fix(deps): update google-cloud-providers to v7 (major) (!29) · Merge requests · Information Services / DevOps / Research Systems / Staff On-Costs Calculator / Cloud Infrastructure

This MR contains the following updates:

Package	Type	Update	Change
google (source)	required_provider	major	`~> 6.0` -> `~> 7.0`
google-beta (source)	required_provider	major	`~> 6.0` -> `~> 7.0`

⚠️ Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

hashicorp/terraform-provider-google (google)

`v7.12.0`

Compare Source

`v7.11.0`

Compare Source

DEPRECATIONS:

pubsublite: google_pubsub_lite_reservation will be turned down effective March 18, 2026. Use google_pubsub_reservation instead. (#25058)
pubsublite: google_pubsub_lite_subscription will be turned down effective March 18, 2026. Use google_pubsub_subscription instead. (#25058)
pubsublite: google_pubsub_lite_topic will be turned down effective March 18, 2026. Use google_pubsub_topic instead. (#25058)

BREAKING CHANGES:

netapp: made google_netapp_volume.export_policy.rules.squash_mode not preserve values returned by the API. Without this change, unsetting squash_mode in the provider can cause an API error. (#25059)

FEATURES:

New Data Source: google_artifact_registry_python_packages (#25053)
New Data Source: google_cloud_identity_policy (#24946)
New Data Source: google_compute_reservation_block (#25034)
New Data Source: google_compute_reservation_sub_block (#25034)
New Resource: google_ces_deployment (#24945)
New Resource: google_ces_example (#25056)
New Resource: google_discovery_engine_user_store (#25054)

IMPROVEMENTS:

bigquery: added external_data_configuration.decimal_target_types to google_bigquery_table (#24936)
compute: added internal_ipv6_prefix field to the google_compute_subnetwork resource (#25037)
compute: added ipv6_access_type field and INTERNAL_IPV6_SUBNETWORK_CREATION as a supported value for the mode field in google_compute_public_delegated_prefix resource (#24940)
compute: added ipv6_access_type field to google_compute_public_advertised_prefix resource (#24911)
dataplex: added data_documentation_spec field to google_dataplex_datascan resource to support the DATA_DOCUMENTATION scan type (#25044)
dataproc: added resource_manager_tags to google_dataproc_cluster resource (#25057)
lustre: added placement_policy field to google_lustre_instance resource (#25042)
netapp: added cache_parameters field to google_netapp_volume resource (#24909)
secretmanager: added project and short name support for secret on google_secret_manager_secret_version (#25045)
secretmanager: added project and short name support for secret on ephemeral google_secret_manager_secret_version (#25045)

BUG FIXES:

alloydb: fixed issue with creation when initial_user.password was set to a computed value in google_alloydb_cluster (#25036)
bigquery: fixed extraneous diffs in google_bigquery_table.external_data_configuration.schema (#24936)
compute: fixed a breaking change in google_compute_instance introduced in 7.9.0 where a destroy-diff is prompted for instances with preset GPUs (#25021)
container: added KUBE_DNS as an accepted value for cluster_dns field on google_container_cluster (#24953)
netapp: fixed bug where unsetting export_policy.rules.squash_mode on google_netapp_volume can cause an API error (#25059)
pubsub: fixed bug where google_pubsub_subscription could only be updated if bigquery_config was modified (#24952)
sql: fixed bug where final_backup_description in google_sql_database_instance resource wasn't set on the final backup on delete (#25055)
storage: fixed bug where certain changes to google_storage_bucket_acl.role_entity were ignored (#24949)
workstations: fixed bug in google_workstations_workstation where setting source_workstation caused a permadiff that forced recreation (#24941)
vmwareengine: made deletion of google_vmwareengine_private_cloud wait until the deletion completes (#25040)

`v7.10.0`

Compare Source

BREAKING CHANGES:

alloydb: marked initial_user.password as required on create of new google_alloydb_cluster resources. This change aligns the provider with existing API constraints to surface errors earlier. (#25022)

FEATURES:

New Resource: google_ces_app (#24861)
New Resource: google_ces_toolset (#24885)
New Resource: google_discovery_engine_control (#24883)
New Resource: google_netapp_host_group (#24876)
New Resource: google_network_management_organization_vpc_flow_logs_config (#24896)
New Resource: google_network_services_multicast_domain (#24864)
New Resource: google_privileged_access_manager_settings (#24878)
New Ephemeral Resource: google_client_config (#24900)

IMPROVEMENTS:

cloudfunctions2: added direct_vpc_network_interface and direct_vpc_egress field to google_cloudfunctions2_function resource (#24895)
cloudrunv2: added template.container.depends_on field to google_cloud_run_v2_worker_pool resource (#24893)
compute: added grpc_tls_health_check field to google_compute_healthcheck resource (#24872)
container: added network_tier_config to google_container_cluster resource. (#24877)
eventarc: added labels field to google_eventarc_channel resource (#24854)
netapp: added block_devices field and ISCSI protocol support to goolge_netapp_volume resource, and increased timeouts on its operations (#24898)
netapp: added type field to google_netapp_storage_pool resource (#24867)
vertexai: added psc_automation_configs field to google_vertex_ai_endpoint resource (#24870)
vertexai: added sync_config.continuous field to google_vertex_ai_feature_online_store_featureview (#24881)

BUG FIXES:

accesscontextmanager: fixed issue where google_access_context_manager_service_perimeter_[dry_run_][egress|ingress]_policy caused the provider to crash when a provided identity casing was invalid. (#24886)
apigee: fixed issue where credentials block was not populated in the Terraform state in google_apigee_developer_app resource (#24880)
compute: fixed google_compute_network_firewall_policy_rule staying disabled after apply with disabled = false (#24879)
compute: fixed a breaking change in google_compute_instance introduced in 7.9.0 where a destroy-diff is prompted for instances with preset GPUs (#25020
compute: resolve permadiff for display_name in new deployments of google_compute_organization_security_policy (#24882)
storage: fixed a conversion error in google_storage_bucket state migration. This bug impacted Pulumi users. (#24853)

`v7.9.0`

Compare Source

BREAKING CHANGES:

beyondcorp: made the ports field in endpoint_matchers required in response to a change in the API surface. (#24770)

FEATURES:

New Resource: google_firestore_user_creds (#24794)
New Resource: google_network_security_dns_threat_detector (#24744)

IMPROVEMENTS:

appengine: added ssl_policy to application on google_app_engine_application resource (#24786)
bigquery: added support for IAM conditions in google_bigquery_dataset_iam_* (#24778)
compute: promoted policy_type to GA in google_compute_network_firewall_policy, google_compute_network_firewall_policy_with_rules, google_compute_region_network_firewall_policy, google_compute_region_network_firewall_policy_with_rules. (#24769)
container: added dns_endpoint_confg.enable_k8s_tokens_via_dns and dns_endpoint_config.enable_k8s_certs_via_dns fields to google_container_cluster resource (#24774)
container: added fleet.membership_type field to google_container_cluster resource (#24759)
dataplex: added data_classification field to google_dataplex_aspect_type resource (#24807)
iamworkforcepool: added scim_usage field to workforce_pool_provider resource (#24787)
memorystore: added available_maintenance_versions field to google_memorystore_instance resource (#24745)
memorystore: added maintenance_version field to google_memorystore_instance resource (#24740)
redis: added available_maintenance_versions field to google_redis_cluster resource (#24745)
redis: added maintenance_version field to google_redis_cluster resource (#24740)
storagetransfer: added transfer_manifest field to google_storage_transfer_job resource (#24768)

BUG FIXES:

bigquery: added validation for target_types in google_bigquery_dataset_access (#24810)
cloudquotas: resolved permadiff for preferred_value in google_cloud_quotas_quota_preference (#24776)
compute: fixed scenario where google_compute_instance would not be staged for recreation if guest_accelerator.count was updated to 0 from non-zero value (#24762)
sql: fixed an issue where dataDiskSize was unintentionally null instead of set to the current value in API requests, triggering unrelated errors (#24790)

`v7.8.0`

Compare Source

FEATURES:

New Data Source: google_artifact_registry_packages (#24696)
New Data Source: google_network_management_connectivity_tests (#24635)
New Resource: google_apigee_environment_api_revision_deployment (#24657)
New Resource: google_dataplex_entry_link (#24737)
New Resource: google_discovery_engine_assistant (#24724)
New Resource: google_oracle_database_db_system (#24733)
New Resource: google_saas_runtime_unit (#24692)

IMPROVEMENTS:

compute: added IN_FLIGHT to balancing_mode on google_compute_backend_service resource (#24710)
compute: added new field instance_lifecycle_policy.on_repair.allow_changing_zone to google_compute_region_instance_group_manager & google_compute_instance_group_manager (#24706)
compute: promoted security_policy in compute_region_backend_service resource to GA (#24693)
compute: promoted the google_compute_preview_feature resource to GA. (#24725)
compute: the activation_status attribute within the google_compute_preview_feature resource now uses the ACTIVATION_STATE_UNSPECIFIED value instead of DISABLED. Support for DISABLED will be added in a future release. (#24725)
datastream: added backfill_all.mongodb_excluded_objects and source_config.mongodb_source_config fields to google_datastream_stream (#24727)
datastream: added mongodb_profile field to google_datastream_connection_profile (#24727)
discoveryengine: added connector_modes, sync_mode, incremental_refresh_interval, auto_run_disabled, and incremental_sync_disabled fields to google_discovery_engine_data_connector resource (#24658)
discoveryengine: added kms_key_name field to google_discovery_engine_search_engine resource (#24658)
discoveryengine: added in-place update support for entities.params and entities.key_property_mappings in google_discovery_engine_data_connector (#24739)
dlp: added publish_findings_to_dataplex_catalog field to google_data_loss_prevention_job_trigger (#24722)
iambeta: allowed GKE workload identity pool pattern in workload_identity_pool_id field of google_iam_workload_identity_pool resource. (#24656)
memorystore: added maintenance_version field to google_memorystore_instance resource (#24740)
memorystore: added available_maintenance_versions field to google_memorystore_instance resource (#24745)
networkconnectivity: added HYBRID_INSPECTION enum value to preset_topology field in google_network_connectivity_hub resource (#24738)
networkservices: added isolationConfig on google_network_services_service_lb_policies resource (#24652)
redis: added deletion_protection field to redis_instance to make deleting them require an explicit intent. redis_instance resources now cannot be destroyed unless deletion_protection = false is set for the resource. (#24654)
redis: added maintenance_version field to google_redis_cluster resource (#24740)
redis: added available_maintenance_versions field to google_redis_cluster resource (#24745)
saas_runtime: added default_release field to google_saas_runtime_unit_kind resource (#24726)
sql: added read_pool_auto_scale_config support to sql_database_instance resource (#24723)

BUG FIXES:

bigquery: fixed the issue where google_bigquery_table detected an incorrect schema diff on tables with row access policies when the schema was unchanged. (#24711)
compute: allow requested_link_count to be updated in-place in google_compute_interconnect resource (#24705)

`v7.7.0`

Compare Source

BREAKING CHANGES:

discoveryengine: changed type of google_discovery_engine_data_connector.entities.params. Previously, it was a map of string keys to string values; now, it must be a JSON-encoded string containing an object. This change is being made in a minor release because the field wasn't usable as intended – specifically, all current valid uses require mapping strings to lists of strings. (#24658)

FEATURES:

New Data Source: google_network_management_connectivity_tests (#24635)
New Resource: google_apigee_developer_app (#24625)
New Resource: google_discovery_engine_license_config (#24619)
New Resource: google_iam_workforce_pool_provider_scim_tenant (#24587)
New Resource: google_kms_project_kaj_policy_config (#24622)
New Resource: google_saas_runtime_tenant (#24608)

IMPROVEMENTS:

apigee: updated the scopes argument in google_apigee_api_product resource to be order-insensitive. (#24625)
beyondcorp: added proxy_protocol_config and service_discovery fields to google_beyondcorp_security_gateway resource (#24609)
cloudrunv2: added default_uri_disabled field to google_cloud_run_v2_service resource. (GA promotion) (#24602)
cloudrunv2: added health_check_disabled field to google_cloud_run_v2_service resource. (#24602)
compute: added params field to google_compute_router resource (GA) (#24611)
discoveryengine: added connector_modes, sync_mode, incremental_refresh_interval, auto_run_disabled, and incremental_sync_disabled fields to google_discovery_engine_data_connector resource (#24658)
discoveryengine: added kms_key_name field to google_discovery_engine_search_engine resource (#24658)
dlp: added publish_to_dataplex_catalog field to discovery_config resource (#24621)
gkeonprem: made it possible to set the on_prem_version field on google_gkeonprem_vmware_node_pool (previously output-only) (#24614)
memcache: added deletion_protection field to memcache_instance to make deleting them require an explicit intent. memcache_instance resources now cannot be destroyed unless deletion_protection = false is set for the resource. (#24613)
metastore: added tags field to google_dataproc_metastore_service and 'google_dataproc_metastore_federation' resources to allow setting tags for services and federation at creation time (#24633)
networksecurity: added URL_FILTERING option to enum field type for google_network_security_security_profile resource (#24583)
networksecurity: added url_filtering_profile field to google_network_security_security_profile_group resource (beta) (#24583)
networksecurity: added url_filtering_profile field to google_network_security_security_profile resource (beta) (#24583)
sql: added source_instance_deletion_time field to google_sql_database_instance_latest_recovery_time data source (#24576)
sql: added source_instance_deletion_time field to google_sql_database_instance resource (#24576)

BUG FIXES:

bigqueryanalyticshub: fixed google_bigquery_analytics_hub_listing_subscription import (#24634)
discoveryengine: fixed bug where it wasn't possible to specify values for knowledgeBaseSysId or catalogSysId in google_discovery_engine_data_connector.entities.params. (#24658)

`v7.6.0`

Compare Source

DEPRECATIONS:

networksecurity: deprecated ignore_case, exact, prefix, suffix and contains fields in http_rules.from.not_sources.principals and http_rules.from.sources.principals blocks in google_network_security_authz_policy resource. Use the equivalent fields in http_rules.from.not_sources.principals.principal or http_rules.from.sources.principals.principal instead. (#24543)

BREAKING CHANGES:

container: node_config blocks that had set kubelet_config without explicitly setting cpu_cfs_quota implicitly set cfu_cfs_quota to false when unset. From this version onwards, an unset cpu_cfs_quota will instead match the API default of true true. Resources that are recreated will receive the new value; old resources are unaffected, and may change values by explicitly setting the intended one. (#24569)
storageinsights: removed activity_data_retention_period_days field from google_storage_insights_dataset_config resource due to a delayed launch. It will be readded when the feature launches. (#24570)

