter_manager_parameter_version (#22099)
New Resource: google_parameter_manager_parameter (#22099)
New Resource: google_parameter_manager_regional_parameter_version (#22099)
New Resource: google_parameter_manager_regional_parameter (#22099)
New Resource: google_storage_control_folder_intelligence_config (#22061)
New Resource: google_storage_control_organization_intelligence_config (#21987)

IMPROVEMENTS:

accesscontextmanager: added roles field to ingress and egress policies of google_access_context_manager_service_perimeter* resources (#22086)
cloudfunctions2: added binary_authorization_policy field to google_cloudfunctions2_function resource (#22070)
cloudrun: promoted node_selector field in google_cloud_run_service resource to GA (#22054)
cloudrunv2: added gpu_zonal_redundancy_disabled field to google_cloud_run_v2_service resource (#22054)
cloudrunv2: promoted node_selector field in google_cloud_run_v2_service resource to GA (#22054)
compute: added md5_authentication_keys field to google_compute_router resource (#22101)
compute: added EXTERNAL_IPV6_SUBNETWORK_CREATION as a supported value for the mode field in google_compute_public_delegated_prefix resource (#22037)
compute: added external_ipv6_prefix, stack_type, and ipv6_access_type fields to google_compute_subnetwork data source (#22085)
compute: added several boot_disk, attached_disk, and instance_encryption_key fields to google_compute_instance and google_compute_instance_template resources (#22096)
compute: added image_encryption_key.raw_key and image_encryption_key.rsa_encrypted_key fields to google_compute_image resource (#22096)
compute: added snapshot_encryption_key.rsa_encrypted_key field to google_compute_snapshot resource (#22096)
container: added auto_monitoring_config field to google_container_cluster resource (#21970)
container: added disable_l4_lb_firewall_reconciliation field to google_container_cluster resource (#22065)
datafusion: added tags field to google_data_fusion_instance resource to allow setting tags for instances at creation time (#21977)
datastream: added blmt_config field to bigquery_destination_config resource to enable support for BigLake Managed Tables streams (#22109)
datastream: added secret_manager_stored_password field to google_datastream_connection_profile resource (#22046)
identityplatform: added disabled_user_signup and disabled_user_deletion to google_identity_platform_tenant resource (#21983)
memorystore: added psc_attachment_details field to google_memorystore_instance resource, to enable use of the fine-grained resource google_memorystore_instance_desired_user_created_connections (#22073)
memorystore: added the cross_cluster_replication_config field to the google_redis_cluster resource (#22097)
metastore: added deletion_protection field to google_dataproc_metastore_federation resource (#22106)
networksecurity: added antivirus_overrides field to google_network_security_security_profile resource (#22060)
networksecurity: added connected_deployment_groups and associations fields to google_network_security_mirroring_endpoint_group resource (#21974)
networksecurity: added locations field to google_network_security_mirroring_deployment_group resource (#21975)
networksecurity: added locations field to google_network_security_mirroring_endpoint_group_association resource (#21971)
parametermanager: added kms_key_version field to google_parameter_manager_parameter_version resource and datasource (#22058)
parametermanager: added kms_key field to google_parameter_manager_parameter resource and google_parameter_manager_parameters datasource (#22058)
provider: added external_credentials block in provider (#22081)
redis: added automated_backup_config field to google_redis_cluster resource (#22117)
storage: added content_base64 field in google_storage_bucket_object_content datasource (#22051)

BUG FIXES:

alloydb: added a mutex to google_alloydb_cluster to prevent conflicts among multiple cluster operations (#21972)
artifactregistry: fixed type assertion panic in google_artifact_registry_repository resource (#22100)
bigtable: fixed automated_backup_policy field for google_bigtable_table resource (#22034)
cloudrunv2: fixed the diffs for unchanged template.template.containers.env in google_cloud_run_v2_job resource (#22115)
compute: fixed a regression in google_compute_subnetwork where setting log_config would not enable flow logs without enable_flow_logs also being set to true. To enable or disable flow logs, please use log_config. enable_flow_logs is now deprecated and will be removed in the next major release. (#22111)
compute: fixed unable to update the preview field for google_compute_security_policy_rule resource (#21984)
orgpolicy: fix permadiff in google_org_policy_policy when multiple rules are present (#21981)
resourcemanager: increased page size for list services api to help any teams hitting ListEnabledRequestsPerMinutePerProject quota issues (#22050)
spanner: fixed issue with applying changes in provider default_labels on google_spanner_instance resource (#22036)
storage: fixed google_storage_anywhere_cache to cancel long-running operations after create and update requests timeout (#22031)
workbench: fixed metadata permadiff in google_workbench_instance resource (#22056)

`v6.27.0`

Compare Source

FEATURES:

New Data Source: google_compute_images (#21872)
New Data Source: google_organization_iam_custom_role (#21922)
New Resource: google_lustre_instance (#21963)
New Resource: google_os_config_v2_policy_orchestrator (#21930)
New Resource: google_storage_control_project_intelligence_config (#21902)
New Resource: google_chronicle_data_access_label (#21956)
New Resource: google_compute_router_route_policy (#21945)

IMPROVEMENTS:

bigquery: added secondary_location and replication_status fields to support managed disaster recovery feature in google_bigquery_reservation (#21920)
clouddeploy: added dns_endpoint field to to google_clouddeploy_target resource (#21868)
compute: added shielded_instance_initial_state structure to google_compute_image resource (#21937)
compute: added LINK_TYPE_ETHERNET_400G_LR4 enum value to link_type field in google_compute_interconnect resource (#21903)
compute: added architecture and guest_os_features to google_compute_instance (#21875)
compute: added workload_policy.type, workload_policy.max_topology_distance and workload_policy.accelerator_topology fields to google_compute_resource_policy resource (#21961)
container: added ip_endpoints_config field to google_container_cluster resource (#21959)
container: added node_config.windows_node_config field to google_container_node_pool resource. (#21876)
container: added pod_autoscaling field to google_container_cluster resource (#21919)
memorystore: added the maintenance_policy field to the google_memorystore_instance resource (#21957)
memorystore: enabled update support for node_type field in google_memorystore_instance resource (#21899)
metastore: promoted scaling_config field of google_dataproc_metastore_service resource to GA (#21877)
networksecurity: added connected_deployment_group and associations fields to google_network_security_intercept_endpoint_group resource (#21940)
networksecurity: added locations field to google_network_security_intercept_deployment_group resource (#21923)
networksecurity: added locations field to google_network_security_intercept_endpoint_group_association resource (#21962)
redis: added update support for google_redis_cluster node_type (#21870)
storage: added metadata_options in google_storage_transfer_job (#21897)

BUG FIXES:

bigqueryanalyticshub: fixed a bug in google_bigquery_analytics_hub_listing_subscription where a subscription using a different project than the dataset would not work (#21958)
cloudrun: fixed the perma-diffs for unchanged template.spec.containers.env in google_cloud_run_service resource (#21916)
cloudrunv2: fixed the perma-diffs for unchanged template.containers.env in google_cloud_run_v2_service resource (#21916)
compute: fixed the issue that user can't use regional disk in google_compute_instance_template (#21901)
dataflow: fixed a permadiff on template_gcs_path in google_dataflow_job resource (#21894)
storage: lowered the minimum required items for custom_placement_config.data_locations from 2 to 1, and removed the Terraform-enforced maximum item limit for the field in google_storage_bucket (#21878)

`v6.26.0`

Compare Source

FEATURES:

New Data Source: google_project_iam_custom_role (#21866)
New Data Source: google_project_iam_custom_roles (#21813)
New Resource: google_eventarc_pipeline (#21761)
New Resource: google_firebase_app_hosting_backend (#21840)
New Resource: google_network_security_mirroring_deployment (#21853)
New Resource: google_network_security_mirroring_deployment_group (#21853)
New Resource: google_network_security_mirroring_endpoint_group_association (#21853)
New Resource: google_network_security_mirroring_endpoint_group (#21853)

IMPROVEMENTS:

alloydb: added psc_config field to ``google_alloydb_cluster` resource (#21863)
bigquery: added table_metadata_view query param to google_bigquery_table (#21838)
clouddeploy: added dns_endpoint field to to google_clouddeploy_target resource (#21868)
compute: added UNRESTRICTED option to the tls_early_data field in the google_compute_target_https_proxy resource (#21821)
compute: added enable_flow_logs and state fields to google_compute_subnetwork resource (#21851)
compute: promoted fields single_instance_assignment and filter to GA for google_compute_autoscaler resource (#21760)
container: added additional value KCP_HPA for logging_config.enable_components field in google_container_cluster resource (#21836)
dataform: added deletion_policy field to google_dataform_repository resource. Default value is DELETE. Setting deletion_policy to FORCE will delete any child resources of this repository as well. (#21864)
memorystore: added update support for engine_version field in google_memorystore_instance resource (#21843)
metastore: added create_time and update_time fields to google_dataproc_metastore_federation resource (#21824)
metastore: added create_time and update_time fields to google_dataproc_metastore_service resource (#21817)
networksecurity: added not_operations field to google_network_security_authz_policy resource (#21785)
networkservices: added ip_version and envoy_headers fields to google_network_services_gateway resource (#21788)
sql: increased settings.insights_config.query_string_length and settings.insights_config.query_string_length limits for Enterprise Plus edition sql_database_instance resource. (#21848)
storageinsights: added parquet_options field to google_storage_insights_report_config resource (#21816)
workflows: added execution_history_level field to google_workflows_workflow resource (#21782)

BUG FIXES:

accesscontextmanager: fixed panic on empty access_policies in google_access_context_manager_access_policy (#21845)
compute: adjusted mapped image names that were preventing usage of fedora-coreos in google_compute_image resource (#21787)
container: re-added DNS_SCOPE_UNSPECIFIED value to the dns_config.cluster_dns_scope field in google_container_cluster resource and suppressed diffs between DNS_SCOPE_UNSPECIFIED in config and empty/null in state (#21861)
discoveryengine: changed field dataStoreIds to mutable in google_discovery_engine_search_engine (#21759)
networksecurity: min_tls_version and tls_feature_profile fields updated to use the server assigned default and prevent a permadiff in google_network_security_tls_inspection_policy resource. (#21788)
oslogin: added a wait after creating google_os_login_ssh_public_key to allow propagation (#21860)
spanner: fixed issue with disabling autoscaling in google_spanner_instance (#21852)

`v6.25.0`

Compare Source

NOTES:

eventarc: google_eventarc_channel now uses MMv1 engine instead of DCL. (#21728)
workbench: increased create timeout for google_workbench_instance to 40mins. (#21700)

FEATURES:

New Data Source: google_compute_region_ssl_policy (#21633)
New Resource: google_eventarc_google_api_source (#21732)
New Resource: google_iam_oauth_client_credential (#21731)
New Resource: google_iam_oauth_client (#21660)
New Resource: network_services_endpoint_policy (#21676)
New Resource: network_services_grpc_route (#21676)
New Resource: network_services_http_route (#21676)
New Resource: network_services_mesh (#21676)
New Resource: network_services_service_binding (#21676)
New Resource: network_services_tcp_route (#21676)
New Resource: network_services_tls_route (#21676)

IMPROVEMENTS:

alloydb: added psc_instance_config.psc_interface_configs field to google_alloydb_instance resource (#21701)
compute: added create_snapshot_before_destroy to google_compute_disk and google_compute_region_disk to enable creating a snapshot before disk deletion (#21636)
compute: added ip_collection and ipv6_gce_endpoint fields to google_compute_subnetwork resource (#21730)
compute: added log_config.optional_mode and log_config.optional_fields fields to google_compute_region_backend_service resource (#21722)
compute: added rsa_encrypted_key to google_compute_region_disk (#21636)
compute: added scheduling.termination_time field to google_compute_instance, google_compute_instance_from_machine_image, google_compute_instance_from_template, google_compute_instance_template, and google_compute_region_instance_template resources (#21717)
compute: added update support for 'purpose' field in google_compute_subnetwork resource (#21729)
compute: added update support for firewall_policy in google_compute_firewall_policy_association resource. It is recommended to only perform this operation in combination with a protective lifecycle tag such as "create_before_destroy" or "prevent_destroy" on your previous firewall_policy resource in order to prevent situations where a target attachment has no associated policy. (#21735)
container: added "JOBSET" as a supported value for enable_components in google_container_cluster resource (#21657)
firebasedataconnect: added deletion_policy field to google_firebase_data_connect_service resource (#21736)
networksecurity: added description field to google_network_security_intercept_deployment, google_network_security_intercept_deployment_group, google_network_security_intercept_endpoint_group resources (#21711)
networksecurity: added description field to google_network_security_mirroring_deployment, google_network_security_mirroring_deployment_group, google_network_security_mirroring_endpoint_group resources (#21714)
tpuv2: added spot field to google_tpu_v2_vm resource (#21716)
workstations: added tags field to google_workstations_workstation_cluster resource (#21635)

BUG FIXES:

backupdr: added missing SUNDAY option to days_of_week field in google_backup_dr_backup_plan resource (#21640)
compute: fixed network_interface.internal_ipv6_prefix_length not being set or read in Terraform state in google_compute_instance resource (#21638)
compute: fixed bug in google_compute_router_nat where max_ports_per_vm couldn't be unset once set. (#21721)
container: fixed perma-diff in google_container_cluster when cluster_dns_scope is unspecified (#21637)
networksecurity: added wait time on google_network_security_gateway_security_policy_rule resource when creating and deleting to prevent race conditions (#21643)

`v6.24.0`

Compare Source

NOTES:

gemini: removed unsupported value GEMINI_CLOUD_ASSIST for field product in google_gemini_logging_setting_binding resource (#21630)
iam: added member value to the error message when member validation fails for google_project_iam_* (#21586)

DEPRECATIONS:

datacatalog: deprecated google_data_catalog_entry and google_data_catalog_tag resources. For steps to transition your Data Catalog users, workloads, and content to Dataplex Catalog, see https://cloud.google.com/dataplex/docs/transition-to-dataplex-catalog. (#21541)
notebooks: deprecated non-functional google_notebooks_location resource (#21517)

FEATURES:

New Data Source: google_memorystore_instance (#21579)
New Resource: google_apihub_host_project_registration (#21607)
New Resource: google_compute_instant_snapshot (#21598)
New Resource: google_eventarc_message_bus (#21611)
New Resource: google_gemini_data_sharing_with_google_setting_binding (GA) (#21629)
New Resource: google_gemini_gcp_enablement_setting_binding (GA) (#21587)
New Resource: google_gemini_gemini_gcp_enablement_setting_binding (#21540)
New Resource: google_storage_anywhere_cache (#21537)

IMPROVEMENTS:

alloydb: added ability to upgrade major version in google_alloydb_cluster with database_version (#21582)
compute: added creation_timestamp, next_hop_peering, warnings.code, warnings.message, warnings.data.key, warnings.data.value, next_hop_hub, route_type, as_paths.path_segment_type, as_paths.as_lists and route_status fields to google_compute_route resource (#21534)
compute: added max_stream_duration field to google_compute_url_map resource (#21535)
compute: added network_interface.network_attachment field to google_compute_instance resource (ga) (#21606)
compute: added network_interface.network_attachment to google_compute_instance data source (ga) (#21606)
compute: added fields architecture, source_instant_snapshot, source_storage_object, resource_manager_tags to google_compute_disk. (#21598)
container: added enum value UPGRADE_INFO_EVENT for GKE notification filter in google_container_cluster resource (#21609)
iam: added AZURE_AD_GROUPS_ID field to google_iam_workforce_pool_provider.extra_attributes_oauth2_client.attributes_type resource (#21624)
networkconnectivity: added policy_mode field to google_network_connectivity_hub resource (#21589)
networkservices: added location field to google_network_services_grpc_route resource (#21621)
storagetransfer: added logging_config field to google_storage_transfer_job resource (#21523)

BUG FIXES:

bigquery: updated the max_staleness field in google_bigquery_table to be a computed field (#21596)
chronicle: fixed an error during resource creation with certain run_frequency configurations in google_chronicle_rule_deployment (#21610)
discoveryengine: fixed bug preventing creation of google_discovery_engine_target_site resources (#21628)
eventarc: fixed an issue where google_eventarc_trigger creation failed due to the region could not be parsed from the trigger's name (#21528)
publicca: encode b64_mac_key in base64url, not in base64 (#21612)
storage: fixed a 412 error returned on some google_storage_bucket_iam_policy deletions (#21626)

`v6.23.0`

Compare Source

NOTES:

The google_sql_user resource now supports password_wo write-only arguments
The google_bigquery_data_transfer_config resource now supports secret_access_key_wo write-only arguments
The google_secret_version resource now supports secret_data_wo write-only arguments

IMPROVEMENTS:

sql: added password_wo and password_wo_version fields to google_sql_user resource (#21616)
bigquerydatatransfer: added secret_access_key_wo and secret_access_key_wo_version fields to google_bigquery_data_transfer_config resource (#21617)
secretmanager: added secret_data_wo and secret_data_wo_version fields to google_secret_version resource (#21618)

`v6.22.0`

Compare Source

NOTES:

provider: The Terraform Provider for Google Cloud's regular release date will move from Monday to Tuesday in early March. The 2025/03/10 release will be made on 2025/03/11.

DEPRECATIONS:

datacatalog: deprecated google_data_catalog_tag_template. Use google_dataplex_aspect_type instead. For steps to transition your Data Catalog users, workloads, and content to Dataplex Catalog, see https://cloud.google.com/dataplex/docs/transition-to-dataplex-catalog. (#9347)
datacatalog: deprecated google_data_catalog_entry_group. Use google_dataplex_entry_group instead. For steps to transition your Data Catalog users, workloads, and content to Dataplex Catalog, see https://cloud.google.com/dataplex/docs/transition-to-dataplex-catalog. (#9349)

FEATURES:

New Data Source: google_alloydb_cluster (#21496)
New Data Source: google_project_ancestry (#21413)
New Resource: google_gemini_data_sharing_with_google_setting_binding (#21479)
New Resource: google_gemini_logging_setting_binding (#21429)
New Resource: google_gemini_logging_setting (#21404)
New Resource: google_spanner_instance_partition (#21475)

IMPROVEMENTS:

backupdr: promoted google_backup_dr_management_server, google_backup_dr_backup_plan_association, and google_backup_dr_backup_plan resources to GA
compute: added import_subnet_routes_with_public_ip and export_subnet_routes_with_public_ip fields to google_compute_network_peering_routes_config resource (#21405)
developerconnect: added bitbucket_cloud_config and bitbucket_data_center_config fields to google_developer_connect_connection resource (#21433)
gemini: promoted google_gemini_release_channel_setting resource to GA (#21481)
iam: added extra_attributes_oauth2_client field to google_iam_workforce_pool_provider resource (#21430)
iambeta: promoted google_iam_workload_identity_pool and google_iam_workload_identity_pool_provider data sources to GA (#21408)
redis: added kms_key field to google_redis_cluster resource (#21428)
tpuv2: added network_config field to google_tpu_v2_queued_resource resource (#21426)

BUG FIXES:

apigee: fixed error when deleting google_apigee_organization (#21473)
bigtable: fixed a bug where sometimes updating an instance's cluster list could result in an error if there was an existing cluster with autoscaling enabled (#21503)
chronicle: fixed bug setting enabled on creation in google_chronicle_rule_deployment (#21460)

`v6.21.0`

Compare Source

NOTES:

provider: The Terraform Provider for Google Cloud's regular release date will move from Monday to Tuesday in early March. The 2025/03/10 release will be made on 2025/03/11.

