FEATURES:
- New Resource:
google_database_migration_service_private_connection
(#16104) - New Resource:
google_edgecontainer_cluster
(#16055) - New Resource:
google_edgecontainer_node_pool
(#16055) - New Resource:
google_edgecontainer_vpn_connection
(#16055) - New Resource:
google_firebase_hosting_custom_domain
(#16062) - New Resource:
google_gke_hub_fleet
(#16072)
IMPROVEMENTS:
- compute: added
device_name
field toscratch_disk
block ofgoogle_compute_instance
resource (#16049) - container: added
node_config.linux_node_config.cgroup_mode
field togoogle_container_node_pool
(#16103) - databasemigrationservice: added support for
oracle
profiles togoogle_database_migration_service_connection_profile
(#16087) - firestore: added
api_scope
field togoogle_firestore_index
resource (#16085) - gkehub: added
location
field togoogle_gke_hub_membership_iam_*
resources (#16105) - gkehub: added
location
field togoogle_gke_hub_membership
resource (#16105) - gkeonprem: added update-in-place support for
vcenter
fields ingoogle_gkeonprem_vmware_cluster
(#16073) - identityplatform: added
sms_region_config
to the resourcegoogle_identity_platform_config
(#16044)
BUG FIXES:
- dns: fixed record set configuration parsing in
google_dns_record_set
(#16042) - provider: fixed an issue where the plugin-framework implementation of the provider handled default region values that were self-links differently to the SDK implementation. This issue is not believed to have affected users because of downstream functions that turn self links into region names. (#16100)
- provider: fixed a bug that caused update requests to be sent for resources with a
terraform_labels
field even if no fields were updated (#16111)
KNOWN ISSUES:
- Updating some resources post-upgrade results in an error like "The update_mask in the Update{{Resource}}Request must be set". This should be resolved in
5.1.0
, see hashicorp#16091 for details.
Terraform Google Provider 5.0.0 Upgrade Guide
NOTES:
- provider: some provider default values are now shown at plan-time (#15707)
LABELS REWORK:
- provider: default labels configured on the provider through the new
default_labels
field are now supported. The default labels configured on the provider will be applied to all of the resources with standardlabels
field. - provider: resources with labels - three label-related fields are now in all of the resources with standard
labels
field.labels
field is non-authoritative and only manages the labels defined by the users on the resource through Terraform. The new output-onlyterraform_labels
field merges the labels defined by the users on the resource through Terraform and the default labels configured on the provider. The new output-onlyeffective_labels
field lists all of labels present on the resource in GCP, including the labels configured through Terraform, the system, and other clients. - provider: resources with annotations - two annotation-related fields are now in all of the resources with standard
annotations
field. Theannotations
field is non-authoritative and only manages the annotations defined by the users on the resource through Terraform. The new output-onlyeffective_annotations
field lists all of annotations present on the resource in GCP, including the annotations configured through Terraform, the system, and other clients. - provider: datasources with labels - three fields
labels
,terraform_labels
, andeffective_labels
are now present in most resource-based datasources. All three fields have all of labels present on the resource in GCP including the labels configured through Terraform, the system, and other clients, equivalent toeffective_labels
on the resource. - provider: datasources with annotations - both
annotations
andeffective_annotations
are now present in most resource-based datasources. Both fields have all of annotations present on the resource in GCP including the annotations configured through Terraform, the system, and other clients, equivalent toeffective_annotations
on the resource.
BREAKING CHANGES:
- provider: added provider-level validation so these fields are not set as empty strings in a user's config:
credentials
,access_token
,impersonate_service_account
,project
,billing_project
,region
,zone
(#15968) - provider: fixed many import functions throughout the provider that matched a subset of the provided input when possible. Now, the GCP resource id supplied to "terraform import" must match exactly. (#15977)
- provider: made data sources return errors on 404s when applicable instead of silently failing (#15799)
- provider: made empty strings in the provider configuration block no longer be ignored when configuring the provider(#15968)
- accesscontextmanager: changed multiple array fields to sets where appropriate to prevent duplicates and fix diffs caused by server side reordering. (#15756)
- bigquery: added more input validations for
google_bigquery_table
schema (#15338) - bigquery: made
routine_type
required forgoogle_bigquery_routine
(#15517) - cloudfunction2: made
location
required ongoogle_cloudfunctions2_function
(#15830) - cloudiot: removed deprecated datasource
google_cloudiot_registry_iam_policy
(#15739) - cloudiot: removed deprecated resource
google_cloudiot_device
(#15739) - cloudiot: removed deprecated resource
google_cloudiot_registry
(#15739) - cloudiot: removed deprecated resource
google_cloudiot_registry_iam_*
(#15739) - cloudrunv2: removed deprecated field
liveness_probe.tcp_socket
fromgoogle_cloud_run_v2_service
resource. (#15430) - cloudrunv2: removed deprecated fields
startup_probe
andliveness_probe
fromgoogle_cloud_run_v2_job
resource. (#15430) - cloudrunv2: retyped
volumes.cloud_sql_instance.instances
to SET from ARRAY forgoogle_cloud_run_v2_service
(#15831) - compute: made
google_compute_node_group
require one ofinitial_size
orautoscaling_policy
fields configured upon resource creation (#16006) - compute: made
size
ingoogle_compute_node_group
an output only field. (#16006) - compute: removed default value for
rule.rate_limit_options.encorce_on_key
on resourcegoogle_compute_security_policy
(#15681) - compute: retyped
consumer_accept_lists
to a SET from an ARRAY type forgoogle_compute_service_attachment
(#15985) - container: added
deletion_protection
togoogle_container_cluster
which is enabled totrue
by default. When enabled, this field prevents Terraform from deleting the resource. (#16013) - container: changed
management.auto_repair
andmanagement.auto_upgrade
defaults to true ingoogle_container_node_pool
(#15931) - container: changed
networking_mode
default toVPC_NATIVE
for newly createdgoogle_container_cluster
resources (#6402) - container: removed
enable_binary_authorization
ingoogle_container_cluster
(#15868) - container: removed default for
logging_variant
ingoogle_container_node_pool
(#15931) - container: removed default value in
network_policy.provider
ingoogle_container_cluster
(#15920) - container: removed the behaviour that
google_container_cluster
will delete the cluster if it's created in an error state. Instead, it will mark the cluster as tainted, allowing manual inspection and intervention. To proceed with deletion, run anotherterraform apply
. (#15887) - container: reworked the
taint
field ingoogle_container_cluster
andgoogle_container_node_pool
to only manage a subset of taint keys based on those already in state. Most existing resources are unaffected, unless they usesandbox_config
- see upgrade guide for details. (#15959) - dataplex: removed
data_profile_result
anddata_quality_result
fromgoogle_dataplex_scan
(#15505) - firebase: changed
deletion_policy
default toDELETE
forgoogle_firebase_web_app
. (#15406) - firebase: removed
google_firebase_project_location
(#15764) - gameservices: removed Terraform support for
gameservices
(#15558) - logging: changed the default value of
unique_writer_identity
fromfalse
totrue
ingoogle_logging_project_sink
. (#15743) - logging: made
growth_factor
,num_finite_buckets
, andscale
required forgoogle_logging_metric
(#15680) - looker: removed
LOOKER_MODELER
as a possible value ingoogle_looker_instance.platform_edition
(#15956) - monitoring: fixed perma-diffs in
google_monitoring_dashboard.dashboard_json
by suppressing values returned by the API that are not in configuration (#16014) - monitoring: made
labels
immutable ingoogle_monitoring_metric_descriptor
(#15988) - privateca: removed deprecated fields
config_values
,pem_certificates
fromgoogle_privateca_certificate
(#15537) - secretmanager: removed
automatic
field ingoogle_secret_manager_secret
resource (#15859) - servicenetworking: used Create instead of Patch to create
google_service_networking_connection
(#15761) - servicenetworking: used the
deleteConnection
method to delete the resourcegoogle_service_networking_connection
(#15934)
FEATURES:
- New Resource:
google_scc_folder_custom_module
(#15979) - New Resource:
google_scc_organization_custom_module
(#16012)
IMPROVEMENTS:
- alloydb: added additional fields to
google_alloydb_instance
andgoogle_alloydb_backup
(#15973) - artifactregistry: added support for remote APT and YUM repositories to
google_artifact_registry_repository
(#15973) - baremetal: made delete a noop for the resource
google_bare_metal_admin_cluster
to better align with actual behavior (#16010) - bigtable: added
state
output attribute togoogle_bigtable_instance
clusters (#15961) - compute: made
google_compute_node_group
mutable (#16006) - container: added the
effective_taints
attribute togoogle_container_cluster
andgoogle_container_node_pool
, outputting all known taint values (#15959) - container: allowed setting
addons_config.gcs_fuse_csi_driver_config
ongoogle_container_cluster
withenable_autopilot: true
. (#15996) - containeraws: added
binary_authorization
togoogle_container_aws_cluster
(#15989) - containeraws: added
update_settings
togoogle_container_aws_node_pool
(#15989) - google_compute_instance (#15933)
- osconfig: added
week_day_of_month.day_offset
field to thegoogle_os_config_patch_deployment
resource (#15997) - secretmanager: allowed update for
rotation.rotation_period
field ingoogle_secret_manager_secret
resource (#15952) - sql: added
preferred_zone
field togoogle_sql_database_instance
resource (#15971) - storagetransfer: added
event_stream
field togoogle_storage_transfer_job
resource (#16004)
BUG FIXES:
- bigquery: fixed diff suppression in
external_data_configuration.connection_id
ingoogle_bigquery_table
(#15983) - bigquery: fixed view and materialized view creation when schema is specified in
google_bigquery_table
(#15442) - bigtable: avoided re-creation of
google_bigtable_instance
when cluster is still updating and storage type changed (#15961) - bigtable: fixed a bug where dynamically created clusters would incorrectly run into duplication error in
google_bigtable_instance
(#15940) - compute: removed the default value for field
reconcile_connections
in resourcegoogle_compute_service_attachment
, the field will now default to a value returned by the API when not set in configuration (#15919) - compute: replaced incorrect default value for
enable_endpoint_independent_mapping
with APIs default in resourcegoogle_compute_router_nat
(#15478) - container: fixed an issue in
google_container_node_pool
where emptylinux_node_config.sysctls
would crash the provider (#15941) - dataflow: fixed issue causing error message when max_workers and num_workers were supplied via parameters in
google_dataflow_flex_template_job
(#15976) - dataflow: fixed max_workers read value permanently displaying as 0 in
google_dataflow_flex_template_job
(#15976) - dataflow: fixed permadiff when SdkPipeline values are supplied via parameters in
google_dataflow_flex_template_job
(#15976) - identityplayform: fixed a potential perma-diff for
sign_in
ingoogle_identity_platform_config
resource (#15907) - firebase: made
google_firebase_rules.release
immutable (#15989) - monitoring: fixed an issue where
metadata
was not able to be updated ingoogle_monitoring_metric_descriptor
(#16014) - monitoring: fixed bug where importing
google_monitoring_notification_channel
failed when no default project was supplied in provider configuration or through environment variables (#15929) - secretmanager: fixed an issue in
google_secretmanager_secret
where replacingreplication.automatic
withreplication.auto
would destroy and recreate the resource (#15922) - sql: fixed diffs when re-ordering existing
database_flags
ingoogle_sql_database_instance
(#15678) - tags: fixed import failure on
google_tags_tag_binding
(#16005) - vertexai: made
contents_delta_uri
a required field ingoogle_vertex_ai_index
as omitting it would result in an error (#15992)
DEPRECATIONS:
- alloydb: deprecated
network
field in favor ofnetwork_config
ongoogle_alloydb_cluster
. (#15881) - identityplayform: deprecated
google_identity_platform_project_default_config
resource. Usegoogle_identity_platform_config
resource instead (#15876)
FEATURES:
- New Data Source:
google_certificate_manager_certificate_map
(#15906) - New Resource:
google_artifact_registry_vpcsc_config
(#15840) - New Resource:
google_dialogflow_cx_security_settings
(#15886) - New Resource:
google_gke_backup_restore_plan
(#15858) - New Resource:
google_edgenetwork_network
(#15891) - New Resource:
google_edgenetwork_subnet
(#15891)
IMPROVEMENTS:
- alloydb: added
network_config
field to support named IP ranges ongoogle_alloydb_cluster
. (#15881) - cloudrunv2: added fields
network_interfaces
to resourcegoogle_cloud_run_v2_job
to support Direct VPC egress. (#15870) - cloudrunv2: added fields
network_interfaces
to resourcegoogle_cloud_run_v2_service
to support Direct VPC egress. (#15870) - compute: updated the
autoscaling_policy.mode
to acceptONLY_SCALE_OUT
ongoogle_compute_autoscaler
(#15890) - compute: added
server_tls_policy
argument togoogle_compute_target_https_proxy
resource (#15845) - compute: added
member
attribute togoogle_compute_default_service_account
datasource (#15897) - compute: added output field
internal_ipv6_prefix
togoogle_compute_subnetwork
resource (#15892) - container: added
node_config.fast_socket
field togoogle_container_node_pool
(#15872) - container: promoted
node_pool_auto_config
field ingoogle_container_cluster
from beta provider to GA provider. (#15884) - container: promoted field
placement_policy.tpu_topology
in resourcegoogle_container_node_pool
to GA (#15869) - containeraws: added support for
auto_repair
ingoogle_container_aws_node_pool
(#15862) - containerazure: added support for
auto_repair
ingoogle_container_azure_node_pool
(#15862) - filestore: added support for the
"ZONAL"
value totier
ingoogle_filestore_instance
(#15889) - firestore: added
delete_protection_state
field togoogle_firestore_database
resource. (#15878) - identityplatform: added
sign-in
field togoogle_identity_platform_config
resource (#15876) - networkconnectivity: added support for
linked_vpc_network
ingoogle_network_connectivity_spoke
(#15862) - networkservices: increased default timeout for
google_network_services_edge_cache_origin
to 120m from 60m (#15855) - networkservices: increased default timeout for
google_network_services_edge_cache_service
to 60m from 30m (#15861) - secretmanager: added
is_secret_data_base64
field togoogle_secret_manager_secret_version
resource (#15853)
BUG FIXES:
- bigquery: updated documentation for
google_bigquery_table.time_partitioning.expiration_ms
(#15873) - bigtable: added a read timeout to
google_bigtable_instance
(#15856) - bigtable: improved regional reliability when instance overlaps a downed region in the resource
google_bigtable_instance
(#15900) - eventarc: resolved permadiff on
google_eventarc_trigger.event_data_content_type
by defaulting to the value returned by the API if not set in the configuration. (#15862) - identityplatform: fixed a potential perma-diff for
sign_in
ingoogle_identity_platform_config
resource (#15907) - monitoring: fixed scaling issues when deploying terraform changes with many
google_monitoring_monitored_project
(#15828) - monitoring: fixed validation of
service_id
ongoogle_monitoring_custom_service
andslo_id
ongoogle_monitoring_slo
(#15841) - osconfig: fixed no more than one setting is allowed under
patch_config.windows_update
ongoogle_os_config_patch_deployment
(#15904) - provider: addressed a bug where configuring the provider with unknown values did not behave as expected (#15898)
- provider: fixed the provider so it resumes ignoring empty strings set in the
provider
block (#15844) - secretmanager: replaced the panic block with an error in import function of
google_secret_manager_secret_version
resource (#15880) - secretmanager: fixed an issue in
google_secretmanager_secret
where replacingreplication.automatic
withreplication.auto
would destroy and recreate the resource (#15922)
DEPRECATIONS:
- secretmanager: deprecated
automatic
field ongoogle_secret_manager_secret
. Useauto
instead. (#15793)
FEATURES:
- New Resource:
google_biglake_table
(#15736) - New Resource:
google_data_pipeline_pipeline
(#15785) - New Resource:
google_dialogflow_cx_test_case
(#15814) - New Resource:
google_storage_insights_report_config
(#15819) - New Resource:
google_apigee_target_server
(#15751)
IMPROVEMENTS:
- gkehub: added
labels
fields togoogle_gke_hub_membership_binding
resource (#15753) - bigquery: added
allow_non_incremental_definition
togoogle_bigquery_table
resource (#15813) - bigquery: added
table_constraints
field togoogle_bigquery_table
resource (#15815) - compute: added internal IPV6 support for
google_compute_address
andgoogle_compute_instance
resources (#15780) - containerattached: added
binary_authorization
field togoogle_container_attached_cluster
resource (#15822) - containeraws: added update support for
config.instance_type
incontainer_aws_node_pool
(#15862) - firestore: added
point_in_time_recovery_enablement
field togoogle_firestore_database
resource (#15795) - firestore: added
update_time
anduid
fields togoogle_firestore_database
resource (#15823) - gkehub2: added
labels
,namespace_labels
fields togoogle_gke_hub_namespace
resource (#15732) - gkehub: added
labels
fields togoogle_gke_hub_scope
resource (#15801) - gkeonprem: added
upgrade_policy
andbinary_authorization
fields ingoogle_gkeonprem_bare_metal_cluster
resource (beta) (#15765) - gkeonprem: added
upgrade_policy
field ingoogle_gkeonprem_vmware_cluster
resource (beta) (#15765) - secretmanager: added
auto
field togoogle_secret_manager_secret
resource (#15793) - secretmanager: added
deletion_policy
field togoogle_secret_manager_secret_version
resource (#15818) - storage: supported in-place update for
autoclass
field ingoogle_storage_bucket
resource (#15782) - vertexai: added
public_endpoint_enabled
togoogle_vertex_ai_index_endpoint
(#15741)
BUG FIXES:
- bigquerydatatransfer: fixed a bug when importing
location
ofgoogle_bigquery_data_transfer_config
(#15734) - container: fixed concurrent ops' quota-error to be retriable in
google_container_node_pool
(#15820) - eventarc: resolved permadiff on
event_content_type
ineventarc_trigger
, the field will now default to a value returned by the API when not set in configuration (#15862) - pipeline: fixed issue where certain
google_dataflow_job
instances would crash the provider (#15821) - provider: fixed a bug where
user_project_override
would not be not used correctly when provisioning resources implemented using the plugin framework. Currently there are no resources implemented this way, so no-one should have been impacted. (#15776) - pubsub: fixed issue where setting
no_wrapper.write_metadata
to false wasn't passed to the API forgoogle_pubsub_subscription
(#15758) - serviceaccount: added retries for reads after
google_service_account
creation if 403 Forbidden is returned. (#15760) - storage: fixed the failure in building a plan when a
content
value is expected ongoogle_storage_bucket_object_content
(#15735)
IMPROVEMENTS:
- compute: added in-place update support for field
enable_proxy_protocol
ingoogle_compute_service_attachment