FEATURES:

New Resource: google_kms_folder_kaj_policy_config (#24513)
New Resource: google_vertex_ai_cache_config (#24541)
New Resource: google_vertex_ai_reasoning_engine (#24512)

IMPROVEMENTS:

backupdr: added data_source and rules_config_info fields to google_backup_dr_backup_plan_associations datasource (#24517)
beyondcorp: added external, proxy_protocol, and schema fields to google_beyondcorp_security_gateway_application resource (#24542)
beyondcorp: changed endpoint_matchers field to not be required anymore in the google_beyondcorp_security_gateway_application resource (#24542)
cloudrunv2: added default_uri_disabled field to google_cloud_run_v2_service resource (#24556)
compute: added shared_secret_wo and shared_secret_wo_version fields to google_compute_vpn_tunnel resource, enabling write-only management of the shared secret. (#24491)
dlp: added SENSITIVITY_UNKNOWN as possible enum value for actions.tag_resources.tag_conditions.sensitivity_score.score in google_data_loss_prevention_discovery_config resource (#24564)
dlp: added actions.save_findings.output_config.storage_path field to google_data_loss_prevention_job_trigger resource (#24558)
filestore: added file_shares.nfs_export_options.network and networks.psc_config.endpoint_project fields to google_filestore_instance resource (#24567)
lustre: increased creation timeout from 20min to 40min for google_lustre_instance resource (#24559)
netapp: added hybrid_replication_user_commands field with subfield commands to google_netapp_volume_replication resource (#24554)
netapp: added replication_schedule, hybrid_replication_type, large_volume_constituent_count fields to hybrid_replication_parameters field in google_netapp_volume resource (#24554)
networksecurity: added ip_blocks field to google_network_security_authz_policy resource (#24543)
secretmanager: added ephemeral support for google_secret_manager_secret_version resource (#24566)
sql: added source_instance_deletion_time field to google_sql_database_instance_latest_recovery_time data source (#24576)
sql: added source_instance_deletion_time field to google_sql_database_instance resource (#24576)
storagetransfer: added user_project_override and billing_project fields to google_storage_transfer_job resource (#24504)

BUG FIXES:

container: fixed the default for node_config.kubelet_config.cpu_cfs_quota on google_container_cluster, google_container_node_pool, google_container_cluster.node_pool to align with the API. Terraform will now send a true value when the field is unset on creation, and preserve any previously set value when unset. Explicitly set values will work as defined in configuration. (#24569)

`v7.5.0`

Compare Source

BREAKING CHANGES:

netapp: changed peer_ip_addresses field type from String to Array in google_netapp_volume resource, as it was unusable otherwise (#24428)

FEATURES:

New Data Source: google_artifact_registry_maven_artifacts (#24487)
New Data Source: google_artifact_registry_npm_packages (#24486)
New Resource: google_apigee_api_deployment (#24469)
New Resource: google_discovery_engine_data_connector (#24472)
New Resource: google_managed_kafka_connect_cluster (#24443)
New Resource: google_managed_kafka_connector (#24443)
New Resource: google_kms_organization_kaj_policy_config (#24471)
New Resource: google_saas_runtime_rollout_kind (#24447)

IMPROVEMENTS:

cloudrunv2: added mount_options in gcsfuse volumes for google_cloud_run_v2_service, google_cloud_run_v2_job, and google_cloud_run_v2_workerpool resources. (#24413)
cloudrunv2: added startup_probe and liveness_probe to google_cloud_run_v2_worker_pool resource (#24418)
compute: added bandwidth_allocation field to google_compute_wire_group resource (#24460)
compute: added shared_secret_wo and shared_secret_wo_version fields for google_compute_vpn_tunnel resource, enabling write-only management of the shared secret. (#24491)
dialogflow: added new_recognition_result_notification_config field to google_dialogflow_conversation_profile resource (#24468)
discoveryengine: added features field to google_discovery_engine_search_engine resource (#24445)
dlp: added other_cloud_target and other_cloud_starting_location to google_data_loss_prevention_discovery_config (#24463)
gkebackup: added backup_config.selected_namespace_labels field to google_gke_backup_backup_plan resource (#24427)
looker: added gemini_enabled field to google_looker_instance resource (#24461)
netapp: added hot_tier_bypass_mode_enabled and hot_tier_size_used_gib fields to google_netapp_volume (#24454)
netapp: added hot_tier_size_gib, enable_hot_tier_auto_resize, cold_tier_size_used_gib and hot_tier_size_used_gib fields to google_netapp_storage_pool (#24454)
oracledatabase: added gcp_oracle_zone field to google_oracle_database_odb_network resource (#24456)
privilegedaccessmanager: added approval_workflow.steps.id field to google_privileged_access_manager_entitlement resource (#24419)
pubsub: added support for tags field to google_pubsub_topic and google_pubsub_subscription resources (#24442)
sql: added point_in_time_restore_context field to google_sql_database_instance (#24489)
storage: added force_destroy field to google_storage_insights_report_config resource (#24462)
storageinsights: added activity_data_retention_period_days field to google_storage_insights_dataset_config resource (#24459)
vertexai: added endpoint_config.private_service_connect_config block to google_vertex_ai_endpoint_with_model_garden_deployment resource (#24425)
vertexai: added encryption_spec.kms_key_name field to google_vertex_ai_index_endpoint resource (#24490)
vertexai: added encryption_spec.kms_key_name field to google_vertex_ai_index resource (#24441)

BUG FIXES:

apihub: fixed a permadiff on config_template in google_apihub_plugin resource (#24429)
storage: fixed a panic caused by empty cors blocks google_storage_bucket resource (#24476)

`v7.4.0`

Compare Source

DEPRECATIONS:

compute: deprecated the option to deploy a container during VM creation using the container startup agent in google_compute_instance. Use alternative services to run containers on your VMs. Learn more at https://cloud.google.com/compute/docs/containers/migrate-containers. (#24375)

FEATURES:

New Data Source: google_artifact_registry_maven_artifact (#24358)
New Data Source: google_compute_interconnect_location (#24377)
New Resource: google_network_services_wasm_plugin (#24406)
New Resource: google_resource_manager_capability (#24404)

IMPROVEMENTS:

cloudrunv2: added mount_options in gcsfuse volumes for google_cloud_run_v2_service, google_cloud_run_v2_job, and google_cloud_run_v2_workerpool resources. (#24413)
compute: added cipher_suite field to google_compute_vpn_tunnel resource. (#24378)
container: added auto_ipam_config to google_container_cluster resource. (#24396)
storage: added support for timeouts to google_storage_bucket_iam_binding, google_storage_bucket_iam_member, google_storage_bucket_iam_policy resources (#24376)

BUG FIXES:

bigtable: fixed node_scaling_factor forcing new instance on google_bigtable_instance when adding new cluster (#24410)
cloudscheduler: fixed a type assertion panic in google_cloud_scheduler_job when processing HTTP headers with nil or unexpected data types (#24360)
compute: fixed the Network field cannot be modified issue in google_compute_region_backend_service. Now updating the network field will force the resource to be recreated. (#24398)
netapp: fixed incorrect default value handling in google_netapp_volume for export_policy.rules attributes has_root_access and squash_mode. When not specified, these fields will now take on the API default value with no diff. (#24395)
netapp: updated google_netapp_storage_pool to source the default value for the qos_type field from the API. If not specified in the configuration, qos_type will now default to the value provided by the NetApp Volumes API. (#24394)
sql: fixed the permadiffs on disk_size when disk_autoresize is enabled in google_sql_database_instance (#24399)
workbench: added retry for unable to queue the operation 409 errors in google_workbench_instance resource. (#24392)

`v7.3.0`

Compare Source

FEATURES:

New Data Source: google_backup_dr_data_source_reference (#24346)
New Resource: google_bigquery_datapolicyv2_data_policy (#24313)
New Resource: google_saas_runtime_release (#24289)
New Resource: google_secure_source_manager_hook (#24345)

IMPROVEMENTS:

cloudrun: added sub_path field to google_cloud_run_service resource. (#24341)
cloudrunv2: added sub_path field to google_cloud_run_v2_service google_cloud_run_v2_job and google_cloud_run_v2_worker_pool resource. (#24341)
compute: added labels and label_fingerprint fields to google_compute_security_policy resource (#24322)
compute: labels under initialize_params are now updatable on google_compute_instance (#24349)
container: added new fields memory_manager and topology_manager to node_kubelet_config block (#24277)
datastream: added destination_config.bigquery_destination_config.source_hierarchy_datasets.project_id field to google_datastream_stream resource (#24340)
discoveryengine: added app_type field to google_discovery_engine_search_engine resource (#24320)
gkeonprem: added proxy field to google_gkeonprem_vmware_admin_cluster resource (#24338)
healthcare: added validation_config to google_healthcare_fhir_store resource (#24336)
iamworkforcepool: added extended_attributes field to workforce_pool_provider resource (#24308)
netapp: added export_policy.rules.squash_mode field to google_netapp_volume resource. (#24350)
privateca: added encryption_spec field to google_privateca_ca_pool resource (#24328)
run: added connector to vpc_access on google_cloud_run_v2_worker_pool resource (#24337)
tags: added the DATA_GOVERNANCE value to google_tags_tag_key.purpose (#24307)

BUG FIXES:

bigquery: updated the schema change detection for google_bigquery_table to take into account presence of row access policy (#24284)
compute: fixed allow_global_access to correctly be immutable for google_compute_forwarding_rule resources with load balancing scheme of INTERNAL_MANAGED (#24312)
compute: fixed a crash in google_compute_security_policy due to a changed API response for empty match.0.expr_options blocks (#24353)
dialogflow: added support for non-global endpoints for google_dialogflow_conversation_profile (#24351)
publicca: use RawURLEncoding instead of URLEncoding for unpadded base64 encoding (#24283)
secretmanager: fixed a panic in google_secret_manager_secret_version in a secret_manager (#24326)
workbench: fixed issue that resource creation with computed labels field fails in google_workbench_instance resource (#24311)
workbench: made report-notebook-metrics metadata key settable for google_workbench_instance (#24310)

`v7.2.0`

Compare Source

FEATURES:

New Data Source: google_artifact_registry_python_package (#24267)
New Data Source: google_backup_dr_data_source_references (#24268)
New Resource: google_discovery_engine_acl_config (#24276)
New Resource: google_saas_runtime_unit_kind (#24236)

IMPROVEMENTS:

chronicle: made the scope_info field in google_chronicle_reference_list configurable (#24250)
compute: added header_action to path_matcher and default_service level on google_compute_region_url_map resource (#24253)
container: added secret_manager_config.rotation_config field to google_container_cluster resource (#24244)
container: added new fields memory_manager and topology_manager to google_container_cluster.node_config.kubelet_config and google_container_node_pool.node_config.kubelet_config (#24277)
sql: added final_backup_description and final_backup_config fields to google_sql_database_instance resource (#24273)
storage: added aws_s3_compatible_data_source to google_storage_transfer_job resource (#24241)

BUG FIXES:

provider: fixed an issue with universe_domain where the provider tried to connect to "googleapis.com" for user email logging when universe_domain was set (#24238)
container: fixed a faulty diff for arrays on user_managed_keys_config that caused faulty cluster updates to be triggered in google_container_cluster (#24256)
osconfig: fixed a permadiff in google_osconfig_patch_deployment where patch_config.yum.minimal doesn't send false for empty values (#24247)

`v7.1.1`

Compare Source

BUG FIXES:

bigtable: fixed an error encountered when applying google_bigtable_table_iam_* resources after upgrading to 7.x and replacing instance with instance_name (#24255)

`v7.1.0`

Compare Source

DEPRECATIONS:

container: deprecated enterprise_config field in google_container_cluster resource. GKE Enterprise features are now available without an Enterprise tier. (#24210)
storage: removed deprecated status for field to detect_md5hash in google_storage_bucket_object resource (#24147)

FEATURES:

New Data Source: google_iap_web_forwarding_rule_service_iam_policy (#24178)
New Resource: google_iap_web_forwarding_rule_service_iam_binding (#24178)
New Resource: google_iap_web_forwarding_rule_service_iam_member (#24178)
New Resource: google_iap_web_forwarding_rule_service_iam_policy (#24178)

IMPROVEMENTS:

artifactregistry: added registry_uri as attribute to google_artifact_registry_repository (#24164)
backupdr: added 'supported_resource_types' field to google_backup_dr_backup_plan resource (#24189)
backupdr: added create_time field to google_backup_dr_backup data source (#24183)
cloudbuild: added worker_config.enable_nested_virtualization field to google_cloudbuild_worker_pool resource (#24176)
cloudrunv2: added support for multi_region_settings field to google_cloud_run_v2_service resource (#24149)
compute: add params.resource_manager_tags field to the google_compute_region_backend_service (#24191)
compute: added public_delegated_sub_prefixs field to resource google_compute_public_delegated_prefix (#24202)
compute: added update_strategy field to google_compute_network_peering resource (#24180)
firestore: added unique field to google_firestore_index resource (#24163)
netapp: added qos_type and available_throughput_mibps fields to google_netapp_storage_pool resource (#24161)
netapp: added throughput_mibps field to google_netapp_volume resource (#24161)
networkservices: allowed EXPLICIT_ROUTING_MODE for routing_mode on google_network_services_gateway resource (#24151)
sql: added consumer_network_status, ip_address, and status fields to psc_auto_connections field on google_sql_database_instance resource (#24201)
storagetransfer: added service_account field to google_storage_transfer_job resource (#24193)
storagetransfer: added transfer_spec.aws_s3_data_source.credentials_secret to google_storage_transfer_job resource (#24152)

BUG FIXES:

compute: fixed certain spurious diffs for google_compute_region_backend_service.backend.group (#24157)
compute: fixed permadiff on google_compute_region_network_endpoint_group when no network is specified (#24182)
memorystore: fixed permadiffs that cause destroy+recreate on new google_memorystore_instance when desired_psc_auto_connections is set (#24212)
netapp: fixed a permadiff on total_iops in google_netapp_storage_pool resource (#24207)
oracledatabase: fixed permadiffs on google_oracle_database_autonomous_database resource for the odb_network and odb_subnet fields (#24184)

`v7.0.1`

Compare Source

BUG FIXES:

storage: fixed a conversion crash in google_storage_bucket state migration #24186