FEATURES:

New Data Source: google_alloydb_instance (#21383)
New Resource: google_firebase_data_connect_service (#21368)
New Resource: google_gemini_data_sharing_with_google_setting (#21393)
New Resource: google_gemini_gemini_gcp_enablement_setting (#21357)
New Resource: google_gemini_logging_setting_binding (#21354)
New Resource: google_gemini_release_channel_setting (#21387
New Resource: google_gemini_release_channel_setting_binding (#21387
New Resource: google_netapp_volume_quota_rule (#21283)

IMPROVEMENTS:

accesscontextmanager: added etag to access context manager directional policy resources google_access_context_manager_service_perimeter_dry_run_egress_policy, google_access_context_manager_service_perimeter_dry_run_ingress_policy, google_access_context_manager_service_perimeter_egress_policy and google_access_context_manager_service_perimeter_ingress_policy to prevent overriding changes (#21366)
accesscontextmanager: added title field to policy blocks under google_access_context_manager_service_perimeter and variants (#21302)
artifactregistry: set pageSize to 1000 to speedup google_artifact_registry_docker_image data source queries (#21360)
compute: added labels field to google_compute_ha_vpn_gateway resource (#21385)
compute: added validation for disk names in google_compute_disk (#21335)
container: added new fields container_log_max_size, container_log_max_files, image_gc_low_threshold_percent, image_gc_high_threshold_percent, image_minimum_gc_age, image_maximum_gc_age, and allowed_unsafe_sysctls to node_kubelet_config block in google_container_cluster resource. (#21319)
monitoring: added condition_sql field to google_monitoring_alert_policy resource (#21277)
networkservices: added location field to google_network_services_mesh resource (#21337)
securitycenter: added type, expiry_time field to google_scc_mute_config resource (#21318)

BUG FIXES:

chronicle: fixed creation issues when optional fields were missing for google_chronicle_rule_deployment resource (#21389)
databasemigrationservice: fixed error details type on google_database_migration_service_migration_job (#21279)
networkservices: fixed a bug with google_network_services_authz_extension.wire_format sending an invalid default value by removing the Terraform default and letting the API set the default. (#21280)

`v6.20.0`

Compare Source

NOTES:

provider: The Terraform Provider for Google Cloud's regular release date will move from Monday to Tuesday in early March. The 2025/03/10 release will be made on 2025/03/11.
compute: google_compute_firewall_policy now uses MMv1 engine instead of DCL. (#21235)

FEATURES:

New Data Source: google_beyondcorp_application_iam_policy (#21199)
New Data Source: google_parameter_manager_parameter_version_render (#21104)
New Resource: google_beyondcorp_application (#21199)
New Resource: google_beyondcorp_application_iam_binding (#21199)
New Resource: google_beyondcorp_application_iam_member (#21199)
New Resource: google_beyondcorp_application_iam_policy (#21199)
New Resource: google_bigquery_analytics_hub_listing_subscription (#21189)
New Resource: google_colab_notebook_execution (#21100)
New Resource: google_colab_schedule (#21233)

IMPROVEMENTS:

accesscontextmanager: added resource to sources in egress_from under resources google_access_context_manager_service_perimeter, google_access_context_manager_service_perimeters, google_access_context_manager_service_perimeter_egress_policy, google_access_context_manager_service_perimeter_dry_run_egress_policy (#21190)
cloudrunv2: added base_image_uri and build_info to google_cloud_run_v2_service (#21236)
colab: added auto_upgrade field to google_colab_runtime (#21214)
colab: added software_config.post_startup_script_config field to google_colab_runtime_template (#21200)
colab: added desired_state field to google_colab_runtime, making it startable/stoppable. (#21207)
compute: added ip_collection field to google_compute_forwarding_rule resource (#21188)
compute: added mode and allocatable_prefix_length fields to google_compute_public_delegated_prefix resource (#21216)
compute: allow parallelization of google_compute_per_instance_config and google_compute_region_per_instance_config deletions by not locking on the parent resource, but including instance name. (#21095)
container: added auto_monitoring_config field and subfields to the google_container_cluster resource (#21229)
filestore: added initial_replication field for peer instance configuration and effective_replication output for replication configuration output to google_filestore_instance (#21194)
memorystore: added CLUSTER_DISABLED to mode field in google_memorystore_instance (#21092)
networkservices: added compression_mode and allowed_methods fields to google_network_services_edge_cache_service resource (#21195)
privateca: added user_defined_access_urls and subfields to google_privateca_certificate_authority resource to add support for custom CDP AIA URLs (#21220)
workbench: added enable_third_party_identity field to google_workbench_instance resource (#21265)

BUG FIXES:

appengine: added a mitigation for an upcoming default change to standard_scheduler_settings.max_instances for new google_app_engine_standard_app_version resources. If the field is not specified in configuration, diffs will now be ignored. (#21257)
bigquery: added diff suppression for legacy values in renewal_plan field in google_bigquery_capacity_commitment resource (#21103)
compute: fixed google_compute_(region_)resize_request requiring region/zone to be specified in all cases. They can now be pulled from the provider. (#21264)
container: reverted locking behavior in google_container_node_pool that caused regression of operation apply time spike started in v6.15 (#21102)
gemini: fixed a bug where the force_destroy field in resource gemini_code_repository_index did not work properly (#21212)
workbench: fixed a bug with google_workbench_instance metadata removal not working as expected (#21204)

`v6.19.0`

Compare Source

DEPRECATIONS:

beyondcorp: deprecated location on google_beyondcorp_security_gateway. The only valid value is global, which is now also the default value. The field will be removed in a future major release. (#21006)

FEATURES:

New Data Source: google_parameter_manager_parameter_version (#21055)
New Data Source: google_parameter_manager_parameters (#21043)
New Data Source: google_parameter_manager_regional_parameter_version (#21073)
New Resource: google_beyondcorp_security_gateway_iam_binding (#21078)
New Resource: google_beyondcorp_security_gateway_iam_member (#21078)
New Resource: google_beyondcorp_security_gateway_iam_policy (#21078)

IMPROVEMENTS:

accesscontextmanager: added etag to google_access_context_manager_service_perimeter_dry_run_resource to prevent overriding list of resources (#21005)
compute: allowed parallelization of google_compute_(region_)per_instance_config by not locking on the parent resource, but including instance name. (#21001)
compute: added network_profile field to google_compute_network resource. (#21027)
compute: added zero_advertised_route_priority field to google_compute_router_peer (#21024)
container: added max_run_duration to node_config in google_container_cluster and google_container_node_pool (#21071)
dataproc: added encryption_config to google_dataproc_workflow_template (#21077)
gkehub2: added support for fleet_default_member_config.config_management.config_sync.metrics_gcp_service_account_email field to google_gke_hub_feature resource (#21042)
iam: added prefix and regex fields to google_service_accounts data source (#21020)
pubsub: added ingestion_data_source_settings.aws_msk and ingestion_data_source_settings.confluent_cloud fields to google_pubsub_topic resource (#20999)
spanner: added encryption_config field to google_spanner_backup_schedule (#21067)
workflows: added tags and workflow_tags fields to google_workflows_workflow resource (#21053)

BUG FIXES:

alloydb: marked google_alloydb_user.password as sensitive (#21014)
beyondcorp: corrected location to always be global in google_beyondcorp_security_gateway (#21006)
cloudquotas: removed validation for parent in google_cloud_quotas_quota_adjuster_settings (#21054)
compute: made google_compute_router_peer.advertised_route_priority use server-side default if unset. To set the value to 0 you must also set zero_advertised_route_priority = true. (#21024)
container: fixed a diff caused by server-side set values for node_config.resource_labels (#21082)
container: marked cluster_autoscaling.resource_limits.maximum as required, as requests would fail if it was not set (#21051)
firestore: fixed error preventing deletion of wildcard google_firestore_field resources (#21034)
netapp: fixed an issue where a diff on zone would be found if it was unspecified in google_netapp_storage_pool (#21060)
networksecurity: fixed sporadic-diff in google_network_security_security_profile (#21070)
spanner: fixed bug with google_spanner_instance.force_destroy not setting billing_project value correctly (#21023)
storage: fixed an issue where plans with a dependency on the content field in the google_storage_bucket_object_content data source could erroneously fail (#21074)

`v6.18.1`

Compare Source

BUG FIXES:

container: fixed a diff caused by server-side set values for node_config.resource_labels (#21082)

`v6.18.0`

Compare Source

FEATURES:

New Data Source: google_compute_instance_template_iam_policy (#20954)
New Data Source: google_kms_key_handles (#20985)
New Data Source: google_organizations (#20965)
New Data Source: google_parameter_manager_parameter (#20953)
New Data Source: google_parameter_manager_regional_parameters (#20958)
New Resource: google_apihub_api_hub_instance (#20948)
New Resource: google_chronicle_retrohunt (#20962)
New Resource: google_colab_runtime (#20940)
New Resource: google_colab_runtime_template_iam_binding (#20963)
New Resource: google_colab_runtime_template_iam_member (#20963)
New Resource: google_colab_runtime_template_iam_policy (#20963)
New Resource: google_compute_instance_template_iam_binding (#20954)
New Resource: google_compute_instance_template_iam_member (#20954)
New Resource: google_compute_instance_template_iam_policy (#20954)
New Resource: google_gemini_code_repository_index (GA) (#20941)
New Resource: google_gemini_repository_group (GA) (#20941)
New Resource: google_gemini_repository_group_iam_member (GA) (#20941)
New Resource: google_gemini_repository_group_iam_binding (GA) (#20941)
New Resource: google_gemini_repository_group_iam_policy (GA) (#20941)
New Resource: google_parameter_manager_parameter_version (#20992)
New Resource: google_redis_cluster_user_created_connections (#20977)

IMPROVEMENTS:

alloydb: added support for skip_await_major_version_upgrade field in google_alloydb_cluster resource, allowing for major_version to be updated (#20923)
apigee: added properties field to google_apigee_environment resource (#20932)
bug: added support for setting custom_learned_route_priority to 0 in 'google_compute_router_peer' by adding the zero_custom_learned_route_priority field (#20952)
cloudrunv2: added build_config to google_cloud_run_v2_service (#20979)
compute: added pdp_scope field to google_compute_public_advertised_prefix resource (#20972)
compute: adding labels field to google_compute_interconnect_attachment (#20971)
compute: fixed a issue where custom_learned_route_priority was accidentally set to 0 during updates in 'google_compute_router_peer' (#20952)
filestore: added support for tags field to google_filestore_instance resource (#20955)
networksecurity: added custom_mirroring_profile and custom_intercept_profile fields to google_network_security_security_profile and google_network_security_security_profile_group resources (#20990)
pubsub: added enforce_in_transit fields to google_pubsub_topic resource (#20926)
pubsub: added ingestion_data_source_settings.azure_event_hubs field to google_pubsub_topic resource (#20922)
redis: added psc_service_attachments field to google_redis_cluster resource, to enable use of the fine-grained resource google_redis_cluster_user_created_connections (#20977)

BUG FIXES:

apigee: fixed properties field update on google_apigee_environment resource (#20987)
artifactregistry: fixed perma-diff in google_artifact_registry_repository (#20989)
compute: fixed failure when creating google_compute_global_forwarding_rule with labels targeting PSC endpoint (#20986)
container: fixed additive_vpc_scope_dns_domain being ignored in Autopilot cluster definition (#20937)
container: fixed propagation of node_pool_defaults.node_config_defaults.insecure_kubelet_readonly_port_enabled in node config. (#20936)
iam: fixed missing result by adding pagination for data source google_service_accounts. (#20966)
metastore: increased timeout on google_dataproc_metastore_service operations to 75m from 60m. This will expose server-returned reasons for operation failure instead of masking them with a Terraform timeout. (#20981)
resourcemanager: added a slightly longer wait (two 10s checks bumped to 15s) for issues with billing associations in google_project. Default network deletion should succeed more often. (#20982)

`v6.17.0`

Compare Source

FEATURES:

New Resource: google_apigee_environment_addons_config (#20851)
New Resource: google_chronicle_reference_list (beta) (#20895)
New Resource: google_chronicle_rule_deployment (#20888)
New Resource: google_chronicle_rule (#20868)
New Resource: google_colab_runtime_template (#20898)
New Resource: google_edgenetwork_interconnect_attachment (#20856)
New Resource: google_parameter_manager_parameter (#20886)
New Resource: google_parameter_manager_regional_parameter_version (#20914)
New Resource: google_parameter_manager_regional_parameter (#20858)

IMPROVEMENTS:

accesscontextmanager: added etag to google_access_context_manager_service_perimeter_resource to prevent overriding list of resources (#20910)
compute: added BPS_100G enum value to bandwidth field of google_compute_interconnect_attachment. (#20884)
compute: added support for IPV6_ONLY stack_type to google_compute_subnetwork, google_compute_instance, google_compute_instance_template and google_compute_region_instance_template. (#20850)
compute: promoted bgp_best_path_selection_mode ,bgp_bps_always_compare_med and bgp_bps_inter_region_cost fields in google_compute_network from Beta to Ga (#20865)
compute: promoted next_hop_origin ,next_hop_med and next_hop_inter_region_cost output fields in google_compute_route form Beta to GA (#20865)
discoveryengine: added advanced_site_search_config field to google_discovery_engine_data_store resource (#20912)
gemini: added force_destroy field to resource google_code_repository_index, enabling deletion of the resource even when it has dependent RepositoryGroups (#20881)
networkservices: added in-place update support for ports field on google_network_services_gateway resource (#20908)
sql: sql_source_representation_instance now uses string representation of databaseVersion (#20859)
sql: added replication_cluster field to google_sql_database_instance resource (#20889)
sql: added support of switchover for MySQL and PostgreSQL in google_sql_database_instance resource (#20889)
workbench: changed container_image field of google_workbench_instance resource to modifiable. (#20894)

BUG FIXES:

apigee: fixed error 404 for organization update requests. (#20854)
artifactregistry: fixed artifact_registry_repository not accepting durations with 'm', 'h' or 'd' (#20902)
networkservices: fixed bug where google_network_services_gateway could not be updated in place (#20908)
storagetransfer: fixed a permadiff with transfer_spec.aws_s3_data_source.aws_access_key in google_storage_transfer_job (#20849)

`v6.16.0`

Compare Source

FEATURES:

New Resource: google_beyondcorp_security_gateway (#20844)
New Resource: google_developer_connect_connection (#20823)
New Resource: google_developer_connect_git_repository_link (#20823)

IMPROVEMENTS:

compute: promoted standby_policy, target_suspended_size, and target_stopped_size fields in google_compute_region_instance_group_manager and google_compute_instance_group_manager resource from beta to ga (#20821)
dns: added health_check and external_endpoints fields to google_dns_record_set resource (#20843)
sql: added server_ca_pool field to google_sql_database_instance resource (#20834)
vmwareengine: allowed import of non-STANDARD private clouds in google_vmwareengine_private_cloud (#20832)

BUG FIXES:

dataproc: fixed boolean fields in shielded_instance_config in the google_dataproc_cluster resource (#20828)
gkeonprem: fixed permadiff on vcenter field in google_gkeonprem_vmware_cluster resource (#20837)
networkservices: fixed google_network_services_gateway resource so that it correctly waits for the router to be deleted on terraform destroy (#20817)
provider: fixed issue where GOOGLE_CLOUD_QUOTA_PROJECT env var would override explicit billing_project (#20839)

`v6.15.0`

Compare Source

NOTES:

compute: google_compute_firewall_policy_association now uses MMv1 engine instead of DCL. (#20744)

DEPRECATIONS:

compute: deprecated numeric_id (string) field in google_compute_network resource. Use the new network_id (integer) field instead (#20698)

FEATURES:

New Data Source: google_gke_hub_feature (#20721)
New Resource: google_storage_folder (#20767)

IMPROVEMENTS:

artifactregistry: added vulnerability_scanning_config field to google_artifact_registry_repository resource (#20726)
backupdr: promoted datasource google_backup_dr_backup to ga (#20677)
backupdr: promoted datasource google_backup_dr_data_source to ga (#20677)
bigquery: added condition field to google_bigquery_dataset_access resource (#20707)
bigquery: added condition field to google_bigquery_dataset resource (#20707)
composer: added airflow_metadata_retention_config field to google_composer_environment (#20769)
compute: added back the validation for target_service field on the google_compute_service_attachment resource to validade a ForwardingRule or Gateway URL (#20711)
compute: added availability_domain field to google_compute_instance, google_compute_instance_template and google_compute_region_instance_template resources (#20694)
compute: added network_id (integer) field to google_compute_network resource and data source (#20698)
compute: added preset_topology field to google_network_connectivity_hub resource (#20720)
compute: added subnetwork_id field to google_compute_subnetwork data source (#20666)
compute: made setting resource policies for google_compute_instance outside of terraform or using google_compute_disk_resource_policy_attachment no longer affect the boot_disk.initialize_params.resource_policies field (#20764)
container: changed google_container_cluster to apply maintenance policy updates after upgrades during cluster update (#20708)
container: made nodepool concurrent operations scale better for google_container_cluster and google_container_node_pool resources (#20738)
datastream: added gtid and binary_log_position fields to google_datastream_stream resource (#20777)
developerconnect: added support for setting up a google_developer_connect_connection resource without specifying the authorizer_credentials field (#20756)
filestore: added tags field to google_filestore_backup to allow setting tags for backups at creation time (#20718)
networkconnectivity: added group field to google_network_connectivity_spoke resource (#20689)
networkmanagement: promoted google_network_management_vpc_flow_logs_config resource to ga (#20701)
parallelstore: added deployment_type field to google_parallelstore_instance resource (#20785)
storagetransfer: added replication_spec field to google_storage_transfer_job resource (#20788)
workbench: made gcs-data-bucket metadata key modifiable in google_workbench_instance resource (#20728)

BUG FIXES:

accesscontextmanager: fixed permadiff due to reordering on google_access_context_manager_service_perimeter_dry_run_egress_policy egress_from.identities (#20794)
accesscontextmanager: fixed permadiff due to reordering on google_access_context_manager_service_perimeter_dry_run_ingress_policy ingress_from.identities (#20794)
accesscontextmanager: fixed permadiff due to reordering on google_access_context_manager_service_perimeter_egress_policy egress_from.identities (#20794)
accesscontextmanager: fixed permadiff due to reordering on google_access_context_manager_service_perimeter_ingress_policy ingress_from.identities (#20794)
apigee: fixed 404 error when updating google_apigee_environment (#20745)
bigquery: fixed DROP COLUMN error with bigquery flexible column names in google_bigquery_table (#20797)
compute: allowed Service Attachment with Project Number to be used as google_compute_forwarding_rule.target (#20790)
compute: fixed an issue where terraform plan -refresh=false with google_compute_ha_vpn_gateway.gateway_ip_version would plan a resource replacement if a full refresh had not been run yet. Terraform now assumes that the value is the default value, IPV4, until a refresh is completed. (#20682)
compute: fixed panic when zonal resize request fails on google_compute_resize_request (#20734)
compute: fixed perma-destroy for psc_data in google_compute_region_network_endpoint_group resource (#20783)
compute: fixed google_compute_instance_guest_attributes to return an empty list when queried values don't exist instead of throwing an error (#20760)
integrationconnectors: allowed AUTH_TYPE_UNSPECIFIED option in google_integration_connectors_connection resource to support non-standard auth types (#20782)
logging: fixed bug in google_logging_project_bucket_config when providing project in the format of <project-id-only> (#20709)
networkconnectivity: made include_export_ranges and exclude_export_ranges fields mutable in google_network_connectivity_spoke to avoid recreation of resources (#20742)
sql: fixed permadiff when settings.data_cache_config is set to false for google_sql_database_instance resource (#20656)
storage: made resource_google_storage_bucket_object generate diff for md5hash, generation, crc32c if content changes (#20687)
vertexai: made contents_delta_uri an optional field in google_vertex_ai_index (#20780)
workbench: fixed an issue where a server-added metadata tag of "resource-url" would not be ignored on google_workbench_instance (#20717)

`v6.14.1`

Compare Source

BUG FIXES:

compute: fixed an issue where google_compute_firewall_policy_rule was incorrectly removed from the Terraform state (#20733)

`v6.14.0`

Compare Source

FEATURES:

New Resource: google_network_security_intercept_deployment_group (#20615)
New Resource: google_network_security_intercept_deployment (#20634)
New Resource: google_network_security_authz_policy (#20595)
New Resource: google_network_services_authz_extension (#20595)

IMPROVEMENTS:

compute: google_compute_instance is no longer recreated when changing boot_disk.auto_delete (#20580)
compute: added CA_ENTERPRISE_ANNUAL option for field cloud_armor_tier in google_compute_project_cloud_armor_tier resource (#20596)
compute: added network_tier field to google_compute_global_forwarding_rule resource (#20582)
compute: added rule.rate_limit_options.enforce_on_key_configs field to google_compute_security_policy resource (#20597)
compute: made metadata_startup_script able to be updated via graceful switch in google_compute_instance (#20655)
container: added field enable_fqdn_network_policy to resource google_container_cluster (#20609)
identityplatform: marked quota.0.sign_up_quota_config subfields conditionally required in google_identity_platform_config to move errors from apply time up to plan time, and clarified the rule in documentation (#20627)
networkconnectivity: added support for updating linked_vpn_tunnels.include_import_ranges, linked_interconnect_attachments.include_import_ranges, linked_router_appliance_instances. instances and linked_router_appliance_instances.include_import_ranges in google_network_connectivity_spoke (#20650)
storage: added hdfs_data_source field to google_storage_transfer_job resource (#20583)
tpuv2: added network_configs and network_config.queue_count fields to google_tpu_v2_vm resource (#20621)

BUG FIXES:

accesscontextmanager: fixed an update bug in google_access_context_manager_perimeter by removing the broken output-only etag field in google_access_context_manager_perimeter and google_access_context_manager_perimeters (#20691)
compute: fixed permadiff on the recaptcha_options field for google_compute_security_policy resource (#20617)
compute: fixed issue where updating labels on resource_google_compute_resource_policy would fail because of a patch error with guest_flush (#20632)
networkconnectivity: fixed linked_router_appliance_instances.instances.virtual_machine and linked_router_appliance_instances.instances.ip_address attributes in google_network_connectivity_spoke to be correctly marked as required. Otherwise the request to create the resource will fail. (#20650)
privateca: fixed an issue which causes error when updating labels for activated sub-CA (#20630)
sql: fixed permadiff when 'settings.data_cache_config' is set to false for 'google_sql_database_instance' resource (#20656)

`v6.13.0`

Compare Source

NOTES:

New ephemeral resources google_service_account_access_token, google_service_account_id_token, google_service_account_jwt, google_service_account_key now support ephemeral values.
iam3: promoted resources google_iam_principal_access_boundary_policy, google_iam_organizations_policy_binding, google_iam_folders_policy_binding and google_iam_projects_policy_binding to GA (#20475) DEPRECATIONS:
gkehub: deprecated configmanagement.config_sync.metrics_gcp_service_account_email in google_gke_hub_feature_membership resource (#20561)

FEATURES:

New Ephemeral Resource: google_service_account_access_token (#20542)
New Ephemeral Resource: google_service_account_id_token (#20542)
New Ephemeral Resource: google_service_account_jwt (#20542)
New Ephemeral Resource: google_service_account_key (#20542)
New Data Source: google_backup_dr_backup_vault (#20468)
New Data Source: google_composer_user_workloads_config_map (GA) (#20478)
New Data Source: google_composer_user_workloads_secret (GA) (#20478)
New Resource: google_composer_user_workloads_config_map (GA) (#20478)
New Resource: google_composer_user_workloads_secret (GA) (#20478)
New Resource: google_gemini_code_repository_index (#20474)
New Resource: google_network_security_mirroring_deployment (#20489)
New Resource: google_network_security_mirroring_deployment_group (#20489)
New Resource: google_network_security_mirroring_endpoint_group_association (#20489)
New Resource: google_network_security_mirroring_endpoint_group (#20489)