resource (#15716) - compute: added in-place update support for field
reconcile_connections
ingoogle_compute_service_attachment
resource (#15706) - compute: added in-place update support for field
allowPscGlobalAccess
ingoogle_compute_forwarding_rule
resource (#15691) - compute: promoted
google_compute_region_instance_template
to GA (#15710) - container: added additional options for field
monitoring_config.enable_components
ingoogle_container_cluster
resource (#15727) - gkehub: added
labels
field togoogle_gke_hub_scope_rbac_role_binding
resource (#15729) - logging: added in-place update support for field
unique_writer_identity
ingoogle_logging_project_sink
resource (#15721) - networkconnectivity: added
psc_connections.error.details
field togoogle_network_connectivity_service_connection_policy
resource (#15726) - secretmanager: added in-place update support for field
replication.user_managed.replicas.customer_managed_encryption
ingoogle_secret_manager_secret
resource (#15685)
BUG FIXES:
- bigquery: made
params.destination_table_name_template
andparams.data_path
immutable as updating these fields if value ofdata_source_id
isamazon_s3
ingoogle_bigquery_data_transfer_config
resource (#15723) - dns: fixed hash function for
network_url
ingoogle_dns_managed_zone
andgoogle_dns_policy
resources to make sure that the private DNS zone or DNS policy can be attatched to all of the networks in different projects, even though the network name is the same across of those projects. (#15728)
FEATURES:
- New Resource:
google_biglake_catalog
(#15634) - New Resource:
google_redis_cluster
(#15645) - New Resource:
google_biglake_database
(#15651) - New Resource:
google_compute_network_attachment
(#15648) - New Resource:
google_gke_hub_feature_membership
(#15604) - New Resource:
google_gke_hub_membership_binding
(#15670) - New Resource:
google_gke_hub_namespace
(#15670) - New Resource:
google_gke_hub_scope
(#15670) - New Resource:
google_gke_hub_scope_iam_member
(#15670) - New Resource:
google_gke_hub_scope_iam_policy
(#15670) - New Resource:
google_gke_hub_membership_binding
(#15670) - New Resource:
google_gke_hub_scope_rbac_role_binding
(#15670)
IMPROVEMENTS:
- compute: made the field
distribution_policy_target_shape
ofgoogle_compute_region_instance_group_manager
not cause recreation of the resource. (#15641) - compute: promoted the
ssl_policy
field on thegoogle_compute_region_target_https_proxy
resource to GA. (#15608) - container: added
enable_fqdn_network_policy
field togoogle_container_cluster
(#15642) - container: added
node_config.confidential_compute
field togoogle_container_node_pool
resource (#15662) - datastream: made
password
ingoogle_datastream_connection_profile
not cause recreation of the resource. (#15610) - dialogflowcx: added
response_type
,channel
,payload
,conversation_success
,output_audio_text
,live_agent_handoff
,play_audo
,telephony_transfer_call
,reprompt_event_handlers
,set_parameter_actions
, andconditional_cases
fields togoogle_dialogflow_cx_page
resource (#15668) - dialogflowcx: added
response_type
,channel
,payload
,conversation_success
,output_audio_text
,live_agent_handoff
,play_audo
,telephony_transfer_call
,set_parameter_actions
, andconditional_cases
fields togoogle_dialogflow_cx_flow
resource (#15668) - iam: added
web_sso_config.additional_scopes
field togoogle_iam_workforce_pool_provider
resource under (#15616) - monitoring: added
synthetic_monitor
togoogle_monitoring_uptime_check_config
resource (#15623) - provider: improved error message when resource creation fails to to invalid API response (#15629)
BUG FIXES:
- cloudrunv2: changed
template.volumes.secret.items.mode
field ingoogle_cloud_run_v2_job
resource to a non-required field. (#15638) - cloudrunv2: changed
template.volumes.secret.items.mode
field ingoogle_cloud_run_v2_service
resource to a non-required field. (#15638) - filestore: fixed a bug causing permadiff on
reserved_ip_range
field ingoogle_filestore_instance
(#15614) - identityplatform: fixed a permadiff on
authorized_domains
ingoogle_identity_platform_config
resource (#15607)
DEPRECATIONS:
- dataplex: deprecated the following
google_dataplex_datascan
fields:dataProfileResult
anddataQualityResult
(#15528) - firebase: deprecated
google_firebase_project_location
in favor ofgoogle_firebase_storage_bucket
andgoogle_firestore_database
(#15526)
FEATURES:
- New Data Source:
google_sql_database_instance_latest_recovery_time
(#15551) - New Resource:
google_certificate_manager_trust_config
(#15562) - New Resource:
google_compute_region_security_policy_rule
(#15523) - New Resource:
google_iam_deny_policy
(#15571) - New Resource:
google_bigquery_bi_reservation
(#15527) - New Resource:
google_gke_hub_feature_membership
(#15604)
IMPROVEMENTS:
- alloydb: added
restore_backup_source
andrestore_continuous_backup_source
fields to support restore feature ingoogle_alloydb_cluster
resource. (#15580) - artifactregistry: added
cleanup_policies
andcleanup_policy_dry_run
fields to resourcegoogle_artifact_registry_repository
(#15561) - clouddeploy: added
multi_target
to ingoogle_clouddelploy_target
(#15564) - compute: added
security_policy
field togoogle_compute_target_instance
resource (beta) (#15566) - compute: added support for
security_policy
field togoogle_compute_target_pool
(#15569) - compute: added support for
user_defined_fields
togoogle_compute_region_security_policy
(#15523) - compute: added support for specifying regional disks for
google_compute_instance
boot_disk.source
(#15597) - container: added
additional_pod_ranges_config
field togoogle_container_cluster
resource (#15600) - containeraws: made
config.labels
updatable ingoogle_container_aws_node_pool
(#15564) - dataplex: added fields
data_profile_spec.post_scan_actions
,data_profile_spec.include_fields
anddata_profile_spec.exclude_fields
(#15545) - dns: added support for removing the networks block from the configuration in the resource
google_dns_response_policy
(#15557) - firebase: added
api_key_id
field togoogle_firebase_web_app
,google_firebase_android_app
, andgoogle_firebase_apple_app
. (#15577) - sql: added
psc_config
,psc_service_attachment_link
, anddns_name
fields togoogle_sql_database_instance
(#15563) - workstations: added
enable_nested_virtualization
field togoogle_workstations_workstation_config
resource (#15567)
BUG FIXES:
- bigquery: added support to unset policy tags in table schema (#15547)
- bigtable: fixed permadiff in
google_bigtable_gc_policy.gc_rules
whenmax_age
is specified using increments larger than hours (#15595) - bigtable: fixed permadiff in
google_bigtable_gc_policy.gc_rules
whenmode
is specified (#15595) - container: updated
resource_container_cluster
to ignoredns_config
diff whenenable_autopilot = true
(#15549) - containerazure: added diff suppression for case changes of enum values in
google_container_azure_cluster
(#15536)
FEATURES:
- New Resource:
google_backup_dr_management_server
(#15479) - New Resource:
google_compute_region_security_policy_rule
(#15523)
IMPROVEMENTS:
- cloudbuild: added
git_file_source.bitbucket_server_config
andsource_to_build.bitbucket_server_config
fields togoogle_cloudbuild_trigger
resource (#15475) - cloudrunv2: added the following output only fields to
google_cloud_run_v2_job
andgoogle_cloud_run_v2_service
resources:create_time
,update_time
,delete_time
,expire_time
,creator
andlast_modifier
(#15502) - composer: added
config.private_environment_config.connection_type
field togoogle_composer_environment
resource (#15460) - compute: added
disk.provisioned_iops
field togoogle_compute_instance_template
andgoogle_compute_region_instance_template
resources (#15506) - compute: added
user_defined_fields
field togoogle_compute_region_security_policy
resource (#15523) - databasemigrationservice: added
edition
field togoogle_database_migration_service_connection_profile
resource (#15510) - dns: allowed
globalL7ilb
value for therouting_policy.load_balancer_type
field ingoogle_dns_record_set
resource (#15521) - healthcare: added
default_search_handling_strict
field togoogle_healthcare_fhir_store
resource (#15514) - metastore: added
scaling_config
field togoogle_dataproc_metastore_service
resource (#15476) - secretmanager: added
version_aliases
field togoogle_secret_manager_secret
resource (#15483)
BUG FIXES:
- alloydb: fixed a permadiff on
google_alloydb_cluster
whenbackup_window
,enabled
orlocation
fields are unset (#15444) - containeraws: fixed permadiffs on
google_container_aws_cluster
andgoogle_container_aws_node_pool
resources (#15491) - dataplex: fixed a bug when importing
google_dataplex_datascan
after running a job (#15468) - dns: changed
private_visibility_config.networks
fromrequired
to requiring at least one ofprivate_visibility_config.networks
orprivate_visibility_config.gke_clusters
ingoogle_dns_managed_zone
resource (#15443)
FEATURES:
- New Resource:
google_billing_project_info
(#15400) - New Resource:
google_network_connectivity_service_connection_policy
(#15381)
IMPROVEMENTS:
- alloydb: added
continuous_backup_config
andcontinuous_backup_info
fields tocluster
resource (#15370) - bigquery: added
external_data_configuration.file_set_spec_type
togoogle_bigquery_table
(#15402) - bigquery: added
max_staleness
togoogle_bigquery_table
(#15395) - billingbudget: added
resource_ancestors
field togoogle_billing_budget
resource (#15393) - cloudfunctions2: added support for GCF Gen2 CMEK (#15385)
- cloudidentity: added field
type
togoogle_cloud_identity_group_memberships
(#15398) - compute: added
subnetwork
field to the resourcegoogle_compute_global_forwarding_rule
(#15424) - compute: added support for
INTERNAL_MANAGED
to the fieldload_balancing_scheme
in the resourcegoogle_compute_backend_service
(#15424) - compute: added support for
INTERNAL_MANAGED
to the fieldload_balancing_scheme
in the resourcegoogle_compute_global_forwarding_rule
(#15424) - compute: added support for
ip_version
togoogle_compute_forwarding_rule
(#15388) - container: marked
master_ipv4_cidr_block
as not required whenprivate_endpoint_subnetwork
is provided forgoogle_container_cluster
(#15422) - container: added support for
advanced_datapath_observability_config
togoogle_container_cluster
(#15425) - eventarc: added field
event_data_content_type
togoogle_eventarc_trigger
(#15433) - healthcare: added
send_previous_resource_on_delete
field tonotification_configs
ofgoogle_healthcare_fhir_store
(#15380) - pubsub: added
cloud_storage_config
field togoogle_pubsub_subscription
resource (#15420) - secretmanager: added
annotations
field togoogle_secret_manager_secret
resource (#15392)
BUG FIXES:
- certificatemanager: added recreation behavior to the
google_certificate_manager_certificate
resource when its location changes (#15432) - cloudfunctions2: fixed creation failure state inconsistency in
google_cloudfunctions2_function
(#15418) - monitoring: updated
evaluation_interval
oncondition_prometheus_query_language
to be optional (#15429)
NOTES:
- vpcaccess: reverted the ability to update the number of instances for resource
google_vpc_access_connector
(#15313)
FEATURES:
- New Resource:
google_document_ai_warehouse_document_schema
(#15326) - New Resource:
google_document_ai_warehouse_location
(#15326)
IMPROVEMENTS:
- alloydb: added
continuous_backup_config
andcontinuous_backup_info
fields tocluster
resource (#15370) - cloudbuild: removed the validation function for the values of
machine_type
field on thegoogle_cloudbuild_trigger
resource (#15357) - compute: add future_limit in quota exceeded error details for compute resources. (#15346)
- compute: added
ipv6_endpoint_type
andip_version
togoogle_compute_address
(#15358) - compute: added
local_ssd_recovery_timeout
field togoogle_compute_instance
resource (#15366) - compute: added
local_ssd_recovery_timeout
field togoogle_compute_instance_template
resource (#15366) - compute: added
network_interface.ipv6_access_config.external_ipv6_prefix_length
togoogle_compute_instance
(#15358) - compute: added
network_interface.ipv6_access_config.name
togoogle_compute_instance
(#15358) - compute: added a new type
GLOBAL_MANAGED_PROXY
for the fieldpurpose
in the resourcegoogle_compute_subnetwork
(#15345) - compute: added field
instance_lifecycle_policy
togoogle_compute_instance_group_manager
andgoogle_compute_region_instance_group_manager
(#15322) - compute: added protocol type: UNSPECIFIED in
google_compute_backend_service
as per release note (#15328) - compute: made
network_interface.ipv6_access_config.external_ipv6
configurable ingoogle_compute_instance
(#15358) - container: added
enable_k8s_beta_apis.enabled_apis
field togoogle_container_cluster
(#15320) - container: added
node_config.host_maintenance_policy
field togoogle_container_cluster
andgoogle_container_node_pool
(#15347) - container: added
placement_policy.policy_name
field togoogle_container_node_pool
resource (#15367) - container: allowed
enabled_private_endpoint
to be settable on creation for PSC-based clusters (#15361) - container: unsuppressed
private_cluster_config
whenmaster_global_access_config
is set ingoogle_container_cluster
(#15369) - gkeonprem: added taint on failed resource creation for
google_gkeonprem_bare_metal_admin_cluster
(#15362) - gkeonprem: increased timeout for resources
google_gkeonprem_bare_metal_cluster
andgoogle_gkeonprem_bare_metal_admin_cluster
(#15362) - identityplayform: added support for
blocking_functions
quota
andauthorized_domains
ingoogle_identity_platform_config
(#15325) - monitoring: added update support for
period
ingoogle_monitoring_uptime_check_config
(#15315) - pubsub: added
no_wrapper
field togoogle_pubsub_subscription
resource (#15334)
BUG FIXES:
- bigquery: fixed a bug in update support for several fields in
google_bigquery_data_transfer_config
(#15359) - cloudfunctions2: fixed an issue where
google_cloudfunctions2_function.build_config.source.storage_source.generation
created a diff when not set in config (#15364) - monitoring: fixed an issue in
google_monitoring_monitored_project
where project numbers were not accepted forname
(#15305) - vpcaccess: reverted new behaviour introduced by resource
google_vpc_access_connector
in4.75.0
.min_throughput
andmax_throughput
fields lost their default value, and customers could not make deployment due to that change. (#15313)
FEATURES:
- New Resource:
google_compute_region_ssl_policy
(#15299) - New Resource:
google_dataplex_task
(#15226) - New Resource:
google_iap_web_region_backend_service_iam_binding
(#15285) - New Resource:
google_iap_web_region_backend_service_iam_member
(#15285) - New Resource:
google_iap_web_region_backend_service_iam_policy
(#15285)
IMPROVEMENTS:
- cloudrun: added
status.traffic
output fields togoogle_cloud_run_service
resource (#15284) - cloudrunv2: added field
custom_audiences
to resourcegoogle_cloud_run_v2_service
(#15268) - composer: added support for updating
resilience_mode
ingoogle_composer_environment
(#15238) - compute: added
reconcile_connections
forgoogle_compute_service_attachment
. (#15288) - container : added
gcs_fuse_csi_driver_config
field toaddons_config
ingoogle_container_cluster
resource. (#15290) - container: added
allow_net_admin
field togoogle_container_cluster
resource (#15275) - container: allowed user to set up to 20 maintenance exclusions for
google_container_cluster
resource (#15291) - healthcare: added
last_updated_partition_config
field togoogle_healthcare_fhir_store
resource (#15271) - monitoring: added
condition_prometheus_query_language
field togoogle_monitoring_alert_policy
resource (#15301) - networkservices: made
scope
field optional ingoogle_network_services_gateway
resource (#15273) - spanner: added
enable_drop_protection
togoogle_spanner_database
resource(#15283)
BUG FIXES:
- alloydb: fixed permadiffs when setting 0 as start time (midnight) for
automated_backup_policy
ingoogle_alloydb_cluster
resource (#15219) - artifactregistry: fixed reading back maven_config state in
google_artifact_registry_repository
(#15269) - cloudtasks: suppressed time-unit permadiffs on
google_cloud_tasks_queue
min and max backoff settings (#15237) - cloudrun: fixed the bug where default system labels set in
service.spec.template.metadata.labels
were treated as a diff. (#15302) - compute: fixed wrongly triggered recreation on changes of
enforce_on_key_configs
ongoogle_compute_security_policy
(#15248) - monitoring: fixed an issue in
google_monitoring_monitored_project
where project numbers were not accepted forname
(#15305)
BUG FIXES:
-
vpcaccess: reverted new behaviour introduced by resource
google_vpc_access_connector
in4.75.0
.min_throughput
andmax_throughput
fields lost their default value, and customers could not make deployment due to that change. -
vpcaccess: reverted the ability to update the number of instances for resource
google_vpc_access_connector
FEATURES:
- New Resource:
google_dns_response_policy_rule
(#15146) - New Resource:
google_dns_response_policy
(#15146) - New Resource:
google_looker_instance
(#15188)
IMPROVEMENTS:
- apigee: added
disable_vpc_peering
field togoogle_apigee_organization
resource (#15186) - bigquery: added
external_data_configuration.json_options
andexternal_data_configuration.parquet_options
fields togoogle_bigquery_table
(#15197) - bigtable: added
change_stream_retention
field togoogle_bigtable_table.table
resource (#15152) - compute: added
most_recent
argument togoogle_compute_image
datasource (#15187) - compute: added field
enable_confidential_compute
forgoogle_compute_disk
resource (#15180) - container: added
gpu_driver_installation_config.gpu_driver_version
field togoogle_container_node_pool
(#15182) - gkebackup: added
state
andstate_reason
output-only fields togoogle_gkebackup_backupplan
resource (#15201) - healthcare: added
complex_data_type_reference_parsing
field togoogle_healthcare_fhir_store
resource (#15159) - networkservices: increased max_size to 20 for both
included_query_parameters
andexcluded_query_parameters
ongoogle_network_services_edge_cache_service
(#15168) - vpcaccess: added support for updates to
google_vpc_access_connector
resource (#15176)
BUG FIXES:
- alloydb: fixed
google_alloydb_cluster
handling of automated backup policy midnight start time (#15219) - compute: fixed logic when unsetting
google_compute_instance.min_cpu_platform
and switching to amachine_type
that does not supportmin_cpu_platform
at the same time (#15217) - tags: fixed race condition when modifying
google_tags_location_tag_binding
(#15189)
FEATURES:
- New Resource:
google_cloudbuildv2_connection
(#15098) - New Resource:
google_cloudbuildv2_repository
(#15098) - New Resource:
google_gkeonprem_bare_metal_admin_cluster
(#15099) - New Resource:
google_network_security_address_group
(#15111) - New Resource:
google_network_security_gateway_security_policy_rule
(#15112) - New Resource:
google_network_security_gateway_security_policy
(#15112) - New Resource:
google_network_security_url_lists
(#15112) - New Resource:
google_network_services_gateway
(#15112)
IMPROVEMENTS:
- bigquery: added
storage_billing_model
argument togoogle_bigquery_dataset
(#15115) - bigquery: added
external_data_configuration.metadata_cache_mode
andexternal_data_configuration.object_metadata
togoogle_bigquery_table
(#15096) - bigquery: made
external_data_configuration.source_fomat
optional ingoogle_bigquery_table
(#15096) - certificatemanager: added
issuance_config
field togoogle_certificate_manager_certificate
resource (#15101) - cloudbuild: added
repository_event_config
field togoogle_cloudbuild_trigger
resource (#15098) - compute: added field
http_keep_alive_timeout_sec
to resourcegoogle_compute_target_http_proxy
(#15109) - compute: added field
http_keep_alive_timeout_sec
to resourcegoogle_compute_target_https_proxy
(#15109) - compute: added support for updating labels in
google_compute_external_vpn_gateway
(#15134) - container: made
monitoring_config.enable_components
optional ongoogle_container_cluster
(#15131) - container: added field
tpu_topology
underplacement_policy