`v7.0.0`

Compare Source

Terraform Google Provider 7.0.0 Upgrade Guide

BREAKING RESOURCE REMOVALS:

beyondcorp: removed google_beyondcorp_application, its associated IAM resources google_beyondcorp_application_iam_binding, google_beyondcorp_application_iam_member, and google_beyondcorp_application_iam_policy, and the google_beyondcorp_application_iam_policy datasource. Use google_beyondcorp_security_gateway_application instead. #23999
notebooks: removed google_notebooks_location #23607
tpu: removed google_tpu_node. Use google_tpu_v2_vm instead. #23964

BREAKING FIELD REMOVALS:

cloudrunv2: removed template.containers.depends_on within resource google_cloud_run_v2_worker_pool #23815
colab: removed post_startup_script_config field from from google_colab_runtime_template resource #24026
compute: removed field enable_flow_logs from google_compute_subnetwork #23704
gkehub: removed configmanagement.binauthz field in google_gke_hub_feature_membership #24076
gkehub: removed description field in google_gke_hub_membership #23587
memorystore: removed allow_fewer_zones_deployment field from google_memorystore_instance resource because it isn't user-configurable #24079
redis: removed allow_fewer_zones_deployment field from google_redis_cluster resource because it isn't user-configurable #24079
resourcemanager: removed non-functional project field from google_service_account_key datasource #24000
vertexai: removed enable_secure_private_service_connect in google_vertex_ai_endpoint #23843

BREAKING INCREASED VALIDATION:

cloudfunctions2: made event_type a required field for event_trigger in google_cloudfunctions2_function #23918
networkservices: made load_balancing_scheme required in google_network_services_lb_traffic_extension #23748
sql: made password_wo_version required when password_wo is set in google_sql_user #24083
storage: added validation requiring the topic field to be in the form "projects//topics/" in google_storage_notification #24135
storagetransfer: added path validation for GCS path source and sink in google_storage_transfer_job #23493
vertexai: made metadata, and metadata.config required in google_vertex_ai_index. Resource creation would fail without these attributes already, so no change is necessary to existing configurations. #23971

OTHER BREAKING CHANGES:

alloydb: added deletion_protection field with a default value of true to google_alloydb_cluster resource #24024
apigee: changed certs_info field in google_apigee_keystores_aliases_key_cert_file to be output-only #24135
apigee: migrated google_apigee_keystores_aliases_key_cert_file to the plugin framework #24135
artifactregistry: removed the default values for public_repository fields in google_artifact_registry_repository. If your state is reliant on them, they will now need to be manually included in your configuration. #23970
bigquery: removed the default value of view.use_legacy_sql in google_bigquery_table #24065
bigtable: renamed instance to instance_name for bigtable_table_iam objects #23399
billing: made budget_filter.credit types and budget_filter.subaccounts no longer optional+computed, only optional, in google_billing_budget resource #24078
cloudfunctions2: changed service_config.service field in google_cloudfunctions2_function resource to be output-only #23790
compute: subnetworks and instances fields in google_compute_packet_mirroring have been converted from arrays to sets #24021
compute: advertised_ip_ranges field group in google_compute_router has been converted from a list to a set #24030
compute: disk.type, disk.mode and disk.interface no longer use provider configured default values and instead will be set by the API in google_compute_instance_template and google_compute_region_instance_template resources #24055
provider: fixed many import functions throughout the provider that erroneously matched a subset of the provided input, leading to unclear error messages when using terraform input with invalid resource IDs. #24010
resourcemanager: changed disable_on_destroy default value to false in google_project_service #23951
securesourcemanager: changed deletion_policy default value from DELETE to PREVENT #23963
storage: retention_period field in google_storage_bucket has been converted from int to string data type #23535
storage: migrated google_storage_notification to the plugin framework #24135

FEATURES:

New Data Source: google_artifact_registry_npm_package (#24072)
New Data Source: google_certificate_manager_dns_authorization (#24009)
New Resource: google_iap_web_region_forwarding_rule_service_iam_binding (#24041)
New Resource: google_iap_web_region_forwarding_rule_service_iam_member (#24041)
New Resource: google_iap_web_region_forwarding_rule_service_iam_policy (#24041)
New Resource: google_saas_runtime_saas (#24028)

IMPROVEMENTS:

cloudbuild: added developer_connect_event_config field to google_cloudbuild_trigger resource (#24043)
cloudtasks: added desired_state field to google_cloud_tasks_queue resource (#24053)
cloudrunv2: added max_instance_count field to google_cloud_run_v2_service resource. (#24031)
compute: added params.resourceManagerTags field to the google_compute_backend_service (#24062)
compute: added params.resource_manager_tags field to google_compute_backend_bucket (#24068)
compute: added short_name field to google_compute_organization_security_policy resource (#24059)
container: added cluster_autoscaling.default_compute_class_enabled field to google_container_cluster resource (#24023)
dialogflowcx: added enableMultiLanguageTraining, locked, answerFeedbackSettings, personalizationSettings, clientCertificateSettings, startPlaybook, satisfiesPzs, and satisfiesPzi to google_dialogflow_cx_agent resource. (#24007)
lustre: increased google_lustre_instance resource create timeout to 120m from 20m (#24056)
oracledatabase: enabled default_from_api flag for ODB Network related fields in google_oracle_database_cloud_vm_cluster resource (#24045)
sql: added feature to restore google_sql_database_instance using backupdr_backup (#24066)
ssm: made ca_pool argument optional for private instances that use Google-managed trusted certificates.tosecure_source_manager` resource (#24039)

BUG FIXES:

container: fixed issue where a failed creation on google_container_node_pool would result in an unrecoverable tainted state (#24077)
gkeonprem: set default_from_api in image field in google_vmware_node_pool (#24022)
workbench: made install-monitoring-agent metadata key settable for google_workbench_instance (#24080)

`v6.50.0`

Compare Source

NOTES:

bigtable: It is recommended for google_bigtable_table_iam_* resources to upgrade to v6.50.0 and switch from instance to instance_name in your configuration before upgrading to v7.X (#24400)

DEPRECATIONS:

bigtable: deprecated instance in favor of instance_name in google_bigtable_table_iam_* resources (#24400)

IMPROVEMENTS:

bigtable: added instance_name field to google_bigtable_table_iam_* resources (#24400)

`v6.49.3`

Compare Source

BUG FIXES:

compute: fixed a crash in google_compute_security_policy due to a changed API response for empty match.0.expr_options blocks (#24353)

`v6.49.2`

Compare Source

BUG FIXES:

container: fixed issue where a failed creation on google_container_node_pool would result in an unrecoverable tainted state (#10586)

`v6.49.1`

Compare Source

BUG FIXES:

secretmanager: fixed issue where upgrading to 6.49.0 would cause all google_secret_manager_secret_version resources to be recreated unless secret_data_wo_version was set (#24061)

`v6.49.0`

Compare Source

DEPRECATIONS:

beyondcorp: google_beyondcorp_application_iam_binding, google_beyondcorp_application_iam_member and google_beyondcorp_application_iam_policy IAM resources, and the google_beyondcorp_application_iam_policy datasource have been deprecated and will be removed in the upcoming major release (#23995)
tpu: deprecated google_tpu_tensorflow_versions data source. Use google_tpu_v2_runtime_versions instead. (#23958)

BREAKING CHANGES:

vertexai: made the metadata field required in google_vertex_ai_index (#23953)

FEATURES:

New Data Source: google_artifact_registry_tag (#23994)
New Data Source: google_artifact_registry_tags (#23969)
New Resource: google_dialogflow_convesation_profile (#23996)

IMPROVEMENTS:

apikeys: added service_account_email to google_apikeys_key (#24001)
compute: added advanced_options_config field to google_compute_region_security_policy resource (#23914)
container: added eviction_soft, eviction_soft_grace_period, eviction_minimum_reclaim, eviction_max_pod_grace_period_seconds, max_parallel_image_pulls, transparent_hugepage_enabled, transparent_hugepage_defrag and min_node_cpus fields to node_config block of google_container_node_pool and google_container_cluster resources (#23973)
networkmanagement: added subnet and network fields to the google_network_management_vpc_flow_logs_config resource (beta) (#23945)
networkmanagement: added output-only field target_resource_state to the google_network_management_vpc_flow_logs_config resource (#23945)
resourcemanager: added management_project and configured_capabilities fields to the google_folder resource. (#23983)

BUG FIXES:

cloud_tasks: set name field set to required in google_cloud_tasks_queue resource (#23997)
clouddeploy: allowed sending weekly_windows.start_time as an empty object in order to use default values in thegoogle_clouddeploy_deploy_policy resource (#23993)
kms: skip_initial_version_creation field is no longer immutable in google_kms_crypto_key, but is still only settable at-creation (#23984)
netapp: fixed bug where google_netapp_volume.large_capacity was not properly marked as immutable, causing updates to fail (and making it impossible to change the field value after creation) (#24004)
networkconnectivity: added update support for linked_vpc_network in google_network_connectivity_spoke (#23949)

`v6.48.0`

Compare Source

FEATURES:

New Data Source: google_artifact_registry_package (#23901)
New Data Source: google_artifact_registry_repositories (#23906)
New Data Source: google_artifact_registry_version (#23868)
New Resource: google_dialogflow_cx_playbook (initial basic support, full features to follow in a later release) (#23895)
New Resource: google_vertexai_rag_engine_config (#23889)

IMPROVEMENTS:

backupdr: added log_retention_days field to google_backup_dr_backup_plan resource (#23846)
compute: added advanced_options_config field to google_compute_region_security_policy resource (#23914)
compute: added ha_policy field to google_compute_region_backend_service resource (#23905)
compute: added the ability to use global target forwarding rule for target_service field in google_compute_service_attachment resource (#23892)
container: added boot_disk to node_config in google_container_cluster and google_container_node_pool resources (#23840)
container: added node_config.kubelet_config.single_process_oom_kill field to google_container_node_pool and google_container_cluster resources (#23844)
container: added in-place update support for user_managed_keys_config field in google_container_cluster resource (#23883)
dataproc: added cluster_config.cluster_tier field to google_dataproc_cluster resource (#23830)
gkeonprem: added enable_advanced_cluster field to google_gkeonprem_vmware_admin_cluster resource (#23908)
memorystore: added allow_fewer_zones_deployment field to google_memorystore_instance resource (#23845)
sql: added field psa_write_endpoint flag to google_sql_database_instance resource (#23867)
sql: added network_attachment_uri field to google_sql_database_instance resource (#23894)
sql: added node_count field to sql_database_instance resource, and added new value READ_POOL_INSTANCE enum to the instance_type field of sql_database_instance resource (#23897)
storagetransfer: added federated_identity_config field to google_storage_transfer_job resource (#23900)
storagetransfer: added transfer_spec.aws_s3_data_source.cloudfront_domain field to google_storage_transfer_job resource (#23887)

BUG FIXES:

accesscontextmanager: made scopes field as immutable for access_context_manager_access_policy resource. (#23886)
bigquery: fixed handling of non-legacy roles for access block inside google_bigquery_dataset (#23898)
container: fixed an issue causing errors during updates to node_config to be suppressed in google_container_cluster and google_container_node_pool (#23842)

`v6.47.0`

Compare Source

DEPRECATIONS:

compute: deprecated network_self_link field in google_compute_subnetworks data source. Use network_name instead. (#23753)
resourcemanager: deprecated project field in google_service_account_key data source. The field is non functional and can safely be removed from your configuration. (#23813)

FEATURES:

New Data Source: google_artifact_registry_docker_images (#23751)
New Resource: google_apigee_security_action (#23721)
New Resource: google_developer_connect_insights_config (#23789)
New Resource: google_discovery_engine_cmek_config (#23745)
New Resource: google_iam_workforce_pool_iam_binding (#23784)
New Resource: google_iam_workforce_pool_iam_member (#23784)
New Resource: google_iam_workforce_pool_iam_policy (#23784)

IMPROVEMENTS:

backupdr: added backup_retention_inheritance field to google_backup_dr_backup_vault resource (#23817)
bigqueryanalyticshub: added commercial_info and delete_commercial fields in google_bigquery_analytics_hub_listing resource (#23731)
bigqueryanalyticshub: added discovery_type field to google_bigquery_analytics_hub_data_exchange resource (#23801)
bigqueryanalyticshub: added state, discovery_type, and allow_only_metadata_sharing fields to google_bigquery_analytics_hub_listing resource (#23801)
cloudfunction: added automatic_update_policy and on_deploy_update_policy to google_cloudfunctions_function resource (#23819)
cloudrunv2: added gpu_zonal_redundancy_disabled field to google_cloud_run_v2_job resource. (#23811)
compute: added labels field to google_compute_storage_pool resource (#23783)
compute: added network_name field to google_compute_subnetworks data source (#23753)
container: added ip_allocation_policy.additional_ip_ranges_config field to google_container_cluster resource (#23828)
container: added network_config.additional_node_network_configs.subnetwork field to google_container_node_pool resource (#23828)
container: added addons_config.lustre_csi_driver_config field to google_container_cluster resource (#23729)
container: added support for rbac_binding_config in google_container_cluster (#23812)
dataproc: added cluster_config.cluster_tier field to google_dataproc_cluster resource (#23830)
looker: added LOOKER_CORE_TRIAL_STANDARD, LOOKER_CORE_TRIAL_ENTERPRISE, and LOOKER_CORE_TRIAL_EMBED editions to google_looker_instance resource. (#23785)
managedkafka: added tls_config field to google_managed_kafka_cluster resource (#23749)
memorystore: added allow_fewer_zones_deployment field to google_redis_cluster resource (#23800)
storage: added deletion_policy field to google_storage_bucket_object resource (#23816)
vertexai: added custom_delete field to google_vertex_ai_endpoint_with_model_garden_deployment resource (#23788)

BUG FIXES:

bigquery: fixed a crash in google_bigquery_table when configured as an external table with parquet_options (#23808)
cloudrunv2: fixed an issue where manual_instance_count was unable to set to 0 in google_cloud_run_v2_worker_pool. (#23798)
composer: fixed updates failing for recovery_config with explicitly disabled scheduled snapshots (#23715)
iap: fixed an issue where deleting google_iap_settings without setting GOOGLE_PROJECT incorrectly failed (#23724)
storage: removed client-side GCS name validations for google_storage_bucket (#23719)

`v6.46.0`

Compare Source

FEATURES:

New Data Source: google_storage_insights_dataset_config (#23709)
New Resource: google_apigee_api_product (#23648)
New Resource: google_discovery_engine_recommendation_engine (#23692)
New Resource: google_oracle_database_odb_network (#23675)
New Resource: google_oracle_database_odb_subnet (#23694)
New Resource: google_storage_insights_dataset_config (#23707)