IMPROVEMENTS:

accesscontextmanager: added etag to google_access_context_manager_service_perimeter and google_access_context_manager_service_perimeters (#20455)
alloydb: increased default timeout on google_alloydb_cluster to 120m from 30m (#20547)
bigtable: added row_affinity field to google_bigtable_app_profile resource (#20435)
cloudbuild: added private_service_connect field to google_cloudbuild_worker_pool resource (#20561)
clouddeploy: added associated_entities field to google_clouddeploy_target resource (#20561)
clouddeploy: added serial_pipeline.strategy.canary.runtime_config.kubernetes.gateway_service_mesh.route_destinations field to google_clouddeploy_delivery_pipeline resource (#20561)
composer: added multiple composer 3 related fields to google_composer_environment (GA) (#20478)
compute: google_compute_instance, google_compute_instance_template, google_compute_region_instance_template now supports advanced_machine_features.enable_uefi_networking field (#20531)
compute: added support for specifying storage pool with name or partial url (#20502)
compute: added numeric_id to the google_compute_network data source (#20548)
compute: added threshold_configs field to google_compute_security_policy resource (#20545)
compute: added server generated id as forwarding_rule_id to google_compute_global_forwarding_rule (#20404)
compute: added server generated id as health_check_id to google_region_health_check (#20404)
compute: added server generated id as instance_group_manager_id to google_instance_group_manager (#20404)
compute: added server generated id as instance_group_manager_id to google_region_instance_group_manager (#20404)
compute: added server generated id as network_endpoint_id to google_region_network_endpoint (#20404)
compute: added server generated id as subnetwork_id to google_subnetwork (#20404)
compute: added the psc_data field to the google_compute_region_network_endpoint_group resource (#20454)
container: added enterprise_config field to google_container_cluster resource (#20534)
container: added node_pool_autoconfig.linux_node_config.cgroup_mode field to google_container_cluster resource (#20460)
dataproc: added autotuning_config and cohort fields to google_dataproc_batch (#20410)
dataproc: added cluster_config.preemptible_worker_config.instance_flexibility_policy.provisioning_model_mix field to google_dataproc_cluster resource (#20396)
dataproc: added confidential_instance_config field to google_dataproc_cluster resource (#20488)
discoveryengine: added HEALTHCARE_FHIR to industry_vertical field in google_discovery_engine_search_engine (#20471)
gkehub: added configmanagement.config_sync.stop_syncing field to google_gke_hub_feature_membership resource (#20561)
monitoring: added disable_metric_validation field to google_monitoring_alert_policy resource (#20544)
oracledatabase: added deletion_protection field to google_oracle_database_autonomous_database (#20484)
oracledatabase: added deletion_protection field to google_oracle_database_cloud_exadata_infrastructure (#20485)
oracledatabase: added deletion_protection field to google_oracle_database_cloud_vm_cluster (#20392)
parallelstore: added deployment_type to google_parallelstore_instance (#20457)
resourcemanager: made google_service_account email and member fields available during plan (#20510)

BUG FIXES:

apigee: made google_apigee_organization wait for deletion operation to complete. (#20504)
cloudfunctions: fixed issue when updating vpc_connector_egress_settings field for google_cloudfunctions_function resource. (#20437)
dataproc: ensured oneOf condition is honored when expanding the job configuration for Hive, Pig, Spark-sql, and Presto in google_dataproc_job. (#20453)
gkehub: fixed allowable value INSTALLATION_UNSPECIFIED in template_library.installation (#20567)
sql: fixed edition downgrade failure for an ENTERPRISE_PLUS instance with data cache enabled. (#20393)

`v6.12.0`

Compare Source

FEATURES:

New Data Source: google_access_context_manager_access_policy (#20295)
New Resource: google_dataproc_gdc_spark_application (#20242)
New Resource: google_managed_kafka_cluster and google_managed_kafka_topic (#20237)

IMPROVEMENTS:

artifactregistry: added common_repository field to google_artifact_registry_repository resource (#20305)
cloudrunv2: added urls output field to google_cloud_run_v2_service resource (#20313)
compute: added IDPF as a possible value for the network_interface.nic_type field in google_compute_instance resource (#20250)
compute: added IDPF as a possible value for the guest_os_features.type field in google_compute_image resource (#20250)
compute: added replica_names field to sql_database_instance resource (#20202)
filestore: added performance_config field to google_filestore_instance (#20218)
redis: added persistence_config to google_redis_cluster. (#20212)
securesourcemanager: added workforce_identity_federation_config field to google_secure_source_manager_instance resource (#20290)
spanner: added default_backup_schedule_type field to google_spanner_instance (#20213)
sql: added psc_auto_connections fields to google_sql_database_instance resource (#20307)

BUG FIXES:

accesscontextmanager: fixed permadiff in perimeter google_access_context_manager_service_perimeter_ingress_policy and google_access_context_manager_service_perimeter_egress_policy resources when there are duplicate resources in the rules (#20294)
- accesscontextmanager: fixed comparison of identity_type in ingress_from and egress_from when the IDENTITY_TYPE_UNSPECIFIED is set (#20221)
compute: fixed permadiff on attempted type field updates in google_computer_security_policy, updating this field will now force recreation of the resource (#20316)
identityplatform: fixed perma-diff originating from the sign_in.anonymous.enabled field in google_identity_platform_config (#20244)

`v6.11.2`

Compare Source

BUG FIXES:

vertexai: fixed issue with google_vertex_ai_endpoint where upgrading to 6.11.0 would delete all traffic splits that were set outside Terraform (which was previously a required step for all meaningful use of this resource). (#20350)

`v6.11.1`

Compare Source

BUG FIXES:

container: fixed diff on google_container_cluster.user_managed_keys_config field for resources that had not set it. (#20314)
container: marked google_container_cluster.user_managed_keys_config as immutable because it can't be updated in place. (#20314)

`v6.11.0`

Compare Source

NOTES:

compute: migrated google_compute_firewall_policy_rule from DCL engine to MMv1 engine. (#20160)

BREAKING CHANGES:

looker: made oauth_config a required field in google_looker_instance, as creating this resource without that field always triggers an API error (#20196)

FEATURES:

New Data Source: google_spanner_database (#20114)
New Resource: google_apigee_api (#20113)
New Resource: google_dataproc_gdc_application_environment (#20165)
New Resource: google_dataproc_gdc_service_instance (#20147)
New Resource: google_memorystore_instance (#20108)

IMPROVEMENTS:

apigee: added in-place update support for google_apigee_env_references (#20182)
apigee: added in-place update support for google_apigee_environment resource (#20189)
cloudrun: added empty_dir field to google_cloud_run_service (#20185)
cloudrunv2: added empty_dir field to google_cloud_run_v2_service and google_cloud_run_v2_job (#20185)
compute: added disks field to google_compute_node_template resource (#20180)
compute: added preconfigured_waf_config field to google_compute_security_policy resource (#20183)
compute: added replica_names field to sql_database_instance resource (#20202)
compute: added instance_flexibility_policy field to google_compute_region_instance_group_manager resource (#20132)
compute: increased google_compute_security_policy timeouts from 20 minutes to 30 minutes (#20145)
container: added control_plane_endpoints_config field to google_container_cluster resource. (#20193)
container: added parallelstore_csi_driver_config field to google_container_cluster resource. (#20163)
container: added user_managed_keys_config field to google_container_cluster resource. (#20105)
firestore: allowed single field indexes to support __name__ DESC indexes in google_firestore_index resources (#20124)
privateca: added support for google_privateca_certificate_authority with type = "SUBORDINATE" to be activated into "STAGED" state (#20103)
spanner: added default_backup_schedule_type field to google_spanner_instance (#20213)
vertexai: added traffic_split, private_service_connect_config, predict_request_response_logging_config, dedicated_endpoint_enabled, and dedicated_endpoint_dns fields to google_vertex_ai_endpoint resource (#20179)
workflows: added deletion_protection field to google_workflows_workflow resource (#20106)

BUG FIXES:

compute: fixed a diff based on server-side reordering of match.src_address_groups and match.dest_address_groups in google_compute_network_firewall_policy_rule (#20148)
compute: fixed permadiff on the preconfigured_waf_config field for google_compute_security_policy resource (#20183)
container: fixed in-place updates for node_config.containerd_config in google_container_cluster and google_container_node_pool (#20112)

`v6.10.0`

Compare Source

FEATURES:

New Data Source: google_compute_instance_guest_attributes (#20095)
New Data Source: google_service_accounts (#20062)
New Resource: google_iap_settings (#20085)

IMPROVEMENTS:

apphub: added GLOBAL enum value to scope.type field in google_apphub_application resource (#20015)
assuredworkloads: added workload_options field to google_assured_workloads_workload resource (#19985)
bigquery: added external_catalog_dataset_options fields to google_bigquery_dataset resource (beta) (#20097)
bigquery: added descriptive validation errors for missing required fields in google_bigquery_job destination table configuration (#20077)
compute: desired_status on google_compute_instance can now be set to TERMINATED or SUSPENDED on instance creation (#20031)
compute: added header_action and redirect_options fields to google_compute_security_policy_rule resource (#20079)
compute: added interface.ipv6-address field in google_compute_external_vpn_gateway resource (#20091)
compute: added propagated_connection_limit and connected_endpoints.propagated_connection_count fields to google_compute_service_attachment resource (#20016)
compute: added plan-time validation to name on google_compute_instance (#20036)
compute: added support for advanced_machine_features.turbo_mode to google_compute_instance, google_compute_instance_template, and google_compute_region_instance_template (#20090)
container: added in-place update support for labels, resource_manager_tags and workload_metadata_config in google_container_cluster.node_config (#20038)
filestore: added protocol property to resource google_filestore_instance (#19982)
memorystore: added mode flag to google_memorystore_instance (#19988)
netapp: added zone and replica_zone fields to google_netapp_storage_pool resource (#19980)
netapp: added zone and replica_zone fields to google_netapp_volume resource (#19980)
networksecurity: added tls_inspection_policy field to google_network_security_gateway_security_policy (#19986)
resourcemanager: added disabled to google_service_account datasource (#20034)
spanner: added asymmetric_autoscaling_options field to google_spanner_instance (#20014)
sql: removed the client-side default of ENTERPRISE for edition in google_sql_database_instance so that edition is determined by the API when unset. This will cause new instances to use ENTERPRISE_PLUS as the default for POSTGRES_16. (#19977)
vmwareengine: added autoscaling_settings to google_vmwareengine_private_cloud resource (#20057)

BUG FIXES:

accesscontextmanager: fixed permadiff for perimeter ingress / egress rule resources (#20046)
compute: fixed an error in google_compute_security_policy_rule that prevented updating the default rule (#20066)
container: fixed missing in-place updates for some google_container_cluster.node_config subfields (#20038)

`v6.9.0`

Compare Source

DEPRECATIONS:

containerattached: deprecated security_posture_config field in google_container_attached_cluster resource (#19912)

FEATURES:

New Data Source: google_oracle_database_autonomous_database (#19903)
New Data Source: google_oracle_database_autonomous_databases (#19901)
New Data Source: google_oracle_database_cloud_exadata_infrastructures (#19884)
New Data Source: google_oracle_database_cloud_vm_clusters (#19900)
New Resource: google_apigee_app_group (#19921)
New Resource: google_apigee_developer (#19911)
New Resource: google_network_connectivity_group (#19902)

IMPROVEMENTS:

compute: google_compute_network_firewall_policy_association now uses MMv1 engine instead of DCL. (#19976)
compute: google_compute_region_network_firewall_policy_association now uses MMv1 engine instead of DCL. (#19976)
compute: added creation_timestamp field to google_compute_instance, google_compute_instance_template, google_compute_region_instance_template (#19906)
compute: added key_revocation_action_type to google_compute_instance and related resources (#19952)
looker: added deletion_policy to google_looker_instance to allow force-destroying instances with nested resources by setting deletion_policy = FORCE (#19924)
monitoring: added alert_strategy.notification_prompts field to google_monitoring_alert_policy (#19928)
storage: added hierarchical_namespace to google_storage_bucket resource (#19882)
sql: removed the client-side default of ENTERPRISE for edition in google_sql_database_instance so that edition is determined by the API when unset. This will cause new instances to use ENTERPRISE_PLUS as the default for POSTGRES_16. (#19977)
vmwareengine: added autoscaling_settings to google_vmwareengine_cluster resource (#19962)
workstations: added max_usable_workstations field to google_workstations_workstation_config resource. (#19872)

BUG FIXES:

compute: fixed an issue where immutable distribution_zones was incorrectly sent to the API when updating distribution_policy_target_shape in google_compute_region_instance_group_manager resource (#19949)
container: fixed a crash in google_container_node_pool caused by an occasional nil pointer (#19922)
essentialcontacts: fixed google_essential_contacts_contact import to include required parent field. (#19877)
sql: made google_sql_database_instance.0.settings.0.data_cache_config accept server-side changes when unset. When unset, no diffs will be created when instances change in edition and the feature is enabled or disabled as a result. (#19972)
storage: removed retry on 404s during refresh for google_storage_bucket, preventing hanging when refreshing deleted buckets (#19964)

`v6.8.0`

Compare Source

FEATURES:

New Data Source: google_oracle_database_cloud_exadata_infrastructure (#19856)
New Data Source: google_oracle_database_cloud_vm_cluster (#19859)
New Data Source: google_oracle_database_db_nodes (#19871)
New Data Source: google_oracle_database_db_servers (#19823)
New Resource: google_oracle_database_autonomous_database (#19860)
New Resource: google_oracle_database_cloud_exadata_infrastructure (#19798)
New Resource: google_oracle_database_cloud_vm_cluster (#19837)
New Resource: google_transcoder_job_template (#19854)
New Resource: google_transcoder_job (#19854)

IMPROVEMENTS:

cloudfunctions: increased the timeouts to 20 minutes for google_cloudfunctions_function resource (#19799)
cloudrunv2: added invoker_iam_disabled field to google_cloud_run_v2_service (#19833)
compute: made google_compute_network_firewall_policy_rule use MMv1 engine instead of DCL. (#19862)
compute: made google_compute_region_network_firewall_policy_rule use MMv1 engine instead of DCL. (#19862)
compute: added ip_address_selection_policy field to google_compute_backend_service and google_compute_region_backend_service. (#19863)
compute: added provisioned_throughput field to google_compute_instance_template resource (#19852)
compute: added provisioned_throughput field to google_compute_region_instance_template resource (#19852)
container: added support for additional values KCP_CONNECTION, and KCP_SSHDin google_container_cluster.logging_config (#19812)
dialogflowcx: added advanced_settings.logging_settings and advanced_settings.speech_settings to google_dialogflow_cx_agent and google_dialogflow_cx_flow (#19801)
networkconnectivity: added linked_producer_vpc_network field to google_network_connectivity_spoke resource (#19806)
secretmanager: added is_secret_data_base64 field to google_secret_manager_secret_version and google_secret_manager_secret_version_access datasources (#19831)
secretmanager: added is_secret_data_base64 field to google_secret_manager_regional_secret_version and google_secret_manager_regional_secret_version_access datasources (#19831)
spanner: added kms_key_names to encryption_config in google_spanner_database (#19846)
workstations: added max_usable_workstations field to google_workstations_workstation_config resource (#19872)
workstations: added field allowed_ports to google_workstations_workstation_config (#19845)

BUG FIXES:

bigquery: fixed a regression that caused google_bigquery_dataset_iam_* resources to attempt to set deleted IAM members, thereby triggering an API error (#19857)
compute: fixed an issue in google_compute_backend_service and google_compute_region_backend_service to allow sending false for iap.enabled (#19795)
container: node_config.linux_node_config, node_config.workload_metadata_config and node_config.kubelet_config will now successfully send empty messages to the API when terraform plan indicates they are being removed, rather than null, which caused an error. The sole reliable case is node_config.linux_node_config when the block is removed, where there will still be a permadiff, but the update request that's triggered will no longer error and other changes displayed in the plan should go through. (#19842)

`v6.7.0`

Compare Source

FEATURES:

New Resource: google_healthcare_pipeline_job (#19717)
New Resource: google_secure_source_manager_branch_rule (#19773)

IMPROVEMENTS:

container: google_container_cluster will now accept server-specified values for node_pool_auto_config.0.node_kubelet_config when it is not defined in configuration and will not detect drift. Note that this means that removing the value from configuration will now preserve old settings instead of reverting the old settings. (#19817)
discoveryengine: added chat_engine_config.dialogflow_agent_to_link field to google_discovery_engine_chat_engine resource (#19723)
networkconnectivity: added field migration to resource google_network_connectivity_internal_range (#19757)
networkservices: added routing_mode field to google_network_services_gateway resource (#19764)

BUG FIXES:

bigtable: fixed an error where BigTable IAM resources could be created with conditions but the condition was not stored in state (#19725)
container: fixed issue which caused to not being able to disable enable_cilium_clusterwide_network_policy field on google_container_cluster. (#19736)
container: fixed a diff triggered by a new API-side default value for node_config.0.kubelet_config.0.insecure_kubelet_readonly_port_enabled. Terraform will now accept server-specified values for node_config.0.kubelet_config when it is not defined in configuration and will not detect drift. Note that this means that removing the value from configuration will now preserve old settings instead of reverting the old settings. (#19817)
dataproc: fixed a bug in google_dataproc_cluster that prevented creation of clusters with internal_ip_only set to false (#19782)
iam: addressed google_service_account creation issues caused by the eventual consistency of the GCP IAM API by ignoring 403 errors returned on polling the service account after creation. (#19727)
logging: fixed the whitespace permadiff on exclusions.filter field in google_logging_billing_account_sink, google_logging_folder_sink, google_logging_organization_sink and google_logging_project_sink resources (#19744)
pubsub: fixed permadiff with configuring an empty retry_policy in google_pubsub_subscription. This will result in minimum_backoff and maximum_backoff using server-side defaults. To use "immedate retry", do not specify a retry_policy block at all. (#19784)
secretmanager: fixed the issue of unpopulated fields labels, annotations and version_destroy_ttl in the terraform state for the google_secret_manager_secrets datasource (#19748)

`v6.6.0`

Compare Source

FEATURES:

New Resource: google_dataproc_batch (#19686)
New Resource: google_healthcare_pipeline_job (#19717)
New Resource: google_site_verification_owner (#19641)

IMPROVEMENTS:

assuredworkloads: added HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS and HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS_WITH_US_SUPPORT enum values to compliance_regime in the google_assuredworkload_workload resource (#19714)
compute: added bgp_best_path_selection_mode ,bgp_bps_always_compare_med and bgp_bps_inter_region_cost fields to google_compute_network resource (#19708)
compute: added next_hop_origin ,next_hop_med and next_hop_inter_region_cost output fields to google_compute_route resource (#19708)
compute: added enum STATEFUL_COOKIE_AFFINITY and strong_session_affinity_cookie field to google_compute_backend_service and google_compute_region_backend_service resource (#19665)
compute: moved TDX instance option for confidential_instance_type in google_compute_instance from Beta to GA (#19706)
containeraws: added kubelet_config field group to the google_container_aws_node_pool resource (#19714)
pubsub: added GCS ingestion settings and platform log settings to google_pubsub_topic resource (#19669)
sourcerepo: added create_ignore_already_exists field to google_sourcerepo_repository resource (#19716)
sql: added in-place update support for settings.time_zone in google_sql_database_instance resource (#19654)
tags: increased maximum accepted input length for the short_name field in google_tags_tag_key and google_tags_tag_value resources (#19712)

BUG FIXES:

bigquery: fixed google_bigquery_dataset_iam_member to be able to delete itself and overwrite the existing iam members for bigquery dataset keeping the authorized datasets as they are. (#19682)
bigquery: fixed an error which could occur with service account field values containing non-lower-case characters in google_bigquery_dataset_access (#19705)
compute: fixed an issue where the boot_disk.initialize_params.resource_policies field in google_compute_instance forced a resource recreation when used in combination with google_compute_disk_resource_policy_attachment (#19692)
compute: fixed the issue that labels is not set when creating the resource google_compute_interconnect (#19632)
tags: removed google_tags_location_tag_binding resource from the Terraform state when its parent resource has been removed outside of Terraform (#19693)
workbench: fixed a bug in the google_workbench_instance resource where the removal of labels was not functioning as expected. (#19620)

`v6.5.0`

Compare Source

DEPRECATIONS:

compute: deprecated macsec.pre_shared_keys.fail_open field in google_compute_interconnect resource. Use the new macsec.fail_open field instead (#19572)

FEATURES:

New Data Source: google_compute_region_instance_group_manager (#19589)
New Data Source: google_privileged_access_manager_entitlement (#19580)
New Data Source: google_secret_manager_regional_secret_version_access (#19538)
New Data Source: google_secret_manager_regional_secret_version (#19514)
New Data Source: google_secret_manager_regional_secrets (#19532)
New Resource: google_compute_router_nat_address (#19550)
New Resource: google_logging_log_scope (#19559)

IMPROVEMENTS:

apigee: added activate field to google_apigee_nat_address resource (#19591)
bigquery: added biglake_configuration field to google_bigquery_table resource to support BigLake Managed Tables (#19541)
cloudrunv2: promoted scaling field in google_cloud_run_v2_service resource to GA (#19588)
composer: promoted config.workloads_config.cloud_data_lineage_integration field in google_composer_environment resource to GA (#19612)
compute: added existing_reservations field to google_compute_region_commitment resource (#19585)
compute: added hostname field to google_compute_instance data source (#19607)
compute: added initial_nat_ip field to google_compute_router_nat resource (#19550)
compute: added macsec.fail_open field to google_compute_interconnect resource (#19572)
compute: added SUSPENDED as a possible value to desired_state field in google_compute_instance resource (#19586)
compute: added import support for projects/{{project}}/meta-data/{{key}} format for google_compute_project_metadata_item resource (#19613)
compute: marked customer_name and location fields as optional in google_compute_interconnect resource to support cross cloud interconnect (#19619)
container: added linux_node_config.hugepages_config field to google_container_node_pool resource (#19521)
container: promoted gcfs_config field in google_container_cluster resource to GA (#19617)
looker: added psc_enabled and psc_config fields to google_looker_instance resource (#19523)
networkconnectivity: added include_import_ranges field to google_network_connectivity_spoke resource for linked_vpn_tunnels, linked_interconnect_attachments and linked_router_appliance_instances (#19530)
secretmanagerregional: added version_aliases field to google_secret_manager_regional_secret resource (#19514)
workbench: increased create timeout to 20 minutes for google_workbench_instance resource (#19551)