in resourcegoogle_container_node_pool
(#15130) - gkehub: promoted the
google_gke_hub_feature
resource'sfleetobservability
block to GA. (#15105) - iamworkforcepool: added
oidc.client_secret
field togoogle_iam_workforce_pool_provider
and new enum valuesCODE
andMERGE_ID_TOKEN_OVER_USER_INFO_CLAIMS
tooidc.web_sso_config.response_type
andoidc.web_sso_config.assertion_claims_behavior
respectively (#15069) - sql: added
settings.data_cache_config
tosql_database_instance
resource. (#15127) - sql: added
settings.edition
field tosql_database_instance
resource. (#15127) - vertexai: supported
shard_size
ingoogle_vertex_ai_index
(#15133)
BUG FIXES:
- compute: made
google_compute_router_peer.peer_ip_address
optional (#15095) - redis: fixed issue with
google_redis_instance
populating output-only fieldmaintenance_schedule
. (#15063) - orgpolicy: fixed forcing recreation on imported state for
google_org_policy_policy
(#15132) - osconfig: fixed validation of file resource
state
fields ingoogle_os_config_os_policy_assignment
(#15107)
BUG FIXES:
- monitoring: fixed an issue which occurred when
name
field ofgoogle_monitoring_monitored_project
was long-form
BUG FIXES:
- monitoring: fixed an issue causing
google_monitoring_monitored_project
to appear to be deleted
FEATURES:
- New Resource:
google_firebase_extensions_instance
(#15013)
IMPROVEMENTS:
- compute: added the
no_automate_dns_zone
field togoogle_compute_forwarding_rule
. (#15028) - compute: promoted
google_compute_disk_async_replication
resource to GA. (#15029) - compute: promoted
async_primary_disk
field ingoogle_compute_disk
resource to GA. (#15029) - compute: promoted
async_primary_disk
field ingoogle_compute_region_disk
resource to GA. (#15029) - compute: promoted
disk_consistency_group_policy
field ingoogle_compute_resource_policy
resource to GA. (#15029) - resourcemanager: fixed handling of
google_service_account_id_token
when authenticated with GCE metadata credentials (#15003)
BUG FIXES:
- networkservices: increased default timeout for
google_network_services_edge_cache_keyset
to 90m (#15024)
BUG FIXES:
- compute: fixed an issue in
google_compute_instance_template
where initialize params stopped thedisk.disk_size_gb
field being used (#15054)
FEATURES:
- New Resource:
google_public_ca_external_account_key
(#14983)
IMPROVEMENTS:
- compute: added
provisioned_throughput
field togoogle_compute_disk
used byhyperdisk-throughput
pd type (#14985) - container: added field
security_posture_config
to resourcegoogle_container_cluster
(#14999) - logging: added support for
locked
togoogle_logging_project_bucket_config
(#14977)
BUG FIXES:
- bigquery: fixed an issue where api default value for
edition
field ofgoogle_bigquery_reservation
was not handled (#14961) - cloudfunction2: fixed permadiffs of some fields of
service_config
ingoogle_cloudfunctions2_function
resource (#14975) - compute: fixed an issue with setting project field to long form in
google_compute_forwarding_rule
andgoogle_compute_global_forwarding_rule
(#14996) - gkehub: fixed an issue with setting project field to long form in
google_gke_hub_feature
(#14996)
FEATURES:
- New Resource:
google_gke_hub_feature_iam_*
(#14912) - New Resource:
google_gke_hub_feature
(#14912) - New Resource:
google_vmwareengine_cluster
(#14917) - New Resource:
google_vmwareengine_private_cloud
(#14917)
IMPROVEMENTS:
- apigee: added output-only field
apigee_project_id
to resourcegoogle_apigee_organization
(#14911) - bigtable: increased default timeout for instance operations to 1 hour in resoure
google_bigtable_instance
(#14909) - cloudrunv2: added fields
annotations
andtemplate.annotations
to resourcegoogle_cloud_run_v2_job
(#14948) - composer: added field
resilience_mode
to resourcegoogle_composer_environment
(#14939) - compute: added support for
params.resource_manager_tags
andboot_disk.initialize_params.resource_manager_tags
to resourcegoogle_compute_instance
(#14924) - bigquerydatatransfer: made field
service_account_name
mutable in resourcegoogle_bigquery_data_transfer_config
(#14907) - iambeta: added field
jwks_json
to resourcegoogle_iam_workload_identity_pool_provider
(#14938)
BUG FIXES:
- bigtable: validated that
cluster_id
values are unique within resourcegoogle_bigtable_instance
(#14908) - storage: fixed a bug that caused a permadiff when the
autoclass.enabled
field was explicitly set to false in resourcegoogle_storage_bucket
(#14902)
FEATURES:
- New Resource:
google_compute_network_endpoints
(#14869) - New Resource:
vertex_ai_index_endpoint
(#14842)
IMPROVEMENTS:
- bigtable: added 20 minutes timeout support to
google_bigtable_gc_policy
(#14861) - cloudfunctions2: added
url
output field togoogle_cloudfunctions2_function
(#14851) - compute: added field
network_attachment
togoogle_compute_instance_template
(#14874) - compute: surfaced additional information about quota exceeded errors for compute resources. (#14879)
- compute: added
path_template_match
andpath_template_rewrite
togoogle_compute_url_map
. (#14873) - compute: added ability to update Hyperdisk PD IOPS without recreation to
google_compute_disk
(#14844) - container: added
sole_tenant_config
tonode_config
ingoogle_container_node_pool
andgoogle_container_cluster
(#14897) - dataform: added field
workspace_compilation_overrides
to resourcegoogle_dataform_repository
(beta) (#14839) - dlp: added
crypto_hash_config
togoogle_data_loss_prevention_deidentify_template
(#14870) - dlp: added
trigger_id
field togoogle_data_loss_prevention_job_trigger
(#14892) - dlp: added missing file types
POWERPOINT
andEXCEL
ininspect_job.storage_config.cloud_storage_options.file_types
enum togoogle_data_loss_prevention_job_trigger
resource (#14856) - dlp: added multiple
sensitivity_score
field togoogle_data_loss_prevention_deidentify_template
resource (#14880) - dlp: added multiple
sensitivity_score
field togoogle_data_loss_prevention_inspect_template
resource (#14871) - dlp: added multiple
sensitivity_score
field togoogle_data_loss_prevention_job_trigger
resource (#14881) - dlp: changed
inspect_template_name
field from required to optional ingoogle_data_loss_prevention_job_trigger
resource (#14845) - pubsub: allowed
definition
field ofgoogle_pubsub_schema
updatable. (https://cloud.google.com/pubsub/docs/schemas#commit-schema-revision) (#14857) - sql: added
POSTGRES_15
to version docs fordatabase_version
field togoogle_sql_database_instance
(#14891) - vpcaccess: added
connected_projects
field to resourcegoogle_vpc_access_connector
. (#14835)
BUG FIXES:
- provider: fixed an issue on multiple resources where non-retryable quota errors were considered retryable (#14850)
- vertexai: made
google_vertex_ai_featurestore_entitytype_feature
always use region corresponding to parent's region (#14843)
NOTE:
- Added a new user guide to the provider documentation (#14886)
FEATURES:
- New Data Source:
google_vmwareengine_network
(#14821) - New Resource:
google_access_context_manager_service_perimeter_egress_policy
(#14817) - New Resource:
google_access_context_manager_service_perimeter_ingress_policy
(#14817) - New Resource:
google_certificate_manager_certificate_issuance_config
(#14798) - New Resource:
google_dataplex_datascan
(#14798) - New Resource:
google_dataplex_datascan_iam_*
(#14828) - New Resource:
google_vmwareengine_network
(#14821)
IMPROVEMENTS:
- billing: added
lookup_projects
togoogle_billing_account
datasource that skips reading the list of associated projects (#14815) - dlp: added
info_type_transformations
block in therecord_transformations
field togoogle_data_loss_prevention_deidentify_template
resource. (#14827) - dlp: added
redact_config
,fixed_size_bucketing_config
,bucketing_config
,time_part_config
anddate_shift_config
fields togoogle_data_loss_prevention_deidentify_template
resource (#14797) - dlp: added
stored_info_type_id
field togoogle_data_loss_prevention_stored_info_type
resource (#14791) - dlp: added
template_id
field togoogle_data_loss_prevention_deidentify_template
andgoogle_data_loss_prevention_inspect_template
(#14823) - dlp: changed
actions
field from required to optional ingoogle_data_loss_prevention_job_trigger
resource (#14803) - kms: removed validation for
purpose
ingoogle_kms_crypto_key
to allow newly added values for the field (#14799) - pubsub: allowed
schema_settings
ofgoogle_pubsub_topic
to change without deleting and recreating the resource (#14819)
BUG FIXES:
- tags: fixed providing
projects/<project_id
toparent
causing recreation ongoogle_tags_tag_key
(#14809)
FEATURES:
- New Resource:
google_container_analysis_note_iam_*
(#14706)
IMPROVEMENTS:
- compute: promoted
allow_psc_global_access
field ingoogle_compute_forwarding_rule
to GA (#14754) - dlp: added
included_fields
andexcluded_fields
fields togoogle_data_loss_prevention_job_trigger
(#14736) - dns: added
regionalL7ilb
enum support to therouting_policy.load_balancer_type
field ingoogle_dns_record_set
(#14710)
BUG FIXES:
- accesscontextmanager: fixed incorrect validations for
spec
andstatus
ingoogle_access_context_manager_service_perimeter
(#14705) - alloydb: increased timeouts for
google_alloydb_instance
from 20m to 40m (#14713) - apigee: fixed bug where updating
config_bundle
ingoogle_apigee_sharedflow
that's attached togoogle_apigee_sharedflow_deployment
causes an error (#14725) - compute: increased timeout for
compute_security_policy
from 4m to 8m (#14712) - dataproc: fixed crash when reading
google_dataproc_cluster.virtual_cluster_config
(#14744)
FEATURES:
IMPROVEMENTS:
- cloudrun: added
template.spec.containers.name
field togoogle_cloud_run_service
(#14647) - compute: added
network_performance_config
field togoogle_compute_instance
andgoogle_compute_instance_template
(#14678) - compute: added
guest_os_features
andlicenses
fields togoogle_compute_disk
andgoogle_compute_region_disk
(#14660) - datastream: added
mysql_source_config.max_concurrent_backfill_tasks
field togoogle_datastream_stream
(#14639) - firebase: added additional import formats for
google_firebase_webapp
(#14638) - notebooks: added update support for
google_notebooks_instance.metadata
field (#14650) - privateca: added
encoding_format
field togoogle_privateca_ca_pool
(#14663)
BUG FIXES:
- apigee: increased
google_apigee_organization
timeout defaults to 45m from 20m (#14643) - cloudresourcemanager: added retries to handle internal error: type: "googleapis.com" subject: "160009" (#14727)
- cloudrun: fixed a permadiff for
metadata.annotation
ingoogle_cloud_run_service
(#14642) - container: fixed a crash scenario in
google_container_node_pool
(#14693) - gkeonprem: changed
hostname
(underip_block
) from required to optional forgoogle_gkeonprem_vmware_cluster
(#14690) - serviceusage: added retries to handle internal error: type: "googleapis.com" subject: "160009" when activating services (#14727)
NOTE:
- Upgraded to Go 1.19.9 (#14561)
FEATURES:
- New Resource:
google_network_security_server_tls_policy
(#14557)
IMPROVEMENTS:
- bigquery: added
ICEBERG
as an enum forexternal_data_configuration.source_format
field ingoogle_bigquery_table
(#14562) - cloudfunctions: added
status
attribute to thegoogle_cloudfunctions_function
resource and data source (#14574) - compute: added
storage_location
field ingoogle_compute_image
resource (#14619) - compute: added support for additional machine types in
google_compute_region_commitment
(#14593) - monitoring: added
forecast_options
field togoogle_monitoring_alert_policy
resource (#14616) - monitoring: added
notification_channel_strategy
field togoogle_monitoring_alert_policy
resource (#14563) - sql: added
advanced_machine_features
field ingoogle_sql_database_instance
(#14604) - storagetransfer: added field
path
totransfer_spec.aws_s3_data_source
ingoogle_storage_transfer_job
(#14610)
BUG FIXES:
- artifactregistry: fixed new repositories ignoring the provider region if location is unset in
google_artifact_registry_repository
. (#14596) - compute: fixed permadiff on
log_config.sample_rate
ofgoogle_compute_backend_service
(#14590) - container: fixed permadiff on
gateway_api_config.channel
ofgoogle_container_cluster
(#14576) - dataflow: fixed inconsistent final plan when labels are added to
google_dataflow_job
(#14594) - provider: fixed an issue where mtls transports were not used consistently(initial implementation in v4.65.0, reverted in v4.65.1) (#14621)
- storage: fixed inconsistent final plan when labels are added to
google_storage_bucket
(#14594)
BUG FIXES:
- provider: fixed an issue where
google_client_config
datasource returnnull
for all attributes when region or zone is unset in provider config
BUG FIXES:
- provider: fixed an issue where
google_client_config
datasource returnnull
foraccess_token
FEATURES:
- New Data Source:
google_datastream_static_ips
(#14487) - New Resource:
google_compute_disk_async_replication
(#14489) - New Resource:
google_firestore_field
(#14512)
IMPROVEMENTS:
- bigquery: added general field
load.parquet_options
togoogle_bigquery_job
(#14497) - cloudbuild: added
allow_failure
andallow_exit_codes
tobuild.step
ingoogle_cloudbuild_trigger
resource (#14498) - compute: added enumeration values
SEV_SNP_CAPABLE
,SUSPEND_RESUME_COMPATIBLE
,TDX_CAPABLE
for theguest_os_features
ofgoogle_compute_image
(#14518) - compute: added support for
stack_type
togoogle_compute_network_peering
(#14509) - dlp: added
publish_to_stackdriver
field togoogle_data_loss_prevention_job_trigger
resource (#14539)
BUG FIXES:
- certificatemanager: fixed an issue where
self_managed.pem_certificate
andself_managed.pem_certificate
can't be updated ongoogle_certificate_manager_certificate
(#14521) - compute: fixed crash on
terraform destroy -refresh=false
for instance group managers withwait_for_instances = "true"
if the instance group manager was not found (#14543) - container: fixed node auto-provisioning not working when
auto_provisioning_defaults.management
is not provided ongoogle_container_cluster
(#14519) - provider: fixed an issue where mtls transports were not used consistently (#14550)
FEATURES:
- New Data Source:
google_alloydb_locations
(#14355) - New Data Source:
google_sql_tiers
(#14420) - New Resource:
google_database_migration_service_connection_profile
(#14383)
IMPROVEMENTS:
- alloydb: added
encryption_config
andencryption_info
fields ingoogle_alloydb_cluster
, to allow CMEK encryption of the cluster's data. (#14426) - alloydb: added support for CMEK in
google_alloydb_backup
resource (#14421) - alloydb: added the
encryption_config
field inside theautomated_backup_policy
block ingoogle_alloydb_cluster
, to allow CMEK encryption of automated backups. (#14426) - certificatemanager: added
location
field tocertificatemanager
certificate resource (#14432) - cloudrun: promoted
startup_probe
andliveness_probe
in resourcegoogle_cloud_run_service
to GA. (#14363) - cloudrunv2: added field
port
tohttp_get
to resourcegoogle_cloud_run_v2_service
(#14358) - cloudrunv2: added field
startupCpuBoost
to resourceservice
(#14372) - cloudrunv2: added support for
session_affinity
togoogle_cloud_run_v2_service
(#14367) - compute: added
dest_fqdns
,dest_region_codes
,dest_threat_intelligences
,src_fqdns
,src_region_codes
, andsrc_threat_intelligences
togoogle_compute_firewall_policy_rule
resource. (#14378) - compute: added
source_ip_ranges
andbase_forwarding_rule
togoogle_compute_forwarding_rule
resource (#14378) - compute: added
bypass_cache_on_request_headers
tocdn_policy
ingoogle_compute_backend_service
resource (#14446) - compute: added
dest_address_groups
andsrc_address_groups
fields togoogle_compute_firewall_policy_rule
andgoogle_compute_network_firewall_policy_rule
(#14396) - compute: added new field
async_primary_disk
togoogle_compute_disk
andgoogle_compute_region_disk
(#14431) - compute: added new field
disk_consistency_group_policy
togoogle_compute_resource_policy
(#14431) - compute: added support for IPv6 prefix exchange in
google_compute_router_peer
(#14397) - compute: made
network_firewall_policy_enforcement_order
field mutable ingoogle_compute_network
. (#14364) - dlp: added
exclude_by_hotword
exclusion rule togoogle_data_loss_prevention_inspect_template
resource (#14433) - dlp: added
image_transformations
field togoogle_data_loss_prevention_deidentify_template
resource (#14434) - dlp: added
inspectConfig
field togoogle_data_loss_prevention_job_trigger
resource (#14401) - dlp: added
replace_dictionary_config
field toinfo_type_transformations
ingoogle_data_loss_prevention_deidentify_template
resource (#14434) - dlp: added
surrogate_type
custom type togoogle_data_loss_prevention_inspect_template
resource (#14433) - dlp: added
version
field for multipleinfo_type
blocks togoogle_data_loss_prevention_inspect_template
resource (#14433) - gkehub: moved
google_gke_hub_feature
from beta to ga (#14396) - sql: Added support for Postgres in
google_sql_source_representation_instance
(#14436) - vertexai: added
region
field togoogle_vertex_ai_endpoint
(#14362) - workflows: added
crypto_key_name
field togoogle_workflows_workflow
resource (#14357)
BUG FIXES:
- accesscontextmanager: fixed test for
google_access_context_manager_ingress_policy
(#14361) - cloudplatform: added validation for
role_id
ongoogle_organization_iam_custom_role
(#14454) - compute: fixed an import bug for
google_compute_router_interface
that happened when project was not set in the provider configuration or via environment variable (#14356) - dns: fixed bug in
google_dns_keys
data source where list attributes could not be used at plan-time (#14418) - firebase: specified required argument
bundle_id
ingoogle_firebase_apple_app
(#14469)
BUG FIXES:
- bigtable: fixed plan failure because of an unused zone being unavailable
NOTES:
- alloydb: changed
location
fromoptional
torequired
forgoogle_alloydb_cluster
andgoogle_alloydb_backup
resources.location
had previously been marked as optional, but operations failed if it was omitted, and there was no way forlocation
to be inherited from the provider configuration or from an environment variable. This means there was no way to have a working configuration withoutlocation
specified. (#14330, #14334)
FEATURES:
- New Resource:
google_access_context_manager_ingress_policy
(#14302) - New Resource:
google_compute_public_advertised_prefix
(#14303) - New Resource:
google_compute_public_delegated_prefix
(#14303) - New Resource:
google_compute_region_commitment
(#14301) - New Resource:
google_network_services_http_route
(#14294)
IMPROVEMENTS:
- dlp: added
inspect_job.actions.job_notification_emails
andinspect_job.actions.deidentify
fields togoogle_data_loss_prevention_job_trigger
resource (#14309) - dlp: added
triggers.manual
andinspect_job.storage_config.hybrid_options
togoogle_data_loss_prevention_job_trigger
(#14326) - iam: added
oidc.web_sso_config
field togoogle_iam_workforce_pool_provider
(#14327)
BUG FIXES:
- alloydb: changed
weekly_schedule
(underautomated_backup_policy
) from required to optional forgoogle_alloydb_cluster
(#14335) - compute: fixed an issue with TTLs being sent when
USE_ORIGIN_HEADERS
is set ingoogle_compute_backend_bucket
(#14323) - networkservices: increased default timeouts for
google_network_services_edge_cache_keyset
to 60m (from 30m) (#14314) - sql: fixed an issue that prevented setting
enable_private_path_for_google_cloud_services
tofalse
ingoogle_sql_database_instance
(#14316)
BUG FIXES:
- compute: fixed a diff that occurred when
stack_type
was unset ongoogle_compute_ha_vpn_gateway
(#14311)
FEATURES:
- New Data Source:
google_compute_region_instance_template
(#14280) - New Resource:
google_compute_region_instance_template
(#14280) - New Resource:
google_logging_linked_dataset
(#14261)
IMPROVEMENTS:
- cloudasset: added
OS_INVENTORY
value tocontent_type
forgoogle_cloud_asset_*_feed
(#14277) - clouddeploy: added canary deployment fields for resource
google_clouddeploy_delivery_pipeline
(#14249) - compute: supported region instance template in
source_instance_template
field ofgoogle_compute_instance_from_template
resource (#14280) - container: added
pod_cidr_overprovision_config