IMPROVEMENTS:

compute: added params.resourceManagerTags field to the google_compute_router (#23690)
compute: added in-place update support for provisioned_iops, provisioned_throughput, and access_mode fields in google_compute_region_disk resource (#23697)
dataproc: added authentication_config field to google_dataproc_batch and google_dataproc_session_template resource (#23644)
dataproc: added idle_ttl field to google_dataproc_session_template resource (#23680)
networkconnectivity: added field allocation_options to resource google_network_connectivity_internal_range (#23687)
oracledatabase: added odb_network and odb_subnet fields, and made network and cidr fields optional in google_oracle_database_autonomous_database resource (#23686)
oracledatabase: added odb_network, odb_subnet and backup_odb_subnet fields, and made network, cidr and backup_subnet_cidr fields optional in google_oracle_database_cloud_vm_cluster resource (#23688)
secretmanager: added tags field to google_secret_manager_regional_secret to allow setting tags for regional_secrets at creation time (#23706)
securesourcemanager: added deletion_policy field to google_secure_source_manager_repository resource (#23693)
workbench: added enable_managed_euc field to google_workbench_instance resource. (#23682)
workbench: added reservation_affinity field to google_workbench_instance resource. (#23676)

BUG FIXES:

composer: fixed updates failing for google_composer_environment recovery_config with explicitly disabled scheduled snapshots (#23715)
datastore: fixed a permadiff with google_datastream_connection_profile's create_without_validation field (#23711)
memorystore: fixed bug to allow google_memorystore_instance to be used with no provider default region or with a location that doesn't match the provider default region. (#23666)
networkconnectivity: fixed instances[].ip_address & instances[].virtual_machine fields in linked_router_appliance_instances block being incorrectly treated as immutable for google_network_connectivity_spoke resource (#23705)
resourcemanager: updated service account creation to prevent failures due to eventual consistency in google_service_account resource (#23639)
sql: fixed a provider crash when importing google_sql_database resource (#23643)

`v6.45.0`

Compare Source

DEPRECATIONS:

gemini: deprecated the disable_web_grounding field in the google_gemini_gemini_gcp_enablement_setting resource (#23581)

FEATURES:

New Resource: google_bigtable_schema_bundle (#23585)
New Resource: google_compute_preview_feature (#23631)
New Resource: google_dialogflow_cx_generator (#23605)
New Resource: google_model_armor_floorsetting (#23621)
New Resource: google_vertex_ai_endpoint_with_model_garden_deployment (#23632)

IMPROVEMENTS:

accesscontextmanager: added name to google_access_context_manager_gcp_user_access_binding resource (#23638)
apigee: marked the field access_logging_config immutable in google_apigee_instance resource (#23571)
bigquery: added ignore_auto_generated_schema virtual field to google_bigquery_table resource to ignore server-added columns in the schema field (#23633)
cloudrunv2: added field node_selector in google_cloud_run_v2_job (#23586)
compute: added params.resourceManagerTags field to the google_compute_subnetwork (#23618)
compute: added rule.match.src_secure_tags, rule.target_secure_tags, predefined_rules.match.src_secure_tags and predefined_rules.target_secure_tags fields to google_compute_firewall_policy_with_rules resource (#23635)
dataproc: added cluster_config.security_config.identity_config field to google_dataproc_cluster resource (#23613)
dataproc: updated cluster_config.gce_cluster_config.metadata field to be computed in google_dataproc_cluster resource (#23613)
dialogflowcx: added flexible support to google_dialogflow_cx_webhook resource. (#23582)
gemini: added web_grounding_type field to google_gemini_gemini_gcp_enablement_setting resource (#23581)
netapp: added in-place update support for allow_auto_tiering field in google_netapp_storage_pool resource (#23614)
secretmanager: added tags field to google_secret_manager_secret to allow setting tags for secrets at creation time (#23625)
securesourcemanager: added deletion_policy field to google_secure_source_manager_instance resource (#23606)
sql: added network_attachment_uri field to google_sql_database_instance (#23615)
vmwareengine: added GOOGLE_CLOUD_NETAPP_VOLUMES peering type to resource google_vmwareengine_network_peering (#23628)

BUG FIXES:

modelarmor: fixed conflicting field validation for filter_config.sdp_settings on google_model_armor_template (#23626)
resourcemanager: updated service account creation to prevent failures due to eventual consistency in google_service_account resource (#23639)

`v6.44.0`

Compare Source

FEATURES:

New Data Source: google_compute_network_attachment (#23570)
New Data Source: google_firestore_document (#23553)
New Resource: google_backup_dr_service_config (#23552)
New Resource: google_bigquery_analytics_hub_data_exchange_subscription (#23560)
New Resource: google_gkeonprem_vmware_admin_cluster (#23554)
New Resource: google_network_security_backend_authentication_config (#23555)

IMPROVEMENTS:

alloydb: added machine_config.machine_type field to google_alloydb_instance resource (#23562)
apigee: added access_logging_config field to google_apigee_instance resource (#23522)
apigee: marked access_logging_config field immutable in google_apigee_instance resource (#23571)
backupdr: added in-place update support for google_backup_dr_backup_plan resource (#23537)
compute: added params.resource_manager_tags field to google_compute_firewall resource (#23524)
compute: added application_aware_interconnect and aai_enabled fields to google_compute_interconnect resource (#23567)
compute: added load_balancing_scheme field to google_compute_backend_bucket resource (#23499)
compute: added provisioned_iops and provisioned_throughput fields to google_compute_region_disk resource (#23551)
compute: added specific_reservation.source_instance_template, delete_at_time, delete_after_duration.seconds, delete_after_duration.nanos and reservation_sharing_policy.service_share_type fields to google_compute_reservation resource (#23561)
firestore: added tags field to google_firestore_database resource (#23569)
securesourcemanager: added in-place update support for description field in google_secure_source_manager_repository resource (#23557)
storage: added force_empty_content_type field to google_storage_bucket_object resource (#23568)

BUG FIXES:

artifactregistry: fixed an issue where changes to cleanup_policies were not being applied correctly in google_artifact_registry_repository resource (#23556)
iambeta: fixed perma-diff for jwks_json field when GCP normalizes JSON formatting in google_iam_workload_identity_pool_provider resource (#23526)

`v6.43.0`

Compare Source

DEPRECATIONS:

iap: deprecated google_iap_client and google_iap_brand (#23431)

FEATURES:

New Data Source: google_kms_autokey_config (#23490)
New Data Source: google_kms_key_handle (#23490)
New Data Source: google_kms_key_handles (#23490)
New Data Source: google_network_management_connectivity_test_run (#23497)
New Data Source: google_redis_cluster (#23436)
New Resource: google_contact_center_insights_analysis_rule (#23435)
New Resource: google_kms_autokey_config (#23490)
New Resource: google_kms_key_handle (#23490)
New Resource: google_model_armor_template (#23432)

IMPROVEMENTS:

bigquery: added ignore_schema_changes virtual field to google_bigquery_table resource. Only dataPolicies field is supported in ignore_schema_changes for now. (#23495)
billing: added currency_code to google_billing_account data source (#23474)
compute: added params.resource_manager_tags field to google_compute_network resource (#23421)
compute: added load_balancing_scheme field to google_compute_backend_bucket resource (#23499)
compute: added params.resource_manager_tags field to google_compute_route resource (#23489)
container: added anonymous_authentication_config field to google_container_cluster resource (#23491)
dataplex: added suspended field to google_dataplex_datascan resource (#23456)
discoveryengine: added enable_table_annotation, enable_image_annotation, structured_content_types, exclude_html_elements, exclude_html_classes and exclude_html_ids fields to layout_parsing_config of google_discovery_engine_data_store resource (#23478)
discoveryengine: added kms_key_name field to google_discovery_engine_data_store resource (#23469)
memorystore: added managed_server_ca field to google_memorystore_instance resource (#23430)
secretmanager: added deletion_protection field to google_secret_manager_secret resource to optionally make deleting them require an explicit intent (#23480)
secretmanager: added fetch_secret_data field to google_secret_manager_secret_version to optionally skip fetching the secret data (#23471)

BUG FIXES:

compute: fixed match field in google_compute_router_route_policy resource to be marked as required (#23494)
compute: fixed an issue with bgp_always_compare_med in google_compute_network where it was unable to be set from true to false (#23477)
compute: made no replication status in google_compute_disk_async_replication a retryable error (#23492)
gkeonprem: fixed type of load_balancer.0.bgp_lb_config.0.address_pools.0.manual_assign in google_gkeonprem_bare_metal_cluster, making it a boolean instead of a string (#23472)
integrationconnectors: removed validation from auth configs in google_integration_connectors_connection resource (#23429)

`v6.42.0`

Compare Source

FEATURES:

New Resource: google_apihub_plugin_instance (#23346)
New Resource: google_apihub_plugin (#23407)
New Resource: google_dialogflow_cx_generative_settings (#23394)

IMPROVEMENTS:

cloudidentity: added create_ignore_already_exists field to google_cloud_identity_group_membership resource (#23376)
compute: added access_mode field to google_compute_region_disk resource (#23409)
compute: added match.src_secure_tags and target_secure_tags fields to google_compute_firewall_policy_rule resource (#23414)
compute: added params.resource_manager_tags field to google_compute_network resource (#23421)
compute: added resource_policies.workload_policy field to google_compute_instance_group_manager resource (#23420)
container: added confidential_nodes.confidential_instance_type field to google_container_cluster resource (#23410)
container: added gke_auto_upgrade_config field to google_container_cluster resource (#23411)
container: added node_config.confidential_nodes.confidential_instance_type field to google_container_node_pool resource (#23410)
firestore: revoked deprecation of deletion_policy field in google_firestore_database resource (#23403)
memorystore: added kms_key field to google_memorystore_instance resource (#23396)
redis: added effective_reserved_ip_range field to google_redis_instance resource (#23384)
secretmanager: added deletion_protection field to google_secret_manager_regional_secret resource (#23398)
spanner: added encryption_config.kms_key_name field to google_spanner_backup_schedule resource (#23378)
storage: added allow_cross_org_vpcs and allow_all_service_agent_access fields to google_storage_bucket resource (#23405)

BUG FIXES:

alloydb: removed machine_config.machine_type field from google_alloydb_instance resource because it is not yet supported in GA (#23415)
bigqueryanalyticshub: supported in-place update for log_linked_dataset_query_user_email in google_bigquery_analytics_hub_listing and google_bigquery_analytics_hub_data_exchange resources. Once enabled, this feature cannot be disabled. (#23391)
bigquerydatatransfer: stopped surfacing persistent warnings recommending write-only field when using secret_access_key on google_bigquery_data_transfer_config (#23417)
memorystore: added the ability to set the replica_count field in google_memorystore_instance resource to 0 (#23412)
monitoring: made description and displayName optional and mutable in google_monitoring_metric_descriptor resource (#23381)
redis: fixed reserved_ip_range field not being populated for google_redis_instance data source (#23384)
secretmanager: stopped surfacing persistent warnings recommending write-only field when using secret_data on google_secret_manager_secret_version (#23417)
sql: stopped surfacing persistent warnings recommending write-only field when using password on google_sql_user (#23417)
workbench: added support for setting serial-port-logging-enable key in metadata field in google_workbench_instance resource (#23406)

`v6.41.0`

Compare Source

BREAKING CHANGES:

lustre: added per_unit_storage_throughput as a required field to google_lustre_instance resource in response to a change in the API surface (#23319)

FEATURES:

New Data Source: google_dataplex_data_quality_rules (#23255)
New Resource: google_apihub_plugin_instance (#23346)
New Resource: google_contact_center_insights_view (#23263)
New Resource: google_dataproc_session_template (#23288)
New Resource: google_dialogflow_encryption_spec (#23335)

IMPROVEMENTS:

alloydb: added network_config.allocated_ip_range_override field to google_alloydb_instance resource (#23330)
bigqueryanalyticshub: added log_linked_dataset_query_user_email field to google_bigquery_analytics_hub_data_exchange resource (#23271)
bigqueryanalyticshub: added log_linked_dataset_query_user_email field to google_bigquery_analytics_hub_listing_subscription resource (#23286)
bigqueryanalyticshub: added pubsub_topic field to google_bigquery_analytics_hub_listing resource (#23334)
bigtable: added row_key_schema to google_bigtable_table resource (#23337)
cloudasset: added support for universe domain handling for google_cloud_asset_resources_search_all datasource (#23318)
cloudquotas: added inherited and inherited_from fields to google_cloud_quotas_quota_adjuster_settings resource (#23339)
compute: added CROSS_SITE_NETWORK enum option to requested_features field in google_compute_interconnect resource (#23316)
compute: added TLS_JA4_FINGERPRINT option to enforce_on_key field in google_compute_region_security_policy, google_compute_security_policy, and google_compute_security_policy_rule resources (#23270)
compute: added send_propagated_connection_limit_if_zero to google_compute_service_attachment to resolve an issue where propagated_connection_limit were not working for 0 value previously. Now setting send_propagated_connection_limit_if_zero = true will send propagated_connection_limit = 0 when it's unset or set to 0. (#23325)
compute: promoted default_custom_error_response_policy to GA in google_compute_url_map (#23268)
container: added performance_monitoring_unit in node_config/advanced_machine_features to 'google_container_cluster' resource (#23260)
container: added release_channel_upgrade_target_version to google_container_engine_versions data source (#23336)
dataplex: added support for discovery scan in google_dataplex_datascan resource (#23291)
dns: added target_name_servers.domain_name field to google_dns_managed_zone resource (#23265)
provider: added support for adc impersonation in different universes (#23320)
storage: added source_md5hash field in google_storage_bucket_object (#23267)

BUG FIXES:

compute: fixed google_compute_firewall_policy_rule staying disabled after apply with disabled = false (#23329)
compute: marked name in google_compute_node_group, google_compute_node_template as required as it was impossible to create successfully without a value (#23345)
sql: fixed an error in updating connection_pool_config in google_sql_database_instance (#23332)
tags: fixed perma-diff for parent field in google_tags_location_tag_binding resource (#23331)

hashicorp/terraform-provider-google-beta (google-beta)