BUG FIXES:

bigquery: fixed in-place update of google_bigquery_table resource when external_data_configuration.schema field is set (#19558)
bigquerydatapolicy: fixed permadiff on policy_tag field in google_bigquery_datapolicy_data_policy resource (#19563)
composer: fixed storage_config.bucket field to support a bucket name with or without "gs://" prefix (#19552)
container: added support for setting addons_config.gcp_filestore_csi_driver_config and enable_autopilot in the same google_container_cluster (#19590)
container: fixed node_config.kubelet_config updates in google_container_cluster resource (#19562)
container: fixed a bug where specifying node_pool_defaults.node_config_defaults with enable_autopilot = true would cause google_container_cluster resource creation failure (#19543)
workbench: fixed a bug in the google_workbench_instance resource where the removal of labels was not functioning as expected (#19620)

`v6.4.0`

Compare Source

DEPRECATIONS:

securitycenterv2: deprecated google_scc_v2_organization_scc_big_query_exports. Use google_scc_v2_organization_scc_big_query_export instead. (#19457)

FEATURES:

New Data Source: google_secret_manager_regional_secret_version (#19514)
New Data Source: google_secret_manager_regional_secret (#19491)
New Resource: google_database_migration_service_migration_job (#19488)
New Resource: google_discovery_engine_target_site (#19469)
New Resource: google_healthcare_workspace (#19476)
New Resource: google_scc_folder_scc_big_query_export (#19480)
New Resource: google_scc_organization_scc_big_query_export (#19465)
New Resource: google_scc_project_scc_big_query_export (#19466)
New Resource: google_scc_v2_organization_scc_big_query_export (#19457)
New Resource: google_secret_manager_regional_secret_version (#19504)
New Resource: google_secret_manager_regional_secret (#19461)
New Resource: google_site_verification_web_resource (#19477)
New Resource: google_spanner_backup_schedule (#19449)

IMPROVEMENTS:

alloydb: added enable_outbound_public_ip field to google_alloydb_instance resource (#19444)
apigee: added in-place update for consumer_accept_list field in google_apigee_instance resource (#19442)
compute: added interface field to google_compute_attached_disk resource (#19440)
compute: added in-place update in google_compute_interconnect resource, except for remote_location and requested_features fields (#19508)
filestore: added deletion_protection_enabled and deletion_protection_reason fields to google_filestore_instance resource (#19446)
looker: added fips_enabled field to google_looker_instance resource (#19511)
metastore: added deletion_protection field to google_dataproc_metastore_service resource (#19505)
netapp: added allow_auto_tiering field to google_netapp_storage_pool resource (#19454)
netapp: added tiering_policy field to google_netapp_volume resource (#19454)
secretmanagerregional: added version_aliases field to google_secret_manager_regional_secret resource (#19514)
spanner: added edition field to google_spanner_instance resource (#19449)

BUG FIXES:

compute: fixed a permadiff on iap field in google_compute_backend and google_compute_region_backend resources (#19509)
container: fixed a bug where specifying node_pool_defaults.node_config_defaults with enable_autopilot = true will cause google_container_cluster resource creation failure (#19543)
container: fixed a permadiff on node_config.gcfs_config field in google_container_cluster and google_container_node_pool resources (#19512)
container: fixed the in-place update for node_config.gcfs_config field in google_container_cluster and google_container_node_pool resources (#19512)
container: made node_config.kubelet_config.cpu_manager_policy field optional to fix its update in google_container_cluster resource (#19464)
dns: fixed a permadiff on dnssec_config field in google_dns_managed_zone resource (#19456)
pubsub: allowed filter field to contain line breaks in google_pubsub_subscription resource (#19451)

`v6.3.0`

Compare Source

FEATURES:

New Data Source: google_bigquery_tables (#19402)
New Resource: google_developer_connect_connection (#19431)
New Resource: google_developer_connect_git_repository_link (#19431)
New Resource: google_memorystore_instance (#19398)

IMPROVEMENTS:

compute: added connected_endpoints.consumer_network and connected_endpoints.psc_connection_id fields to google_compute_service_attachment resource (#19426)
compute: added field http_keep_alive_timeout_sec to google_region_compute_target_https_proxy and google_region_compute_target_http_proxy resources (#19432)
compute: added support for boot_disk.initialize_params.resource_policies in google_compute_instance and google_instance_template (#19407)
container: added storage_pools to node_config in google_container_cluster and google_container_node_pool (#19423)
containerattached: added security_posture_config field to google_container_attached_cluster resource (#19411)
netapp: added large_capacity and multiple_endpoints to google_netapp_volume resource (#19384)
resourcemanager: added tags field to google_folder to allow setting tags for folders at creation time (#19380)

BUG FIXES:

compute: setting network_ip to "" will no longer cause diff and will be treated the same as null (#19400)
dataproc: updated google_dataproc_cluster to protect against handling nil kerberos_config values (#19401)
dns: added a mutex to google_dns_record_set to prevent conflicts when multiple resources attempt to operate on the same record set (#19416)
managedkafka: added 5 second wait post google_managed_kafka_topic creation to fix eventual consistency errors (#19429)

`v6.2.0`

Compare Source

FEATURES:

New Data Source: google_certificate_manager_certificates (#19361)
New Resource: google_network_security_server_tls_policy (#19314)
New Resource: google_scc_v2_folder_scc_big_query_export (#19327)
New Resource: google_scc_v2_project_scc_big_query_export (#19311)

IMPROVEMENTS:

assuredworkload: added field partner_service_billing_account to google_assured_workloads_workload (#19358)
bigtable: added support for column_family.type in google_bigtable_table (#19302)
cloudrun: promoted support for nfs and csi volumes (for Cloud Storage FUSE) for google_cloud_run_service to GA (#19359)
cloudrunv2: promoted support for nfs and gcs volumes for google_cloud_run_v2_job to GA (#19359)
compute: added boot_disk.interface field to google_compute_instance resource (#19319)
container: added node_pool_auto_config.node_kublet_config.insecure_kubelet_readonly_port_enabled field to google_container_cluster. (#19320)
container: added insecure_kubelet_readonly_port_enabled to node_pool.node_config.kubelet_config and node_config.kubelet_config in google_container_node_pool resource. (#19312)
container: added insecure_kubelet_readonly_port_enabled to node_pool_defaults.node_config_defaults, node_pool.node_config.kubelet_config, and node_config.kubelet_config in google_container_cluster resource. (#19312)
container: added support for in-place updates for google_compute_node_pool.node_config.gcfs_config and google_container_cluster.node_config.gcfs_cluster and google_container_cluster.node_pool.node_config.gcfs_cluster (#19365)
container: promoted the additive_vpc_scope_dns_domain field on the google_container_cluster resource to GA (#19313)
iambeta: added x509 field to google_iam_workload_identity_pool_provider resource (#19375)
networkconnectivity: added include_export_ranges to google_network_connectivity_spoke (#19346)
pubsub: added cloud_storage_config.max_messages and cloud_storage_config.avro_config.use_topic_schema fields to google_pubsub_subscription resource (#19338)
redis: added the maintenance_policy field to the google_redis_cluster resource (#19341)
resourcemanager: added tags field to google_project to allow setting tags for projects at creation time (#19351)
securitycenter: added support for empty streaming_config.filter values in google_scc_notification_config resources (#19369)

BUG FIXES:

compute: fixed google_compute_interconnect to support correct available_features option of IF_MACSEC (#19330)
compute: fixed a bug where advertised_route_priority was accidentally set to 0 during updates in google_compute_router_peer (#19366)
compute: fixed a permadiff caused by setting start_time in an incorrect H:mm format in google_compute_resource_policies resources (#19297)
compute: fixed network_interface.subnetwork_project validation to match with the project in network_interface.subnetwork field when network_interface.subnetwork has full self_link in google_compute_instance resource (#19348)
container: removed unnecessary force replacement in node pool gcfs_config (#19365
kms: updated the google_kms_autokey_config resource's folder field to accept values that are either full resource names (folders/{folder_id}) or just the folder id ({folder_id} only) (#19364))
storage: added retry support for 429 errors in google_storage_bucket resource (#19353)

`v6.1.0`

Compare Source

FEATURES:

New Data Source: google_kms_crypto_key_latest_version (#19249)
New Data Source: google_kms_crypto_key_versions (#19241)

IMPROVEMENTS:

databasemigrationservice: added support in google_database_migration_service_connection_profile for creating DMS connection profiles that link to existing Cloud SQL instances/AlloyDB clusters. (#19291)
alloydb: added subscription_type and trial_metadata field to google_alloydb_cluster resource (#19262)
bigquery: added encryption_configuration field to google_bigquery_data_transfer_config resource (#19267)
bigqueryanalyticshub: added selected_resources, and restrict_direct_table_access to google_bigquery_analytics_hub_listing resource (#19244)
bigqueryanalyticshub: added sharing_environment_config to google_bigquery_analytics_hub_data_exchange resource (#19244)
cloudtasks: added http_target field to google_cloud_tasks_queue resource (#19253)
compute: added accelerators field to google_compute_node_template resource (#19292)
compute: allowed disabling server_tls_policy during update in google_compute_target_https_proxy resources (#19233)
container: added secret_manager_config field to google_container_cluster resource (#19288)
datastream: added transaction_logs and change_tables to the datastream_stream resource (#19248)
discoveryengine: added chunking_config and layout_parsing_config fields to google_discovery_engine_data_store resource (#19274)
dlp: added inspect_template_modified_cadence field to big_query_target and cloud_sql_target in google_data_loss_prevention_discovery_config resource (#19282)
dlp: added tag_resources field to google_data_loss_prevention_discovery_config resource (#19282)
networksecurity: promoted google_network_security_client_tls_policy to GA (#19293)

BUG FIXES:

bigquery: fixed an error which could occur with email field values containing non-lower-case characters in google_bigquery_dataset_access resource (#19259)
bigqueryanalyticshub: made bigquery_dataset immutable in google_bigquery_analytics_hub_listing as it was not updatable in the API. Now modifying the field in Terraform will correctly recreate the resource rather than causing Terraform to report it would attempt an invalid update. (#19244)
container: fixed update inconsistency in google_container_cluster resource (#19247)
pubsub: fixed a validation bug that didn't allow empty filter definitions for google_pubsub_subscription resources (#19284)
resourcemanager: fixed a bug where data.google_client_config failed silently when inadequate credentials were used to configure the provider (#19286)
sql: fixed importing google_sql_user where host is an IPv4 CIDR (#19243)
sql: fixed overwriting of name field for IAM Group user in google_sql_user resource (#19234)

`v6.0.1`

Compare Source

BREAKING CHANGES:

sql: removed settings.ip_configuration.require_ssl from google_sql_database_instance in favor of settings.ip_configuration.ssl_mode. This field was intended to be removed in 6.0.0. (#19263)

`v6.0.0`

Compare Source

Terraform Google Provider 6.0.0 Upgrade Guide

BREAKING CHANGES:

provider: changed provider labels to add the goog-terraform-provisioned: true label by default. (#19190)
activedirectory: added deletion_protection field to google_active_directory_domain resource. This field defaults to true, preventing accidental deletions. To delete the resource, you must first set deletion_protection = false before destroying the resource. (#18906)
alloydb: removed network in google_alloy_db_cluster. Use network_config.network instead. (#19181)
bigquery: added client-side validation to prevent table view creation if schema contains required fields for google_bigquery_table resource (#18767)
bigquery: removed allow_resource_tags_on_deletion from google_bigquery_table. Resource tags are now always allowed on table deletion. (#19077)
bigqueryreservation: removed multi_region_auxiliary from google_bigquery_reservation (#18922)
billing: revised the format of id for google_billing_project_info (#18823)
cloudrunv2: added deletion_protection field to google_cloudrunv2_service. This field defaults to true, preventing accidental deletions. To delete the resource, you must first set deletion_protection = false before destroying the resource.(#19019)
cloudrunv2: changed liveness_probe to no longer infer a default value from api on google_cloud_run_v2_service. Removing this field and applying the change will now remove liveness probe from the Cloud Run service. (#18764)
cloudrunv2: retyped containers.env to SET from ARRAY for google_cloud_run_v2_service and google_cloud_run_v2_job. (#18855)
composer: ip_allocation_policy = [] in google_composer_environment is no longer valid configuration. Removing the field from configuration should not produce a diff. (#19207)
compute: added new required field enabled in google_compute_backend_service and google_compute_region_backend_service (#18772)
compute: changed certifcate_id in google_compute_managed_ssl_certificate to correctly be output only. (#19069)
compute: revised and in some cases removed default values of connection_draining_timeout_sec, balancing_mode and outlier_detection in google_compute_region_backend_service and google_compute_backend_service. (#18720)
compute: revised the format of id for compute_network_endpoints (#18844)
compute: guest_accelerator = [] is no longer valid configuration in google_compute_instance. To explicitly set an empty list of objects, set guest_accelerator.count = 0. (#19207)
compute: google_compute_instance_from_template and google_compute_instance_from_machine_image network_interface.alias_ip_range, network_interface.access_config, attached_disk, guest_accelerator, service_account, scratch_disk can no longer be set to an empty block []. Removing the fields from configuration should not produce a diff. (#19207)
compute: secondary_ip_ranges = [] in google_compute_subnetwork is no longer valid configuration. To set an explicitly empty list, use send_secondary_ip_range_if_empty and completely remove secondary_ip_range from config. (#19207)
container: made advanced_datapath_observability_config.enable_relay required in google_container_cluster (#19060)
container: removed deprecated field advanced_datapath_observability_config.relay_mode from google_container_cluster resource. Users are expected to use enable_relay field instead. (#19060)
container: three label-related fields are now in google_container_cluster resource. resource_labels field is non-authoritative and only manages the labels defined by the users on the resource through Terraform. The new output-only terraform_labels field merges the labels defined by the users on the resource through Terraform and the default labels configured on the provider. The new output-only effective_labels field lists all of labels present on the resource in GCP, including the labels configured through Terraform, the system, and other clients. (#19062)
container: made three fields resource_labels, terraform_labels, and effective_labels be present in google_container_cluster datasources. All three fields will have all of labels present on the resource in GCP including the labels configured through Terraform, the system, and other clients, equivalent to effective_labels on the resource. (#19062)
container: guest_accelerator = [] is no longer valid configuration in google_container_cluster and google_container_node_pool. To explicitly set an empty list of objects, set guest_accelerator.count = 0. (#19207)
container: guest_accelerator.gpu_driver_installation_config = [] and guest_accelerator.gpu_sharing_config = [] are no longer valid configuration in google_container_cluster and google_container_node_pool. Removing the fields from configuration should not produce a diff. (#19207)
datastore: removed google_datastore_index in favor of google_firestore_index (#19160)
edgenetwork: three label-related fields are now in google_edgenetwork_network and google_edgenetwork_subnet resources. labels field is non-authoritative and only manages the labels defined by the users on the resource through Terraform. The new output-only terraform_labels field merges the labels defined by the users on the resource through Terraform and the default labels configured on the provider. The new output-only effective_labels field lists all of labels present on the resource in GCP, including the labels configured through Terraform, the system, and other clients. (#19062)
identityplatform: removed resource google_identity_platform_project_default_config in favor of google_identity_platform_project_config (#18992)
pubsub: allowed schema_settings in google_pubsub_topic to be removed (#18631)
integrations: removed create_sample_workflows and provision_gmek from google_integrations_client (#19148)
redis: added a deletion_protection_enabled field to the google_redis_cluster resource. This field defaults to true, preventing accidental deletions. To delete the resource, you must first set deletion_protection_enabled = false before destroying the resource. (#19173)
resourcemanager: added deletion_protection field to google_folder to make deleting them require an explicit intent. Folder resources now cannot be destroyed unless deletion_protection = false is set for the resource. (#19021)
resourcemanager: made deletion_policy in google_project 'PREVENT' by default. This makes deleting them require an explicit intent. google_project resources cannot be destroyed unless deletion_policy is set to 'ABANDON' or 'DELETE' for the resource. (#19114)
sql: removed settings.ip_configuration.require_ssl in google_sql_database_instance. Please use settings.ip_configuration.ssl_mode instead. (#18843)
storage: removed no_age field from lifecycle_rule.condition in the google_storage_bucket resource (#19048)
vpcaccess: removed default values for min_throughput and min_instances fields on google_vpc_access_connector and made them default to values returned from the API when not provided by users (#18697)
vpcaccess: added a conflicting fields restriction between min_throughput and min_instances fields on google_vpc_access_connector (#18697)
vpcaccess: added a conflicting fields restriction between max_throughput and max_instances fields on google_vpc_access_connector (#18697)
workstation: defaulted host.gce_instance.disable_ssh to true for google_workstations_workstation_config (#19101) IMPROVEMENTS:
compute: added fields reserved_internal_range and secondary_ip_ranges[].reserved_internal_range to google_compute_subnetwork resource (#19151)
compute: changed the behavior of name_prefix in multiple Compute resources to allow for a longer max length of 54 characters. See the upgrade guide and resource documentation for more details. (#19152) BUG FIXES:
compute: fixed an issue regarding sending enabled field by default for null iap message in google_compute_backend_service and google_compute_region_backend_service (#18772)

`v5.45.2`

Compare Source

NOTES:

5.45.2 contains no changes from 5.45.1. This release is being made to ensure that the version numbers of the google and google-beta provider releases remain aligned, as google-beta's 5.45.2 release contains a beta-only change.

`v5.45.1`

Compare Source

NOTES:

5.45.1 is a backport release, responding to a new GKE label being applied that can cause unwanted diffs in node pools. The changes in this release will be available in 6.18.1 and users upgrading to 6.X should upgrade to that version or higher.

BUG FIXES:

container: fixed a diff caused by server-side set values for node_config.resource_labels (#21082)

`v5.45.0`

Compare Source

NOTES:

5.45.0 is a backport release, responding to a new Spanner feature that may result in creation of unwanted backups for users. The changes in this release will be available in 6.11.0 and users upgrading to 6.X should upgrade to that version or higher.

IMPROVEMENTS:

spanner: added default_backup_schedule_type field to google_spanner_instance (#20213)

`v5.44.2`

Compare Source

Notes:

5.44.2 is a backport release, responding to a GKE rollout that created permadiffs for many users. The changes in this release will be available in 6.7.0 and users upgrading to 6.X should upgrade to that version or higher.

IMPROVEMENTS:

container: google_container_cluster will now accept server-specified values for node_pool_auto_config.0.node_kubelet_config when it is not defined in configuration and will not detect drift. Note that this means that removing the value from configuration will now preserve old settings instead of reverting the old settings. (#19817)

BUG FIXES:

container: fixed a diff triggered by a new API-side default value for node_config.0.kubelet_config.0.insecure_kubelet_readonly_port_enabled. Terraform will now accept server-specified values for node_config.0.kubelet_config when it is not defined in configuration and will not detect drift. Note that this means that removing the value from configuration will now preserve old settings instead of reverting the old settings. (#19817)

`v5.44.1`

Compare Source

NOTES:

5.44.1 is a backport release, intended to pull in critical container improvements and fixes for issues introduced in 5.44.0

IMPROVEMENTS:

container: added in-place update support for gcfs_config in in google_container_cluster and google_container_node_pool (#19365) (#19512)

BUG FIXES:

container: fixed a permadiff on gcfs_config in google_container_cluster and google_container_node_pool (#19512)
container: fixed a bug where specifying node_pool_defaults.node_config_defaults with enable_autopilot = true will cause google_container_cluster resource creation failure. (#19543)

`v5.44.0`

Compare Source

NOTES:

5.44.0 is a backport release, intended to pull in critical container improvements from 6.2.0

IMPROVEMENTS:

container: added insecure_kubelet_readonly_port_enabled to node_pool.node_config.kubelet_config and node_config.kubelet_config in google_container_node_pool resource. (#19312)
container: added insecure_kubelet_readonly_port_enabled to node_pool_defaults.node_config_defaults, node_pool.node_config.kubelet_config, and node_config.kubelet_config in google_container_cluster resource. (#19312)
container: added node_pool_auto_config.node_kublet_config.insecure_kubelet_readonly_port_enabled field to google_container_cluster. (#19320)

`v5.43.1`

Compare Source

NOTES:

5.43.1 is a backport release, and some changes will not appear in 6.X series releases until 6.1.0

BUG FIXES:

pubsub: fixed a validation bug that didn't allow empty filter definitions for google_pubsub_subscription resources (#19284)

`v5.43.0`

Compare Source

DEPRECATIONS:

storage: deprecated lifecycle_rule.condition.no_age field in google_storage_bucket. Use the new lifecycle_rule.condition.send_age_if_zero field instead. (#19172)

FEATURES:

New Resource: google_kms_ekm_connection_iam_binding (#19132)
New Resource: google_kms_ekm_connection_iam_member (#19132)
New Resource: google_kms_ekm_connection_iam_policy (#19132)
New Resource: google_scc_v2_organization_scc_big_query_exports (#19184)

IMPROVEMENTS:

compute: added label_fingerprint field to google_compute_global_address resource (#19204)
compute: exposed service side id as new output field forwarding_rule_id on resource google_compute_forwarding_rule (#19139)
container: added EXTENDED as a valid option for release_channel field in google_container_cluster resource (#19141)
logging: changed enable_analytics parsing to "no preference" in analytics if omitted, instead of explicitly disabling analytics in google_logging_project_bucket_config (#19126)
pusbub: added validation to filter field in resource google_pubsub_subscription (#19131)
resourcemanager: added default_labels field to google_client_config data source (#19170)
vmwareengine: added PC undelete support in google_vmwareengine_private_cloud (#19192)

BUG FIXES:

alloydb: fixed a permadiff on psc_instance_config in google_alloydb_instance resource (#19143)
compute: fixed a malformed URL that affected updating the server_tls_policy property on google_compute_target_https_proxy resources (#19164)
compute: fixed bug where the labels field could not be updated on google_compute_global_address (#19204)
compute: fixed force diff replacement logic for network_ip on resource google_compute_instance (#19135)