field togoogle_container_cluster
andgoogle_container_node_pool
resources. (#14281) - orgpolicy: accepted variable cases for booleans such as true, True, and TRUE in
google_org_policy_policy
(#14240)
BUG FIXES:
- cloudidentity: fixed immutability issue on
initialGroupConfig
field for resourcegoogle_cloud_identity_group
(#14257) - provider: fixed an error resulting from leaving
batching.send_after
unspecified andbatching
specified (#14263) - provider: fixed bug where
credentials
field could not be set as an empty string (#14279) - vertex: increased the default timeout for
google_vertex_ai_index
to 180m (#14248)
BREAKING CHANGES:
- cloudrunv2: set a default value of 3 for
max_retries
ingoogle_cloud_run_v2_job
. This should match the API's existing default, but may show a diff at plan time in limited circumstances as drift is now detected (#14223)
FEATURES:
- New Data Source:
google_firebase_android_app_config
(#14202) - New Resource:
google_apigee_keystores_aliases_pkcs12
(#14168) - New Resource:
google_apigee_keystores_aliases_self_signed_cert
(#14140) - New Resource:
google_network_security_url_lists
(#14232) - New Resource:
google_network_services_mesh
(#14139)
IMPROVEMENTS:
- alloydb: added update support for
initial_user
andautomated_backup_policy.weekly_schedule
togoogle_alloydb_cluster
(#14187) - artifactregistry: added support for tag immutability (#14206)
- artifactregistry: promoted
mode
,virtual_repository_config
, andremote_repository_config
to GA (#14204) - bigqueryreservation: added
edition
andautoscale
togoogle_bigquery_reservation
andedition
tobigquery_capacity_commitment
(#14148) - compute: added support for
SEV_LIVE_MIGRATABLE
toguest_os_features.type
ingoogle_compute_image
(#14200) - compute: added support for
stack_type
togoogle_compute_ha_vpn_gateway
(#14141) - container: added support for
ephemeral_storage_local_ssd_config
togoogle_container_cluster.node_config
,google_container_cluster.node_pools.node_config
,google_container_node_pool.node_config
(#14150) - dlp: Changed
dictionary
,regex
,regex.group_indexes
andlarge_custom_dictionary
fields ingoogle_data_loss_prevention_stored_info_type
to be update-in-place (#14207) - logging: added support for
disabled
togoogle_logging_metric
(#14198) - networkservices: increased the max count for
route_rule
to 200 ongoogle_network_services_edge_cache_service
(#14224) - storagetransfer: added support for 'last_modified_since' and 'last_modified_before' fields to 'google_storage_transfer_job' resource (#14147)
BUG FIXES:
- bigquery: fixed the import logic in
google_bigquery_capacity_commitment
(#14226) - cloudrunv2: fixed the bug where setting
max_retries
to 0 ingoogle_cloud_run_v2_job
was not respected. (#14223) - container: fixed a bug creating a diff adding a
stack_type
when GKE omittedstackType
in API responses from older GKE clusters (#14208) - dataproc: fixed validation of
optional_components
(#14167) - provider: fixed an issue where the
USER_PROJECT_OVERRIDE
environment variable was not being read (#14238) - provider: fixed an issue where the provider crashed when "batching" was set in
4.60.0
/4.60.1
(#14235)
BUG FIXES:
- provider: fixed an issue where the provider crashed when "batching" was set in
4.60.0
/4.60.1
- provider: fixed an issue where the
USER_PROJECT_OVERRIDE
environment variable was not being read
BUG FIXES:
- container: fixed a bug creating a diff adding a
stack_type
when GKE omittedstackType
in API responses from older GKE clusters
FEATURES:
- New Resource:
google_apigee_keystores_aliases_key_cert_file
(#14130)
IMPROVEMENTS:
- compute: added
address_type
,network
,network_tier
,prefix_length
,purpose
,subnetwork
andusers
field forgoogle_compute_address
andgoogle_compute_global_address
datasource (#14078) - compute: added
network_firewall_policy_enforcement_order
field togoogle_compute_network
resource (#14111) - compute: added output-only attribute
self_link_unique
forgoogle_compute_instance_template
to point to the unique id of the resource instead of its name (#14128) - container: added
stack_type
field togoogle_container_cluster
resource (#14079) - container: added
advanced_machine_features
field togoogle_container_cluster
resource (#14106) - networkservice: updated the max number of
host_rule
ongoogle_network_services_edge_cache_service
(#14112) - sql: added support of single-database-recovery for SQL Server PITR with
database_names
attribute togoogle_sql_instance
(#14088)
BUG FIXES:
- cloudrun: fixed race condition when polling for status during an update of a
google_cloud_run_service
(#14087) - cloudsql: fixed the error in any subsequent apply on
google_sql_user
after itsgoogle_sql_database_instance
is deleted (#14098) - datacatalog: fixed
google_data_catalog_tag
only allowing 10 tags by increasing the page size to 1000 (#14077) - firebase: fixed
google_firebase_project
to succeed on apply when the project already has firebase enabled (#14121)
FEATURES:
- New Resource:
google_dataplex_asset_iam_*
(#14046) - New Resource:
google_dataplex_lake_iam_*
(#14046) - New Resource:
google_dataplex_zone_iam_*
(#14046) - New Resource:
google_network_services_gateway
(#14057)
IMPROVEMENTS:
- auth: added support for oauth2 token exchange over mTLS (#14032)
- bigquery: added
is_case_insensitive
anddefault_collation
fields togoogle_bigquery_dataset
resource (#14031) - bigquerydatapolicy: promoted
google_bigquery_datapolicy_data_policy
to GA (#13991) - compute: added
scratch_disk.size
field ongoogle_compute_instance
(#14061) - compute: added 3000 as allowable value for
disk_size_gb
for SCRATCH disks ingoogle_compute_instance_template
(#14061) - compute: added
WEIGHED_MAGLEV
tolocality_lb_policy
enum for backend service resources (#14055) - container: added
local_nvme_ssd_block
tonode_config
block in thegoogle_container_node_pool
(#14008) - logging: added
enable_analytics
field togoogle_logging_project_bucket_config
(#14043) - networkservices: updated max allowed items to 25 for
expose_headers
,allow_headers
,request_header_to_remove
,request_header_to_add
,response_header_to_add
andresponse_header_to_remove
ofgoogle_network_services_edge_cache_service
(#14041) - networkservices: updated max allowed items to 25 for
request_headers_to_add
ofgoogle_network_services_edge_cache_origin
(#14041)
BUG FIXES:
- certificatemanager: fixed
managed.dns_authorizations
not being included during import ofgoogle_certificate_manager_certificate
(#13992) - certificatemanager: fixed a bug where modifying non-updatable fields
hostname
andmatcher
ingoogle_certificate_manager_certificate_map_entry
would fail with API errors; now updating them will recreate the resource (#13994) - compute: fixed bug where
enforce_on_key_name
could not be unset ongoogle_compute_security_policy
(#13993) - datastream: fixed bug where field
dataset_id
could not utilize the id from bigquery directly (#14003) - workstations: fixed permadiff on
service_account
ofgoogle_workstations_workstation_config
(#13989)
FEATURES:
- New Resource:
google_apigee_sharedflow
(#13938) - New Resource:
google_apigee_sharedflow_deployment
(#13938) - New Resource:
google_apigee_flowhook
(#13938)
IMPROVEMENTS:
- datafusion: added support for
accelerators
field togoogle_datafusion_instance
resource. (#13946) - privateca: added support for X.509 name constraints to
google_privateca_pool
,google_privateca_certificate
, andgoogle_privateca_certificate_authority
(#13969)
BUG FIXES:
- alloydb: fixed permadiff on
automated_backup_policy.weekly_schedule
ofgoogle_alloydb_cluster
(#13948) - bigquery: fixed a permadiff when
friendly_name
is removed fromgoogle_bigquery_dataset
(#13973) - redis: fixed a bug causing diff detection on
reserved_ip_range
ingoogle_redis_instance
(#13958)
FEATURES:
- New Resource:
google_access_context_manager_authorized_orgs_desc
(#13925) - New Resource:
google_bigquery_capacity_commitment
(#13902) - New Resource:
google_workstations_workstation
(#13885) - New Resource:
google_apigee_env_keystore
(#13876) - New Resource:
google_apigee_env_references
(#13876) - New Resource:
google_firestore_database
(#13874)
BUG FIXES:
- cloudidentity: fixed an issue on
google_cloud_identity_group
initial_group_config
field when importing (#13875) - compute: fixed the error of invalid value for field
failover_policy
when UDP is selected ongoogle_compute_region_backend_service
(#13897) - firebase: allowed specifying a
project
field on datasources forgoogle_firebase_android_app
,google_firebase_web_app
, andgoogle_firebase_apple_app
. (#13927) - tags: fixed a bug preventing use of
google_tags_location_tag_binding
with zonal parent resources (#13880)
FEATURES:
- New Resource: google_data_catalog_policy_tag (#13818)
- New Resource: google_data_catalog_taxonomy (#13818)
- New Resource: google_scc_mute_config (#13818)
- New Resource: google_workstations_workstation_config (#13832)
IMPROVEMENTS:
- cloudbuild: added
peered_network_ip_range
field togoogle_cloudbuild_worker_pool
resource (#13854) - cloudrun: added
template.0.containers0.liveness_probe.grpc
,template.0.containers0.startup_probe.grpc
fields togoogle_cloud_run_v2_service
resource (#13855) - compute: added
max_distance
field toresource-policy
resource (#13853) - compute: added field
deletion_policy
to resourcegoogle_compute_shared_vpc_service_project
(#13822) - containerazure: added
azure_services_authentication
togoogle_container_azure_cluster
(#13854) - networkservices: increased maximum
allow_origins
from 5 to 25 onnetwork_services_edge_cache_service
(#13808) - storagetransfer: added general field
sink_agent_pool_name
andsource_agent_pool_name
togoogle_storage_transfer_job
(#13865)
BUG FIXES:
- cloudfunctions: fixed no diff found on
event_trigger.resource
ofgoogle_cloudfunctions_function
(#13862) - dataproc: fixed an issue where
master_config.num_instances
would not force recreation when changed ingoogle_dataproc_cluster
(#13837) - spanner: fixed the error when updating
deletion_protection
ongoogle_spanner_database
(#13821) - spanner: fixed the error when updating
force_destroy
ongoogle_spanner_instance
(#13821)
FEATURES:
- New Resource:
google_cloudbuild_bitbucket_server_config
(#13767) - New Resource:
google_firebase_hosting_release
(#13793) - New Resource:
google_firebase_hosting_version
(#13793)
IMPROVEMENTS:
- container: added support for
node_config.kubelet_config.pod_pids_limit
ongoogle_container_node_pool
(#13762) - storage: changed the default create timeout of
google_storage_bucket
to 10m from 4m (#13774)
BUG FIXES:
- container: fixed a crash when leaving
placement_policy
blank ongoogle_container_node_pool
(#13797)
FEATURES:
- New Data Source:
google_firebase_hosting_channel
(#13686) - New Data Source:
google_logging_sink
(#13742) - New Data Source:
google_sql_databases
(#13738)
IMPROVEMENTS:
- cloudbuild: added
bitbucket_server_trigger_config
field togoogle_cloudbuild_trigger
resource (#13728) - cloudbuild: added
github.enterprise_config_resource_name
field togoogle_cloudbuild_trigger
resource (#13739) - compute: added field
rsa_encrypted_key
togoogle_compute_disk
resource (#13685) - sql: added replica promotion support to
google_sql_database_instance
. This change will allow users to promote read replica as stand alone primary instance. (#13682)
BUG FIXES:
- bigquery: fixed permadiff on
max_time_travel_hours
ofgoogle_bigquery_dataset
(#13691) - compute: added possibility to remove
stateful_disk
incompute_instance_group_manager
andcompute_region_instance_group_manager
. (#13737) - sql: fixed an issue with updating the
settings.activation_policy
field ingoogle_sql_database_instance
(#13736)
BUG FIXES:
- provider: fixed crash when trying to configure the provider with invalid credentials
FEATURES:
- New Resource:
google_apigee_addons_config
(#13654) - New Resource:
google_alloydb_backup
(#13639) - New Resource:
google_alloydb_cluster
(#13639) - New Resource:
google_alloydb_instance
(#13639) - New Resource:
google_compute_region_target_tcp_proxy
(#13640) - New Resource:
google_firestore_database
(#13675) - New Resource:
google_workstations_workstation_cluster
(#13619)
IMPROVEMENTS:
- compute: added
resource_policies
field togoogle_compute_instance_template
(#13677) - compute: added the
labels
field to thegoogle_compute_external_vpn_gateway
resource (#13642) - datastream: added
postgresql_source_config
&oracle_source_config
ingoogle_datastream_stream
(#13646) - datastream: added support for creating
google_datastream_stream
withdesired_state=RUNNING
(#13646) - datastream: exposed validation errors during
google_datastream_stream
creation (#13646) - firebase: marked
deletion_policy
as updatable without recreation ongoogle_firebase_android_app
andgoogle_firebase_apple_app
(#13643) - sql: added
enable_private_path_for_google_cloud_services
field togoogle_sql_database_instance
resource (#13668) - vertex_ai: added the field
description
togoogle_vertex_ai_featurestore_entitytype
(#13641)
BUG FIXES:
- composer: fixed an issue with cleaning up environments created in an error state (#13644)
- compute: fixed wrong maximum limit description for possible VPC MTUs (#13674)
- datafusion: fixed
version
can't be updated ongoogle_data_fusion_instance
(#13658)
FEATURES:
- New Data Source:
google_secret_manager_secret_version_access
(#13605) - New Resource:
google_workstations_workstation_cluster
(#13619)
IMPROVEMENTS:
- bigquery: added support for federated Azure identities to BigQuery Omni connections. (#13614)
- bigquery: added
cloud_spanner.use_serverless_analytics
field (#13588) - bigquery: added
cloud_sql.service_account_id
andazure.identity
output fields (#13588) - compute: added
locality_lb_policies
field togoogle_compute_backend_service
(#13604) - sql: updated the
settings.deletion_protection_enabled
property documentation. (#13581) - sql: made
root_password
field updatable ingoogle_sql_database_instance
(#13574)
BUG FIXES:
- cloudfunctions: updated max_instances field to take API's result as default value (#13575)
- container: fixed an issue with resuming failed cluster creation (#13580)
- gke: fixed the error of Invalid address to set on
config_connector_config
of the data sourcegoogle_container_cluster
(#13566) - secretmanager: fixed incorrect required_with for topics in
google_secret_managed_secret
(#13612)
DEPRECATIONS:
- cloudrunv2: deprecated
liveness_probe.tcp_socket
field fromgoogle_cloud_run_v2_service
resource as it is not supported by the API and it will be removed in a future major release (#13563) - cloudrunv2: deprecated
startup_probe
andliveness_probe
fields fromgoogle_cloud_run_v2_job
resource as they are not supported by the API and they will be removed in a future major release (#13531)
FEATURES:
- New Resource:
google_iam_access_boundary_policy
(#13565) - New Resource:
google_tags_location_tag_bindings
(#13524)
IMPROVEMENTS:
- cloudbuild: added
github_enterprise_config
fields togoogle_cloudbuild_trigger
resource. (#13518) - cloudrunV2: added
annotations
togoogle_cloud_run_v2_service
resource (#13509) - compute: added
tcp_time_wait_timeout_sec
field togoogle_compute_router_nat
resource (#13554) - compute: added
share_settings
field to thegoogle_compute_node_group
resource. (#13522) - containerattached: added
deletion_policy
field togoogle_container_attached_cluster
resource. (#13551) - datastream: added
customer_managed_encryption_key
anddestination_config.bigquery_destination_config.source_hierarchy_datasets.dataset_template.kms_key_name
fields togoogle_datastream_stream
resource (#13549) - dlp: added
publish_findings_to_cloud_data_catalog
andpublish_summary_to_cscc
togoogle_data_loss_prevention_job_trigger
resource (#13562) - sql: added point_in_time_recovery_enabled for SQLServer in
google_sql_database_instance
(#13555) - spanner: added support for IAM conditions with
google_spanner_database_iam_member
andgoogle_spanner_instance_iam_member
(#13556) - sql: added additional fields to
google_sql_source_representation_instance
(#13523)
BUG FIXES:
- bigquery: fixed bug where valid iam member values for bigquery were prevented from actuation by validation (#13520)
- bigquery: fixed permadiff on
external_data_configuration.connection_id
ofgoogle_bigquery_table
(#13560) - gke: fixed the error of Invalid address to set on
config_connector_config
of the data sourcegoogle_container_cluster
(#13566) - google_project: fixes misleading examples that could cause
firebase:enabled
label to be accidentally removed. (#13552)
FEATURES:
- New Data Source:
google_compute_network_peering
(#13476) - New Data Source:
google_compute_router_nat
(#13475) - New Resource:
google_cloud_run_v2_job_iam_binding
(#13492) - New Resource:
google_cloud_run_v2_job_iam_member
(#13492) - New Resource:
google_cloud_run_v2_job_iam_policy
(#13492) - New Resource:
google_cloud_run_v2_service_iam_binding
(#13492) - New Resource:
google_cloud_run_v2_service_iam_member
(#13492) - New Resource:
google_cloud_run_v2_service_iam_policy
(#13492) - New Resource:
google_gke_backup_backup_plan_iam_binding
(#13508) - New Resource:
google_gke_backup_backup_plan_iam_member
(#13508) - New Resource:
google_gke_backup_backup_plan_iam_policy
(#13508)
IMPROVEMENTS:
- bigquery_table - added
reference_file_schema_uri
(#13493) - billingbudget: made fields
credit_types
andsubaccounts
updatable forgoogle_billing_budget
(#13466) - cloudrunV2: added
annotations
toCloudRunV2_service
resource (#13509) - composer: added
recovery_config
ingoogle_composer_environment
resource (#13504) - compute: added support for 'edge_security_policy' field to 'google_compute_backend_service' resource. (#13494)
- compute: added
max_run_duration
field togoogle_compute_instance
andgoogle_compute_instance_template
resource (beta) (#13489) - dataproc: added support for
dataproc_metric_config
to resourcegoogle_dataproc_cluster
(#13480) - dlp: added all subfields under
deidentify_template.record_transformations.field_transformations.primitive_transformation
togoogle_data_loss_prevention_deidentify_template
(#13498) - sql: changed the default create timeout of
google_sql_database_instance
to 40m from 30m (#13481)
BUG FIXES:
- certificatemanager: removed incorrect indication that the
self_managed
field ingoogle_certificate_manager_certificate
was treated as sensitive, and markedself_managed.pem_private_key
as sensitive (#13505) - cloudplatform: fixed the error with header
X-Goog-User-Project
ongoogle_client_openid_userinfo
(#13474) - cloudsql: fixed
disk_type
can't be updated ongoogle_sql_database_instance
(#13483) - vertexai: fixed updating value_type in google_vertex_ai_featurestore_entitytype_feature (#13491)
FEATURES:
- New Data Source:
google_project_service
(#13434) - New Data Source:
google_sql_database_instances
(#13433) - New Data Source:
google_container_attached_install_manifest
(#13443) - New Data Source:
google_container_attached_install_manifest
(#13455) - New Data Source:
google_container_attached_versions
(#13443) - New Resource:
google_datastream_stream
(#13385)
IMPROVEMENTS:
- android_app: added general fields
sha1_hashes
,sha256_hashes
andetag
togoogle_firebase_android_app
. (#13444) - cloudids: added
threat_exception
field togoogle_cloud_ids_endpoint
resource (#13442) - compute: added deletion for
statefulIps
fields ininstance_group_manager
andregion_instance_group_manager
. (#13428) - compute: added field
expire_time
to resourcegoogle_compute_region_ssl_certificate
(#13392) - compute: added field
expire_time
to resourcegoogle_compute_ssl_certificate
(#13392) - container: added
release_channel_latest_version
ingoogle_container_engine_versions
datasource (#13384) - container: added
google_container_aws_node_pool
autoscaling_metrics_collection
field (#13462) - container: added update support for
google_container_aws_node_pool
tags
field (#13462) - container: added
config_connector_config
addon field togoogle_container_cluster
(#13380) - container: added
kubelet_config
field togoogle_container_node_pool
(#13423) - dataproc: added support for
node_group_affinity.