`v7.12.0`

Compare Source

`v7.11.0`

Compare Source

DEPRECATIONS:

pubsublite: google_pubsub_lite_reservation will be turned down effective March 18, 2026. Use google_pubsub_reservation instead. (#11022)
pubsublite: google_pubsub_lite_subscription will be turned down effective March 18, 2026. Use google_pubsub_subscription instead. (#11022)
pubsublite: google_pubsub_lite_topic will be turned down effective March 18, 2026. Use google_pubsub_topic instead. (#11022)

BREAKING CHANGES:

netapp: made google_netapp_volume.export_policy.rules.squash_mode not preserve values returned by the API. Without this change, unsetting squash_mode in the provider can cause an API error. (#11023)

FEATURES:

New Data Source: google_artifact_registry_python_packages (#11017)
New Data Source: google_cloud_identity_policy (#10991)
New Data Source: google_compute_reservation_block (#11005)
New Data Source: google_compute_reservation_sub_block (#11005)
New Resource: google_ces_deployment (#10990)
New Resource: google_ces_example (#11020)
New Resource: google_compute_region_health_aggregation_policy (#10995)
New Resource: google_discovery_engine_user_store (#11018)

IMPROVEMENTS:

bigquery: added external_data_configuration.decimal_target_types to google_bigquery_table (#10983)
compute: added internal_ipv6_prefix field to the google_compute_subnetwork resource (#11007)
compute: added ipv6_access_type field and INTERNAL_IPV6_SUBNETWORK_CREATION as a supported value for the mode field in google_compute_public_delegated_prefix resource (#10985)
compute: added ipv6_access_type field to google_compute_public_advertised_prefix resource (#10978)
dataplex: added data_documentation_spec field to google_dataplex_datascan resource to support the DATA_DOCUMENTATION scan type (#11014)
dataproc: added resource_manager_tags to google_dataproc_cluster resource (#11021)
lustre: added placement_policy field to google_lustre_instance resource (#11011)
netapp: added cache_parameters field to google_netapp_volume resource (#10976)
secretmanager: added project and short name support for secret on google_secret_manager_secret_version (#11015)
secretmanager: added project and short name support for secret on ephemeral google_secret_manager_secret_version (#11015)

BUG FIXES:

alloydb: fixed issue with creation when initial_user.password was set to a computed value in google_alloydb_cluster (#11006)
bigquery: fixed extraneous diffs in google_bigquery_table.external_data_configuration.schema (#10983)
compute: fixed a breaking change in google_compute_instance introduced in 7.9.0 where a destroy-diff is prompted for instances with preset GPUs (#10998)
container: added KUBE_DNS as an accepted value for cluster_dns field on google_container_cluster (#10997)
netapp: fixed bug where unsetting export_policy.rules.squash_mode on google_netapp_volume can cause an API error (#11023)
pubsub: fixed bug where google_pubsub_subscription could only be updated if bigquery_config was modified (#10996)
sql: fixed bug where final_backup_description in google_sql_database_instance resource wasn't set on the final backup on delete (#11019)
storage: fixed bug where certain changes to google_storage_bucket_acl.role_entity were ignored (#10994)
workstations: fixed bug in google_workstations_workstation where setting source_workstation caused a permadiff that forced recreation (#10986)
vmwareengine: made deletion of google_vmwareengine_private_cloud wait until the deletion completes (#11010)

`v7.10.0`

Compare Source

BREAKING CHANGES:

alloydb: marked initial_user.password as required on create of new google_alloydb_cluster resources. This change aligns the provider with existing API constraints to surface errors earlier. (#10999)

FEATURES:

New Resource: google_ces_app (#10950)
New Resource: google_ces_toolset (#10967)
New Resource: google_discovery_engine_control (#10966)
New Resource: google_netapp_host_group (#10959)
New Resource: google_network_security_mirroring_endpoint (beta) (#10941)
New Resource: google_network_services_multicast_domain (#10952)
New Resource: google_privileged_access_manager_settings (#10961)
New Ephemeral Resource: google_client_config (#10975)

IMPROVEMENTS:

cloudfunctions2: added direct_vpc_network_interface and direct_vpc_egress field to google_cloudfunctions2_function resource (#10971)
cloudrunv2: added template.container.depends_on field to google_cloud_run_v2_worker_pool resource (#10970)
container: added network_tier_config to google_container_cluster resource. (#10960)
eventarc: added labels field to google_eventarc_channel resource (#10944)
netapp: added block_devices field and ISCSI protocol support to goolge_netapp_volume resource, and increased timeouts on its operations (#10974)
netapp: added additional field type in google_netapp_storage_pool resource (#10953)
vertexai: added psc_automation_configs field to google_vertex_ai_endpoint resource (#10956)
vertexai: added sync_config.continuous field to google_vertex_ai_feature_online_store_featureview (#10964)

BUG FIXES:

accesscontextmanager: fixed issue where google_access_context_manager_service_perimeter_[dry_run_][egress|ingress]_policy caused the provider to crash when a provided identity casing was invalid. (#10968)
apigee: fixed issue where credentials block was not populated in the Terraform state in google_apigee_developer_app resource (#10963)
compute: fixed google_compute_network_firewall_policy_rule staying disabled after apply with disabled = false (#10962)
compute: fixed a breaking change in google_compute_instance introduced in 7.9.0 where a destroy-diff is prompted for instances with preset GPUs (#10998)
compute: resolve permadiff for display_name in new deployments of google_compute_organization_security_policy (#10965)
storage: fixed a conversion error in google_storage_bucket state migration. This bug impacted Pulumi users. (#10943)

`v7.9.0`

Compare Source

BREAKING CHANGES:

beyondcorp: made the ports field in endpoint_matchers required in response to a change in the API surface. (#10909)

FEATURES:

New Resource: google_firestore_user_creds (#10922)
New Resource: google_network_security_dns_threat_detector (#10898)

IMPROVEMENTS:

appengine: added ssl_policy to application on google_app_engine_application resource (#10915)
bigquery: added support for IAM conditions in google_bigquery_dataset_iam_* resources (#10913)
container: added dns_endpoint_confg.enable_k8s_tokens_via_dns and dns_endpoint_config.enable_k8s_certs_via_dns fields to google_container_cluster resource (#10910)
container: added fleet.membership_type field to google_container_cluster resource (#10901)
dataplex: added data_classification field to google_dataplex_aspect_type resource (#10929)
iamworkforcepool: added scim_usage field to workforce_pool_provider resource (#10916)
memorystore: added available_maintenance_versions field to google_memorystore_instance resource (#10899)
memorystore: added maintenance_version field to google_memorystore_instance resource (#10896)
redis: added available_maintenance_versions field to google_redis_cluster resource (#10899)
redis: added maintenance_version field to google_redis_cluster resource (#10896)
storagetransfer: added transfer_manifest field to google_storage_transfer_job resource (#10907)

BUG FIXES:

bigquery: added validation for target_types in google_bigquery_dataset_access (#10932)
cloudquotas: resolved permadiff for preferred_value in google_cloud_quotas_quota_preference (#10911)
compute: fixed scenario where google_compute_instance would not be staged for recreation if guest_accelerator.count was updated to 0 from non-zero value (#10902)
sql: fixed an issue where dataDiskSize was unintentionally null instead of set to the current value in API requests, triggering unrelated errors (#10919)

`v7.8.0`

Compare Source

FEATURES:

New Data Source: google_artifact_registry_packages (#10869)
New Data Source: google_network_management_connectivity_tests (#10856)
New Resource: google_apigee_environment_api_revision_deployment (#10862)
New Resource: google_dataplex_entry_link (#10893)
New Resource: google_discovery_engine_assistant (#10885)
New Resource: google_observability_trace_scope (#10873)
New Resource: google_oracle_database_db_system (#10889)
New Resource: google_saas_runtime_unit (#10865)

IMPROVEMENTS:

compute: added IN_FLIGHT to balancing_mode on google_compute_backend_service resource (#10875)
compute: added ncc_gateway field to google_compute_router resource (beta) (#10894)
compute: added new field instance_lifecycle_policy.on_repair.allow_changing_zone to google_compute_region_instance_group_manager & google_compute_instance_group_manager (#10871)
compute: promoted security_policy in compute_region_backend_service resource to GA (#10866)
compute: promoted the google_compute_preview_feature resource to GA. (#10886)
compute: the activation_status attribute within the google_compute_preview_feature resource now uses the ACTIVATION_STATE_UNSPECIFIED value instead of DISABLED. Support for DISABLED will be added in a future release. (#10886)
datastream: added backfill_all.mongodb_excluded_objects and source_config.mongodb_source_config fields to google_datastream_stream (#10888)
datastream: added mongodb_profile field to google_datastream_connection_profile (#10888)
discoveryengine: added connector_modes, sync_mode, incremental_refresh_interval, auto_run_disabled, and incremental_sync_disabled fields to google_discovery_engine_data_connector resource (#10863)
discoveryengine: added kms_key_name field to google_discovery_engine_search_engine resource (#10863)
discoveryengine: added in-place update support for entities.params and entities.key_property_mappings in google_discovery_engine_data_connector (#10895)
dlp: added publish_findings_to_dataplex_catalog field to google_data_loss_prevention_job_trigger (#10883)
iambeta: allowed GKE workload identity pool pattern in workload_identity_pool_id field of google_iam_workload_identity_pool resource. (#10861)
memorystore: added maintenance_version field to google_memorystore_instance resource (#10896)
memorystore: added available_maintenance_versions field to google_memorystore_instance resource (#10899)
networkconnectivity: added HYBRID_INSPECTION enum value to preset_topology field in google_network_connectivity_hub resource (#10894)
networkconnectivity: added gateway field to google_network_connectivity_spoke resource (beta) (#10894)
networkservices: added isolationConfig on google_network_services_service_lb_policies resource (#10858)
redis: added deletion_protection field to redis_instance to make deleting them require an explicit intent. redis_instance resources now cannot be destroyed unless deletion_protection = false is set for the resource. (#10860)
redis: added maintenance_version field to google_redis_cluster resource (#10896)
redis: added available_maintenance_versions field to google_redis_cluster resource (#10899)
saas_runtime: added default_release field to google_saas_runtime_unit_kind resource (#10887)
sql: added read_pool_auto_scale_config support to sql_database_instance resource (#10884)

BUG FIXES:

bigquery: fixed the issue where google_bigquery_table detected an incorrect schema diff on tables with row access policies when the schema was unchanged. (#10876)
compute: allow requested_link_count to be updated in-place in google_compute_interconnect resource (#10870)

`v7.7.0`

Compare Source

BREAKING CHANGES:

discoveryengine: changed type of google_discovery_engine_data_connector.entities.params. Previously, it was a map of string keys to string values; now, it must be a JSON-encoded string containing an object. This change is being made in a minor release because the field wasn't usable as intended – specifically, all current valid uses require mapping strings to lists of strings. (#10863)

FEATURES:

New Data Source: google_network_management_connectivity_tests (#10856)
New Resource: google_apigee_developer_app (#10851)
New Resource: google_discovery_engine_license_config (#10848)
New Resource: google_iam_workforce_pool_provider_scim_tenant (#10834)
New Resource: google_kms_project_kaj_policy_config (#10850)
New Resource: google_saas_runtime_tenant (#10841)

IMPROVEMENTS:

apigee: updated the scopes argument in google_apigee_api_product resource to be order-insensitive. (#10851)
beyondcorp: added proxy_protocol_config and service_discovery fields to google_beyondcorp_security_gateway resource (#10842)
cloudrunv2: added health_check_disabled field to google_cloud_run_v2_service resource. (#10839)
compute: added params field to google_compute_router resource (GA) (#10844)
discoveryengine: added connector_modes, sync_mode, incremental_refresh_interval, auto_run_disabled, and incremental_sync_disabled fields to google_discovery_engine_data_connector resource (#10863)
discoveryengine: added kms_key_name field to google_discovery_engine_search_engine resource (#10863)
dlp: added publish_to_dataplex_catalog field to discovery_config resource (#10849)
gkeonprem: made it possible to set the on_prem_version field on google_gkeonprem_vmware_node_pool (previously output-only) (#10847)
memcache: added deletion_protection field to memcache_instance to make deleting them require an explicit intent. memcache_instance resources now cannot be destroyed unless deletion_protection = false is set for the resource. (#10846)
metastore: added tags field to google_dataproc_metastore_service and 'google_dataproc_metastore_federation' resources to allow setting tags for services and federation at creation time (#10854)
networksecurity: added URL_FILTERING option to enum field type for google_network_security_security_profile resource (#10829)
networksecurity: added url_filtering_profile field to google_network_security_security_profile_group resource (#10829)
networksecurity: added url_filtering_profile field to google_network_security_security_profile resource (#10829)
sql: added source_instance_deletion_time field to google_sql_database_instance_latest_recovery_time data source (#10827)
sql: added source_instance_deletion_time field to google_sql_database_instance resource (#10827)

BUG FIXES:

bigqueryanalyticshub: fixed google_bigquery_analytics_hub_listing_subscription import (#10855)
discoveryengine: fixed bug where it wasn't possible to specify values for knowledgeBaseSysId or catalogSysId in google_discovery_engine_data_connector.entities.params. (#10863)

`v7.6.0`

Compare Source

DEPRECATIONS:

networksecurity: deprecated ignore_case, exact, prefix, suffix and contains fields in http_rules.from.not_sources.principals and http_rules.from.sources.principals blocks in google_network_security_authz_policy resource. Use the equivalent fields in http_rules.from.not_sources.principals.principal or http_rules.from.sources.principals.principal instead. (#10809)

BREAKING CHANGES:

container: node_config blocks that had set kubelet_config without explicitly setting cpu_cfs_quota implicitly set cfu_cfs_quota to false when unset. From this version onwards, an unset cpu_cfs_quota will instead match the API default of true true. Resources that are recreated will receive the new value; old resources are unaffected, and may change values by explicitly setting the intended one. (#10823)
storageinsights: removed activity_data_retention_period_days field from google_storage_insights_dataset_config resource due to a delayed launch. It will be readded when the feature launches. (#10824)

FEATURES:

New Resource: google_kms_folder_kaj_policy_config (#10798)
New Resource: google_vertex_ai_cache_config (#10807)
New Resource: google_vertex_ai_reasoning_engine (#10797)

