FAQ | This is a LIVE service | Changelog

Skip to content

chore(deps): update terraform google to v6

uis-devops-renovatebot requested to merge renovate/google-6.x into main

This MR contains the following updates:

Package Type Update Change
google (source) required_provider major ~> 4.0 -> ~> 6.0

Release Notes

hashicorp/terraform-provider-google (google)

v6.12.0

Compare Source

FEATURES:

  • New Data Source: google_access_context_manager_access_policy (#​20295)
  • New Resource: google_dataproc_gdc_spark_application (#​20242)
  • New Resource: google_managed_kafka_cluster and google_managed_kafka_topic (#​20237)

IMPROVEMENTS:

  • artifactregistry: added common_repository field to google_artifact_registry_repository resource (#​20305)
  • cloudrunv2: added urls output field to google_cloud_run_v2_service resource (#​20313)
  • compute: added IDPF as a possible value for the network_interface.nic_type field in google_compute_instance resource (#​20250)
  • compute: added IDPF as a possible value for the guest_os_features.type field in google_compute_image resource (#​20250)
  • compute: added replica_names field to sql_database_instance resource (#​20202)
  • filestore: added performance_config field to google_filestore_instance (#​20218)
  • redis: added persistence_config to google_redis_cluster. (#​20212)
  • securesourcemanager: added workforce_identity_federation_config field to google_secure_source_manager_instance resource (#​20290)
  • spanner: added default_backup_schedule_type field to google_spanner_instance (#​20213)
  • sql: added psc_auto_connections fields to google_sql_database_instance resource (#​20307)

BUG FIXES:

  • accesscontextmanager: fixed permadiff in perimeter google_access_context_manager_service_perimeter_ingress_policy and google_access_context_manager_service_perimeter_egress_policy resources when there are duplicate resources in the rules (#​20294)
    • accesscontextmanager: fixed comparison of identity_type in ingress_from and egress_from when the IDENTITY_TYPE_UNSPECIFIED is set (#​20221)
  • compute: fixed permadiff on attempted type field updates in google_computer_security_policy, updating this field will now force recreation of the resource (#​20316)
  • identityplatform: fixed perma-diff originating from the sign_in.anonymous.enabled field in google_identity_platform_config (#​20244)

v6.11.2

Compare Source

BUG FIXES:

  • vertexai: fixed issue with google_vertex_ai_endpoint where upgrading to 6.11.0 would delete all traffic splits that were set outside Terraform (which was previously a required step for all meaningful use of this resource). (#​20350)

v6.11.1

Compare Source

BUG FIXES:

  • container: fixed diff on google_container_cluster.user_managed_keys_config field for resources that had not set it. (#​20314)
  • container: marked google_container_cluster.user_managed_keys_config as immutable because it can't be updated in place. (#​20314)

v6.11.0

Compare Source

NOTES:

  • compute: migrated google_compute_firewall_policy_rule from DCL engine to MMv1 engine. (#​20160)

BREAKING CHANGES:

  • looker: made oauth_config a required field in google_looker_instance, as creating this resource without that field always triggers an API error (#​20196)

FEATURES:

  • New Data Source: google_spanner_database (#​20114)
  • New Resource: google_apigee_api (#​20113)
  • New Resource: google_dataproc_gdc_application_environment (#​20165)
  • New Resource: google_dataproc_gdc_service_instance (#​20147)
  • New Resource: google_memorystore_instance (#​20108)

IMPROVEMENTS:

  • apigee: added in-place update support for google_apigee_env_references (#​20182)
  • apigee: added in-place update support for google_apigee_environment resource (#​20189)
  • cloudrun: added empty_dir field to google_cloud_run_service (#​20185)
  • cloudrunv2: added empty_dir field to google_cloud_run_v2_service and google_cloud_run_v2_job (#​20185)
  • compute: added disks field to google_compute_node_template resource (#​20180)
  • compute: added preconfigured_waf_config field to google_compute_security_policy resource (#​20183)
  • compute: added replica_names field to sql_database_instance resource (#​20202)
  • compute: added instance_flexibility_policy field to google_compute_region_instance_group_manager resource (#​20132)
  • compute: increased google_compute_security_policy timeouts from 20 minutes to 30 minutes (#​20145)
  • container: added control_plane_endpoints_config field to google_container_cluster resource. (#​20193)
  • container: added parallelstore_csi_driver_config field to google_container_cluster resource. (#​20163)
  • container: added user_managed_keys_config field to google_container_cluster resource. (#​20105)
  • firestore: allowed single field indexes to support __name__ DESC indexes in google_firestore_index resources (#​20124)
  • privateca: added support for google_privateca_certificate_authority with type = "SUBORDINATE" to be activated into "STAGED" state (#​20103)
  • spanner: added default_backup_schedule_type field to google_spanner_instance (#​20213)
  • vertexai: added traffic_split, private_service_connect_config, predict_request_response_logging_config, dedicated_endpoint_enabled, and dedicated_endpoint_dns fields to google_vertex_ai_endpoint resource (#​20179)
  • workflows: added deletion_protection field to google_workflows_workflow resource (#​20106)

BUG FIXES:

  • compute: fixed a diff based on server-side reordering of match.src_address_groups and match.dest_address_groups in google_compute_network_firewall_policy_rule (#​20148)
  • compute: fixed permadiff on the preconfigured_waf_config field for google_compute_security_policy resource (#​20183)
  • container: fixed in-place updates for node_config.containerd_config in google_container_cluster and google_container_node_pool (#​20112)

v6.10.0

Compare Source

FEATURES:

  • New Data Source: google_compute_instance_guest_attributes (#​20095)
  • New Data Source: google_service_accounts (#​20062)
  • New Resource: google_iap_settings (#​20085)

IMPROVEMENTS:

  • apphub: added GLOBAL enum value to scope.type field in google_apphub_application resource (#​20015)
  • assuredworkloads: added workload_options field to google_assured_workloads_workload resource (#​19985)
  • bigquery: added external_catalog_dataset_options fields to google_bigquery_dataset resource (beta) (#​20097)
  • bigquery: added descriptive validation errors for missing required fields in google_bigquery_job destination table configuration (#​20077)
  • compute: desired_status on google_compute_instance can now be set to TERMINATED or SUSPENDED on instance creation (#​20031)
  • compute: added header_action and redirect_options fields to google_compute_security_policy_rule resource (#​20079)
  • compute: added interface.ipv6-address field in google_compute_external_vpn_gateway resource (#​20091)
  • compute: added propagated_connection_limit and connected_endpoints.propagated_connection_count fields to google_compute_service_attachment resource (#​20016)
  • compute: added plan-time validation to name on google_compute_instance (#​20036)
  • compute: added support for advanced_machine_features.turbo_mode to google_compute_instance, google_compute_instance_template, and google_compute_region_instance_template (#​20090)
  • container: added in-place update support for labels, resource_manager_tags and workload_metadata_config in google_container_cluster.node_config (#​20038)
  • filestore: added protocol property to resource google_filestore_instance (#​19982)
  • memorystore: added mode flag to google_memorystore_instance (#​19988)
  • netapp: added zone and replica_zone fields to google_netapp_storage_pool resource (#​19980)
  • netapp: added zone and replica_zone fields to google_netapp_volume resource (#​19980)
  • networksecurity: added tls_inspection_policy field to google_network_security_gateway_security_policy (#​19986)
  • resourcemanager: added disabled to google_service_account datasource (#​20034)
  • spanner: added asymmetric_autoscaling_options field to google_spanner_instance (#​20014)
  • sql: removed the client-side default of ENTERPRISE for edition in google_sql_database_instance so that edition is determined by the API when unset. This will cause new instances to use ENTERPRISE_PLUS as the default for POSTGRES_16. (#​19977)
  • vmwareengine: added autoscaling_settings to google_vmwareengine_private_cloud resource (#​20057)

BUG FIXES:

  • accesscontextmanager: fixed permadiff for perimeter ingress / egress rule resources (#​20046)
  • compute: fixed an error in google_compute_security_policy_rule that prevented updating the default rule (#​20066)
  • container: fixed missing in-place updates for some google_container_cluster.node_config subfields (#​20038)

v6.9.0

Compare Source

DEPRECATIONS:

  • containerattached: deprecated security_posture_config field in google_container_attached_cluster resource (#​19912)

FEATURES:

  • New Data Source: google_oracle_database_autonomous_database (#​19903)
  • New Data Source: google_oracle_database_autonomous_databases (#​19901)
  • New Data Source: google_oracle_database_cloud_exadata_infrastructures (#​19884)
  • New Data Source: google_oracle_database_cloud_vm_clusters (#​19900)
  • New Resource: google_apigee_app_group (#​19921)
  • New Resource: google_apigee_developer (#​19911)
  • New Resource: google_network_connectivity_group (#​19902)

IMPROVEMENTS:

  • compute: google_compute_network_firewall_policy_association now uses MMv1 engine instead of DCL. (#​19976)
  • compute: google_compute_region_network_firewall_policy_association now uses MMv1 engine instead of DCL. (#​19976)
  • compute: added creation_timestamp field to google_compute_instance, google_compute_instance_template, google_compute_region_instance_template (#​19906)
  • compute: added key_revocation_action_type to google_compute_instance and related resources (#​19952)
  • looker: added deletion_policy to google_looker_instance to allow force-destroying instances with nested resources by setting deletion_policy = FORCE (#​19924)
  • monitoring: added alert_strategy.notification_prompts field to google_monitoring_alert_policy (#​19928)
  • storage: added hierarchical_namespace to google_storage_bucket resource (#​19882)
  • sql: removed the client-side default of ENTERPRISE for edition in google_sql_database_instance so that edition is determined by the API when unset. This will cause new instances to use ENTERPRISE_PLUS as the default for POSTGRES_16. (#​19977)
  • vmwareengine: added autoscaling_settings to google_vmwareengine_cluster resource (#​19962)
  • workstations: added max_usable_workstations field to google_workstations_workstation_config resource. (#​19872)

BUG FIXES:

  • compute: fixed an issue where immutable distribution_zones was incorrectly sent to the API when updating distribution_policy_target_shape in google_compute_region_instance_group_manager resource (#​19949)
  • container: fixed a crash in google_container_node_pool caused by an occasional nil pointer (#​19922)
  • essentialcontacts: fixed google_essential_contacts_contact import to include required parent field. (#​19877)
  • sql: made google_sql_database_instance.0.settings.0.data_cache_config accept server-side changes when unset. When unset, no diffs will be created when instances change in edition and the feature is enabled or disabled as a result. (#​19972)
  • storage: removed retry on 404s during refresh for google_storage_bucket, preventing hanging when refreshing deleted buckets (#​19964)

v6.8.0

Compare Source

FEATURES:

  • New Data Source: google_oracle_database_cloud_exadata_infrastructure (#​19856)
  • New Data Source: google_oracle_database_cloud_vm_cluster (#​19859)
  • New Data Source: google_oracle_database_db_nodes (#​19871)
  • New Data Source: google_oracle_database_db_servers (#​19823)
  • New Resource: google_oracle_database_autonomous_database (#​19860)
  • New Resource: google_oracle_database_cloud_exadata_infrastructure (#​19798)
  • New Resource: google_oracle_database_cloud_vm_cluster (#​19837)
  • New Resource: google_transcoder_job_template (#​19854)
  • New Resource: google_transcoder_job (#​19854)

IMPROVEMENTS:

  • cloudfunctions: increased the timeouts to 20 minutes for google_cloudfunctions_function resource (#​19799)
  • cloudrunv2: added invoker_iam_disabled field to google_cloud_run_v2_service (#​19833)
  • compute: made google_compute_network_firewall_policy_rule use MMv1 engine instead of DCL. (#​19862)
  • compute: made google_compute_region_network_firewall_policy_rule use MMv1 engine instead of DCL. (#​19862)
  • compute: added ip_address_selection_policy field to google_compute_backend_service and google_compute_region_backend_service. (#​19863)
  • compute: added provisioned_throughput field to google_compute_instance_template resource (#​19852)
  • compute: added provisioned_throughput field to google_compute_region_instance_template resource (#​19852)
  • container: added support for additional values KCP_CONNECTION, and KCP_SSHDin google_container_cluster.logging_config (#​19812)
  • dialogflowcx: added advanced_settings.logging_settings and advanced_settings.speech_settings to google_dialogflow_cx_agent and google_dialogflow_cx_flow (#​19801)
  • networkconnectivity: added linked_producer_vpc_network field to google_network_connectivity_spoke resource (#​19806)
  • secretmanager: added is_secret_data_base64 field to google_secret_manager_secret_version and google_secret_manager_secret_version_access datasources (#​19831)
  • secretmanager: added is_secret_data_base64 field to google_secret_manager_regional_secret_version and google_secret_manager_regional_secret_version_access datasources (#​19831)
  • spanner: added kms_key_names to encryption_config in google_spanner_database (#​19846)
  • workstations: added max_usable_workstations field to google_workstations_workstation_config resource (#​19872)
  • workstations: added field allowed_ports to google_workstations_workstation_config (#​19845)

BUG FIXES:

  • bigquery: fixed a regression that caused google_bigquery_dataset_iam_* resources to attempt to set deleted IAM members, thereby triggering an API error (#​19857)
  • compute: fixed an issue in google_compute_backend_service and google_compute_region_backend_service to allow sending false for iap.enabled (#​19795)
  • container: node_config.linux_node_config, node_config.workload_metadata_config and node_config.kubelet_config will now successfully send empty messages to the API when terraform plan indicates they are being removed, rather than null, which caused an error. The sole reliable case is node_config.linux_node_config when the block is removed, where there will still be a permadiff, but the update request that's triggered will no longer error and other changes displayed in the plan should go through. (#​19842)

v6.7.0

Compare Source

FEATURES:

  • New Resource: google_healthcare_pipeline_job (#​19717)
  • New Resource: google_secure_source_manager_branch_rule (#​19773)

IMPROVEMENTS:

  • container: google_container_cluster will now accept server-specified values for node_pool_auto_config.0.node_kubelet_config when it is not defined in configuration and will not detect drift. Note that this means that removing the value from configuration will now preserve old settings instead of reverting the old settings. (#​19817)
  • discoveryengine: added chat_engine_config.dialogflow_agent_to_link field to google_discovery_engine_chat_engine resource (#​19723)
  • networkconnectivity: added field migration to resource google_network_connectivity_internal_range (#​19757)
  • networkservices: added routing_mode field to google_network_services_gateway resource (#​19764)

BUG FIXES:

  • bigtable: fixed an error where BigTable IAM resources could be created with conditions but the condition was not stored in state (#​19725)
  • container: fixed issue which caused to not being able to disable enable_cilium_clusterwide_network_policy field on google_container_cluster. (#​19736)
  • container: fixed a diff triggered by a new API-side default value for node_config.0.kubelet_config.0.insecure_kubelet_readonly_port_enabled. Terraform will now accept server-specified values for node_config.0.kubelet_config when it is not defined in configuration and will not detect drift. Note that this means that removing the value from configuration will now preserve old settings instead of reverting the old settings. (#​19817)
  • dataproc: fixed a bug in google_dataproc_cluster that prevented creation of clusters with internal_ip_only set to false (#​19782)
  • iam: addressed google_service_account creation issues caused by the eventual consistency of the GCP IAM API by ignoring 403 errors returned on polling the service account after creation. (#​19727)
  • logging: fixed the whitespace permadiff on exclusions.filter field in google_logging_billing_account_sink, google_logging_folder_sink, google_logging_organization_sink and google_logging_project_sink resources (#​19744)
  • pubsub: fixed permadiff with configuring an empty retry_policy in google_pubsub_subscription. This will result in minimum_backoff and maximum_backoff using server-side defaults. To use "immedate retry", do not specify a retry_policy block at all. (#​19784)
  • secretmanager: fixed the issue of unpopulated fields labels, annotations and version_destroy_ttl in the terraform state for the google_secret_manager_secrets datasource (#​19748)

v6.6.0

Compare Source

FEATURES:

  • New Resource: google_dataproc_batch (#​19686)
  • New Resource: google_healthcare_pipeline_job (#​19717)
  • New Resource: google_site_verification_owner (#​19641)

IMPROVEMENTS:

  • assuredworkloads: added HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS and HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS_WITH_US_SUPPORT enum values to compliance_regime in the google_assuredworkload_workload resource (#​19714)
  • compute: added bgp_best_path_selection_mode ,bgp_bps_always_compare_med and bgp_bps_inter_region_cost fields to google_compute_network resource (#​19708)
  • compute: added next_hop_origin ,next_hop_med and next_hop_inter_region_cost output fields to google_compute_route resource (#​19708)
  • compute: added enum STATEFUL_COOKIE_AFFINITY and strong_session_affinity_cookie field to google_compute_backend_service and google_compute_region_backend_service resource (#​19665)
  • compute: moved TDX instance option for confidential_instance_type in google_compute_instance from Beta to GA (#​19706)
  • containeraws: added kubelet_config field group to the google_container_aws_node_pool resource (#​19714)
  • pubsub: added GCS ingestion settings and platform log settings to google_pubsub_topic resource (#​19669)
  • sourcerepo: added create_ignore_already_exists field to google_sourcerepo_repository resource (#​19716)
  • sql: added in-place update support for settings.time_zone in google_sql_database_instance resource (#​19654)
  • tags: increased maximum accepted input length for the short_name field in google_tags_tag_key and google_tags_tag_value resources (#​19712)