ingoogle_dataproc_cluster
(#13400) - dataproc: added support for
reservation_affinity
ingoogle_dataproc_cluster
(#13393) - dlp: added field
identifying_fields
tobig_query_options
for creating DLP jobs. (#13463) - metastore: added
telemetry_config
field togoogle_dataproc_metastore_service
(#13432) - sql: added the ability to set
point_in_time_recovery_enabled
flag forgoogle_sql_database_instance
SQLSERVER
instances (#13454) - sql: added
instance_type
field togoogle_sql_database_instance
resource (#13406) - vertexai: added
scaling
field ingoogle_vertex_ai_featurestore
(#13458)
BUG FIXES:
- android_app: modified the
package_name
field suffix to always start with a letter ingoogle_firebase_android_app
. (#13444) - bigqueryconnection: fixed a bug where
aws.access_role.iam_role_id
cannot be updated ongoogle_bigquery_connection
(#13460) - cloudplatform: fixed a bug where
google_folder
deletion would fail to handle async operations (#13377) - container: fixed a bug preventing updates to
master_global_access_config
ingoogle_container_cluster
(#13383) - spanner: fixed crash when
google_spanner_database.ddl
item was nil (#13441)
FEATURES:
- New Data Source:
google_beyondcorp_app_connection
(#13336) - New Data Source:
google_beyondcorp_app_connector
(#13305) - New Data Source:
google_beyondcorp_app_gateway
(#13305) - New Data Source:
google_cloudbuild_trigger
(#13329) - New Data Source:
google_compute_instance_group_manager
(#13297) - New Data Source:
google_firebase_apple_app
(#13239) - New Data Source:
google_pubsub_subscription
(#13296) - New Data Source:
google_sql_database
(#13376) - New Resource:
google_apigee_sync_authorization
(#13324) - New Resource:
google_beyondcorp_app_connection
(#13318) - New Resource:
google_container_attached_cluster
(#13374) - New Resource:
google_dns_managed_zone_iam_*
(#13304) - New Resource:
google_gke_backup_backup_plan
(#13359) - New Resource:
google_iam_workforce_pool_provider
(#13299) - New Resource:
google_iam_workforce_pool
(#13299)
IMPROVEMENTS:
- cloudfunctions2: added
available_cpu
andmax_instance_request_concurrency
to support concurrency ingoogle_cloudfunctions2_function
resource (#13315) - compute: added support for local IP ranges in
google_compute_firewall
(#13240) - compute: added
router_appliance_instance
field togoogle_compute_router_bgp_peer
(#13373) - compute: added support for
generated_id
field ingoogle_compute_backend_service
to get the value ofid
defined by the server (#13242) - compute: added support for
image_encryption_key
togoogle_compute_image
(#13253) - compute: added support for
source_snapshot
,source_snapshot_encyption_key
, andsource_image_encryption_key
togoogle_compute_instance_template
(#13253) - container: promoted
google_container_node_pool.placement_policy
to GA (#13372) - container: added
gateway_api_config
block togoogle_container_cluster
resource for supporting the gke gateway api controller (#13233) - container: supported in-place update for
labels
ingoogle_container_node_pool
(#13284) - dataproc: added support for
SPOT
option forpreemptibility
ingoogle_dataproc_cluster
(#13335) - dlp: added field
deidentify_config.record_transformations.field_transformations
togoogle_data_loss_prevention_deidentify_template
(#13282) - dlp: added field
deidentify_config.record_transformations.record_suppressions
togoogle_data_loss_prevention_deidentify_template
(#13300) - dlp: added
version
field togoogle_data_loss_prevention_inspect_template
resource (#13366) - osconfig: added support for
skip_await_rollout
ingoogle_os_config_os_policy_assignment
(#13340) - sql: added new deletion protection feature
deletion_protection_enabled
ingoogle_sql_database_instance
to guard against deletion from all surfaces (#13249) - sql: made
settings.sql_server_audit_config.bucket
field ingoogle_sql_database_instance
to be optional. (#13252) - storagetransfer: supported in-place update for
schedule
ingoogle_storage_transfer_job
(#13262)
BUG FIXES:
- bigquery: fixed a permadiff on
labels
ofgoogle_bigquery_dataset
when it is referenced ingoogle_dataplex_asset
(#13333) - compute: fixed a permadiff on
private_ip_google_access
ofgoogle_compute_subnetwork
(#13244) - compute: fixed an issue where
enable_dynamic_port_allocation
was not able to set tofalse
ingoogle_compute_router_nat
(#13243) - container: fixed a permadiff on
location_policy
ofgoogle_container_cluster
andgoogle_container_node_pool
(#13283) - identityplatform: fixed issues with
google_identity_platform_config
creation (#13301) - resourcemanager: fixed the
google_project
datasource silently returning empty results when the project was not found or not in the ACTIVE state. Now, an error will be surfaced instead. (#13358) - sql: fixed
sql_database_instance
leaking root users (#13258)
NOTES:
- sql: fixed an issue where
google_sql_database
was abandoned by default as of version4.45.0
. Users who have upgraded to4.45.0
or4.46.0
will see a diff when running their nextterraform apply
after upgrading this version, indicating thedeletion_policy
field's value has changed from"ABANDON"
to"DELETE"
. This will create a no-op call against the API, but can otherwise be safely applied. (#13226)
FEATURES:
IMPROVEMENTS:
- bigtable: added
deletion_protection
field togoogle_bigtable_table
(#13232) - compute: made
google_compute_subnetwork.ipv6_access_type
field updatable in-place (#13211) - container: added
auto_provisioning_defaults.cluster_autoscaling.upgrade_settings
ingoogle_container_cluster
(#13199) - container: added
gateway_api_config
block togoogle_container_cluster
resource for supporting the gke gateway api controller (#13233) - container: promoted
gke_backup_agent_config
ingoogle_container_cluster
to GA (#13223) - container: promoted
min_cpu_platform
ingoogle_container_cluster
to GA (#13199) - datacatalog: added update support for
fields
ingoogle_data_catalog_tag_template
(#13216) - iam: Added plan-time validation for IAM members (#13203)
- logging: added
bucket_name
field togoogle_logging_metric
(#13210) - logging: made
metric_descriptor
field optional forgoogle_logging_metric
(#13225)
BUG FIXES:
- composer: fixed a crash when updating
ip_allocation_policy
ofgoogle_composer_environment
(#13188) - sql: fixed an issue where
google_sql_database
was abandoned by default as of version4.45.0
. Users who have upgraded to4.45.0
or4.46.0
will see a diff when running their nextterraform apply
after upgrading this version, indicating thedeletion_policy
field's value has changed from"ABANDON"
to"DELETE"
. This will create a no-op call against the API, but can otherwise be safely applied. (#13226)
FEATURES:
- New Data Source:
google_firebase_android_app
(#13186) - New Resource:
google_cloud_run_v2_job
(#13154) - New Resource:
google_cloud_run_v2_service
(#13166) - New Resource:
google_gke_backup_backup_plan
(beta) (#13176) - New Resource: google_firebase_storage_bucket (#13183)
IMPROVEMENTS:
- network_services: added
origin_override_action
andorigin_redirect
togoogle_network_services_edge_cache_origin
(#13153) - bigquerydatatransfer: recreate
google_bigquery_data_transfer_config
for Cloud Storage transfers when immutable paramsdata_path_template
anddestination_table_name_template
are changed (#13137) - compute: Added fields to resource
google_compute_security_policy
to support Cloud Armor bot management (#13159) - container: Added support for concurrent node pool mutations on a cluster. Previously, node pool mutations were restricted to run synchronously clientside. NOTE: While this feature is supported in Terraform from this release onwards, only a limited number of GCP projects will support this behavior initially. The provider will automatically process mutations concurrently as the feature rolls out generally. (#13173)
- container: promoted
managed_prometheus
field ingoogle_container_cluster
to GA (#13150) - metastore: added general field
network_config
togoogle_dataproc_metastore_service
(#13184) - storage: added support for
autoclass
ingoogle_storage_bucket
resource (#13185)
BUG FIXES:
- alloydb: made
machine_config.cpu_count
updatable ongoogle_alloydb_instance
(#13144) - composer: fixed a crash when updating
ip_allocation_policy
ofgoogle_composer_environment
(#13188) - container: fixed GKE permadiff/thrashing when
update_settings. max_surge
orupdate_settings. max_unavailable
values are updating ongoogle_container_node_pool
(#13171) - datastream: fixed
google_datastream_private_connection
ignoring failures during creation (#13160) - kms: fixed issues with deleting crypto key versions in states other than ENABLED (#13167)
FEATURES:
- New Data Source:
google_logging_project_cmek_settings
(#13078) - New Resource:
google_vertex_ai_tensorboard
(#13065) - New Resource:
google_data_fusion_instance_iam_binding
(#13134) - New Resource:
google_data_fusion_instance_iam_member
(#13134) - New Resource:
google_data_fusion_instance_iam_policy
(#13134) - New Resource:
google_eventarc_google_channel_config
(#13080) - New Resource:
google_vertex_ai_index
(#13132)
IMPROVEMENTS:
- bigquerydatatransfer: forced recreation on
google_bigquery_data_transfer_config
for Cloud Storage transfers when immutable paramsdata_path_template
anddestination_table_name_template
are changed (#13137) - bigtable: added support for abandoning GC policy (#13066)
- cloudsql: added
connector_enforcement
field togoogle_sql_database_instance
resource (#13059) - compute: added
default_route_action.cors_policy
field togoogle_compute_region_url_map
resource (#13063) - compute: added
default_route_action.fault_injection_policy
field togoogle_compute_region_url_map
resource (#13063) - compute: added
default_route_action.timeout
field togoogle_compute_region_url_map
resource (#13063) - compute: added
default_route_action.url_rewrite
field togoogle_compute_region_url_map
resource (#13063) - compute: added
include_http_headers
field to thecdn_policy
field ofgoogle_compute_backend_service
resource (#13093) - compute: added field
list_managed_instances_results
togoogle_compute_instance_group_manager
andgoogle_compute_region_instance_group_manager
(#13079) - compute: added subnetwork and private_ip_address arguments to resource_compute_router_interface (#13105)
- container: added
resource_labels
field tonode_config
resource (#13104) - container: added field
enable_private_nodes
innetwork_config
togoogle_container_node_pool
(#13128) - container: added field
gcp_public_cidrs_access_enabled
andprivate_endpoint_subnetwork
togoogle_container_cluster
(#13128) - container: added update support for
enable_private_endpoint
andenable_private_nodes
ingoogle_container_cluster
(#13128) - container: promoted
network_config
ingoogle_container_node_pool
to GA. (#13128) - datafusion: added
api_endpoint
andp4_service_account
attributes togoogle_data_fusion_instance
(#13134) - datafusion: added
zone
,display_name
,crypto_key_config
,event_publish_config
, andenable_rbac
args togoogle_data_fusion_instance
(#13134) - logging: added
cmek_settings
field togoogle_logging_project_bucket_config
resource (#13078) - sql: added 'deny_maintenance_period' field for 'google_sql_database_instance' within which 'end_date', 'start_date' and 'time' fields are present. (#13106)
- sql: added field
deletion_policy
to resourcegoogle_sql_database
(#13107)
BUG FIXES:
- compute: fixed a crash with
google_compute_instance_template
on a newly released field whenadvanced_machine_features
was set (#13108) - compute: fixed a failure in updating
most_disruptive_allowed_action
ongoogle_compute_per_instance_config
andgoogle_compute_region_per_instance_config
(#13067) - compute: fixed the error when
metadata
andmachine_type
are updated whilemetadata_startup_script
was already provided ongoogle_compute_instance
(#13077) - container: fixed the inability to update
authenticator_groups_config
ongoogle_container_cluster
(#13111) - container: fixed the data source
google_container_cluster
to return an error if it does not exist (#13070) - sql: fixed
googe_sql_database_instance
to includebackup_configuration
in initial create request (#13092) - storage: fixed permdiff when
website
,website.main_page_suffix
,website.not_found_page
are removed ongoogle_storage_bucket
(#13069)
BUG FIXES:
- compute: fixed a crash with
google_compute_instance_template
on a newly released field whenadvanced_machine_features
was set (#13108)
FEATURES:
- New Resource:
google_alloydb_instance
(#12981) - New Resource:
google_beyondcorp_app_connector
(#13011) - New Resource:
google_beyondcorp_app_gateway
(#13011) - New Resource:
google_compute_network_firewall_policy_association
(#13013) - New Resource:
google_compute_network_firewall_policy_rule
(#13031) - New Resource:
google_compute_network_firewall_policy
(#12969) - New Resource:
google_compute_region_network_firewall_policy_association
(#13013) - New Resource:
google_compute_region_network_firewall_policy_rule
(#13031) - New Resource:
google_compute_region_network_firewall_policy
(#12969) - New Resource:
google_eventarc_channel
(#13021) - New Resource:
google_firebase_apple_app
(#13047) - New Resource:
google_firebase_hosting_channel
(#13053) - New Resource:
google_firebase_hosting_site
(#12960) - New Resource:
google_kms_crypto_key_versions
(#12926) - New Resource:
google_storage_transfer_agent_pool
(#12945) - New Resource:
google_identity_platform_project_default_config
(#12977)
IMPROVEMENTS:
- bigquery: supported authorized routines on resource
bigquery_dataset
andbigquery_dataset_access
(#12979) - cloudidentity: made security label settable by making labels updatable in
google_cloud_identity_groups
(#12943) - cloudsql: added
connector_enforcement
field togoogle_sql_database_instance
resource (#13059) - compute: added optional
redundant_interface
argument togoogle_compute_router_interface
resource (#13032) - compute: added
default_route_action.request_mirror_policy
field togoogle_compute_region_url_map
resource (#13030) - compute: added
default_route_action.retry_policy
field togoogle_compute_region_url_map
resource (#13030) - compute: added
default_route_action.weighted_backend_services
field togoogle_compute_region_url_map
resource (#13030) - compute: modified machine_type field in compute instance resource to accept short name. (#12965)
- compute: added
visible_core_count
field togoogle_compute_instance
(#13043) - container: added
enable_l4_ilb_subsetting
to GAgoogle_container_cluster
(#12988) - container: added
node_config.logging_variant
togoogle_container_node_pool
. (#13049) - container: added
node_pool_defaults.node_config_defaults.logging_variant
,node_pool.node_config.logging_variant
, andnode_config.logging_variant
togoogle_container_cluster
. (#13049) - container: added support for Shielded Instance configuration for node auto-provisioning to
google_container_cluster
(#12930) - container: added management attribute to the
google_container_cluster
resource (#12987) - container: added field
blue_green_settings
togoogle_container_node_pool
(#12984) - container: added field
strategy
togoogle_container_node_pool
(#12984) - container: added support for additional values
APISERVER
,CONTROLLER_MANAGER
, andSCHEDULER
ingoogle_container_cluster.monitoring_config
(#12978) - datafusion: added
enable_rbac
field togoogle_data_fusion_instance
resource (#12992) - dlp: added fields
rows_limit
,rows_limit_percent
, andsample_method
tobig_query_options
ingoogle_data_loss_prevention_job_trigger
(#12980) - dlp: added pubsub action to
google_data_loss_prevention_job_trigger
(#12929) - dns: added
gke_clusters
field togoogle_dns_managed_zone
resource (#13048) - dns: added
gke_clusters
field togoogle_dns_response_policy
resource (#13048) - eventarc: added field
channel
togoogle_eventarc_trigger
(#13021) - gkehub: added
mesh
field andmanagement
subfield to resourcefeature_membership
(#13012) - networkservices: added
aws_v4_authentication
field togoogle_network_services_edge_cache_origin
to support S3-compatible Origins (#13020) - networkservices: added
signed_token_options
andadd_signatures
field togoogle_network_services_edge_cache_service
andvalidation_shared_keys
togoogle_network_services_edge_cache_keyset
to support dual-token authentication (#13041) - sql: added
query_plan_per_minute
field toinsights_config
ingoogle_sql_database_instance
resource (#12951) - vertexai: added fields to
vertex_ai_featurestore_entitytype
to support feature value monitoring (#12983)
BUG FIXES:
- apigee: fixed permadiff on
consumer_accept_list
forgoogle_apigee_instance
(#13037) - appengine: fixed permadiff on
serviceaccount
for 'google_app_engine_flexible_app_version' (#12982) - bigtable: updated ForceNew logic for
kms_key_name
(#13018) - bigtable: updated the error handling logic to remove the resource on resource not found error only (#12953)
- billingbudget: fixed a bug where
budget_filter.credit_types_treatment
ingoogle_billing_budget
resource was not updating. (#12947) - cloudbuild: fixed a failure when BITBUCKET is provided for
repo_type
ongoogle_cloudbuild_trigger
(#13027) - cloudids: fixed
endpoint_forwarding_rule
andendpoint_ip
attributes forgoogle_cloud_ids_endpoint
(#12957) - compute: fixed perma-diff on
google_compute_disk
for new amd64 images (#12961) - compute: made
target_https_proxy
possible to setssl_certificates
andcertificate_map
ingoogle_compute_target_https_proxy
at the same time (#12950) - container: fixed a bug where
cluster_autoscaling.auto_provisioning_defaults.service_account
can not be set whenenable_autopilot = true
forgoogle_container_cluster
(#13024) - dialogflowcx: fixed a deployment issue for
google_dialogflow_cx_version
andgoogle_dialogflow_cx_environment
when they are deployed to a non-global location (#13014) - dns: fixed apply failure when
description
is set to empty string ongoogle_dns_managed_zone
(#12948) - provider: fixed a crash during provider authentication for certain environments (#13056)
- storage: fixed a crash when
log_bucket
is updated with empty body ongoogle_storage_bucket
(#13058) - vertexai: made google_vertex_ai_featurestore_entitytype always use regional endpoint corresponding to parent's region (#12959)
FEATURES:
- New Resource:
google_kms_crypto_key_version
(#12926)
BUG FIXES:
- storage: fixed a crash in
google_storage_bucket
when upgrading provider to version4.42.0
withlifecycle_rule.condition.age
unset (#12922)
FEATURES:
- New Data Source:
google_compute_addresses
(#12829) - New Data Source:
google_compute_region_network_endpoint_group
(#12849) - New Resource:
google_alloydb_cluster
(#12772) - New Resource:
google_bigquery_analytics_hub_data_exchange_iam
(#12845) - New Resource:
google_bigquery_analytics_hub_data_exchange
(#12845) - New Resource:
google_bigquery_analytics_hub_listing_iam
(#12845) - New Resource:
google_bigquery_analytics_hub_listing
(#12845) - New Resource:
google_iam_workforce_pool
(#12863) - New Resource:
google_monitoring_generic_service
(#12796) - New Resource:
google_scc_source_iam_binding
(#12840) - New Resource:
google_scc_source_iam_member
(#12840) - New Resource:
google_scc_source_iam_policy
(#12840) - New Resource:
google_vertex_ai_endpoint
(#12858) - New Resource:
google_vertex_ai_featurestore_entitytype_feature
(#12797) - New Resource:
google_vertex_ai_featurestore_entitytype
(#12797) - New Resource:
google_vertex_ai_featurestore
(#12797)
IMPROVEMENTS:
- appengine: added
member
field togoogle_app_engine_default_service_account
datasource (#12768) - bigquery: added
max_time_travel_hours
field ingoogle_bigquery_dataset
resource (#12830) - bigquery: added
member
field togoogle_bigquery_default_service_account
datasource (#12768) - cloudbuild: added
script
field togoogle_cloudbuild_trigger
resource (#12841) - cloudplatform: validated
project_id
forgoogle_project
data-source (#12846) - compute: added
source_disk
field togoogle_compute_disk
andgoogle_compute_region_disk
resource (#12779) - compute: added general field
rules
togoogle_compute_router_nat
(#12815) - container: added support for in-place update of
node_config.0.tags
forgoogle_container_node_pool
resource (#12773) - container: added support for the Disk type and size configuration on the GKE Node Auto-provisioning (#12786)
- container: promote
enable_cost_allocation
field ingoogle_container_cluster
to GA (#12866) - datastream: added
private_connectivity
field togoogle_datastream_connection_profile
(#12844) - dns: added
enable_geo_fencing
torouting_policy
block ofgoogle_dns_record_set
resource (#12859) - dns: added
health_checked_targets
towrr
andgeo
blocks ofgoogle_dns_record_set
resource (#12859) - dns: added
primary_backup
torouting_policy
block ofgoogle_dns_record_set
resource (#12859) - firebase: added deletion support and new field
deletion_policy
forgoogle_firebase_web_app
(#12812) - privateca: added a new field
skip_grace_period
to skip the grace period when deleting a CertificateAuthority. (#12784) - serviceaccount: added
member
field togoogle_service_account
resource and datasource (#12768) - sql: added
time_zone
field ingoogle_sql_database_instance
(#12760) - storage: added
member
field togoogle_storage_project_service_account
andgoogle_storage_transfer_project_service_account
datasource (#12768) - storage: promoted
public_access_prevention
field ongoogle_storage_bucket
resource to GA (#12766) - vpcaccess: promoted
machine_type
,min_instances
,max_instances
, andsubnet
ingoogle_vpc_access_connector
to GA (#12838)
BUG FIXES:
- compute: made
vm_count
ingoogle_compute_resource_policy
optional (#12807) - container: fixed inability to update
datapath_provider
ongoogle_container_cluster
by making field changes trigger resource recreation (#12887) - pubsub: ensured topics are recreated when their schemas change. (#12806)
- redis: updated
persistence_config.rdb_snapshot_period
to optional in thegoogle_redis_instance
resource. (#12872)
KNOWN ISSUES:
- container: This release introduced a new field,
node_config.0.guest_accelerator.0.gpu_sharing_config
, to an https://www.terraform.io/language/attr-as-blocks field (node_config.0.guest_accelerator
). As detailed on the linked page, this may cause issues for modules and/or formats other than HCL.