IMPROVEMENTS:

backupdr: added data_source and rules_config_info fields to google_backup_dr_backup_plan_associations datasource (#10802)
beyondcorp: added external, proxy_protocol, and schema fields to google_beyondcorp_security_gateway_application resource (#10808)
beyondcorp: changed endpoint_matchers field to not be required anymore in the google_beyondcorp_security_gateway_application resource (#10808)
bigquery: added reservation field to google_bigquery_job resource (#10796)
compute: added backend.max_in_flight_requests, backend.max_in_flight_requests_per_instance, backend.max_in_flight_requests_per_endpoint and backend.traffic_duration fields to google_compute_backend_service resource (#10799)
compute: added shared_secret_wo and shared_secret_wo_version fields to google_compute_vpn_tunnel resource, enabling write-only management of the shared secret. (#10788)
dlp: added SENSITIVITY_UNKNOWN as possible enum value for actions.tag_resources.tag_conditions.sensitivity_score.score in google_data_loss_prevention_discovery_config resource (#10820)
dlp: added actions.save_findings.output_config.storage_path field to google_data_loss_prevention_job_trigger resource (#10816)
lustre: increased creation timeout from 20min to 40min for google_lustre_instance resource (#10817)
netapp: added hybrid_replication_user_commands field with subfield commands to google_netapp_volume_replication resource (#10813)
netapp: added replication_schedule, hybrid_replication_type, large_volume_constituent_count fields to hybrid_replication_parameters field in google_netapp_volume resource (#10813)
networksecurity: added ip_blocks field to google_network_security_authz_policy resource (#10809)
secretmanager: added ephemeral support for google_secret_manager_secret_version resource (#10821)
sql: added source_instance_deletion_time field to google_sql_database_instance_latest_recovery_time data source (#10827)
sql: added source_instance_deletion_time field to google_sql_database_instance resource (#10827)
storagetransfer: added user_project_override and billing_project fields to google_storage_transfer_job resource (#10790)

BUG FIXES:

container: fixed the default for node_config.kubelet_config.cpu_cfs_quota on google_container_cluster, google_container_node_pool, google_container_cluster.node_pool to align with the API. Terraform will now send a true value when the field is unset on creation, and preserve any previously set value when unset. Explicitly set values will work as defined in configuration. (#10823)

`v7.5.0`

Compare Source

BREAKING CHANGES:

netapp: changed peer_ip_addresses field type from String to Array in google_netapp_volume resource, as it was unusable otherwise (#10757)

FEATURES:

New Data Source: google_artifact_registry_maven_artifacts (#10785)
New Data Source: google_artifact_registry_npm_packages (#10784)
New Resource: google_apigee_api_deployment (#10776)
New Resource: google_discovery_engine_data_connector (#10778)
New Resource: google_kms_organization_kaj_policy_config (#10777)
New Resource: google_saas_runtime_rollout_kind (#10764)

IMPROVEMENTS:

cloudrunv2: added startup_probe and liveness_probe to google_cloud_run_v2_worker_pool resource (#10749)
compute: added bandwidth_allocation field to google_compute_wire_group resource (#10770)
compute: added shared_secret_wo and shared_secret_wo_version fields for google_compute_vpn_tunnel resource, enabling write-only management of the shared secret. (#10788)
dialogflow: added new_recognition_result_notification_config field to google_dialogflow_conversation_profile resource (#10775)
discoveryengine: added features field to google_discovery_engine_search_engine resource (#10762)
dlp: added other_cloud_target and other_cloud_starting_location to google_data_loss_prevention_discovery_config (#10773)
gkebackup: added backup_config.selected_namespace_labels field to google_gke_backup_backup_plan resource (#10756)
looker: added gemini_enabled field to google_looker_instance resource (#10771)
netapp: added hot_tier_size_used_gib fields to google_netapp_volume (#10766)
netapp: added cold_tier_size_used_gib and hot_tier_size_used_gib fields to google_netapp_storage_pool (#10766)
networksecurity: added type and mirroring_deployment_groups fields to google_network_security_mirroring_endpoint_group resource (#10783)
oracledatabase: added gcp_oracle_zone field to google_oracle_database_odb_network resource (#10767)
privilegedaccessmanager: added approval_workflow.steps.id field to google_privileged_access_manager_entitlement resource (#10750)
pubsub: added support for tags field to google_pubsub_topic and google_pubsub_subscription resources (#10760)
sql: added point_in_time_restore_context field to google_sql_database_instance (#10786)
storage: added force_destroy field to google_storage_insights_report_config resource (#10772)
storageinsights: added activity_data_retention_period_days field to google_storage_insights_dataset_config resource (#10769)
vertexai: added endpoint_config.private_service_connect_config block to google_vertex_ai_endpoint_with_model_garden_deployment resource (#10754)
vertexai: added encryption_spec.kms_key_name field to google_vertex_ai_index_endpoint resource (#10787)
vertexai: added encryption_spec.kms_key_name field to google_vertex_ai_index resource (#10759)

BUG FIXES:

apihub: fixed a permadiff on config_template in google_apihub_plugin resource (#10758)
storage: fixed a panic caused by empty cors blocks google_storage_bucket resource (#10781)

`v7.4.0`

Compare Source

DEPRECATIONS:

compute: deprecated the option to deploy a container during VM creation using the container startup agent in google_compute_instance. Use alternative services to run containers on your VMs. Learn more at https://cloud.google.com/compute/docs/containers/migrate-containers. (#10725)

FEATURES:

New Data Source: google_artifact_registry_maven_artifact (#10718)
New Data Source: google_compute_interconnect_location (#10727)
New Resource: google_network_services_wasm_plugin (#10742)

IMPROVEMENTS:

compute: added scheduling.0.skip_guest_os_shutdown field to google_compute_instance_template resource (#10729)
compute: added scheduling.0.skip_guest_os_shutdown field to google_compute_instance resource (#10729)
compute: added scheduling.0.skip_guest_os_shutdown field to google_compute_region_instance_template resource (#10729)
compute: added tunneling_config field to google_compute_service_attachment resource (#10730)
container: added auto_ipam_config to google_container_cluster resource. (#10737)
privilegedaccessmanager: added privileged_access.gcp_iam_access.role_bindings.id field to google_privileged_access_manager_entitlement resource (#10743)
storage: added support for timeouts to google_storage_bucket_iam_binding, google_storage_bucket_iam_member, google_storage_bucket_iam_policy resources (#10726)

BUG FIXES:

bigtable: fixed node_scaling_factor forcing new instance on google_bigtable_instance when adding new cluster (#10744)
cloudscheduler: fixed a type assertion panic in google_cloud_scheduler_job when processing HTTP headers with nil or unexpected data types (#10720)
compute: fixed the Network field cannot be modified issue in google_compute_region_backend_service. Now updating the network field will force the resource to be recreated (#10738)
netapp: fixed incorrect default value handling in google_netapp_volume for export_policy.rules attributes has_root_access and squash_mode. When not specified, these fields will now take on the API default value with no diff. (#10736)
netapp: updated google_netapp_storage_pool to source the default value for the qos_type field from the API. If not specified in the configuration, qos_type will now default to the value provided by the NetApp Volumes API. (#10735)
sql: fixed the permadiffs on disk_size when disk_autoresize is enabled in google_sql_database_instance (#10739)
workbench: added retry for unable to queue the operation 409 errors in google_workbench_instance resource. (#10733)

`v7.3.0`

Compare Source

FEATURES:

New Data Source: google_backup_dr_data_source_reference (#10707)
New Resource: google_bigquery_datapolicyv2_data_policy (#10693)
New Resource: google_saas_runtime_release (#10685)
New Resource: google_secure_source_manager_hook (#10706)

IMPROVEMENTS:

cloudrun: added sub_path field to google_cloud_run_service resource. (#10705)
cloudrunv2: added sub_path field to google_cloud_run_v2_service google_cloud_run_v2_job and google_cloud_run_v2_worker_pool resource. (#10705)
compute: added labels and label_fingerprint fields to google_compute_security_policy resource (#10696)
compute: labels under initialize_params are now updatable on google_compute_instance (#10710)
container: added new fields memory_manager and topology_manager to node_kubelet_config block (#10681)
datastream: added destination_config.bigquery_destination_config.source_hierarchy_datasets.project_id field to google_datastream_stream resource (#10704)
discoveryengine: added app_type field to google_discovery_engine_search_engine resource (#10694)
gkeonprem: added proxy field to google_gkeonprem_vmware_admin_cluster resource (#10702)
healthcare: added validation_config to google_healthcare_fhir_store resource (#10700)
iamworkforcepool: added extended_attributes field to workforce_pool_provider resource (#10688)
netapp: added export_policy.rules.squash_mode field to google_netapp_volume resource. (#10711)
privateca: added encryption_spec field to google_privateca_ca_pool resource (#10699)
run: added connector to vpcAccess on google_cloud_run_v2_worker_pool resource (#10701)
tags: added the DATA_GOVERNANCE value to google_tags_tag_key.purpose (#10687)

BUG FIXES:

bigquery: updated the schema change detection for google_bigquery_table to take into account presence of row access policy (#10683)
compute: fixed allow_global_access to correctly be immutable for google_compute_forwarding_rule resources with load balancing scheme of INTERNAL_MANAGED (#10692)
compute: fixed a crash in google_compute_security_policy due to a changed API response for empty match.0.expr_options blocks (#10715)
dialogflow: added support for non-global endpoints for google_dialogflow_conversation_profile (#10712)
publicca: use RawURLEncoding instead of URLEncoding for unpadded base64 encoding (#10682)
secretmanager: fixed a panic in google_secret_manager_secret_version in a secret_manager (#10698)
workbench: fixed issue that resource creation with computed labels field fails in google_workbench_instance resource (#10691)
workbench: made report-notebook-metrics metadata key settable for google_workbench_instance (#10690)

`v7.2.0`

Compare Source

FEATURES:

New Data Source: google_artifact_registry_python_package (#10671)
New Data Source: google_backup_dr_data_source_references (#10672)
New Resource: google_discovery_engine_acl_config (#10680)
New Resource: google_saas_runtime_unit_kind (#10652)

IMPROVEMENTS:

chronicle: made the scope_info field in google_chronicle_reference_list configurable (#10663)
compute: added header_action to path_matcher and default_service level on google_compute_region_url_map resource (#10665)
container: added secret_manager_config.rotation_config field to google_container_cluster resource (#10659)
container: added new fields memory_manager and topology_manager to google_container_cluster.node_config.kubelet_config and google_container_node_pool.node_config.kubelet_config (#10681)
healthcare: added consent_config field to google_healthcare_fhir_store resource (#10666) New Resource: google_network_management_organization_vpc_flow_logs_config (#10660)
sql: added final_backup_description and final_backup_config fields to google_sql_database_instance resource (#10678)
storage: added aws_s3_compatible_data_source to google_storage_transfer_job resource (#10656)

BUG FIXES:

provider: fixed an issue with universe_domain where the provider tried to connect to "googleapis.com" for user email logging when universe_domain was set (#10654)
container: fixed a faulty diff for arrays on user_managed_keys_config that caused faulty cluster updates to be triggered in google_container_cluster (#10668)
osconfig: fixed permadiff in google_osconfig_patch_deployment where patch_config.yum.minimal doesn't send false for empty values (#10661)

`v7.1.1`

Compare Source

BUG FIXES:

bigtable: fixed an error encountered when applying google_bigtable_table_iam_* resources after upgrading to 7.x and replacing instance with instance_name (#10667)

`v7.1.0`

Compare Source

DEPRECATIONS:

container: deprecated enterprise_config field in google_container_cluster resource. GKE Enterprise features are now available without an Enterprise tier. (#10646)
storage: removed deprecated status for field to detect_md5hash in google_storage_bucket_object resource (#10605)

FEATURES:

New Data Source: google_iap_web_forwarding_rule_service_iam_policy (#10621)
New Resource: google_iap_web_forwarding_rule_service_iam_binding (#10621)
New Resource: google_iap_web_forwarding_rule_service_iam_member (#10621)
New Resource: google_iap_web_forwarding_rule_service_iam_policy (#10621)

IMPROVEMENTS:

artifactregistry: added registry_uri as attribute to google_artifact_registry_repository (#10618)
backupdr: added create_time field to google_backup_dr_backup data source (#10626)
cloudbuild: added worker_config.enable_nested_virtualization field to google_cloudbuild_worker_pool resource (#10619)
cloudrunv2: added support for multi_region_settings field to google_cloud_run_v2_service resource (#10607)
compute: add params.resource_manager_tags field to the google_compute_region_backend_service (#10634)
compute: added public_delegated_sub_prefixs field to resource google_compute_public_delegated_prefix (#10638)
compute: added update_strategy field to google_compute_network_peering resource (#10623)
firestore: added unique field to google_firestore_index resource (#10617)
netapp: added qos_type and available_throughput_mibps fields to google_netapp_storage_pool resource (#10615)
netapp: added throughput_mibps field to google_netapp_volume resource (#10615)
networkservices: allowed EXPLICIT_ROUTING_MODE for routing_mode on google_network_services_gateway resource (#10608)
sql: added consumer_network_status, ip_address, and status fields to psc_auto_connections field on google_sql_database_instance resource (#10637)
storagetransfer: added service_account field to google_storage_transfer_job resource (#10635)
storagetransfer: added transfer_spec.aws_s3_data_source.credentials_secret to google_storage_transfer_job resource (#10609)

BUG FIXES:

compute: fixed certain spurious diffs for google_compute_region_backend_service.backend.group (#10611)
compute: fixed permadiff on google_compute_region_network_endpoint_group when no network is specified (#10625)
memorystore: fixed permadiffs that cause destroy+recreate on new google_memorystore_instance when desired_psc_auto_connections is set (#10648)
netapp: fixed a permadiff on total_iops in google_netapp_storage_pool resource (#10643)
oracledatabase: fixed permadiffs on google_oracle_database_autonomous_database resource for the odb_network and odb_subnet fields (#10627)

`v7.0.1`

Compare Source

BUG FIXES:

storage: fixed a conversion crash in google_storage_bucket state migration #10629

`v7.0.0`

Compare Source

Terraform Google Provider 7.0.0 Upgrade Guide

BREAKING RESOURCE REMOVALS:

beyondcorp: removed google_beyondcorp_application, its associated IAM resources google_beyondcorp_application_iam_binding, google_beyondcorp_application_iam_member, and google_beyondcorp_application_iam_policy, and the google_beyondcorp_application_iam_policy datasource. Use google_beyondcorp_security_gateway_application instead. #10536
notebooks: removed google_notebooks_location #10350
tpu: removedgoogle_tpu_node. Use google_tpu_v2_vm instead. #10516

