DEPRECATIONS:
master_auth, constraining it to master_auth.username and master_auth.passwordDEPRECATIONS:
workload_identity_config.0.identity_namespace and it will be removed in a future major release as it has been deprecated in the API. Use workload_identity_config.0.workload_pool instead. Switching your configuration from one value to the other will trigger a diff at plan time, and a spurious update. (#3733)google_container_cluster fields: instance_group_urls and master_auth (#3746)IMPROVEMENTS:
environment_size to resource google_composer_environment (#3730)node_config.0.guest_accelerator.0.gpu_partition_size field to google_container_node_pool (#3739)workload_identity_config.0.workload_pool to google_container_cluster (#3733)dns_cache_config conflict with GKE Autopilot mode (#3725)monitoring_config to accept WORKLOAD (#3732)BUG FIXES:
template.spec.containers.ports.name of the google_cloud_run_service resource (#3740)config.node_config.zone requirement on google_composer_environment (#3745)failover_policy on google_compute_region_backend_service (#3728)description updatable without recreation on google_compute_instance_group_manager (#3735)google_container_node_pool.workload_metadata_config.mode (#3726)google_scc_notification_config.streaming_config.filter was not updating. (#3727)BUG FIXES:
google_compute_router_peer could not set an advertised route priority of 0, causing permadiff. (#3718)monitoring_config of google_container_cluster (#3717)google_storage_bucket resources. (#3715)NOTES:
DEPRECATIONS:
workload_metadata_configuration.node_metadata in favor of workload_metadata_configuration.mode in google_container_cluster (#3694)google_dataproc_workflow_template.version field, as it wasn‘t actually useful. The field is used during updates, but updates aren’t currently possible with the resource. (#3675) BREAKING CHANGES:config_membership field in google_gke_hub_feature required, disallowing invalid configurations (#3681)configmanagement, feature, location, membership fields in google_gke_hub_feature_membership required, disallowing invalid configurations (#3681)FEATURES:
google_service_networking_peered_dns_domain (#3690)google_sourcerepo_repository (#3684)google_storage_bucket (#3678)google_pubsub_lite_reservation (#3708)google_service_networking_peered_dns_domain (#3690)IMPROVEMENTS:
enable_privately_used_public_ips to resource google_composer_environment (beta) (#3697)enable_ip_masq_agent to resource google_composer_environment (beta) (#3705)workloads_config and cloud_composer_network_ipv4_cidr_block to composer_environment (#3709)connectionTrackingPolicy in RegionBackendService(beta) (#3698)google_compute_subnetwork and google_compute_instance.network_interfaces (#3677)workload_metadata_configuration.mode in google_container_cluster (#3694)uid output field, cloud_function destination to google_eventarc_trigger (#3681)gcp_service_account_email when configuring Git sync in google_gke_hub_feature_membership (#3681)resource_state, state outputs to google_gke_hub_feature (#3681)google_pubsub_lite_reservation to google_pubsub_lite_topic. (#3708)BUG FIXES:
google_monitoring_uptime_check_config where NOT_MATCHES_REGEX could not be specified. (#3700)service on google_service_directory_endpoint as ForceNew to trigger recreates on changes (#3683)DEPRECATIONS:
google_dataproc_workflow_template.version field, as it wasn‘t actually useful. The field is used during updates, but updates aren’t currently possible with the resource. (#3675)FEATURES:
google_monitoring_monitored_project (#3658)google_org_policy_policy (#3637)IMPROVEMENTS:
service_account to google_cloudbuild_trigger (#3661)scheduler_count to google_composer_environment (#3660)resource_policies property (#3668)logging_config and monitoring_config to google_container_cluster (#3641)import_only to google_kms_crypto_key (#3659)google_network_services_edge_cache_origin from 30m to 60m (#3674)BUG FIXES:
reserved_ip_range on google_filestore_instance via recreation of the instance (#3651)BUG FIXES:
google_dns_record_set where rrdatas could not be updated (#3625)google_dns_record_set where creating the resource would result in an 409 error (#3625)google_organization_policy (#3624)DEPRECATIONS:
interface field on google_compute_disk and google_compute_region_disk (#3611)IMPROVEMENTS:
user_project_override in google_bigtable_instance and google_bigtable_table (#3614)iap fields to google_compute_region_backend_service (#3605)nextHopIlb field of google_compute_route resource (#3609)dns_config to resource google_container_cluster (#3606)disabled field to google_service_account resource (#3603)path to google_storage_transfer_job (#3608)BUG FIXES:
deployment.container.image would update to an old version even if in ignore_changes (#3613)destination_encryption_config.kms_key_name stored the version rather than the key name. (#3616)google_redis_instance (#3604)google_project_service where users could not reenable services that were disabled outside of Terraform. (#3607)DEPRECATIONS:
interface field on google_compute_disk and google_compute_region_disk (#3611)FEATURES:
google_secret_manager_secret (#3588)IMPROVEMENTS:
google_compute_service_attachment (#3587)connect_mode to networks field in google_filestore_instance (#3595)BUG FIXES:
maintenance_exclusion on google_container_cluster (#3600)advanced_machine_features error messages in google_compute_instance (#3598)google_cloudfunctions_function (#3591)bucket_options.linear_buckets.width on google_logging_metric (#3589)days_since_noncurrent_time of google_storage_bucket (#3599)FEATURES:
google_privateca_certificate_template (#3561)IMPROVEMENTS:
certificate_template to google_privateca_certificate. (#3567)ip_address field of google_compute_router_peer (#3565)metastore_config to google_dataproc_cluster (#3577)destroy_scheduled_duration to google_kms_crypto_key (#3563)BUG FIXES:
config_id on google_endpoints_service (#3564)google_cloudbuild_trigger as requiring one of branch_name/tag_name/commit_sha within build.source.repo_source (#3582)enable field of google_compute_router_peer (#3579)next_hop_instance_zone on google_compute_route when next_hop_instance was set to a self link (#3571)google_compute_router_nat where removing log_config resulted in a perma-diff (#3581)publishing_options on google_privateca_ca_pool when both attributes set false (#3570)google_storage_bucket_object (#3578)FEATURES:
google_privateca_certificate_template (#3561)google_compute_firewall_policy (#3556)google_compute_firewall_policy_association (#3556)google_compute_firewall_policy_rule (#3556)IMPROVEMENTS:
nic_type, reservation_affinity to google_notebooks_instance (#3554)collation to google_sql_database_instance (#3557)BUG FIXES:
apigateway resources (#3549)source_machine_image from a different project is used on google_compute_instance_from_machine_image (#3541)google_dns_managed_zone (#3559)google_healthcare_hl7_v2_store.parser_config subfields would error with “...parser_config.version field is immutable...” (#3560)google_os_config_guest_policies (#3550)google_pubsub_schema to deal with eventually consistent deletes (#3544)replication fields would not update in google_secret_manager_secret (#3558)google_service_usage_consumer_quota_override (#3552)type when BUILT_IN on google_sql_user (#3545)google_sql_user with CLOUD_IAM_USERs on POSTGRES. (#3542)IMPROVEMENTS:
enable attribute to google_compute_router_peer (#3507)L3_DEFAULT as ip_protocol for google_compute_forwarding_rule and UNSPECIFIED as protocol for google_compute_region_backend_service to support network load balancers that forward all protocols and ports. (#3516)security_settings to google_compute_backend_service (#3515)google_gke_hub_membership support for both //container.googleapis.com/${google_container_cluster.my-cluster.id} and google_container_cluster.my-cluster.id in endpoint.0.gke_cluster.0.resource_link (#3502)request_reason (#3513)billing_project across all resources. If user_project_override is set to true and a billing_project is set, the X-Goog-User-Project header will be sent for all resources. (#3539)BUG FIXES:
google_assured_workloads_workload can delete what it creates (#3533)location of the google_bigquery_dataset (#3524)wait_for_instances in google_compute_instance_group_manager and google_compute_region_instance_group_manager to no longer block plan / refresh, waiting on managed instance statuses during apply instead (#3531)negative_caching_policy cannot be set always revalidate on google_compute_backend_service (#3529)/projects after the host (#3532)__name__ on google_firestore_index (#3528)ignore_active_certificates_on_deletion on the imported google_privateca_certificate_authority (#3511)google_privateca_certificate_authority with max_issuer_path_length = 0. (#3540)FEATURES:
google_dialogflow_cx_environment (#3488)IMPROVEMENTS:
//container.googleapis.com/${google_container_cluster.my-cluster.id} and google_container_cluster.my-cluster.id references in google_gke_hub_membership.endpoint.0.gke_cluster.0.resource_link (#3502)name field to google_kms_crypto_key_version datasource (#3500)BUG FIXES:
google_apigee_envgroup (#3489)format to be case insensitive in aligning with backend behavior on google_artifact_registry_repository (#3491)google_privateca_certificate_authority of type SUBORDINATE due to an invalid attempt to activate it on creation. (#3499)NOTES:
num_nodes field on google_spanner_instance will have its default removed in a future major release, and either num_nodes or processing_units will be required. (#3479)FEATURES:
google_dialogflow_cx_entity_type (#3480)google_dialogflow_cx_page (#3461)IMPROVEMENTS:
network_config block to google_container_node_pool resource (#3472)processing_units to google_spanner_instance. (#3479)customer_encryption on resource_storage_bucket_object (#3469)IMPROVEMENTS:
max_pods_per_node field. (#3445)user_project_override and billing_project to google_service_networking_connection (#3455)BUG FIXES:
azure_blob_storage_data_source for google_storage_transfer_job (#3447)google_sql_user in state for iam users. (#3442)azure_credentials was defined in google_storage_transfer_job (#3457)FEATURES:
google_scc_notification_config (#3431)IMPROVEMENTS:
maintenance_window to resource google_composer_environment (#3435)log_config field of google_compute_region_backend_service (#3427)crypto_replace_ffx_fpe_config and crypto_replace_ffx_fpe_config as primitive transformation types to google_data_loss_prevention_deidentify_template (#3429)BUG FIXES:
destination_dataset_id was required, it is now optional. (#3438)budget_filter. projects on google_billing_budget (#3436)0.8 from google_backend_service.backend.max_utilization and it will now default from API. All max_connections_xxx and max_rate_xxx will also default from API as these are all conditional on balancing mode. (#3432)FEATURES:
google_assured_workloads_workload (#3410)google_dialogflow_cx_flow (#3422)google_dialogflow_cx_intent (#3415)google_dialogflow_cx_version (#3423)google_network_services_edge_cache_keyset (#3417)google_network_services_edge_cache_origin (#3417)google_network_services_edge_cache_service (#3417)google_vertex_ai_featurestore_entitytype (#3416)google_vertex_ai_featurestore (#3416)IMPROVEMENTS:
peering_cidr_range on google_apigee_instance (#3424)pubsub_config and webhook_config parameter to google_cloudbuild_trigger. (#3418)BUG FIXES:
BREAKING CHANGES:
FEATURES:
IMPROVEMENTS:
kms_key_version as an output on bigquery_table.encryption_configuration and the destination_encryption_configuration blocks of bigquery_job.query, bigquery_job.load, and bigquery_copy. (#3406)advanced_machine_features to google_compute_instance (#3392)replace_with_info_type_config to dlp_deidentify_template. (#3384)temporary_hold and event_based_hold attributes to google_storage_bucket_object (#3399)BUG FIXES:
google_bigquery_table.schema (#3405)all_updates_rule.* fields updatable on google_billing_budget (#3394)amount.specified_amount.units updatable on google_billing_budget (#3391)google_compute_instance (#3389)google_storage_object_access_control (#3407)FEATURES:
google_app_engine_service_network_settings (#3371)google_vertex_ai_dataset (#3369)google_cloudbuild_worker_pool (#3372)IMPROVEMENTS:
cluster.kms_key_name field to google_bigtable_instance (#3354)max_pods_per_node to resource google_composer_environment (beta) (#3376)ttl, expire_time, topics and rotation fields to google_secret_manager_secret (#3360)BUG FIXES:
node_config.service_account at the same time as enable_autopilot = true for google_container_cluster (#3361)google_container_node_pool (#3378)google_dataproc_workflow_template with secondary_worker_config empty except for num_instances = 0 (#3347)google_filestore_instance where creating two instances simultaneously resulted in an error. (#3358)google_iam_workload_identity_pool_provider where aws and oidc were not updatable. (#3350)binary_logging on replica instances for googe_sql_database_instance (#3379)FEATURES:
google_compute_service_attachment (#3328)google_dialogflow_cx_agent (#3324)google_gkehub_feature (#3330)google_gkehub_feature_membership (#3330)IMPROVEMENTS:
adaptive_protection_config to google_compute_security_policy (#3322)advanced_machine_features fields to google_compute_instance_template (#3337)network_performance_config block to each of resource_compute_instance, resource_compute_instance_from_template, and resource_compute_instance_template (#3341)redis_version to be upgraded on google_redis_instance (#3344)BUG FIXES:
peering_cidr_range on google_apigee_instance (#3327)google_cloud_run_service if the order of the template.spec.containers.env list was re-ordered outside of terraform. (#3326)user_project_override support to the ContainerOperationWaiter used by google_container_cluster (#3345)IMPROVEMENTS:
google_container_node_pool.cluster to ensure that a node pool is recreated if the associated cluster is recreated. (#3314)azure_blob_storage_data_source to google_storage_transfer_job (#3316)BUG FIXES:
google_bigquery_table.schema handling of policyTags (#3307)encryption showed a perma-diff on resources created prior to the feature being released. (#3309)google_dataflow_flex_template_job updates (#3318)google_dataflow_flex_template_job updates fail fast if the job is in the process of cancelling or draining(#3317)FEATURES:
google_dialogflow_fulfillment (#3286)IMPROVEMENTS:
reservation_affinity to google_compute_instance and google_compute_instance_template (#3288)wait_for_instances_status on google_compute_instance_group_manager and google_compute_region_instance_group_manager (#3283)status field on google_compute_instance_group_manager and google_compute_region_instance_group_manager (#3283)google_compute_region_health_check to avoid permanent diff on plan/apply. (#3291)BUG FIXES:
google_composer_environment (#3287)matches_storage_class is set empty on google_storage_bucket (#3282)max_throughput is not set on google_vpc_access_connector (#3294)IMPROVEMENTS:
provisioned_iops to google_compute_disk (#3269)disk_autoresize_limit to sql_database_instance (#3273)BUG FIXES:
google_compute_region_disk and google_compute_disk would force recreation due to the addition of interface property (#3272)negative_caching and serve_while_stale on google_compute_backend_service (#3278)matches_storage_class is set empty on google_storage_bucket (#3282)IMPROVEMENTS:
apiconfig to change on resource google_apigateway_gateway (#3248)google_compute_router, google_compute_ha_vpn_gateway, google_compute_interconnect_attachment and google_compute_address (#3256)google_dataflow_flex_template_job (#3246)BUG FIXES:
initial_group_config of google_cloud_identity_group (#3252)google_compute_metadata_item to reduce retries + quota errors (#3262)enable_shielded_nodes could not be false on resource google_container_cluster (#3247)FEATURES:
google_pubsub_schema (#3243)IMPROVEMENTS:
initial_size in resource google_compute_node_group to account for scenarios where size may change under the hood (#3228)kms_key_name on google_compute_machine_image (#3241)google_dataflow_flex_template_job (#3246)BUG FIXES:
cdn_policy.serve_while_stale and cdn_policy.*_ttl in google_compute_region_backend_service (beta) (#3230)node_version and remove_default_node_pool cannot be set on google_container_cluster (#3237)NOTES:
dataset_id or project_id in google_bigquery_dataset will now recreate the resource (#3185)IMPROVEMENTS:
require_verified_chrome_os in basic access levels. (#3223)google_billing_budget (#3194)initial_group_config to the google_cloud_identity_group resource (#3211)google_cloud_run_service (#3225)initial_size to account for scenarios where size may change under the hood in resource google_compute_node_group (#3228)interface field to google_compute_region_disk (#3193)stream_configs in google_healthcare_dicom_store (#3190)google_secret_manager_secret (#3212)force_destroy to google_spanner_instance to delete instances that have backups enabled. (#3227)google_spanner_database (#3181)source_contents and service_account as updatable on google_workflows_workflow (#3205)BUG FIXES:
dataset_id to force new resource if name is changed. (#3185)google_cloud_run_domain_mapping.metadata.labels (#3183)google_composer_environment.master_ipv4_cidr_block to draw default from the API (#3204)min_required_replicas is set to 0 on google_compute_autoscaler or google_compute_region_autoscaler (#3203)google_container_node_pool (#3210)rrdatas list on google_dns_record_set for AAAA records (#3207)skip_initial_version_creation on google_kms_crypto_key (#3192)metric_descriptor.labels can't be updated on ‘google_logging_metric’ (#3217)minimum_backoff & maximum_backoff on google_pubsub_subscription (#3214)google_organization_iam_member, google_organization_iam_binding, and google_organization_iam_policy (#3213)google_project_service.service validation to reject invalid service domains that don't contain a period (#3191)role_entity user wouldn't update if the role changed. (#3199)BUG FIXES:
service_account.scopes to more. (#3208)NOTES:
BREAKING CHANGES:
parent in google_data_catalog_tag will now recreate the resource (#3179)FEATURES:
google_compute_ha_vpn_gateway (#3173)google_dataproc_workflow_template (#3178)IMPROVEMENTS:
google_cloudfunctions_function.available_memory_mb (#3171)google_compute_instance (#3166)shielded_instance_config fields to google_dataproc_cluster (#3157)google_spanner_database (#3181)BUG FIXES:
scopes on google_compute_instance (#3174)node_config on google_container_cluster when autopilot is used (#3155)parent in google_data_catalog_tag attempted to update the resource when change instead of recreating it (#3179)force_delete on google_data_catalog_tag_template (#3164)google_dns_record_set resource (#3160)clone.point_in_time optional for google_sql_database_instance (#3180)FEATURES:
google_kms_secret_asymmetric (#3141)IMPROVEMENTS:
google_compute_forwarding_rule.ip_address by a reference in addition to raw IP address (#3140)advertiseMode, advertisedGroups, peerAsn, and peerIpAddress to be updatable on resource google_compute_router_peer (#3134)transport.pubsub.topic to google_eventarc_trigger (#3149)BUG FIXES:
scopes field on google_compute_instance resource (#3147)google_workflows_workflow that could cause inconsistent final plan errors when using the name field in other resources (#3138)FEATURES:
google_tags_tag_binding (#3121)google_tags_tag_key_iam_binding (#3124)google_tags_tag_key_iam_member (#3124)google_tags_tag_key_iam_policy (#3124)google_tags_tag_value_iam_binding (#3124)google_tags_tag_value_iam_member (#3124)google_tags_tag_value_iam_policy (#3124)google_apigee_envgroup_attachment (#3129)IMPROVEMENTS:
require_partition_filter field to google_bigquery_table when provisioning hive_partitioning_options (#3106)google_cloudbuild_trigger (#3115)maintenance_window.start_time to google_compute_node_group (#3125)google_compute_instance_template (#3123)description field to google_data_catalog_tag_template resource (#3128)BUG FIXES:
mtu in google_compute_interconnect_attachment as it was incompatible with existing state representation (#3112)Provider produced inconsistent result after apply error when creating (#3107)FEATURES:
google_monitoring_istio_canonical_service (#3092)google_apigee_instance_attachment (#3093)google_gke_hub_membership (#3079)google_tags_tag_value (#3097)IMPROVEMENTS:
google_sql_database_instance to 30m from 20m (#3099)BUG FIXES:
schema with additional columns in google_bigquery_table (#3100)google_cloud_identity_groups and google_cloud_identity_group_memberships to respect the user_project_override and billing_project configurations and send the appropriate headers to establish a quota project (#3081)scopes field to google_compute_instance resource (#3098)google_notebook_instance (#3096)secrest_data in google_secret_manager_secret_version (#3094)FEATURES:
google_compute_health_check (#3066)google_kms_secret_asymmetric (#3076)google_gke_hub_membership (#3079)google_tags_tag_key (#3062)google_data_catalog_tag_template_iam_* (#3071)IMPROVEMENTS:
google_access_context_manager_service_perimeter (#3064)format on google_artifact_registry_repository (#3068)proxy_bind to google_compute_target_tcp_proxy, google_compute_target_http_proxy and google_compute_target_https_proxy (#3061)BUG FIXES:
mtu in google_compute_interconnect_attachment (#3075IMPROVEMENTS:
GOOGLE_APPLICATION_CREDENTIALS environment variable. (#3054)proxy_bind to google_compute_target_tcp_proxy, google_compute_target_http_proxy and google_compute_target_https_proxy (#3061)google_compute_subnetwork to accept more values in the purpose field (#3043)enable_streaming_engine argument (#3049)subnet, machine_type beta fields to google_vpc_access_connector (#3042)BUG FIXES:
google_binary_authorization_attestor (#3035)export_custom_routes and import_custom_routes in google_compute_network_peering (#3045)FEATURES:
google_workflows_workflow (#2989)IMPROVEMENTS:
google_cloud_run_service (#3005)mtu field to google_compute_interconnect_attachment (#3006)google_compute_autoscaler and google_compute_region_autoscaler (#2987)nic_type to google_compute_instance (GA only) (#2998)ephemeral_storage_config to resource google_container_node_pool and google_container_cluster (beta) (#3023)DEVELOPER instance type to google_data_fusion_instance (#3015)google_monitoring_slo (#3013)settings.0.backup_configuration.transaction_log_retention_days and settings.0.backup_configuration.transaction_log_retention_days fields to google_sql_database_instance (#3010)kms_key_name to google_storage_bucket_object resource (#3026)BUG FIXES:
resource_bigtable_gc_policy (#2991)google_binary_authorization_attestor (#3035)google_cloudfunctions_function updates (#2992)google_cloud_identity_group would periodically fail with a 403 (#3012)nat_ips that were specified as short forms in google_compute_router_nat (#3007)google_container_cluster (#3018)maintenance_exclusion for google_container_cluster (#3014)language_tag required for google_essential_contacts_contact (#2994)google_service_usage_consumer_quota_override where setting the override_value to 0 would result in a permanent diff (#2985)google_service_usage_consumer_quota_override where setting the override_value to 0 would result in a permanent diff (#3025)FEATURES:
google_dataproc_metastore_service (#2977)google_workflows_workflow (#2989)google_apigee_instance (#2986)google_eventarc_trigger (#2972)IMPROVEMENTS:
encryption_config to google_composer_environment resource (#2967)google_container_node_pool create calls so that partially created node pools will resume the original operation if the Terraform process is killed mid create. (#2969)auth_string on the resource_redis_instance resource as sensitive (#2974)BUG FIXES:
google_apigee_organization resource (#2966)google_artifact_registry_repository always failed (#2968)guest_flush could not be set to false for the resource google_compute_resource_policy (#2975)target_size in google_compute_region_instance_group_manager (#2979)auth_string in google_redis_instance (#2970)NOTES:
google_bigquery_table resources now cannot be destroyed unless deletion_protection = false is set in state for the resource. (#2954)FEATURES:
IMPROVEMENTS:
deletion_protection field to google_bigquery_table to make deleting them require an explicit intent. (#2954)google_compute_target_ssl_proxy. The API currently allows upto 15 Certificates. (#2964)google_compute_global_address and google_compute_global_forwarding_rule (#2956)iam_binding and iam_member resources on policies that have frequently deleted service accounts (#2963)google_redis_instance (#2955)insights_config block to google_sql_database_instance resource (#2944)BUG FIXES:
google_data_catalog_taxonomy (#2961)max_failure_per_hour not sent in API request for the resource google_dataproc_job (#2949)google_data_loss_prevention_stored_info_type regex.group_indexes field to trigger resource recreation on update (#2947)charset in google_sql_database (#2957)DEPRECATIONS:
source_disk_url field in google_compute_snapshot. (#2939)self_link field in google_kms_keyring and google_kms_cryptokey resource as it is identical value to id field. (#2939)path field in google_pubsub_subscription resource as it is identical value to id field. (#2939)FEATURES:
google_essential_contacts_contact (#2943)google_privateca_certificate (#2924)IMPROVEMENTS:
status field to google_bigquery_job (#2926)disk.resource_policies field to resource google_compute_instance_template (#2929)nic_type field to google_compute_instance_template resource to support gVNIC (#2941)nic_type field to google_compute_instance resource to support gVNIC (#2941)kms_key_name field in google_pubsub_topic as updatable (#2942)BUG FIXES:
FEATURES:
google_privateca_certificate (#2924)IMPROVEMENTS:
disk.resource_policies field to resource google_compute_instance_template (#2929)google_sql_database_instance (#2923)availability sli metric support for the resource google_monitoring_slo (#2908)BUG FIXES:
schema for resource google_bigquery_table (#2913)run.googleapis.com/ingress-status annotation in google_cloud_run_service (#2920)account_id for datasource google_service_account (#2917)BREAKING CHANGES:
* bigquery: made incompatible changes to the google_bigquery_table.schema field to cause the resource to be recreated ([#8232](https://github.com/hashicorp/terraform-provider-google/pull/8232)) due to unintended interactions with a bug introduced in an earlier version of the resource.FEATURES:
google_runtimeconfig_config (#8268)IMPROVEMENTS:
distribution_policy_target_shape field to google_compute_region_instance_group_manager resource (#8277)master_global_access_config, tpu_ipv4_cidr_block, default_snat_status and datapath_provider fields of google_container_cluster to GA. (#8303)temp_bucket to google_dataproc_cluster cluster config. (#8131)tags, service_account_scopes,shielded_instance_config to google_notebooks_instance (#8289)BUG FIXES:
google_bigquery_table (#8298)google_billing_budget (#8266)google_compute_subnetwork to correctly send a fingerprint (#8290)KNOWN ISSUES: New google_bigquery_table behaviour introduced in this version had unintended consequences, and may incorrectly flag tables for recreation. We expect to revert this for 3.55.0.