BREAKING CHANGES:
- sql: updated
google_sql_user.sql_server_user_details
to be read only. Any configuration attempting to set this field is invalid and will cause the provider to fail during plan time. (#12742)
FEATURES:
- New Resource:
google_cloud_ids_endpoint
(#12744)
IMPROVEMENTS:
- appengine: added support for
service_account
field togoogle_app_engine_standard_app_version
resource (#12732) - bigquery: added
avro_options
field togoogle_bigquery_table
resource (#12750) - compute: added
node_config.0.guest_accelerator.0.gpu_sharing_config
field togoogle_container_node_pool
resource (#12733) - datafusion: added
crypto_key_config
field togoogle_data_fusion_instance
resource (#12737) - filestore: removed constraint that forced multiple
google_filestore_instance
creations to occur serially (#12753)
BUG FIXES:
- kms: fixed apply failure when
google_kms_crypto_key
is removed after its versions were destroyed earlier (#12752) - monitoring: fixed a bug causing a perma-diff in
google_monitoring_alert_policy
whencross_series_reducer
was set to "REDUCE_NONE" (#12741)
FEATURES:
- New Data Source:
google_cloudfunctions2_function
(#12673) - New Data Source:
google_compute_snapshot
(#12671) - New Resource:
google_compute_region_target_tcp_proxy
(#12715) - New Resource:
google_identity_platform_config
(#12665) - New Resource:
google_bigquery_datapolicy_data_policy
(#12725) - New Resource:
google_bigquery_datapolicy_data_policy_iam_binding
(#12725) - New Resource:
google_bigquery_datapolicy_data_policy_iam_member
(#12725) - New Resource:
google_bigquery_datapolicy_data_policy_iam_policy
(#12725) - New Resource:
google_org_policy_custom_constraint
(#12691)
IMPROVEMENTS:
- bigqueryreservation: added
concurrency
andmultiRegionAuxiliary
togoogle_bigquery_reservation
(#12687) - bigtable: added additional retry GC policy operations with a longer poll interval to avoid quota issues (#12717)
- bigtable: improved error messaging (#12707)
- compute: added support for
compression_mode
field ingoogle_compute_backend_bucket
andgoogle_compute_backend_service
(#12674) - datastream: added field
bigquery_profile
togoogle_datastream_connection_profile
(#12693) - dns: added field
cloud_logging_config
togoogle_dns_managed_zone
(#12675) - metastore: added support
BIGQUERY
as a value inmetastore_type
forgoogle_dataproc_metastore_service
(#12724) - storage: added
custom_placement_config
field togoogle_storage_bucket
resource to support custom dual-region GCS buckets (#12723) - sql: added
password_policy
field togoogle_sql_user
resource (#12668)
BUG FIXES:
- storage: fixed a bug where user specified labels get overwritten by Dataplex auto generated labels (#12694)
- storagetransfer: fixed a bug in
google_storagetransfer_job
refreshes whentransfer_schedule
was empty (#12704)
FEATURES:
- New Data Source:
google_artifact_registry_repository
(#12637) - New Resource:
google_identity_platform_config
(#12665)
IMPROVEMENTS:
- certificatemanager: added public/private PEM fields
pem_certificate
/pem_private_key
and deprecatedcertificate_pem
/private_key_pem
(#12664) - clouddeploy: added
serial_pipeline.stages.strategy
field togoogle_clouddeploy_delivery_pipeline
(#12619) - container: added
notification_config.pubsub.filter
field togoogle_container_cluster
(#12643) - eventarc: added
channels
andconditions
fields togoogle_eventarc_trigger
(#12619) - healthcare: added
notification_configs
field togoogle_healthcare_fhir_store
resource (#12646) - iap: added ability to import
google_iap_brand
using ID using {{project}}/{{brand_id}} format (#12633) - secretmanager: added output field 'version' to resource 'secret_manager_secret_version' (#12658)
- sql: added
maintenance_version
andavailable_maintenance_versions
fields togoogle_sql_database_instance
resource (#12659) - storagetransfer: added
notification_config
field togoogle_storage_transfer_job
resource (#12625) - tags: added
purpose
andpurpose_data
properties togoogle_tags_tag_key
(#12649)
BUG FIXES:
- bigquery: fixed a bug where
allow_quoted_newlines
andallow_jagged_rows
could not be set to false ongoogle_bigquery_table
(#12627) - cloudfunction: fixed inability to update
docker_repository
andkms_key_name
ongoogle_cloudfunctions_function
(#12662) - compute: fixed inability to manage Cloud Armor
adaptive_protection_config
ongoogle_compute_security_policy
(#12661) - iam: fixed diffs between
policy_data
fromgoogle_iam_policy
data source and policy data in API responses (#12652) - iam: fixed permadiff resulting from empty fields being sent in requests to set conditional IAM policies (#12653)
- secretmanager: fixed a bug where
google_secret_manager_secret_version
that was destroyed outside of Terraform would not be recreated on apply (#12644) - storagetransfer: fixed a crash in
google_storagetransfer_job
whentransfer_schedule
is empty (#12704)
FEATURES:
- New Data Source:
google_vpc_access_connector
(#12580) - New Resource:
google_datastream_private_connection
(#12574)
IMPROVEMENTS:
- appengine: Added
egress_setting
for fieldvpc_access_connector
togoogle_app_engine_standard_app_version
(#12606) - bigquery: added
json_extension
field to theload
block ofgoogle_bigquery_job
resource (#12597) - cloudfunctions: Added
build_worker_pool
togoogle_cloudfunctions_function
(#12591) - compute: added
json_custom_config
field togoogle_compute_security_policy
resource (#12611) - redis: Added support
persistence_config
field togoogle_redis_instance
resource. (#12569) - storage: added support for
overwriteWhen
field totransfer_options
ingoogle_storage_transfer_job
resource (#12573)
BUG FIXES:
- bigtable: added drift detection on
gc_rules
forgoogle_bigtable_gc_policy
(#12568) - compute: fixed the inability to update
most_disruptive_allowed_action
for bothgoogle_compute_per_instance_config
andgoogle_compute_region_per_instance_config
(#12566) - container: fixed allow passing empty list to
monitoring_config
andlogging_config
ingoogle_container_cluster
(#12605) - sql: fixed a bug causing a perma-diff on
disk_type
due to API values being downcased (#12567) - storage: fixed the inability to set 0 for
lifecycle_rule.condition.age
ongoogle_storage_bucket
(#12593)
FEATURES:
- New Resource:
google_apigee_nat_address
(#12536) - New Resource:
google_dialogflow_cx_webhook
(#12498) - New Resource:
google_filestore_snapshot
(#12490)
IMPROVEMENTS:
- apigee: added read-only field
connection_state
togoogle_apigee_endpoint_attachment
(#12500) - bigtable: added support for
autoscaling_config.storage_target
togoogle_bigtable_instance
(#12510) - cloudbuild: added support for
BITBUCKET
option togit_source.repo_type
ingoogle_cloudbuild_trigger
(#12542) - dns: added in validation for trailing dot at end of DNS record name (#12521)
- project: added validation for field
project_id
ingoogle_project
datasource. (#12553) - serviceaccount: added
expires_in
attribute for generatingexp
claim togoogle_service_account_jwt
datasource (#12539)
BUG FIXES:
- notebooks: fixed perma-diff in
google_notebooks_instance
(#12493) - privateca: fixed an issue that blocked subordinate CA data sources when
state
was notAWAITING_USER_ACTIVATION
(#12511) - storage: fixed permdiff on the field
versioning
ofgoogle_storage_bucket
(#12495)
FEATURES:
- New Resource:
google_datastream_connection_profile
(#12475)
IMPROVEMENTS:
- appengine: added field
service_account
togoogle_app_engine_flexible_app_version
(#12463) - bigtable: increased timeout in
google_bigtable_table
creation. (#12468) - cloudbuild: added
location
field togoogle_cloudbuild_trigger
resource (#12450) - compute: added
certificate_map
tocompute_target_ssl_proxy
resource (#12467) - compute: added field
chain_name
togoogle_compute_resource_policy.snapshot_properties
(#12481) - compute: added field
chain_name
to resourcegoogle_compute_snapshot
(#12481) - container: added
autoscaling.total_min_node_count
,autoscaling.total_max_node_count
, andautoscaling.location_policy
togoogle_container_cluster.node_pool
(#12453) - container: added field
node_pool_defaults
toresource_container_cluster
. (#12452) - dataproc: added option
shielded_instance_config
to resourcegoogle_dataproc_workflow_template
. (#12451) - metastore: extended default timeouts for
google_dataproc_metastore_service
from 40m to 60m (#12462) - pubsub: made
google_pubsub_subscription.enable_exactly_once_delivery
mutable so that it updates subscription without recreation. (#12438)
IMPROVEMENTS:
- apigee: added support for
nodeConfig
ingoogle_apigee_environment
(#12394) - apigee: added a
properties
field togoogle_apigee_organization
(#12433) - cloudfunctions2: added
secret_environment_variables
andsecret_volumes
togoogle_cloudfunctions2_function
(#12417) - compute: added support for param
visible_core_count
ingoogle_compute_instance
andgoogle_compute_instance_template
underadvanced_machine_features
(#12404) - compute: added support documentation links to error messages for certain Compute Operation errors. (#12418)
- container: added
service_external_ips_config
support tocluster_container
resource. (#12415) - container: added
enable_cost_allocation
togoogle_container_cluster
(#12416) - dns: added
behavior
field togoogle_dns_response_policy_rule
resource (#12407) - monitoring: added
force_delete
field togoogle_monitoring_notification_channel
resource (#12414)
BUG FIXES:
- compute: fixed the
id
format of the data sourcegoogle_compute_instance
(#12405)
NOTES:
- updated Bigtable go client version from 1.13 to 1.16. (#12349)
IMPROVEMENTS:
- apigee: added support for specifying retention when deleting
google_apigee_organization
(#12336) - appengine: added
app_engine_apis
field togoogle_app_engine_standard_app_version
resource (#12339) - cloudfunction2: promoted to
google_cloudfunctions2_function
ga (#12322) - compute: improved error messaging for compute errors (#12333)
- container: added general field
reservation_affinity
togoogle_container_node_pool
(#12375) - container: added field
auto_provisioning_network_tags
togoogle_container_cluster
(beta) (#12347) - sql: added support for major version upgrade to
google_sql_database_instance
resource (#12338)
BUG FIXES:
- bigtable: fixed comparing column family name when reading a GC policy. (#12381)
- bigtable: passed
isTopeLevel
in getGCPolicyFromJSON() instead of hardcoding it to true. (#12351) - composer: corrected the description of
image_version
field. (#12329)
FEATURES:
- New Resource:
google_cloudfunctions2_function
(#12322)
IMPROVEMENTS:
- container: added update support for
authenticator_groups_config
ingoogle_container_cluster
(#12310) - dataflow: added ability to import
google_dataflow_job
(#12316) - dns: added
managed_zone_id
attribute togoogle_dns_managed_zone
data source (#12312) - monitoring: added
accepted_response_status_codes
tomonitoring_uptime_check
(#12313) - sql: added
password_validation_policy
field togoogle_cloud_sql
resource (#12320)
BUG FIXES:
- bigquery: removed force replacement for
display_name
ongoogle_bigquery_data_transfer_config
(#12311) - compute: fixed permadiff for
instance_termination_action
ingoogle_compute_instance_template
(#12309)
NOTES:
- Updated to Golang 1.18 (#12246)
FEATURES:
- New Resource:
google_dataplex_asset
(#12210) - New Resource:
google_gke_hub_membership_iam_binding
(#12280) - New Resource:
google_gke_hub_membership_iam_member
(#12280) - New Resource:
google_gke_hub_membership_iam_policy
(#12280)
IMPROVEMENTS:
- certificatemanager: added
state
,authorization_attempt_info
andprovisioning_issue
output fields togoogle_certificate_manager_certificate
(#12224) - compute: added
certificate_map
tocompute_target_https_proxy
resource (#12227) - compute: added validation for name field on
google_compute_network
(#12271) - compute: made
port
optional ingoogle_compute_network_endpoint
to allow network endpoints to be associated withGCE_VM_IP
network endpoint groups (#12267) - container: added support for additional values
APISERVER
,CONTROLLER_MANAGER
, andSCHEDULER
ingoogle_container_cluster.monitoring_config
(#12247) - gkehub: added
monitoring
andmutation_enabled
fields to resourcefeature_membership
(#12265) - gkehub: added better support for import for
google_gke_hub_membership
(#12207) - pubsub: added
bigquery_config
togoogle_pubsub_subscription
(#12216) - scheduler: added
paused
field togoogle_cloud_scheduler_job
(#12190) - scheduler: added
state
output field togoogle_cloud_scheduler_job
(#12190)
BUG FIXES:
- apigee: fixed an issue where
google_apigee_instance
creation would fail due to multiple concurrent instances (#12289) - billingbudget: fixed a bug where
google_billing_budget.budget_filter.services
was not updating. (#12270) - compute: fixed perma-diff on
google_compute_disk
for new arm64 images (#12184) - dataflow: fixed bug where permadiff would show on
google_dataflow_job.additional_experiments
(#12268) - storage: fixed a bug in
google_storage_bucket
wherename
was incorrectly validated. (#12248)
FEATURES:
- New Resource:
google_dataplex_zone
(#12146)
IMPROVEMENTS:
- bucket: added support for
matches_prefix
andmatches_suffix
incondition
of alifecycle_rule
ingoogle_storage_bucket
(#12175) - compute: added
network
andsubnetwork
fields togoogle_compute_region_network_endpoint_group
for PSC. (#12176) - container: added field
boot_disk_kms_key
toauto_provisioning_defaults
ingoogle_container_cluster
(#12173) - notebooks: added
bootDiskType
support forPD_EXTREME
ingoogle_notebooks_instance
(#12181) - notebooks: added
softwareConfig.upgradeable
,softwareConfig.postStartupScriptBehavior
,softwareConfig.kernels
ingoogle_notebooks_runtime
(#12181) - notebooks: promoted
nicType
andreservationAffinity
ingoogle_notebooks_instance
to GA (#12181) - storage: added name validation for
google_storage_bucket
(#12183)
BUG FIXES:
- Cloud IAM: fixed incorrect basePath for
IAMBetaBasePathKey
ongoogle_iam_workload_identity_pool
(ga) (#12145) - compute: fixed perma-diff on
google_compute_disk
for new arm64 images (#12184) - dns: fixed a bug where
google_dns_record_set
would create an inconsistent plan when using interpolated values inrrdatas
(#12157) - kms: fixed setting of resource id post-import for
google_kms_crypto_key
(#12164) - provider: fixed a bug where user-agent was showing "dev" rather than the provider version (#12137)
FEATURES:
- New Data Source:
google_service_account_jwt
(#12107) - New Resource:
google_certificate_map_entry
(#12127) - New Resource:
google_certificate_map
(#12127)
IMPROVEMENTS:
- billingbudget: made
thresholdRules
optional ingoogle_billing_budget
(#12087) - compute: added
instance_termination_action
field togoogle_compute_instance_template
resource to support Spot VM termination action (#12105) - compute: added
instance_termination_action
field togoogle_compute_instance
resource to support Spot VM termination action (#12105) - compute: added
request_coalescing
andbypass_cache_on_request_headers
fields tocompute_backend_bucket
(#12098) - compute: added support for
esp
protocol ingoogle_compute_packet_mirroring.filters.ip_protocols
(#12118) - compute: promoted
rules.rate_limit_options
,rules.redirect_options
,adaptive_protection_config
incompute_security_policy
to GA (#12085) - dataproc: promoted
lifecycle_config
andendpoint_config
ingoogle_dataproc_cluster
to GA (#12129) - monitoring: added
evaluation_missing_data
field togoogle_monitoring_alert_policy
(#12128) - notebooks: added
reserved_ip_range
field togoogle_notebooks_runtime
(#12113)
BUG FIXES:
- bigtable: fixed an incorrect diff when adding two or more clusters (#12109)
- compute: allowed properly updating
adaptive_protection_config
incompute_security_policy
(#12085) - notebooks: fixed a bug where
google_notebooks_runtime
can't be updated (#12113) - sql: fixed an issue in
google_sql_database_instance
where updates would fail because of thecollation
field (#12131)
FEATURES:
- New Resource:
google_artifact_registry_repository_iam_binding
(#12063) - New Resource:
google_artifact_registry_repository_iam_member
(#12063) - New Resource:
google_artifact_registry_repository_iam_policy
(#12063) - New Resource:
google_artifact_registry_repository
(#12063) - New Resource:
google_iam_workload_identity_pool_provider
(#12065) - New Resource:
google_iam_workload_identity_pool
(#12065) - New Resource:
google_cloudiot_registry_iam_binding
(#12036) - New Resource:
google_cloudiot_registry_iam_member
(#12036) - New Resource:
google_cloudiot_registry_iam_policy
(#12036) - New Resource:
google_compute_snapshot_iam_binding
(#12028) - New Resource:
google_compute_snapshot_iam_member
(#12028) - New Resource:
google_compute_snapshot_iam_policy
(#12028) - New Resource:
google_dataproc_metastore_service
(#12026)
IMPROVEMENTS:
- container: added
binauthz_evaluation_mode
field toresource_container_cluster
. (#12035) - dataproc: added Support for Dataproc on GKE in
google_dataproc_cluster
(#12076) - dataproc: added
metastore_config
ingoogle_dataproc_cluster
(#12040) - metastore: add
databaseType
,releaseChannel
, andhiveMetastoreConfig.endpointProtocol
arguments (#12026) - sql: added attribute "encryption_key_name" to
google_sql_database_instance
resource. (#12039)
BUG FIXES:
- bigquery: fixed case-sensitive for
user_by_email
andgroup_by_email
ongoogle_bigquery_dataset_access
(#12029) - clouddeploy: fixed permadiff on
execution_configs
ingoogle_clouddeploy_target
resource (#12033) - cloudscheduler: fixed a diff on the last slash of uri on
google_cloud_scheduler_job
(#12027) - compute: fixed force recreation on
provisioned_iops
ofgoogle_compute_disk
(#12058) - compute: fixed missing
network_interface.0.ipv6_access_config.0.external_ipv6
output ongoogle_compute_instance
(#12072) - documentai: fixed a bug where eu region could not be utilized for documentai resources (#12074)
- gkehub: fixed a bug where
issuer
can't be updated ongoogle_gke_hub_membership
(#12073)
FEATURES:
- New Resource: google_bigquery_connection_iam_binding (#12004)
- New Resource: google_bigquery_connection_iam_member (#12004)
- New Resource: google_bigquery_connection_iam_policy (#12004)
- New Resource: google_cloud_tasks_queue_iam_binding (#11987)
- New Resource: google_cloud_tasks_queue_iam_member (#11987)
- New Resource: google_cloud_tasks_queue_iam_policy (#11987)
- New Resource: google_dataproc_autoscaling_policy_iam_binding (#12008)
- New Resource: google_dataproc_autoscaling_policy_iam_member (#12008)
- New Resource: google_dataproc_autoscaling_policy_iam_policy (#12008)
- New Resource: monitoring: Promoted 'monitoredproject' to GA (#11974)
IMPROVEMENTS:
- bigquery: fixed a permadiff in
google_bigquery_job.query. destination_table
(#11936) - billing: added
calendar_period
andcustom_period
fields togoogle_billing_budget
(#11993) - cloudsql: added attribute
project
to data sourcegoogle_sql_backup_run
(#11938) - composer: added CMEK, PUPI and IP_masq_agent support for Composer 2 in
google_composer_environment
resource (#11994) - compute: added
max_ports_per_vm
field togoogle_compute_router_nat
resource (#11933) - compute: added
GCE_VM_IP
support togoogle_compute_network_endpoint_group
resource. (#11997) - compute: promoted
disk_encryption_key.kms_key_name
ongoogle_compute_region_disk
(#11976) - container: promoted
gce_persistent_disk_csi_driver_config
addon ingoogle_container_cluster
resource to GA (#11999) - container: promoted
notification_config
anddns_cache_config
ongoogle_container_cluster
(#11944) - privateca: added support to subordinate CA activation (#11980)
- redis: added CMEK key field
customer_managed_key
ingoogle_redis_instance
(#11998) - spanner: added field
version_retention_period
togoogle_spanner_database
resource (#11982) - sql: added
settings.location_preference.secondary_zone
field ingoogle_sql_database_instance
(#11996) - sql: added
sql_server_audit_config
field ingoogle_sql_database_instance
(#11941)
BUG FIXES:
- composer: fixed a problem with updating Cloud Composer's
scheduler_count
field (hashicorp#11940) (#11951) - composer: fixed permadiff on
private_environment_config.cloud_composer_connection_subnetwork
(#11954) - container: fixed an issue where
node_config.min_cpu_platform
could cause a perma-diff ingoogle_container_cluster
(#11986) - filestore: fixed a case where
google_filestore_instance.networks.network