`v5.42.0`

Compare Source

DEPRECATIONS:

compute: setting google_compute_subnetwork.secondary_ip_range = [] to explicitly set a list of empty objects is deprecated and will produce an error in the upcoming major release. Use send_secondary_ip_range_if_empty while removing secondary_ip_range from config instead. (#19122)

FEATURES:

New Data Source: google_artifact_registry_locations (#19047)
New Data Source: google_cloud_identity_transitive_group_memberships (#19038)
New Resource: google_discovery_engine_schema (#19124)
New Resource: google_scc_folder_notification_config (#19057)
New Resource: google_scc_v2_folder_notification_config (#19055)
New Resource: google_vertex_ai_index_endpoint_deployed_index (#19061)

IMPROVEMENTS:

clouddeploy: added serial_pipeline.stages.strategy.canary.runtime_config.kubernetes.gateway_service_mesh.pod_selector_label and serial_pipeline.stages.strategy.canary.runtime_config.kubernetes.service_networking.pod_selector_label fields to google_clouddeploy_delivery_pipeline resource (#19100)
compute: added send_secondary_ip_range_if_empty to google_compute_subnetwork (#19122)
discoveryengine: added skip_default_schema_creation field to google_data_store resource (#19017)
dns: changed load_balancer_type field from required to optional in google_dns_record_set (#19050)
firestore: added cmek_config field to google_firestore_database resource (#19107)
servicenetworking: added update_on_creation_fail field to google_service_networking_connection resource. When it is set to true, enforce an update of the reserved peering ranges on the existing service networking connection in case of a new connection creation failure. (#19035)
sql: added server_ca_mode field to google_sql_database_instance resource (#18998)

BUG FIXES:

bigquery: made google_bigquery_dataset_iam_member non-authoritative. To remove a bigquery dataset iam member, use an authoritative resource like google_bigquery_dataset_iam_policy (#19121)
cloudfunctions2: fixed a "Provider produced inconsistent final plan" bug affecting the service_config.environment_variables field in google_cloudfunctions2_function resource (#19024)
cloudfunctions2: fixed a permadiff on storage_source.generation in google_cloudfunctions2_function resource (#19031)
compute: fixed issue where sub-resources managed by google_compute_forwarding_rule prevented resource deletion (#19117)
logging: changed google_logging_project_bucket_config.enable_analytics behavior to set "no preference" in analytics if omitted, instead of explicitly disabling analytics. (#19126)
workbench: fixed a bug with google_workbench_instance metadata drifting when using custom containers. (#19119)

`v5.41.0`

Compare Source

DEPRECATIONS:

resourcemanager: deprecated skip_delete field in the google_project resource. Use deletion_policy instead. (#18867)

FEATURES:

New Data Source: google_logging_log_view_iam_policy (#18990)
New Data Source: google_scc_v2_organization_source_iam_policy (#19004)
New Resource: google_access_context_manager_service_perimeter_dry_run_egress_policy (#18994)
New Resource: google_access_context_manager_service_perimeter_dry_run_ingress_policy (#18994)
New Resource: google_scc_v2_folder_mute_config (#18924)
New Resource: google_scc_v2_project_mute_config (#18993)
New Resource: google_scc_v2_project_notification_config (#19008)
New Resource: google_scc_v2_organization_source (#19004)
New Resource: google_scc_v2_organization_source_iam_binding (#19004)
New Resource: google_scc_v2_organization_source_iam_member (#19004)
New Resource: google_scc_v2_organization_source_iam_policy (#19004)
New Resource: google_logging_log_view_iam_binding (#18990)
New Resource: google_logging_log_view_iam_member (#18990)
New Resource: google_logging_log_view_iam_policy (#18990)

IMPROVEMENTS:

clouddeploy: added gke.proxy_url field to google_clouddeploy_target (#19016)
cloudrunv2: added field binary_authorization.policy to resource google_cloud_run_v2_job and resource google_cloud_run_v2_service to support named binary authorization policy. (#18995)
compute: added source_regions field to google_compute_healthcheck resource (#19006)
compute: added update-in-place support for the google_compute_target_https_proxy.server_tls_policy field (#18996)
compute: added update-in-place support for the google_compute_region_target_https_proxy.server_tls_policy field (#19007)
container: added auto_provisioning_locations field to google_container_cluster (#18928)
dataform: added kms_key_name field to google_dataform_repository resource (#18947)
discoveryengine: added skip_default_schema_creation field to google_discovery_engine_data_store resource (#19017)
gkehub: added configmanagement.management and configmanagement.config_sync.enabled fields to google_gkehub_feature_membership (#19016)
gkehub: added management field to google_gke_hub_feature.fleet_default_member_config.configmanagement (#18963)
resourcemanager: added deletion_policy field to the google_project resource. Setting deletion_policy to PREVENT will protect the project against any destroy actions caused by a terraform apply or terraform destroy. Setting deletion_policy to ABANDON allows the resource to be abandoned rather than deleted and it behaves the same with skip_delete = true. Default value is DELETE. skip_delete = true takes precedence over deletion_policy = "DELETE".
storage: added force_destroy field to google_storage_managed_folder resource (#18973)
storage: added generation field to google_storage_bucket_object resource (#18971)

BUG FIXES:

compute: fixed google_compute_instance.alias_ip_range update behavior to avoid temporarily deleting unchanged alias IP ranges (#19015)
compute: fixed the bug that creation of PSC forwarding rules fails in google_compute_forwarding_rule resource when provider default labels are set (#18984)
sql: fixed a perma-diff in settings.insights_config in google_sql_database_instance (#18962)

`v5.40.0`

Compare Source

NOTES:

resourcemanager: This release included a deprecation of skip_delete in google_project without the future field (deletion_policy) being available. This will be corrected in a future 5.X release prior to the release of 6.0.0 where the deletion_policy field will be made available.

DEPRECATIONS:

resourcemanager: deprecated skip_delete field in the google_project resource. Instead use the new field deletion_policy in the next major release (#18867)

IMPROVEMENTS:

bigquery: added support for value DELTA_LAKE to source_format in google_bigquery_table resource (#18915)
compute: added access_mode field to google_compute_disk resource (#18857)
compute: added stack_type, and gateway_ip_version fields to google_compute_router resource (#18839)
container: added field ray_operator_config for resource_container_cluster (#18825)
container: promoted additional_node_network_configs and additional_pod_network_configs fields to GA in the google_container_node_pool resource (#18842)
container: promoted enable_multi_networking to GA in the google_container_cluster resource (#18842)
monitoring: updated goal field to accept a max threshold of up to 0.9999 in google_monitoring_slo resource (#18845)
networkconnectivity: added export_psc field to google_network_connectivity_hub resource (#18866)
sql: added enable_dataplex_integration field to google_sql_database_instance resource (#18852)

BUG FIXES:

bigquery: fixed a permadiff when handling "assets" in params in the google_bigquery_data_transfer_config resource (#18898)
bigquery: fixed an issue preventing certain keys in params from being assigned values in google_bigquery_data_transfer_config (#18888)
compute: fixed perma-diff of advertised_ip_ranges field in google_compute_router resource (#18869)
container: fixed perma-diff on node_config.guest_accelerator.gpu_driver_installation_config field in GKE 1.30+ in google_container_node_pool resource (#18835)
sql: fixed a perma-diff in settings.insights_config in google_sql_database_instance (#18962)

`v5.39.1`

Compare Source

BUG FIXES:

datastream: fixed a breaking change in 5.39.0 google_datastream_stream that made one of destination_config.bigquery_destination_config.merge or destination_config.bigquery_destination_config.append_only required (#18903)

`v5.39.0`

Compare Source

NOTES:

networkconnectivity: migrated google_network_connectivity_hub from DCL to MMv1 (#18724)
networkconnectivity: migrated google_network_connectivity_spoke from DCL to MMv1 (#18779)

DEPRECATIONS:

bigquery: deprecated allow_resource_tags_on_deletion in google_bigquery_table. (#18811)
bigqueryreservation: deprecated multi_region_auxiliary on google_bigquery_reservation. (#18803)
datastore: deprecated the resource google_datastore_index. Use the google_firestore_index resource instead. (#18781)

FEATURES:

New Resource: google_apigee_environment_keyvaluemaps_entries (#18707)
New Resource: google_apigee_environment_keyvaluemaps (#18707)
New Resource: google_compute_resize_request (#18725)
New Resource: google_compute_router_route_policy (#18759)
New Resource: google_scc_v2_organization_mute_config (#18752)

IMPROVEMENTS:

alloydb: added observability_config field to google_alloydb_instance resource (#18743)
bigquery: added resource_tags field to google_bigquery_dataset resource (ga) (#18711)
bigquery: added resource_tags field to google_bigquery_table resource (#18741)
bigtable: added data_boost_isolation_read_only and data_boost_isolation_read_only.compute_billing_owner fields to google_bigtable_app_profile resource (#18819)
cloudfunctions: added build_service_account field to google_cloudfunctions_function resource (#18702)
compute: added aws_v4_authentication fields to google_compute_backend_service resource (#18796)
compute: added custom_learned_ip_ranges and custom_learned_route_priority fields to google_compute_router_peer resource (#18727)
compute: added export_policies and import_policies fields to google_compute_router_peer resource (#18759)
compute: added shared_secret field to google_compute_public_advertised_prefix resource (#18786)
compute: added storage_pool under boot_disk.initialize_params to google_compute_instance resource (#18817)
compute: changed target_service field on the google_compute_service_attachment resource to accept a ForwardingRule or Gateway URL. (#18742)
container: added field ray_operator_config for google_container_cluster (#18825)
datastream: added merge and append_only fields to google_datastream_stream resource (#18726)
datastream: promoted source_config.sql_server_source_config and backfill_all.sql_server_excluded_objects fields in google_datastream_stream resource from beta to GA (#18732)
datastream: promoted sql_server_profile field in google_datastream_connection_profile resource from beta to GA (#18732)
dlp: added cloud_storage_target field to google_data_loss_prevention_discovery_config resource (#18740)
resourcemanager: added check_if_service_has_usage_on_destroy field to google_project_service resource (#18753)
resourcemanager: added the member property to google_project_service_identity (#18695)
vmwareengine: added deletion_delay_hours field to google_vmwareengine_private_cloud resource (#18698)
vmwareengine: supported type change from TIME_LIMITED to STANDARD for multi-node google_vmwareengine_private_cloud resource (#18698)
workbench: added access_configs to google_workbench_instance resource (#18737)

BUG FIXES:

compute: fixed perma-diff for interconnect_type being DEDICATED in google_compute_interconnect resource (#18761)
dialogflowcx: fixed intermittent issues with retrieving resource state soon after creating google_dialogflow_cx_security_settings resources (#18792)
firestore: fixed missing import of field for google_firestore_field. (#18771)
firestore: fixed bug where fields database, collection, document_id, and field could not be updated on google_firestore_document and google_firestore_field resources. (#18821)
netapp: made the smb_settings field on the google_netapp_volume resource default to the value returned from the API. This solves permadiffs when the field is unset. (#18790)
networksecurity: added recreate functionality on update for client_validation_mode and client_validation_trust_config in google_network_security_server_tls_policy (#18769)

`v5.38.0`

Compare Source

FEATURES:

New Data Source: google_gke_hub_membership_binding (#18680)
New Data Source: google_site_verification_token (#18688)
New Resource: google_scc_project_notification_config (#18682)

IMPROVEMENTS:

compute: promoted labels field on google_compute_global_address resource from beta to GA (#18646)
compute: made the google_compute_resource_policy resource updatable in-place (#18673)
privilegedaccessmanager: promoted google_privileged_access_manager_entitlement resource from beta to GA (#18686)
vertexai: added project_number field to google_vertex_ai_feature_online_store_featureview resource (#18637)

BUG FIXES:

cloudfunctions2: fixed permadiffs on service_config.environment_variables field in google_cloudfunctions2_function resource (#18651)

`v5.37.0`

Compare Source

FEATURES:

New Data Source: google_kms_crypto_keys (#18605)
New Data Source: google_kms_key_rings (#18611)
New Resource: google_scc_v2_organization_notification_config (#18594)
New Resource: google_secure_source_manager_repository (#18576)
New Resource: google_storage_managed_folder_iam (#18555)
New Resource: google_storage_managed_folder (#18555)

IMPROVEMENTS:

certificatemanager: added allowlisted_certificates field to google_certificate_manager_trust_config resource (#18587)
compute: added max_run_duration and on_instance_stop_action fields to google_compute_instance, google_compute_instance_template, and google_compute_instance_from_machine_image resources (#18623)
dataplex: added sql_assertion field to google_dataplex_datascan resource (#18559)
gkehub: added fleet_default_member_config.configmanagement.config_sync.enabled field to google_gke_hub_feature resource (#18582)
netapp: added zone and replica_zone field to google_netapp_storage_pool resource (#18609)
vertexai: added project_number field to google_vertex_ai_feature_online_store_featureview resource (#18637)
workstations: added host.gce_instance.vm_tags field to google_workstations_workstation_config resource (#18588)

BUG FIXES:

compute: fixed a bug preventing the creation of google_compute_autoscaler and google_compute_region_autoscaler resources if both autoscaling_policy.max_replicas and autoscaling_policy.min_replicas were configured as zero. (#18607)
resourcemanager: mitigated eventual consistency issues by adding a 10s wait after google_service_account_key resource creation (#18566)
vertexai: fixed issue where updating "metadata" field could fail in google_vertex_ai_index resource (#18632)

`v5.36.0`

Compare Source

FEATURES:

New Resource: google_storage_managed_folder_iam (#18555)
New Resource: google_storage_managed_folder (#18555)

IMPROVEMENTS:

bigtable: added ignore_warnings field to google_bigtable_gc_policy resource (#18492)
cloudfunctions2: added build_config.automatic_update_policy and build_config.on_deploy_update_policy fields to google_cloudfunctions2_function resource (#18540)
compute: added confidential_instance_config.confidential_instance_type field to google_compute_instance, google_compute_instance_template, and google_compute_region_instance_template resources (#18554)
compute: added custom_error_response_policy and default_custom_error_response_policy fields to google_compute_url_map resource (#18511)
compute: added tls_early_data field to google_compute_target_https_proxy resource (#18512)
compute: promoted google_compute_network_attachment resource from beta to GA (#18494)
datafusion: added connection_type and private_service_connect_config fields to google_data_fusion_instance resource (#18525)
healthcare: added encryption_spec field to google_healthcare_dataset resource (#18528)
monitoring: added links field to google_monitoring_alert_policy resource (#18549)
vertexai: added update support for big_query.entity_id_columns field on google_vertex_ai_feature_group resource (#18493)
vertexai: promoted dedicated_serving_endpoint field on google_vertex_ai_feature_online_store resource from beta to GA (#18513)

BUG FIXES:

accesscontextmanager: fixed perma-diff caused by ordering of service_perimeters in google_access_context_manager_service_perimeters resource (#18520)
compute: fixed a crash in google_compute_reservation resource when share_settings field has changes (#18498)
compute: fixed issue in google_compute_instance resource where service_account is not set when specifying service_account.email and no service_account.scopes (#18521)
gkehub2: fixed google_gke_hub_feature resource to allow fleet_default_member_config field to be unset (#18487)
identityplatform: fixed perma-diff on google_identity_platform_config resource when sms_region_config is not set (#18537)
logging: fixed perma-diff on index_configs in google_logging_organization_bucket_config resource (#18501)

`v5.35.0`

Compare Source

FEATURES:

New Data Source: google_artifact_registry_docker_image (#18446)
New Resource: google_service_networking_vpc_service_controls (#18448)

IMPROVEMENTS:

billingbudget: added enable_project_level_recipients field to google_billing_budget resource (#18437)
compute: added action_token_site_keys and session_token_site_keys fields to google_compute_security_policy and google_compute_security_policy_rule resources (#18414)
gkehub2: added ENTERPRISE option to security_posture_config field on google_gke_hub_fleet resource (#18440)
pubsub: added bigquery_config.service_account_email field to google_pubsub_subscription resource (#18444)
redis: added maintenance_version field to google_redis_instance resource (#18424)
storage: changed update behavior in google_storage_bucket_object to no longer delete to avoid object deletion on content update (#18479)
sql: added support for more MySQL values in type field of google_sql_user resource (#18452)
sql: increased timeouts on google_sql_database_instance to 90m to account for longer-running actions such as creation through cloning (#18458)
workbench: added update support to gce_setup.boot_disk and gce_setup.data_disks fields in google_workbench_instance resource (#18482)

BUG FIXES:

compute: updated google_compute_instance to force reboot if min_node_cpus is updated (#18420)
compute: fixed description field in google_compute_firewall to support empty/null values on update (#18478)
compute: fixed perma-diff on google_compute_disk for Ubuntu amd64 canonical LTS images (#18418)
storage: fixed lowercased custom_placement_config values in google_storage_bucket causing perma-destroy (#18456)
workbench: fixed issue where instance was not starting after an update in google_workbench_instance resource (#18464)
workbench: fixed perma-diff caused by empty accelerator_configs in google_workbench_instance resource (#18464)

`v5.34.0`

Compare Source

NOTES:

compute: Updated field description of connection_draining_timeout_sec, balancing_mode and outlier_detection in google_compute_region_backend_service and google_compute_backend_service to inform that default values will be changed in 6.0.0 (#18399)

FEATURES:

New Resource: google_netapp_backup (#18357)
New Resource: google_network_services_service_lb_policies (#18326)
New Resource: google_scc_management_folder_security_health_analytics_custom_module (#18360)
New Resource: google_scc_management_project_security_health_analytics_custom_module (#18369)
New Resource: google_scc_management_organization_security_health_analytics_custom_module (#18374)

IMPROVEMENTS:

alloydb: changed the resource google_alloydb_instance to be created directly with public IP enabled instead of creating the resource with public IP disabled and then enabling it (#18344)
bigtable: added automated_backup_configuration field to google_bigtable_table resource (#18335)
cloudbuildv2: added support for connecting to Bitbucket Data Center and Bitbucket Cloud with the bitbucket_data_center_config and bitbucket_cloud_config fields in google_cloudbuildv2_connection (#18375)
compute: added update support to ssl_policy field in google_compute_region_target_https_proxy resource (#18361)
compute: removed enum validation on guest_os_features.type in google_compute_disk to allow for new features to be used without provider update (#18331)
compute: updated documentation of google_compute_target_https_proxy and google_compute_region_target_https_proxy (#18358)
container: added support for security_posture_config.mode value "ENTERPRISE" in resource_container_cluster (#18334)
discoveryengine: added document_processing_config field to google_discovery_engine_data_store resource (#18350)
edgecontainer: added 'maintenance_exclusions' field to 'google_edgecontainer_cluster' resource (#18370)
gkehub: added prevent_drift field to ConfigManagement fleet_default_member_config (#18330)
netapp: added administrators field to google_netapp_active_directory resource (#18333)
vertexai: promoted optimized field to GA for google_vertex_ai_feature_online_store resource (#18348)
workbench: updated the metadata keys managed by the backend. (#18367)

BUG FIXES:

compute: fixed an issue where google_compute_instance_group_manager with a pending operation was incorrectly removed due to the operation no longer being present in the backend (#18380)
compute: fixed issue where users could not create google_compute_security_policy resources with layer_7_ddos_defense_config explicitly disabled (#18345)
workbench: fixed a bug in the google_workbench_instance resource where specifying a network in some scenarios would cause instance creation to fail (#18404

`v5.33.0`

Compare Source

DEPRECATIONS:

healthcare: deprecated notification_config in google_healthcare_fhir_store resource. Use notification_configs instead. (#18306)

FEATURES:

New Data Source: google_compute_security_policy (#18316)
New Resource: google_compute_project_cloud_armor_tier (#18319)
New Resource: google_network_services_service_lb_policies (#18326)
New Resource: google_scc_management_organization_event_threat_detection_custom_module (#18317)
New Resource: google_spanner_instance_config (#18322)

IMPROVEMENTS:

appengine: added flexible_runtime_settings field to google_app_engine_flexible_app_version resource (#18325)
bigtable: added force_destroy field to google_bigtable_instance resource. This will force delete any backups present in the instance and allow the instance to be deleted. (#18291)
clouddeploy: added execution_configs.verbose field to google_clouddeploy_target resource (#18292)
compute: added storage_pool field to google_compute_disk resource (#18273)
dlp: added secrets_discovery_target, cloud_sql_target.filter.database_resource_reference, and big_query_target.filter.table_reference fields to google_data_loss_prevention_discovery_config resource (#18324)
gkebackup: added backup_schedule.backup_config.permissive_mode field to google_gke_backup_backup_plan resource (#18266)
gkebackup: added restore_config.restore_order field to google_gke_backup_restore_plan resource (#18266)
gkebackup: added restore_config.volume_data_restore_policy_bindings field to google_gke_backup_restore_plan resource (#18266)
gkebackup: added new enum values MERGE_SKIP_ON_CONFLICT, MERGE_REPLACE_VOLUME_ON_CONFLICT and MERGE_REPLACE_ON_CONFLICT to field restore_config.namespaced_resource_restore_mode in google_gke_backup_restore_plan resource (#18266)
healthcare: added notification_config.send_for_bulk_import field to google_healthcare_dicom_store resource (#18320)
healthcare: added notification_configs field to google_healthcare_fhir_store resource (#18306)
integrationconnectors: added endpoint_global_access field to google_integration_connectors_endpoint_attachment resource (#18293)
netapp: added backup_config field to google_netapp_volume resource (#18286)
redis: added zone_distribution_config field to google_redis_cluster resource (#18307)
resourcemanager: added support for range_type = "default-domains-netblocks" in google_netblock_ip_ranges data source (#18290)
secretmanager: added support for IAM conditions in google_secret_manager_secret_iam_* resources (#18294)
workstations: added boot_disk_size_gb, enable_nested_virtualization, and pool_size to host.gce_instance.boost_configs in google_workstations_workstation_config resource (#18310)

