BREAKING CHANGES:
policy_sets and policy_sets.policies required in google_securityposture_posture. API validation already enforced this, so no resources could be provisioned without these (#6981)FEATURES:
google_compute_forwarding_rules (#6997)google_firebase_app_check_app_attest_config (#6971)google_firebase_app_check_play_integrity_config (#6971)google_firebase_app_check_recaptcha_enterprise_config (#6989)google_firebase_app_check_recaptcha_v3_config (#6989)google_migration_center_preference_set (#6974)google_netapp_volume_replication (#7002)IMPROVEMENTS:
version_id field on google_cloudfunctions_function (#6968)google_composer_environment (#7000)network_interface.stack_type field on google_compute_instance resource. (#6977)node_config.resource_manager_tags field to google_container_cluster resource (#7001)node_config.resource_manager_tags field to google_container_node_pool resource (#7001)membership_id and membership_location under fleet in google_container_cluster resource (#6983)custom_domain field to google_looker_instance resource (#6979)restore_parameters and output-only fields state, state_details and create_time to google_netapp_volume resource (#6976)container_image field to google_workbench_instance resource (#6988)shielded_instance_config field to google_workbench_instance resource (#6984)BUG FIXES:
principal/principalSets (iamMember) in google_bigquery_dataset_iam_member. (#6975)event_config.trigger_region in google_cloudfunctions2_function resulted in a permanent diff. The field now pulls a default value from the API when unset. (#6991)min_ports_per_vm in google_compute_router_nat when the field is unset by making the field default to the API-set value (#6993)google_dataflox_job to return an error instead if a job's Environment field is nil when reading job information (#6999)tag field to default to the API's value if not specified in google_notebooks_instance (#6986)NOTES:
google_cloudbuildv2_connection, there should be no user-facing impact (#6943)DEPRECATIONS:
relay_mode field in google_container_cluster.monitoring_config.advanced_datapath_observability_config in favor of enable_relay field, relay_mode field will be removed a future major release (#6960)FEATURES:
google_firebase_app_check_debug_token (#6953)google_network_security_firewall_endpoint (#6940)google_clouddeploy_custom_target_type (#6956)google_network_security_security_profile_group (#6961)IMPROVEMENTS:
google_cloud_asset_resources_search_all datasource (#6941)canary_revision_tags, prior_revision_tags, stable_revision_tags, and stable_cutback_duration to google_clouddeploy_delivery_pipeline (#6951)version_id on google_cloudfunctions_function (#6968)enable_relay field to google_container_cluster.monitoring_config.advanced_datapath_observability_config (#6960)http_endpoint.uri and network_config.network_attachment to google_eventarc_trigger (#6951)reject_duplicate_message field to google_healthcare_hl7_v2_store resource (#6964)client, permissions, monitoring and mfa fields to google_identity_platform_config (#6944)desired_state field to google_notebooks_instance (#6965)feature_registry_source field to google_vertex_ai_feature_online_store_featureview resource (#6962)desired_state field to google_workbench_instance resource (#6966)disable_ssh in google_workstations_workstation_config (#6947)BUG FIXES:
resource_manager_tags updatable on google_compute_instance_template and google_compute_region_instance_template (#6958)google_notebooks_instance when kms_key or service_account_scopes are changed server-side (#6948)FEATURES:
google_clouddeploy_delivery_pipeline_iam_* (#6928)google_compute_instance_group_membership (#6933)google_discovery_engine_search_engine (#6919)google_firebase_app_check_service_config (#6921)IMPROVEMENTS:
table_replication_info field on resource_bigquery_table resource to GA (#6929)confidential_instance_config.confidential_instance_type field to google_compute_instance, google_compute_instance_template, and google_compute_region_instance_template resources (#6934)google_network_security_address_group (#6931)goog-terraform-provisioned to identify resources that were created by Terraform when viewing/editing these resources in other tools. (#6924)BUG FIXES:
google_firebase_hosting_custom_domain issues.details field (#6926)FEATURES:
google_compute_machine_types (#6903)google_blockchain_node_engine_blockchain_nodes (#6897)google_compute_region_network_endpoint (#6913)google_discovery_engine_chat_engine (#6918)google_discovery_engine_search_engine (#6919)google_netapp_volume_snapshot (#6914)IMPROVEMENTS:
INTERNET_IP_PORT and INTERNET_FQDN_PORT options for the google_compute_region_network_endpoint_group resource. (#6913)creation_timestamp to google_compute_instance_group_manager and google_compute_region_instance_group_manager. (#6904)disk_id attribute to google_compute_disk resource (#6906)stack_type attribute for google_compute_interconnect_attachment resource. (#6915)google_compute_security_policy resource's json_parsing field to accept the value STANDARD_WITH_GRAPHQL (#6898)reserved_ip_range_id field to google_memcache_instance resource (#6901)deletion_policy field to google_netapp_volume resource (#6905)BUG FIXES:
database_flags in secondary google_alloydb_instance resources would cause a diff, as they are copied from the primary (#6910)google_filestore_instance.source_backup field configurable (#6899)google_vmwareengine_private_cloud resources when upgrading provider version from <5.10.0 (#6911)FEATURES:
google_discovery_engine_data_store (#6892)google_securityposture_posture_deployment (#6893)google_securityposture_posture (#6890)IMPROVEMENTS:
template.spec.volumes.csi field to google_cloud_run_service resource to support mounting Cloud Storage buckets using GCSFuse (#6875)data_retention_config field to google_composer_environment resource (#6877)google_logging_project_bucket_config resource to be created using the asynchronous create method (#6883)use_table_schema field to google_pubsub_subscription resource (#6881)vector_search_config field to google_vertex_ai_feature_online_store_featureview resource (#6876)call_log_level field to google_workflows_workflow resource (#6878)readiness_checks field to google_workstations_workstation_config resource (#6895)BUG FIXES:
build_config.docker_repository field is not specified on google_cloudfunctions2_function resource (#6887)iap field is unset for google_compute_region_backend_service resource (#6886)destination.cloud_function field on google_eventarc_trigger resource by making it output-only (#6879)NOTES:
google_cloudbuildv2_repository, there should be no user-facing impact (#6843)labels and terraform_labels fields in immutable resources (#6857)FEATURES:
google_netapp_backup_policy (#6839)google_netapp_volume (#6852)google_network_security_address_group_iam_* (#6859)google_network_security_security_profile (#6868)google_vertex_ai_feature_group_feature (#6861)IMPROVEMENTS:
database_version as an input on google_alloydb_cluster resource (#6841)spark_options field to google_bigquery_routine resource (#6867)google_bigquery_table resource (#6865)nfs and gcs fields to google_cloud_run_v2_service.template.volumes (#6845)tcp_socket field to google_cloud_run_v2.template.containers.liveness_probe (#6845)enable_private_environment and enable_private_builds_only fields to google_composer_environment resource (#6870)enable_confidential_compute field to google_compute_instance.boot_disk.initialize_params (#6842)clusterupgrade field to google_gke_hub_feature resource (#6836)enable_history_modifications field to google_healthcare_fhir_store resource (#6864)machine_type and accelerator_config to be updatable on google_notebooks_runtime resource (#6854)disable_tcp_connections field to google_workstations_workstation_config resource (#6863)BUG FIXES:
max_ttl is sent in API calls even it is removed from configuration when changing cache_mode to FORCE_CACHE_ALL in google_compute_backend_bucket resource (#6847)addresses field in google_network_services_gateway resource (#6871)universe_domain behavior to correctly throw an error when explicitly configured universe_domain values did not match credentials assumed to be in the default universe (#6860)autoscaling_config to an existing google_spanner_instance resource (#6869)FEATURES:
google_dns_managed_zones (#6835)google_filestore_instance (#6822)google_vmwareengine_external_access_rule (#6811)google_clouddomains_registration (#6833)google_netapp_kmsconfig (#6831)google_vertex_ai_feature_online_store_featureview (#6821)google_vmwareengine_external_access_rule (#6811)IMPROVEMENTS:
md5_authentication_key field to google_compute_router_peer resource (#6815)params.resource_manager_tags field in google_compute_instance resource (#6828)description field in google_compute_instance resource (#6804)policycontroller field to google_gke_hub_feature_membership resource (#6813)clusterupgrade field to google_gke_hub_feature resource (#6836)vsphere_config field and added host_groups field in google_gkeonprem_vmware_node_pool resource (#6802)create_ignore_already_exists field to google_service_account resource. If ignore_create_already_exists is set to true, resource creation would succeed when response error is 409 ALREADY_EXISTS. (#6818)deletion_policy to google_service_networking_connection (#6830)replica_configuration, ca_cert, and server_ca_cert fields to be sensitive in google_sql_instance and google_sql_ssl_cert resources (#6823)BUG FIXES:
encryption_configuration when API returns an empty object on google_bigquery_table resource (#6817)wait_for_instances if set before deleting on google_compute_instance_group_manager and google_compute_region_instance_group_manager resources (#6829)stateful_external_ip and stateful_internal_ip blocks on google_compute_instance_group_manager and google_compute_region_instance_group_manager resources (#6810)scheduler_service_account_email when it's not explicitly specified in google_data_pipeline_pipeline resource (#6814)google_edgecontainer_vpn_connection resource (#6834)openapi_config, grpc_config, and protoc_output_base64, had computed values in google_endpoints_service resource (#6832)google_storage_bucket resource (#6806)NOTES:
google_network_firewall_policy and google_region_network_firewall_policy, there should be no user-facing impact (#6776) DEPRECATIONS:configmanagement.config_sync.oci.version in google_gke_hub_feature resource (#6764)FEATURES:
google_compute_reservation (#6791)google_clouddeploy_automation (#6794)google_integration_connectors_endpoint_attachment (#6766)google_logging_folder_settings (#6754)google_logging_organization_settings (#6754)google_netapp_active_directory (#6781)google_vertex_ai_feature_online_store (#6779)google_vertex_ai_feature_group (#6780)google_netapp_backup_vault (#6793)IMPROVEMENTS:
restricted_export_config field to google_bigquery_analytics_hub_listing resource (#6784)composer_internal_ipv4_cidr_block field to google_composer_environment (#6761)config.software_config.web_server_plugins_mode, config.workloads_config and dag_processor fields to google_composer_environment. (#6797)provisioned_iopsand provisioned_throughput fields under boot_disk.initialize_params to google_compute_instance resource (#6792)resource_manager_tags and disk.resource_manager_tags for google_compute_instance_template (#6798)resource_manager_tags and disk.resource_manager_tags for google_compute_region_instance_template (#6798)workload_alts_config field to google_container_cluster resource (#6762)auxiliary_node_groups field to google_dataproc_cluster resource (#6753)google_edgecontainer_cluster, google_edgecontainer_node_pool to 480m from 60m (#6796)version under configmanagement in google_gke_hub_feature resource (#6764)primary to google_kms_crypto_key (#6782)consumers.custom_routes_enabled to google_dataproc_metastore_service (#6767)type field of google_sql_user (#6787)name field settable on google_storage_transfer_job (#6777)BUG FIXES:
node_version and min_master_version are the same on create of google_container_cluster, when running terraform plan (#6763)gce_persistent_disk_csi_driver_config during creation will result in permadiff in google_container_cluster resource (#6751)admin_users or admin_groups in google_container_attached_cluster (#6786)git_integration_settings field of google_diagflow_cx_agent (#6756)version under configmanagement in google_gke_hub_feature resource (#6764)dashboard_json for the resource google_monitoring_dashboard (#6750)FEATURES:
google_compute_region_disk (#6726)google_vmwareengine_external_address (#6714)google_vmwareengine_subnet (#6715)google_vmwareengine_vcenter_credentials (#6717)google_vmwareengine_external_address (#6714)google_vmwareengine_subnet (#6715)google_workbench_instance (#6739)google_workbench_instance_iam_* (#6739)IMPROVEMENTS:
external_dataset_reference field to google_bigquery_dataset resource (#6716)network_performance_config field to google_container_node_pool resource to support GKE tier 1 networking (#6719)remove_instance_on_destroy option to google_compute_per_instance_config resource (#6724)remove_instance_on_destroy option to google_compute_region_per_instance_config resource (#6724)network_performance_config.total_egress_bandwidth_tier to support GKE tier 1 networking (#6712)machine_type/disk_type/disk_size_gb in google_container_node_pool resource (#6722)config.labels to google_container_azure_node_pool (#6732)display_name, labels and npmrc_environment_variables_secret_version fields to google_dataform_repository resource (#6727)severity field to google_monitoring_alert_policy resource (#6741)labels to google_notebooks_runtime (#6746)dry_run_spec to google_org_policy_policy (#6732)waf_settings to google_recaptcha_enterprise_key (#6732)host_config, state_note, kms_key, and private_config fields to google_secure_source_manager_instance resource (#6725)autoscaling_config.max_nodes and autoscaling_config.min_nodes to google_spanner_instance (#6748)rpo field to google_storage_bucket resource (#6734)type field to google_vmwareengine_private_cloud resource (#6744)saml block to google_iam_workload_identity_pool_provider resource (#6718)BUG FIXES:
unique_writer_identity on google_logging_project_sink does not trigger diff on dependent's usages of writer_identity (#6742)FEATURES:
google_logging_folder_settings (#6699)google_logging_organization_settings (#6699)google_logging_project_settings (#6699)google_vmwareengine_network_policy (#6686)google_vmwareengine_nsx_credentials (#6701)google_scc_event_threat_detection_custom_module (#6693)google_secure_source_manager_instance (#6685)google_vmwareengine_network_policy (#6686)IMPROVEMENTS:
spark support to google_bigquery_connection resource (#6708)expiry_detail field to google_cloud_identity_group_membership resource (#6689)queued_provisioning field to google_container_node_pool resource (#6678)default_cluster_config field to google_gke_hub_fleet resource (#6683)binary_authorization_config field to google_gke_hub_fleet resource (#6705)edition field in google_sql_database_instance resource (#6681)BUG FIXES:
virtual_repository_config array in google_artifact_registry_repository (#6691)dns_config field updatable on google_container_cluster resource (#6695)storage_config.timespan_config block in data_loss_prevention_job_trigger resource (#6680)storage_config.timespan_config.timestamp_field field in data_loss_prevention_job_trigger to be optional (#6680)google_firestore_index resources to address retryable 409 code API errors (“Please retry, underlying data changed”, and “Aborted due to cross-transaction contention”) (#6677, #6702)lifecycle_rule conditions being added for google_storage_bucket (#6711)FEATURES:
google_vmwareengine_network_peering (#6675)google_dataform_repository_iam_* (beta) (#6648)google_migration_center_group (#6651)google_netapp_storage_pool (#6663)google_vertex_ai_endpoint_iam_* (beta) (#6657)google_vmwareengine_network_peering (#6675)IMPROVEMENTS:
remote_repository_config.upstream_credentials field to google_artifact_registry_repository resource (#6658)build.artifacts.maven_artifacts, build.artifacts.npm_packages , and build.artifacts.python_packages to resource google_cloudbuild_trigger (#6650database_config.zone field in google_composer_environment (#6653)service_directory_registrations to resource google_compute_global_forwarding_rule (#6667)deletion_policy to google_firestore_database (#6664)google_firestore_database (#6664)policycontroller field to fleet_default_member_config in google_gke_hub_feature (#6649)allowed_services, disable_programmatic_signin fields to google_iam_workforce_pool resource (#6666)STANDARD type support to google_vmwareengine_network resource (#6669)BUG FIXES:
google_compute_forwarding_rule and google_compute_global_forwarding_rule (#6652)google_firestore_database could be deleted when delete_protection_state was DELETE_PROTECTION_ENABLED (#6664)google_firestore_index (#6677)DEPRECATIONS:
config_management.binauthz in google_gke_hub_feature_membership (#6646)IMPROVEMENTS:
standard_isolation and standard_isolation.priority fields to google_bigtable_app_profile resource (#6621)proxy_config field to google_container_attached_cluster resource (#6637)membership_location field to google_gke_hub_feature_membership resource (#6646)google_logging_project_sink resource that already exists at the desired location. These logging buckets cannot be removed so deleting this resource will remove the bucket config from your terraform state but will leave the logging bucket unchanged. (#6632)MEMCACHE_1_6_15 as a possible value for memcache_version in google_memcache_instance resource (#6642)google_monitoring_uptime_check_config resource (#6645)autoscaling_config field to google_spanner_instance resource (#6616)BUG FIXES:
external_ipv6_prefix field to not be output only in google_compute_subnetwork resource (#6619)google_compute_attached_disk would produce an error for certain zone configs (#6620)google_edgecontainer_cluster resource (#6625)data_source_google_project_service no longer return an error when the service is not enabled (#6638)ssl_mode field is not stored in terraform state if it has never been used in google_sql_database_instance resource (#6622)NOTES:
terraform_labels field for resource google_dataproc_workflow_template, so the resource recreation won't happen during provider upgrade from 4.x to 5.7 (#6634)terraform_labels for some immutable resources, so the resource recreation won't happen during provider upgrade from 4.X to 5.7 (#6635)FEATURES:
google_backup_dr_management_server (#6596)google_compute_instance_settings (#6615)google_integration_connectors_connection(#6612)IMPROVEMENTS:
enable_sovereign_controls, partner, partner_permissions, violation_notifications_enabled, and several other output-only fields to google_assured_workloads_workloads (#6597)storage_config to google_composer_environment (#6606)fleet field to google_container_cluster resource (#6610)admin_groups to google_container_aws_cluster (#6597)admin_groups to google_container_azure_cluster (#6597)instance_flexibility_policy in google_dataproc_cluster (#6593)is_default_start_flow field to google_dialogflow_cx_flow resource to allow management of default flow resources via Terraform (#6600)is_default_welcome_intent and is_default_negative_intent fields to google_dialogflow_cx_intent resource to allow management of default intent resources via Terraform (#6600)fleet_default_member_config field to google_gke_hub_feature resource (#6608)metrics_gcp_service_account_email to google_gke_hub_feature_membership (#6597)index_configs field to logging_bucket_config resource (#6598)index_configs field to logging_project_bucket_config resource (#6598)pings_count, user_labels, and custom_content_type fields to google_monitoring_uptime_check_config resource (#6594)autoscaling_config field to google_spanner_instance (#6616)ssl_mode field to google_sql_database_instance resource (#6579)private_service_connect_config to google_vertex_ai_index_endpoint (#6614)domain_config field to resource google_workstations_workstation_cluster (beta) (#6609)BUG FIXES:
terraform_labels immutable in immutable resources to not block the upgrade. This will create a Terraform plan that recreates the resource on 4.X -> 5.6.0 upgrade for affected resources. A mitigation to backfill the values during the upgrade is planned, and will release resource-by-resource. (#6613)FEATURES:
google_bigquery_dataset (#6570)IMPROVEMENTS:
SECONDARY as an option for instance_type field in google_alloydb_instance resource, to support creation of secondary instance inside a secondary cluster. (#6583)deletion_policy field to google_alloydb_cluster resource, to allow force-destroying instances along with their cluster. This is necessary to delete secondary instances, which cannot be deleted otherwise. (#6583)google_alloydb_cluster resources from secondary to primary (#6589)google_alloydb_instance to 120m from 40m (#6583)instance_flexibility_policy field ro google_dataproc_cluster resource (#6593)subject field to google_monitoring_alert_policy resource (#6590)enable_object_retention field to google_storage_bucket resource (#6588)retention field to google_storage_bucket_object resource (#6588)user_env_vars field to google_workflows_workflow resource (#6567)BUG FIXES:
maintenance_interval is updated on google_compute_instance_template (#6569)google_firestore_field resources (#6572)DEPRECATIONS:
cloud_spanner.use_serverless_analytics on google_bigquery_connection. Use cloud_spanner.use_data_boost instead. (#6539)NOTES:
universe_domain attribute as a provider attribute (#6551)BREAKING CHANGES:
location field as required in resource google_cloud_run_v2_job. Any configuration without location specified will cause resource creation fail (#6540)location field as required in resource google_cloud_run_v2_service. Any configuration without location specified will cause resource creation fail (#6540)FEATURES:
google_cloud_identity_group_lookup (#6530)google_network_connectivity_policy_based_route (#6552)google_pubsub_schema_iam_* (#6533)IMPROVEMENTS:
vpc_network_sources to google_access_context_manager_access_levels, google_access_context_manager_access_level, and google_access_context_manager_access_level_condition (#6553)type in google_apigee_environment (#6562)cloud_spanner.database_role, cloud_spanner.use_data_boost, and cloud_spanner.max_parallelism fields to google_bigquery_connection (#6539)iam_member to google_bigquery_dataset.access (#6550)maintenance_interval field to google_compute_node_group resource (#6561)enable_confidential_storage to node_config in google_container_cluster and google_container_node_pool (#6531)google_container_node_pool.node_config.taint (#6536)admin_groups field to google_container_attached_cluster resource (#6537)advanced_settings field to google_dialogflow_cx_flow resource (#6543)advanced_settings fields to google_dialogflow_cx_page resource (#6543)advanced_settings, text_to_speech_settings, git_integration_settings fields to google_dialogflow_cx_agent resource (#6543)cidr_block, labels, tags, network_config, scheduling_config, shielded_instance_config, service_account and data_disks fields to google_tpu_v2_vm (#6555)accelerator_config field to google_tpu_v2_vm resource (#6559)BUG FIXES:
google_bigquery_dataset that contained an iamMember access rule added out of band with Terraform (#6550)capacity_commitment_id is unspecified in resource google_bigquery_capacity_commitment (#6548)annotations field on the google_cloud_run_v2_job data source include all annotations present on the resource in GCP (#6532)annotations field on the google_cloud_run_v2_service data source include all annotations present on the resource in GCP (#6532)labels and terraform labels fields on the google_cloud_run_v2_job data source include all annotations present on the resource in GCP (#6532)labels and terraform labels fields on the google_cloud_run_v2_service data source include all annotations present on the resource in GCP (#6532)google_edgecontainer_cluster was incorrect. (#6560)replica_count to be set to zero in the google_redis_cluster resource (#6534)DEPRECATIONS:
time_partitioning.require_partition_filter in favor of new top level field require_partition_filter in resource google_bigquery_table (#6496)FEATURES:
google_cloud_run_v2_job (#6508)google_cloud_run_v2_service (#6527)google_compute_networks (#6498)IMPROVEMENTS:
additional_group_keys attribute to google_cloud_identity_group resource (#6504)enable_confidential_compute field under boot_disk.0.initialize_params in google_compute_instance (#6528)internal_ipv6_range to google_compute_network data source and internal_ipv6_prefix field to data.google_compute_subnetwork data source (#6514)security_posture_config.vulnerability_mode value VULNERABILITY_ENTERPRISE in google_container_cluster (#6520)ssh_authentication_config and service_account to google_dataform_repository resource (#6480)min_num_instances field to google_dataproc_cluster resource (#6503)custom_writer_identity field to google_logging_project_sink (#6486)ttl field mutable in google_secret_manager_secret (#6521)terminal_storage_class to the autoclass field in google_storage_bucket resource (#6519)BUG FIXES:
google_bigquery_data_transfer_config related to incorrect update masks (#6516)google_cloud_run_v2_service.custom_audiences could not be set or updated properly (#6482)google_compute_global_network_endpoint (#6523)google_compute_backend_service when cache_mode is set to USE_ORIGIN_HEADERS (#6499)autoscaling block would crash the provider for google_container_node_pool (#6483)labels has changes for batch google_dataflow_job and google_dataflow_flex_template_job (#6502)google_dialogflow_cx_version; updates will no longer time out. (#6484)edition field to a google_sql_database_instance resource that already existed and used ENTERPRISE edition resulted in a permant diff in plans (#6485)google_sql_source_representation_instance resource (#6493)FEATURES:
google_secret_manager_secrets (#6463)google_alloydb_user (#6454)google_firestore_backup_schedule (#6465)IMPROVEMENTS:
cluster_type and secondary_config fields to support secondary clusters in google_alloydb_cluster resource. (#6474)recreate_closed_psc flag to support recreating the PSC Consumer forwarding rule if the psc_connection_status is closed on google_compute_forwarding_rule. (#6468)INTERNET_IP_PORT, INTERNET_FQDN_PORT, SERVERLESS, and PRIVATE_SERVICE_CONNECT as acceptable values for the network_endpoint_type field for the resource_compute_network_endpoint_group resource (#6472)SEV_LIVE_MIGRATABLE_V2 to guest_os_features enum on google_compute_image resource. (#6466)allow_subnet_cidr_routes_overlap field to google_compute_subnetwork resource (#6445)ssh_authentication_config and service_account to google_dataform_repository resource (#6480)BUG FIXES:
client_connection_config field to google_alloydb_instance resource (#6478)view, materialized_view, and schema for the google_bigquery_table resource (#6471)certificate_manager_certificates field to google_compute_target_https_proxy resource (#6460)rule.action.source_nat_active_ranges to google_compute_router_nat resource (#6467)google_compute_global_address can't be created when network_tier in google_compute_project_default_network_tier is set to STANDARD (#6456)ip_address when it is set to ipv6 on google_compute_forwarding_rule (#6444)advanced_options_config.user_ip_request_headers field with empty value was not cleaning the list (#6470)FEATURES:
google_database_migration_service_private_connection (#6436)))google_edgecontainer_cluster (#6406)google_edgecontainer_node_pool (#6406)google_edgecontainer_vpn_connection (#6406)google_firebase_hosting_custom_domain (#6409)google_gke_hub_fleet (#6417)IMPROVEMENTS:
device_name field to scratch_disk block of google_compute_instance resource (#6401)node_config.linux_node_config.cgroup_mode field to google_container_node_pool (#6435)oracle profiles to google_database_migration_service_connection_profile (#6426)api_scope field to google_firestore_index resource (#6424)location field to google_gke_hub_membership_iam_* resources (#6437)location field to google_gke_hub_membership resource (#6437)vcenter fields in google_gkeonprem_vmware_cluster (#6418)sms_region_config to the resource google_identity_platform_config (#6398)BUG FIXES:
google_dns_record_set (#6397)terraform_labels field even if no fields were updated (#6443)KNOWN ISSUES:
5.1.0, see https://github.com/hashicorp/terraform-provider-google/issues/16091 for details.Terraform Google Provider 5.0.0 Upgrade Guide
NOTES:
LABELS REWORK:
default_labels field are now supported. The default labels configured on the provider will be applied to all of the resources with standard labels field.labels field. labels field is non-authoritative and only manages the labels defined by the users on the resource through Terraform. The new output-only terraform_labels field merges the labels defined by the users on the resource through Terraform and the default labels configured on the provider. The new output-only effective_labels field lists all of labels present on the resource in GCP, including the labels configured through Terraform, the system, and other clients.annotations field. The annotations field is non-authoritative and only manages the annotations defined by the users on the resource through Terraform. The new output-only effective_annotations field lists all of annotations present on the resource in GCP, including the annotations configured through Terraform, the system, and other clients.labels, terraform_labels, and effective_labels are now present in most resource-based datasources. All three fields have all of labels present on the resource in GCP including the labels configured through Terraform, the system, and other clients, equivalent to effective_labels on the resource.annotations and effective_annotations are now present in most resource-based datasources. Both fields have all of annotations present on the resource in GCP including the annotations configured through Terraform, the system, and other clients, equivalent to effective_annotations on the resource.BREAKING CHANGES:
credentials, access_token, impersonate_service_account, project, billing_project, region, zone (#6358)google_bigquery_table schema (#5975)routine_type required for google_bigquery_routine (#6080)location required on google_cloudfunctions2_function (#6260)google_cloudiot_registry_iam_policy (#6206)google_cloudiot_device (#6206)google_cloudiot_registry (#6206)google_cloudiot_registry_iam_* (#6206)liveness_probe.tcp_socket from google_cloud_run_v2_service resource. (#6029)startup_probe and liveness_probe from google_cloud_run_v2_job resource. (#6029)volumes.cloud_sql_instance.instances to SET from ARRAY for google_cloud_run_v2_service (#6261)google_compute_node_group require one of initial_size or autoscaling_policy fields configured upon resource creation (#6384)size in google_compute_node_group an output only field. (#6384)rule.rate_limit_options.encorce_on_key on resource google_compute_security_policy (#6174)consumer_accept_lists to a SET from an ARRAY type for google_compute_service_attachment (#6369)deletion_protection to google_container_cluster which is enabled to true by default. When enabled, this field prevents Terraform from deleting the resource. (#6391)management.auto_repair and management.auto_upgrade defaults to true in google_container_node_pool (#6329)networking_mode default to VPC_NATIVE for newly created google_container_cluster resources (#6402)enable_binary_authorization in google_container_cluster (#6285)logging_variant in google_container_node_pool (#6329)network_policy.provider in google_container_cluster (#6323)google_container_cluster will delete the cluster if it's created in an error state. Instead, it will mark the cluster as tainted, allowing manual inspection and intervention. To proceed with deletion, run another terraform apply. (#6301)taint field in google_container_cluster and google_container_node_pool to only manage a subset of taint keys based on those already in state. Most existing resources are unaffected, unless they use sandbox_config- see upgrade guide for details. (#6351)data_profile_result and data_quality_result from google_dataplex_scan (#6070)deletion_policy default to DELETE for google_firebase_web_app. (#6018)google_firebase_project_location (#6223)gameservices (#6112)unique_writer_identity from false to true in google_logging_project_sink. (#6210)growth_factor, num_finite_buckets, and scale required for google_logging_metric (#6173)LOOKER_MODELER as a possible value in google_looker_instance.platform_edition (#6349)google_monitoring_dashboard.dashboard_json by suppressing values returned by the API that are not in configuration (#6392)labels immutable in google_monitoring_metric_descriptor (#6372)config_values, pem_certificates from google_privateca_certificate (#6097)automatic field in google_secret_manager_secret resource (#6279)google_service_networking_connection (#6222)deleteConnection method to delete the resource google_service_networking_connection (#6332)FEATURES:
google_scc_folder_custom_module (#6367)google_scc_organization_custom_module (#6390)IMPROVEMENTS:
google_alloydb_instance and google_alloydb_backup (#6363)google_artifact_registry_repository (#6362)google_bare_metal_admin_cluster to better align with actual behavior (#6388)state output attribute to google_bigtable_instance clusters (#6353)google_compute_node_group mutable (#6384)network_interface.security_policy field to google_compute_instance resource (#6343)type field to google_compute_router_nat resource (#6331)rules.action.source_nat_active_ranges and rules.action.source_nat_drain_ranges field to google_compute_router_nat resource (#6331)network_attachment to google_compute_instance (#6331)effective_taints attribute to google_container_cluster and google_container_node_pool, outputting all known taint values (#6351)addons_config.gcs_fuse_csi_driver_config on google_container_cluster with enable_autopilot: true. (#6378)binary_authorization to google_container_aws_cluster (#6373)update_settings to google_container_aws_node_pool (#6373)week_day_of_month.day_offset field to the google_os_config_patch_deployment resource (#6379)rotation.rotation_period field in google_secret_manager_secret resource (#6345)preferred_zone field to google_sql_database_instance resource (#6360)event_stream field to google_storage_transfer_job resource (#6382)replica_zones, service_account_scopes, and enable_audit_agent to google_workstations_workstation_config (beta) (#6355)BUG FIXES:
external_data_configuration.connection_id in google_bigquery_table (#6368)google_bigquery_table (#6034)google_bigtable_instance when cluster is still updating and storage type changed (#6353)google_bigtable_instance (#6338)metric.filter in the resource google_compute_autoscaler (beta) (#6082)reconcile_connections in resource google_compute_service_attachment, the field will now default to a value returned by the API when not set in configuration (#6322)enable_endpoint_independent_mapping with APIs default in resource google_compute_router_nat (#6053)google_container_node_pool where empty linux_node_config.sysctls would crash the provider (#6339)google_dataflow_flex_template_job (#6357)google_dataflow_flex_template_job (#6357)google_dataflow_flex_template_job (#6357)google_firebase_rules.release immutable (#6373)sign_in in google_identity_platform_config resource (#6317)metadata was not able to be updated in google_monitoring_metric_descriptor (#6372)google_monitoring_notification_channel failed when no default project was supplied in provider configuration or through environment variables (#6327)google_secretmanager_secret where replacing replication.automatic with replication.auto would destroy and recreate the resource (#6325)database_flags in google_sql_database_instance (#6172)google_tags_tag_binding (#6383)contents_delta_uri a required field in google_vertex_ai_index as omitting it would result in an error (#6374)host.gce_instance.accelerators in google_workstation_config (#6354)DEPRECATIONS:
network field in favor of network_config on google_alloydb_cluster. (#6297)google_identity_platform_project_default_config resource. Use google_identity_platform_config resource instead (#6293)FEATURES:
google_certificate_manager_certificate_map (#6316)google_artifact_registry_vpcsc_config (#6265)google_dialogflow_cx_security_settings (#6300)google_gke_backup_restore_plan (#6278)google_scc_project_custom_module (#6315)google_tpu_v2_vm (#6264)google_edgenetwork_network (#6305)google_edgenetwork_subnet (#6305)IMPROVEMENTS:
network_config field to support named IP ranges on google_alloydb_cluster. (#6297)network_interfaces to resource google_cloud_run_v2_job to support Direct VPC egress. (#6287)network_interfaces to resource google_cloud_run_v2_service to support Direct VPC egress. (#6287)autoscaling_policy.mode to accept ONLY_SCALE_OUT on google_compute_autoscaler (#6304)server_tls_policy argument to google_compute_target_https_proxy resource (#6269)member attribute to google_compute_default_service_account datasource (#6311)internal_ipv6_prefix to google_compute_subnetwork resource (#6306)node_config.fast_socket field to google_container_node_pool (#6289)auto_repair in google_container_aws_node_pool (#6282)auto_repair in google_container_azure_node_pool (#6282)"ZONAL" value to tier in google_filestore_instance (#6303)delete_protection_state field to google_firestore_database resource. (#6295)sign-in field to google_identity_platform_config resource (#6293)linked_vpc_network in google_network_connectivity_spoke (#6282)google_network_services_edge_cache_origin to 120m from 60m (#6275)google_network_services_edge_cache_service to 60m from 30m (#6281)is_secret_data_base64 field to google_secret_manager_secret_version resource (#6273)env field to google_workstations_workstation resource (#6258)BUG FIXES:
google_bigquery_table.time_partitioning.expiration_ms (#6290)google_bigtable_instance (#6276)google_bigtable_instance (#6313)google_eventarc_trigger.event_data_content_type by defaulting to the value returned by the API if not set in the configuration. (#6282)sign_in in google_identity_platform_config resource (#6317)google_monitoring_monitored_project (#6259)service_id on google_monitoring_custom_service and slo_id on google_monitoring_slo (#6266)patch_config.windows_update on google_os_config_patch_deployment (#6314)provider block (#6268)google_secret_manager_secret_version resource (#6296)google_secretmanager_secret where replacing replication.automatic with replication.auto would destroy and recreate the resource (#6325)DEPRECATIONS:
automatic field on google_secret_manager_secret. Use auto instead. (#6237)FEATURES:
google_biglake_table (#6205)google_data_pipeline_pipeline (#6236)google_dialogflow_cx_test_case (#6249)google_storage_insights_report_config (#6253)google_apigee_target_server (#6215)IMPROVEMENTS:
allow_non_incremental_definition to google_bigquery_table resource (#6248)table_constraints field to google_bigquery_table resource (#6250)google_compute_address and google_compute_instance resources (#6232)binary_authorization field to google_container_attached_cluster resource (#6256)config.instance_type in container_aws_node_pool (#6282)point_in_time_recovery_enablement field to google_firestore_database resource (#6239)update_time and uid fields to google_firestore_database resource (#6257)labels, namespace_labels fields to google_gke_hub_namespace resource (#6202)labels fields to google_gke_hub_membership_binding resource (#6216)labels fields to google_gke_hub_scope resource (#6243)upgrade_policy and binary_authorization fields in google_gkeonprem_bare_metal_cluster resource (beta) (#6224)upgrade_policy field in google_gkeonprem_vmware_cluster resource (beta) (#6224)auto field to google_secret_manager_secret resource (#6237)deletion_policy field to google_secret_manager_secret_version resource (#6252)autoclass field in google_storage_bucket resource (#6233)public_endpoint_enabled to google_vertex_ai_index_endpoint (#6208)env field to google_workstations_workstation resource (beta) (#6258)BUG FIXES:
location of google_bigquery_data_transfer_config (#6203)additional_pod_network_configs was not sent correctly in google_container_node_pool (#6211)google_container_node_pool (#6254)event_content_type in eventarc_trigger, the field will now default to a value returned by the API when not set in configuration (#6282)google_dataflow_job instances would crash the provider (#6255)user_project_override would not be not used correctly when provisioning resources implemented using the plugin framework. Currently there are no resources implemented this way, so no-one should have been impacted. (#6230)no_wrapper.write_metadata to false wasn't passed to the API for google_pubsub_subscription (#6219)google_service_account creation if 403 Forbidden is returned. (#6221)content value is expected on google_storage_bucket_object_content (#6204IMPROVEMENTS:
enable_proxy_protocol in google_compute_service_attachment resource (#6192)reconcile_connections in google_compute_service_attachment resource (#6187)allowPscGlobalAccess in google_compute_forwarding_rule resource (#6179)monitoring_config.enable_components in google_container_cluster resource (#6198)labels field to google_gke_hub_scope_rbac_role_binding resource (#6200)unique_writer_identity in google_logging_project_sink resource (#6193)psc_connections.error.details field to google_network_connectivity_service_connection_policy resource (#6197)replication.user_managed.replicas.customer_managed_encryption in google_secret_manager_secret resource (#6177)BUG FIXES:
params.destination_table_name_template and params.data_path immutable as updating these fields if value of data_source_id is amazon_s3 in google_bigquery_data_transfer_config resource (#6195)all_instances_config in google_compute_region_instance_group_manager resource (#6191)network_url in google_dns_managed_zone and google_dns_policy resources to make sure that the private DNS zone or DNS policy can be attatched to all of the networks in different projects, even though the network name is the same across of those projects (#6199)location immutable as updating this field in google_service_directory_namespace resource (#6182)FEATURES:
google_biglake_catalog (#6152)google_redis_cluster (#6158)google_biglake_database (#6161)google_compute_network_attachment (#6159)google_gke_hub_membership_binding (#6170)google_gke_hub_namespace (#6170)google_gke_hub_scope (#6170)google_gke_hub_scope_iam_member (#6170)google_gke_hub_scope_iam_policy (#6170)google_gke_hub_membership_binding (#6170)google_gke_hub_scope_rbac_role_binding (#6170)IMPROVEMENTS:
distribution_policy_target_shape of google_compute_region_instance_group_manager not cause recreation of the resource. (#6156)enable_fqdn_network_policy field to google_container_cluster (#6157)node_config.confidential_compute field to google_container_node_pool resource (#6166)password of google_datastream_connection_profile to be mutable. (#6140)response_type, channel, payload, conversation_success, output_audio_text, live_agent_handoff, play_audo, telephony_transfer_call, reprompt_event_handlers, set_parameter_actions, and conditional_cases fields to google_dialogflow_cx_page resource (#6168)response_type, channel, payload, conversation_success, output_audio_text, live_agent_handoff, play_audo, telephony_transfer_call, set_parameter_actions, and conditional_cases fields to google_dialogflow_cx_flow resource (#6168)web_sso_config.additional_scopes field to google_iam_workforce_pool_provider resource. (#6145)jwksJson field to WorkforcePoolProvider resource (#6153)synthetic_monitor to google_monitoring_uptime_check_config resource (#6148)BUG FIXES:
template.volumes.secret.items.mode field in google_cloud_run_v2_job resource to a non-required field. (#6154)template.volumes.secret.items.mode field in google_cloud_run_v2_service resource to a non-required field. (#6154)reserved_ip_range field in google_filestore_instance (#6143)authorized_domains in google_identity_platform_config resource (#6137)DEPRECATIONS:
google_dataplex_datascan fields: dataProfileResult and dataQualityResult (#6090)google_firebase_project_location in favor of google_firebase_storage_bucket and google_firestore_database (#6087)FEATURES:
google_sql_database_instance_latest_recovery_time (#6109)google_certificate_manager_trust_config (#6118)google_compute_region_security_policy_rule (#6086)google_gke_hub_membership_rbac_role_binding (#6103)google_iam_deny_policy (ga only) (#6125)IMPROVEMENTS:
restore_backup_source and restore_continuous_backup_source fields to support restore feature in google_alloydb_cluster resource. (#6129)cleanup_policies and cleanup_policy_dry_run fields to resource google_artifact_registry_repository (#6117)security_policy field to google_compute_target_instance resource (#6122)security_policy field to google_compute_target_pool (#6124)user_defined_fields to google_compute_region_security_policy (#6086)google_compute_instance boot_disk.source (#6132)additional_pod_ranges_config field to google_container_cluster resource (#6133)data_profile_spec.post_scan_actions, data_profile_spec.include_fields and data_profile_spec.exclude_fields (#6104)google_dns_response_policy (#6111)api_key_id field to google_firebase_web_app, google_firebase_android_app, and google_firebase_apple_app. (#6127)ignore_errors to true in google_gkeonprem_bare_metal_admin_cluster delete calls (#6095)psc_config , psc_service_attachment_link, and dns_name fields to google_sql_database_instance (#6119)enable_nested_virtualization field to google_workstations_workstation_config resource (#6123)BUG FIXES:
google_bigtable_gc_policy.gc_rules when max_age is specified using increments larger than hours (#6131)google_bigtable_gc_policy.gc_rules when mode is specified (#6131)resource_container_cluster to ignore dns_config diff when enable_autopilot = true (#6108)config.labels to be updatable in google_container_aws_node_pool (#6120)google_container_azure_cluster (#6096)FEATURES:
google_backup_dr_management_server (#6054)google_compute_region_security_policy_rule (#6086)IMPROVEMENTS:
git_file_source.bitbucket_server_config and source_to_build.bitbucket_server_config fields to google_cloudbuild_trigger resource (#6051)google_cloud_run_v2_job and google_cloud_run_v2_service resources: create_time, update_time, delete_time, expire_time, creator and last_modifier (#6067)config.private_environment_config.connection_type field to google_composer_environment resource (#6043)disk.provisioned_iops field to google_compute_instance_template and google_compute_region_instance_template resources (#6071)advanced_options_config.user_ip_request_headers field to google_compute_security_policy resource (#6048)user_defined_fields field to google_compute_region_security_policy resource (#6086)edition field to google_database_migration_service_connection_profile resource (#6074)globalL7ilb value for the routing_policy.load_balancer_type field in google_dns_record_set resource (#6084)control_plane_node.vsphere_config.storage_policy_name and vcenter.storage_policy_name fields to google_gkeonprem_vmware_cluster resource (#6072)default_search_handling_strict field to google_healthcare_fhir_store resource (#6078)scaling_config field to google_dataproc_metastore_service resource (#6052)version_aliases field to google_secret_manager_secret resource (#6058)BUG FIXES:
google_alloydb_cluster when backup_window, enabled or location fields are unset (#6036)google_container_aws_cluster and google_container_aws_node_pool resources (#6060)google_dataplex_datascan after running a job (#6047)private_visibility_config.networks from required to requiring at least one of private_visibility_config.networks or private_visibility_config.gke_clusters in google_dns_managed_zone resource (#6035)FEATURES:
google_billing_project_info (#6015)google_dataform_repository_release_config (#6009)google_network_connectivity_service_connection_policy (#6000)IMPROVEMENTS:
continuous_backup_config and continuous_backup_info fields to cluster resource (#5996)external_data_configuration.file_set_spec_type to google_bigquery_table (#6017)max_staleness to google_bigquery_table (#6010)resource_ancestors field to google_billing_budget resource (#6008)type to google_cloud_identity_group_memberships (#6013)subnetwork field to the resource google_compute_global_forwarding_rule (#6026)INTERNAL_MANAGED to the field load_balancing_scheme in the resource google_compute_backend_service (#6026)INTERNAL_MANAGED to the field load_balancing_scheme in the resource google_compute_global_forwarding_rule (#6026)ip_version to google_compute_forwarding_rule (#6006)master_ipv4_cidr_block as not required when private_endpoint_subnetwork is provided for google_container_cluster (#6025)advanced_datapath_observability_config to google_container_cluster (#6027)event_data_content_type to google_eventarc_trigger (#6032)send_previous_resource_on_delete field to notification_configs of google_healthcare_fhir_store (#5999)cloud_storage_config field to google_pubsub_subscription resource (#6024)annotations field to google_secret_manager_secret resource (#6007)private_cluster_config.allowed_projects arguments to google_workstations_workstation_cluster (#6021)BUG FIXES:
google_certificate_manager_certificate resource when its location changes (#6031)google_cloudfunctions2_function (#6023)evaluation_interval on condition_prometheus_query_language to be optional (#6028)NOTES:
google_vpc_access_connector (#5957)FEATURES:
google_document_ai_warehouse_document_schema (#5965)google_document_ai_warehouse_location (#5965)IMPROVEMENTS:
continuous_backup_config and continuous_backup_info fields to cluster resource (#5996)machine_type field on the google_cloudbuild_trigger resource (#5985)enable_strong_affinity field to google_compute_region_backend_service (beta) (#5962)ipv6_endpoint_type and ip_version to google_compute_address (#5986)network_interface.ipv6_access_config.external_ipv6_prefix_length to google_compute_instance (#5986)network_interface.ipv6_access_config.name to google_compute_instance (#5986)GLOBAL_MANAGED_PROXY for the field purpose in the resource google_compute_subnetwork (#5981)google_compute_backend_service as per release note (#5967)local_ssd_recovery_timeout field to google_compute_instance resource (#5968)local_ssd_recovery_timeout field to google_compute_instance_template resource (#5968)local_ssd_recovery_timeout field to google_compute_regional_instance_template resource (#5968)network_interface.ipv6_access_config.external_ipv6 configurable in google_compute_instance (#5986)enable_k8s_beta_apis.enabled_apis field to google_container_cluster (#5961)node_config.host_maintenance_policy field to google_container_cluster and google_container_node_pool (#5983)placement_policy.policy_name field to google_container_node_pool resource (#5994)private_cluster_config when master_global_access_config is set in google_container_cluster (#5995)enabled_private_endpoint to be settable on creation for PSC-based clusters (#5989)google_gkeonprem_bare_metal_admin_cluster (#5990)google_gkeonprem_bare_metal_cluster and google_gkeonprem_bare_metal_admin_cluster (#5990)blocking_functions quota and authorized_domains in google_identity_platform_config (#5964)period in google_monitoring_uptime_check_config (#5959)no_wrapper field to google_pubsub_subscription resource (#5972)accelerators field to google_workstations_workstation_config resource (#5991)BUG FIXES:
google_bigquery_data_transfer_config (#5987)google_cloudfunctions2_function.build_config.source.storage_source.generation created a diff when not set in config (#5992)database_url output attribute (#5988)google_monitoring_monitored_project where project numbers were not accepted for name (#5955)google_vpc_access_connector in 4.75.0. min_throughput and max_throughput fields lost their default value, and customers could not make deployment due to that change. (#5957)FEATURES:
google_dataplex_task (#5914)google_iap_web_region_backend_service_iam_binding (#5944)google_iap_web_region_backend_service_iam_member (#5944)google_iap_web_region_backend_service_iam_policy (#5944)IMPROVEMENTS:
security_policy field to google_compute_region_backend_service resource (#5924)status.traffic output fields to google_cloud_run_service resource (#5943)custom_audiences to resource google_cloud_run_v2_service (#5935)resilience_mode in google_composer_environment (#5921)reconcile_connections for google_compute_service_attachment. (#5945)gcs_fuse_csi_driver_config field to addons_config in google_container_cluster resource. (#5946)allow_net_admin field to google_container_cluster resource (#5940)google_container_cluster and google_container_node_pool. (#5949)google_container_cluster resource (#5947)last_updated_partition_config field to google_healthcare_fhir_store resource (#5937)condition_prometheus_query_language field to google_monitoring_alert_policy resource (#5952)scope field optional in google_network_services_gateway resource (#5939)enable_drop_protection to google_spanner_database resource(#5942)BUG FIXES:
automated_backup_policy in google_alloydb_cluster resource (#5913)google_artifact_registry_repository (#5936)google_cloud_tasks_queue min and max backoff settings (#5920)service.spec.template.metadata.labels were treated as a diff. (#5953)enforce_on_key_configs on google_compute_security_policy (#5928)google_monitoring_monitored_project where project numbers were not accepted for name (#5955)BUG FIXES:
vpcaccess: reverted new behaviour introduced by resource google_vpc_access_connector in 4.75.0. min_throughput and max_throughput fields lost their default value, and customers could not make deployment due to that change.