would incorrectly see a diff between state and config when the networkid
format was used (#11995)
IMPROVEMENTS:
- clouddeploy: added
suspend
field togoogle_clouddeploy_delivery_pipeline
resource (#11914) - compute: added maxPortsPerVm field to
google_compute_router_nat
resource (#11933) - compute: added
psc_connection_id
andpsc_connection_status
output fields togoogle_compute_forwarding_rule
andgoogle_compute_global_forwarding_rule
resources (#11892) - containeraws: made
config.instance_type
field updatable ingoogle_container_aws_node_pool
(#11892)
BUG FIXES:
- compute: fixed default handling for
enable_dynamic_port_allocation
to be managed by the api (#11887) - vertexai: Fixed a bug where terraform crashes when
force_destroy
is set ingoogle_vertex_ai_featurestore
resource (#11928)
FEATURES:
- New Resource:
google_cloudfunctions2_function_iam_binding
(#11853) - New Resource:
google_cloudfunctions2_function_iam_member
(#11853) - New Resource:
google_cloudfunctions2_function_iam_policy
(#11853) - New Resource:
google_documentai_processor
(#11879) - New Resource:
google_documentai_processor_default_version
(#11879)
IMPROVEMENTS:
- accesscontextmanager: Added
external_resources
toegress_to
ingoogle_access_context_manager_service_perimeter
andgoogle_access_context_manager_service_perimeters
resource (#11857) - cloudbuild: Added
include_build_logs
togoogle_cloudbuild_trigger
(#11866) - composer: Promoted
config.privately_used_public_ips
andconfig.ip_masq_agent
ingoogle_composer_environment
resource to GA. (#11849)
BUG FIXES:
- dns: fixed a bug where
google_dns_record_set
resource can not be changed from default routing to Geo routing policy. (#11872)
IMPROVEMENTS:
- bigquery: added
connection_id
toexternal_data_configuration
forgoogle_bigquery_table
(#11836) - composer: promoted
config.master_authorized_networks_config
ingoogle_composer_environment
resource to GA. (#11810) - compute: added
advanced_options_config
togoogle_compute_security_policy
(#11809) - compute: added
cache_key_policy
field togoogle_compute_backend_bucket
resource (#11791) - compute: added
include_named_cookies
tocdn_policy
oncompute_backend_service
resource (#11818) - compute: added internal IPv6 support on
google_compute_network
andgoogle_compute_subnetwork
(#11842) - container: added
spot
field tonode_config
sub-resource (#11796) - monitoring: added support for JSONPath content matchers to
google_monitoring_uptime_check_config
resource (#11829) - monitoring: added support for
user_labels
ingoogle_monitoring_slo
resource (#11833 - sql: added
sql_server_user_details
field togoogle_sql_user
resource (#11834)
BUG FIXES:
- certificatemanager: fixed bug where
DEFAULT
scope would permadiff and force replace the certificate. (#11811) - dns: fixed perma-diff for updated labels in
google_dns_managed_zone
(#11846) - storagetransfer: fixed perm diff on transfer_options for
google_storage_transfer_job
(#11812)
IMPROVEMENTS:
- compute: added
cache_key_policy
field togoogle_compute_backend_bucket
resource (#11791)
FEATURES:
- New Data Source:
google_tags_tag_key
(#11753) - New Data Source:
google_tags_tag_value
(#11753) - New Resource:
google_dataplex_lake
(#11769)
IMPROVEMENTS:
- bigqueryconnection: updated connection types to support v1 ga (#11728)
- cloudfunctions: added docker registry support for Cloud Functions (#11729)
- memcache: added
maintenance_policy
andmaintenance_schedule
togoogle_memcache_instance
(#11759)
BUG FIXES:
- binaryauthorization: fixed permadiff in
google_binary_authorization_attestor
(#11731) - service: added re-polling for service account after creation, 404s sometimes due to eventual consistency (#11749)
FEATURES:
- New Resource:
google_bigquery_connection
(#11701) - New Resource:
google_certificate_manager_certificate
(#11685) - New Resource:
google_certificate_manager_dns_authorization
(#11685) - New Resource:
google_clouddeploy_delivery_pipeline
(#11658) - New Resource:
google_clouddeploy_target
(#11658)
IMPROVEMENTS:
- bigquery: Added connection of type cloud_resource for
google_bigquery_connection
(#11701) - cloudfunctions: added
https_trigger_security_level
togoogle_cloudfunctions_function
(#11672) - cloudrun: added
traffic.tag
andtraffic.url
fields togoogle_cloud_run_service
(#11641) - compute: Added
enable_dynamic_port_allocation
togoogle_compute_router_nat
(#11707) - compute: added field
update_policy.most_disruptive_allowed_action
togoogle_compute_instance_group_manager
andgoogle_compute_region_instance_group_manager
(#11640) - compute: added support for NEG type
PRIVATE_SERVICE_CONNECT
inNetworkEndpointGroup
(#11687) - compute: added support for
domain_names
attribute ingoogle_compute_service_attachment
(#11702) - compute: added value
REFRESH
to field update_policy.minimal_actionin
google_compute_instance_group_managerand
google_compute_region_instance_group_manager` (#11640) - container: added field
exclusion_options
togoogle_container_cluster
(#11662) - monitoring: Added
checker_type
field togoogle_monitoring_uptime_check_config
resource (#11686) - privateca: add a new field
desired_state
to manage CertificateAuthority state. (#11638) - sql: added
active_directory_config
field ingoogle_sql_database_instance
(#11678) - sql: removed requirement that Cloud SQL Insight is only allowed for Postgres in
google_sql_database_instance
(#11699)
BUG FIXES:
- compute: fixed extra diffs generated on
google_security_policy
rules
when modifying a rule (#11656) - container: fixed Autopilot cluster couldn't omit master ipv4 cidr in
google_container_cluster
(#11639) - resourcemanager: fixed a bug in wrongly writing to state when creation failed on
google_project_organization_policy
(#11676) - storage: not specifying
content
orsource
forgoogle_storage_bucket_object
now fails at plan-time instead of apply-time. (#11663)
IMPROVEMENTS:
- cloudfunctions: added CMEK support for Cloud Functions (#11627)
- compute: added
service_directory_registrations
togoogle_compute_forwarding_rule
resource (#11635) - compute: removed validation checking against a fixed set of persistent disk types (#11630)
- container: removed validation checking against a fixed set of persistent disk types (#11630)
- containeraws: added
proxy_config
togoogle_container_aws_node_pool
resource (#11635) - containerazure: added
proxy_config
togoogle_container_azure_node_pool
resource (#11635) - dataproc: removed validation checking against a fixed set of persistent disk types (#11630)
- dns: added
routing_policy
togoogle_dns_record_set
resource (#11610)
BUG FIXES:
- compute: fixed a crash in
google_compute_instance
when the instance is deleted outside of Terraform (#11602) - provider: removed printing credentials to the console if malformed JSON is given (#11614)
NOTES:
google_privateca_certificate_authority
resources now cannot be destroyed unlessdeletion_protection = false
is set in state for the resource. (#11551)
FEATURES:
- New Data Source:
google_compute_disk
(#11584)
IMPROVEMENTS:
- apigee: added
consumer_accept_list
andservice_attachment
togoogle_apigee_instance
. (#11595) - compute: added
provisioning_model
field togoogle_compute_instance_template
andgoogle_compute_instance
resources to support Spot VM (#11552) - privateca: added
deletion_protection
forgoogle_privateca_certificate_authority
. (#11551) - privateca: added new output fields on
google_privateca_certificate
includingissuer_certificate_authority
,pem_certificate_chain
andcertificate_description.x509_description
(#11553) - redis: added multi read replica field
read_replicas_mode
andsecondary_ip_range
ingoogle_redis_instance
(#11592)
BUG FIXES:
- compute: fixed a crash when
compute.instance
is not found (#11602) - provider: removed printing credentials to the console if malformed JSON is given (#11599)
- sql: fixed bug where
encryption_key_name
was not being propagated to the API. (#11601)
IMPROVEMENTS:
- cloudbuild: made
CLOUD_LOGGING_ONLY
available as a cloud build logging option. (#11511) - compute: added
redirect_options
field forgoogle_compute_security_policy
rules (#11492) - compute: added
FIXED_STANDARD
andSTANDARD
as valid values to the fieldnetwork_interface.0.access_configs.0.network_tier
ofgoogle_compute_instance_template
resource (#11536) - compute: added
FIXED_STANDARD
andSTANDARD
as valid values to the fieldnetwork_interface.0.access_configs.0.network_tier
ofgoogle_compute_instance
resource (#11536) - filestore: added
kms_key_name
field togoogle_filestore_instance
resource to support CMEK (#11493) - filestore: promoted enterprise features to GA (#11493)
- logging: made
google_logging_*_bucket_config
deletable (#11538) - notebooks: updated
container_images
ongoogle_notebooks_runtime
to default to the value returned by the API if not set (#11491) - provider: modified request retry logic to retry all per-minute quota limits returned with a 403 error code. Previously, only read requests were retried. This will generally affect Google Compute Engine resources. (#11508)
BUG FIXES:
- bigquery: fixed a bug where
encryption_configuration.kms_key_name
stored the version rather than the key name. (#11496) - compute: fixed url_mask required mis-annotation in
google_compute_region_network_endpoint_group
, making it optional (#11517) - spanner: fixed escaping of database names with Postgres dialect in
google_spanner_database
(#11518)
FEATURES:
- New Resource:
google_privateca_certificate_template_iam_binding
(#11464) - New Resource:
google_privateca_certificate_template_iam_member
(#11464) - New Resource:
google_privateca_certificate_template_iam_policy
(#11464)
IMPROVEMENTS:
- bigtable: added
gc_rules
togoogle_bigtable_gc_policy
resource. (#11481) - dialogflow: added support for location based dialogflow resources (#11470)
- metastore: added support for encryption_config during service creation. (#11468)
- privateca: added support for update on CertificateAuthority and Certificate (#11476)
BUG FIXES:
- apigee: updated mutex on google_apigee_instance_attachment to lock on org_id. (#11467)
- vpcaccess: fixed an issue where
google_vpc_access_connector
would be repeatedly recreated whennetwork
was not specified (#11469)
FEATURES:
- New Data Source:
google_access_approval_folder_service_account
(#11407) - New Data Source:
google_access_approval_organization_service_account
(#11407) - New Data Source:
google_access_approval_project_service_account
(#11407) - New Resource:
google_access_context_manager_access_policy_iam_binding
(#11409) - New Resource:
google_access_context_manager_access_policy_iam_member
(#11409) - New Resource:
google_access_context_manager_access_policy_iam_policy
(#11409) - New Resource:
google_endpoints_service_consumers_iam_binding
(#11372) - New Resource:
google_endpoints_service_consumers_iam_member
(#11372) - New Resource:
google_endpoints_service_consumers_iam_policy
(#11372) - New Resource:
google_iam_deny_policy
(#11446)
IMPROVEMENTS:
- access approval: added
active_key_version
,ancestor_has_active_key_version
, andinvalid_key_version
fields togoogle_folder_access_approval_settings
,google_organization_access_approval_settings
, andgoogle_project_access_approval_settings
resources (#11407) - access context manager: added support for scoped policies in
google_access_context_manager_access_policy
(#11409) - apigee: added
deployment_type
andapi_proxy_type
togoogle_apigee_environment
(#11405) - bigtable: updated the examples to show users can create all 3 different flavors of AppProfile (#11394)
- cloudbuild: added
approval_config
togoogle_cloudbuild_trigger
(#11375) - composer: added support for
airflow-1
andairflow-2
aliases in image version argument (#11422) - dataflow: added
skip_wait_on_job_termination
attribute togoogle_dataflow_job
andgoogle_dataflow_flex_template_job
resources (issue #10559) (#11452) - dataproc: added
presto_config
todataproc_job
(#11393) - healthcare: added support V3 parser version for Healthcare HL7 stores. (#11430)
- healthcare: added support for
ANALYTICS_V2
andLOSSLESS
BigQueryDestination schema types togoogle_healthcare_fhir_store
(#11426) - os-config: added field
migInstancesAllowed
to resourceos_config_patch_deployment
(#11447) - privateca: added support for IAM conditions to CaPool (#11392)
- pubsub: added
enable_exactly_once_delivery
togoogle_pubsub_subscription
(#11384) - spanner: added support for setting database_dialect on
google_spanner_database
(#11363)
BUG FIXES:
- redis: fixed an issue where older redis instances had a dangerous diff on the field
read_replicas_mode
, adding a default ofREAD_REPLICAS_DISABLED
. Now, if the field is not set in config, the value of the field will keep the old value from state. (#11420) - tags: fixed issue where tags could not be applied sequentially to the same parent in
google_tags_tag_binding
(#11442)
NOTE: We're marked a change in this release as a BREAKING CHANGE
to indicate that the change may cause undesirable behavior for users in some circumstances. This is done to increase visibility on the change, which otherwise would have been marked under the BUG FIXES
category, and it is not believed to be a change that breaks the backwards compatibility of the provider requiring a major version change.
BREAKING CHANGES:
- composer: made the
google_composer_environment.config.software_config.image_version
field immutable as updating this field is only available in beta. (#11309)
FEATURES:
- New Resource:
google_firebaserules_release
(#11297) - New Resource:
google_firebaserules_ruleset
(#11297)
IMPROVEMENTS:
- apigee: added field
billing_type
(#11285) - bigtable: added support for
autoscaling_config
togoogle_bigtable_instance
(#11344) - composer: Added support for
composer-1
andcomposer-2
aliases in image version argument (#11296) - compute: added support for attaching a
edge_security_policy
togoogle_compute_backend_bucket
(#11350) - compute: added support for field
type
togoogle_compute_security_policy
(#11350) - eventarc: added gke and workflows destination for eventarc trigger resource. (#11347)
- networkservices: added
included_cookie_names
to cache key policy configuration (#11333) - redis: added read replica field
replicaCount
,nodes
,readEndpoint
,readEndpointPort
,readReplicasMode
ingoogle_redis_instance
(#11330) - spanner: added support for setting database_dialect on
google_spanner_database
(#11363) - storagetransfer: added
repeat_interval
field togoogle_storage_transfer_job
resource (#11328)
BUG FIXES:
- apikeys: fixed a bug where
google_apikeys_key.key_string
was not being set. (#11308) - container: fixed a bug where
google_container_cluster.authenticator_groups_config
could not be set in tandem withenable_autopilot
(#11310) - iam: fixed an issue where special identifiers
allAuthenticatedUsers
andallUsers
were flattened to lower case in IAM members. (#11359) - logging: fixed bug where
google_logging_project_bucket_config
would erroneously write to state after it errored out and wasn't actually created. (#11314) - monitoring: fixed a permadiff when
google_monitoring_uptime_check_config.http_check.path
does not begin with "/" (#11301) - osconfig: fixed a bug where
recurring_schedule.time_of_day
can not be set to 12am exact time ingoogle_os_config_patch_deployment
resource (#11293) - storage: fixed a bug where
google_storage_bucket
data source would retry for 20 min when bucket was not found. (#11295) - storage: fixed bug where
google_storage_transfer_job
that was deleted outside of Terraform would not be recreated on apply. (#11307)
FEATURES:
- New Resource: google_logging_log_view (#11282)
IMPROVEMENTS:
- apigee: added
billing_type
attribute togoogle_apigee_organization
resource. (#11285) - networkservices: added
disable_http2
property togoogle_network_services_edge_cache_service
resource (#11258) - networkservices: updated
google_network_services_edge_cache_origin
resource to read and write thetimeout
property, including a newread_timeout
field. (#11277) - networkservices: updated
google_network_services_edge_cache_origin
to retry_conditions to includeFORBIDDEN
(#11277)
BUG FIXES:
- dataproc: fixed a crash when
logging_config
only containsnil
entry ingoogle_dataproc_workflow_template
(#11280) - sql: fixed crash when one of
settings.database_flags
is nil. (#11279)
FEATURES:
- New Resource:
google_bigqueryreservation_assignment
(#11215) - New Resource:
google_apikeys_key
(#11249)
IMPROVEMENTS:
- artifactregistry: added maven config for
google_artifact_registry_repository
(#11246) - cloudbuild: added support for manual builds, git source for webhook/pubsub triggered builds and filter field (#11219)
- composer: added support for Private Service Connect by adding
cloud_composer_connection_subnetwork
field ingoogle_composer_environment
(#11223) - container: added support for gvnic to
google_container_node_pool
(#11240) - dataproc: added
preemptibility
field to thepreemptible_worker_config
ofgoogle_dataproc_cluster
(#11230) - serviceusage: supported
force
behavior for deleting consumer quota override (#11205)
BUG FIXES:
- dataproc: fixed a crash when
logging_config
only containsnil
entry ingoogle_dataproc_job
(#11232)
FEATURES:
- New Resource:
google_apigee_endpoint_attachment
(#11157) - New Datasource:
google_dns_record_set
(#11180) - New Datasource:
google_privateca_certificate_authority
(#11182)
IMPROVEMENTS:
- composer: added support for Cloud Composer maintenance window in GA (#11170)
- compute: added support for
keepalive_interval
togoogle_compute_router.bgp
(#11188) - compute: added update support for
google_compute_reservation.share_settings
(#11202) - storagetransfer: added attribute
subject_id
to data sourcegoogle_storage_transfer_project_service_account
(#11156)
BUG FIXES:
- composer: allow region to be undefined in configuration for
google_composer_environment
(#11178) - container: fixed a bug where
vertical_pod_autoscaling
would cause autopilot clusters to recreate (#11167)
NOTE:
- updated to go 1.16.14 (#11132)
IMPROVEMENTS:
- bigquery: added support for authorized datasets to
google_bigquery_dataset.access
andgoogle_bigquery_dataset_access
(#11091) - bigtable: added
multi_cluster_routing_cluster_ids
fields togoogle_bigtable_app_profile
(#11097) - compute: updated
instance
attribute forgoogle_compute_network_endpoint
to be optional, as Hybrid connectivity NEGs use network endpoints with just IP and Port. (#11147) - compute: added
NON_GCP_PRIVATE_IP_PORT
value fornetwork_endpoint_type
in thegoogle_compute_network_endpoint_group
resource (#11147) - datafusion: promoted
google_datafusion_instance
to GA (#11087) - provider: added retries for
ReadRequest
errors incorrectly coded as403
errors, particularly in Google Compute Engine (#11129)
BUG FIXES:
- apigee: fixed a bug where multiple
google_apigee_instance
could not be used on the samegoogle_apigee_organization
(#11121) - compute: corrected an issue in
google_compute_security_policy
where only alpha values for certain enums were accepted (#11095)
IMPROVEMENTS:
- cloudfunctions: Added SecretManager integration support to
google_cloudfunctions_function
. (#11062) - dataproc: increased the default timeout for
google_dataproc_cluster
from 20m to 45m (#11026) - sql: added field
clone.allocated_ip_range
to support address range picker for clone in resourcegoogle_sql_database_instance
(#11058) - storagetransfer: added support for POSIX data source and data sink to
google_storage_transfer_job
viatransfer_spec.posix_data_source
andtransfer_spec.posix_data_sink
fields (#11039)
BUG FIXES:
- cloudrun: updated
containers.ports.container_port
to be optional instead of required ongoogle_cloud_run_service
(#11040) - compute: marked
project
field optional ingoogle_compute_instance_template
data source (#11041)
FEATURES:
- New Resource:
google_backend_service_iam_*
(#11010)
IMPROVEMENTS:
- compute: added
EXTERNAL_MANAGED
as option forload_balancing_scheme
ingoogle_compute_global_forwarding_rule
resource (#10985) - compute: promoted
EXTERNAL_MANAGED
value forload_balancing_scheme
ingoogle_compute_backend_service
andgoogle_compute_global_forwarding_rule
to GA (#11018) - container: added support for image type configuration on the GKE Node Auto-provisioning (#11015)
- container: added support for GCPFilestoreCSIDriver addon to
google_container_cluster