BREAKING FIELD REMOVALS:

cloudrunv2: removed template.containers.depends_on within resource google_cloud_run_v2_worker_pool #10444
colab: removed post_startup_script_config field from from google_colab_runtime_template resource #10555
compute: removed field enable_flow_logs from google_compute_subnetwork #10398
gkehub: removed configmanagement.binauthz field in google_gke_hub_feature_membership #10585
gkehub: removed description field in google_gke_hub_membership #10344
memorystore: removed allow_fewer_zones_deployment field from google_memorystore_instance resource because it isn't user-configurable #10588
redis: removed allow_fewer_zones_deployment field from google_redis_cluster resource because it isn't user-configurable #10588
resourcemanager: removed non-functional project field from google_service_account_key datasource #10537

BREAKING INCREASED VALIDATION:

cloudfunctions2: made event_type a required field for event_trigger in google_cloudfunctions2_function #10501
networkservices: made load_balancing_scheme required in google_network_services_lb_traffic_extension #10419
sql: made password_wo_version required when password_wo is set in google_sql_user #10591
storage: added validation requiring the topic field to be in the form "projects//topics/" in google_storage_notification #10602
storagetransfer: added path validation for GCS path source and sink in google_storage_transfer_job #10297
vertexai: made metadata, and metadata.config required in google_vertex_ai_index. Resource creation would fail without these attributes already, so no change is necessary to existing configurations. #10520

OTHER BREAKING CHANGES:

provider: fixed many import functions throughout the provider that erroneously matched a subset of the provided input, leading to unclear error messages when using terraform input with invalid resource IDs. #10545
alloydb: added deletion_protection field with a default value of true to google_alloydb_cluster resource #10553
apigee: changed certs_info field in google_apigee_keystores_aliases_key_cert_file to be output-only #10602
apigee: migrated google_apigee_keystores_aliases_key_cert_file to the plugin framework #10602
artifactregistry: removed the default values for public_repository fields in google_artifact_registry_repository. If your state is reliant on them, they will now need to be manually included in your configuration. #10519
bigquery: removed the default value of view.use_legacy_sql in google_bigquery_table #10578
bigtable: renamed instance to instance_name for bigtable_table_iam objects #10248
billing: made budget_filter.credit types and budget_filter.subaccounts no longer optional+computed, only optional, in google_billing_budget resource #10587
cloudfunctions2: changed service_config.service field in google_cloudfunctions2_function resource to be output-only #10432
compute: subnetworks and instances fields in google_compute_packet_mirroring have been converted from arrays to sets #10550
compute: advertised_ip_ranges field group in google_compute_router has been converted from a list to a set #10557
compute: disk.type, disk.mode and disk.interface no longer use provider configured default values and instead will be set by the API in google_compute_instance_template and google_compute_region_instance_template resources #10569
gkehub: updated beta api endpoint from v1beta1 to v1beta #10344
resourcemanager: changed disable_on_destroy default value to false in google_project_service #10508
securesourcemanager: changed deletion_policy default value from DELETE to PREVENT #10515
storage: changed retention_period to string data type in resource google_storage_bucket #10311
storage: migrated google_storage_notification to the plugin framework #10602

FEATURES:

New Data Source: google_artifact_registry_npm_package (#10582)
New Data Source: google_certificate_manager_dns_authorization (#10544)
New Resource: google_iap_web_region_forwarding_rule_service_iam_binding (#10561)
New Resource: google_iap_web_region_forwarding_rule_service_iam_member (#10561)
New Resource: google_iap_web_region_forwarding_rule_service_iam_policy (#10561)
New Resource: google_saas_runtime_saas (#10556)

IMPROVEMENTS:

bigquery: added support for "connection_properties" for bigquery to google_bigquery_job (beta) (#10554)
cloudbuild: added developer_connect_event_config field to google_cloudbuild_trigger resource (#10563)
cloudtasks: added desired_state field to google_cloud_tasks_queue resource (#10567)
cloudrunv2: added max_instance_count field to google_cloud_run_v2_service resource. (#10558)
compute: added params.resourceManagerTags field to the google_compute_backend_service (#10575)
compute: added params.resource_manager_tags field to google_compute_backend_bucket (#10581)
compute: added short_name field to google_compute_organization_security_policy resource (#10572)
container: added cluster_autoscaling.default_compute_class_enabled field to google_container_cluster resource (#10552)
dialogflowcx: added enableMultiLanguageTraining, locked, answerFeedbackSettings, personalizationSettings, clientCertificateSettings, startPlaybook, satisfiesPzs, and satisfiesPzi to google_dialogflow_cx_agent resource. (#10543)
lustre: increased google_lustre_instance resource create timeout to 120m from 20m (#10570)
oracledatabase: enabled default_from_api flag for ODB Network related fields in google_oracle_database_cloud_vm_cluster resource (#10564)
sql: added feature to restore google_sql_database_instance using backupdr_backup (#10579)
ssm: made ca_pool argument optional for private instances that use Google-managed trusted certificates.tosecure_source_manager` resource (#10559)

BUG FIXES:

container: fixed issue where a failed creation on google_container_node_pool would result in an unrecoverable tainted state (#10586)
gkeonprem: set default_from_api in image field in google_vmware_node_pool (#10551)
workbench: made install-monitoring-agent metadata key settable for google_workbench_instance (#10589)

`v6.50.0`

Compare Source

NOTES:

bigtable: It is recommended for google_bigtable_table_iam_* resources to upgrade to v6.50.0 and switch from instance to instance_name in your configuration before upgrading to v7.X (#10746)

DEPRECATIONS:

bigtable: deprecated instance in favor of instance_name in google_bigtable_table_iam_* resources (#10746)

IMPROVEMENTS:

bigtable: added instance_name field to google_bigtable_table_iam_* resources (#10746)

`v6.49.3`

Compare Source

BUG FIXES:

compute: fixed a crash in google_compute_security_policy due to a changed API response for empty match.0.expr_options blocks (#10715)

`v6.49.2`

Compare Source

BUG FIXES:

container: fixed issue where a failed creation on google_container_node_pool would result in an unrecoverable tainted state (#24077)

`v6.49.1`

Compare Source

BUG FIXES:

secretmanager: fixed issue where upgrading to 6.49.0 would cause all google_secret_manager_secret_version resources to be recreated unless secret_data_wo_version was set (#10574)

`v6.49.0`

Compare Source

DEPRECATIONS:

beyondcorp: google_beyondcorp_application_iam_binding, google_beyondcorp_application_iam_member and google_beyondcorp_application_iam_policy IAM resources, and the google_beyondcorp_application_iam_policy datasource have been deprecated and will be removed in the upcoming major release (#10532)
tpu: deprecated google_tpu_tensorflow_versions data source. Use google_tpu_v2_runtime_versions instead. (#10514)

FEATURES:

New Data Source: google_artifact_registry_tag (#10531)
New Data Source: google_artifact_registry_tags (#10518)
New Resource: google_dialogflow_convesation_profile (#10533)

IMPROVEMENTS:

apikeys: added service_account_email to google_apikeys_key (#10538)
bigqueryreservation: added support for scaling_mode and max_slots properties on google_bigquery_reservation (beta) (#10509)
compute: added advanced_options_config field to google_compute_region_security_policy resource (#10498)
container: added eviction_soft, eviction_soft_grace_period, eviction_minimum_reclaim, eviction_max_pod_grace_period_seconds, max_parallel_image_pulls, transparent_hugepage_enabled, transparent_hugepage_defrag and min_node_cpus fields to node_config block of google_container_node_pool and google_container_cluster resources (#10522)
networkmanagement: added subnet and network fields to the google_network_management_vpc_flow_logs_config resource (beta) (#10506)
networkmanagement: added output-only field target_resource_state to the google_network_management_vpc_flow_logs_config resource (#10506)
resourcemanager: Added management_project and configured_capabilities fields to the google_folder resource. (#10525)

BUG FIXES:

cloud_tasks: correctly set name field to be required in google_cloud_tasks_queue resource (#10534)
clouddeploy: allowed sending start_time with default values in weekly_windows in google_clouddeploy_deploy_policy resource. start_time 00:00 means the policy will start at midnight. (#10530)
kms: skip_initial_version_creation field is no longer immutable in google_kms_crypto_key, but is still only settable at-creation (#10526)
netapp: fixed bug where google_netapp_volume.large_capacity was not properly marked as immutable, causing updates to fail (and making it impossible to change the field value after creation) (#10541)
networkconnectivity: added update support for linked_vpc_network in google_network_connectivity_spoke (#10507)

`v6.48.0`

Compare Source

FEATURES:

New Data Source: google_artifact_registry_package (#10490)
New Data Source: google_artifact_registry_repositories (#10494)
New Data Source: google_artifact_registry_version (#10468)
New Resource: google_dialogflow_cx_playbook (initial basic support, full features to follow in a later release) (#10485)
New Resource: google_vertexai_rag_engine_config (#10481)

IMPROVEMENTS:

backupdr: added log_retention_days field to google_backup_dr_backup_plan resource (#10463)
compute: added advanced_options_config field to google_compute_region_security_policy resource (#10498)
compute: added ha_policy field to google_compute_region_backend_service resource (#10493)
compute: added the ability to use global target forwarding rule for target_service field in google_compute_service_attachment resource (#10483)
container: added boot_disk to node_config in google_container_cluster and google_container_node_pool resources (#10457)
container: added node_config.kubelet_config.single_process_oom_kill field to google_container_node_pool and google_container_cluster resources (#10461)
container: added in-place update support for user_managed_keys_config field in google_container_cluster resource (#10475)
dataproc: added cluster_config.cluster_tier field to google_dataproc_cluster resource (#10453)
gkeonprem: added enable_advanced_cluster field to google_gkeonprem_vmware_admin_cluster resource (#10496)
memorystore: added allow_fewer_zones_deployment field to google_memorystore_instance resource (#10462)
sql: added field psa_write_endpoint flag to google_sql_database_instance resource (#10467)
sql: added network_attachment_uri field to google_sql_database_instance resource (#10484)
sql: added node_count field to sql_database_instance resource, and added new value READ_POOL_INSTANCE enum to instance_type field of sql_database_instance resource (#10487)
storagetransfer: added federated_identity_config to google_storage_transfer_job resource (#10489)
storagetransfer: added transfer_spec.aws_s3_data_source.cloudfront_domain field to google_storage_transfer_job resource (#10479)

BUG FIXES:

accesscontextmanager: made scopes field as immutable for access_context_manager_access_policy resource (#10478)
bigquery: fixed handling of non-legacy roles for access block inside google_bigquery_dataset resource (#10488)
container: fixed an issue causing errors during updates to node_config to be suppressed in google_container_cluster and google_container_node_pool resources (#10459)

`v6.47.0`

Compare Source

DEPRECATIONS:

compute: deprecated network_self_link field in google_compute_subnetworks data source. Use network_name instead. (#10423)
resourcemanager: deprecated project field in google_service_account_key data source. The field is non functional and can safely be removed from your configuration. (#10442)

FEATURES:

New Data Source: google_artifact_registry_docker_images (#10422)
New Resource: google_apigee_security_action (#10407)
New Resource: google_developer_connect_insights_config (#10431)
New Resource: google_discovery_engine_cmek_config (#10416)
New Resource: google_iam_workforce_pool_iam_binding (#10426)
New Resource: google_iam_workforce_pool_iam_member (#10426)
New Resource: google_iam_workforce_pool_iam_policy (#10426)

IMPROVEMENTS:

backupdr: added backup_retention_inheritance field to google_backup_dr_backup_vault resource (#10446)
bigqueryanalyticshub: added commercial_info and delete_commercial fields in google_bigquery_analytics_hub_listing resource (#10415)
bigqueryanalyticshub: added discovery_type field to google_bigquery_analytics_hub_data_exchange resource (#10435)
bigqueryanalyticshub: added state, discovery_type, and allow_only_metadata_sharing fields to google_bigquery_analytics_hub_listing resource (#10435)
cloudfunction: added automatic_update_policy and on_deploy_update_policy to google_cloudfunctions_function resource (#10448)
cloudrunv2: added gpu_zonal_redundancy_disabled field to google_cloud_run_v2_job resource. (#10440)
compute: added labels field to google_compute_storage_pool resource (#10425)
compute: added network_name field to google_compute_subnetworks data source (#10423)
container: added ip_allocation_policy.additional_ip_ranges_config field to google_container_cluster resource (#10451)
container: added network_config.additional_node_network_configs.subnetwork field to google_container_node_pool resource (#10451)
container: added addons_config.lustre_csi_driver_config field to google_container_cluster resource (#10413)
container: added support for rbac_binding_config in google_container_cluster (#10441)
dataproc: added cluster_config.cluster_tier field to google_dataproc_cluster resource (#10453)
looker: added LOOKER_CORE_TRIAL_STANDARD, LOOKER_CORE_TRIAL_ENTERPRISE, and LOOKER_CORE_TRIAL_EMBED editions to google_looker_instance resource. (#10427)
managedkafka: added tls_config field to google_managed_kafka_cluster resource (#10420)
memorystore: added allow_fewer_zones_deployment field to google_redis_cluster resource (#10434)
storage: added deletion_policy field to google_storage_bucket_object resource (#10445)
vertexai: added custom_delete field to google_vertex_ai_endpoint_with_model_garden_deployment resource (#10430)

BUG FIXES:

bigquery: fixed a crash in google_bigquery_table when configured as an external table with parquet_options (#10438)
cloudrunv2: fixed an issue where manual_instance_count was unable to set to 0 in google_cloud_run_v2_worker_pool. (#10433)
composer: fixed updates failing for recovery_config with explicitly disabled scheduled snapshots (#10405)
iap: fixed an issue where deleting google_iap_settings without setting GOOGLE_PROJECT incorrectly failed (#10410)
storage: removed client-side GCS name validations for google_storage_bucket (#10406)

`v6.46.0`

Compare Source

FEATURES:

New Data Source: google_storage_insights_dataset_config (#10402)
New Resource: google_apigee_api_product (#10378)
New Resource: google_discovery_engine_recommendation_engine (#10394)
New Resource: google_oracle_database_odb_network (#10383)
New Resource: google_oracle_database_odb_subnet (#10396)
New Resource: google_storage_insights_dataset_config (#10401)