BUG FIXES:

container: fixed google_container_node_pool crash if node_config.secondary_boot_disks.mode is not set (#18323)
dlp: removed required on inspect_config.limits.max_findings_per_info_type.info_type field to allow the use of default limit by not setting this field in google_data_loss_prevention_inspect_template resource (#18285)
provider: fixed application default credential and access token authorization when universe_domain is set (#18272)

`v5.32.0`

Compare Source

NOTES:

privateca: converted google_privateca_certificate_template to now use the MMv1 engine instead of DCL (#18224)

FEATURES:

New Resource: google_dataplex_entry_type (#18229)
New Resource: google_logging_log_view_iam_binding (#18243)
New Resource: google_logging_log_view_iam_member (#18243)
New Resource: google_logging_log_view_iam_policy (#18243)

IMPROVEMENTS:

alloydb: added psc_config field to google_alloydb_cluster resource (#18263)
alloydb: added psc_instance_config field to google_alloydb_instance resource (#18263)
cloudrunv2: added default_uri_disabled field to resource google_cloud_run_v2_service resource (#18246)
compute: added NONE to acceptable options for update_policy.minimal_action field in google_compute_instance_group_manager resource (#18236)
looker: increased validation length of name to google_looker_instance resource (#18244)
sql: updated support for a new value week5 in field setting.maintenance_window.update_track in google_sql_database_instance resource (#18223)

BUG FIXES:

cloudrunv2: added validation for timeout field to google_cloud_run_v2_job and google_cloud_run_v2_service resources (#18260)
compute: fixed permadiff in ordering of advertised_ip_ranges.range field on google_compute_router resource (#18228)
iam: added a 10 second sleep when creating a 'google_service_account' resource to reduce eventual consistency errors(#18261)
storage: fixed google_storage_bucket.lifecycle_rule.condition block fields days_since_noncurrent_time and days_since_custom_time and num_newer_versions were not working for 0 value (#18231)

`v5.31.1`

Compare Source

BUG FIXES:

iam: added a 10 second sleep when creating a google_service_account to reduce eventual consistency errors. See #18024 for more details (#18261)

`v5.31.0`

Compare Source

FEATURES:

New Data Source: google_compute_subnetworks (#18159)
New Resource: google_dataplex_aspect_type (#18201)
New Resource: google_dataplex_entry_group (#18188)
New Resource: google_kms_autokey_config (#18179)
New Resource: google_kms_key_handle (#18179)
New Resource: google_network_services_lb_route_extension (#18195)

IMPROVEMENTS:

appengine: added field instance_ip_mode to resource google_app_engine_flexible_app_version resource (beta) (#18168)
bigquery: added external_data_configuration.bigtable_options to google_bigquery_table (#18181)
composer: added support for importing google_composer_user_workloads_secret via the "{{environment}}/{{name}}" format. (#7390)
composer: improved timeouts for google_composer_user_workloads_secret. (#7390)
compute: added TLS_JA3_FINGERPRINT and USER_IP options in field rate_limit_options.enforce_on_key to google_compute_security_policy resource (#18167)
compute: added 'rateLimitOptions' field to 'google_compute_security_policy_rule' resource (#18167)
compute: changed google_compute_region_ssl_policy's region field to optional and allow to be inferred from environment (#18178)
compute: added subnet_length field to google_compute_interconnect_attachment resource (#18187)
container: added containerd_config field and subfields to google_container_cluster and google_container_node_pool resources, to allow those resources to access private image registries. (#18160)
container: allowed both enable_autopilot and workload_identity_config to be set in google_container_cluster resource. (#18166)
datastream: added create_without_validation field to google_datastream_connection_profile, google_datastream_private_connection and google_datastream_stream resources (#18176)
network-security: added trust_config, min_tls_version, tls_feature_profile and custom_tls_features fields to google_network_security_tls_inspection_policy resource (#18139)
networkservices: made field load_balancing_scheme immutable in resource google_network_services_lb_traffic_extension, as in-place updating is always failing (#18195)
networkservices: made required fields extension_chains.extensions.authority and extension_chains.extensions.timeout optional in resource google_network_services_lb_traffic_extension (#18195)
networkservices: removed unsupported load balancing scheme LOAD_BALANCING_SCHEME_UNSPECIFIED from the field load_balancing_scheme in resource google_network_services_lb_traffic_extension (#18195)
pubsub: added cloud_storage_config.filename_datetime_format field to google_pubsub_subscription resource (#18180)
tpu: added type of accelerator_config to google_tpu_v2_vm resource (#18148)

BUG FIXES:

monitoring: fixed a permadiff with monitored_resource.labels property in the google_monitoring_uptime_check_config resource (#18174)
storage: fixed a bug where field autoclass block is generating permadiff whenever the block is removed from the config in google_storage_bucket resource (#18197)
storagetransfer: fixed a permadiff with transfer_spec.0.aws_s3_data_source.0.aws_access_key resource_storage_transfer_job (#18190)

`v5.30.0`

Compare Source

FEATURES:

New Data Source: google_cloud_asset_resources_search_all (#18129)
New Resource: google_compute_interconnect (#18064)
New Resource: google_network_services_lb_traffic_extension (#18138)

IMPROVEMENTS:

compute: added kms_key_name field to google_bigquery_connection resource (#18057)
compute: added auto_network_tier field to google_compute_router_nat resource (#18055)
compute: promoted enable_ipv4, ipv4_nexthop_address and peer_ipv4_nexthop_address fields in google_compute_router_peer resource to GA (#18056)
compute: promoted identifier_range field in google_compute_router resource to GA (#18056)
compute: promoted ip_version field in google_compute_router_interface resource to GA (#18056)
container: added KUBELET and CADVISOR options to monitoring_config.enable_components in google_container_cluster resource (#18090)
dataproc: added local_ssd_interface to google_dataproc_cluster resource (#18137)
dataprocmetastore: promoted google_dataproc_metastore_federation to GA (#18084)
dlp: added cloud_sql_target field to google_data_loss_prevention_discovery_config resource (#18063)
netapp: added FLEX value to field service_level in google_netapp_storage_pool resource (#18088)
networksecurity: added trust_config, min_tls_version, tls_feature_profile and custom_tls_features fields to google_network_security_tls_inspection_policy resource (#18139)
networkservices: supported in-place update for gateway_security_policy and certificate_urls fields in google_network_services_gateway resource (#18082)

BUG FIXES:

compute: fixed a perma-diff on machine_type field in google_compute_instance resource (#18071)
compute: fixed a perma-diff on type field in google_compute_disk resource (#18071)
storage: fixed update issue for lifecycle_rule.condition.custom_time_before and lifecycle_rule.condition.noncurrent_time_before in google_storage_bucket resource (#18127)

`v5.29.1`

Compare Source

5.29.1 (May 14, 2024)

BREAKING CHANGES:

compute: removed secondary_ip_range.reserved_internal_range field from google_compute_subnetwork (18133)

`v5.29.0`

Compare Source

BREAKING CHANGES:

compute: added required reserved_internal_range subfield to reserved_internal_range in google_compute_subnetwork. This field can be set to null as an equivalent to leaving it unspecified.

NOTES:

compute: added documentation for md5_authentication_key field in google_compute_router_peer resource. The field was introduced in v5.12.0, but documentation was unintentionally omitted at that time. (#17991)

FEATURES:

New Resource: google_bigtable_authorized_view (#18006)
New Resource: google_integration_connectors_managed_zone (#18029)
New Resource: google_network_connectivity_regional_endpoint (#18014)
New Resource: google_network_security_security_profile (#18025)
New Resource: google_network_security_security_profile_group (#18025)
New Resource: google_network_security_firewall_endpoint (#18025)
New Resource: google_network_security_firewall_endpoint_association (#18025)

IMPROVEMENTS:

clouddeploy: added custom_target field to google_clouddeploy_target resource (#18000)
clouddeploy: added google_cloud_build_repo to custom_target_type resource (#18040)
compute: added preconfigured_waf_config field to google_compute_region_security_policy_rule resource; (#18039)
compute: added rate_limit_options field to google_compute_region_security_policy_rule resource; (#18039)
compute: added security_profile_group, tls_inspect to google_compute_firewall_policy_rule (#18000)
compute: added security_profile_group, tls_inspect to google_compute_network_firewall_policy_rule (#18000)
compute: added fields reserved_internal_range and secondary_ip_ranges.reserved_internal_range to google_compute_subnetwork resource (#18026)
container: added dns_config.additive_vpc_scope_dns_domain field to google_container_cluster resource (#18031)
container: added enable_nested_virtualization field to google_container_node_pool and google_container_cluster resource. (#18015)
iam: added extra_attributes_oauth2_client field to google_iam_workforce_pool_provider resource (#18027)
privateca: added maximum_lifetime field to google_privateca_certificate_template resource (#18000)

`v5.28.0`

Compare Source

DEPRECATIONS:

integrations: deprecated create_sample_workflows and provision_gmek fields in google_integrations_client. (#17945)

FEATURES:

New Data Source: google_storage_buckets (#17960)
New Resource: google_compute_security_policy_rule (#17937)

IMPROVEMENTS:

alloydb: added maintenance_update_policy field to google_alloydb_cluster resource (#17954)
bigquery: added external_dataset_reference field to google_bigquery_dataset (#17944)
composer: enabled in-place update for config.software_config.image_version in google_composer_environment (#17986)
container: added node_config.secondary_boot_disks field to google_container_node_pool (#17962)
integrations: added create_sample_integrations field to google_integrations_client, replacing deprecated field create_sample_workflows. (#17945)
redis: added redis_configs field to google_redis_cluster resource (#17956)

BUG FIXES:

dns: fixed bug where the deletion of google_dns_managed_zone resources was blocked by any associated SOA-type google_dns_record_set resources (#17989)
storage: fixed an issue where google_storage_bucket_object and google_storage_bucket_objects data sources would ignore custom endpoints (#17952)

`v5.27.0`

Compare Source

FEATURES:

New Data Source: google_storage_bucket_objects (#17920)
New Resource: google_compute_security_policy_rule (#17937)
New Resource: google_data_loss_prevention_discovery_config (#17887)
New Resource: google_integrations_auth_config (#17917)
New Resource: google_network_connectivity_internal_range (#17909)

IMPROVEMENTS:

alloydb: added network_config field to google_alloydb_instance resource (#17921)
alloydb: added public_ip_address field to google_alloydb_instance resource (#17921)
apigee: added forward_proxy_uri field to google_apigee_environment resource (#17902)
bigquerydatapolicy: added data_masking_policy.routine field to google_bigquery_data_policy resource (#17885)
compute: added server_tls_policy field to google_compute_region_target_https_proxy resource (#17934)
logging: added intercept_children field to google_logging_organization_sink and google_logging_folder_sink resources (#17932)
monitoring: added service_agent_authentication field to google_monitoring_uptime_check_config resource (#17929)
privateca: added subject_key_id field to google_privateca_certificate and google_privateca_certificate_authority resources (#17923)
secretmanager: added version_destroy_ttl field to google_secret_manager_secret resource (#17888)

BUG FIXES:

appengine: added suppression for a diff in google_app_engine_standard_app_version.automatic_scaling when the block is unset in configuration (#17905)
sql: fixed issues with updating the enable_google_ml_integration field in google_sql_database_instance resource (#17878)

`v5.26.0`

Compare Source

FEATURES:

New Resource: google_project_iam_member_remove (#17871)

IMPROVEMENTS:

apigee: added support for api_consumer_data_location, api_consumer_data_encryption_key_name, and control_plane_encryption_key_name in google_apigee_organization (#17874)
artifactregistry: added remote_repository_config.<facade>_repository.custom_repository.uri field to google_artifact_registry_repository resource. (#17840)
bigquery: added resource_tags field to google_bigquery_table resource (#17876)
billing: added ownership_scope field to google_billing_budget resource (#17868)
cloudfunctions2: added build_config.service_account field to google_cloudfunctions2_function resource (#17841)
resourcemanager: added the field api_method to datasource google_active_folder so you can use either SEARCH or LIST to find your folder (#17877)
storage: added labels validation to google_storage_bucket resource (#17806)

BUG FIXES:

apigee: fixed permadiff in ordering of google_apigee_organization.properties.property. (#17850)
cloudrun: fixed the bug that computed metadata.0.labels and metadata.0.annotations fields don't appear in terraform plan when creating resource google_cloud_run_service and google_cloud_run_domain_mapping (#17815)
dns: fixed bug where some methods of authentication didn't work when using dns data sources (#17847)
iam: fixed a bug that prevented setting create_ignore_already_exists on existing resources in google_service_account. (#17856)
sql: fixed issues with updating the enable_google_ml_integration field in google_sql_database_instance resource (#17878)
storage: added validation to name field in google_storage_bucket resource (#17858)
vmwareengine: fixed stretched cluster creation in google_vmwareengine_private_cloud (#17875)

`v5.25.0`

Compare Source

FEATURES:

New Data Source: google_tags_tag_keys (#17782)
New Data Source: google_tags_tag_values (#17782)

IMPROVEMENTS:

bigquery: added in-place schema column drop support for google_bigquery_table resource (#17777)
compute: added endpoint_types field to google_compute_router_nat resource (#17771)
compute: increased timeouts from 8 minutes to 20 minutes for google_compute_security_policy resource (#17793)
compute: promoted google_compute_instance_settings to GA (#17781)
container: added stateful_ha_config field to google_container_cluster resource (#17796)
firestore: added vector_config field to google_firestore_index resource (#17758)
gkebackup: added backup_schedule.rpo_config field to google_gke_backup_backup_plan resource (#17805)
networksecurity: added disabled field to google_network_security_firewall_endpoint_association resource; (#17762)
sql: added enable_google_ml_integration field to google_sql_database_instance resource (#17798)
storage: added labels validation to google_storage_bucket resource (#17806)
vmwareengine: added preferred_zone and secondary_zone fields to google_vmwareengine_private_cloud resource (#17803)

BUG FIXES:

networksecurity: fixed an issue where google_network_security_firewall_endpoint_association resources could not be created due to a bad parameter (#17762)
privateca: fixed permission issue by specifying signer certs chain when activating a sub-CA across regions for google_privateca_certificate_authority resource (#17783)

`v5.24.0`

Compare Source

IMPROVEMENTS:

container: added enable_cilium_clusterwide_network_policy field to google_container_cluster resource (#17738)
container: added node_pool_auto_config.resource_manager_tags field to google_container_cluster resource (#17715)
gkeonprem: added disable_bundled_ingress field to google_gkeonprem_vmware_cluster resource (#17718)
redis: added node_type and precise_size_gb fields to google_redis_cluster (#17742)
storage: added project_number attribute to google_storage_bucket resource and data source (#17719)
storage: added ability to provide project argument to google_storage_bucket data source. This will not impact reading the resource's data, instead this helps users avoid calls to the Compute API within the data source. (#17719)

BUG FIXES:

appengine: fixed a crash in google_app_engine_flexible_app_version due to the deployment field not being returned by the API (#17744)
bigquery: fixed a crash when google_bigquery_table had a primary_key.columns entry set to "" (#17721)
compute: fixed update scenarios ongoogle_compute_region_target_https_proxy and google_compute_target_https_proxy resources. (#17733)

`v5.23.0`

Compare Source

NOTES:

provider: introduced support for provider-defined functions. This feature is in Terraform v1.8.0+. (#17694)

DEPRECATIONS:

kms: deprecated attestation.external_protection_level_options in favor of external_protection_level_options in google_kms_crypto_key_version (#17704)

FEATURES:

New Data Source: google_apphub_application (#17679)
New Resource: google_cloud_quotas_quota_preference (#17637)
New Resource: google_vertex_ai_deployment_resource_pool (#17707)
New Resource: google_integrations_client (#17640)

IMPROVEMENTS:

bigquery: added dataGovernanceType to google_bigquery_routine resource (#17689)
bigquery: added support for external_data_configuration.json_extension to google_bigquery_table (#17663)
compute: added cloud_router_ipv6_address, customer_router_ipv6_address fields to google_compute_interconnect_attachment resource (#17692)
compute: added generated_id field to google_compute_region_backend_service resource (#17639)
integrations: added deletion support for google_integrations_client resource (#17678)
kms: added crypto_key_backend field to google_kms_crypto_key resource (#17704)
metastore: added scheduled_backup field to google_dataproc_metastore_service resource (#17673)
provider: added provider-defined function name_from_id for retrieving the short-form name of a resource from its self link or id (#17694)
provider: added provider-defined function project_from_id for retrieving the project id from a resource's self link or id (#17694)
provider: added provider-defined function region_from_zone for deriving a region from a zone's name (#17694)
provider: added provider-defined functions location_from_id, region_from_id, and zone_from_id for retrieving the location/region/zone names from a resource's self link or id (#17694)

BUG FIXES:

cloudrunv2: fixed Terraform state inconsistency when resource google_cloud_run_v2_job creation fails (#17711)
cloudrunv2: fixed Terraform state inconsistency when resource google_cloud_run_v2_service creation fails (#17711)
container: fixed google_container_cluster permadiff when master_ipv4_cidr_block is set for a private flexible cluster (#17687)
dataflow: fixed an issue where the provider would crash when enableStreamingEngine is set as a parameter value in google_dataflow_flex_template_job (#17712)
kms: added top-level external_protection_level_options field in google_kms_crypto_key_version resource (#17704)

`v5.22.0`

Compare Source

BREAKING CHANGES:

networksecurity: added required field billing_project_id to google_network_security_firewall_endpoint resource. Any configuration without billing_project_id specified will cause resource creation fail (beta) (#17630)

FEATURES:

New Data Source: google_cloud_quotas_quota_info (#17564)
New Data Source: google_cloud_quotas_quota_infos (#17617)
New Resource: google_access_context_manager_service_perimeter_dry_run_resource (#17614)

IMPROVEMENTS:

accesscontextmanager: supported managing service perimeter dry run resources outside the perimeter via new resource google_access_context_manager_service_perimeter_dry_run_resource (#17614)
cloudrunv2: added plan-time validation to restrict number of ports to 1 in google_cloud_run_v2_service (#17594)
composer: added field count to validate number of DAG processors in google_composer_environment (#17625)
compute: added enumeration value SEV_LIVE_MIGRATABLE_V2 for the guest_os_features of google_compute_disk (#17629)
compute: added status.all_instances_config.revision field to google_compute_instance_group_manager and google_compute_region_instance_group_manager (#17595)
compute: added field path_template_match to resource google_compute_region_url_map (#17571)
compute: added field path_template_rewrite to resource google_compute_region_url_map (#17571)
pubsub: added ingestion_data_source_settings field to google_pubsub_topic resource (#17604)
storage: added 'soft_delete_policy' to 'google_storage_bucket' resource (#17624)

BUG FIXES:

accesscontextmanager: fixed an issue with access_context_manager_service_perimeter_ingress_policy and access_context_manager_service_perimeter_egress_policy where updates could not be applied after initial creation. Any updates applied to these resources will now involve their recreation. To ensure that new policies are added before old ones are removed, add a lifecycle block with create_before_destroy = true to your resource configuration alongside other updates. (#17596)
firebase: made the google_firebase_android_app resource's package_name field required and immutable. This prevents API errors encountered by users who attempted to update or leave that field unset in their configurations. (#17585)
spanner: removed validation function for the field version_retention_period in the resource google_spanner_database and directly returned error from backend (#17621)

`v5.21.0`

Compare Source

FEATURES:

New Data Source: google_apphub_discovered_service (#17548)
New Data Source: google_apphub_discovered_workload (#17553)
New Data Source: google_cloud_quotas_quota_info (#17564)
New Resource: google_apphub_workload (#17561)
New Resource: google_firebase_app_check_device_check_config (#17517)
New Resource: google_iap_tunnel_dest_group (#17533)
New Resource: google_kms_ekm_connection (#17512)
New Resource: google_apphub_application (#17499)
New Resource: google_apphub_service (#17562)
New Resource: google_apphub_service_project_attachment (#17536)
New Resource: google_network_security_firewall_endpoint_association (#17540)

IMPROVEMENTS:

cloudrunv2: added support for scaling.min_instance_count in google_cloud_run_v2_service. (#17501)
compute: added metric.single_instance_assignment and metric.filter to google_compute_region_autoscaler (#17519)
container: added queued_provisioning to google_container_node_pool (#17549)
gkeonprem: allowed vcenter_network to be set in google_gkeonprem_vmware_cluster, previously it was output-only (#17505)
workstations: added support for ephemeral_directories in google_workstations_workstation_config (#17515)

BUG FIXES:

compute: allowed sending empty values for SERVERLESS in google_compute_region_network_endpoint_group resource (#17500)
notebooks: fixed an issue where default tags would cause a diff recreating google_notebooks_instance resources (#17559)
storage: fixed an issue where two or more lifecycle rules with different values of no_age field always generates change in google_storage_bucket resource. (#17513)

`v5.20.0`

Compare Source

FEATURES:

New Resource: google_clouddeploy_custom_target_type_iam_* (#17445)

IMPROVEMENTS:

certificatemanager: added type field to google_certificate_manager_dns_authorization resource (#17459)
compute: added the network_url attribute to the consumer_accept_list-block of the google_compute_service_attachment resource (#17492)
gkehub: added support for policycontroller.policy_controller_hub_config.policy_content.bundles and policycontroller.policy_controller_hub_config.deployment_configs fields to google_gke_hub_feature_membership (#17483)

BUG FIXES:

artifactregistry: fixed permadiff when google_artifact_repository.docker_config field is unset (#17484)
bigquery: corrected plan-time validation on google_bigquery_dataset.dataset_id (#17449)
kms: fixed issue where google_kms_crypto_key_version.attestation.cert_chains properties were incorrectly set to type string (#17486)

`v5.19.0`

Compare Source

FEATURES:

New Resource: google_clouddeploy_automation(#17427)
New Resource: google_clouddeploy_target_iam_* (#17368)