resource. (#10998) - dataproc: increased the default timeout for
google_dataproc_cluster
from 20m to 45m (#11026) - redis: added
maintenance_policy
andmaintenance_schedule
togoogle_redis_instance
(#10978) - vpcaccess: updated field
network
ingoogle_vpc_access_connector
to acceptself_link
orname
(#10988)
BUG FIXES:
- storage: Fixed bug where the provider crashes when
Object.owner
is missing when usinggoogle_storage_object_acl
(#11006)
BREAKING CHANGES:
- cloudrun: changed the
location
ofgoogle_cloud_run_service
so that modifying thelocation
field will recreate the resource rather than causing Terraform to report it would attempt an invalid update (#10948)
IMPROVEMENTS:
- provider: changed the default timeout for many resources to 20 minutes, the current Terraform default, where it was less than 20 minutes previously (#10954)
- redis: added
maintenance_policy
andmaintenance_schedule
togoogle_redis_instance
(#10978) - storage: added field
transfer_spec.aws_s3_data_source.role_arn
togoogle_storage_transfer_job
(#10950)
BUG FIXES:
- cloudrun: fixed a bug where changing the non-updatable
location
of agoogle_cloud_run_service
would not force resource recreation (#10948) - compute: fixed a bug where
google_compute_firewall
would incorrectly findsource_ranges
to be empty during validation (#10976) - notebooks: fixed permadiff in
google_notebooks_runtime.software_config
(#10947)
BREAKING CHANGES:
- dlp: renamed the
characters_to_ignore.character_to_skip
field tocharacters_to_ignore.characters_to_skip
ingoogle_data_loss_prevention_deidentify_template
. Any affected configurations will have been failing with an error at apply time already. (#10910)
FEATURES:
- New Resource:
google_network_connectivity_spoke
(#10921)
IMPROVEMENTS:
- apigee: added
ip_range
field togoogle_apigee_instance
(#10928) - cloudrun: added support for
default_mode
andmode
settings for created files withinsecrets
ingoogle_cloud_run_service
(#10911) - compute: Added
share_settings
ingoogle_compute_reservation
(#10899) - container: promoted
dns_config
field ofgoogle_container_cluster
to GA (#10892)
BUG FIXES:
- all: Fixed operation polling to support custom endpoints. (#10913)
- cloudrun: Fixed permadiff in
google_cloud_run_service
'stemplate.spec.service_account_name
. (#10940) - dlp: Fixed typo in name of
characters_to_ignore.characters_to_skip
field forgoogle_data_loss_prevention_deidentify_template
(#10910) - storagetransfer: fixed bug where
schedule
was required, but really it is optional. (#10942)
IMPROVEMENTS:
- compute: added
EXTERNAL_MANAGED
as option forload_balancing_scheme
ingoogle_compute_backend_service
resource (#10889) - container: promoted
dns_config
field ofgoogle_container_cluster
to GA (#10892) - monitoring: added
conditionMatchedLog
andalertStrategy
fields togoogle_monitoring_alert_policy
resource (#10865)
BREAKING CHANGES:
- pubsub: changed
google_pubsub_schema
so that modifiying fields will recreate the resource rather than causing Terraform to report it would attempt an invalid update (#10768)
FEATURES:
- New Resource:
google_apigee_nat_address
(#10789) - New Resource:
google_network_connectivity_hub
(#10812)
IMPROVEMENTS:
- bigquery: added ability to create a table with both a schema and view simultaneously to
google_bigquery_table
(#10819) - cloud_composer: Added GA support for following fields:
web_server_network_access_control
,database_config
,web_server_config
,encryption_config
. (#10827) - cloud_composer: Added support for Cloud Composer master authorized networks flag (#10780)
- cloud_composer: Added support for Cloud Composer v2 in GA. (#10795)
- container: promoted
node_config.0.boot_disk_kms_key
ofgoogle_container_node_pool
to GA (#10829) - osconfig: Added daily os config patch deployments (#10807)
- storage: added configurable read timeout to
google_storage_bucket
(#10781)
BUG FIXES:
- billingbudget: fixed a bug where
google_billing_budget.budget_filter.labels
was not updating. (#10767) - compute: fixed scenario where
region_instance_group_manager
would not start update ifwait_for_instances
was set and initial status was notSTABLE
(#10818) - healthcare: Added back
self_link
functionality which was accidentally removed in4.0.0
release. (#10808) - pubsub: fixed update failure when attempting to change non-updatable resource
google_pubsub_schema
(#10768) - storage: fixed a bug where
google_storage_bucket.lifecycle_rule.condition.days_since_custom_time
was not updating. (#10778) - vpcaccess: Added back
self_link
functionality which was accidentally removed in4.0.0
release. (#10808)
FEATURES:
- New Data Source: google_container_aws_versions (#10754)
- New Data Source: google_container_azure_versions (#10754)
- New Resource: google_container_aws_cluster (#10754)
- New Resource: google_container_aws_node_pool (#10754)
- New Resource: google_container_azure_client (#10754)
- New Resource: google_container_azure_cluster (#10754)
- New Resource: google_container_azure_node_pool (#10754)
IMPROVEMENTS:
- bigquery: added the
return_table_type
field togoogle_bigquery_routine
(#10743) - cloudbuild: added support for
available_secrets
togoogle_cloudbuild_trigger
(#10714) - cloudfunctions: added support for
min_instances
togoogle_cloudfunctions_function
(#10712) - composer: added support for Private Service Connect by adding field
cloud_composer_connection_subnetwork
ingoogle_composer_environment
(#10724) - compute: fixed bug where
google_compute_instance
'scan_ip_forward
could not be updated without recreating or restarting the instance. (#10741) - compute: added field
public_access_prevention
to resourcebucket
(beta) (#10740) - compute: added support for regional external HTTP(S) load balancer (#10738)
- privateca: added support for setting default values for basic constraints for
google_privateca_certificate
,google_privateca_certificate_authority
, andgoogle_privateca_ca_pool
via thenon_ca
andzero_max_issuer_path_length
fields (#10702) - provider: enabled gRPC requests and response logging (#10721)
BUG FIXES:
- assuredworkloads: fixed a bug preventing
google_assured_workloads_workload
from being created in any region other than us-central1 (#10749)
DEPRECATIONS:
- filestore: deprecated
zone
ongoogle_filestore_instance
in favor oflocation
to allow for regional instances (#10662)
FEATURES:
- New Resource:
google_os_config_os_policy_assignment
(#10676) - New Resource:
google_recaptcha_enterprise_key
(#10672) - New Resource:
google_spanner_instance_iam_policy
(#10695) - New Resource:
google_spanner_instance_iam_binding
(#10695) - New Resource:
google_spanner_instance_iam_member
(#10695)
IMPROVEMENTS:
- filestore: added support for
ENTERPRISE
value ongoogle_filestore_instance
tier
(#10662) - privateca: added support for setting default values for basic constraints for
google_privateca_certificate
,google_privateca_certificate_authority
, andgoogle_privateca_ca_pool
via thenon_ca
andzero_max_issuer_path_length
fields (#10702) - sql: added field
allocated_ip_range
to resourcegoogle_sql_database_instance
(#10687)
BUG FIXES:
- compute: fixed incorrectly failing validation for
INTERNAL_MANAGED
google_compute_region_backend_service
. (#10664) - compute: fixed scenario where
instance_group_manager
would not start update ifwait_for_instances
was set and initial status was notSTABLE
(#10680) - container: fixed the
ROUTES
value for thenetworking_mode
field ingoogle_container_cluster
. A recent API change unintentionally changed the default to aVPC_NATIVE
cluster, and removed the ability to create aROUTES
-based one. Provider versions prior to this one will default toVPC_NATIVE
due to this change, and are unable to createROUTES
clusters. (#10686)
FEATURES:
- New Data Source:
google_compute_router_status
(#10573) - New Data Source:
google_folders
(#10658) - New Resource:
google_notebooks_runtime
(#10627) - New Resource:
google_vertex_ai_metadata_store
(#10657) - New Resource:
google_cloudbuild_worker_pool
(#10617)
IMPROVEMENTS:
- apigee: Added IAM support for
google_apigee_environment
. (#10608) - apigee: Added supported values for 'peeringCidrRange' in
google_apigee_instance
. (#10636) - cloudbuild: added display_name and annotations to google_cloudbuild_worker_pool for compatibility with new GA. (#10617)
- container: added
node_group
tonode_config
for container clusters and node pools to support sole tenancy (#10646) - redis: Added Multi read replica field
replicaCount
,nodes
,readEndpoint
,readEndpointPort
,readReplicasMode
ingoogle_redis_instance
(#10607)
BUG FIXES:
- essentialcontacts: marked updating
email
ingoogle_essential_contacts_contact
as requiring recreation (#10592) - privateca: fixed crlAccessUrls in
CertificateAuthority
(#10577)
FEATURES:
- New Data Source:
google_compute_router_status
(#10573)
IMPROVEMENTS:
- compute: added support for
queue_count
togoogle_compute_instance.network_interface
andgoogle_compute_instance_template.network_interface
(#10571)
BUG FIXES:
- all: fixed an issue where some documentation for new resources was not showing up in the GA provider if it was beta-only. (#10545)
- bigquery: fixed update failure when attempting to change non-updatable fields in
google_bigquery_routine
. (#10546) - compute: fixed a bug when
cache_mode
is set to FORCE_CACHE_ALL ongoogle_compute_backend_bucket
(#10572) - compute: fixed a perma-diff on
google_compute_region_health_check
whenlog_config.enable
is set to false (#10553) - servicedirectory: added support for vpc network configuration in
google_service_directory_endpoint
. (#10569)
IMPROVEMENTS:
- cloudrun: Added support for secrets to GA provider. (#10519)
- compute: Added
bfd
togoogle_compute_router_peer
(#10487) - container: added
gcfs_config
tonode_config
ofgoogle_container_node_pool
resource (#10499) - container: promoted
confidential_nodes
field ingoogle_container_cluster
to GA (#10531) - provider: added retries for the
resourceNotReady
error returned when attempting to add resources to a recently-modified subnetwork (#10498) - pubsub: added
message_retention_duration
field togoogle_pubsub_topic
(#10501)
BUG FIXES:
- apigee: fixed a bug where multiple
google_apigee_instance_attachment
could not be used on the samegoogle_apigee_instance
(#10520) - bigquery: fixed a bug following import where schema is empty on
google_bigquery_table
(#10521) - billingbudget: fixed unable to provide
labels
ongoogle_billing_budget
(#10490) - compute: allowed
source_disk
to accept full image path ongoogle_compute_snapshot
(#10516) - compute: fixed a bug in
google_compute_firewall
that would cause changes insource_ranges
to not correctly be applied (#10515) - logging: fixed a bug with updating
description
ongoogle_logging_project_sink
,google_logging_folder_sink
andgoogle_logging_organization_sink
(#10493)
NOTES:
- compute: Google Compute Engine resources will now call the endpoint appropriate to the provider version rather than the beta endpoint by default (#10429)
- container: Google Kubernetes Engine resources will now call the endpoint appropriate to the provider version rather than the beta endpoint by default (#10430)
BREAKING CHANGES:
- appengine: marked
google_app_engine_standard_app_version
entrypoint
as required (#10425) - compute: removed the ability to specify the
trace-append
ortrace-ro
as scopes ingoogle_compute_instance
, usetrace
instead (#10377) - compute: changed
advanced_machine_features
ongoogle_compute_instance_template
to track changes when the block is undefined in a user's config (#10427) - compute: changed
source_ranges
ingoogle_compute_firewall_rule
to track changes when it is not set in a config file (#10439) - compute: changed the import / drift detection behaviours for
metadata_startup_script
,metadata.startup-script
ingoogle_compute_instance
. Now,metadata.startup-script
will be set by default, andmetadata_startup_script
will only be set if present. (#10392) - compute: removed
source_disk_link
field fromgoogle_compute_snapshot
(#10424) - compute: removed the
enable_display
field fromgoogle_compute_instance_template
(#10410) - compute: removed the
update_policy.min_ready_sec
field fromgoogle_compute_instance_group_manager
,google_compute_region_instance_group_manager
(#10410) - container:
instance_group_urls
has been removed in favor ofnode_pool.managed_instance_group_urls
(#10442) - container: changed default for
enable_shielded_nodes
to true forgoogle_container_cluster
(#10403) - container: changed
master_auth.client_certificate_config
to required (#10441) - container: removed
master_auth.username
andmaster_auth.password
fromgoogle_container_cluster
(#10441) - container: removed
workload_metadata_configuration.node_metadata
in favor ofworkload_metadata_configuration.mode
ingoogle_container_cluster
(#10400) - container: removed the
pod_security_policy_config
field fromgoogle_container_cluster
(#10410) - container: removed the
workload_identity_config.0.identity_namespace
field fromgoogle_container_cluster
, useworkload_identity_config.0.workload_pool
instead (#10410) - project: removed ability to specify
bigquery-json.googleapis.com
, the provider will no longer convert it as the upstream API migration is finished. Usebigquery.googleapis.com
instead. (#10370) - provider: changed
credentials
,access_token
precedence so thatcredentials
values in configuration take precedence overaccess_token
values assigned through environment variables (#10393) - provider: removed redundant default scopes. The provider's default scopes when authenticating with credentials are now exclusively "https://www.googleapis.com/auth/cloud-platform" and "https://www.googleapis.com/auth/userinfo.email". (#10374)
- pubsub: removed
path
field fromgoogle_pubsub_subscription
(#10424) - resourcemanager: made
google_project
removeorg_id
andfolder_id
from state when they are removed from config (#10373) - resourcemanager: added conflict between
org_id
,folder_id
at plan time ingoogle_project
(#10373) - resourcemanager: changed the
project
field toRequired
in allgoogle_project_iam_*
resources (#10394) - runtimeconfig: removed the Runtime Configurator service from the
google
(GA) provider includinggoogle_runtimeconfig_config
,google_runtimeconfig_variable
,google_runtimeconfig_config_iam_policy
,google_runtimeconfig_config_iam_binding
,google_runtimeconfig_config_iam_member
,data.google_runtimeconfig_config
. They are only available in thegoogle-beta
provider, as the underlying service is in beta. (#10410) - sql: added drift detection to the following
google_sql_database_instance
fields:activation_policy
(defaultsALWAYS
),availability_type
(defaultsZONAL
),disk_type
(defaultsPD_SSD
),encryption_key_name
(#10412) - sql: changed the
database_version
field toRequired
ingoogle_sql_database_instance
resource (#10398) - sql: removed the following
google_sql_database_instance
fields:authorized_gae_applications
,crash_safe_replication
,replication_type
(#10412) - storage: removed
bucket_policy_only
fromgoogle_storage_bucket
(#10397) - storage: changed the
location
field to required ingoogle_storage_bucket
(#10399)
VALIDATION CHANGES:
- bigquery: at least one of
statement_timeout_ms
,statement_byte_budget
, orkey_result_statement
is required ongoogle_bigquery_job.query.script_options.
(#10371) - bigquery: exactly one of
query
,load
,copy
orextract
is required ongoogle_bigquery_job
(#10371) - bigquery: exactly one of
source_table
orsource_model
is required ongoogle_bigquery_job.extract
(#10371) - cloudbuild: exactly one of
branch_name
,commit_sha
ortag_name
is required ongoogle_cloudbuild_trigger.build.source.repo_source
(#10371) - compute: at least one of
fixed_delay
orpercentage
is required ongoogle_compute_url_map.default_route_action.fault_injection_policy.delay
(#10371) - compute: at least one of
fixed
orpercent
is required ongoogle_compute_autoscaler.autoscaling_policy.scale_down_control.max_scaled_down_replicas
(#10371) - compute: at least one of
fixed
orpercent
is required ongoogle_compute_autoscaler.autoscaling_policy.scale_in_control.max_scaled_in_replicas
(#10371) - compute: at least one of
fixed
orpercent
is required ongoogle_compute_region_autoscaler.autoscaling_policy.scale_down_control.max_scaled_down_replicas
(#10371) - compute: at least one of
fixed
orpercent
is required ongoogle_compute_region_autoscaler.autoscaling_policy.scale_in_control.max_scaled_in_replicas
(#10371) - compute: at least one of
max_scaled_down_replicas
ortime_window_sec
is required ongoogle_compute_autoscaler.autoscaling_policy.scale_down_control
(#10371) - compute: at least one of
max_scaled_down_replicas
ortime_window_sec
is required ongoogle_compute_region_autoscaler.autoscaling_policy.scale_down_control
(#10371) - compute: at least one of
max_scaled_in_replicas
ortime_window_sec
is required ongoogle_compute_autoscaler.autoscaling_policy.scale_in_control.0.
(#10371) - compute: at least one of
max_scaled_in_replicas
ortime_window_sec
is required ongoogle_compute_region_autoscaler.autoscaling_policy.scale_in_control.0.
(#10371) - compute: required one of
source_tags
,source_ranges
orsource_service_accounts
on INGRESSgoogle_compute_firewall
resources (#10369) - dlp: at least one of
start_time
orend_time
is required ongoogle_data_loss_prevention_trigger.inspect_job.storage_config.timespan_config
(#10371) - dlp: exactly one of
url
orregex_file_set
is required ongoogle_data_loss_prevention_trigger.inspect_job.storage_config.cloud_storage_options.file_set
(#10371) - kms: removed
self_link
field fromgoogle_kms_crypto_key
andgoogle_kms_key_ring
(#10424) - osconfig: at least one of
linux_exec_step_config
orwindows_exec_step_config
is required ongoogle_os_config_patch_deployment.patch_config.post_step
(#10371) - osconfig: at least one of
linux_exec_step_config
orwindows_exec_step_config
is required ongoogle_os_config_patch_deployment.patch_config.pre_step
(#10371) - osconfig: at least one of
reboot_config
,apt
,yum
,goo
zypper
,windows_update
,pre_step
orpre_step
is required ongoogle_os_config_patch_deployment.patch_config
(#10371) - osconfig: at least one of
security
,minimal
,excludes
orexclusive_packages
is required ongoogle_os_config_patch_deployment.patch_config.yum
(#10371) - osconfig: at least one of
type
,excludes
orexclusive_packages
is required ongoogle_os_config_patch_deployment.patch_config.apt
(#10371) - osconfig: at least one of
with_optional
,with_update
,categories
,severities
,excludes
orexclusive_patches
is required ongoogle_os_config_patch_deployment.patch_config.zypper
(#10371) - osconfig: exactly one of
classifications
,excludes
orexclusive_patches
is required ongoogle_os_config_patch_deployment.inspect_job.patch_config.windows_update
(#10371) - spanner: at least one of
num_nodes
orprocessing_units
is required ongoogle_spanner_instance
(#10371)
IMPROVEMENTS:
- compute: added
encrypted_interconnect_router
togoogle_compute_router
(#10454) - container: added
managed_instance_group_urls
togoogle_container_node_pool
to replaceinstance_group_urls
ongoogle_container_cluster
(#10467) - kms: added support for EKM to
google_kms_crypto_key.protection_level
(#10391) - project: added support for
billing_project
ongoogle_project_service
(#10395) - spanner: increased the default timeout on
google_spanner_instance
operations from 4 minutes to 20 minutes, significantly reducing the likelihood that resources will time out (#10437)
BUG FIXES:
- bigquery: fixed a bug of cannot add required fields to an existing schema on
google_bigquery_table
(#10421) - compute: fixed a bug in updating multiple
ttl
fields ongoogle_compute_backend_bucket
(#10375) - compute: fixed a permadiff on
subnetwork
when it is optional ongoogle_compute_network_endpoint_group
(#10420) - compute: fixed perma-diff bug on
log_config.enable
of bothgoogle_compute_backend_service
andgoogle_compute_region_backend_service
(#10378) - compute: fixed the
google_compute_instance_group_manager.update_policy.0.min_ready_sec
field so that updating it to0
works (#10457) - compute: fixed the
google_compute_region_instance_group_manager.update_policy.0.min_ready_sec
field so that updating it to0
works (#10457) - spanner: fixed the schema for
data.google_spanner_instance
so that non-configurable fields are considered outputs (#10450)