IMPROVEMENTS:

compute: added params.resourceManagerTags field to the google_compute_router (#10392)
compute: added in-place update support for provisioned_iops, provisioned_throughput, and access_mode fields in google_compute_region_disk resource (#10397)
dataproc: added authentication_config field to google_dataproc_batch and google_dataproc_session_template resource (#10375)
dataproc: added idle_ttl field to google_dataproc_session_template resource (#10386)
networkconnectivity: added field allocation_options to resource google_network_connectivity_internal_range (#10390)
oracledatabase: added odb_network and odb_subnet fields, and made network and cidr fields optional in google_oracle_database_autonomous_database resource (#10389)
oracledatabase: added odb_network, odb_subnet and backup_odb_subnet fields, and made network, cidr and backup_subnet_cidr fields optional in google_oracle_database_cloud_vm_cluster resource (#10391)
secretmanager: added tags field to google_secret_manager_regional_secret to allow setting tags for regional_secrets at creation time (#10400)
securesourcemanager: added deletion_policy field to google_secure_source_manager_repository resource (#10395)
workbench: added enable_managed_euc field to google_workbench_instance resource. (#10388)
workbench: added reservation_affinity field to google_workbench_instance resource. (#10384)

BUG FIXES:

composer: fixed updates failing for google_composer_environment recovery_config with explicitly disabled scheduled snapshots (#10405)
datastore: fixed a permadiff with google_datastream_connection_profile's create_without_validation field (#10403)
memorystore: fixed bug to allow google_memorystore_instance to be used with no provider default region or with a location that doesn't match the provider default region. (#10380)
networkconnectivity: fixed instances[].ip_address & instances[].virtual_machine fields in linked_router_appliance_instances block being incorrectly treated as immutable for google_network_connectivity_spoke resource (#10399)
resourcemanager: updated service account creation to prevent failures due to eventual consistency in google_service_account resource (#10371)
sql: fixed a provider crash when importing google_sql_database resource (#10374)

`v6.45.0`

Compare Source

DEPRECATIONS:

gemini: deprecated the disable_web_grounding field in the google_gemini_gemini_gcp_enablement_setting resource (#10338)

FEATURES:

New Resource: google_bigtable_schema_bundle (#10342)
New Resource: google_compute_preview_feature (#10364)
New Resource: google_dialogflow_cx_generator (#10348)
New Resource: google_model_armor_floorsetting (#10359)
New Resource: google_vertex_ai_endpoint_with_model_garden_deployment (#10365)

IMPROVEMENTS:

accesscontextmanager: added name to google_access_context_manager_gcp_user_access_binding resource (#10370)
bigquery: added ignore_auto_generated_schema virtual field to google_bigquery_table resource to ignore server-added columns in the schema field (#10366)
compute: added params.resourceManagerTags field to the google_compute_subnetwork (#10357)
compute: added mirrorPercent field to requestMirrorPolicy in defaultRouteAction, pathMatchers[].defaultRouteAction, pathMatchers[].pathRules[].routeAction, and pathMatchers[].routeRules[].routeAction to google_compute_region_url_map resource (#10351)
compute: added rule.match.src_secure_tags, rule.target_secure_tags, predefined_rules.match.src_secure_tags and predefined_rules.target_secure_tags fields to google_compute_firewall_policy_with_rules resource (#10367)
dataproc: added cluster_config.security_config.identity_config field to google_dataproc_cluster resource (#10352)
dataproc: updated cluster_config.gce_cluster_config.metadata field to be computed in google_dataproc_cluster resource (#10352)
dialogflowcx: added flexible support to google_dialogflow_cx_webhook resource. (#10339)
gemini: added web_grounding_type field to google_gemini_gemini_gcp_enablement_setting resource (#10338)
netapp: added in-place update support for allow_auto_tiering field in google_netapp_storage_pool resource (#10353)
secretmanager: added tags field to google_secret_manager_secret to allow setting tags for secrets at creation time (#10360)
securesourcemanager: added deletion_policy field to google_secure_source_manager_instance resource (#10349)
sql: added network_attachment_uri field to google_sql_database_instance (#10354)
vmwareengine: added GOOGLE_CLOUD_NETAPP_VOLUMES peering type to resource google_vmwareengine_network_peering (#10363)

BUG FIXES:

modelarmor: fixed conflicting field validation for filter_config.sdp_settings on google_model_armor_template (#10361)
resourcemanager: updated service account creation to prevent failures due to eventual consistency in google_service_account resource (#10371)

`v6.44.0`

Compare Source

FEATURES:

New Data Source: google_compute_network_attachment (#10336)
New Data Source: google_firestore_document (#10321)
New Resource: google_backup_dr_service_config (#10320)
New Resource: google_bigquery_analytics_hub_data_exchange_subscription (#10328)

IMPROVEMENTS:

apigee: added access_logging_config field to google_apigee_instance resource (#10303)
apigee: marked access_logging_config field immutable in google_apigee_instance resource (#10337)
backupdr: added in-place update support for google_backup_dr_backup_plan resource (#10312)
bigqueryanalyticshub: added routine field to google_bigquery_analytics_hub_listing resource (#10327)
compute: added params.resource_manager_tags field to google_compute_firewall resource (#10304)
compute: added aggregate_reservation.vm_family, aggregate_reservation.reserved_resources.accelerator.accelerator_count, aggregate_reservation.reserved_resources.accelerator.accelerator_type and aggregate_reservation.workload_type fields to google_future_reservation resource (#10317)
compute: added application_aware_interconnect and aai_enabled fields to google_compute_interconnect resource (#10333)
compute: added load_balancing_scheme field to google_compute_backend_bucket resource (#10301)
compute: added provisioned_iops and provisioned_throughput fields to google_compute_region_disk resource (#10319)
compute: added request_body_inspection_size field to google_compute_security_policy resource (#10318)
compute: added specific_reservation.instance_properties.maintenance_interval, share_settings.projects and enable_emergent_maintenance fields to google_compute_reservation resource (#10329)
firestore: added tags field to google_firestore_database resource (#10335)
securesourcemanager: added in-place update support for description field in google_secure_source_manager_repository resource (#10325)
storage: added force_empty_content_type field to google_storage_bucket_object resource (#10334)

BUG FIXES:

artifactregistry: fixed an issue where changes to cleanup_policies were not being applied correctly in google_artifact_registry_repository resource (#10324)
firebasehosting: skipped deletion of google_firebase_hosting_site resource of type DEFAULT_SITE (#10305)
iambeta: fixed perma-diff for jwks_json field when GCP normalizes JSON formatting in google_iam_workload_identity_pool_provider resource (#10306)

`v6.43.0`

Compare Source

DEPRECATIONS:

iap: deprecated google_iap_client and google_iap_brand (#10269)

FEATURES:

New Data Source: google_network_management_connectivity_test_run (#10300)
New Data Source: google_redis_cluster (#10273)
New Resource: google_contact_center_insights_analysis_rule (#10272)
New Resource: google_model_armor_template (#10270)

IMPROVEMENTS:

bigquery: added ignore_schema_changes virtual field to google_bigquery_table resource. Only dataPolicies field is supported in ignore_schema_changes for now. (#10299)
billing: added currency_code to google_billing_account data source (#10284)
compute: added params.resource_manager_tags field to google_compute_network resource (#10266)
compute: added load_balancing_scheme field to google_compute_backend_bucket resource (#10301)
compute: added params.resource_manager_tags field to google_compute_route resource (#10293)
compute: added update_strategy field to google_compute_network_peering resource (#10275)
container: added secret_manager_config.rotation_config field to google_container_cluster resource (#10291)
container: added anonymous_authentication_config field to google_container_cluster resource (#10295)
dataplex: added suspended field to google_dataplex_datascan resource (#10276)
discoveryengine: added enable_table_annotation, enable_image_annotation, structured_content_types, exclude_html_elements, exclude_html_classes and exclude_html_ids fields to layout_parsing_config of google_discovery_engine_data_store resource (#10288)
discoveryengine: added kms_key_name field to google_discovery_engine_data_store resource (#10281)
memorystore: added managed_server_ca field to google_memorystore_instance resource (#10268)
secretmanager: added deletion_protection field to google_secret_manager_secret resource to optionally make deleting them require an explicit intent (#10289)
secretmanager: added fetch_secret_data to google_secret_manager_secret_version to optionally skip fetching the secret data (#10282)

BUG FIXES:

compute: fixed match field in google_compute_router_route_policy resource to be marked as required (#10298)
compute: fixed an issue with bgp_always_compare_med in google_compute_network where it was unable to be set from true to false (#10286)
compute: made no replication status in google_compute_disk_async_replication a retryable error (#10296)
gkeonprem: fixed type of load_balancer.0.bgp_lb_config.0.address_pools.0.manual_assign in google_gkeonprem_bare_metal_cluster, making it a boolean instead of a string (#10283)
integrationconnectors: removed validation from auth configs in google_integration_connectors_connection resource (#10267)

`v6.42.0`

Compare Source

FEATURES:

New Resource: google_apihub_plugin_instance (#10225)
New Resource: google_apihub_plugin (#10254)
New Resource: google_compute_wire_group (#10255)
New Resource: google_dialogflow_cx_generative_settings (#10244)

IMPROVEMENTS:

cloudidentity: added create_ignore_already_exists field to google_cloud_identity_group_membership resource (#10229)
cloudkms: added etag field to google_kms_autokey_config resource (#10227)
cloudrunv2: added node_selector field to google_cloud_run_v2_job resource (#10234)
compute: added access_mode field to google_compute_region_disk resource (#10256)
compute: added match.src_secure_tags and target_secure_tags fields to google_compute_firewall_policy_rule resource (#10261)
compute: added params.resource_manager_tags field to google_compute_network resource (#10266)
compute: added policy_type field to google_compute_network_firewall_policy, google_compute_network_firewall_policy_with_rules, google_compute_region_network_firewall_policy, and google_compute_region_network_firewall_policy_with_rules resources (#10239)
compute: added resource_policies.workload_policy field to google_compute_instance_group_manager resource (#10265)
container: added confidential_nodes.confidential_instance_type field to google_container_cluster resource (#10257)
container: added gke_auto_upgrade_config field to google_container_cluster resource (#10258)
container: added node_config.confidential_nodes.confidential_instance_type field to google_container_node_pool resource (#10257)
firestore: revoked deprecation of deletion_policy field in google_firestore_database resource (#10251)
iam_beta: added attestation_rules field to google_iam_workload_identity_pool_managed_identity resource (#10250)
memorystore: added kms_key field to google_memorystore_instance resource (#10246)
redis: added effective_reserved_ip_range field to google_redis_instance resource (#10235)
secretmanager: added deletion_protection field to google_secret_manager_regional_secret resource (#10247)
spanner: added encryption_config.kms_key_name field to google_spanner_backup_schedule resource (#10230)
storage: added allow_cross_org_vpcs and allow_all_service_agent_access fields to google_storage_bucket resource (#10252)

BUG FIXES:

bigqueryanalyticshub: supported in-place update for log_linked_dataset_query_user_email in google_bigquery_analytics_hub_listing and google_bigquery_analytics_hub_data_exchange resources. Once enabled, this feature cannot be disabled. (#10241)
bigquerydatatransfer: stopped surfacing persistent warnings recommending write-only field when using secret_access_key on google_bigquery_data_transfer_config (#10263)
memorystore: added the ability to set the replica_count field in google_memorystore_instance resource to 0 (#10259)
monitoring: made description and displayName optional and mutable in google_monitoring_metric_descriptor resource (#10233)
redis: fixed reserved_ip_range field not being populated for google_redis_instance data source (#10235)
secretmanager: stopped surfacing persistent warnings recommending write-only field when using secret_data on google_secret_manager_secret_version (#10263)
sql: stopped surfacing persistent warnings recommending write-only field when using password on google_sql_user (#10263)
workbench: added support for setting serial-port-logging-enable key in metadata field in google_workbench_instance resource (#10253)

`v6.41.0`

Compare Source

BREAKING CHANGES:

lustre: added per_unit_storage_throughput as a required field to google_lustre_instance resource in response to a change in the API surface (#10211)

FEATURES:

New Data Source: google_dataplex_data_quality_rules (#10189)
New Resource: google_apihub_plugin_instance (#10225)
New Resource: google_contact_center_insights_view (#10192)
New Resource: google_dataproc_session_template (#10204)
New Resource: google_dialogflow_encryption_spec (#10220)

IMPROVEMENTS:

alloydb: added network_config.allocated_ip_range_override field to google_alloydb_instance resource (#10216)
bigqueryanalyticshub: added log_linked_dataset_query_user_email field to google_bigquery_analytics_hub_data_exchange resource (#10200)
bigqueryanalyticshub: added log_linked_dataset_query_user_email field to google_bigquery_analytics_hub_listing_subscription resource (#10202)
bigqueryanalyticshub: added pubsub_topic field to google_bigquery_analytics_hub_listing resource (#10219)
bigtable: added row_key_schema to google_bigtable_table resource (#10222)
cloudasset: added support for universe domain handling for google_cloud_asset_resources_search_all datasource. (#10210)
cloudquotas: added inherited and inherited_from fields to google_cloud_quotas_quota_adjuster_settings resource (#10223)
compute: added CROSS_SITE_NETWORK option to requested_features field in google_compute_interconnect resource (#10207)
compute: added TLS_JA4_FINGERPRINT option to enforce_on_key field in google_compute_region_security_policy, google_compute_security_policy, and google_compute_security_policy_rule resources (#10199)
compute: added send_propagated_connection_limit_if_zero to google_compute_service_attachment to resolve an issue where propagated_connection_limit were not working for 0 value previously. Now setting send_propagated_connection_limit_if_zero = true will send propagated_connection_limit = 0 when it's unset or set to 0. (#10213)
compute: added wire_groups field to google_compute_interconnect resource (#10207)
container: added performance_monitoring_unit in node_config/advanced_machine_features to 'google_container_cluster' resource (#10191)
container: added release_channel_upgrade_target_version to google_container_engine_versions data source (#10221)
dataplex: added support for discovery scan in google_dataplex_datascan resource (#10205)
provider: added support for adc impersonation in different universes (#10212)
storage: added source_md5hash field in google_storage_bucket_object (#10196)

BUG FIXES:

compute: fixed google_compute_firewall_policy_rule staying disabled after apply with disabled = false (#10215)
compute: marked name in google_compute_node_group, google_compute_node_template as required as it was impossible to create successfully without a value (#10224)
sql: fixed an error in updating connection_pool_config in google_sql_database_instance (#10218)
tags: fixed perma-diff for parent field in google_tags_location_tag_binding resource (#10217)

Configuration

📅 Schedule: Branch creation - Monday through Friday ( * * * * 1-5 ) in timezone Europe/London, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about these updates again.

[ ] If you want to rebase/retry this MR, check this box

This MR has been generated by Renovate Bot.

Edited Nov 18, 2025 by uis-devops-renovatebot

fix(deps): update google-cloud-providers to v7 (major)

Release Notes

Configuration

Merge request reports