BUG FIXES:

  • bigquery: fixed google_bigquery_dataset_iam_member to be able to delete itself and overwrite the existing iam members for bigquery dataset keeping the authorized datasets as they are. (#​19682)
  • bigquery: fixed an error which could occur with service account field values containing non-lower-case characters in google_bigquery_dataset_access (#​19705)
  • compute: fixed an issue where the boot_disk.initialize_params.resource_policies field in google_compute_instance forced a resource recreation when used in combination with google_compute_disk_resource_policy_attachment (#​19692)
  • compute: fixed the issue that labels is not set when creating the resource google_compute_interconnect (#​19632)
  • tags: removed google_tags_location_tag_binding resource from the Terraform state when its parent resource has been removed outside of Terraform (#​19693)
  • workbench: fixed a bug in the google_workbench_instance resource where the removal of labels was not functioning as expected. (#​19620)

v6.5.0

Compare Source

DEPRECATIONS:

  • compute: deprecated macsec.pre_shared_keys.fail_open field in google_compute_interconnect resource. Use the new macsec.fail_open field instead (#​19572)

FEATURES:

  • New Data Source: google_compute_region_instance_group_manager (#​19589)
  • New Data Source: google_privileged_access_manager_entitlement (#​19580)
  • New Data Source: google_secret_manager_regional_secret_version_access (#​19538)
  • New Data Source: google_secret_manager_regional_secret_version (#​19514)
  • New Data Source: google_secret_manager_regional_secrets (#​19532)
  • New Resource: google_compute_router_nat_address (#​19550)
  • New Resource: google_logging_log_scope (#​19559)

IMPROVEMENTS:

  • apigee: added activate field to google_apigee_nat_address resource (#​19591)
  • bigquery: added biglake_configuration field to google_bigquery_table resource to support BigLake Managed Tables (#​19541)
  • cloudrunv2: promoted scaling field in google_cloud_run_v2_service resource to GA (#​19588)
  • composer: promoted config.workloads_config.cloud_data_lineage_integration field in google_composer_environment resource to GA (#​19612)
  • compute: added existing_reservations field to google_compute_region_commitment resource (#​19585)
  • compute: added hostname field to google_compute_instance data source (#​19607)
  • compute: added initial_nat_ip field to google_compute_router_nat resource (#​19550)
  • compute: added macsec.fail_open field to google_compute_interconnect resource (#​19572)
  • compute: added SUSPENDED as a possible value to desired_state field in google_compute_instance resource (#​19586)
  • compute: added import support for projects/{{project}}/meta-data/{{key}} format for google_compute_project_metadata_item resource (#​19613)
  • compute: marked customer_name and location fields as optional in google_compute_interconnect resource to support cross cloud interconnect (#​19619)
  • container: added linux_node_config.hugepages_config field to google_container_node_pool resource (#​19521)
  • container: promoted gcfs_config field in google_container_cluster resource to GA (#​19617)
  • looker: added psc_enabled and psc_config fields to google_looker_instance resource (#​19523)
  • networkconnectivity: added include_import_ranges field to google_network_connectivity_spoke resource for linked_vpn_tunnels, linked_interconnect_attachments and linked_router_appliance_instances (#​19530)
  • secretmanagerregional: added version_aliases field to google_secret_manager_regional_secret resource (#​19514)
  • workbench: increased create timeout to 20 minutes for google_workbench_instance resource (#​19551)

BUG FIXES:

  • bigquery: fixed in-place update of google_bigquery_table resource when external_data_configuration.schema field is set (#​19558)
  • bigquerydatapolicy: fixed permadiff on policy_tag field in google_bigquery_datapolicy_data_policy resource (#​19563)
  • composer: fixed storage_config.bucket field to support a bucket name with or without "gs://" prefix (#​19552)
  • container: added support for setting addons_config.gcp_filestore_csi_driver_config and enable_autopilot in the same google_container_cluster (#​19590)
  • container: fixed node_config.kubelet_config updates in google_container_cluster resource (#​19562)
  • container: fixed a bug where specifying node_pool_defaults.node_config_defaults with enable_autopilot = true would cause google_container_cluster resource creation failure (#​19543)
  • workbench: fixed a bug in the google_workbench_instance resource where the removal of labels was not functioning as expected (#​19620)

v6.4.0

Compare Source

DEPRECATIONS:

  • securitycenterv2: deprecated google_scc_v2_organization_scc_big_query_exports. Use google_scc_v2_organization_scc_big_query_export instead. (#​19457)

FEATURES:

  • New Data Source: google_secret_manager_regional_secret_version (#​19514)
  • New Data Source: google_secret_manager_regional_secret (#​19491)
  • New Resource: google_database_migration_service_migration_job (#​19488)
  • New Resource: google_discovery_engine_target_site (#​19469)
  • New Resource: google_healthcare_workspace (#​19476)
  • New Resource: google_scc_folder_scc_big_query_export (#​19480)
  • New Resource: google_scc_organization_scc_big_query_export (#​19465)
  • New Resource: google_scc_project_scc_big_query_export (#​19466)
  • New Resource: google_scc_v2_organization_scc_big_query_export (#​19457)
  • New Resource: google_secret_manager_regional_secret_version (#​19504)
  • New Resource: google_secret_manager_regional_secret (#​19461)
  • New Resource: google_site_verification_web_resource (#​19477)
  • New Resource: google_spanner_backup_schedule (#​19449)

IMPROVEMENTS:

  • alloydb: added enable_outbound_public_ip field to google_alloydb_instance resource (#​19444)
  • apigee: added in-place update for consumer_accept_list field in google_apigee_instance resource (#​19442)
  • compute: added interface field to google_compute_attached_disk resource (#​19440)
  • compute: added in-place update in google_compute_interconnect resource, except for remote_location and requested_features fields (#​19508)
  • filestore: added deletion_protection_enabled and deletion_protection_reason fields to google_filestore_instance resource (#​19446)
  • looker: added fips_enabled field to google_looker_instance resource (#​19511)
  • metastore: added deletion_protection field to google_dataproc_metastore_service resource (#​19505)
  • netapp: added allow_auto_tiering field to google_netapp_storage_pool resource (#​19454)
  • netapp: added tiering_policy field to google_netapp_volume resource (#​19454)
  • secretmanagerregional: added version_aliases field to google_secret_manager_regional_secret resource (#​19514)
  • spanner: added edition field to google_spanner_instance resource (#​19449)

BUG FIXES:

  • compute: fixed a permadiff on iap field in google_compute_backend and google_compute_region_backend resources (#​19509)
  • container: fixed a bug where specifying node_pool_defaults.node_config_defaults with enable_autopilot = true will cause google_container_cluster resource creation failure (#​19543)
  • container: fixed a permadiff on node_config.gcfs_config field in google_container_cluster and google_container_node_pool resources (#​19512)
  • container: fixed the in-place update for node_config.gcfs_config field in google_container_cluster and google_container_node_pool resources (#​19512)
  • container: made node_config.kubelet_config.cpu_manager_policy field optional to fix its update in google_container_cluster resource (#​19464)
  • dns: fixed a permadiff on dnssec_config field in google_dns_managed_zone resource (#​19456)
  • pubsub: allowed filter field to contain line breaks in google_pubsub_subscription resource (#​19451)

v6.3.0

Compare Source

FEATURES:

  • New Data Source: google_bigquery_tables (#​19402)
  • New Resource: google_developer_connect_connection (#​19431)
  • New Resource: google_developer_connect_git_repository_link (#​19431)
  • New Resource: google_memorystore_instance (#​19398)

IMPROVEMENTS:

  • compute: added connected_endpoints.consumer_network and connected_endpoints.psc_connection_id fields to google_compute_service_attachment resource (#​19426)
  • compute: added field http_keep_alive_timeout_sec to google_region_compute_target_https_proxy and google_region_compute_target_http_proxy resources (#​19432)
  • compute: added support for boot_disk.initialize_params.resource_policies in google_compute_instance and google_instance_template (#​19407)
  • container: added storage_pools to node_config in google_container_cluster and google_container_node_pool (#​19423)
  • containerattached: added security_posture_config field to google_container_attached_cluster resource (#​19411)
  • netapp: added large_capacity and multiple_endpoints to google_netapp_volume resource (#​19384)
  • resourcemanager: added tags field to google_folder to allow setting tags for folders at creation time (#​19380)

BUG FIXES:

  • compute: setting network_ip to "" will no longer cause diff and will be treated the same as null (#​19400)
  • dataproc: updated google_dataproc_cluster to protect against handling nil kerberos_config values (#​19401)
  • dns: added a mutex to google_dns_record_set to prevent conflicts when multiple resources attempt to operate on the same record set (#​19416)
  • managedkafka: added 5 second wait post google_managed_kafka_topic creation to fix eventual consistency errors (#​19429)

v6.2.0

Compare Source

FEATURES:

  • New Data Source: google_certificate_manager_certificates (#​19361)
  • New Resource: google_network_security_server_tls_policy (#​19314)
  • New Resource: google_scc_v2_folder_scc_big_query_export (#​19327)
  • New Resource: google_scc_v2_project_scc_big_query_export (#​19311)

IMPROVEMENTS:

  • assuredworkload: added field partner_service_billing_account to google_assured_workloads_workload (#​19358)
  • bigtable: added support for column_family.type in google_bigtable_table (#​19302)
  • cloudrun: promoted support for nfs and csi volumes (for Cloud Storage FUSE) for google_cloud_run_service to GA (#​19359)
  • cloudrunv2: promoted support for nfs and gcs volumes for google_cloud_run_v2_job to GA (#​19359)
  • compute: added boot_disk.interface field to google_compute_instance resource (#​19319)
  • container: added node_pool_auto_config.node_kublet_config.insecure_kubelet_readonly_port_enabled field to google_container_cluster. (#​19320)
  • container: added insecure_kubelet_readonly_port_enabled to node_pool.node_config.kubelet_config and node_config.kubelet_config in google_container_node_pool resource. (#​19312)
  • container: added insecure_kubelet_readonly_port_enabled to node_pool_defaults.node_config_defaults, node_pool.node_config.kubelet_config, and node_config.kubelet_config in google_container_cluster resource. (#​19312)
  • container: added support for in-place updates for google_compute_node_pool.node_config.gcfs_config and google_container_cluster.node_config.gcfs_cluster and google_container_cluster.node_pool.node_config.gcfs_cluster (#​19365)
  • container: promoted the additive_vpc_scope_dns_domain field on the google_container_cluster resource to GA (#​19313)
  • iambeta: added x509 field to google_iam_workload_identity_pool_provider resource (#​19375)
  • networkconnectivity: added include_export_ranges to google_network_connectivity_spoke (#​19346)
  • pubsub: added cloud_storage_config.max_messages and cloud_storage_config.avro_config.use_topic_schema fields to google_pubsub_subscription resource (#​19338)
  • redis: added the maintenance_policy field to the google_redis_cluster resource (#​19341)
  • resourcemanager: added tags field to google_project to allow setting tags for projects at creation time (#​19351)
  • securitycenter: added support for empty streaming_config.filter values in google_scc_notification_config resources (#​19369)

BUG FIXES:

  • compute: fixed google_compute_interconnect to support correct available_features option of IF_MACSEC (#​19330)
  • compute: fixed a bug where advertised_route_priority was accidentally set to 0 during updates in google_compute_router_peer (#​19366)
  • compute: fixed a permadiff caused by setting start_time in an incorrect H:mm format in google_compute_resource_policies resources (#​19297)
  • compute: fixed network_interface.subnetwork_project validation to match with the project in network_interface.subnetwork field when network_interface.subnetwork has full self_link in google_compute_instance resource (#​19348)
  • container: removed unnecessary force replacement in node pool gcfs_config (#​19365
  • kms: updated the google_kms_autokey_config resource's folder field to accept values that are either full resource names (folders/{folder_id}) or just the folder id ({folder_id} only) (#​19364))
  • storage: added retry support for 429 errors in google_storage_bucket resource (#​19353)

v6.1.0

Compare Source

FEATURES:

  • New Data Source: google_kms_crypto_key_latest_version (#​19249)
  • New Data Source: google_kms_crypto_key_versions (#​19241)

IMPROVEMENTS:

  • databasemigrationservice: added support in google_database_migration_service_connection_profile for creating DMS connection profiles that link to existing Cloud SQL instances/AlloyDB clusters. (#​19291)
  • alloydb: added subscription_type and trial_metadata field to google_alloydb_cluster resource (#​19262)
  • bigquery: added encryption_configuration field to google_bigquery_data_transfer_config resource (#​19267)
  • bigqueryanalyticshub: added selected_resources, and restrict_direct_table_access to google_bigquery_analytics_hub_listing resource (#​19244)
  • bigqueryanalyticshub: added sharing_environment_config to google_bigquery_analytics_hub_data_exchange resource (#​19244)
  • cloudtasks: added http_target field to google_cloud_tasks_queue resource (#​19253)
  • compute: added accelerators field to google_compute_node_template resource (#​19292)
  • compute: allowed disabling server_tls_policy during update in google_compute_target_https_proxy resources (#​19233)
  • container: added secret_manager_config field to google_container_cluster resource (#​19288)
  • datastream: added transaction_logs and change_tables to the datastream_stream resource (#​19248)
  • discoveryengine: added chunking_config and layout_parsing_config fields to google_discovery_engine_data_store resource (#​19274)
  • dlp: added inspect_template_modified_cadence field to big_query_target and cloud_sql_target in google_data_loss_prevention_discovery_config resource (#​19282)
  • dlp: added tag_resources field to google_data_loss_prevention_discovery_config resource (#​19282)
  • networksecurity: promoted google_network_security_client_tls_policy to GA (#​19293)

BUG FIXES:

  • bigquery: fixed an error which could occur with email field values containing non-lower-case characters in google_bigquery_dataset_access resource (#​19259)
  • bigqueryanalyticshub: made bigquery_dataset immutable in google_bigquery_analytics_hub_listing as it was not updatable in the API. Now modifying the field in Terraform will correctly recreate the resource rather than causing Terraform to report it would attempt an invalid update. (#​19244)
  • container: fixed update inconsistency in google_container_cluster resource (#​19247)
  • pubsub: fixed a validation bug that didn't allow empty filter definitions for google_pubsub_subscription resources (#​19284)
  • resourcemanager: fixed a bug where data.google_client_config failed silently when inadequate credentials were used to configure the provider (#​19286)
  • sql: fixed importing google_sql_user where host is an IPv4 CIDR (#​19243)
  • sql: fixed overwriting of name field for IAM Group user in google_sql_user resource (#​19234)

v6.0.1

Compare Source

BREAKING CHANGES:

  • sql: removed settings.ip_configuration.require_ssl from google_sql_database_instance in favor of settings.ip_configuration.ssl_mode. This field was intended to be removed in 6.0.0. (#​19263)

v6.0.0

Compare Source

Terraform Google Provider 6.0.0 Upgrade Guide

BREAKING CHANGES:

  • provider: changed provider labels to add the goog-terraform-provisioned: true label by default. (#​19190)
  • activedirectory: added deletion_protection field to google_active_directory_domain resource. This field defaults to true, preventing accidental deletions. To delete the resource, you must first set deletion_protection = false before destroying the resource. (#​18906)
  • alloydb: removed network in google_alloy_db_cluster. Use network_config.network instead. (#​19181)
  • bigquery: added client-side validation to prevent table view creation if schema contains required fields for google_bigquery_table resource (#​18767)
  • bigquery: removed allow_resource_tags_on_deletion from google_bigquery_table. Resource tags are now always allowed on table deletion. (#​19077)
  • bigqueryreservation: removed multi_region_auxiliary from google_bigquery_reservation (#​18922)
  • billing: revised the format of id for google_billing_project_info (#​18823)
  • cloudrunv2: added deletion_protection field to google_cloudrunv2_service. This field defaults to true, preventing accidental deletions. To delete the resource, you must first set deletion_protection = false before destroying the resource.(#​19019)
  • cloudrunv2: changed liveness_probe to no longer infer a default value from api on google_cloud_run_v2_service. Removing this field and applying the change will now remove liveness probe from the Cloud Run service. (#​18764)
  • cloudrunv2: retyped containers.env to SET from ARRAY for google_cloud_run_v2_service and google_cloud_run_v2_job. (#​18855)
  • composer: ip_allocation_policy = [] in google_composer_environment is no longer valid configuration. Removing the field from configuration should not produce a diff. (#​19207)
  • compute: added new required field enabled in google_compute_backend_service and google_compute_region_backend_service (#​18772)
  • compute: changed certifcate_id in google_compute_managed_ssl_certificate to correctly be output only. (#​19069)
  • compute: revised and in some cases removed default values of connection_draining_timeout_sec, balancing_mode and outlier_detection in google_compute_region_backend_service and google_compute_backend_service. (#​18720)
  • compute: revised the format of id for compute_network_endpoints (#​18844)
  • compute: guest_accelerator = [] is no longer valid configuration in google_compute_instance. To explicitly set an empty list of objects, set guest_accelerator.count = 0. (#​19207)
  • compute: google_compute_instance_from_template and google_compute_instance_from_machine_image network_interface.alias_ip_range, network_interface.access_config, attached_disk, guest_accelerator, service_account, scratch_disk can no longer be set to an empty block []. Removing the fields from configuration should not produce a diff. (#​19207)
  • compute: secondary_ip_ranges = [] in google_compute_subnetwork is no longer valid configuration. To set an explicitly empty list, use send_secondary_ip_range_if_empty and completely remove secondary_ip_range from config. (#​19207)
  • container: made advanced_datapath_observability_config.enable_relay required in google_container_cluster (#​19060)
  • container: removed deprecated field advanced_datapath_observability_config.relay_mode from google_container_cluster resource. Users are expected to use enable_relay field instead. (#​19060)
  • container: three label-related fields are now in google_container_cluster resource. resource_labels field is non-authoritative and only manages the labels defined by the users on the resource through Terraform. The new output-only terraform_labels field merges the labels defined by the users on the resource through Terraform and the default labels configured on the provider. The new output-only effective_labels field lists all of labels present on the resource in GCP, including the labels configured through Terraform, the system, and other clients. (#​19062)
  • container: made three fields resource_labels, terraform_labels, and effective_labels be present in google_container_cluster datasources. All three fields will have all of labels present on the resource in GCP including the labels configured through Terraform, the system, and other clients, equivalent to effective_labels on the resource. (#​19062)
  • container: guest_accelerator = [] is no longer valid configuration in google_container_cluster and google_container_node_pool. To explicitly set an empty list of objects, set guest_accelerator.count = 0. (#​19207)
  • container: guest_accelerator.gpu_driver_installation_config = [] and guest_accelerator.gpu_sharing_config = [] are no longer valid configuration in google_container_cluster and google_container_node_pool. Removing the fields from configuration should not produce a diff. (#​19207)
  • datastore: removed google_datastore_index in favor of google_firestore_index (#​19160)
  • edgenetwork: three label-related fields are now in google_edgenetwork_network and google_edgenetwork_subnet resources. labels field is non-authoritative and only manages the labels defined by the users on the resource through Terraform. The new output-only terraform_labels field merges the labels defined by the users on the resource through Terraform and the default labels configured on the provider. The new output-only effective_labels field lists all of labels present on the resource in GCP, including the labels configured through Terraform, the system, and other clients. (#​19062)
  • identityplatform: removed resource google_identity_platform_project_default_config in favor of google_identity_platform_project_config (#​18992)
  • pubsub: allowed schema_settings in google_pubsub_topic to be removed (#​18631)
  • integrations: removed create_sample_workflows and provision_gmek from google_integrations_client (#​19148)
  • redis: added a deletion_protection_enabled field to the google_redis_cluster resource. This field defaults to true, preventing accidental deletions. To delete the resource, you must first set deletion_protection_enabled = false before destroying the resource. (#​19173)
  • resourcemanager: added deletion_protection field to google_folder to make deleting them require an explicit intent. Folder resources now cannot be destroyed unless deletion_protection = false is set for the resource. (#​19021)
  • resourcemanager: made deletion_policy in google_project 'PREVENT' by default. This makes deleting them require an explicit intent. google_project resources cannot be destroyed unless deletion_policy is set to 'ABANDON' or 'DELETE' for the resource. (#​19114)
  • sql: removed settings.ip_configuration.require_ssl in google_sql_database_instance. Please use settings.ip_configuration.ssl_mode instead. (#​18843)
  • storage: removed no_age field from lifecycle_rule.condition in the google_storage_bucket resource (#​19048)
  • vpcaccess: removed default values for min_throughput and min_instances fields on google_vpc_access_connector and made them default to values returned from the API when not provided by users (#​18697)
  • vpcaccess: added a conflicting fields restriction between min_throughput and min_instances fields on google_vpc_access_connector (#​18697)
  • vpcaccess: added a conflicting fields restriction between max_throughput and max_instances fields on google_vpc_access_connector (#​18697)
  • workstation: defaulted host.gce_instance.disable_ssh to true for google_workstations_workstation_config (#​19101) IMPROVEMENTS:
  • compute: added fields reserved_internal_range and secondary_ip_ranges[].reserved_internal_range to google_compute_subnetwork resource (#​19151)
  • compute: changed the behavior of name_prefix in multiple Compute resources to allow for a longer max length of 54 characters. See the upgrade guide and resource documentation for more details. (#​19152) BUG FIXES:
  • compute: fixed an issue regarding sending enabled field by default for null iap message in google_compute_backend_service and google_compute_region_backend_service (#​18772)

v5.45.0

Compare Source

NOTES:

  • 5.45.0 is a backport release, responding to a new Spanner feature that may result in creation of unwanted backups for users. The changes in this release will be available in 6.11.0 and users upgrading to 6.X should upgrade to that version or higher.

IMPROVEMENTS:

  • spanner: added default_backup_schedule_type field to google_spanner_instance (#​20213)

v5.44.2

Compare Source

Notes:

  • 5.44.2 is a backport release, responding to a GKE rollout that created permadiffs for many users. The changes in this release will be available in 6.7.0 and users upgrading to 6.X should upgrade to that version or higher.

IMPROVEMENTS:

  • container: google_container_cluster will now accept server-specified values for node_pool_auto_config.0.node_kubelet_config when it is not defined in configuration and will not detect drift. Note that this means that removing the value from configuration will now preserve old settings instead of reverting the old settings. (#​19817)

BUG FIXES:

  • container: fixed a diff triggered by a new API-side default value for node_config.0.kubelet_config.0.insecure_kubelet_readonly_port_enabled. Terraform will now accept server-specified values for node_config.0.kubelet_config when it is not defined in configuration and will not detect drift. Note that this means that removing the value from configuration will now preserve old settings instead of reverting the old settings. (#​19817)

v5.44.1

Compare Source

NOTES:

  • 5.44.1 is a backport release, intended to pull in critical container improvements and fixes for issues introduced in 5.44.0

IMPROVEMENTS:

  • container: added in-place update support for gcfs_config in in google_container_cluster and google_container_node_pool (#​19365) (#​19512)

BUG FIXES:

  • container: fixed a permadiff on gcfs_config in google_container_cluster and google_container_node_pool (#​19512)
  • container: fixed a bug where specifying node_pool_defaults.node_config_defaults with enable_autopilot = true will cause google_container_cluster resource creation failure. (#​19543)

v5.44.0

Compare Source

NOTES:

  • 5.44.0 is a backport release, intended to pull in critical container improvements from 6.2.0

IMPROVEMENTS:

  • container: added insecure_kubelet_readonly_port_enabled to node_pool.node_config.kubelet_config and node_config.kubelet_config in google_container_node_pool resource. (#​19312)
  • container: added insecure_kubelet_readonly_port_enabled to node_pool_defaults.node_config_defaults, node_pool.node_config.kubelet_config, and node_config.kubelet_config in google_container_cluster resource. (#​19312)
  • container: added node_pool_auto_config.node_kublet_config.insecure_kubelet_readonly_port_enabled field to google_container_cluster. (#​19320)

v5.43.1

Compare Source

NOTES:

  • 5.43.1 is a backport release, and some changes will not appear in 6.X series releases until 6.1.0

BUG FIXES:

  • pubsub: fixed a validation bug that didn't allow empty filter definitions for google_pubsub_subscription resources (#​19284)

v5.43.0

Compare Source

DEPRECATIONS:

  • storage: deprecated lifecycle_rule.condition.no_age field in google_storage_bucket. Use the new lifecycle_rule.condition.send_age_if_zero field instead. (#​19172)

FEATURES:

  • New Resource: google_kms_ekm_connection_iam_binding (#​19132)
  • New Resource: google_kms_ekm_connection_iam_member (#​19132)
  • New Resource: google_kms_ekm_connection_iam_policy (#​19132)
  • New Resource: google_scc_v2_organization_scc_big_query_exports (#​19184)

IMPROVEMENTS:

  • compute: added label_fingerprint field to google_compute_global_address resource (#​19204)
  • compute: exposed service side id as new output field forwarding_rule_id on resource google_compute_forwarding_rule (#​19139)
  • container: added EXTENDED as a valid option for release_channel field in google_container_cluster resource (#​19141)
  • logging: changed enable_analytics parsing to "no preference" in analytics if omitted, instead of explicitly disabling analytics in google_logging_project_bucket_config (#​19126)
  • pusbub: added validation to filter field in resource google_pubsub_subscription (#​19131)
  • resourcemanager: added default_labels field to google_client_config data source (#​19170)
  • vmwareengine: added PC undelete support in google_vmwareengine_private_cloud (#​19192)

BUG FIXES:

  • alloydb: fixed a permadiff on psc_instance_config in google_alloydb_instance resource (#​19143)
  • compute: fixed a malformed URL that affected updating the server_tls_policy property on google_compute_target_https_proxy resources (#​19164)
  • compute: fixed bug where the labels field could not be updated on google_compute_global_address (#​19204)
  • compute: fixed force diff replacement logic for network_ip on resource google_compute_instance (#​19135)

v5.42.0

Compare Source

DEPRECATIONS:

  • compute: setting google_compute_subnetwork.secondary_ip_range = [] to explicitly set a list of empty objects is deprecated and will produce an error in the upcoming major release. Use send_secondary_ip_range_if_empty while removing secondary_ip_range from config instead. (#​19122)

FEATURES:

  • New Data Source: google_artifact_registry_locations (#​19047)
  • New Data Source: google_cloud_identity_transitive_group_memberships (#​19038)
  • New Resource: google_discovery_engine_schema (#​19124)
  • New Resource: google_scc_folder_notification_config (#​19057)
  • New Resource: google_scc_v2_folder_notification_config (#​19055)
  • New Resource: google_vertex_ai_index_endpoint_deployed_index (#​19061)

IMPROVEMENTS:

  • clouddeploy: added serial_pipeline.stages.strategy.canary.runtime_config.kubernetes.gateway_service_mesh.pod_selector_label and serial_pipeline.stages.strategy.canary.runtime_config.kubernetes.service_networking.pod_selector_label fields to google_clouddeploy_delivery_pipeline resource (#​19100)
  • compute: added send_secondary_ip_range_if_empty to google_compute_subnetwork (#​19122)
  • discoveryengine: added skip_default_schema_creation field to google_data_store resource (#​19017)
  • dns: changed load_balancer_type field from required to optional in google_dns_record_set (#​19050)
  • firestore: added cmek_config field to google_firestore_database resource (#​19107)
  • servicenetworking: added update_on_creation_fail field to google_service_networking_connection resource. When it is set to true, enforce an update of the reserved peering ranges on the existing service networking connection in case of a new connection creation failure. (#​19035)
  • sql: added server_ca_mode field to google_sql_database_instance resource (#​18998)

BUG FIXES:

  • bigquery: made google_bigquery_dataset_iam_member non-authoritative. To remove a bigquery dataset iam member, use an authoritative resource like google_bigquery_dataset_iam_policy (#​19121)
  • cloudfunctions2: fixed a "Provider produced inconsistent final plan" bug affecting the service_config.environment_variables field in google_cloudfunctions2_function resource (#​19024)
  • cloudfunctions2: fixed a permadiff on storage_source.generation in google_cloudfunctions2_function resource (#​19031)
  • compute: fixed issue where sub-resources managed by google_compute_forwarding_rule prevented resource deletion (#​19117)
  • logging: changed google_logging_project_bucket_config.enable_analytics behavior to set "no preference" in analytics if omitted, instead of explicitly disabling analytics. (#​19126)
  • workbench: fixed a bug with google_workbench_instance metadata drifting when using custom containers. (#​19119)

v5.41.0

Compare Source

DEPRECATIONS:

  • resourcemanager: deprecated skip_delete field in the google_project resource. Use deletion_policy instead. (#​18867)

FEATURES:

  • New Data Source: google_logging_log_view_iam_policy (#​18990)
  • New Data Source: google_scc_v2_organization_source_iam_policy (#​19004)
  • New Resource: google_access_context_manager_service_perimeter_dry_run_egress_policy (#​18994)
  • New Resource: google_access_context_manager_service_perimeter_dry_run_ingress_policy (#​18994)
  • New Resource: google_scc_v2_folder_mute_config (#​18924)
  • New Resource: google_scc_v2_project_mute_config (#​18993)
  • New Resource: google_scc_v2_project_notification_config (#​19008)
  • New Resource: google_scc_v2_organization_source (#​19004)
  • New Resource: google_scc_v2_organization_source_iam_binding (#​19004)
  • New Resource: google_scc_v2_organization_source_iam_member (#​19004)
  • New Resource: google_scc_v2_organization_source_iam_policy (#​19004)
  • New Resource: google_logging_log_view_iam_binding (#​18990)
  • New Resource: google_logging_log_view_iam_member (#​18990)
  • New Resource: google_logging_log_view_iam_policy (#​18990)

IMPROVEMENTS:

  • clouddeploy: added gke.proxy_url field to google_clouddeploy_target (#​19016)
  • cloudrunv2: added field binary_authorization.policy to resource google_cloud_run_v2_job and resource google_cloud_run_v2_service to support named binary authorization policy. (#​18995)
  • compute: added source_regions field to google_compute_healthcheck resource (#​19006)
  • compute: added update-in-place support for the google_compute_target_https_proxy.server_tls_policy field (#​18996)
  • compute: added update-in-place support for the google_compute_region_target_https_proxy.server_tls_policy field (#​19007)
  • container: added auto_provisioning_locations field to google_container_cluster (#​18928)
  • dataform: added kms_key_name field to google_dataform_repository resource (#​18947)
  • discoveryengine: added skip_default_schema_creation field to google_discovery_engine_data_store resource (#​19017)
  • gkehub: added configmanagement.management and configmanagement.config_sync.enabled fields to google_gkehub_feature_membership (#​19016)
  • gkehub: added management field to google_gke_hub_feature.fleet_default_member_config.configmanagement (#​18963)
  • resourcemanager: added deletion_policy field to the google_project resource. Setting deletion_policy to PREVENT will protect the project against any destroy actions caused by a terraform apply or terraform destroy. Setting deletion_policy to ABANDON allows the resource to be abandoned rather than deleted and it behaves the same with skip_delete = true. Default value is DELETE. skip_delete = true takes precedence over deletion_policy = "DELETE".
  • storage: added force_destroy field to google_storage_managed_folder resource (#​18973)
  • storage: added generation field to google_storage_bucket_object resource (#​18971)

BUG FIXES:

  • compute: fixed google_compute_instance.alias_ip_range update behavior to avoid temporarily deleting unchanged alias IP ranges (#​19015)
  • compute: fixed the bug that creation of PSC forwarding rules fails in google_compute_forwarding_rule resource when provider default labels are set (#​18984)
  • sql: fixed a perma-diff in settings.insights_config in google_sql_database_instance (#​18962)

v5.40.0

Compare Source

IMPROVEMENTS:

  • bigquery: added support for value DELTA_LAKE to source_format in google_bigquery_table resource (#​18915)
  • compute: added access_mode field to google_compute_disk resource (#​18857)
  • compute: added stack_type, and gateway_ip_version fields to google_compute_router resource (#​18839)
  • container: added field ray_operator_config for resource_container_cluster (#​18825)
  • container: promoted additional_node_network_configs and additional_pod_network_configs fields to GA in the google_container_node_pool resource (#​18842)
  • container: promoted enable_multi_networking to GA in the google_container_cluster resource (#​18842)
  • monitoring: updated goal field to accept a max threshold of up to 0.9999 in google_monitoring_slo resource to 0.9999 (#​18845)
  • networkconnectivity: added export_psc field to google_network_connectivity_hub resource (#​18866)
  • sql: added enable_dataplex_integration field to google_sql_database_instance resource (#​18852)

BUG FIXES:

  • bigquery: fixed a permadiff when handling "assets" in params in the google_bigquery_data_transfer_config resource (#​18898)
  • bigquery: fixed an issue preventing certain keys in params from being assigned values in google_bigquery_data_transfer_config (#​18888)
  • compute: fixed perma-diff of advertised_ip_ranges field in google_compute_router resource (#​18869)
  • container: fixed perma-diff on node_config.guest_accelerator.gpu_driver_installation_config field in GKE 1.30+ in google_container_node_pool resource (#​18835)
  • sql: fixed a perma-diff in settings.insights_config in google_sql_database_instance (#​18962)

v5.39.1

Compare Source

BUG FIXES:

  • datastream: fixed a breaking change in 5.39.0 google_datastream_stream that made one of destination_config.bigquery_destination_config.merge or destination_config.bigquery_destination_config.append_only required (#​18903)

v5.39.0

Compare Source

NOTES:

  • networkconnectivity: migrated google_network_connectivity_hub from DCL to MMv1 (#​18724)
  • networkconnectivity: migrated google_network_connectivity_spoke from DCL to MMv1 (#​18779)