vpcaccess: reverted the ability to update the number of instances for resource google_vpc_access_connector
FEATURES:
google_looker_instance (#5903)IMPROVEMENTS:
disable_vpc_peering field to google_apigee_organization resource (#5901)external_data_configuration.json_options and external_data_configuration.parquet_options fields to google_bigquery_table (#5906)change_stream_retention field to google_bigtable_table.table resource (#5880)most_recent argument to google_compute_image datasource (#5902)enable_confidential_compute for google_compute_disk resource (#5897)gpu_driver_installation_config.gpu_driver_version field to google_container_node_pool (#5899)state and state_reason output-only fields to google_gkebackup_backupplan resource (#5909)complex_data_type_reference_parsing field to google_healthcare_fhir_store resource (#5884)included_query_parameters and excluded_query_parameters on google_network_services_edge_cache_service (#5889)google_vpc_access_connector resource (#5894)BUG FIXES:
google_alloydb_cluster handling of automated backup policy midnight start time (#5913)google_compute_instance.min_cpu_platform and switching to a machine_type that does not support min_cpu_platform at the same time (#5911)google_tags_location_tag_binding (#5904)IMPROVEMENTS:
storage_billing_model argument to google_bigquery_dataset (#5868)external_data_configuration.metadata_cache_mode and external_data_configuration.object_metadata to google_bigquery_table (#5856)external_data_configuration.source_fomat optional in google_bigquery_table (#5856)issuance_config field to google_certificate_manager_certificate resource (#5860)gitlab_config field to google_cloudbuildv2_connection resource (#5848)http_keep_alive_timeout_sec to resource google_compute_target_http_proxy (#5864)http_keep_alive_timeout_sec to resource google_compute_target_https_proxy (#5864)google_compute_external_vpn_gateway (#5875)tpu_topology under placement_policy in resource google_container_node_pool (#5871)oidc.client_secret field to google_iam_workforce_pool_provider and new enum values CODE and MERGE_ID_TOKEN_OVER_USER_INFO_CLAIMS to oidc.web_sso_config.response_type and oidc.web_sso_config.assertion_claims_behavior respectively (#5853)settings.data_cache_config to sql_database_instance resource. (#5869)settings.edition field to sql_database_instance resource. (#5869)shard_size in google_vertex_ai_index (#5874)BUG FIXES:
google_compute_router_peer.peer_ip_address optional (#5855)google_redis_instance populating output-only field maintenance_schedule. (#5852)google_org_policy_policy (#5873)state fields in google_os_config_os_policy_assignment (#5863)BUG FIXES:
name field of google_monitoring_monitored_project was long-formBUG FIXES:
google_monitoring_monitored_project to appear to be deletedFEATURES:
google_firebase_extensions_instance (#5832)IMPROVEMENTS:
no_automate_dns_zone field to google_compute_forwarding_rule. (#5842)google_compute_disk_async_replication resource to GA. (#5843)async_primary_disk field in google_compute_disk resource to GA. (#5843)async_primary_disk field in google_compute_region_disk resource to GA. (#5843)disk_consistency_group_policy field in google_compute_resource_policy resource to GA. (#5843)google_service_account_id_token when authenticated with GCE metadata credentials (#5825)BUG FIXES:
google_network_services_edge_cache_keyset to 90m (#5839)BUG FIXES:
google_compute_instance_template where initialize params stopped the disk.disk_size_gb field being used (#5849)FEATURES:
google_public_ca_external_account_key (#5813)google_compute_network_edge_security_service (#5808)google_compute_region_security_policy (#5808)IMPROVEMENTS:
provisioned_throughput field to google_compute_disk used by hyperdisk-throughput pd type (#5814)http_keep_alive_timeout_sec to resource google_compute_target_http_proxy (#5818)http_keep_alive_timeout_sec to resource google_compute_target_https_proxy (#5818)security_posture_config to resource google_container_cluster (#5821)locked to google_logging_project_bucket_config (#5811)BUG FIXES:
edition field of google_bigquery_reservation was not handled (#5800)service_config in google_cloudfunctions2_function resource (#5810)google_compute_forwarding_rule and google_compute_global_forwarding_rule (#5820)google_gke_hub_feature (#5820FEATURES:
google_gke_hub_feature_iam_* (#5782)google_gke_hub_feature (#5782)google_vmwareengine_cluster (#5784)google_vmwareengine_private_cloud (#5784)IMPROVEMENTS:
apigee_project_id to resource google_apigee_organization (#5781)google_bigtable_instance (#5779)resilience_mode to resource google_composer_environment (#5790)params.resource_manager_tags and boot_disk.initialize_params.resource_manager_tags to resource google_compute_instance (#5787)service_account_name mutable in resource google_bigquery_data_transfer_config (#5777)jwks_json to resource google_iam_workload_identity_pool_provider (#5789)BUG FIXES:
cluster_id values are unique within resource google_bigtable_instance (#5778)autoclass.enabled field was explicitly set to false in resource google_storage_bucket (#5776)FEATURES:
google_compute_network_endpoints (#5756)vertex_ai_index_endpoint (#5738)IMPROVEMENTS:
google_bigtable_gc_policy (#5752)url output field to google_cloudfunctions2_function (#5745)network_attachment to google_compute_instance_template (#5761)path_template_match and path_template_rewrite to google_compute_url_map. (#5760)sole_tenant_config to node_config in google_container_node_pool and google_container_cluster (#5774)workspace_compilation_overrides to resource google_dataform_repository (beta) (#5736)crypto_hash_config to google_data_loss_prevention_deidentify_template (#5757)trigger_id field to google_data_loss_prevention_job_trigger (#5773)POWERPOINT and EXCEL in inspect_job.storage_config.cloud_storage_options.file_types enum to google_data_loss_prevention_job_trigger resource (#5749)sensitivity_score field to google_data_loss_prevention_deidentify_template resource (#5764)sensitivity_score field to google_data_loss_prevention_inspect_template resource (#5758)sensitivity_score field to google_data_loss_prevention_job_trigger resource (#5765)definition field of google_pubsub_schema updatable. (https://cloud.google.com/pubsub/docs/schemas#commit-schema-revision) (#5750)POSTGRES_15 to version docs for database_version field to google_sql_database_instance (#5772)connected_projects attribute to resource google_vpc_access_connector. (#5734)BUG FIXES:
google_vertex_ai_featurestore_entitytype_feature always use region corresponding to parent's region (#5739)NOTE:
FEATURES:
google_vmwareengine_network (#5725)google_access_context_manager_service_perimeter_egress_policy (#5723)google_access_context_manager_service_perimeter_ingress_policy (#5723)google_certificate_manager_certificate_issuance_config (#5712)google_dataplex_datascan (#5707)google_dataplex_datascan_iam_* (#5731)google_vmwareengine_network (#5725)IMPROVEMENTS:
lookup_projects to google_billing_account datasource that skips reading the list of associated projects (#5721)info_type_transformations block in the record_transformations field to google_data_loss_prevention_deidentify_template resource. (#5729)redact_config, fixed_size_bucketing_config, bucketing_config, time_part_config and date_shift_config fields to google_data_loss_prevention_deidentify_template resource (#5711)stored_info_type_id field to google_data_loss_prevention_stored_info_type resource (#5708)template_id field to google_data_loss_prevention_deidentify_template and google_data_loss_prevention_inspect_template (#5726)actions field from required to optional in google_data_loss_prevention_job_trigger resource (#5716)fleet_observability to google_gke_hub_feature (#5715)purpose in google_kms_crypto_key to allow newly added values for the field (#5713)google_network_services_gateway to make it compatible with secure web proxy (#5701)schema_settings of google_pubsub_topic to change without deleting and recreating the resource (#5724)google_vertex_ai_metadata_store creation timeout to 40 minutes (#5728)BUG FIXES:
scope in google_network_services_gateway would fail with API errors; now updating them will recreate the resource (#5701)projects/<project_id to parent causing recreation on google_tags_tag_key (#5718)FEATURES:
google_container_analysis_note_iam_* (#5676)IMPROVEMENTS:
included_fields and excluded_fields fields to google_data_loss_prevention_job_trigger (#5687)regionalL7ilb enum support to the routing_policy.load_balancer_type field in google_dns_record_set (#5678)idle_timeout and running_timeout fields in google_workstations_workstation_config (#5673)persistent_directories.reclaim_policy and persistent_directories.source_snapshot fields in google_workstations_workstation_config (#5695)BUG FIXES:
spec and status in google_access_context_manager_service_perimeter (#5675)google_alloydb_instance from 20m to 40m (#5681)config_bundle in google_apigee_sharedflow that's attached to google_apigee_sharedflow_deployment causes an error (#5683)compute_security_policy from 4m to 8m (#5680)google_dataproc_cluster.virtual_cluster_config (#5689)FEATURES:
IMPROVEMENTS:
template.spec.volumes.empty_dir and template.spec.containers.name fields to google_cloud_run_service (#5654)guest_os_features and licenses fields to google_compute_disk and google_compute_region_disk (#5659)mysql_source_config.max_concurrent_backfill_tasks field to google_datastream_stream (#5648)google_firebase_webapp (#5647)google_notebooks_instance.metadata field (#5655)encoding_format field to google_privateca_ca_pool (#5662)BUG FIXES:
google_apigee_organization timeout defaults to 45m from 20m (#5652)metadata.annotation in google_cloud_run_service (#5651)google_container_node_pool (#5671)hostname (under ip_block) from required to optional for google_gkeonprem_vmware_cluster (#5670)NOTE:
FEATURES:
google_network_security_server_tls_policy (#5619)IMPROVEMENTS:
ICEBERG as an enum for external_data_configuration.source_format field in google_bigquery_table (#5622)status attribute to the google_cloudfunctions_function resource and data source (#5625)storage_location field in google_compute_image resource (#5644)google_compute_region_commitment (#5633)google_dataflow_flex_template_job (#5635)forecast_options field to google_monitoring_alert_policy resource (#5642)notification_channel_strategy field to google_monitoring_alert_policy resource (#5624)advanced_machine_features field in google_sql_database_instance (#5639)path to transfer_spec.aws_s3_data_source in google_storage_transfer_job (#5641)source_snapshot in google_workstations_workstation_config (#5636)BUG FIXES:
google_artifact_registry_repository. (#5637)log_config.sample_rate of google_compute_backend_service (#5631)gateway_api_config.channel of google_container_cluster (#5626)google_dataflow_job (#5634)google_storage_bucket (#5634)BUG FIXES:
google_client_config datasource return null for all attributes when region or zone is unset in provider configBUG FIXES:
google_client_config datasource return null for access_tokenFEATURES:
google_datastream_static_ips (#5587)google_compute_disk_async_replication (#5588)google_firestore_field (#5603)google_gkeonprem_bare_metal_cluster (#5594)google_gkeonprem_bare_metal_node_pool (#5602)google_network_security_tls_inspection_policy (#5615)IMPROVEMENTS:
load.parquet_options to google_bigquery_job (#5592)allow_failure and allow_exit_codes to build.step in google_cloudbuild_trigger resource (#5593)git_file_source.repository and source_to_build.repository fields to google_cloudbuild_trigger resource (beta) (#5597)template.containers.depends_on and template.volumes.empty_dir to google_cloud_run_v2_service. (#5613)template.template.volumes.empty_dir to google_cloud_run_v2_job. (#5613)SEV_SNP_CAPABLE, SUSPEND_RESUME_COMPATIBLE, TDX_CAPABLE for the guest_os_features of google_compute_image (#5604)stack_type to google_compute_network_peering (#5601)gcs_fuse_csi_driver_config to google_container_cluster resource. (#5616)publish_to_stackdriver field to google_data_loss_prevention_job_trigger resource (#5610)tls_inspection_policy field to google_network_security_gateway_security_policy (#5615)BUG FIXES:
self_managed.pem_certificate and self_managed.pem_certificate can't be updated on google_certificate_manager_certificate (#5606)terraform destroy -refresh=false for instance group managers with wait_for_instances = "true" if the instance group manager was not found (#5614)auto_provisioning_defaults.management is not provided on google_container_cluster (#5605)FEATURES:
google_alloydb_locations (#5507)google_sql_tiers (#5548)google_access_context_manager_egress_policy (#5525)google_database_migration_service_connection_profile (#5527)google_gkeonprem_vmware_cluster (#5533)google_gkeonprem_vmware_node_pool (#5579)google_network_security_address_group (#5539)google_network_security_authorization_policy (#5582)google_network_services_grpc_route (#5572)google_network_services_service_binding (#5536)google_networksecurity_client_tls_policy (#5561)google_networkservices_endpoint_policy (#5542)google_networkservices_tls_route (#5524)google_workstations_workstation_config_iam (#5512)google_workstations_workstation_iam (#5512)IMPROVEMENTS:
encryption_config and encryption_info fields in google_alloydb_cluster, to allow CMEK encryption of the cluster's data. (#5551)google_alloydb_backup resource (#5549)encryption_config field inside the automated_backup_policy block ingoogle_alloydb_cluster, to allow CMEK encryption of automated backups. (#5551)location field to certificatemanager certificate resource (#5554)port to http_get to resource google_cloud_run_service (#5510)port to http_get to resource google_cloud_run_v2_service (#5510)startupCpuBoost to resource google_cloud_run_v2_service (#5521)session_affinity to google_cloud_run_v2_service (#5518)allow_psc_global_access to google_compute_forwarding_rule resource (#5523)dest_fqdns, dest_region_codes, dest_threat_intelligences, src_fqdns, src_region_codes, and src_threat_intelligences to google_compute_firewall_policy_rule resource. (#5523)source_ip_ranges and base_forwarding_rule to google_compute_forwarding_rule resource (#5523)bypass_cache_on_request_headers to cdn_policy in google_compute_backend_service resource (#5563)dest_address_groups and src_address_groups fields to google_compute_firewall_policy_rule and google_compute_network_firewall_policy_rule (#5530)async_primary_disk to google_compute_disk and google_compute_region_disk (#5553)disk_consistency_group_policy to google_compute_resource_policy (#5553)google_compute_router_peer (#5531)network_firewall_policy_enforcement_order field mutable in google_compute_network. (#5516)exclude_by_hotword exclusion rule to google_data_loss_prevention_inspect_template resource (#5555)image_transformations field to google_data_loss_prevention_deidentify_template resource (#5556)inspectConfig field to google_data_loss_prevention_job_trigger resource (#5535)replace_dictionary_config field to info_type_transformations in google_data_loss_prevention_deidentify_template resource (#5556)surrogate_type custom type to google_data_loss_prevention_inspect_template resource (#5555)version field for multiple info_type blocks to google_data_loss_prevention_inspect_template resource (#5555)google_sql_source_representation_instance (#5557)region field to google_vertex_ai_endpoint (#5514)crypto_key_name field to google_workflows_workflow resource (#5509)host and container in google_workstations_workstation_config (#5585)BUG FIXES:
role_id on google_organization_iam_custom_role (#5569)google_compute_router_interface that happened when project was not set in the provider configuration or via environment variable (#5508)google_dns_keys data source where list attributes could not be used at plan-time (#5546)bundle_id in google_firebase_apple_app (#5577)persistent_directories and encryption_key would fail with API errors; now updating them will recreate the resource (#5585)google_workstations_workstations_config was not propagated to the underlying resource (#5585)BUG FIXES:
NOTES:
location from optional to required for google_alloydb_cluster and google_alloydb_backup resources. location had previously been marked as optional, but operations failed if it was omitted, and there was no way for location to be inherited from the provider configuration or from an environment variable. This means there was no way to have a working configuration without location specified. (#5492, #5494)FEATURES:
google_access_context_manager_ingress_policy (#5474)google_compute_public_advertised_prefix (#5476)google_compute_public_delegated_prefix (#5476)google_compute_region_commitment (#5473)google_network_services_http_route (#5471)google_network_services_tcp_route (beta) (#5497)IMPROVEMENTS:
inspect_job.actions.job_notification_emails and inspect_job.actions.deidentify fields to google_data_loss_prevention_job_trigger resource (#5477)triggers.manual and inspect_job.storage_config.hybrid_options to google_data_loss_prevention_job_trigger (#5490)oidc.web_sso_config field to google_iam_workforce_pool_provider (#5491)BUG FIXES:
weekly_schedule (under automated_backup_policy) from required to optional for google_alloydb_cluster (#5495)USE_ORIGIN_HEADERS is set in google_compute_backend_bucket (#5488)google_network_services_edge_cache_keyset to 60m (from 30m) (#5481)enable_private_path_for_google_cloud_services to false in google_sql_database_instance(#5484)BUG FIXES:
stack_type was unset on google_compute_ha_vpn_gateway (#5479)FEATURES:
google_compute_region_instance_template (#5467)google_compute_region_instance_template (#5467)google_logging_linked_dataset (#5459)IMPROVEMENTS:
OS_INVENTORY value to content_type for google_cloud_asset_*_feed (#5465)google_clouddeploy_delivery_pipeline (#5451)source_instance_template field of google_compute_instance_from_template resource (#5467)pod_cidr_overprovision_config field to google_container_cluster and google_container_node_pool resources. (#5468)google_org_policy_policy (#5443)BUG FIXES:
initialGroupConfig field for resource google_cloud_identity_group (#5456)batching.send_after unspecified and batching specified (#5460)credentials field could not be set as an empty string (#5466)google_vertex_ai_index to 180m (#5450)BREAKING CHANGES:
max_retries in google_cloud_run_v2_job. This should match the API's existing default, but may show a diff at plan time in limited circumstances as drift is now detected (#5432)FEATURES:
google_firebase_android_app_config (#5425)google_apigee_keystores_aliases_pkcs12 (#5411)google_apigee_keystores_aliases_self_signed_cert (#5394)google_network_security_url_lists (#5439)google_network_services_mesh (#5393)google_network_security_gateway_security_policy (beta) (#5434)google_network_security_gateway_security_policy_rule (beta) (#5434)IMPROVEMENTS:
initial_user and automated_backup_policy.weekly_schedule to google_alloydb_cluster (#5420)mode, virtual_repository_config, and remote_repository_config to GA (#5426)edition and autoscale to google_bigquery_reservation and edition to bigquery_capacity_commitment (#5399)SEV_LIVE_MIGRATABLE to guest_os_features.type in google_compute_image (#5424)stack_type to google_compute_ha_vpn_gateway (#5395)ephemeral_storage_local_ssd_config to google_container_cluster.node_config, google_container_cluster.node_pools.node_config, google_container_node_pool.node_config (#5400)dictionary, regex, regex.group_indexes and large_custom_dictionary fields in google_data_loss_prevention_stored_info_type to be update-in-place (#5428)disabled to google_logging_metric (#5423)route_rule to 200 on google_network_services_edge_cache_service (#5433)BUG FIXES:
google_bigquery_capacity_commitment (#5435)max_retries to 0 in google_cloud_run_v2_job was not respected. (#5432)stack_type when GKE omitted stackType in API responses from older GKE clusters (#5429)optional_components (#5410)USER_PROJECT_OVERRIDE environment variable was not being read (#5441)4.60.0/4.60.1 (#5440)BUG FIXES:
4.60.0/4.60.1USER_PROJECT_OVERRIDE environment variable was not being readBUG FIXES:
stack_type when GKE omitted stackType in API responses from older GKE clustersFEATURES:
google_apigee_keystores_aliases_key_cert_file (#5386)IMPROVEMENTS:
address_type, network, network_tier, prefix_length, purpose, subnetwork and users field for google_compute_address and google_compute_global_address datasource (#5363)network_firewall_policy_enforcement_order field to google_compute_network resource (#5375)self_link_unique for google_compute_instance_template to point to the unique id of the resource instead of its name (#5384)stack_type field to google_container_cluster resource (#5364)advanced_machine_features field to google_container_cluster resource (#5371)host_rule on google_network_services_edge_cache_service (#5376)database_names attribute to google_sql_instance (#5366)BUG FIXES:
google_cloud_run_service (#5365)google_sql_user after its google_sql_database_instance is deleted (#5369)google_data_catalog_tag only allowing 10 tags by increasing the page size to 1000 (#5362)google_firebase_project to succeed on apply when the project already has firebase enabled (#5379)FEATURES:
google_dataplex_asset_iam_* (#5348)google_dataplex_lake_iam_* (#5348)google_dataplex_zone_iam_* (#5348)google_network_services_gateway (#5355)IMPROVEMENTS:
is_case_insensitive and default_collation fields to google_bigquery_dataset resource (#5342)scratch_disk.size field on google_compute_instance (#5358)disk_size_gb for SCRATCH disks in google_compute_instance_template (#5358)WEIGHED_MAGLEV to locality_lb_policy enum for backend service resources (#5353)local_nvme_ssd_block to node_config block in the google_container_node_pool (#5335)enable_analytics field to google_logging_project_bucket_config (#5347)expose_headers, allow_headers, request_header_to_remove, request_header_to_add, response_header_to_add and response_header_to_remove of google_network_services_edge_cache_service (#5346)request_headers_to_add of google_network_services_edge_cache_origin (#5346)BUG FIXES:
managed.dns_authorizations not being included during import of google_certificate_manager_certificate (#5325)hostname and matcher in google_certificate_manager_certificate_map_entry would fail with API errors; now updating them will recreate the resource (#5327)enforce_on_key_name could not be unset on google_compute_security_policy (#5326)dataset_id could not utilize the id from bigquery directly (#5331)service_account of google_workstations_workstation_config (#5323)FEATURES:
google_apigee_sharedflow (#5300)google_apigee_sharedflow_deployment (#5300)google_apigee_flowhook (#5300)IMPROVEMENTS:
accelerators field to google_datafusion_instance resource. (#5304)google_privateca_pool, google_privateca_certificate, and google_privateca_certificate_authority (#5317)BUG FIXES:
automated_backup_policy.weekly_schedule of google_alloydb_cluster (#5305)friendly_name is removed from google_bigquery_dataset (#5319)reserved_ip_range in google_redis_instance (#5310)FEATURES:
google_access_context_manager_authorized_orgs_desc (#5292)google_bigquery_capacity_commitment (#5282)google_workstations_workstation (#5273)google_apigee_env_keystore (#5267)google_apigee_env_references (#5267)IMPROVEMENTS:
virtual_repository_config and remote_repository_config to google_artifact_registry_repository (#5289)maintenance_interval field to google_compute_instance_template and google_compute_instance (#5297)BUG FIXES:
google_cloud_identity_group initial_group_config field when importing (#5266)failover_policy when UDP is selected on google_compute_region_backend_service (#5280)project field on datasources for google_firebase_android_app, google_firebase_web_app, and google_firebase_apple_app. (#5293)google_tags_location_tag_binding with zonal parent resources (#5269)DEPRECATIONS:
mesh.control_plane in google_gke_hub_feature_membership. Use mesh.management instead (#5258)FEATURES:
IMPROVEMENTS:
peered_network_ip_range field to google_cloudbuild_worker_pool resource (#5258)multi_target field to google_clouddeploy_target resource (#5258)template.0.containers0.liveness_probe.grpc, template.0.containers0.startup_probe.grpc fields to google_cloud_run_v2_service resource (#5259)internal_ip and external_ip to google_compute_per_instance_config and google_compute_region_per_instance_config (beta) (#5256)max_distance field to resource-policy resource (#5257)deletion_policy to resource google_compute_shared_vpc_service_project (#5243)protect_config to google_container_cluster (beta) (#5255)azure_services_authentication to google_container_azure_cluster (#5258)allow_origins from 5 to 25 on network_services_edge_cache_service (#5239)sink_agent_pool_name and source_agent_pool_name to google_storage_transfer_job (#5262)BUG FIXES:
google-beta used an outdated beta API rather than the GA service API. New format values like “KFP” will now be accepted by both providers. (#5247)event_trigger.resource of google_cloudfunctions_function (#5261)master_config.num_instances would not force recreation when changed in google_dataproc_cluster (#5251)deletion_protection on google_spanner_database (#5242)force_destroy on google_spanner_instance (#5242)FEATURES:
google_cloudbuild_bitbucket_server_config (#5218)google_firebase_hosting_release (#5229)google_firebase_hosting_version (#5229)IMPROVEMENTS:
node_config.kubelet_config.pod_pids_limit on google_container_node_pool (#5217)google_storage_bucket to 10m from 4m (#5222)BUG FIXES:
placement_policy blank on google_container_node_pool (#5233)email field in google_project_service_identity (#5226)FEATURES:
google_firebase_hosting_channel (#5188)google_logging_sink (#5207)google_sql_databases (#5204)IMPROVEMENTS:
bitbucket_server_trigger_config field to google_cloudbuild_trigger resource (#5198)github.enterprise_config_resource_name field to google_cloudbuild_trigger resource (#5205)rsa_encrypted_key to google_compute_disk resource (#5187)rules[].rate_limit_options in google_compute_security_policy to support Cloud Armor Rate Limit Options (#5193)google_sql_database_instance. This change will allow users to promote read replica as stand alone primary instance. (#5184)BUG FIXES:
max_time_travel_hours of google_bigquery_dataset (#5190)stateful_disk in compute_instance_group_manager and compute_region_instance_group_manager. (#5203)settings.activation_policy field in google_sql_database_instance (#5202)BUG FIXES:
FEATURES:
google_apigee_addons_config (#5171)google_cloudbuildv2_connection_iam_binding (#5158)google_cloudbuildv2_connection_iam_member (#5158)google_cloudbuildv2_connection_iam_policy (#5158)google_firestore_database (#5181)google_workstations_workstation_cluster (#5154)IMPROVEMENTS:
resource_policies field to google_compute_instance_template (#5182)force_update_on_repair to instance_lifecycle_policy (#5172)instance_lifecycle_policy to google_compute_instance_group_manager and google_compute_region_instance_group_manager (#5172)labels field to the google_compute_external_vpn_gateway resource (#5162)postgresql_source_config & oracle_source_config in google_datastream_stream (#5166)google_datastream_stream with desired_state=RUNNING (#5166)google_datastream_stream creation (#5166)deletion_policy as updatable without recreation on google_firebase_android_app and google_firebase_apple_app (#5163)enable_private_path_for_google_cloud_services field to google_sql_database_instance resource (#5177)offline_storage_ttl_days to google_vertex_ai_featurestore_entitytype resource (#5178)online_storage_ttl_days to google_vertex_ai_featurestore resource (#5178)description to google_vertex_ai_featurestore_entitytype (#5161)BUG FIXES:
version can't be updated on google_data_fusion_instance (#5175)FEATURES:
google_secret_manager_secret_version_access (#5147)google_cloudbuildv2_connection (#5140)google_cloudbuildv2_repository (#5140)google_workstations_workstation_cluster (#5154)IMPROVEMENTS:
cloud_spanner.use_serverless_analytics field (#5139)cloud_sql.service_account_id and azure.identity output fields (#5139)repository_event_config to resource trigger (#5142)locality_lb_policies field to google_compute_backend_service (#5146)settings.deletion_protection_enabled property documentation. (#13581)root_password field updatable in google_sql_database_instance (#5133)BUG FIXES:
project is different from the default on google_data_catalog_taxonomy (#5145)google_secret_managed_secret (#5149)DEPRECATIONS:
liveness_probe.tcp_socket field from google_cloud_run_v2_service resource as it is not supported by the API and it will be removed in a future major release (#5128)startup_probe and liveness_probe fields from google_cloud_run_v2_job resource as they are not supported by the API and they will be removed in a future major release (#5118)FEATURES:
google_iam_access_boundary_policy (#5130)google_tags_location_tag_bindings (#5115)IMPROVEMENTS:
github_enterprise_config fields to google_cloudbuild_trigger resource. (#5110)annotations to google_cloud_run_v2_service resource (#5108)cloud_data_lineage_integration to resource google_composer_environment (beta) (#5109)tcp_time_wait_timeout_sec field to google_compute_router_nat resource (#5123)google_compute_security_policy to support Cloud Armor Auto Deploy (beta) (#5116)share_settings field to the google_compute_node_group resource. (#5113)deletion_policy field to google_container_attached_cluster resource. (#5121)customer_managed_encryption_key and destination_config.bigquery_destination_config.source_hierarchy_datasets.dataset_template.kms_key_name fields to google_datastream_stream resource (#5120)publish_findings_to_cloud_data_catalog and publish_summary_to_cscc to google_data_loss_prevention_job_trigger resource (#5127)google_sql_database_instance (#5124)google_spanner_database_iam_member and google_spanner_instance_iam_member (#5125)google_sql_source_representation_instance(#5114)BUG FIXES:
external_data_configuration.connection_id of google_bigquery_table (#5126)config_connector_config of the data source google_container_cluster (#5131)firebase:enabled label to be accidentally removed. (#5122)FEATURES:
google_compute_network_peering (#5092)google_compute_router_nat (#5091)google_cloud_run_v2_job_iam_binding (#5099)google_cloud_run_v2_job_iam_member (#5099)google_cloud_run_v2_job_iam_policy (#5099)google_cloud_run_v2_service_iam_binding (#5099)google_cloud_run_v2_service_iam_member (#5099)google_cloud_run_v2_service_iam_policy (#5099)google_gke_backup_backup_plan_iam_binding (#5107)google_gke_backup_backup_plan_iam_member (#5107)google_gke_backup_backup_plan_iam_policy (#5107)IMPROVEMENTS:
reference_file_schema_uri (#5100)credit_types and subaccounts updatable for google_billing_budget (#5087)annotations to CloudRunV2_service resource (#5108)recovery_config in google_composer_environment resource (#5105)max_run_duration field to google_compute_instance and google_compute_instance_template resource (beta) (#5096)dataproc_metric_config to resource google_dataproc_cluster (#5093)deidentify_template.record_transformations.field_transformations.primitive_transformation to google_data_loss_prevention_deidentify_template (#5104)google_sql_database_instance to 40m from 30m (#5094)BUG FIXES:
self_managed field in google_certificate_manager_certificate was treated as sensitive, and marked self_managed.pem_private_key as sensitive (#5106)X-Goog-User-Project on google_client_openid_userinfo (#5090)disk_type can't be updated on google_sql_database_instance (#5095)FEATURES:
google_project_service (#5067)google_sql_database_instances (#5066)google_container_attached_install_manifest (#5073)google_container_attached_install_manifest (#5080)google_container_attached_versions (#5073)google_datastream_stream (#5045)IMPROVEMENTS:
sha1_hashes, sha256_hashes and etag to google_firebase_android_app. (#5074)threat_exception field to google_cloud_ids_endpoint (#5072)triggerer field in google_composer_environment (#5055)stateful_ips fields in instance_group_manager and region_instance_group_manager. (#5064)expire_time to resource google_compute_region_ssl_certificate (#5049)expire_time to resource google_compute_ssl_certificate (#5049)release_channel_latest_version in google_container_engine_versions datasource (#5044)google_container_aws_node_pool autoscaling_metrics_collection field (#5084)google_container_aws_node_pool tags field (#5084)node_group_affinity. in google_dataproc_cluster (#5053)reservation_affinity in google_dataproc_cluster (#5050)telemetry_config field to google_dataproc_metastore_service (#5065)point_in_time_recovery_enabled flag in google_sql_database_instance for SQLSERVER instance, since the API supports it now. (#5079)instance_type field to google_sql_database_instance resource (#5057)scaling field in google_vertex_ai_featurestore (#5081)BUG FIXES:
package_name field suffix to always start with a letter in google_firebase_android_app. (#5074)aws.access_role.iam_role_id cannot be updated on google_bigquery_connection (#5083)master_global_access_config in google_container_cluster (#5043)kubernetes.io/arch on google_container_node_pool (#5054)google_spanner_database.ddl item was nil (#5071)FEATURES:
google_beyondcorp_app_connection (#5025)google_beyondcorp_app_connector (#5008)google_beyondcorp_app_gateway (#5008)google_cloudbuild_trigger (#5017)google_compute_instance_group_manager (#5002)google_firebase_apple_app_config (#5031)google_firebase_apple_app (#4978)google_pubsub_subscription (#5001)google_sql_database (#5038)google_apigee_sync_authorization (#5015)google_beyondcorp_app_connection (#5012)google_container_attached_cluster (#5037)google_dns_managed_zone_iam_* (#5007)google_firebase_database_instance(#5019)IMPROVEMENTS:
available_cpu and max_instance_request_concurrency to support concurrency in google_cloudfunctions2_function (#5011)configmanagement.config_sync.oci field to google_gke_hub_feature_membership resource(#5013)google_compute_firewall (#4979)router_appliance_instance field to google_compute_router_bgp_peer (#5035)generated_id field in google_compute_backend_service to get the value of id defined by the server (#4981)image_encryption_key to google_compute_image (#4989)source_snapshot, source_snapshot_encyption_key, and source_image_encryption_key to google_compute_instance_template (#4989)stateful_internal_ip and stateful_external_ip to google_compute_instance_group_manager (#4992)gateway_api_config block to google_container_cluster resource for supporting the gke gateway api controller (#4976)labels in google_container_node_pool (#4998)SPOT option for preemptibility in google_dataproc_cluster (#5024)deidentify_config.record_transformations.field_transformations to google_data_loss_prevention_deidentify_template (#4996)deidentify_config.record_transformations.record_suppressions to google_data_loss_prevention_deidentify_template (#5004)version field to google_data_loss_prevention_inspect_template resource (#5032)skip_await_rollout in google_os_config_os_policy_assignment (#5026)deletion_protection_enabled in google_sql_database_instance to guard against deletion from all surfaces (#4987)settings.sql_server_audit_config.bucket field in google_sql_database_instance to be optional. (#4988)schedule in google_storage_transfer_job (#4993)BUG FIXES:
labels of google_bigquery_dataset when it is referenced in google_dataplex_asset (#5022)private_ip_google_access of google_compute_subnetwork (#4983)enable_dynamic_port_allocation was not able to set to false in google_compute_router_nat (#4982)location_policy of google_container_cluster and google_container_node_pool (#4997)google_identity_platform_config creation (#5005)google_project datasource silently returning empty results when the project was not found or not in the ACTIVE state. Now, an error will be surfaced instead. (#5029)sql_database_instance leaking root users (#4991)NOTES:
google_sql_database was abandoned by default as of version 4.45.0. Users who have upgraded to 4.45.0 or 4.46.0 will see a diff when running their next terraform apply after upgrading this version, indicating the deletion_policy field's value has changed from "ABANDON" to "DELETE". This will create a no-op call against the API, but can otherwise be safely applied. (#4972)FEATURES:
IMPROVEMENTS:
deletion_protection field to google_bigtable_table (#4975)google_compute_subnetwork.ipv6_access_type field updatable in-place (#4965)auto_provisioning_defaults.cluster_autoscaling.upgrade_settings in google_container_cluster (#4958)gateway_api_config block to google_container_cluster resource for supporting the gke gateway api controller (#4976)fields in google_data_catalog_tag_template (#4968)bucket_name field to google_logging_metric (#4964)metric_descriptor field optional for google_logging_metric (#4971)BUG FIXES:
ip_allocation_policy of google_composer_environment (#4956)google_sql_database was abandoned by default as of version 4.45.0. Users who have upgraded to 4.45.0 or 4.46.0 will see a diff when running their next terraform apply after upgrading this version, indicating the deletion_policy field's value has changed from "ABANDON" to "DELETE". This will create a no-op call against the API, but can otherwise be safely applied. (#4972)FEATURES:
google_firebase_android_app (#4955)google_cloud_run_v2_job (#4937)google_cloud_run_v2_service (#4942)google_gke_backup_backup_plan (#4948)google_firebase_storage_bucket (#4951)IMPROVEMENTS:
origin_override_action and origin_redirect to google_network_services_edge_cache_origin (#4936)google_bigquery_data_transfer_config for Cloud Storage transfers when immutable params data_path_template and destination_table_name_template are changed (#4929)google_compute_security_policy to support Cloud Armor bot management (#4938)network_config to google_dataproc_metastore_service (#4952)autoclass in google_storage_bucket resource (#4953)BUG FIXES:
machine_config.cpu_count updatable on google_alloydb_instance (#4930)ip_allocation_policy of google_composer_environment (#4956)update_settings. max_surge or update_settings. max_unavailable values are updating on google_container_node_pool (#4945)google_datastream_private_connection ignoring failures during creation (#4939)deletion_policy of google_firebase_apple_app (#4954)FEATURES:
google_logging_project_cmek_settings (#4902)google_iam_workforce_pool_provider (#4922)google_vertex_ai_tensorboard (#4896)google_data_fusion_instance_iam_binding (#4926)google_data_fusion_instance_iam_member (#4926)google_data_fusion_instance_iam_policy (#4926)google_eventarc_google_channel_config (#4905)google_vertex_ai_index (#4923)google_vertex_ai_featurestore_entitytype_iam_binding (#4920)google_vertex_ai_featurestore_entitytype_iam_member (#4920)google_vertex_ai_featurestore_entitytype_iam_policy (#4920)IMPROVEMENTS:
mesh: control_plane to resource google_gke_hub_feature_membership. (#4927)google_bigquery_data_transfer_config recreate for Cloud Storage transfers when immutable params data_path_template and destination_table_name_template are changed (#4929)connector_enforcement field to google_sql_database_instance resource (#4894)default_route_action.cors_policy field to google_compute_region_url_map resource (#4895)default_route_action.fault_injection_policy field to google_compute_region_url_map resource (#4895)default_route_action.timeout field to google_compute_region_url_map resource (#4895)default_route_action.url_rewrite field to google_compute_region_url_map resource (#4895)include_http_headers field to the cdn_policy field of google_compute_backend_service resource (#4912)list_managed_instances_results to google_compute_instance_group_manager and google_compute_region_instance_group_manager (#4903)resource_labels field to node_config resource (#4913)enable_private_nodes in network_config to google_container_node_pool (#4921)gcp_public_cidrs_access_enabled and private_endpoint_subnetwork to google_container_cluster (#4921)enable_private_endpoint and enable_private_nodes in google_container_cluster (#4921)api_endpoint and p4_service_account attributes to google_data_fusion_instance (#4926)zone, display_name, crypto_key_config, event_publish_config, and enable_rbac args to google_data_fusion_instance (#4926)cmek_settings field to google_logging_project_bucket_config resource (#4902)deletion_policy to resource google_sql_database (#4916)BUG FIXES:
display_name of google_alloydb_instance (#4925)most_disruptive_allowed_action on google_compute_per_instance_config and google_compute_region_per_instance_config (#4898)metadata and machine_type are updated while metadata_startup_script was already provided on google_compute_instance (#4901)authenticator_groups_config on google_container_cluster (#4918)google_container_cluster to return an error if it does not exist (#4900)googe_sql_database_instance to include backup_configuration in initial create request (#4911)website, website.main_page_suffix, website.not_found_page are removed on google_storage_bucket (#4899)NOTES: No changes, only released to keep this provider in sync with the google provider
FEATURES:
google_cloud_asset_resources_search_all (#4891)google_alloydb_instance (#4857)google_beyondcorp_app_connector (#4866)google_beyondcorp_app_gateway (#4866)google_compute_network_firewall_policy_association (#4868)google_compute_network_firewall_policy_rule (#4880)google_compute_network_firewall_policy (#4851)google_compute_region_network_firewall_policy_association (#4868)google_compute_region_network_firewall_policy_rule (#4880)google_compute_region_network_firewall_policy (#4851)google_eventarc_channel (#4876)google_firebase_apple_app (#4887)google_firebase_hosting_channel (#4890)google_firebase_hosting_site (#4846)google_identity_platform_project_default_config (#4853)google_kms_crypto_key_versions (#4831)google_storage_transfer_agent_pool (#4835)IMPROVEMENTS:
bigquery_dataset and bigquery_dataset_access (#4855)google_cloud_identity_groups (#4834)liveness_probe.grpc and startup_probe.grpc to resource google_cloud_run_service (#4863)connector_enforcement field to google_sql_database_instance resource (#4894)redundant_interface argument to google_compute_router_interface resource (#4881)default_route_action.request_mirror_policy field to google_compute_region_url_map resource (#4879)default_route_action.retry_policy field to google_compute_region_url_map resource (#4879)default_route_action.weighted_backend_services field to google_compute_region_url_map resource (#4879)preconfigured_waf_config block to google_compute_security_policy resource (#4852)node_config.logging_variant to google_container_node_pool. (#4889)node_pool_defaults.node_config_defaults.logging_variant, node_pool.node_config.logging_variant, and node_config.logging_variant to google_container_cluster. (#4889)google_container_cluster (#4833)blue_green_settings to google_container_node_pool (#4860)strategy to google_container_node_pool (#4860)APISERVER, CONTROLLER_MANAGER, and SCHEDULER in google_container_cluster.monitoring_config (#4854)enable_rbac field to google_data_fusion_instance resource (#4864)rows_limit, rows_limit_percent, and sample_method to big_query_options in google_data_loss_prevention_job_trigger (#4856)google_data_loss_prevention_job_trigger (#4832)gke_clusters field to google_dns_managed_zone resource (#4888)gke_clusters field to google_dns_response_policy resource (#4888)channel to google_eventarc_trigger (#4876)mesh field and management subfield to resource feature_membership (#4867)aws_v4_authentication field to google_network_services_edge_cache_origin to support S3-compatible Origins (#4875)signed_token_options and add_signatures field to google_network_services_edge_cache_service and validation_shared_keys to google_network_services_edge_cache_keyset to support dual-token authentication (#4884)query_plan_per_minute field to insights_config in google_sql_database_instance resource (#4840)vertex_ai_featurestore_entitytype to support feature value monitoring (#4859)BUG FIXES:
google_apigee_instance (#4883)kms_key_name (#4873)budget_filter.credit_types_treatment in google_billing_budget resource was not updating. (#4836)repo_type on google_cloudbuild_trigger (#4878)endpoint_forwarding_rule and endpoint_ip attributes for google_cloud_ids_endpoint (#4843)google_compute_disk for new amd64 images (#4847)target_https_proxy possible to set ssl_certificates and certificate_map in google_compute_target_https_proxy at the same time (#4839)cluster_autoscaling.auto_provisioning_defaults.service_account can not be set when enable_autopilot = true for google_container_cluster (#4877)google_dialogflow_cx_version and google_dialogflow_cx_environment when they are deployed to a non-global location (#4869)description is set to empty string on google_dns_managed_zone (#4837)log_bucket is updated with empty body on google_storage_bucket (#4893)FEATURES:
google_kms_crypto_key_version(#4831)BUG FIXES:
google_storage_bucket when upgrading provider to version 4.42.0 with lifecycle_rule.condition.age unset (#4828)FEATURES:
google_compute_addresses (#4802)google_compute_region_network_endpoint_group (#4811)google_alloydb_cluster (#4780)google_dataform_repository (beta) (#4801)google_firebase_android_app (#4814)google_iam_workforce_pool (#4818)google_monitoring_generic_service (#4789)google_scc_source_iam_binding (#4806)google_scc_source_iam_member (#4806)google_scc_source_iam_policy (#4806)google_vertex_ai_endpoint (#4815)google_vertex_ai_featurestore_iam_binding (#4825)google_vertex_ai_featurestore_iam_member (#4825)google_vertex_ai_featurestore_iam_policy (#4825)IMPROVEMENTS:
member field to google_app_engine_default_service_account datasource (#4779)max_time_travel_hours field in google_bigquery_dataset resource (#4803)member field to google_bigquery_default_service_account datasource (#4779)script field to google_cloudbuild_trigger resource (#4807)project_id for google_project data-source (#4810)liveness_probe to resource google_cloud_run_service (#4788)startup_probe to resource google_cloud_run_service (#4773)source_disk field to google_compute_disk and google_compute_region_disk resource (#4783)rules to google_compute_router_nat (#4797)disk_size and disk_type fields to google_container_cluster.cluster_autoscaling.auto_provisioning_defaults (#4786)node_config.0.tags for google_container_node_pool resource (#4781)private_connectivity field to google_datastream_connection_profile (#4808)enable_geo_fencing to routing_policy block of google_dns_record_set resource (#4816)health_checked_targets to wrr and geo blocks of google_dns_record_set resource (#4816)primary_backup to routing_policy block of google_dns_record_set resource (#4816)app_urls field to google_firebase_web_app (#4798)deletion_policy for google_firebase_web_app (#4796)skip_grace_period to skip the grace period when deleting a CertificateAuthority. (#4784)member field to google_service_account resource and datasource (#4779)time_zone field in google_sql_database_instance (#4774)member field to google_storage_project_service_account and google_storage_transfer_project_service_account datasource (#4779)BUG FIXES:
vm_count in google_compute_resource_policy optional (#4792)datapath_provider on google_container_cluster by making field changes trigger resource recreation (#4824)persistence_config.rdb_snapshot_period to optional in the google_redis_instance resource. (#4821)KNOWN ISSUES:
node_config.0.guest_accelerator.0.gpu_sharing_config, to an https://www.terraform.io/language/attr-as-blocks field (node_config.0.guest_accelerator). As detailed on the linked page, this may cause issues for modules and/or formats other than HCL.BREAKING CHANGES:
google_sql_user.sql_server_user_details to be read only. Any configuration attempting to set this field is invalid and will cause the provider to fail during plan time. (#4764)FEATURES:
google_cloud_ids_endpoint (#4765)google_bigquery_analytics_hub_listing_iam_binding (#4771)google_bigquery_analytics_hub_listing_iam_member (#4771)google_bigquery_analytics_hub_listing_iam_policy (#4771)google_bigquery_analytics_hub_listing (#4771)IMPROVEMENTS:
service_account field to google_app_engine_standard_app_version resource (#4757)avro_options field to google_bigquery_table resource (#4768)startup_probe to resource google_cloud_run_service (#4773)node_config.0.guest_accelerator.0.gpu_sharing_config field to google_container_node_pool resource (#4758)crypto_key_config field to google_data_fusion_instance resource (#4761)google_filestore_instance creations to occur serially (#4770)BUG FIXES:
google_kms_crypto_key is removed after its versions were destroyed earlier (#4769)google_monitoring_alert_policy when cross_series_reducer was set to “REDUCE_NONE” (#4763)FEATURES:
google_cloudfunctions2_function (#4732)google_compute_snapshot (#4731)google_compute_region_target_tcp_proxy (#4749)google_identity_platform_config (#4729)google_bigquery_datapolicy_data_policy (#4754)google_bigquery_datapolicy_data_policy_iam_binding (#4754)google_bigquery_datapolicy_data_policy_iam_member (#4754)google_bigquery_datapolicy_data_policy_iam_policy (#4754)google_org_policy_custom_constraint (#4741)google_vertex_ai_featurestore_entitytype_feature (#4736)IMPROVEMENTS:
concurrency and multiRegionAuxiliary to google_bigquery_reservation (#4739)compression_mode field in google_compute_backend_bucket and google_compute_backend_service resource (#4733)labels to resource google_dataflow_flextemplate_job (#4748)bigquery_profile to google_datastream_connection_profile (#4742)cloud_logging_config to google_dns_managed_zone (#4734)google_dataproc_metastore_service (#4753)custom_placement_config field to google_storage_bucket resource to support custom dual-region GCS buckets (#4752)password_policy field to google_sql_user resource (#4730)BUG FIXES:
google_storagetransfer_job refreshes when transfer_schedule was empty (#4745)FEATURES:
google_artifact_registry_repository (#4714)google_identity_platform_config (#4729)IMPROVEMENTS:
pem_certificate / pem_private_key and deprecated certificate_pem / private_key_pem (#4728)serial_pipeline.stages.strategy field to google_clouddeploy_delivery_pipeline (#4707)notification_config.pubsub.filter field to google_container_cluster (#4718)channels and conditions fields to google_eventarc_trigger (#4707)notification_configs field to google_healthcare_fhir_store resource (#4720)google_iap_brand using ID using {{project}}/{{brand_id}} format (#4712)maintenance_version and available_maintenance_versions fields to google_sql_database_instance resource (#4725)notification_config field to google_storage_transfer_job resource (#4709)purpose and purpose_data properties to google_tags_tag_key (#4721)BUG FIXES:
allow_quoted_newlines and allow_jagged_rows could not be set to false on google_bigquery_table (#4711)docker_repository and kms_key_name on google_cloudfunctions_function (#4727)adaptive_protection_config on google_compute_security_policy (#4726)node_pool_auto_config or node_pool_defaults (#4706)policy_data from google_iam_policy data source and policy data in API responses (#4722)google_secret_manager_secret_version that was destroyed outside of Terraform would not be recreated on apply (#4719)google_storagetransfer_job when transfer_schedule is empty (#4745)FEATURES:
google_vpc_access_connector (#4693)google_datastream_private_connection (#4691)IMPROVEMENTS:
egress_setting for field vpc_access_connector to google_app_engine_standard_app_version (#4701)json_extension field to the load block of google_bigquery_job resource (#4699)build_worker_pool to google_cloudfunctions_function (#4696)json_custom_config field to google_compute_security_policy resource (#4703)persistence_config field to the google_redis_instance resource. (#4688)overwriteWhen field to transfer_options in google_storage_transfer_job resource (#4690)BUG FIXES:
gc_rules for google_bigtable_gc_policy (#4687)most_disruptive_allowed_action for both google_compute_per_instance_config and google_compute_region_per_instance_config (#4685)google_container_cluster (#4700)disk_type due to API values being downcased (#4686)lifecycle_rule.condition.age on google_storage_bucket (#4698)FEATURES:
google_apigee_nat_address (#4676)google_dialogflow_cx_webhook (#4667)google_filestore_snapshot (#4661)IMPROVEMENTS:
connection_state to google_apigee_endpoint_attachment (#4668)autoscaling_config.storage_target to google_bigtable_instance (#4671)BITBUCKET option to git_source.repo_type in google_cloudbuild_trigger (#4679)project_id in google_project datasource. (#4684)expires_in attribute for generating exp claim to google_service_account_jwt datasource. (#4677)BUG FIXES:
google_notebooks_instance (#4664)state was not AWAITING_USER_ACTIVATION (#4672)versioning of google_storage_bucket (#4665)FEATURES:
google_bigquery_analytics_hub_data_exchange_iam_binding (#4656)google_bigquery_analytics_hub_data_exchange_iam_member (#4656)google_bigquery_analytics_hub_data_exchange_iam_policy (#4656)google_bigquery_analytics_hub_data_exchange (#4656)google_datastream_connection_profile (#4657)IMPROVEMENTS:
service_account to google_app_engine_flexible_app_version (#4653)google_bigtable_table creation. (#4655)location field to google_cloudbuild_trigger resource (#4646)certificate_map to compute_target_ssl_proxy resource (#4654)chain_name to google_compute_resource_policy.snapshot_properties (#4660)chain_name to resource google_compute_snapshot (#4660)autoscaling.total_min_node_count, autoscaling.total_max_node_count, and autoscaling.location_policy to google_container_cluster.node_pool (#4649)autoscaling.total_min_node_count, autoscaling.total_max_node_count, and autoscaling.location_policy to google_container_node_pool resource (#4649)node_pool_defaults to resource_container_cluster. (#4648)shielded_instance_config to resource google_dataproc_workflow_template. (#4647)google_dataproc_metastore_service from 40m to 60m (#4652)google_pubsub_subscription.enable_exactly_once_delivery mutable so that it updates subscription without recreation. (#4645)IMPROVEMENTS:
nodeConfig in google_apigee_environment (#4632)properties field to google_apigee_organization (#4644)secret_environment_variables and secret_volumes to google_cloudfunctions2_function (#4641)visible_core_count in google_compute_instance and google_compute_instance_template under advanced_machine_features (#4635)service_external_ips_config support to cluster_container resource. (#4639)enable_cost_allocation to google_container_cluster (#4640)behavior field to google_dns_response_policy_rule resource (#4637)force_delete field to google_monitoring_notification_channel resource (#4638)enable_exactly_once_delivery mutable so that it updates subscription in-place and avoids recreation of the subscription. (#4645)encryption_spec field to google_vertex_ai_featurestore resource (beta) (#4643)BUG FIXES:
id format of the data source google_compute_instance (#4636)NOTES:
IMPROVEMENTS:
google_apigee_organization (#4604)app_engine_apis field to google_app_engine_standard_app_version resource (#4607)reservation_affinity to google_container_node_pool (#4622)auto_provisioning_network_tags to google_container_cluster (beta) (#4611)google_sql_database_instance resource (#4606)BUG FIXES:
isTopeLevel in getGCPolicyFromJSON() instead of hardcoding it to true. (#4615)denial_condition optional on google_iam_deny_policy (#4617)IMPROVEMENTS:
authenticator_groups_config in google_container_cluster (#4591)google_dataflow_job (#4595)managed_zone_id attribute to google_dns_managed_zone data source (#4593)metadata_integration and hive_metastore_config.auxiliary_versions fields to google_dataproc_metastore_service resource (#4598)accepted_response_status_codes to google_monitoring_uptime_check_config (#4594)password_validation_policy field to google_cloud_sql resource (#4597)BUG FIXES:
display_name on google_bigquery_data_transfer_config (#4592)instance_termination_action in google_compute_instance_template (#4590)NOTES:
FEATURES:
google_dataplex_asset (#4543)google_gke_hub_membership_iam_binding (#4583)google_gke_hub_membership_iam_member (#4583)google_gke_hub_membership_iam_policy (#4583)IMPROVEMENTS:
state, authorization_attempt_info and provisioning_issue output fields to google_certificate_manager_certificate (#4548)event_filters to resource google_cloudfunctions2_function (#4547)certificate_map to compute_target_https_proxy resource (#4550)google_compute_network (#4579)port optional in google_compute_network_endpoint to allow network endpoints to be associated with GCE_VM_IP network endpoint groups (#4575)APISERVER, CONTROLLER_MANAGER, and SCHEDULER in google_container_cluster.monitoring_config (#4565)monitoring and mutation_enabled fields to resource feature_membership (#4572)google_gke_hub_membership (#4542)bigquery_config to google_pubsub_subscription (#4545)paused field to google_cloud_scheduler_job (#4535)state output field to google_cloud_scheduler_job (#4535)BUG FIXES:
google_apigee_instance creation would fail due to multiple concurrent instances (#4584)google_billing_budget.budget_filter.services was not updating. (#4577)google_compute_disk for new arm64 images (#4533)google_dataflow_job.additional_experiments (#4576)google_storage_bucket where name was incorrectly validated. (#4566)FEATURES:
google_dataplex_zone (#4511)IMPROVEMENTS:
matches_prefix and matches_suffix in condition of a lifecycle_rule in google_storage_bucket (#4527)network and subnetwork fields to google_compute_region_network_endpoint_group for PSC. (#4528)boot_disk_kms_key to auto_provisioning_defaults in google_container_cluster (#4524)bootDiskType support for PD_EXTREME in google_notebooks_instance (#4530)softwareConfig.upgradeable, softwareConfig.postStartupScriptBehavior, softwareConfig.kernels in google_notebooks_runtime (#4530)google_storage_bucket (#4532)BUG FIXES:
google_compute_disk for new arm64 images (#4533)google_dns_record_set would create an inconsistent plan when using interpolated values in rrdatas (#4515)google_kms_crypto_key (#4520)FEATURES:
google_service_account_jwt (#4489)google_certificate_map_entry (#4501)google_certificate_map (#4501)google_compute_backend_bucket_iam_binding (#4484)google_compute_backend_bucket_iam_member (#4484)google_compute_backend_bucket_iam_policy (#4484)google_dataproc_metastore_federation (#4482)google_dataproc_metastore_federation_iam_binding (#4482)google_dataproc_metastore_federation_iam_member (#4482)google_dataproc_metastore_federation_iam_policy (#4482)IMPROVEMENTS:
thresholdRules optional in google_billing_budget (#4480)instance_termination_action field to google_compute_instance_template resource to support Spot VM termination action (#4488)instance_termination_action field to google_compute_instance resource to support Spot VM termination action (#4488)request_coalescing and bypass_cache_on_request_headers fields to compute_backend_bucket (#4484)all_instances_config to google_compute_instance_group_manager and google_compute_region_instance_group_manager (#4506)esp protocol in google_compute_packet_mirroring.filters.ip_protocols (#4496)evaluation_missing_data field to google_monitoring_alert_policy (#4502)reserved_ip_range to google_notebooks_runtime (#4492)BUG FIXES:
adaptive_protection_config in compute_security_policy (#4478)google_notebooks_runtime can't be updated (#4492)google_sql_database_instance where updates would fail because of the collation field (#4505)FEATURES:
google_cloudiot_registry_iam_binding (#4452)google_cloudiot_registry_iam_member (#4452)google_cloudiot_registry_iam_policy (#4452)google_compute_snapshot_iam_binding (#4445)google_compute_snapshot_iam_member (#4445)google_compute_snapshot_iam_policy (#4445)IMPROVEMENTS:
binauthz_evaluation_mode field to resource_container_cluster. (#4451)google_kms_crypto_key.purpose (#4458)databaseType, releaseChannel, and hiveMetastoreConfig.endpointProtocol arguments (#4443)BUG FIXES:
user_by_email and group_by_email on google_bigquery_dataset_access (#4446)execution_configs in google_clouddeploy_target resource (#4450)google_cloud_scheduler_job (#4444)provisioned_iops of google_compute_disk (#4464)network_interface.0.ipv6_access_config.0.external_ipv6 output on google_compute_instance (#4470)issuer can't be updated on google_gke_hub_membership (#4471)FEATURES:
IMPROVEMENTS:
google_bigquery_job.query. destination_table (#4401)calendar_period and custom_period fields to google_billing_budget (#4429)project to data source google_sql_backup_run (#4402)google_composer_environment resource (#4430)max_ports_per_vm field to google_compute_router_nat resource (#4400)GCE_VM_IP support to google_compute_network_endpoint_group resource. (#4434)customer_managed_key in google_redis_instance (#4435)version_retention_period to google_spanner_database resource (#4424)settings.location_preference.secondary_zone field in google_sql_database_instance (#4433)sql_server_audit_config field in google_sql_database_instance (#4403)BUG FIXES:
scheduler_count field (https://github.com/hashicorp/terraform-provider-google/issues/11940) (#4408)private_environment_config.cloud_composer_connection_subnetwork (#4411)node_config.min_cpu_platform could cause a perma-diff in google_container_cluster (#4426)google_filestore_instance.networks.network would incorrectly see a diff between state and config when the network id format was used (#4431)google_project_service_identity didn't handle service identities without emails correctly (#4432)IMPROVEMENTS:
suspend field to google_clouddeploy_delivery_pipeline resource (#4394)google_compute_router_nat resource (#4400)psc_connection_id and psc_connection_status output fields to google_compute_forwarding_rule and google_compute_global_forwarding_rule resources (#4392)tpu_config to google_container_cluster (beta only) (#4390)config.instance_type field updatable in google_container_aws_node_pool (#4392)BUG FIXES:
enable_dynamic_port_allocation to be managed by the api (#4391)force_destroy is set in google_vertex_ai_featurestore resource (#4398)FEATURES:
google_cloudfunctions2_function_iam_binding (#4377)google_cloudfunctions2_function_iam_member (#4377)google_cloudfunctions2_function_iam_policy (#4377)google_compute_region_ssl_policy (#4376)google_documentai_processor (#4389)google_documentai_processor_default_version (#4389)IMPROVEMENTS:
external_resources to egress_to in google_access_context_manager_service_perimeter and google_access_context_manager_service_perimeters resource (#4378)grpc_services and managed_service_configs to google_api_gateway_api_config (#4388)include_build_logs to google_cloudbuild_trigger (#4380)ssl_policy field to google_compute_region_target_https_proxy (#4376)managed_prometheus to monitoring_config in google_container_cluster (#4373)tpu_config to google_container_cluster (#4390)BUG FIXES:
google_dns_record_set resource can not be changed from default routing to Geo routing policy. (#4383)google_sql_database_instance would fail if a replica was created, with an encryption key, in a different region than the master instance. (#4379)IMPROVEMENTS:
connection_id to external_data_configuration for google_bigquery_table (#4365)service_account_email to google_cloudfunctions2_function resource (#4367)advanced_options_config to google_compute_security_policy (#4354)cache_key_policy field to google_compute_backend_bucket resource (#4349)include_named_cookies to cdn_policy on compute_backend_service resource (#4358)google_compute_network and google_compute_subnetwork (#4368)managed_prometheus to monitoring_config in google_container_cluster (#4373)spot field to node_config sub-resource (#4350)prevent_drift field to google_gke_hub_feature_membership resource (#4370)google_monitoring_uptime_check_config resource (#4361)user_labels to google_monitoring_slo resource (#4363)sql_server_user_details field to google_sql_user resource (#4364)BUG FIXES:
DEFAULT scope would permadiff and force replace the certificate. (#4356)google_dns_managed_zone (#4372)google_storage_transfer_job (#4357)IMPROVEMENTS:
cache_key_policy field to google_compute_backend_bucket resource (#4349)FEATURES:
google_tags_tag_key (#4337)google_tags_tag_value (#4337)google_dataplex_lake (#4341)IMPROVEMENTS:
maintenance_policy and maintenance_schedule to google_memcache_instance (#4338)google_service_directory_endpoint (#4334)BUG FIXES:
google_binary_authorization_attestor (#4325)NOTE: Due to technical difficulties encountered in the release process, the 4.22.0 release for google-beta occurred several hours after the corresponding google provider release.
FEATURES:
google_certificate_manager_certificate (#4301)google_certificate_manager_dns_authorization (#4301)google_clouddeploy_delivery_pipeline (#4288)google_clouddeploy_target (#4288)IMPROVEMENTS:
google_bigquery_connection (#4312)https_trigger_security_level to google_cloudfunctions_function (#4295)traffic.tag and traffic.url fields to google_cloud_run_service (#4283)enable_dynamic_port_allocation to google_compute_router_nat (#4316)update_policy.most_disruptive_allowed_action to google_compute_instance_group_manager and google_compute_region_instance_group_manager (#4282)PRIVATE_SERVICE_CONNECT in NetworkEndpointGroup (#4303)domain_names attribute in google_compute_service_attachment (#4313)REFRESH to field update_policy.minimal_actioningoogle_compute_instance_group_managerandgoogle_compute_region_instance_group_manager` (#4282)exclusion_options to google_container_cluster (#4291)checker_type field to google_monitoring_uptime_check_config resource (#4302)desired_state to manage CertificateAuthority state. (#4279)active_directory_config field in google_sql_database_instance (#4298)google_sql_database_instance (#4310)BUG FIXES:
google_cloudfunctions2_function would not update (#4278)google_security_policy rules when modifying a rule (#4287)google_container_cluster (#4280)google_project_organization_policy (#4297)content or source for google_storage_bucket_object now fails at plan-time instead of apply-time. (#4292)IMPROVEMENTS:
service_directory_registrations to google_compute_forwarding_rule resource (#4276)image_type and instance_placement to google_container_aws_node_pool resource (#4276)instance_placement and logging_config to google_container_aws_cluster resource (#4276)proxy_config to google_container_aws_node_pool resource (#4276)image_type to google_container_azure_node_pool resource (#4276)logging_config to google_container_azure_cluster resource (#4276)proxy_config to google_container_azure_node_pool resource (#4276)routing_policy to google_dns_record_set resource (#4265)BUG FIXES:
google_cloudfunctions2_function would not update (#4278)google_compute_instance when the instance is deleted outside of Terraform (#4262)NOTES:
google_privateca_certificate_authority resources now cannot be destroyed unless deletion_protection = false is set in state for the resource. (#4241)FEATURES:
google_compute_disk (#4255)IMPROVEMENTS:
consumer_accept_list and service_attachment to google_apigee_instance. (#4260)subsetting field to google_compute_region_backend_service (#4246)deletion_protection for google_privateca_certificate_authority. (#4241)google_privateca_certificate including issuer_certificate_authority, pem_certificate_chain and certificate_description.x509_description (#4242)read_replicas_mode and secondary_ip_range in google_redis_instance (#4259)BUG FIXES:
compute.instance is not found (#4262)encryption_key_name was not being propagated to the API. (#4261)IMPROVEMENTS:
CLOUD_LOGGING_ONLY available as a cloud build logging option. (#4224)redirect_options field for google_compute_security_policy rules (#4217)FIXED_STANDARD and STANDARD as valid values to the field network_interface.0.access_configs.0.network_tier of google_compute_instance_template resource (#4233)FIXED_STANDARD and STANDARD as valid values to the field network_interface.0.access_configs.0.network_tier of google_compute_instance resource (#4233)exceed_redirect_options field for google_compute_security_policy rules (#4238)gke_backup_agent_config in addons_config to google_container_cluster (beta) (#4231)kms_key_name field to google_filestore_instance resource to support CMEK (#11493)google_logging_*_bucket_config deletable (#4234)container_images on google_notebooks_runtime to default to the value returned by the API if not set (#4216)BUG FIXES:
encryption_configuration.kms_key_name stored the version rather than the key name. (#4221)google_compute_region_network_endpoint_group, making it optional (#4227)google_spanner_database (#4228)FEATURES:
google_privateca_certificate_template_iam_binding (#4201)google_privateca_certificate_template_iam_member (#4201)google_privateca_certificate_template_iam_policy (#4201)IMPROVEMENTS:
gc_rules to google_bigtable_gc_policy resource. (#4212)BUG FIXES:
google_vpc_access_connector would be repeatedly recreated when network was not specified (#4205)FEATURES:
google_access_approval_folder_service_account (#4179)google_access_approval_organization_service_account (#4179)google_access_approval_project_service_account (#4179)google_access_context_manager_access_policy_iam_binding (#4180)google_access_context_manager_access_policy_iam_member (#4180)google_access_context_manager_access_policy_iam_policy (#4180)google_endpoints_service_consumers_iam_binding (#4160)google_endpoints_service_consumers_iam_member (#4160)google_endpoints_service_consumers_iam_policy (#4160)google_iam_deny_policy (#4194)IMPROVEMENTS:
active_key_version, ancestor_has_active_key_version, and invalid_key_version fields to google_folder_access_approval_settings, google_organization_access_approval_settings, and google_project_access_approval_settings resources (#4179)google_access_context_manager_access_policy (#4180)deployment_type and api_proxy_type to google_apigee_environment (#4177)approval_config to google_cloudbuild_trigger (#4162)airflow-1 and airflow-2 aliases in image version argument (#4185)skip_wait_on_job_termination attribute to google_dataflow_job and google_dataflow_flex_template_job resources (issue #10559) (#4196)presto_config to dataproc_job (#4171)ANALYTICS_V2 and LOSSLESS BigQueryDestination schema types to google_healthcare_fhir_store (#4186)migInstancesAllowed to resource os_config_patch_deployment (#4195)enable_exactly_once_delivery to google_pubsub_subscription (#4166)google_spanner_database (#4158)BUG FIXES:
read_replicas_mode, adding a default of READ_REPLICAS_DISABLED. Now, if the field is not set in config, the value of the field will keep the old value from state. (#4184)google_tags_tag_binding (#4191)FEATURES:
google_dataproc_metastore_service (#4155)google_firebaserules_release (#4132)google_firebaserules_ruleset (#4132)IMPROVEMENTS:
autoscaling_config to google_bigtable_instance (#4150)composer-1 and composer-2 aliases in image version argument (#4131)edge_security_policy to google_compute_backend_bucket (#4154)type to google_compute_security_policy (#4154)included_cookie_names to cache key policy configuration (#4147)google_spanner_database (#4158)repeat_interval field to google_storage_transfer_job resource (#4144)BUG FIXES:
google_apikeys_key.key_string was not being set. (#4139)google_container_cluster.authenticator_groups_config could not be set in tandem with enable_autopilot (#4140)allAuthenticatedUsers and allUsers were flattened to lower case in IAM members. (#4156)google_logging_project_bucket_config would erroneously write to state after it errored out and wasn't actually created. (#4141)google_monitoring_uptime_check_config.http_check.path does not begin with “/” (#4135)recurring_schedule.time_of_day can not be set to 12am exact time in google_os_config_patch_deployment resource (#4127)encryption_key_name would show on google_sql_database_instance for replica instances. (#4130)google_storage_bucket data source would retry for 20 min when bucket was not found. (#4129)google_storage_transfer_job that was deleted outside of Terraform would not be recreated on apply. (#4138)FEATURES:
IMPROVEMENTS:
billing_type attribute to google_apigee_organization resource. (#4126)disable_http2 property to google_network_services_edge_cache_service resource (#4119)google_network_services_edge_cache_origin resource to read and write the timeout property, including a new read_timeout field. (#4122)google_network_services_edge_cache_origin to retry_conditions to include FORBIDDEN (#4122)BUG FIXES:
logging_config only contains nil entry in google_dataproc_workflow_template (#4124)settings.database_flags is nil. (#4123)FEATURES:
IMPROVEMENTS:
google_artifact_registry_repository (#4112)google_container_node_pool (#4111)preemptibility field to the preemptible_worker_config of google_dataproc_cluster (#4107)force behavior for deleting consumer quota override (#4094)BUG FIXES:
logging_config only contains nil entry in google_dataproc_job (#4108)FEATURES:
google_apigee_endpoint_attachment (#4074)google_cloudfunctions2_function (#4093)google_region_backend_service_iam_* (#4088)google_dns_record_set (#4085)google_privateca_certificate_authority (#4087)IMPROVEMENTS:
keepalive_interval to google_compute_router.bgp (#4089)google_compute_reservation.share_settings (#4092)subject_id to data source google_storage_transfer_project_service_account (#4073)BUG FIXES:
google_composer_environment (#4083)vertical_pod_autoscaling would cause autopilot clusters to recreate (#4076)NOTE:
FEATURES:
DEPRECATIONS:
service_account in google_datafusion_instance. Use tenant_project_id instead to extract the tenant project ID (beta) (#4045)IMPROVEMENTS:
google_bigquery_dataset.access and google_bigquery_dataset_access (#4047)multi_cluster_routing_cluster_ids fields to google_bigtable_app_profile (#4051)serverless_deployment to google_compute_network_endpoint_group (beta only) for API Gateway resources (#4041)instance attribute for google_compute_network_endpoint to be optional, as Hybrid connectivity NEGs use network endpoints with just IP and Port. (#4068)NON_GCP_PRIVATE_IP_PORT value for network_endpoint_type in the google_compute_network_endpoint_group resource (#4068)provisioning_model field to google_compute_instance_template resource to support Spot VM(beta) (#4033)provisioning_model field to google_compute_instance resource to support Spot VM(beta) (#4033)tenant_project_id and gcs_bucket in google_datafusion_instance resource. (#4045)ReadRequest errors incorrectly coded as 403 errors, particularly in Google Compute Engine (#4064)BUG FIXES:
google_apigee_instance could not be used on the same google_apigee_organization (#4059)google_compute_security_policy where only alpha values for certain enums were accepted (#4049)google_compute_instance.scheduling.provisioning_model (#4044)google_compute_instance_template.scheduling.provisioning_model (#4052)IMPROVEMENTS:
google_cloudfunctions_function. (#4040)serverless_deployment to google_compute_network_endpoint_group (#4041)google_dataproc_cluster from 20m to 45m (#4027)clone.allocated_ip_range to support address range picker for clone in resource google_sql_database_instance (#4037)google_storage_transfer_job via transfer_spec.posix_data_source and transfer_spec.posix_data_sink fields (#4029)BUG FIXES:
containers.ports.container_port to be optional instead of required on google_cloud_run_service (#4030)project field optional in google_compute_instance_template data source (#4031)FEATURES:
google_backend_service_iam_* (#4021)IMPROVEMENTS:
EXTERNAL_MANAGED as option for load_balancing_scheme in google_compute_global_forwarding_rule resource (#4011)rate_limit_options to google_compute_security_policy rules (#4020)google_container_cluster resource. (#4015)google_dataproc_cluster from 20m to 45m (#4027)maintenance_policy and maintenance_schedule to google_redis_instance (#4010)network in google_vpc_access_connector to accept self_link or name (#4013)BUG FIXES:
Object.owner is missing when using google_storage_object_acl (#4019)BREAKING CHANGES:
location of google_cloud_run_service so that modifying the location field will recreate the resource rather than causing Terraform to report it would attempt an invalid update (#3998)IMPROVEMENTS:
maintenance_policy and maintenance_schedule to google_redis_instance (#4010)transfer_spec.aws_s3_data_source.role_arn to google_storage_transfer_job (#3999)BUG FIXES:
location of a google_cloud_run_service would not force resource recreation (#3998)google_compute_firewall would incorrectly find source_ranges to be empty during validation (#4008)google_notebooks_runtime.software_config (#3997)BREAKING CHANGES:
characters_to_ignore.character_to_skip field to characters_to_ignore.characters_to_skip in google_data_loss_prevention_deidentify_template. Any affected configurations will have been failing with an error at apply time already. (#3983)FEATURES:
google_network_connectivity_spoke (#3987)IMPROVEMENTS:
ip_range field to google_apigee_instance (#3989)default_mode and mode settings for created files within secrets in google_cloud_run_service (#3984)share_settings in google_compute_reservation (#3980)BUG FIXES:
google_cloud_run_service's template.spec.service_account_name. (#3993)characters_to_ignore.characters_to_skip field for google_data_loss_prevention_deidentify_template (#3983)schedule was required, but really it is optional. (#3995)IMPROVEMENTS:
EXTERNAL_MANAGED as option for load_balancing_scheme in google_compute_backend_service resource (#3975)dns_config field of google_container_cluster to GA (#3978)conditionMatchedLog and alertStrategy fields to google_monitoring_alert_policy resource (#3968)BREAKING CHANGES:
google_pubsub_schema so that modifiying fields will recreate the resource rather than causing Terraform to report it would attempt an invalid update (#3933)FEATURES:
google_apigee_nat_address (#3941)google_network_connectivity_hub (#3947)IMPROVEMENTS:
google_bigquery_table (#3950)identity_service_config to google_container_cluster (#3957)google_storage_bucket (#3938)BUG FIXES:
google_billing_budget.budget_filter.labels was not updating. (#3932)region_instance_group_manager would not start update if wait_for_instances was set and initial status was not STABLE (#3949)self_link functionality which was accidentally removed in 4.0.0 release. (#3946)google_pubsub_schema (#3933)google_storage_bucket.lifecycle_rule.condition.days_since_custom_time was not updating. (#3936)self_link functionality which was accidentally removed in 4.0.0 release. (#3946)FEATURES:
IMPROVEMENTS:
return_table_type field to google_bigquery_routine (#3922)available_secrets to google_cloudbuild_trigger (#3907)min_instances to google_cloudfunctions_function (#3904)cloud_composer_connection_subnetwork in google_composer_environment (#3912)google_compute_instance's can_ip_forward could not be updated without recreating or restarting the instance. (#3920)public_access_prevention to resource bucket (#3919)google_privateca_certificate, google_privateca_certificate_authority, and google_privateca_ca_pool via the non_ca and zero_max_issuer_path_length fields (#3902)BUG FIXES:
google_assured_workloads_workload from being created in any region other than us-central1 (#3925)DEPRECATIONS:
zone on google_filestore_instance in favor of location to allow for regional instances (#3887)FEATURES:
google_os_config_os_policy_assignment (#3892)google_recaptcha_enterprise_key (#3890)IMPROVEMENTS:
ENTERPRISE value on google_filestore_instance tier (#3887)google_privateca_certificate, google_privateca_certificate_authority, and google_privateca_ca_pool via the non_ca and zero_max_issuer_path_length fields (#3902)allocated_ip_range to resource google_sql_database_instance (#3897)BUG FIXES:
INTERNAL_MANAGED google_compute_region_backend_service. (#3888)instance_group_manager would not start update if wait_for_instances was set and initial status was not STABLE (#3893)ROUTES value for the networking_mode field in google_container_cluster. A recent API change unintentionally changed the default to a VPC_NATIVE cluster, and removed the ability to create a ROUTES-based one. Provider versions prior to this one will default to VPC_NATIVE due to this change, and are unable to create ROUTES clusters. (#3896)FEATURES:
google_compute_router_status (#3859)google_folders (#3886)google_notebooks_runtime (#3878)google_vertex_ai_metadata_store (#3885)IMPROVEMENTS
google_apigee_environment. (#3871):google_apigee_instance. (#3880)node_group to node_config for container clusters and node pools to support sole tenancy (#3881)spot field to node_config sub-resource (#3863)replicaCount , nodes, readEndpoint, readEndpointPort, readReplicasMode in google_redis_instance (#3870)BUG FIXES:
email in google_essential_contacts_contact as requiring recreation (#3864)CertificateAuthority (#3861)BUG FIXES:
FEATURES:
google_compute_router_status (#3859)IMPROVEMENTS:
queue_count to google_compute_instance.network_interface and google_compute_instance_template.network_interface (#3857)BUG FIXES:
google_bigquery_routine. (#3849)google_instance_from_machine_image to fail with a resourceInUseByAnotherResource error (#3855)cache_mode is set to FORCE_CACHE_ALL on google_compute_backend_bucket (#3858)google_compute_region_health_check when log_config.enable is set to false (#3853)google_service_directory_endpoint. (#3856)IMPROVEMENTS:
bfd to google_compute_router_peer (#3822)gcfs_config to node_config of google_container_node_pool resource (#3828)resourceNotReady error returned when attempting to add resources to a recently-modified subnetwork (#3827)message_retention_duration field to google_pubsub_topic (#3831)BUG FIXES:
google_apigee_instance_attachment could not be used on the same google_apigee_instance (#3838)google_bigquery_table (#3839)labels on google_billing_budget (#3823)source_disk to accept full image path on google_compute_snapshot (#3835)google_compute_firewall that would cause changes in source_ranges to not correctly be applied (#3834)description on google_logging_project_sink, google_logging_folder_sink and google_logging_organization_sink (#3826)NOTES:
BREAKING CHANGES:
google_app_engine_standard_app_version entrypoint as required (#3784)trace-append or trace-ro as scopes in google_compute_instance, use trace instead (#3759)advanced_machine_features on google_compute_instance_template to track changes when the block is undefined in a user's config (#3786)source_ranges in google_compute_firewall_rule to track changes when it is not set in a config file (#3791)metadata_startup_script, metadata.startup-script in google_compute_instance. Now, metadata.startup-script will be set by default, and metadata_startup_script will only be set if present. (#3765)source_disk_link field from google_compute_snapshot (#3783)instance_group_urls has been removed in favor of node_pool.instance_group_urls (#3796)enable_shielded_nodes to true for google_container_cluster (#3773)master_auth.client_certificate_config required (#3794)master_auth.username and master_auth.password from google_container_cluster (#3794)workload_metadata_configuration.node_metadata in favor of workload_metadata_configuration.mode in google_container_cluster (#3772)workload_identity_config.0.identity_namespace field from google_container_cluster, use workload_identity_config.0.workload_pool instead (#3776)self_link field from google_kms_crypto_key and google_kms_key_ring (#3783)bigquery-json.googleapis.com, the provider will no longer convert it as the upstream API migration is finished. Use bigquery.googleapis.com instead. (#3751)credentials, access_token precedence so that credentials values in configuration take precedence over access_token values assigned through environment variables (#3766)path from google_pubsub_subscription (#3777)path field from google_pubsub_subscription (#3783)google_project remove org_id and folder_id from state when they are removed from config (#3754)project field to Required in all google_project_iam_* resources (#3767)google_sql_database_instance fields: activation_policy (defaults ALWAYS), availability_type (defaults ZONAL), disk_type (defaults PD_SSD), encryption_key_name (#3778)database_version field to Required in google_sql_database_instance resource (#3770)google_sql_database_instance fields: authorized_gae_applications, crash_safe_replication, replication_type (#3778)bucket_policy_only from google_storage_bucket (#3769)location field to required in google_storage_bucket (#3771)VALIDATION CHANGES:
statement_timeout_ms, statement_byte_budget, or key_result_statement is required on google_bigquery_job.query.script_options. (#3752)query, load, copy or extract is required on google_bigquery_job (#3752)source_table or source_model is required on google_bigquery_job.extract (#3752)branch_name, commit_sha or tag_name is required on google_cloudbuild_trigger.build.source.repo_source (#3752)fixed_delay or percentage is required on google_compute_url_map.default_route_action.fault_injection_policy.delay (#3752)fixed or percent is required on google_compute_autoscaler.autoscaling_policy.scale_down_control.max_scaled_down_replicas (#3752)fixed or percent is required on google_compute_autoscaler.autoscaling_policy.scale_in_control.max_scaled_in_replicas (#3752)fixed or percent is required on google_compute_region_autoscaler.autoscaling_policy.scale_down_control.max_scaled_down_replicas (#3752)fixed or percent is required on google_compute_region_autoscaler.autoscaling_policy.scale_in_control.max_scaled_in_replicas (#3752)max_scaled_down_replicas or time_window_sec is required on google_compute_autoscaler.autoscaling_policy.scale_down_control (#3752)max_scaled_down_replicas or time_window_sec is required on google_compute_region_autoscaler.autoscaling_policy.scale_down_control (#3752)max_scaled_in_replicas or time_window_sec is required on google_compute_autoscaler.autoscaling_policy.scale_in_control.0. (#3752)max_scaled_in_replicas or time_window_sec is required on google_compute_region_autoscaler.autoscaling_policy.scale_in_control.0. (#3752)source_tags, source_ranges or source_service_accounts on INGRESS google_compute_firewall resources (#3750)start_time or end_time is required on google_data_loss_prevention_trigger.inspect_job.storage_config.timespan_config (#3752)url or regex_file_set is required on google_data_loss_prevention_trigger.inspect_job.storage_config.cloud_storage_options.file_set (#3752)org_id, folder_id at plan time in google_project (#3754)linux_exec_step_config or windows_exec_step_config is required on google_os_config_patch_deployment.patch_config.post_step (#3752)linux_exec_step_config or windows_exec_step_config is required on google_os_config_patch_deployment.patch_config.pre_step (#3752)reboot_config, apt, yum, goo zypper, windows_update, pre_step or pre_step is required on google_os_config_patch_deployment.patch_config (#3752)security, minimal, excludes or exclusive_packages is required on google_os_config_patch_deployment.patch_config.yum (#3752)type, excludes or exclusive_packages is required on google_os_config_patch_deployment.patch_config.apt (#3752)with_optional, with_update, categories, severities, excludes or exclusive_patches is required on google_os_config_patch_deployment.patch_config.zypper (#3752)classifications, excludes or exclusive_patches is required on google_os_config_patch_deployment.inspect_job.patch_config.windows_update (#3752)num_nodes or processing_units is required on google_spanner_instance (#3752)IMPROVEMENTS:
managed_instance_group_urls to google_container_node_pool to replace instance_group_urls on google_container_cluster (#3815)google_kms_crypto_key.protection_level (#3763)billing_project on google_project_service (#3768)google_spanner_instance operations from 4 minutes to 20 minutes, significantly reducing the likelihood that resources will time out (#3789)BUG FIXES:
google_bigquery_table (#3781)ttl fields on google_compute_backend_bucket (#3757)subnetwork when it is optional on google_compute_network_endpoint_group (#3780)log_config.enable of both google_compute_backend_service and google_compute_region_backend_service (#3760)google_compute_instance_group_manager.update_policy.0.min_ready_sec field so that updating it to 0 works (#3810)google_compute_region_instance_group_manager.update_policy.0.min_ready_sec field so that updating it to 0 works (#3810)data.google_spanner_instance so that non-configurable fields are considered outputs (#3804)