IMPROVEMENTS:

bigquery: added remote_function_options field to google_bigquery_routine resource (#17382)
certificatemanager: added location field to google_certificate_manager_dns_authorization resource (#17358)
composer: added validations for composer 2/3 only fields in google_composer_environment (#17361)
compute: added certificate_manager_certificates field to google_compute_region_target_https_proxy resource (#17365)
compute: promoted all_instances_config field in resources google_compute_instance_group_manager and google_compute_region_instance_group_manager to GA (#17414)
container: promoted enable_confidential_storage from node_config in google_container_cluster and google_container_node_pool to GA (#17367)
gkehub2: added namespace_labels field to google_gke_hub_scope resource (#17421)

BUG FIXES:

resourcemanager: added a retry to deleting the default network when auto_create_network is false in google_project (#17419)

`v5.18.0`

Compare Source

BREAKING CHANGES:

securityposture: marked policy_sets and policy_sets.policies required in google_securityposture_posture. API validation already enforced this, so no resources could be provisioned without these (#17303)

FEATURES:

New Data Source: google_compute_forwarding_rules (#17342)
New Resource: google_firebase_app_check_app_attest_config (#17279)
New Resource: google_firebase_app_check_play_integrity_config (#17279)
New Resource: google_firebase_app_check_recaptcha_enterprise_config (#17327)
New Resource: google_firebase_app_check_recaptcha_v3_config (#17327)
New Resource: google_migration_center_preference_set (#17291)
New Resource: google_netapp_volume_replication (#17348)

IMPROVEMENTS:

cloudfunctions: added output-only version_id field on google_cloudfunctions_function (#17273)
composer: supported patch versions of airflow on google_composer_environment (#17345)
compute: supported updating network_interface.stack_type field on google_compute_instance resource. (#17295)
container: added node_config.resource_manager_tags field to google_container_cluster resource (#17346)
container: added node_config.resource_manager_tags field to google_container_node_pool resource (#17346)
container: added output-only fields membership_id and membership_location under fleet in google_container_cluster resource (#17305)
looker: added custom_domain field to google_looker_instance resource (#17301)
netapp: added field restore_parameters and output-only fields state, state_details and create_time to google_netapp_volume resource (#17293)
workbench: added container_image field to google_workbench_instance resource (#17326)
workbench: added shielded_instance_config field to google_workbench_instance resource (#17306)

BUG FIXES:

bigquery: allowed users to set permissions for principal/principalSets (iamMember) in google_bigquery_dataset_iam_member. (#17292)
cloudfunctions2: fixed an issue where not specifying event_config.trigger_region in google_cloudfunctions2_function resulted in a permanent diff. The field now pulls a default value from the API when unset. (#17328)
compute: fixed issue where changes only in stateful_(internal|external)_ip would not trigger an update for google_compute_(region_)instance_group_manager (#17297)
compute: fixed perma-diff on min_ports_per_vm in google_compute_router_nat when the field is unset by making the field default to the API-set value (#17337)
dataflow: fixed crash in google_dataflox_job to return an error instead if a job's Environment field is nil when reading job information (#17344)
notebooks: changed tag field to default to the API's value if not specified in google_notebooks_instance (#17323)

`v5.17.0`

Compare Source

NOTES:

cloudbuildv2: changed underlying actuation engine for google_cloudbuildv2_connection, there should be no user-facing impact (#17222)

DEPRECATIONS:

container: deprecated support for relay_mode field in google_container_cluster.monitoring_config.advanced_datapath_observability_config in favor of enable_relay field, relay_mode field will be removed in a future major release (#17262)

FEATURES:

New Resource: google_firebase_app_check_debug_token (#17242)
New Resource: google_clouddeploy_custom_target_type (#17254)

IMPROVEMENTS:

cloudasset: allowed overriding the billing project for the google_cloud_asset_resources_search_all datasource
clouddeploy: added support for canary_revision_tags, prior_revision_tags, stable_revision_tags, and stable_cutback_duration to google_clouddeploy_delivery_pipeline
cloudfunctions: expose version_id on google_cloudfunctions_function (#17273)
compute: promoted user_ip_request_headers field on google_compute_security_policy resource to GA (#17271)
container: added support for enable_relay field to google_container_cluster.monitoring_config.advanced_datapath_observability_config (#17262)
eventarc: added support for http_endpoint.uri and network_config.network_attachment to google_eventarc_trigger (#17237)
healthcare: added reject_duplicate_message field to google_healthcare_hl7_v2_store resource (#17267)
identityplatform: added client, permissions, monitoring and mfa fields to google_identity_platform_config (#17225)
notebooks: added desired_state field to google_notebooks_instance (#17268)
vertexai: added feature_registry_source field to google_vertex_ai_feature_online_store_featureview resource (#17264)
workbench: added desired_state field to google_workbench_instance resource (#17270)

BUG FIXES:

compute: made resource_manager_tags updatable on google_compute_instance_template and google_compute_region_instance_template (#17256)
notebooks: prevented recreation of google_notebooks_instance when kms_key or service_account_scopes are changed server-side (#17232)

`v5.16.0`

Compare Source

FEATURES:

New Resource: google_clouddeploy_delivery_pipeline_iam_* (#17180)
New Resource: google_compute_instance_group_membership (#17188)
New Resource: google_discovery_engine_search_engine (#17146)
New Resource: google_firebase_app_check_service_config (#17155)

IMPROVEMENTS:

bigquery: promoted table_replication_info field on resource_bigquery_table resource to GA (#17181)
networksecurity: removed unused custom code from google_network_security_address_group (#17183)
provider: added an optional provider level label goog-terraform-provisioned to identify resources that were created by Terraform when viewing/editing these resources in other tools. (#17170)

`v5.15.0`

Compare Source

FEATURES:

New Data Source: google_compute_machine_types (#17107)
New Resource: google_blockchain_nodes (#17096)
New Resource: google_compute_region_network_endpoint (#17137)
New Resource: google_discovery_engine_chat_engine (#17145)
New Resource: google_discovery_engine_search_engine (#17146)
New Resource: google_netapp_volume_snapshot (#17138)

IMPROVEMENTS:

compute: added INTERNET_IP_PORT and INTERNET_FQDN_PORT options for the google_compute_region_network_endpoint_group resource. (#17137)
compute: added creation_timestamp to google_compute_instance_group_manager and google_compute_region_instance_group_manager. (#17110)
compute: added disk_id attribute to google_compute_disk resource (#17112)
compute: added stack_type attribute for google_compute_interconnect_attachment resource. (#17139)
compute: updated the google_compute_security_policy resource's json_parsing field to accept the value STANDARD_WITH_GRAPHQL (#17097)
memcache: added reserved_ip_range_id field to google_memcache_instance resource (#17101)
netapp: added deletion_policy field to google_netapp_volume resource (#17111)

BUG FIXES:

alloydb: fixed an issue where database_flags in secondary google_alloydb_instance resources would cause a diff, as they are copied from the primary (#17128)
filestore: made google_filestore_instance.source_backup field configurable (#17099)
vmwareengine: fixed a bug to prevent recreation of existing google_vmwareengine_private_cloud resources when upgrading provider version from <5.10.0 (#17135

`v5.14.0`

Compare Source

FEATURES:

New Resource: google_discovery_engine_data_store (#17084)
New Resource: google_securityposture_posture_deployment (#17085)
New Resource: google_securityposture_posture (#17079)

IMPROVEMENTS:

artifactregistry: promoted cleanup_policies and cleanup_policy_dry_run fields to GA for google_artifactregistry_repository resource (#17074)
composer: added data_retention_config field to google_composer_environment resource (#17050)
logging: updated the google_logging_project_bucket_config resource to be created using the asynchronous create method (#17067)
pubsub: added use_table_schema field to google_pubsub_subscription resource (#17054)
workflows: added call_log_level field to google_workflows_workflow resource (#17051)

BUG FIXES:

cloudfunctions2: fixed permadiff when build_config.docker_repository field is not specified on google_cloudfunctions2_function resource (#17072)
compute: fixed error when iap field is unset for google_compute_region_backend_service resource (#17071)
eventarc: fixed error when setting destination.cloud_function field on google_eventarc_trigger resource by making it output-only (#17052)

`v5.13.0`

Compare Source

NOTES:

cloudbuildv2: changed underlying actuation engine for google_cloudbuildv2_repository, there should be no user-facing impact (#16969)
provider: added support for in-place update for labels and terraform_labels fields in immutable resources (#17016)

FEATURES:

New Resource: google_netapp_backup_policy (#16962)
New Resource: google_netapp_volume (#16990)
New Resource: google_network_security_address_group_iam_* (#17013)
New Resource: google_vertex_ai_feature_group_feature (#17015)

IMPROVEMENTS:

alloydb: allowed database_version as an input on google_alloydb_cluster resource (#16967)
bigquery: added spark_options field to google_bigquery_routine resource (#17028)
cloudrunv2: added nfs and gcs fields to google_cloud_run_v2_service.template.volumes (#16972)
cloudrunv2: added tcp_socket field to google_cloud_run_v2.template.containers.liveness_probe (#16972)
compute: added enable_confidential_compute field to google_compute_instance.boot_disk.initialize_params (#16968)
compute: added enable_confidential_compute field to google_compute_disk resource (#16968)
gkehub2: added clusterupgrade field to google_gke_hub_feature resource (#16951)
notebooks: allowed machine_type and accelerator_config to be updatable on google_notebooks_runtime resource (#16993)

BUG FIXES:

compute: fixed the bug that max_ttl is sent in API calls even it is removed from configuration when changing cache_mode to FORCE_CACHE_ALL in google_compute_backend_bucket resource (#16976)
networkservices: fixed a perma-diff on addresses field in google_network_services_gateway resource (#17035)
provider: fixed universe_domain behavior to correctly throw an error when explicitly configured universe_domain values did not match credentials assumed to be in the default universe (#17014)
spanner: fixed error when adding autoscaling_config to an existing google_spanner_instance resource (#17033)

`v5.12.0`

Compare Source

FEATURES:

New Data Source: google_dns_managed_zones (#16949)
New Data Source: google_filestore_instance (#16931)
New Data Source: google_vmwareengine_external_access_rule (#16912)
New Resource: google_clouddomains_registration (#16947)
New Resource: google_netapp_kmsconfig (#16945)
New Resource: google_vertex_ai_feature_online_store_featureview (#16930)
New Resource: google_vmwareengine_external_access_rule (#16912)

IMPROVEMENTS:

compute: added md5_authentication_key field to google_compute_router_peer resource (#16923)
compute: added in-place update support to params.resource_manager_tags field in google_compute_instance resource (#16942)
compute: added in-place update support to description field in google_compute_instance resource (#16900)
gkehub: added policycontroller field to google_gke_hub_feature_membership resource (#16916)
gkehub2: added clusterupgrade field to google_gke_hub_feature resource (#16951)
gkeonprem: added in-place update support to vsphere_config field and added host_groups field in google_gkeonprem_vmware_node_pool resource (#16896)
iam: added create_ignore_already_exists field to google_service_account resource. If ignore_create_already_exists is set to true, resource creation would succeed when response error is 409 ALREADY_EXISTS. (#16927)
servicenetworking: added field deletion_policy to google_service_networking_connection (#16944)
sql: set replica_configuration, ca_cert, and server_ca_cert fields to be sensitive in google_sql_instance and google_sql_ssl_cert resources (#16932)

BUG FIXES:

bigquery: fixed perma-diff of encryption_configuration when API returns an empty object on google_bigquery_table resource (#16926)
compute: fixed an issue where the provider would wait_for_instances if set before deleting on google_compute_instance_group_manager and google_compute_region_instance_group_manager resources (#16943)
compute: fixed perma-diff that reordered stateful_external_ip and stateful_internal_ip blocks on google_compute_instance_group_manager and google_compute_region_instance_group_manager resources (#16910)
datapipeline: fixed perma-diff of scheduler_service_account_email when it's not explicitly specified in google_data_pipeline_pipeline resource (#16917)
edgecontainer: fixed resource import on google_edgecontainer_vpn_connection resource (#16948)
servicemanagement: fixed an issue where an inconsistent plan would be created when certain fields such as openapi_config, grpc_config, and protoc_output_base64, had computed values in google_endpoints_service resource (#16946)
storage: fixed an issue where retry timeout wasn't being utilized when creating google_storage_bucket resource (#16902)

`v5.11.0`

Compare Source

NOTES:

compute: changed underlying actuation engine for google_network_firewall_policy and google_region_network_firewall_policy, there should be no user-facing impact (#16837)

DEPRECATIONS:

gkehub2: deprecated field configmanagement.config_sync.oci.version in google_gke_hub_feature resource (#16818)

FEATURES:

New Data Source: google_compute_reservation (#16860)
New Resource: google_integration_connectors_endpoint_attachment (#16822)
New Resource: google_logging_folder_settings (#16800)
New Resource: google_logging_organization_settings (#16800)
New Resource: google_netapp_active_directory (#16844)
New Resource: google_vertex_ai_feature_online_store (#16840)
New Resource: google_vertex_ai_feature_group (#16842)
New Resource: google_netapp_backup_vault (#16876)

IMPROVEMENTS:

bigqueryanalyticshub: added restricted_export_config field to google_bigquery_analytics_hub_listing resource (#16850)
composer: added support for composer_internal_ipv4_cidr_block field to google_composer_environment (#16815)
compute: added provisioned_iopsand provisioned_throughput fields under boot_disk.initialize_params to google_compute_instance resource (#16871)
compute: added resource_manager_tags and disk.resource_manager_tags for google_compute_instance_template (#16889)
compute: added resource_manager_tags and disk.resource_manager_tags for google_compute_region_instance_template (#16889)
dataproc: added auxiliary_node_groups field to google_dataproc_cluster resource (#16798)
edgecontainer: increased default timeout on google_edgecontainer_cluster, google_edgecontainer_node_pool to 480m from 60m (#16886)
gkehub2: added field version under configmanagement in google_gke_hub_feature resource (#16818)
kms: added output-only field primary to google_kms_crypto_key (#16845)
metastore: added endpoint_protocol, metadata_integration, and auxiliary_versions to google_dataproc_metastore_service (#16823)
sql: added support for IAM GROUP authentication in the type field of google_sql_user (#16853)
storagetransfer: made name field settable on google_storage_transfer_job (#16838)

BUG FIXES:

container: added check that node_version and min_master_version are the same on create of google_container_cluster, when running terraform plan (#16817)
container: fixed a bug where disabling PDCSI addon gce_persistent_disk_csi_driver_config during creation will result in permadiff in google_container_cluster resource (#16794)
container: fixed an issue in which migrating from the deprecated Binauthz enablement bool to the new evaluation mode enum inadvertently caused two cluster update events, instead of none. (#16851)
containerattached: fixed crash when updating a cluster to remove admin_users or admin_groups in google_container_attached_cluster (#16852)
dialogflowcx: fixed a permadiff in the git_integration_settings field of google_diagflow_cx_agent (#16803)
monitoring: fixed the index out of range crash in dashboard_json for the resource google_monitoring_dashboard (#16792)

`v5.10.0`

Compare Source

FEATURES:

New Data Source: google_compute_region_disk (#16732)
New Data Source: google_vmwareengine_external_address (#16698)
New Data Source: google_vmwareengine_subnet (#16700)
New Data Source: google_vmwareengine_vcenter_credentials (#16709)
New Resource: google_vmwareengine_cluster (#16757)
New Resource: google_vmwareengine_external_address (#16698)
New Resource: google_vmwareengine_subnet (#16700)
New Resource: google_workbench_instance (#16773)
New Resource: google_workbench_instance_iam_* (#16773)

IMPROVEMENTS:

compute: added numeric_id field to google_compute_network resource (#16712)
compute: added remove_instance_on_destroy option to google_compute_per_instance_config resource (#16729)
compute: added remove_instance_on_destroy option to google_compute_region_per_instance_config resource (#16729)
container: added network_performance_config field to google_container_node_pool resource to support GKE tier 1 networking (#16688)
container: added support for in-place update for machine_type/disk_type/disk_size_gb in google_container_node_pool resource (#16724)
containerazure: added config.labels to google_container_azure_node_pool (#16754)
dataform: added display_name, labels and npmrc_environment_variables_secret_version fields to google_dataform_repository resource (#16733)
monitoring: added severity field to google_monitoring_alert_policy resource (#16775)
notebooks: added support for labels to google_notebooks_runtime (#16783)
recaptchaenterprise: added waf_settings to google_recaptcha_enterprise_key (#16754)
securesourcemanager: added host_config, state_note, kms_key, and private_config fields to google_secure_source_manager_instance resource (#16731)
spanner: added autoscaling_config.max_nodes and autoscaling_config.min_nodes to google_spanner_instance (#16786)
storage: added rpo field to google_storage_bucket resource (#16756)
vmwareengine: added type field to google_vmwareengine_private_cloud resource (#16781)
workloadidentity: added saml block to google_iam_workload_identity_pool_provider resource (#16710)

BUG FIXES:

logging: fixed an issue where value change of unique_writer_identity on google_logging_project_sink does not trigger diff on dependent's usages of writer_identity (#16776)

`v5.9.0`

Compare Source

FEATURES:

New Data Source: google_logging_folder_settings (#16658)
New Data Source: google_logging_organization_settings (#16658)
New Data Source: google_logging_project_settings (#16658)
New Data Source: google_vmwareengine_network_policy (#16639)
New Data Source: google_vmwareengine_nsx_credentials (#16669)
New Resource: google_scc_event_threat_detection_custom_module (#16649)
New Resource: google_secure_source_manager_instance (#16637)
New Resource: google_vmwareengine_network_policy (#16639)

IMPROVEMENTS:

bigqueryconnection: added spark support to google_bigquery_connection resource (#16677)
cloudidentity: added expiry_detail field to google_cloud_identity_group_membership resource (#16643)
container: added autoscaling_profile field in the cluster_autoscaling block in google_container_cluster resource (#16653)
gkehub: added default_cluster_config field to google_gke_hub_fleet resource (#16630)
gkehub: added binary_authorization_config field to google_gke_hub_fleet resource (#16674)
sql: added support for in-place updates to the edition field in google_sql_database_instance resource (#16629)

BUG FIXES:

artifactregistry: fixed permadiff due to unsorted virtual_repository_config array in google_artifact_registry_repository (#16646)
container: made dns_config field updatable on google_container_cluster resource (#16652)
dlp: added conflicting field validation in the storage_config.timespan_config block in data_loss_prevention_job_trigger resource (#16628)
dlp: updated the storage_config.timespan_config.timestamp_field field in data_loss_prevention_job_trigger to be optional (#16628)
firestore: added retries during creation of google_firestore_index resources to address retryable 409 code API errors ("Please retry, underlying data changed", and "Aborted due to cross-transaction contention") (#16618, #16670)
storage: fixed unexpected lifecycle_rule conditions being added for google_storage_bucket (#16683)

`v5.8.0`

Compare Source

FEATURES:

New Data Source: google_vmwareengine_network_peering (#16616)
New Resource: google_migration_center_group (#16549)
New Resource: google_netapp_storage_pool (#16573)
New Resource: google_vmwareengine_network (ga) (#16583)
New Resource: google_vmwareengine_network_peering (#16616)

IMPROVEMENTS:

artifactregistry: added remote_repository_config.upstream_credentials field to google_artifact_registry_repository resource (#16562)
cloudbuild: added fields build.artifacts.maven_artifacts, build.artifacts.npm_packages , and build.artifacts.python_packages to resource google_cloudbuild_trigger (#16543)
cloudrunv2: promoted field depends_on in google_cloud_run_v2_service to GA (#16577)
composer: added database_config.zone field in google_composer_environment (#16551)
compute: added field service_directory_registrations to resource google_compute_global_forwarding_rule (#16581)
firestore: added virtual field deletion_policy to google_firestore_database (#16576)
firestore: enabled database deletion upon destroy for google_firestore_database (#16576)
gkehub2: added policycontroller field to fleet_default_member_config in google_gke_hub_feature (#16542)
iam: added allowed_services, disable_programmatic_signin fields to google_iam_workforce_pool resource (#16580)
vmwareengine: added STANDARD type support to google_vmwareengine_network resource (#16583)
vmwareengine: promoted google_vmwareengine_private_cloud resource to GA (#16613)

BUG FIXES:

compute: fixed a permadiff caused by issues with ipv6 diff suppression in google_compute_forwarding_rule and google_compute_global_forwarding_rule (#16550)
firestore: fixed an issue where google_firestore_database could be deleted when delete_protection_state was DELETE_PROTECTION_ENABLED (#16576)
firestore: made resource creation retry for 409 errors with the text "Aborted due to cross-transaction contention" in google_firestore_index (#16618)

`v5.7.0`

Compare Source

DEPRECATIONS:

gkehub: deprecated config_management.binauthz in google_gke_hub_feature_membership (#16536)

IMPROVEMENTS:

bigtable: added standard_isolation and standard_isolation.priority fields to google_bigtable_app_profile resource (#16485)
cloudrunv2: promoted custom_audiences field to GA on google_cloud_run_v2_service resource (#16510)
compute: promoted labels field to GA on google_compute_vpn_tunnel resource (#16508)
containerattached: added proxy_config field to google_container_attached_cluster resource (#16524)
gkehub: added membership_location field to google_gke_hub_feature_membership resource (#16536)
logging: made the change to aqcuire and update the google_logging_project_sink resource that already exists at the desired location. These logging buckets cannot be removed so deleting this resource will remove the bucket config from your terraform state but will leave the logging bucket unchanged. (#16513)
memcache: added MEMCACHE_1_6_15 as a possible value for memcache_version in google_memcache_instance resource (#16531)
monitoring: added error message to delete Alert Policies first on 400 response when deleting google_monitoring_uptime_check_config resource (#16535)
spanner: added autoscaling_config field to google_spanner_instance resource (#16473)
workflows: promoted user_env_vars field to GA on google_workflows_workflow resource (#16477)

BUG FIXES:

compute: changed external_ipv6_prefix field to not be output only in google_compute_subnetwork resource (#16480)
compute: fixed issue where google_compute_attached_disk would produce an error for certain zone configs (#16484)
edgecontainer: fixed update method of google_edgecontainer_cluster resource (#16490)
provider: fixed an issue where universe domains would not overwrite API endpoints (#16521)
resourcemanager: made data_source_google_project_service no longer return an error when the service is not enabled (#16525)
sql: ssl_mode field is not stored in terraform state if it has never been used in google_sql_database_instance resource (#16486)