DEPRECATIONS:

  • bigquery: deprecated allow_resource_tags_on_deletion in google_bigquery_table. (#​18811)
  • bigqueryreservation: deprecated multi_region_auxiliary on google_bigquery_reservation. (#​18803)
  • datastore: deprecated the resource google_datastore_index. Use the google_firestore_index resource instead. (#​18781)

FEATURES:

  • New Resource: google_apigee_environment_keyvaluemaps_entries (#​18707)
  • New Resource: google_apigee_environment_keyvaluemaps (#​18707)
  • New Resource: google_compute_resize_request (#​18725)
  • New Resource: google_compute_router_route_policy (#​18759)
  • New Resource: google_scc_v2_organization_mute_config (#​18752)

IMPROVEMENTS:

  • alloydb: added observability_config field to google_alloydb_instance resource (#​18743)
  • bigquery: added resource_tags field to google_bigquery_dataset resource (ga) (#​18711)
  • bigquery: added resource_tags field to google_bigquery_table resource (#​18741)
  • bigtable: added data_boost_isolation_read_only and data_boost_isolation_read_only.compute_billing_owner fields to google_bigtable_app_profile resource (#​18819)
  • cloudfunctions: added build_service_account field to google_cloudfunctions_function resource (#​18702)
  • compute: added aws_v4_authentication fields to google_compute_backend_service resource (#​18796)
  • compute: added custom_learned_ip_ranges and custom_learned_route_priority fields to google_compute_router_peer resource (#​18727)
  • compute: added export_policies and import_policies fields to google_compute_router_peer resource (#​18759)
  • compute: added shared_secret field to google_compute_public_advertised_prefix resource (#​18786)
  • compute: added storage_pool under boot_disk.initialize_params to google_compute_instance resource (#​18817)
  • compute: changed target_service field on the google_compute_service_attachment resource to accept a ForwardingRule or Gateway URL. (#​18742)
  • container: added field ray_operator_config for google_container_cluster (#​18825)
  • datastream: added merge and append_only fields to google_datastream_stream resource (#​18726)
  • datastream: promoted source_config.sql_server_source_config and backfill_all.sql_server_excluded_objects fields in google_datastream_stream resource from beta to GA (#​18732)
  • datastream: promoted sql_server_profile field in google_datastream_connection_profile resource from beta to GA (#​18732)
  • dlp: added cloud_storage_target field to google_data_loss_prevention_discovery_config resource (#​18740)
  • resourcemanager: added check_if_service_has_usage_on_destroy field to google_project_service resource (#​18753)
  • resourcemanager: added the member property to google_project_service_identity (#​18695)
  • vmwareengine: added deletion_delay_hours field to google_vmwareengine_private_cloud resource (#​18698)
  • vmwareengine: supported type change from TIME_LIMITED to STANDARD for multi-node google_vmwareengine_private_cloud resource (#​18698)
  • workbench: added access_configs to google_workbench_instance resource (#​18737)

BUG FIXES:

  • compute: fixed perma-diff for interconnect_type being DEDICATED in google_compute_interconnect resource (#​18761)
  • dialogflowcx: fixed intermittent issues with retrieving resource state soon after creating google_dialogflow_cx_security_settings resources (#​18792)
  • firestore: fixed missing import of field for google_firestore_field. (#​18771)
  • firestore: fixed bug where fields database, collection, document_id, and field could not be updated on google_firestore_document and google_firestore_field resources. (#​18821)
  • netapp: made the smb_settings field on the google_netapp_volume resource default to the value returned from the API. This solves permadiffs when the field is unset. (#​18790)
  • networksecurity: added recreate functionality on update for client_validation_mode and client_validation_trust_config in google_network_security_server_tls_policy (#​18769)

v5.38.0

Compare Source

FEATURES:

  • New Data Source: google_gke_hub_membership_binding (#​18680)
  • New Data Source: google_site_verification_token (#​18688)
  • New Resource: google_scc_project_notification_config (#​18682)

IMPROVEMENTS:

  • compute: promoted labels field on google_compute_global_address resource from beta to GA (#​18646)
  • compute: made the google_compute_resource_policy resource updatable in-place (#​18673)
  • privilegedaccessmanager: promoted google_privileged_access_manager_entitlement resource from beta to GA (#​18686)
  • vertexai: added project_number field to google_vertex_ai_feature_online_store_featureview resource (#​18637)

BUG FIXES:

  • cloudfunctions2: fixed permadiffs on service_config.environment_variables field in google_cloudfunctions2_function resource (#​18651)

v5.37.0

Compare Source

FEATURES:

  • New Data Source: google_kms_crypto_keys (#​18605)
  • New Data Source: google_kms_key_rings (#​18611)
  • New Resource: google_scc_v2_organization_notification_config (#​18594)
  • New Resource: google_secure_source_manager_repository (#​18576)
  • New Resource: google_storage_managed_folder_iam (#​18555)
  • New Resource: google_storage_managed_folder (#​18555)

IMPROVEMENTS:

  • certificatemanager: added allowlisted_certificates field to google_certificate_manager_trust_config resource (#​18587)
  • compute: added max_run_duration and on_instance_stop_action fields to google_compute_instance, google_compute_instance_template, and google_compute_instance_from_machine_image resources (#​18623)
  • dataplex: added sql_assertion field to google_dataplex_datascan resource (#​18559)
  • gkehub: added fleet_default_member_config.configmanagement.config_sync.enabled field to google_gke_hub_feature resource (#​18582)
  • netapp: added zone and replica_zone field to google_netapp_storage_pool resource (#​18609)
  • vertexai: added project_number field to google_vertex_ai_feature_online_store_featureview resource (#​18637)
  • workstations: added host.gce_instance.vm_tags field to google_workstations_workstation_config resource (#​18588)

BUG FIXES:

  • compute: fixed a bug preventing the creation of google_compute_autoscaler and google_compute_region_autoscaler resources if both autoscaling_policy.max_replicas and autoscaling_policy.min_replicas were configured as zero. (#​18607)
  • resourcemanager: mitigated eventual consistency issues by adding a 10s wait after google_service_account_key resource creation (#​18566)
  • vertexai: fixed issue where updating "metadata" field could fail in google_vertex_ai_index resource (#​18632)

v5.36.0

Compare Source

FEATURES:

  • New Resource: google_storage_managed_folder_iam (#​18555)
  • New Resource: google_storage_managed_folder (#​18555)

IMPROVEMENTS:

  • bigtable: added ignore_warnings field to google_bigtable_gc_policy resource (#​18492)
  • cloudfunctions2: added build_config.automatic_update_policy and build_config.on_deploy_update_policy fields to google_cloudfunctions2_function resource (#​18540)
  • compute: added confidential_instance_config.confidential_instance_type field to google_compute_instance, google_compute_instance_template, and google_compute_region_instance_template resources (#​18554)
  • compute: added custom_error_response_policy and default_custom_error_response_policy fields to google_compute_url_map resource (#​18511)
  • compute: added tls_early_data field to google_compute_target_https_proxy resource (#​18512)
  • compute: promoted google_compute_network_attachment resource from beta to GA (#​18494)
  • datafusion: added connection_type and private_service_connect_config fields to google_data_fusion_instance resource (#​18525)
  • healthcare: added encryption_spec field to google_healthcare_dataset resource (#​18528)
  • monitoring: added links field to google_monitoring_alert_policy resource (#​18549)
  • vertexai: added update support for big_query.entity_id_columns field on google_vertex_ai_feature_group resource (#​18493)
  • vertexai: promoted dedicated_serving_endpoint field on google_vertex_ai_feature_online_store resource from beta to GA (#​18513)

BUG FIXES:

  • accesscontextmanager: fixed perma-diff caused by ordering of service_perimeters in google_access_context_manager_service_perimeters resource (#​18520)
  • compute: fixed a crash in google_compute_reservation resource when share_settings field has changes (#​18498)
  • compute: fixed issue in google_compute_instance resource where service_account is not set when specifying service_account.email and no service_account.scopes (#​18521)
  • gkehub2: fixed google_gke_hub_feature resource to allow fleet_default_member_config field to be unset (#​18487)
  • identityplatform: fixed perma-diff on google_identity_platform_config resource when sms_region_config is not set (#​18537)
  • logging: fixed perma-diff on index_configs in google_logging_organization_bucket_config resource (#​18501)

v5.35.0

Compare Source

FEATURES:

  • New Data Source: google_artifact_registry_docker_image (#​18446)
  • New Resource: google_service_networking_vpc_service_controls (#​18448)

IMPROVEMENTS:

  • billingbudget: added enable_project_level_recipients field to google_billing_budget resource (#​18437)
  • compute: added action_token_site_keys and session_token_site_keys fields to google_compute_security_policy and google_compute_security_policy_rule resources (#​18414)
  • gkehub2: added ENTERPRISE option to security_posture_config field on google_gke_hub_fleet resource (#​18440)
  • pubsub: added bigquery_config.service_account_email field to google_pubsub_subscription resource (#​18444)
  • redis: added maintenance_version field to google_redis_instance resource (#​18424)
  • storage: changed update behavior in google_storage_bucket_object to no longer delete to avoid object deletion on content update (#​18479)
  • sql: added support for more MySQL values in type field of google_sql_user resource (#​18452)
  • sql: increased timeouts on google_sql_database_instance to 90m to account for longer-running actions such as creation through cloning (#​18458)
  • workbench: added update support to gce_setup.boot_disk and gce_setup.data_disks fields in google_workbench_instance resource (#​18482)

BUG FIXES:

  • compute: updated google_compute_instance to force reboot if min_node_cpus is updated (#​18420)
  • compute: fixed description field in google_compute_firewall to support empty/null values on update (#​18478)
  • compute: fixed perma-diff on google_compute_disk for Ubuntu amd64 canonical LTS images (#​18418)
  • storage: fixed lowercased custom_placement_config values in google_storage_bucket causing perma-destroy (#​18456)
  • workbench: fixed issue where instance was not starting after an update in google_workbench_instance resource (#​18464)
  • workbench: fixed perma-diff caused by empty accelerator_configs in google_workbench_instance resource (#​18464)

v5.34.0

Compare Source

NOTES:

  • compute: Updated field description of connection_draining_timeout_sec, balancing_mode and outlier_detection in google_compute_region_backend_service and google_compute_backend_service to inform that default values will be changed in 6.0.0 (#​18399)

FEATURES:

  • New Resource: google_netapp_backup (#​18357)
  • New Resource: google_network_services_service_lb_policies (#​18326)
  • New Resource: google_scc_management_folder_security_health_analytics_custom_module (#​18360)
  • New Resource: google_scc_management_project_security_health_analytics_custom_module (#​18369)
  • New Resource: google_scc_management_organization_security_health_analytics_custom_module (#​18374)

IMPROVEMENTS:

  • alloydb: changed the resource google_alloydb_instance to be created directly with public IP enabled instead of creating the resource with public IP disabled and then enabling it (#​18344)
  • bigtable: added automated_backup_configuration field to google_bigtable_table resource (#​18335)
  • cloudbuildv2: added support for connecting to Bitbucket Data Center and Bitbucket Cloud with the bitbucket_data_center_config and bitbucket_cloud_config fields in google_cloudbuildv2_connection (#​18375)
  • compute: added update support to ssl_policy field in google_compute_region_target_https_proxy resource (#​18361)
  • compute: removed enum validation on guest_os_features.type in google_compute_disk to allow for new features to be used without provider update (#​18331)
  • compute: updated documentation of google_compute_target_https_proxy and google_compute_region_target_https_proxy (#​18358)
  • container: added support for security_posture_config.mode value "ENTERPRISE" in resource_container_cluster (#​18334)
  • discoveryengine: added document_processing_config field to google_discovery_engine_data_store resource (#​18350)
  • edgecontainer: added 'maintenance_exclusions' field to 'google_edgecontainer_cluster' resource (#​18370)
  • gkehub: added prevent_drift field to ConfigManagement fleet_default_member_config (#​18330)
  • netapp: added administrators field to google_netapp_active_directory resource (#​18333)
  • vertexai: promoted optimized field to GA for google_vertex_ai_feature_online_store resource (#​18348)
  • workbench: updated the metadata keys managed by the backend. (#​18367)

BUG FIXES:

  • compute: fixed an issue where google_compute_instance_group_manager with a pending operation was incorrectly removed due to the operation no longer being present in the backend (#​18380)
  • compute: fixed issue where users could not create google_compute_security_policy resources with layer_7_ddos_defense_config explicitly disabled (#​18345)
  • workbench: fixed a bug in the google_workbench_instance resource where specifying a network in some scenarios would cause instance creation to fail (#​18404

v5.33.0

Compare Source

DEPRECATIONS:

  • healthcare: deprecated notification_config in google_healthcare_fhir_store resource. Use notification_configs instead. (#​18306)

FEATURES:

  • New Data Source: google_compute_security_policy (#​18316)
  • New Resource: google_compute_project_cloud_armor_tier (#​18319)
  • New Resource: google_network_services_service_lb_policies (#​18326)
  • New Resource: google_scc_management_organization_event_threat_detection_custom_module (#​18317)
  • New Resource: google_spanner_instance_config (#​18322)

IMPROVEMENTS:

  • appengine: added flexible_runtime_settings field to google_app_engine_flexible_app_version resource (#​18325)
  • bigtable: added force_destroy field to google_bigtable_instance resource. This will force delete any backups present in the instance and allow the instance to be deleted. (#​18291)
  • clouddeploy: added execution_configs.verbose field to google_clouddeploy_target resource (#​18292)
  • compute: added storage_pool field to google_compute_disk resource (#​18273)
  • dlp: added secrets_discovery_target, cloud_sql_target.filter.database_resource_reference, and big_query_target.filter.table_reference fields to google_data_loss_prevention_discovery_config resource (#​18324)
  • gkebackup: added backup_schedule.backup_config.permissive_mode field to google_gke_backup_backup_plan resource (#​18266)
  • gkebackup: added restore_config.restore_order field to google_gke_backup_restore_plan resource (#​18266)
  • gkebackup: added restore_config.volume_data_restore_policy_bindings field to google_gke_backup_restore_plan resource (#​18266)
  • gkebackup: added new enum values MERGE_SKIP_ON_CONFLICT, MERGE_REPLACE_VOLUME_ON_CONFLICT and MERGE_REPLACE_ON_CONFLICT to field restore_config.namespaced_resource_restore_mode in google_gke_backup_restore_plan resource (#​18266)
  • healthcare: added notification_config.send_for_bulk_import field to google_healthcare_dicom_store resource (#​18320)
  • healthcare: added notification_configs field to google_healthcare_fhir_store resource (#​18306)
  • integrationconnectors: added endpoint_global_access field to google_integration_connectors_endpoint_attachment resource (#​18293)
  • netapp: added backup_config field to google_netapp_volume resource (#​18286)
  • redis: added zone_distribution_config field to google_redis_cluster resource (#​18307)
  • resourcemanager: added support for range_type = "default-domains-netblocks" in google_netblock_ip_ranges data source (#​18290)
  • secretmanager: added support for IAM conditions in google_secret_manager_secret_iam_* resources (#​18294)
  • workstations: added boot_disk_size_gb, enable_nested_virtualization, and pool_size to host.gce_instance.boost_configs in google_workstations_workstation_config resource (#​18310)

BUG FIXES:

  • container: fixed google_container_node_pool crash if node_config.secondary_boot_disks.mode is not set (#​18323)
  • dlp: removed required on inspect_config.limits.max_findings_per_info_type.info_type field to allow the use of default limit by not setting this field in google_data_loss_prevention_inspect_template resource (#​18285)
  • provider: fixed application default credential and access token authorization when universe_domain is set (#​18272)

v5.32.0

Compare Source

NOTES:

  • privateca: converted google_privateca_certificate_template to now use the MMv1 engine instead of DCL (#​18224)

FEATURES:

  • New Resource: google_dataplex_entry_type (#​18229)
  • New Resource: google_logging_log_view_iam_binding (#​18243)
  • New Resource: google_logging_log_view_iam_member (#​18243)
  • New Resource: google_logging_log_view_iam_policy (#​18243)

IMPROVEMENTS:

  • alloydb: added psc_config field to google_alloydb_cluster resource (#​18263)
  • alloydb: added psc_instance_config field to google_alloydb_instance resource (#​18263)
  • cloudrunv2: added default_uri_disabled field to resource google_cloud_run_v2_service resource (#​18246)
  • compute: added NONE to acceptable options for update_policy.minimal_action field in google_compute_instance_group_manager resource (#​18236)
  • looker: increased validation length of name to google_looker_instance resource (#​18244)
  • sql: updated support for a new value week5 in field setting.maintenance_window.update_track in google_sql_database_instance resource (#​18223)

BUG FIXES:

  • cloudrunv2: added validation for timeout field to google_cloud_run_v2_job and google_cloud_run_v2_service resources (#​18260)
  • compute: fixed permadiff in ordering of advertised_ip_ranges.range field on google_compute_router resource (#​18228)
  • iam: added a 10 second sleep when creating a 'google_service_account' resource to reduce eventual consistency errors(#​18261)
  • storage: fixed google_storage_bucket.lifecycle_rule.condition block fields days_since_noncurrent_time and days_since_custom_time and num_newer_versions were not working for 0 value (#​18231)

v5.31.1

Compare Source

BUG FIXES:

v5.31.0

Compare Source

FEATURES:

  • New Data Source: google_compute_subnetworks (#​18159)
  • New Resource: google_dataplex_aspect_type (#​18201)
  • New Resource: google_dataplex_entry_group (#​18188)
  • New Resource: google_kms_autokey_config (#​18179)
  • New Resource: google_kms_key_handle (#​18179)
  • New Resource: google_network_services_lb_route_extension (#​18195)

IMPROVEMENTS:

  • appengine: added field instance_ip_mode to resource google_app_engine_flexible_app_version resource (beta) (#​18168)
  • bigquery: added external_data_configuration.bigtable_options to google_bigquery_table (#​18181)
  • composer: added support for importing google_composer_user_workloads_secret via the "{{environment}}/{{name}}" format. (#​7390)
  • composer: improved timeouts for google_composer_user_workloads_secret. (#​7390)
  • compute: added TLS_JA3_FINGERPRINT and USER_IP options in field rate_limit_options.enforce_on_key to google_compute_security_policy resource (#​18167)
  • compute: added 'rateLimitOptions' field to 'google_compute_security_policy_rule' resource (#​18167)
  • compute: changed google_compute_region_ssl_policy's region field to optional and allow to be inferred from environment (#​18178)
  • compute: added subnet_length field to google_compute_interconnect_attachment resource (#​18187)
  • container: added containerd_config field and subfields to google_container_cluster and google_container_node_pool resources, to allow those resources to access private image registries. (#​18160)
  • container: allowed both enable_autopilot and workload_identity_config to be set in google_container_cluster resource. (#​18166)
  • datastream: added create_without_validation field to google_datastream_connection_profile, google_datastream_private_connection and google_datastream_stream resources (#​18176)
  • network-security: added trust_config, min_tls_version, tls_feature_profile and custom_tls_features fields to google_network_security_tls_inspection_policy resource (#​18139)
  • networkservices: made field load_balancing_scheme immutable in resource google_network_services_lb_traffic_extension, as in-place updating is always failing (#​18195)
  • networkservices: made required fields extension_chains.extensions.authority and extension_chains.extensions.timeout optional in resource google_network_services_lb_traffic_extension (#​18195)
  • networkservices: removed unsupported load balancing scheme LOAD_BALANCING_SCHEME_UNSPECIFIED from the field load_balancing_scheme in resource google_network_services_lb_traffic_extension (#​18195)
  • pubsub: added cloud_storage_config.filename_datetime_format field to google_pubsub_subscription resource (#​18180)
  • tpu: added type of accelerator_config to google_tpu_v2_vm resource (#​18148)

BUG FIXES:

  • monitoring: fixed a permadiff with monitored_resource.labels property in the google_monitoring_uptime_check_config resource (#​18174)
  • storage: fixed a bug where field autoclass block is generating permadiff whenever the block is removed from the config in google_storage_bucket resource (#​18197)
  • storagetransfer: fixed a permadiff with transfer_spec.0.aws_s3_data_source.0.aws_access_key resource_storage_transfer_job (#​18190)

v5.30.0

Compare Source

FEATURES:

  • New Data Source: google_cloud_asset_resources_search_all (#​18129)
  • New Resource: google_compute_interconnect (#​18064)
  • New Resource: google_network_services_lb_traffic_extension (#​18138)

IMPROVEMENTS:

  • compute: added kms_key_name field to google_bigquery_connection resource (#​18057)
  • compute: added auto_network_tier field to google_compute_router_nat resource (#​18055)
  • compute: promoted enable_ipv4, ipv4_nexthop_address and peer_ipv4_nexthop_address fields in google_compute_router_peer resource to GA (#​18056)
  • compute: promoted identifier_range field in google_compute_router resource to GA (#​18056)
  • compute: promoted ip_version field in google_compute_router_interface resource to GA (#​18056)
  • container: added KUBELET and CADVISOR options to monitoring_config.enable_components in google_container_cluster resource (#​18090)
  • dataproc: added local_ssd_interface to google_dataproc_cluster resource (#​18137)
  • dataprocmetastore: promoted google_dataproc_metastore_federation to GA (#​18084)
  • dlp: added cloud_sql_target field to google_data_loss_prevention_discovery_config resource (#​18063)
  • netapp: added FLEX value to field service_level in google_netapp_storage_pool resource (#​18088)
  • networksecurity: added trust_config, min_tls_version, tls_feature_profile and custom_tls_features fields to google_network_security_tls_inspection_policy resource (#​18139)
  • networkservices: supported in-place update for gateway_security_policy and certificate_urls fields in google_network_services_gateway resource (#​18082)

BUG FIXES:

  • compute: fixed a perma-diff on machine_type field in google_compute_instance resource (#​18071)
  • compute: fixed a perma-diff on type field in google_compute_disk resource (#​18071)
  • storage: fixed update issue for lifecycle_rule.condition.custom_time_before and lifecycle_rule.condition.noncurrent_time_before in google_storage_bucket resource (#​18127)

v5.29.1

Compare Source

BREAKING CHANGES:

  • compute: removed secondary_ip_range.reserved_internal_range field from google_compute_subnetwork (18133)

v5.29.0

Compare Source

NOTES:

  • compute: added documentation for md5_authentication_key field in google_compute_router_peer resource. The field was introduced in v5.12.0, but documentation was unintentionally omitted at that time. (#​17991)

FEATURES:

  • New Resource: google_bigtable_authorized_view (#​18006)
  • New Resource: google_integration_connectors_managed_zone (#​18029)
  • New Resource: google_network_connectivity_regional_endpoint (#​18014)
  • New Resource: google_network_security_security_profile (#​18025)
  • New Resource: google_network_security_security_profile_group (#​18025)
  • New Resource: google_network_security_firewall_endpoint (#​18025)
  • New Resource: google_network_security_firewall_endpoint_association (#​18025)

IMPROVEMENTS:

  • clouddeploy: added custom_target field to google_clouddeploy_target resource (#​18000)
  • clouddeploy: added google_cloud_build_repo to custom_target_type resource (#​18040)
  • compute: added preconfigured_waf_config field to google_compute_region_security_policy_rule resource; (#​18039)
  • compute: added rate_limit_options field to google_compute_region_security_policy_rule resource; (#​18039)
  • compute: added security_profile_group, tls_inspect to google_compute_firewall_policy_rule (#​18000)
  • compute: added security_profile_group, tls_inspect to google_compute_network_firewall_policy_rule (#​18000)
  • compute: added fields reserved_internal_range and secondary_ip_ranges.reserved_internal_range to google_compute_subnetwork resource (#​18026)
  • container: added dns_config.additive_vpc_scope_dns_domain field to google_container_cluster resource (#​18031)
  • container: added enable_nested_virtualization field to google_container_node_pool and google_container_cluster resource. (#​18015)
  • iam: added extra_attributes_oauth2_client field to google_iam_workforce_pool_provider resource (#​18027)
  • privateca: added maximum_lifetime field to google_privateca_certificate_template resource (#​18000)

v5.28.0

Compare Source

DEPRECATIONS:

  • integrations: deprecated create_sample_workflows and provision_gmek fields in google_integrations_client. (#​17945)

FEATURES:

  • New Data Source: google_storage_buckets (#​17960)
  • New Resource: google_compute_security_policy_rule (#​17937)

IMPROVEMENTS:

  • alloydb: added maintenance_update_policy field to google_alloydb_cluster resource (#​17954)
  • bigquery: promoted external_dataset_reference in google_bigquery_dataset to GA (#​17944)
  • composer: promoted config.software_config.image_version in-place update to GA in resource google_composer_environment (#​17986)
  • container: added node_config.secondary_boot_disks field to google_container_node_pool (#​17962)
  • integrations: added create_sample_integrations field to google_integrations_client, replacing deprecated field create_sample_workflows. (#​17945)
  • redis: added redis_configs field to google_redis_cluster resource (#​17956)

BUG FIXES:

  • dns: fixed bug where the deletion of google_dns_managed_zone resources was blocked by any associated SOA-type google_dns_record_set resources (#​17989)
  • storage: fixed an issue where google_storage_bucket_object and google_storage_bucket_objects data sources would ignore custom endpoints (#​17952)

v5.27.0

Compare Source

FEATURES:

  • New Data Source: google_storage_bucket_objects (#​17920)
  • New Resource: google_compute_security_policy_rule (#​17937)
  • New Resource: google_data_loss_prevention_discovery_config (#​17887)
  • New Resource: google_integrations_auth_config (#​17917)
  • New Resource: google_network_connectivity_internal_range (#​17909)

IMPROVEMENTS:

  • alloydb: added network_config field to google_alloydb_instance resource (#​17921)
  • alloydb: added public_ip_address field to google_alloydb_instance resource (#​17921)
  • apigee: added forward_proxy_uri field to google_apigee_environment resource (#​17902)
  • bigquerydatapolicy: added data_masking_policy.routine field to google_bigquery_data_policy resource (#​17885)
  • compute: added server_tls_policy field to google_compute_region_target_https_proxy resource (#​17934)
  • logging: added intercept_children field to google_logging_organization_sink and google_logging_folder_sink resources (#​17932)
  • monitoring: added service_agent_authentication field to google_monitoring_uptime_check_config resource (#​17929)
  • privateca: added subject_key_id field to google_privateca_certificate and google_privateca_certificate_authority resources (#​17923)
  • secretmanager: added version_destroy_ttl field to google_secret_manager_secret resource (#​17888)

BUG FIXES:

  • appengine: added suppression for a diff in google_app_engine_standard_app_version.automatic_scaling when the block is unset in configuration (#​17905)
  • sql: fixed issues with updating the enable_google_ml_integration field in google_sql_database_instance resource (#​17878)

v5.26.0

Compare Source

FEATURES:

  • New Resource: google_project_iam_member_remove (#​17871)

IMPROVEMENTS:

  • apigee: added support for api_consumer_data_location, api_consumer_data_encryption_key_name, and control_plane_encryption_key_name in google_apigee_organization (#​17874)
  • artifactregistry: added remote_repository_config.<facade>_repository.custom_repository.uri field to google_artifact_registry_repository resource. (#​17840)
  • bigquery: added resource_tags field to google_bigquery_table resource (#​17876)
  • billing: added ownership_scope field to google_billing_budget resource (#​17868)
  • cloudfunctions2: added build_config.service_account field to google_cloudfunctions2_function resource (#​17841)
  • resourcemanager: added the field api_method to datasource google_active_folder so you can use either SEARCH or LIST to find your folder (#​17877)
  • storage: added labels validation to google_storage_bucket resource (#​17806)

BUG FIXES:

  • apigee: fixed permadiff in ordering of google_apigee_organization.properties.property. (#​17850)
  • cloudrun: fixed the bug that computed metadata.0.labels and metadata.0.annotations fields don't appear in terraform plan when creating resource google_cloud_run_service and google_cloud_run_domain_mapping (#​17815)
  • dns: fixed bug where some methods of authentication didn't work when using dns data sources (#​17847)
  • iam: fixed a bug that prevented setting create_ignore_already_exists on existing resources in google_service_account. (#​17856)
  • sql: fixed issues with updating the enable_google_ml_integration field in google_sql_database_instance resource (#​17878)
  • storage: added validation to name field in google_storage_bucket resource (#​17858)
  • vmwareengine: fixed stretched cluster creation in google_vmwareengine_private_cloud (#​17875)

v5.25.0

Compare Source

FEATURES:

  • New Data Source: google_tags_tag_keys (#​17782)
  • New Data Source: google_tags_tag_values (#​17782)

IMPROVEMENTS:

  • bigquery: added in-place schema column drop support for google_bigquery_table resource (#​17777)
  • compute: added endpoint_types field to google_compute_router_nat resource (#​17771)
  • compute: increased timeouts from 8 minutes to 20 minutes for google_compute_security_policy resource (#​17793)
  • compute: promoted google_compute_instance_settings to GA (#​17781)
  • container: added stateful_ha_config field to google_container_cluster resource (#​17796)
  • firestore: added vector_config field to google_firestore_index resource (#​17758)
  • gkebackup: added backup_schedule.rpo_config field to google_gke_backup_backup_plan resource (#​17805)
  • networksecurity: added disabled field to google_network_security_firewall_endpoint_association resource; (#​17762)
  • sql: added enable_google_ml_integration field to google_sql_database_instance resource (#​17798)
  • storage: added labels validation to google_storage_bucket resource (#​17806)
  • vmwareengine: added preferred_zone and secondary_zone fields to google_vmwareengine_private_cloud resource (#​17803)

BUG FIXES:

  • networksecurity: fixed an issue where google_network_security_firewall_endpoint_association resources could not be created due to a bad parameter (#​17762)
  • privateca: fixed permission issue by specifying signer certs chain when activating a sub-CA across regions for google_privateca_certificate_authority resource (#​17783)

v5.24.0

Compare Source

IMPROVEMENTS:

  • container: added enable_cilium_clusterwide_network_policy field to google_container_cluster resource (#​17738)
  • container: added node_pool_auto_config.resource_manager_tags field to google_container_cluster resource (#​17715)
  • gkeonprem: added disable_bundled_ingress field to google_gkeonprem_vmware_cluster resource (#​17718)
  • redis: added node_type and precise_size_gb fields to google_redis_cluster (#​17742)
  • storage: added project_number attribute to google_storage_bucket resource and data source (#​17719)
  • storage: added ability to provide project argument to google_storage_bucket data source. This will not impact reading the resource's data, instead this helps users avoid calls to the Compute API within the data source. (#​17719)

BUG FIXES:

  • appengine: fixed a crash in google_app_engine_flexible_app_version due to the deployment field not being returned by the API (#​17744)
  • bigquery: fixed a crash when google_bigquery_table had a primary_key.columns entry set to "" (#​17721)
  • compute: fixed update scenarios ongoogle_compute_region_target_https_proxy and google_compute_target_https_proxy resources. (#​17733)

v5.23.0

Compare Source

NOTES:

DEPRECATIONS:

  • kms: deprecated attestation.external_protection_level_options in favor of external_protection_level_options in google_kms_crypto_key_version (#​17704)

FEATURES:

  • New Data Source: google_apphub_application (#​17679)
  • New Resource: google_cloud_quotas_quota_preference (#​17637)
  • New Resource: google_vertex_ai_deployment_resource_pool (#​17707)
  • New Resource: google_integrations_client (#​17640)

IMPROVEMENTS:

  • bigquery: added dataGovernanceType to google_bigquery_routine resource (#​17689)
  • bigquery: added support for external_data_configuration.json_extension to google_bigquery_table (#​17663)
  • compute: added cloud_router_ipv6_address, customer_router_ipv6_address fields to google_compute_interconnect_attachment resource (#​17692)
  • compute: added generated_id field to google_compute_region_backend_service resource (#​17639)
  • integrations: added deletion support for google_integrations_client resource (#​17678)
  • kms: added crypto_key_backend field to google_kms_crypto_key resource (#​17704)
  • metastore: added scheduled_backup field to google_dataproc_metastore_service resource (#​17673)
  • provider: added provider-defined function name_from_id for retrieving the short-form name of a resource from its self link or id (#​17694)
  • provider: added provider-defined function project_from_id for retrieving the project id from a resource's self link or id (#​17694)
  • provider: added provider-defined function region_from_zone for deriving a region from a zone's name (#​17694)
  • provider: added provider-defined functions location_from_id, region_from_id, and zone_from_id for retrieving the location/region/zone names from a resource's self link or id (#​17694)

BUG FIXES:

  • cloudrunv2: fixed Terraform state inconsistency when resource google_cloud_run_v2_job creation fails (#​17711)
  • cloudrunv2: fixed Terraform state inconsistency when resource google_cloud_run_v2_service creation fails (#​17711)
  • container: fixed google_container_cluster permadiff when master_ipv4_cidr_block is set for a private flexible cluster (#​17687)
  • dataflow: fixed an issue where the provider would crash when enableStreamingEngine is set as a parameter value in google_dataflow_flex_template_job (#​17712)
  • kms: added top-level external_protection_level_options field in google_kms_crypto_key_version resource (#​17704)

v5.22.0

Compare Source

BREAKING CHANGES:

  • networksecurity: added required field billing_project_id to google_network_security_firewall_endpoint resource. Any configuration without billing_project_id specified will cause resource creation fail (beta) (#​17630)

FEATURES:

  • New Data Source: google_cloud_quotas_quota_info (#​17564)
  • New Data Source: google_cloud_quotas_quota_infos (#​17617)
  • New Resource: google_access_context_manager_service_perimeter_dry_run_resource (#​17614)

IMPROVEMENTS:

  • accesscontextmanager: supported managing service perimeter dry run resources outside the perimeter via new resource google_access_context_manager_service_perimeter_dry_run_resource (#​17614)
  • cloudrunv2: added plan-time validation to restrict number of ports to 1 in google_cloud_run_v2_service (#​17594)
  • composer: added field count to validate number of DAG processors in google_composer_environment (#​17625)
  • compute: added enumeration value SEV_LIVE_MIGRATABLE_V2 for the guest_os_features of google_compute_disk (#​17629)
  • compute: added status.all_instances_config.revision field to google_compute_instance_group_manager and google_compute_region_instance_group_manager (#​17595)
  • compute: added field path_template_match to resource google_compute_region_url_map (#​17571)
  • compute: added field path_template_rewrite to resource google_compute_region_url_map (#​17571)
  • pubsub: added ingestion_data_source_settings field to google_pubsub_topic resource (#​17604)
  • storage: added 'soft_delete_policy' to 'google_storage_bucket' resource (#​17624)

BUG FIXES:

  • accesscontextmanager: fixed an issue with access_context_manager_service_perimeter_ingress_policy and access_context_manager_service_perimeter_egress_policy where updates could not be applied after initial creation. Any updates applied to these resources will now involve their recreation. To ensure that new policies are added before old ones are removed, add a lifecycle block with create_before_destroy = true to your resource configuration alongside other updates. (#​17596)
  • firebase: made the google_firebase_android_app resource's package_name field required and immutable. This prevents API errors encountered by users who attempted to update or leave that field unset in their configurations. (#​17585)
  • spanner: removed validation function for the field version_retention_period in the resource google_spanner_database and directly returned error from backend (#​17621)

v5.21.0

Compare Source

FEATURES:

  • New Data Source: google_apphub_discovered_service (#​17548)
  • New Data Source: google_apphub_discovered_workload (#​17553)
  • New Data Source: google_cloud_quotas_quota_info (#​17564)
  • New Resource: google_apphub_workload (#​17561)
  • New Resource: google_firebase_app_check_device_check_config (#​17517)
  • New Resource: google_iap_tunnel_dest_group (#​17533)
  • New Resource: google_kms_ekm_connection (#​17512)
  • New Resource: google_apphub_application (#​17499)
  • New Resource: google_apphub_service (#​17562)
  • New Resource: google_apphub_service_project_attachment (#​17536)
  • New Resource: google_network_security_firewall_endpoint_association (#​17540)

IMPROVEMENTS:

  • cloudrunv2: added support for scaling.min_instance_count in google_cloud_run_v2_service. (#​17501)
  • compute: added metric.single_instance_assignment and metric.filter to google_compute_region_autoscaler (#​17519)
  • container: added queued_provisioning to google_container_node_pool (#​17549)
  • gkeonprem: allowed vcenter_network to be set in google_gkeonprem_vmware_cluster, previously it was output-only (#​17505)
  • workstations: added support for ephemeral_directories in google_workstations_workstation_config (#​17515)

BUG FIXES:

  • compute: allowed sending empty values for SERVERLESS in google_compute_region_network_endpoint_group resource (#​17500)
  • notebooks: fixed an issue where default tags would cause a diff recreating google_notebooks_instance resources (#​17559)
  • storage: fixed an issue where two or more lifecycle rules with different values of no_age field always generates change in google_storage_bucket resource. (#​17513)

v5.20.0

Compare Source

FEATURES:

  • New Resource: google_clouddeploy_custom_target_type_iam_* (#​17445)

IMPROVEMENTS:

  • certificatemanager: added type field to google_certificate_manager_dns_authorization resource (#​17459)
  • compute: added the network_url attribute to the consumer_accept_list-block of the google_compute_service_attachment resource (#​17492)
  • gkehub: added support for policycontroller.policy_controller_hub_config.policy_content.bundles and policycontroller.policy_controller_hub_config.deployment_configs fields to google_gke_hub_feature_membership (#​17483)

BUG FIXES:

  • artifactregistry: fixed permadiff when google_artifact_repository.docker_config field is unset (#​17484)
  • bigquery: corrected plan-time validation on google_bigquery_dataset.dataset_id (#​17449)
  • kms: fixed issue where google_kms_crypto_key_version.attestation.cert_chains properties were incorrectly set to type string (#​17486)

v5.19.0

Compare Source

FEATURES:

  • New Resource: google_clouddeploy_automation(#​17427)
  • New Resource: google_clouddeploy_target_iam_* (#​17368)

IMPROVEMENTS:

  • bigquery: added remote_function_options field to google_bigquery_routine resource (#​17382)
  • certificatemanager: added location field to google_certificate_manager_dns_authorization resource (#​17358)
  • composer: added validations for composer 2/3 only fields in google_composer_environment (#​17361)
  • compute: added certificate_manager_certificates field to google_compute_region_target_https_proxy resource (#​17365)
  • compute: promoted all_instances_config field in resources google_compute_instance_group_manager and google_compute_region_instance_group_manager to GA (#​17414)
  • container: promoted enable_confidential_storage from node_config in google_container_cluster and google_container_node_pool to GA (#​17367)
  • gkehub2: added namespace_labels field to google_gke_hub_scope resource (#​17421)

BUG FIXES:

  • resourcemanager: added a retry to deleting the default network when auto_create_network is false in google_project (#​17419)

v5.18.0

Compare Source

BREAKING CHANGES:

  • securityposture: marked policy_sets and policy_sets.policies required in google_securityposture_posture. API validation already enforced this, so no resources could be provisioned without these (#​17303)

FEATURES:

  • New Data Source: google_compute_forwarding_rules (#​17342)
  • New Resource: google_firebase_app_check_app_attest_config (#​17279)
  • New Resource: google_firebase_app_check_play_integrity_config (#​17279)
  • New Resource: google_firebase_app_check_recaptcha_enterprise_config (#​17327)
  • New Resource: google_firebase_app_check_recaptcha_v3_config (#​17327)
  • New Resource: google_migration_center_preference_set (#​17291)
  • New Resource: google_netapp_volume_replication (#​17348)

IMPROVEMENTS:

  • cloudfunctions: added output-only version_id field on google_cloudfunctions_function (#​17273)
  • composer: supported patch versions of airflow on google_composer_environment (#​17345)
  • compute: supported updating network_interface.stack_type field on google_compute_instance resource. (#​17295)
  • container: added node_config.resource_manager_tags field to google_container_cluster resource (#​17346)
  • container: added node_config.resource_manager_tags field to google_container_node_pool resource (#​17346)
  • container: added output-only fields membership_id and membership_location under fleet in google_container_cluster resource (#​17305)
  • looker: added custom_domain field to google_looker_instance resource (#​17301)
  • netapp: added field restore_parameters and output-only fields state, state_details and create_time to google_netapp_volume resource (#​17293)
  • workbench: added container_image field to google_workbench_instance resource (#​17326)
  • workbench: added shielded_instance_config field to google_workbench_instance resource (#​17306)

BUG FIXES:

  • bigquery: allowed users to set permissions for principal/principalSets (iamMember) in google_bigquery_dataset_iam_member. (#​17292)
  • cloudfunctions2: fixed an issue where not specifying event_config.trigger_region in google_cloudfunctions2_function resulted in a permanent diff. The field now pulls a default value from the API when unset. (#​17328)
  • compute: fixed issue where changes only in stateful_(internal|external)_ip would not trigger an update for google_compute_(region_)instance_group_manager (#​17297)
  • compute: fixed perma-diff on min_ports_per_vm in google_compute_router_nat when the field is unset by making the field default to the API-set value (#​17337)
  • dataflow: fixed crash in google_dataflox_job to return an error instead if a job's Environment field is nil when reading job information (#​17344)
  • notebooks: changed tag field to default to the API's value if not specified in google_notebooks_instance (#​17323)

v5.17.0

Compare Source

NOTES:

  • cloudbuildv2: changed underlying actuation engine for google_cloudbuildv2_connection, there should be no user-facing impact (#​17222)

DEPRECATIONS:

  • container: deprecated support for relay_mode field in google_container_cluster.monitoring_config.advanced_datapath_observability_config in favor of enable_relay field, relay_mode field will be removed in a future major release (#​17262)

FEATURES:

  • New Resource: google_firebase_app_check_debug_token (#​17242)
  • New Resource: google_clouddeploy_custom_target_type (#​17254)

IMPROVEMENTS:

  • cloudasset: allowed overriding the billing project for the google_cloud_asset_resources_search_all datasource
  • clouddeploy: added support for canary_revision_tags, prior_revision_tags, stable_revision_tags, and stable_cutback_duration to google_clouddeploy_delivery_pipeline
  • cloudfunctions: expose version_id on google_cloudfunctions_function (#​17273)
  • compute: promoted user_ip_request_headers field on google_compute_security_policy resource to GA (#​17271)
  • container: added support for enable_relay field to google_container_cluster.monitoring_config.advanced_datapath_observability_config (#​17262)
  • eventarc: added support for http_endpoint.uri and network_config.network_attachment to google_eventarc_trigger (#​17237)
  • healthcare: added reject_duplicate_message field to google_healthcare_hl7_v2_store resource (#​17267)
  • identityplatform: added client, permissions, monitoring and mfa fields to google_identity_platform_config (#​17225)
  • notebooks: added desired_state field to google_notebooks_instance (#​17268)
  • vertexai: added feature_registry_source field to google_vertex_ai_feature_online_store_featureview resource (#​17264)
  • workbench: added desired_state field to google_workbench_instance resource (#​17270)

BUG FIXES:

  • compute: made resource_manager_tags updatable on google_compute_instance_template and google_compute_region_instance_template (#​17256)
  • notebooks: prevented recreation of google_notebooks_instance when kms_key or service_account_scopes are changed server-side (#​17232)

v5.16.0

Compare Source

FEATURES:

  • New Resource: google_clouddeploy_delivery_pipeline_iam_* (#​17180)
  • New Resource: google_compute_instance_group_membership (#​17188)
  • New Resource: google_discovery_engine_search_engine (#​17146)
  • New Resource: google_firebase_app_check_service_config (#​17155)

IMPROVEMENTS:

  • bigquery: promoted table_replication_info field on resource_bigquery_table resource to GA (#​17181)
  • networksecurity: removed unused custom code from google_network_security_address_group (#​17183)
  • provider: added an optional provider level label goog-terraform-provisioned to identify resources that were created by Terraform when viewing/editing these resources in other tools. (#​17170)

v5.15.0

Compare Source

FEATURES:

  • New Data Source: google_compute_machine_types (#​17107)
  • New Resource: google_blockchain_node_engine_blockchain_nodes (#​17096)
  • New Resource: google_compute_region_network_endpoint (#​17137)
  • New Resource: google_discovery_engine_chat_engine (#​17145)
  • New Resource: google_discovery_engine_search_engine (#​17146)
  • New Resource: google_netapp_volume_snapshot (#​17138)

IMPROVEMENTS:

  • compute: added INTERNET_IP_PORT and INTERNET_FQDN_PORT options for the google_compute_region_network_endpoint_group resource. (#​17137)
  • compute: added creation_timestamp to google_compute_instance_group_manager and google_compute_region_instance_group_manager. (#​17110)
  • compute: added disk_id attribute to google_compute_disk resource (#​17112)
  • compute: added stack_type attribute for google_compute_interconnect_attachment resource. (#​17139)
  • compute: updated the google_compute_security_policy resource's json_parsing field to accept the value STANDARD_WITH_GRAPHQL (#​17097)
  • memcache: added reserved_ip_range_id field to google_memcache_instance resource (#​17101)
  • netapp: added deletion_policy field to google_netapp_volume resource (#​17111)

BUG FIXES:

  • alloydb: fixed an issue where database_flags in secondary google_alloydb_instance resources would cause a diff, as they are copied from the primary (#​17128)
  • filestore: made google_filestore_instance.source_backup field configurable (#​17099)
  • vmwareengine: fixed a bug to prevent recreation of existing google_vmwareengine_private_cloud resources when upgrading provider version from <5.10.0 (#​17135

v5.14.0

Compare Source

FEATURES:

  • New Resource: google_discovery_engine_data_store (#​17084)
  • New Resource: google_securityposture_posture_deployment (#​17085)
  • New Resource: google_securityposture_posture (#​17079)

IMPROVEMENTS:

  • artifactregistry: promoted cleanup_policies and cleanup_policy_dry_run fields to GA for google_artifactregistry_repository resource (#​17074)
  • composer: added data_retention_config field to google_composer_environment resource (#​17050)
  • logging: updated the google_logging_project_bucket_config resource to be created using the asynchronous create method (#​17067)
  • pubsub: added use_table_schema field to google_pubsub_subscription resource (#​17054)
  • workflows: added call_log_level field to google_workflows_workflow resource (#​17051)

BUG FIXES:

  • cloudfunctions2: fixed permadiff when build_config.docker_repository field is not specified on google_cloudfunctions2_function resource (#​17072)
  • compute: fixed error when iap field is unset for google_compute_region_backend_service resource (#​17071)
  • eventarc: fixed error when setting destination.cloud_function field on google_eventarc_trigger resource by making it output-only (#​17052)

v5.13.0

Compare Source

NOTES:

  • cloudbuildv2: changed underlying actuation engine for google_cloudbuildv2_repository, there should be no user-facing impact (#​16969)
  • provider: added support for in-place update for labels and terraform_labels fields in immutable resources (#​17016)

FEATURES:

  • New Resource: google_netapp_backup_policy (#​16962)
  • New Resource: google_netapp_volume (#​16990)
  • New Resource: google_network_security_address_group_iam_* (#​17013)
  • New Resource: google_vertex_ai_feature_group_feature (#​17015)

IMPROVEMENTS:

  • alloydb: allowed database_version as an input on google_alloydb_cluster resource (#​16967)
  • bigquery: added spark_options field to google_bigquery_routine resource (#​17028)
  • cloudrunv2: added nfs and gcs fields to google_cloud_run_v2_service.template.volumes (#​16972)
  • cloudrunv2: added tcp_socket field to google_cloud_run_v2.template.containers.liveness_probe (#​16972)
  • compute: added enable_confidential_compute field to google_compute_instance.boot_disk.initialize_params (#​16968)
  • compute: added enable_confidential_compute field to google_compute_disk resource (#​16968)
  • gkehub2: added clusterupgrade field to google_gke_hub_feature resource (#​16951)
  • notebooks: allowed machine_type and accelerator_config to be updatable on google_notebooks_runtime resource (#​16993)

BUG FIXES:

  • compute: fixed the bug that max_ttl is sent in API calls even it is removed from configuration when changing cache_mode to FORCE_CACHE_ALL in google_compute_backend_bucket resource (#​16976)
  • networkservices: fixed a perma-diff on addresses field in google_network_services_gateway resource (#​17035)
  • provider: fixed universe_domain behavior to correctly throw an error when explicitly configured universe_domain values did not match credentials assumed to be in the default universe (#​17014)
  • spanner: fixed error when adding autoscaling_config to an existing google_spanner_instance resource (#​17033)

v5.12.0

Compare Source

FEATURES:

  • New Data Source: google_dns_managed_zones (#​16949)
  • New Data Source: google_filestore_instance (#​16931)
  • New Data Source: google_vmwareengine_external_access_rule (#​16912)
  • New Resource: google_clouddomains_registration (#​16947)
  • New Resource: google_netapp_kmsconfig (#​16945)
  • New Resource: google_vertex_ai_feature_online_store_featureview (#​16930)
  • New Resource: google_vmwareengine_external_access_rule (#​16912)

IMPROVEMENTS:

  • compute: added md5_authentication_key field to google_compute_router_peer resource (#​16923)
  • compute: added in-place update support to params.resource_manager_tags field in google_compute_instance resource (#​16942)
  • compute: added in-place update support to description field in google_compute_instance resource (#​16900)
  • gkehub: added policycontroller field to google_gke_hub_feature_membership resource (#​16916)
  • gkehub2: added clusterupgrade field to google_gke_hub_feature resource (#​16951)
  • gkeonprem: added in-place update support to vsphere_config field and added host_groups field in google_gkeonprem_vmware_node_pool resource (#​16896)
  • iam: added create_ignore_already_exists field to google_service_account resource. If ignore_create_already_exists is set to true, resource creation would succeed when response error is 409 ALREADY_EXISTS. (#​16927)
  • servicenetworking: added field deletion_policy to google_service_networking_connection (#​16944)
  • sql: set replica_configuration, ca_cert, and server_ca_cert fields to be sensitive in google_sql_instance and google_sql_ssl_cert resources (#​16932)

BUG FIXES:

  • bigquery: fixed perma-diff of encryption_configuration when API returns an empty object on google_bigquery_table resource (#​16926)
  • compute: fixed an issue where the provider would wait_for_instances if set before deleting on google_compute_instance_group_manager and google_compute_region_instance_group_manager resources (#​16943)
  • compute: fixed perma-diff that reordered stateful_external_ip and stateful_internal_ip blocks on google_compute_instance_group_manager and google_compute_region_instance_group_manager resources (#​16910)
  • datapipeline: fixed perma-diff of scheduler_service_account_email when it's not explicitly specified in google_data_pipeline_pipeline resource (#​16917)
  • edgecontainer: fixed resource import on google_edgecontainer_vpn_connection resource (#​16948)
  • servicemanagement: fixed an issue where an inconsistent plan would be created when certain fields such as openapi_config, grpc_config, and protoc_output_base64, had computed values in google_endpoints_service resource (#​16946)
  • storage: fixed an issue where retry timeout wasn't being utilized when creating google_storage_bucket resource (#​16902)

v5.11.0

Compare Source

NOTES:

  • compute: changed underlying actuation engine for google_network_firewall_policy and google_region_network_firewall_policy, there should be no user-facing impact (#​16837)

DEPRECATIONS:

  • gkehub2: deprecated field configmanagement.config_sync.oci.version in google_gke_hub_feature resource (#​16818)

FEATURES:

  • New Data Source: google_compute_reservation (#​16860)
  • New Resource: google_integration_connectors_endpoint_attachment (#​16822)
  • New Resource: google_logging_folder_settings (#​16800)
  • New Resource: google_logging_organization_settings (#​16800)
  • New Resource: google_netapp_active_directory (#​16844)
  • New Resource: google_vertex_ai_feature_online_store (#​16840)
  • New Resource: google_vertex_ai_feature_group (#​16842)
  • New Resource: google_netapp_backup_vault (#​16876)

IMPROVEMENTS:

  • bigqueryanalyticshub: added restricted_export_config field to google_bigquery_analytics_hub_listing resource (#​16850)
  • composer: added support for composer_internal_ipv4_cidr_block field to google_composer_environment (#​16815)
  • compute: added provisioned_iopsand provisioned_throughput fields under boot_disk.initialize_params to google_compute_instance resource (#​16871)
  • compute: added resource_manager_tags and disk.resource_manager_tags for google_compute_instance_template (#​16889)
  • compute: added resource_manager_tags and disk.resource_manager_tags for google_compute_region_instance_template (#​16889)
  • dataproc: added auxiliary_node_groups field to google_dataproc_cluster resource (#​16798)
  • edgecontainer: increased default timeout on google_edgecontainer_cluster, google_edgecontainer_node_pool to 480m from 60m (#​16886)
  • gkehub2: added field version under configmanagement in google_gke_hub_feature resource (#​16818)
  • kms: added output-only field primary to google_kms_crypto_key (#​16845)
  • metastore: added endpoint_protocol, metadata_integration, and auxiliary_versions to google_dataproc_metastore_service (#​16823)
  • sql: added support for IAM GROUP authentication in the type field of google_sql_user (#​16853)
  • storagetransfer: made name field settable on google_storage_transfer_job (#​16838)

BUG FIXES:

  • container: added check that node_version and min_master_version are the same on create of google_container_cluster, when running terraform plan (#​16817)
  • container: fixed a bug where disabling PDCSI addon gce_persistent_disk_csi_driver_config during creation will result in permadiff in google_container_cluster resource (#​16794)
  • container: fixed an issue in which migrating from the deprecated Binauthz enablement bool to the new evaluation mode enum inadvertently caused two cluster update events, instead of none. (#​16851)
  • containerattached: fixed crash when updating a cluster to remove admin_users or admin_groups in google_container_attached_cluster (#​16852)
  • dialogflowcx: fixed a permadiff in the git_integration_settings field of google_diagflow_cx_agent (#​16803)
  • monitoring: fixed the index out of range crash in dashboard_json for the resource google_monitoring_dashboard (#​16792)

v5.10.0

Compare Source

FEATURES:

  • New Data Source: google_compute_region_disk (#​16732)
  • New Data Source: google_vmwareengine_external_address (#​16698)
  • New Data Source: google_vmwareengine_subnet (#​16700)
  • New Data Source: google_vmwareengine_vcenter_credentials (#​16709)
  • New Resource: google_vmwareengine_cluster (#​16757)
  • New Resource: google_vmwareengine_external_address (#​16698)
  • New Resource: google_vmwareengine_subnet (#​16700)
  • New Resource: google_workbench_instance (#​16773)
  • New Resource: google_workbench_instance_iam_* (#​16773)

IMPROVEMENTS:

  • compute: added numeric_id field to google_compute_network resource (#​16712)
  • compute: added remove_instance_on_destroy option to google_compute_per_instance_config resource (#​16729)
  • compute: added remove_instance_on_destroy option to google_compute_region_per_instance_config resource (#​16729)
  • container: added network_performance_config field to google_container_node_pool resource to support GKE tier 1 networking (#​16688)
  • container: added support for in-place update for machine_type/disk_type/disk_size_gb in google_container_node_pool resource (#​16724)
  • containerazure: added config.labels to google_container_azure_node_pool (#​16754)
  • dataform: added display_name, labels and npmrc_environment_variables_secret_version fields to google_dataform_repository resource (#​16733)
  • monitoring: added severity field to google_monitoring_alert_policy resource (#​16775)
  • notebooks: added support for labels to google_notebooks_runtime (#​16783)
  • recaptchaenterprise: added waf_settings to google_recaptcha_enterprise_key (#​16754)
  • securesourcemanager: added host_config, state_note, kms_key, and private_config fields to google_secure_source_manager_instance resource (#​16731)
  • spanner: added autoscaling_config.max_nodes and autoscaling_config.min_nodes to google_spanner_instance (#​16786)
  • storage: added rpo field to google_storage_bucket resource (#​16756)
  • vmwareengine: added type field to google_vmwareengine_private_cloud resource (#​16781)
  • workloadidentity: added saml block to google_iam_workload_identity_pool_provider resource (#​16710)

BUG FIXES:

  • logging: fixed an issue where value change of unique_writer_identity on google_logging_project_sink does not trigger diff on dependent's usages of writer_identity (#​16776)

v5.9.0

Compare Source

FEATURES:

  • New Data Source: google_logging_folder_settings (#​16658)
  • New Data Source: google_logging_organization_settings (#​16658)
  • New Data Source: google_logging_project_settings (#​16658)
  • New Data Source: google_vmwareengine_network_policy (#​16639)
  • New Data Source: google_vmwareengine_nsx_credentials (#​16669)
  • New Resource: google_scc_event_threat_detection_custom_module (#​16649)
  • New Resource: google_secure_source_manager_instance (#​16637)
  • New Resource: google_vmwareengine_network_policy (#​16639)

IMPROVEMENTS:

  • bigqueryconnection: added spark support to google_bigquery_connection resource (#​16677)
  • cloudidentity: added expiry_detail field to google_cloud_identity_group_membership resource (#​16643)
  • container: added autoscaling_profile field in the cluster_autoscaling block in google_container_cluster resource (#​16653)
  • gkehub: added default_cluster_config field to google_gke_hub_fleet resource (#​16630)
  • gkehub: added binary_authorization_config field to google_gke_hub_fleet resource (#​16674)
  • sql: added support for in-place updates to the edition field in google_sql_database_instance resource (#​16629)

BUG FIXES:

  • artifactregistry: fixed permadiff due to unsorted virtual_repository_config array in google_artifact_registry_repository (#​16646)
  • container: made dns_config field updatable on google_container_cluster resource (#​16652)
  • dlp: added conflicting field validation in the storage_config.timespan_config block in data_loss_prevention_job_trigger resource (#​16628)
  • dlp: updated the storage_config.timespan_config.timestamp_field field in data_loss_prevention_job_trigger to be optional (#​16628)
  • firestore: added retries during creation of google_firestore_index resources to address retryable 409 code API errors ("Please retry, underlying data changed", and "Aborted due to cross-transaction contention") (#​16618, #​16670)
  • storage: fixed unexpected lifecycle_rule conditions being added for google_storage_bucket (#​16683)

v5.8.0

Compare Source

FEATURES:

  • New Data Source: google_vmwareengine_network_peering (#​16616)
  • New Resource: google_migration_center_group (#​16549)
  • New Resource: google_netapp_storage_pool (#​16573)
  • New Resource: google_vmwareengine_network (ga) (#​16583)
  • New Resource: google_vmwareengine_network_peering (#​16616)

IMPROVEMENTS:

  • artifactregistry: added remote_repository_config.upstream_credentials field to google_artifact_registry_repository resource (#​16562)
  • cloudbuild: added fields build.artifacts.maven_artifacts, build.artifacts.npm_packages , and build.artifacts.python_packages to resource google_cloudbuild_trigger (#​16543)
  • cloudrunv2: promoted field depends_on in google_cloud_run_v2_service to GA (#​16577)
  • composer: added database_config.zone field in google_composer_environment (#​16551)
  • compute: added field service_directory_registrations to resource google_compute_global_forwarding_rule (#​16581)
  • firestore: added virtual field deletion_policy to google_firestore_database (#​16576)
  • firestore: enabled database deletion upon destroy for google_firestore_database (#​16576)
  • gkehub2: added policycontroller field to fleet_default_member_config in google_gke_hub_feature (#​16542)
  • iam: added allowed_services, disable_programmatic_signin fields to google_iam_workforce_pool resource (#​16580)
  • vmwareengine: added STANDARD type support to google_vmwareengine_network resource (#​16583)
  • vmwareengine: promoted google_vmwareengine_private_cloud resource to GA (#​16613)

BUG FIXES:

  • compute: fixed a permadiff caused by issues with ipv6 diff suppression in google_compute_forwarding_rule and google_compute_global_forwarding_rule (#​16550)
  • firestore: fixed an issue where google_firestore_database could be deleted when delete_protection_state was DELETE_PROTECTION_ENABLED (#​16576)
  • firestore: made resource creation retry for 409 errors with the text "Aborted due to cross-transaction contention" in google_firestore_index (#​16618)

v5.7.0

Compare Source

DEPRECATIONS:

  • gkehub: deprecated config_management.binauthz in google_gke_hub_feature_membership (#​16536)

IMPROVEMENTS:

  • bigtable: added standard_isolation and standard_isolation.priority fields to google_bigtable_app_profile resource (#​16485)
  • cloudrunv2: promoted custom_audiences field to GA on google_cloud_run_v2_service resource (#​16510)
  • compute: promoted labels field to GA on google_compute_vpn_tunnel resource (#​16508)
  • containerattached: added proxy_config field to google_container_attached_cluster resource (#​16524)
  • gkehub: added membership_location field to google_gke_hub_feature_membership resource (#​16536)
  • logging: made the change to aqcuire and update the google_logging_project_sink resource that already exists at the desired location. These logging buckets cannot be removed so deleting this resource will remove the bucket config from your terraform state but will leave the logging bucket unchanged. (#​16513)
  • memcache: added MEMCACHE_1_6_15 as a possible value for memcache_version in google_memcache_instance resource (#​16531)
  • monitoring: added error message to delete Alert Policies first on 400 response when deleting google_monitoring_uptime_check_config resource (#​16535)
  • spanner: added autoscaling_config field to google_spanner_instance resource (#​16473)
  • workflows: promoted user_env_vars field to GA on google_workflows_workflow resource (#​16477)

BUG FIXES:

  • compute: changed external_ipv6_prefix field to not be output only in google_compute_subnetwork resource (#​16480)
  • compute: fixed issue where google_compute_attached_disk would produce an error for certain zone configs (#​16484)
  • edgecontainer: fixed update method of google_edgecontainer_cluster resource (#​16490)
  • provider: fixed an issue where universe domains would not overwrite API endpoints (#​16521)
  • resourcemanager: made data_source_google_project_service no longer return an error when the service is not enabled (#​16525)
  • sql: ssl_mode field is not stored in terraform state if it has never been used in google_sql_database_instance resource (#​16486)

NOTES:

  • dataproc: backfilled terraform_labels field for resource google_dataproc_workflow_template, so resource recreation won't happen during provider upgrade from 4.x to 5.7 (#​16517)
    • provider: backfilled terraform_labels field for some immutable resources, so resource recreation won't happen during provider upgrade from 4.X to 5.7 (#​16518)

v5.6.0

Compare Source

FEATURES:

  • New Resource: google_integration_connectors_connection (#​16468)

IMPROVEMENTS:

  • assuredworkloads: added enable_sovereign_controls, partner, partner_permissions, violation_notifications_enabled, and several other output-only fields to google_assured_workloads_workloads (#​16433)
  • composer: added storage_config to google_composer_environment (#​16455)
  • container: added fleet field to google_container_cluster resource (#​16466)
  • containeraws: added admin_groups to google_container_aws_cluster (#​16433)
  • containerazure: added admin_groups to google_container_azure_cluster (#​16433)
  • dataproc: added support for instance_flexibility_policy in google_dataproc_cluster (#​16417)
  • dialogflowcx: added is_default_start_flow field to google_dialogflow_cx_flow resource to allow management of default flow resources via Terraform (#​16441)
  • dialogflowcx: added is_default_welcome_intent and is_default_negative_intent fields to google_dialogflow_cx_intent resource to allow management of default intent resources via Terraform (#​16441)
    • gkehub: added fleet_default_member_config field to google_gke_hub_feature resource (#​16457)
  • gkehub: added metrics_gcp_service_account_email to google_gke_hub_feature_membership (#​16433)
  • logging: added index_configs field to logging_bucket_config resource (#​16437)
  • logging: added index_configs field to logging_project_bucket_config resource (#​16437)
  • monitoring: added pings_count, user_labels, and custom_content_type fields to google_monitoring_uptime_check_config resource (#​16420)
  • spanner: added autoscaling_config field to google_spanner_instance (#​16473)
  • sql: added ssl_mode field to google_sql_database_instance resource (#​16394)
  • vertexai: added private_service_connect_config to google_vertex_ai_index_endpoint (#​16471)
  • workstations: added domain_config field to resource google_workstations_workstation_cluster (beta) (#​16464)

BUG FIXES:

  • assuredworkloads: made the violation_notifications_enabled field on the google_assured_workloads_workload resource default to values returned from the API when unset in a users configuration (#​16465)
  • provider: made terraform_labels immutable in immutable resources to not block the upgrade. This will create a Terraform plan that recreates the resource on 4.X -> 5.6.0 upgrade for affected resources. A mitigation to backfill the values during the upgrade is planned, and will release resource-by-resource. (#​16469)

v5.5.0

Compare Source

FEATURES:

  • New Data Source: google_bigquery_dataset (#​16368)

IMPROVEMENTS:

  • alloydb: added SECONDARY as an option for instance_type field in google_alloydb_instance resource, to support creation of secondary instance inside a secondary cluster. (#​16398)
  • alloydb: added deletion_policy field to google_alloydb_cluster resource, to allow force-destroying instances along with their cluster. This is necessary to delete secondary instances, which cannot be deleted otherwise. (#​16398)
  • alloydb: added support to promote google_alloydb_cluster resources from secondary to primary (#​16413)
  • alloydb: increased default timeout on google_alloydb_instance to 120m from 40m (#​16398)
  • dataproc: added instance_flexibility_policy field ro google_dataproc_cluster resource (#​16417)
  • monitoring: added subject field to google_monitoring_alert_policy resource (#​16414)
  • storage: added enable_object_retention field to google_storage_bucket resource (#​16412)
  • storage: added retention field to google_storage_bucket_object resource (#​16412)

BUG FIXES:

  • firestore: fixed an issue with creation of multiple google_firestore_field resources (#​16372)

v5.4.0

Compare Source

DEPRECATIONS:

  • bigquery: deprecated cloud_spanner.use_serverless_analytics on google_bigquery_connection. Use cloud_spanner.use_data_boost instead. (#​16310)

NOTES:

  • provider: added universe_domain attribute as a provider attribute (#​16323)

BREAKING CHANGES:

  • cloudrunv2: marked location field as required in resource google_cloud_run_v2_job. Any configuration without location specified will cause resource creation fail (#​16311)
  • cloudrunv2: marked location field as required in resource google_cloud_run_v2_service. Any configuration without location specified will cause resource creation fail (#​16311)

FEATURES:

  • New Data Source: google_cloud_identity_group_lookup (#​16296)
  • New Resource: google_network_connectivity_policy_based_route (#​16326)
  • New Resource: google_pubsub_schema_iam_* (#​16301)

IMPROVEMENTS:

  • accesscontextmanager: added support for specifying vpc_network_sources to google_access_context_manager_access_levels, google_access_context_manager_access_level, and google_access_context_manager_access_level_condition (#​16327)
  • apigee: added support for type in google_apigee_environment (#​16349)
  • bigquery: added cloud_spanner.database_role, cloud_spanner.use_data_boost, and cloud_spanner.max_parallelism fields to google_bigquery_connection (#​16310)
  • bigquery: added support for iam_member to google_bigquery_dataset.access (#​16322)
  • container: promoted field identity_service_config in google_container_cluster to GA (#​16305)
  • container: added update support for google_container_node_pool.node_config.taint (#​16306)
  • containerattached: added admin_groups field to google_container_attached_cluster resource (#​16307)
  • dialogflowcx: added advanced_settings field to google_dialogflow_cx_flow resource (#​16315)
  • dialogflowcx: added advanced_settings fields to google_dialogflow_cx_page resource (#​16315)
  • dialogflowcx: added advanced_settings, text_to_speech_settings, git_integration_settings fields to google_dialogflow_cx_agent resource (#​16315)

BUG FIXES:

  • bigquery: fixed a bug when updating a google_bigquery_dataset that contained an iamMember access rule added out of band with Terraform (#​16322)
  • bigqueryreservation: fixed bug of incorrect resource recreation when capacity_commitment_id is unspecified in resource google_bigquery_capacity_commitment (#​16320)
  • cloudrunv2: made annotations field on the google_cloud_run_v2_job data source include all annotations present on the resource in GCP (#​16300)
  • cloudrunv2: made annotations field on the google_cloud_run_v2_service data source include all annotations present on the resource in GCP (#​16300)
  • cloudrunv2: made labels and terraform labels fields on the google_cloud_run_v2_job data source include all annotations present on the resource in GCP (#​16300)
  • cloudrunv2: made labels and terraform labels fields on the google_cloud_run_v2_service data source include all annotations present on the resource in GCP (#​16300)
  • edgecontainer: fixed an issue where the update endpoint for google_edgecontainer_cluster was incorrect. (#​16347)
  • redis: allow replica_count to be set to zero in the google_redis_cluster resource (#​16302)

v5.3.0

Compare Source

DEPRECATIONS:

  • bigquery: deprecated time_partitioning.require_partition_filter in favor of new top level field require_partition_filter in resource google_bigquery_table (#​16238)

FEATURES:

  • New Data Source: google_cloud_run_v2_job (#​16260)
  • New Data Source: google_cloud_run_v2_service (#​16290)
  • New Data Source: google_compute_networks (#​16240)
  • New Resource: google_org_policy_custom_constraint (#​16220)

IMPROVEMENTS:

  • cloudidentity: added additional_group_keys attribute to google_cloud_identity_group resource (#​16250)
  • composer: promoted config.0.workloads_config.0.triggerer to GA in resource google_composer_environment (#​16218)
  • compute: added internal_ipv6_range to google_compute_network data source and internal_ipv6_prefix field to google_compute_subnetwork data source (#​16267)
  • container: added support for security_posture_config.vulnerability_mode value VULNERABILITY_ENTERPRISEin google_container_cluster (#​16283)
  • dataform: added ssh_authentication_config and service_account to google_dataform_repository resource (#​16205)
  • dataproc: added min_num_instances field to google_dataproc_cluster resource (#​16249)
  • gkeonprem: promoted google_gkeonprem_bare_metal_admin_cluster, google_gkeonprem_bare_metal_cluster, and google_gkeonprem_bare_metal_node_pool resources to GA (#​16237)
  • gkeonprem: promoted google_gkeonprem_vmware_cluster and google_gkeonprem_vmware_node_pool resources to GA (#​16237)
  • logging: added custom_writer_identity field to google_logging_project_sink (#​16216)
  • secretmanager: made ttl field mutable in google_secret_manager_secret (#​16285)
  • storage: added terminal_storage_class to the autoclass field in google_storage_bucket resource (#​16282)

BUG FIXES:

  • bigquerydatatransfer: fixed an error when updating google_bigquery_data_transfer_config related to incorrect update masks (#​16269)
  • compute: fixed an error during the deletion when post was set to 0 on google_compute_global_network_endpoint (#​16286)
  • compute: fixed an issue with TTLs being sent for google_compute_backend_service when cache_mode is set to USE_ORIGIN_HEADERS (#​16245)
  • container: fixed an issue where empty autoscaling block would crash the provider for google_container_node_pool (#​16212)
  • dataflow: fixed a bug where resource updates returns an error if only labels has changes for batch google_dataflow_job and google_dataflow_flex_template_job (#​16248)
  • dialogflowcx: fixed updating google_dialogflow_cx_version; updates will no longer time out. (#​16214)
  • sql: fixed a bug where adding the edition field to a google_sql_database_instance resource that already existed and used ENTERPRISE edition resulted in a permant diff in plans (#​16215)
  • sql: removed host validation to support IP address and DNS address in host in google_sql_source_representation_instance resource (#​16235)

v5.2.0

Compare Source

FEATURES:

  • New Data Source: google_secret_manager_secrets (#​16182)
  • New Resource: google_alloydb_user (#​16141)
  • New Resource: google_firestore_backup_schedule (#​16186)
  • New Resource: google_redis_cluster (#​16203)

IMPROVEMENTS:

  • alloydb: added cluster_type and secondary_config fields to support secondary clusters in google_alloydb_cluster resource. (#​16197)
  • compute: added recreate_closed_psc flag to support recreating the PSC Consumer forwarding rule if the psc_connection_status is closed on google_compute_forwarding_rule. (#​16188)
  • compute: added INTERNET_IP_PORT, INTERNET_FQDN_PORT, SERVERLESS, and PRIVATE_SERVICE_CONNECT as acceptable values for the network_endpoint_type field for the resource_compute_network_endpoint_group resource (#​16194)
  • compute: added SEV_LIVE_MIGRATABLE_V2 to guest_os_features enum on google_compute_image resource. (#​16187)
  • compute: added allow_subnet_cidr_routes_overlap field to google_compute_subnetwork resource (#​16116)
  • compute: promoted labels, effective_labels, terraform_labels, and label_fingerprint fields in google_compute_address to GA (#​16120)
  • compute: promoted internal_ip and external_ip fields in resources google_compute_instance_group_manager and google_compute_region_instance_group_manager to GA (#​16140)
  • compute: promoted internal_ip and external_ip fields in resources google_compute_per_instance_config and google_compute_region_per_instance_config to GA (#​16140)
  • iamworkforcepool: promoted field oidc.jwks_json in resource google_iam_workforce_pool to GA (#​16199)

BUG FIXES:

  • alloydb: added client_connection_config field to google_alloydb_instance resource (#​16202)
  • bigquery: removed mutual exclusivity checks for view, materialized_view, and schema for the google_bigquery_table resource (#​16193)
  • compute: added certificate_manager_certificates field to google_compute_target_https_proxy resource (#​16179)
  • compute: fixed an issue where external google_compute_global_address can't be created when network_tier in google_compute_project_default_network_tier is set to STANDARD (#​16144)
  • compute: fixed a false permadiff on ip_address when it is set to ipv6 on google_compute_forwarding_rule (#​16115)
  • provider: fixed a bug where an update request was sent to services when updateMask is empty (#​16111)

v5.1.0

Compare Source

FEATURES:

  • New Resource: google_database_migration_service_private_connection (#​16104)
  • New Resource: google_edgecontainer_cluster (#​16055)
  • New Resource: google_edgecontainer_node_pool (#​16055)
  • New Resource: google_edgecontainer_vpn_connection (#​16055)
  • New Resource: google_firebase_hosting_custom_domain (#​16062)
  • New Resource: google_gke_hub_fleet (#​16072)

IMPROVEMENTS:

  • compute: added device_name field to scratch_disk block of google_compute_instance resource (#​16049)
  • container: added node_config.linux_node_config.cgroup_mode field to google_container_node_pool (#​16103)
  • databasemigrationservice: added support for oracle profiles to google_database_migration_service_connection_profile (#​16087)
  • firestore: added api_scope field to google_firestore_index resource (#​16085)
  • gkehub: added location field to google_gke_hub_membership_iam_* resources (#​16105)
  • gkehub: added location field to google_gke_hub_membership resource (#​16105)
  • gkeonprem: added update-in-place support for vcenter fields in google_gkeonprem_vmware_cluster (#​16073)
  • identityplatform: added sms_region_config to the resource google_identity_platform_config (#​16044)

BUG FIXES:

  • dns: fixed record set configuration parsing in google_dns_record_set (#​16042)
  • provider: fixed an issue where the plugin-framework implementation of the provider handled default region values that were self-links differently to the SDK implementation. This issue is not believed to have affected users because of downstream functions that turn self links into region names. (#​16100)
  • provider: fixed a bug that caused update requests to be sent for resources with a terraform_labels field even if no fields were updated (#​16111)

v5.0.0

Compare Source

KNOWN ISSUES:

Terraform Google Provider 5.0.0 Upgrade Guide

NOTES:

  • provider: some provider default values are now shown at plan-time (#​15707)

LABELS REWORK:

  • provider: default labels configured on the provider through the new default_labels field are now supported. The default labels configured on the provider will be applied to all of the resources with standard labels field.
  • provider: resources with labels - three label-related fields are now in all of the resources with standard labels field. labels field is non-authoritative and only manages the labels defined by the users on the resource through Terraform. The new output-only terraform_labels field merges the labels defined by the users on the resource through Terraform and the default labels configured on the provider. The new output-only effective_labels field lists all of labels present on the resource in GCP, including the labels configured through Terraform, the system, and other clients.
  • provider: resources with annotations - two annotation-related fields are now in all of the resources with standard annotations field. The annotations field is non-authoritative and only manages the annotations defined by the users on the resource through Terraform. The new output-only effective_annotations field lists all of annotations present on the resource in GCP, including the annotations configured through Terraform, the system, and other clients.
  • provider: datasources with labels - three fields labels, terraform_labels, and effective_labels are now present in most resource-based datasources. All three fields have all of labels present on the resource in GCP including the labels configured through Terraform, the system, and other clients, equivalent to effective_labels on the resource.
  • provider: datasources with annotations - both annotations and effective_annotations are now present in most resource-based datasources. Both fields have all of annotations present on the resource in GCP including the annotations configured through Terraform, the system, and other clients, equivalent to effective_annotations on the resource.

BREAKING CHANGES:

  • provider: added provider-level validation so these fields are not set as empty strings in a user's config: credentials, access_token, impersonate_service_account, project, billing_project, region, zone (#​15968)
  • provider: fixed many import functions throughout the provider that matched a subset of the provided input when possible. Now, the GCP resource id supplied to "terraform import" must match exactly. (#​15977)
  • provider: made data sources return errors on 404s when applicable instead of silently failing (#​15799)
  • provider: made empty strings in the provider configuration block no longer be ignored when configuring the provider(#​15968)
  • accesscontextmanager: changed multiple array fields to sets where appropriate to prevent duplicates and fix diffs caused by server side reordering. (#​15756)
  • bigquery: added more input validations for google_bigquery_table schema (#​15338)
  • bigquery: made routine_type required for google_bigquery_routine (#​15517)
  • cloudfunction2: made location required on google_cloudfunctions2_function (#​15830)
  • cloudiot: removed deprecated datasource google_cloudiot_registry_iam_policy (#​15739)
  • cloudiot: removed deprecated resource google_cloudiot_device (#​15739)
  • cloudiot: removed deprecated resource google_cloudiot_registry (#​15739)
  • cloudiot: removed deprecated resource google_cloudiot_registry_iam_* (#​15739)
  • cloudrunv2: removed deprecated field liveness_probe.tcp_socket from google_cloud_run_v2_service resource. (#​15430)
  • cloudrunv2: removed deprecated fields startup_probe and liveness_probe from google_cloud_run_v2_job resource. (#​15430)
  • cloudrunv2: retyped volumes.cloud_sql_instance.instances to SET from ARRAY for google_cloud_run_v2_service (#​15831)
  • compute: made google_compute_node_group require one of initial_size or autoscaling_policy fields configured upon resource creation (#​16006)
  • compute: made size in google_compute_node_group an output only field. (#​16006)
  • compute: removed default value for rule.rate_limit_options.encorce_on_key on resource google_compute_security_policy (#​15681)
  • compute: retyped consumer_accept_lists to a SET from an ARRAY type for google_compute_service_attachment (#​15985)
  • container: added deletion_protection to google_container_cluster which is enabled to true by default. When enabled, this field prevents Terraform from deleting the resource. (#​16013)
  • container: changed management.auto_repair and management.auto_upgrade defaults to true in google_container_node_pool (#​15931)
  • container: changed networking_mode default to VPC_NATIVE for newly created google_container_cluster resources (#​6402)
  • container: removed enable_binary_authorization in google_container_cluster (#​15868)
  • container: removed default for logging_variant in google_container_node_pool (#​15931)
  • container: removed default value in network_policy.provider in google_container_cluster (#​15920)
  • container: removed the behaviour that google_container_cluster will delete the cluster if it's created in an error state. Instead, it will mark the cluster as tainted, allowing manual inspection and intervention. To proceed with deletion, run another terraform apply. (#​15887)
  • container: reworked the taint field in google_container_cluster and google_container_node_pool to only manage a subset of taint keys based on those already in state. Most existing resources are unaffected, unless they use sandbox_config- see upgrade guide for details. (#​15959)
  • dataplex: removed data_profile_result and data_quality_result from google_dataplex_scan (#​15505)
  • firebase: changed deletion_policy default to DELETE for google_firebase_web_app. (#​15406)
  • firebase: removed google_firebase_project_location (#​15764)
  • gameservices: removed Terraform support for gameservices (#​15558)
  • logging: changed the default value of unique_writer_identity from false to true in google_logging_project_sink. (#​15743)
  • logging: made growth_factor, num_finite_buckets, and scale required for google_logging_metric (#​15680)
  • looker: removed LOOKER_MODELER as a possible value in google_looker_instance.platform_edition (#​15956)
  • monitoring: fixed perma-diffs in google_monitoring_dashboard.dashboard_json by suppressing values returned by the API that are not in configuration (#​16014)
  • monitoring: made labels immutable in google_monitoring_metric_descriptor (#​15988)
  • privateca: removed deprecated fields config_values, pem_certificates from google_privateca_certificate (#​15537)
  • secretmanager: removed automatic field in google_secret_manager_secret resource (#​15859)
  • servicenetworking: used Create instead of Patch to create google_service_networking_connection (#​15761)
  • servicenetworking: used the deleteConnection method to delete the resource google_service_networking_connection (#​15934)

FEATURES:

  • New Resource: google_scc_folder_custom_module (#​15979)
  • New Resource: google_scc_organization_custom_module (#​16012)

IMPROVEMENTS:

  • alloydb: added additional fields to google_alloydb_instance and google_alloydb_backup (#​15973)
  • artifactregistry: added support for remote APT and YUM repositories to google_artifact_registry_repository (#​15973)
  • baremetal: made delete a noop for the resource google_bare_metal_admin_cluster to better align with actual behavior (#​16010)
  • bigtable: added state output attribute to google_bigtable_instance clusters (#​15961)
  • compute: made google_compute_node_group mutable (#​16006)
  • container: added the effective_taints attribute to google_container_cluster and google_container_node_pool, outputting all known taint values (#​15959)
  • container: allowed setting addons_config.gcs_fuse_csi_driver_config on google_container_cluster with enable_autopilot: true. (#​15996)
  • containeraws: added binary_authorization to google_container_aws_cluster (#​15989)
  • containeraws: added update_settings to google_container_aws_node_pool (#​15989)
  • google_compute_instance (#​15933)
  • osconfig: added week_day_of_month.day_offset field to the google_os_config_patch_deployment resource (#​15997)
  • secretmanager: allowed update for rotation.rotation_period field in google_secret_manager_secret resource (#​15952)
  • sql: added preferred_zone field to google_sql_database_instance resource (#​15971)
  • storagetransfer: added event_stream field to google_storage_transfer_job resource (#​16004)

BUG FIXES:

  • bigquery: fixed diff suppression in external_data_configuration.connection_id in google_bigquery_table (#​15983)
  • bigquery: fixed view and materialized view creation when schema is specified in google_bigquery_table (#​15442)
  • bigtable: avoided re-creation of google_bigtable_instance when cluster is still updating and storage type changed (#​15961)
  • bigtable: fixed a bug where dynamically created clusters would incorrectly run into duplication error in google_bigtable_instance (#​15940)
  • compute: removed the default value for field reconcile_connections in resource google_compute_service_attachment, the field will now default to a value returned by the API when not set in configuration (#​15919)
  • compute: replaced incorrect default value for enable_endpoint_independent_mapping with APIs default in resource google_compute_router_nat (#​15478)
  • container: fixed an issue in google_container_node_pool where empty linux_node_config.sysctls would crash the provider (#​15941)
  • dataflow: fixed issue causing error message when max_workers and num_workers were supplied via parameters in google_dataflow_flex_template_job (#​15976)
  • dataflow: fixed max_workers read value permanently displaying as 0 in google_dataflow_flex_template_job (#​15976)
  • dataflow: fixed permadiff when SdkPipeline values are supplied via parameters in google_dataflow_flex_template_job (#​15976)
  • identityplayform: fixed a potential perma-diff for sign_in in google_identity_platform_config resource (#​15907)
  • firebase: made google_firebase_rules.release immutable (#​15989)
  • monitoring: fixed an issue where metadata was not able to be updated in google_monitoring_metric_descriptor (#​16014)
  • monitoring: fixed bug where importing google_monitoring_notification_channel failed when no default project was supplied in provider configuration or through environment variables (#​15929)
  • secretmanager: fixed an issue in google_secretmanager_secret where replacing replication.automatic with replication.auto would destroy and recreate the resource (#​15922)
  • sql: fixed diffs when re-ordering existing database_flags in google_sql_database_instance (#​15678)
  • tags: fixed import failure on google_tags_tag_binding (#​16005)
  • vertexai: made contents_delta_uri a required field in google_vertex_ai_index as omitting it would result in an error (#​15992)

Configuration

📅 Schedule: Branch creation - "* * * * 1-5" in timezone Europe/London, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.


  • If you want to rebase/retry this MR, check this box

This MR has been generated by Renovate Bot.

Edited by uis-devops-renovatebot

Merge request reports