NOTES:

dataproc: backfilled terraform_labels field for resource google_dataproc_workflow_template, so resource recreation won't happen during provider upgrade from 4.x to 5.7 (#16517)
- provider: backfilled terraform_labels field for some immutable resources, so resource recreation won't happen during provider upgrade from 4.X to 5.7 (#16518)

`v5.6.0`

Compare Source

FEATURES:

New Resource: google_integration_connectors_connection (#16468)

IMPROVEMENTS:

assuredworkloads: added enable_sovereign_controls, partner, partner_permissions, violation_notifications_enabled, and several other output-only fields to google_assured_workloads_workloads (#16433)
composer: added storage_config to google_composer_environment (#16455)
container: added fleet field to google_container_cluster resource (#16466)
containeraws: added admin_groups to google_container_aws_cluster (#16433)
containerazure: added admin_groups to google_container_azure_cluster (#16433)
dataproc: added support for instance_flexibility_policy in google_dataproc_cluster (#16417)
dialogflowcx: added is_default_start_flow field to google_dialogflow_cx_flow resource to allow management of default flow resources via Terraform (#16441)
dialogflowcx: added is_default_welcome_intent and is_default_negative_intent fields to google_dialogflow_cx_intent resource to allow management of default intent resources via Terraform (#16441)
gkehub: added fleet_default_member_config field to google_gke_hub_feature resource (#16457)
gkehub: added metrics_gcp_service_account_email to google_gke_hub_feature_membership (#16433)
logging: added index_configs field to logging_bucket_config resource (#16437)
logging: added index_configs field to logging_project_bucket_config resource (#16437)
monitoring: added pings_count, user_labels, and custom_content_type fields to google_monitoring_uptime_check_config resource (#16420)
spanner: added autoscaling_config field to google_spanner_instance (#16473)
sql: added ssl_mode field to google_sql_database_instance resource (#16394)
vertexai: added private_service_connect_config to google_vertex_ai_index_endpoint (#16471)
workstations: added domain_config field to resource google_workstations_workstation_cluster (beta) (#16464)

BUG FIXES:

assuredworkloads: made the violation_notifications_enabled field on the google_assured_workloads_workload resource default to values returned from the API when unset in a users configuration (#16465)
provider: made terraform_labels immutable in immutable resources to not block the upgrade. This will create a Terraform plan that recreates the resource on 4.X -> 5.6.0 upgrade for affected resources. A mitigation to backfill the values during the upgrade is planned, and will release resource-by-resource. (#16469)

`v5.5.0`

Compare Source

FEATURES:

New Data Source: google_bigquery_dataset (#16368)

IMPROVEMENTS:

alloydb: added SECONDARY as an option for instance_type field in google_alloydb_instance resource, to support creation of secondary instance inside a secondary cluster. (#16398)
alloydb: added deletion_policy field to google_alloydb_cluster resource, to allow force-destroying instances along with their cluster. This is necessary to delete secondary instances, which cannot be deleted otherwise. (#16398)
alloydb: added support to promote google_alloydb_cluster resources from secondary to primary (#16413)
alloydb: increased default timeout on google_alloydb_instance to 120m from 40m (#16398)
dataproc: added instance_flexibility_policy field ro google_dataproc_cluster resource (#16417)
monitoring: added subject field to google_monitoring_alert_policy resource (#16414)
storage: added enable_object_retention field to google_storage_bucket resource (#16412)
storage: added retention field to google_storage_bucket_object resource (#16412)

BUG FIXES:

firestore: fixed an issue with creation of multiple google_firestore_field resources (#16372)

`v5.4.0`

Compare Source

DEPRECATIONS:

bigquery: deprecated cloud_spanner.use_serverless_analytics on google_bigquery_connection. Use cloud_spanner.use_data_boost instead. (#16310)

NOTES:

provider: added universe_domain attribute as a provider attribute (#16323)

BREAKING CHANGES:

cloudrunv2: marked location field as required in resource google_cloud_run_v2_job. Any configuration without location specified will cause resource creation fail (#16311)
cloudrunv2: marked location field as required in resource google_cloud_run_v2_service. Any configuration without location specified will cause resource creation fail (#16311)

FEATURES:

New Data Source: google_cloud_identity_group_lookup (#16296)
New Resource: google_network_connectivity_policy_based_route (#16326)
New Resource: google_pubsub_schema_iam_* (#16301)

IMPROVEMENTS:

accesscontextmanager: added support for specifying vpc_network_sources to google_access_context_manager_access_levels, google_access_context_manager_access_level, and google_access_context_manager_access_level_condition (#16327)
apigee: added support for type in google_apigee_environment (#16349)
bigquery: added cloud_spanner.database_role, cloud_spanner.use_data_boost, and cloud_spanner.max_parallelism fields to google_bigquery_connection (#16310)
bigquery: added support for iam_member to google_bigquery_dataset.access (#16322)
container: promoted field identity_service_config in google_container_cluster to GA (#16305)
container: added update support for google_container_node_pool.node_config.taint (#16306)
containerattached: added admin_groups field to google_container_attached_cluster resource (#16307)
dialogflowcx: added advanced_settings field to google_dialogflow_cx_flow resource (#16315)
dialogflowcx: added advanced_settings fields to google_dialogflow_cx_page resource (#16315)
dialogflowcx: added advanced_settings, text_to_speech_settings, git_integration_settings fields to google_dialogflow_cx_agent resource (#16315)

BUG FIXES:

bigquery: fixed a bug when updating a google_bigquery_dataset that contained an iamMember access rule added out of band with Terraform (#16322)
bigqueryreservation: fixed bug of incorrect resource recreation when capacity_commitment_id is unspecified in resource google_bigquery_capacity_commitment (#16320)
cloudrunv2: made annotations field on the google_cloud_run_v2_job data source include all annotations present on the resource in GCP (#16300)
cloudrunv2: made annotations field on the google_cloud_run_v2_service data source include all annotations present on the resource in GCP (#16300)
cloudrunv2: made labels and terraform labels fields on the google_cloud_run_v2_job data source include all annotations present on the resource in GCP (#16300)
cloudrunv2: made labels and terraform labels fields on the google_cloud_run_v2_service data source include all annotations present on the resource in GCP (#16300)
edgecontainer: fixed an issue where the update endpoint for google_edgecontainer_cluster was incorrect. (#16347)
redis: allow replica_count to be set to zero in the google_redis_cluster resource (#16302)

`v5.3.0`

Compare Source

DEPRECATIONS:

bigquery: deprecated time_partitioning.require_partition_filter in favor of new top level field require_partition_filter in resource google_bigquery_table (#16238)

FEATURES:

New Data Source: google_cloud_run_v2_job (#16260)
New Data Source: google_cloud_run_v2_service (#16290)
New Data Source: google_compute_networks (#16240)
New Resource: google_org_policy_custom_constraint (#16220)

IMPROVEMENTS:

cloudidentity: added additional_group_keys attribute to google_cloud_identity_group resource (#16250)
composer: promoted config.0.workloads_config.0.triggerer to GA in resource google_composer_environment (#16218)
compute: added internal_ipv6_range to google_compute_network data source and internal_ipv6_prefix field to google_compute_subnetwork data source (#16267)
container: added support for security_posture_config.vulnerability_mode value VULNERABILITY_ENTERPRISEin google_container_cluster (#16283)
dataform: added ssh_authentication_config and service_account to google_dataform_repository resource (#16205)
dataproc: added min_num_instances field to google_dataproc_cluster resource (#16249)
gkeonprem: promoted google_gkeonprem_bare_metal_admin_cluster, google_gkeonprem_bare_metal_cluster, and google_gkeonprem_bare_metal_node_pool resources to GA (#16237)
gkeonprem: promoted google_gkeonprem_vmware_cluster and google_gkeonprem_vmware_node_pool resources to GA (#16237)
logging: added custom_writer_identity field to google_logging_project_sink (#16216)
secretmanager: made ttl field mutable in google_secret_manager_secret (#16285)
storage: added terminal_storage_class to the autoclass field in google_storage_bucket resource (#16282)

BUG FIXES:

bigquerydatatransfer: fixed an error when updating google_bigquery_data_transfer_config related to incorrect update masks (#16269)
compute: fixed an error during the deletion when post was set to 0 on google_compute_global_network_endpoint (#16286)
compute: fixed an issue with TTLs being sent for google_compute_backend_service when cache_mode is set to USE_ORIGIN_HEADERS (#16245)
container: fixed an issue where empty autoscaling block would crash the provider for google_container_node_pool (#16212)
dataflow: fixed a bug where resource updates returns an error if only labels has changes for batch google_dataflow_job and google_dataflow_flex_template_job (#16248)
dialogflowcx: fixed updating google_dialogflow_cx_version; updates will no longer time out. (#16214)
sql: fixed a bug where adding the edition field to a google_sql_database_instance resource that already existed and used ENTERPRISE edition resulted in a permant diff in plans (#16215)
sql: removed host validation to support IP address and DNS address in host in google_sql_source_representation_instance resource (#16235)

`v5.2.0`

Compare Source

FEATURES:

New Data Source: google_secret_manager_secrets (#16182)
New Resource: google_alloydb_user (#16141)
New Resource: google_firestore_backup_schedule (#16186)
New Resource: google_redis_cluster (#16203)

IMPROVEMENTS:

alloydb: added cluster_type and secondary_config fields to support secondary clusters in google_alloydb_cluster resource. (#16197)
compute: added recreate_closed_psc flag to support recreating the PSC Consumer forwarding rule if the psc_connection_status is closed on google_compute_forwarding_rule. (#16188)
compute: added INTERNET_IP_PORT, INTERNET_FQDN_PORT, SERVERLESS, and PRIVATE_SERVICE_CONNECT as acceptable values for the network_endpoint_type field for the resource_compute_network_endpoint_group resource (#16194)
compute: added SEV_LIVE_MIGRATABLE_V2 to guest_os_features enum on google_compute_image resource. (#16187)
compute: added allow_subnet_cidr_routes_overlap field to google_compute_subnetwork resource (#16116)
compute: promoted labels, effective_labels, terraform_labels, and label_fingerprint fields in google_compute_address to GA (#16120)
compute: promoted internal_ip and external_ip fields in resources google_compute_instance_group_manager and google_compute_region_instance_group_manager to GA (#16140)
compute: promoted internal_ip and external_ip fields in resources google_compute_per_instance_config and google_compute_region_per_instance_config to GA (#16140)
iamworkforcepool: promoted field oidc.jwks_json in resource google_iam_workforce_pool to GA (#16199)

BUG FIXES:

alloydb: added client_connection_config field to google_alloydb_instance resource (#16202)
bigquery: removed mutual exclusivity checks for view, materialized_view, and schema for the google_bigquery_table resource (#16193)
compute: added certificate_manager_certificates field to google_compute_target_https_proxy resource (#16179)
compute: fixed an issue where external google_compute_global_address can't be created when network_tier in google_compute_project_default_network_tier is set to STANDARD (#16144)
compute: fixed a false permadiff on ip_address when it is set to ipv6 on google_compute_forwarding_rule (#16115)
provider: fixed a bug where an update request was sent to services when updateMask is empty (#16111)

`v5.1.0`

Compare Source

FEATURES:

New Resource: google_database_migration_service_private_connection (#16104)
New Resource: google_edgecontainer_cluster (#16055)
New Resource: google_edgecontainer_node_pool (#16055)
New Resource: google_edgecontainer_vpn_connection (#16055)
New Resource: google_firebase_hosting_custom_domain (#16062)
New Resource: google_gke_hub_fleet (#16072)

IMPROVEMENTS:

compute: added device_name field to scratch_disk block of google_compute_instance resource (#16049)
container: added node_config.linux_node_config.cgroup_mode field to google_container_node_pool (#16103)
databasemigrationservice: added support for oracle profiles to google_database_migration_service_connection_profile (#16087)
firestore: added api_scope field to google_firestore_index resource (#16085)
gkehub: added location field to google_gke_hub_membership_iam_* resources (#16105)
gkehub: added location field to google_gke_hub_membership resource (#16105)
gkeonprem: added update-in-place support for vcenter fields in google_gkeonprem_vmware_cluster (#16073)
identityplatform: added sms_region_config to the resource google_identity_platform_config (#16044)

BUG FIXES:

dns: fixed record set configuration parsing in google_dns_record_set (#16042)
provider: fixed an issue where the plugin-framework implementation of the provider handled default region values that were self-links differently to the SDK implementation. This issue is not believed to have affected users because of downstream functions that turn self links into region names. (#16100)
provider: fixed a bug that caused update requests to be sent for resources with a terraform_labels field even if no fields were updated (#16111)

`v5.0.0`

Compare Source

KNOWN ISSUES:

Updating some resources post-upgrade results in an error like "The update_mask in the Update{{Resource}}Request must be set". This should be resolved in 5.1.0, see #16091 for details.

Terraform Google Provider 5.0.0 Upgrade Guide

NOTES:

provider: some provider default values are now shown at plan-time (#15707)

LABELS REWORK:

provider: default labels configured on the provider through the new default_labels field are now supported. The default labels configured on the provider will be applied to all of the resources with standard labels field.
provider: resources with labels - three label-related fields are now in all of the resources with standard labels field. labels field is non-authoritative and only manages the labels defined by the users on the resource through Terraform. The new output-only terraform_labels field merges the labels defined by the users on the resource through Terraform and the default labels configured on the provider. The new output-only effective_labels field lists all of labels present on the resource in GCP, including the labels configured through Terraform, the system, and other clients.
provider: resources with annotations - two annotation-related fields are now in all of the resources with standard annotations field. The annotations field is non-authoritative and only manages the annotations defined by the users on the resource through Terraform. The new output-only effective_annotations field lists all of annotations present on the resource in GCP, including the annotations configured through Terraform, the system, and other clients.
provider: datasources with labels - three fields labels, terraform_labels, and effective_labels are now present in most resource-based datasources. All three fields have all of labels present on the resource in GCP including the labels configured through Terraform, the system, and other clients, equivalent to effective_labels on the resource.
provider: datasources with annotations - both annotations and effective_annotations are now present in most resource-based datasources. Both fields have all of annotations present on the resource in GCP including the annotations configured through Terraform, the system, and other clients, equivalent to effective_annotations on the resource.

BREAKING CHANGES:

provider: added provider-level validation so these fields are not set as empty strings in a user's config: credentials, access_token, impersonate_service_account, project, billing_project, region, zone (#15968)
provider: fixed many import functions throughout the provider that matched a subset of the provided input when possible. Now, the GCP resource id supplied to "terraform import" must match exactly. (#15977)
provider: made data sources return errors on 404s when applicable instead of silently failing (#15799)
provider: made empty strings in the provider configuration block no longer be ignored when configuring the provider(#15968)
accesscontextmanager: changed multiple array fields to sets where appropriate to prevent duplicates and fix diffs caused by server side reordering. (#15756)
bigquery: added more input validations for google_bigquery_table schema (#15338)
bigquery: made routine_type required for google_bigquery_routine (#15517)
cloudfunction2: made location required on google_cloudfunctions2_function (#15830)
cloudiot: removed deprecated datasource google_cloudiot_registry_iam_policy (#15739)
cloudiot: removed deprecated resource google_cloudiot_device (#15739)
cloudiot: removed deprecated resource google_cloudiot_registry (#15739)
cloudiot: removed deprecated resource google_cloudiot_registry_iam_* (#15739)
cloudrunv2: removed deprecated field liveness_probe.tcp_socket from google_cloud_run_v2_service resource. (#15430)
cloudrunv2: removed deprecated fields startup_probe and liveness_probe from google_cloud_run_v2_job resource. (#15430)
cloudrunv2: retyped volumes.cloud_sql_instance.instances to SET from ARRAY for google_cloud_run_v2_service (#15831)
compute: made google_compute_node_group require one of initial_size or autoscaling_policy fields configured upon resource creation (#16006)
compute: made size in google_compute_node_group an output only field. (#16006)
compute: removed default value for rule.rate_limit_options.encorce_on_key on resource google_compute_security_policy (#15681)
compute: retyped consumer_accept_lists to a SET from an ARRAY type for google_compute_service_attachment (#15985)
container: added deletion_protection to google_container_cluster which is enabled to true by default. When enabled, this field prevents Terraform from deleting the resource. (#16013)
container: changed management.auto_repair and management.auto_upgrade defaults to true in google_container_node_pool (#15931)
container: changed networking_mode default to VPC_NATIVE for newly created google_container_cluster resources (#6402)
container: removed enable_binary_authorization in google_container_cluster (#15868)
container: removed default for logging_variant in google_container_node_pool (#15931)
container: removed default value in network_policy.provider in google_container_cluster (#15920)
container: removed the behaviour that google_container_cluster will delete the cluster if it's created in an error state. Instead, it will mark the cluster as tainted, allowing manual inspection and intervention. To proceed with deletion, run another terraform apply. (#15887)
container: reworked the taint field in google_container_cluster and google_container_node_pool to only manage a subset of taint keys based on those already in state. Most existing resources are unaffected, unless they use sandbox_config- see upgrade guide for details. (#15959)
dataplex: removed data_profile_result and data_quality_result from google_dataplex_scan (#15505)
firebase: changed deletion_policy default to DELETE for google_firebase_web_app. (#15406)
firebase: removed google_firebase_project_location (#15764)
gameservices: removed Terraform support for gameservices (#15558)
logging: changed the default value of unique_writer_identity from false to true in google_logging_project_sink. (#15743)
logging: made growth_factor, num_finite_buckets, and scale required for google_logging_metric (#15680)
looker: removed LOOKER_MODELER as a possible value in google_looker_instance.platform_edition (#15956)
monitoring: fixed perma-diffs in google_monitoring_dashboard.dashboard_json by suppressing values returned by the API that are not in configuration (#16014)
monitoring: made labels immutable in google_monitoring_metric_descriptor (#15988)
privateca: removed deprecated fields config_values, pem_certificates from google_privateca_certificate (#15537)
secretmanager: removed automatic field in google_secret_manager_secret resource (#15859)
servicenetworking: used Create instead of Patch to create google_service_networking_connection (#15761)
servicenetworking: used the deleteConnection method to delete the resource google_service_networking_connection (#15934)

FEATURES:

New Resource: google_scc_folder_custom_module (#15979)
New Resource: google_scc_organization_custom_module (#16012)

IMPROVEMENTS:

alloydb: added additional fields to google_alloydb_instance and google_alloydb_backup (#15973)
artifactregistry: added support for remote APT and YUM repositories to google_artifact_registry_repository (#15973)
baremetal: made delete a noop for the resource google_bare_metal_admin_cluster to better align with actual behavior (#16010)
bigtable: added state output attribute to google_bigtable_instance clusters (#15961)
compute: made google_compute_node_group mutable (#16006)
container: added the effective_taints attribute to google_container_cluster and google_container_node_pool, outputting all known taint values (#15959)
container: allowed setting addons_config.gcs_fuse_csi_driver_config on google_container_cluster with enable_autopilot: true. (#15996)
containeraws: added binary_authorization to google_container_aws_cluster (#15989)
containeraws: added update_settings to google_container_aws_node_pool (#15989)
google_compute_instance (#15933)
osconfig: added week_day_of_month.day_offset field to the google_os_config_patch_deployment resource (#15997)
secretmanager: allowed update for rotation.rotation_period field in google_secret_manager_secret resource (#15952)
sql: added preferred_zone field to google_sql_database_instance resource (#15971)
storagetransfer: added event_stream field to google_storage_transfer_job resource (#16004)

BUG FIXES:

bigquery: fixed diff suppression in external_data_configuration.connection_id in google_bigquery_table (#15983)
bigquery: fixed view and materialized view creation when schema is specified in google_bigquery_table (#15442)
bigtable: avoided re-creation of google_bigtable_instance when cluster is still updating and storage type changed (#15961)
bigtable: fixed a bug where dynamically created clusters would incorrectly run into duplication error in google_bigtable_instance (#15940)
compute: removed the default value for field reconcile_connections in resource google_compute_service_attachment, the field will now default to a value returned by the API when not set in configuration (#15919)
compute: replaced incorrect default value for enable_endpoint_independent_mapping with APIs default in resource google_compute_router_nat (#15478)
container: fixed an issue in google_container_node_pool where empty linux_node_config.sysctls would crash the provider (#15941)
dataflow: fixed issue causing error message when max_workers and num_workers were supplied via parameters in google_dataflow_flex_template_job (#15976)
dataflow: fixed max_workers read value permanently displaying as 0 in google_dataflow_flex_template_job (#15976)
dataflow: fixed permadiff when SdkPipeline values are supplied via parameters in google_dataflow_flex_template_job (#15976)
identityplayform: fixed a potential perma-diff for sign_in in google_identity_platform_config resource (#15907)
firebase: made google_firebase_rules.release immutable (#15989)
monitoring: fixed an issue where metadata was not able to be updated in google_monitoring_metric_descriptor (#16014)
monitoring: fixed bug where importing google_monitoring_notification_channel failed when no default project was supplied in provider configuration or through environment variables (#15929)
secretmanager: fixed an issue in google_secretmanager_secret where replacing replication.automatic with replication.auto would destroy and recreate the resource (#15922)
sql: fixed diffs when re-ordering existing database_flags in google_sql_database_instance (#15678)
tags: fixed import failure on google_tags_tag_binding (#16005)
vertexai: made contents_delta_uri a required field in google_vertex_ai_index as omitting it would result in an error (#15992)

Configuration

📅 Schedule: Branch creation - Monday through Friday ( * * * * 1-5 ) in timezone Europe/London, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

If you want to rebase/retry this MR, check this box

This MR has been generated by Renovate Bot.

Edited Dec 18, 2025 by uis-devops-renovatebot

fix(deps): update terraform google to v7

Release Notes

5.29.1 (May 14, 2024)

Configuration

Merge request reports