FEATURES:
google_cloud_run_locations (#2864)google_privateca_certificate_authority (#2877)google_privateca_certificate_authority_iam_binding (#2883)google_privateca_certificate_authority_iam_member (#2883)google_privateca_certificate_authority_iam_policy (#2883)IMPROVEMENTS:
google_bigquery_table.schema field cause the resource to be recreated (#2876)google_bigtable_instance resource was not inferring the zone from the provider. (#2873)google_cloud_scheduler_job (#2882)scaling_schedules fields to google_compute_autoscaler and google_compute_region_autoscaler (beta) (#2879)google_compute_region_per_instance_config, google_compute_per_instance_config, google_compute_region_instance_group_manager resources were not inferring the region/zone from the provider. (#2874)google_memcached_instance resource was not inferring the region from the provider. (#2863)google_tpu_node resource was not inferring the zone from the provider. (#2863)google_vpc_access_connector resource was not inferring the region from the provider. (#2863)BUG FIXES:
bigquery_dataset_iam_member where deleted members were not handled correctly (#2875)google_compute_health_check when log_config.enable is set to false (#2866)google_notebooks_instance (#2880)google_folder_iam_* (#2878)FEATURES:
google_compute_instance_template (#2842)google_apigee_organization (#2856)IMPROVEMENTS:
google_access_context_manager_gcp_user_access_binding (#2851)google_memcached_instance resource was not inferring the region from the provider. (More info)keepers field to google_service_account_key that recreates the field when it is modified (#2860)google_sql_database_instance (#2843)google_sql_source_representation_instance (#2841)google_tpu_node resource was not inferring the zone from the provider. (More info)google_vpc_access_connector resource was not inferring the region from the provider. (More info)BUG FIXES:
table (#2840)google_project_access_approval_settings where the default project was used rather than project_id (#2852)BREAKING CHANGES:
google_billing_budget as it never functioned correctly (#2789)FEATURES:
google_sql_backup_run (#2824)google_storage_bucket_object_content (#2785)google_billing_subaccount (#2788)google_pubsub_lite_subscription (#2781)google_pubsub_lite_topic (#2781)IMPROVEMENTS:
duration for bigtable_gc_policy to allow durations shorter than a day (#2815)google_compute_image (#2779)google_compute_address.purpose (#2773)multiwriter to resource disk (beta) (#2822)enable_independent_endpoint_mapping to google_compute_router_nat resource (#2805)filter.direction to google_compute_packet_mirroring (#2825)confidential_instance_config field in google_compute_instance and google_compute_instance_template to GA (#2818)kms_key_name field for google_dataflow_job (#2829)parameters for custom service account and other pipeline options to google_dataflow_flex_template_job (#2776)auth_string output to google_redis_instance when auth_enabled is true (#2819)type field on google_sql_user to support IAM authentication (#2802)BUG FIXES:
google_bigquery_connection that caused the resource to function incorrectly when connection_id was unset (#2792)google_compute_region_url_map default_service, as it should be a choice of default_service or default_url_redirect (#2810)google_cloud_tasks_queue when the 0s is supplied (#2812)google_cloudfunctions_function would sometimes fail to update after being imported from gcloud (#2780)google_cloud_run_domain_mapping spec.force_override field (#2791)enable_private_nodes is true if master_ipv4_cidr_block is set on resource cluster (#2811)google_container_cluster.private_cluster_config[0].master_global_access_config.enabled to false caused a permadiff. (#2816)google_logging_project_sink (#2821)google_sql_database_instance that caused a permadiff on settings.replication_type (#2778)BUG FIXES:
FEATURES:
google_firestore_document (#2759)IMPROVEMENTS:
google_compute_region_backend_service. (#2762)google_compute_backend_service. (#2762)replacement_method field to update_policy block of google_compute_instance_group_manager (#2756)replacement_method field to update_policy block of google_compute_region_instance_group_manager (#2756)unique_writer_identity on google_logging_project_sink (#2767)google_storage_bucket resource (#2761)BUG FIXES:
google_project_default_service_accounts would delete all IAM bindings on a project when run with action = "DEPRIVILEGE" (#2771)google_spanner_database where multi-statement updates were not formatted correctly (#2766)google_sql_database_instance that caused a permadiff on settings.replication_type (#2778)FEATURES:
google_composer_environment (#2745)google_monitoring_cluster_istio_service (#2730)google_monitoring_mesh_istio_service (#2730)IMPROVEMENTS:
replacement_method field to update_policy block of google_compute_instance_group_manager (#2756)replacement_method field to update_policy block of google_compute_region_instance_group_manager (#2756)google_compute_backend_bucket (#2741)google_compute_url_map's fields referring to backend services to be able to refer to backend buckets. (#2754)resource_container_node_pool (#2740)REVERT_AND_IGNORE_FAILURE to google_project_default_service_accounts (#2750)force with updates to google_service_usage_consumer_quota_override (#2747)BUG FIXES:
google_storage_bucket where cors could not be removed (#2732)FEATURES:
IMPROVEMENTS:
ORC as a valid option to source_format field of google_bigquery_table resource (#2714)custom_response_headers field to google_compute_backend_service resource (#2722)google_container_cluster (#2724)google_runtimeconfig_variable resource as sensitive (#2717)deletion_policy field to google_sql_user to enable abandoning users rather than deleting them (#2719)BUG FIXES:
google_bigtable_app_profile (#2716)FEATURES:
google_iam_workload_identity_pool_provider (#2688)IMPROVEMENTS:
google_api_gateway_api_config resoure (#2692)google_cloudfunction_function that blocked updates when Organization Policies are enabled. (#2681)autoscaling_policy.0.scale_in_control fields to google_compute_autoscaler (#2703)autoscaling_policy.0.scale_in_control fields to google_compute_region_autoscaler (#2703)google_compute_interconnect_attachment bandwidth field (#2698)google_dataproc_cluster resource (#2683)BUG FIXES:
google_cloud_run_domain_mapping metadata.annotations to ignore API-set fields (#2700)google_compute_packet_mirroring where updates would fail due to network not being updatable (#2704)google_data_catalog_taxonomy and google_data_catalog_policy_tag where importing would fail (#2694)google_spanner_instance.config as ForceNew as is not updatable (#2699)FEATURES:
google_iam_workload_identity_pool (#2663)google_iam_workload_identity_pool_provider (#2670)google_project_default_service_accounts (#2668)IMPROVEMENTS:
google_cloudfunction_function that blocked updates when Organization Policies are enabled. (#2681)google_cloudfunction_function (#2666)google_cloud_run_service to suppress Google generated annotations (#2679)BUG FIXES:
google_data_flow_job when region is given in the config (#2662)google_monitoring_slo's range values - some range values are doubles, others are integers. (#2655)google_storage_bucket where lifecycle_rules were always included in update requests (#2684)NOTES:
google_compute_machine_image resource to complete once the Image is ready. (#2637)FEATURES:
google_api_gateway_api_config_iam_binding (#2636)google_api_gateway_api_config_iam_member (#2636)google_api_gateway_api_config_iam_policy (#2636)google_api_gateway_api_config (#2636)google_api_gateway_api_iam_binding (#2636)google_api_gateway_api_iam_member (#2636)google_api_gateway_api_iam_policy (#2636)google_api_gateway_api (#2636)google_api_gateway_gateway_iam_binding (#2636)google_api_gateway_gateway_iam_member (#2636)google_api_gateway_gateway_iam_policy (#2636)google_api_gateway_gateway (#2636)google_compute_instance_from_machine_image (#2637)google_compute_machine_image_iam_binding (#2637)google_compute_machine_image_iam_member (#2637)google_compute_machine_image_iam_policy (#2637)google_iap_tunnel_iam_binding (#2642)google_iap_tunnel_iam_member (#2642)google_iap_tunnel_iam_policy (#2642)IMPROVEMENTS:
email_preferences field to google_bigquery_data_transfer_config resource (#2652)schedule_options field to google_bigquery_data_transfer_config resource (#2641)private_ipv6_google_access field to google_compute_subnetwork (#2649)google_compute_machine_image resource (#2637)export_custom_routes and import_custom_routes for google_compute_network_peering (#2633)load_balancing_scheme validation of google_compute_region_backend_service to support external network load-balancers (#2628)confidential_nodes field to google_container_cluster resource (#2632)google_data_catalog (#2626)custom_info_types to google_dlp_inspect_template (#2648)build_environment_variables field to google_cloudfunction_function (#2629)skip_initial_version_creation to google_kms_crypto_key (#2645)google_monitoring_alert_policy (#2651)BUG FIXES:
google_compute_health_check port values caused a diff when port_specification was unset or set to "" (#2635)rollout.disruption_budget.percentage field in google_os_config_patch_deployment did not correspond to a field in the API (#2644)google_sql_database_instance where we inadvertently required the projects.get permission for a service networking precheck introduced in v3.44.0 (#2634)BREAKING CHANGES:
google_pubsub_subscription.enable_message_ordering will now recreate the resource. Previously, an error was returned. (#2624)google_spanner_database resources now cannot be destroyed unless deletion_protection = false is set in state for the resource. (#2612)NOTES:
google_compute_vpn_gateway (#2607)FEATURES:
google_spanner_instance (#2602)google_notebooks_instance_iam_binding (#2605)google_notebooks_instance_iam_member (#2605)google_notebooks_instance_iam_policy (#2605)access_context_manager_access_level_condition (#2595)google_bigquery_routine (#2622)google_iam_workload_identity_pool (#2623)google_data_catalog_taxonomy (#2626)google_data_catalog_policy_tag (#2626)google_data_catalog_taxonomy_iam_binding (#2626)google_data_catalog_taxonomy_iam_member (#2626)google_data_catalog_taxonomy_iam_policy (#2626)google_data_catalog_policy_tag_iam_binding (#2626)google_data_catalog_policy_tag_iam_member (#2626)google_data_catalog_policy_tag_iam_policy (#2626)IMPROVEMENTS:
disable_default_iam_recipients field to google_billing_budget to allow disable sending email notifications to default recipients. (#2606)interface attribute to google_compute_disk (#2609)mtu field to google_compute_network resource (#2617)network_interface.[d].network_ip on google_compute_instance when changing network or subnetwork (#2590)google_compute_vpn_tunnel to GA (#2607)google_compute_external_vpn_gateway to GA (#2607)google_compute_ha_vpn_gateway to GA (#2607)deletion_protection field to google_spanner_database to make deleting them require an explicit intent. (#2612)BUG FIXES:
google_compute_global_network_endpoint (#2594)google_compute_[region_]backend_service.backend.max_utilization could not be updated (#2620)google_iap_brand to fail (#2592)terraform apply (#2621)BREAKING CHANGE:
deletion_protection to google_sql_database_instance, which defaults to true. SQL instances can no longer be destroyed without setting deletion_protection = false. (#2579)FEATURES:
google_app_engine_default_service_account (#2568)google_pubsub_topic (#2556)IMPROVEMENTS:
google_bigquery_dataset_access to retry quota errors since quota refreshes quickly. (#2584)MONTH and YEAR as allowed values in google_bigquery_table.time_partitioning.type (#2562)stackdriver_logging_config field to cloud_tasks_queue resource (#2572)network_interface.[d].network_ip on google_compute_instance when changing network or subnetwork (#2590)maintenance_policy field to google_compute_node_group (#2586)graceful_decomissioning_timeout field to dataproc_cluster resource (#2571)google_service_account_id_token datasource to work with User ADCs and Impersonated Credentials (#2560)google_logging_project_sink (#2569)google_logging_project_bucket_config (#2575)project on google_os_login_ssh_public_key (#2583)auth_enabled field to google_redis_instance (#2570)google_project when auto_create_network is false, as configuring the GCE API is required in that circumstance (#2566)google_sql_database_instance to catch failures early by seeing if Service Networking Connections already exists for the private network of the instance. (#2579)BUG FIXES:
google_*_access_approval.enrolled_services.cloud_product entries specified as a URL would result in a permadiff (#2565)description field on google_compute_health_check and google_compute_region_health_check (#2580)google_monitoring_dashboard would give an “unsupported protocol scheme” error (#2558)FEATURES:
google_pubsub_topic (#2556)google_compute_global_forwarding_rule (#2548)google_cloud_run_service (#2539)google_bigtable_table_iam_member (#2536)google_bigtable_table_iam_binding (#2536)google_bigtable_table_iam_policy (#2536)IMPROVEMENTS:
google_bigquery_table materialized_view field (#2532)COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY support to google_cloudbuild_trigger.github.pull_request.comment_control field (#2552)google_compute_forwarding_rule datasource. (#2550)forwarding_path field to google_dns_policy resource (#2540)google_netblock_ip_ranges to read from cloud.json file rather than DNS record (#2543)BUG FIXES:
google_*_access_approval.enrolled_services.cloud_product entries specified as a URL would result in a permadiffgoogle_artifact_registry_repository would import an empty state (#2546)google_bigquery_job where non-US locations could not be read (#2542)google_cloud_run_domain_mapping where labels provided by Google would cause a diff (#2531)google_compute_region_backend_service required healthChecks for a serverless network endpoint group. (#2547)node_config.image_type perma-diff when specified in lower case. (#2538)google_data_catalog_tag when trying to set boolean field to false (#2534)google_monitoring_dashboard would give an “unsupported protocol scheme” errorFEATURES:
IMPROVEMENTS:
network_interface.[d].network and network_interface.[d].subnetwork properties on google_compute_instance. (#2517)notification_config to google_container_cluster (#2521)region field to google_dataflow_flex_template_job resource (#2520)parser_config.version to google_healthcare_hl7_v2_store (#2516)BUG FIXES:
google_bigquery_table would crash while reading an empty schema (#2518)google_compute_instance_template would throw an error for unspecified disk_size_gb values while upgrading the provider. (#2515)google_active_folder data source when the display name included whitespace (#2528)IMPROVEMENTS:
datapath_provider to google_container_cluster (#2492)ingress_settings of google_cloudfunctions_function resource. (#2493)SEV_CAPABLE option to guestOsFeatures in google_compute_image resource. (#2503)use_service_networking to google_tpu_node which enables Shared VPC Support. (#2497)BUG FIXES:
google_identity_group. (#2507)DEPRECATIONS:
instance_type for google_bigtable_instance - it is now recommended to leave field unspecified. (#2477)FEATURES:
google_compute_region_ssl_certificate (#2476)google_compute_target_grpc_proxy (#2488)IMPROVEMENTS:
options and artifacts properties to google_cloudbuild_trigger (#2490)google_compute_backend_service.protocol (and regional equivalent) (#2478)google_compute_firewall (#2465)load_balancer_type to google_container_cluster Cloud Run config addon. (#2487)transformnameMapping to google_dataflow_job (#2480)google_project_service.project (#2479)google_spanner_database (#2489)BUG FIXES:
single_cluster_routing sub-fields in google_bigtable_app_profile (#2482)google_dataproc_cluster.cluster_config.autoscaling_policy would do nothing, and where there was no way to remove a policy. (#2483)google_os_config_patch_deployment due to an unchecked nil value in recurring_schedule (#2481)bigquery.googleapis.com was getting enabled as the bigquery-json.googleapis.com alias instead, incorrectly. This had no user impact yet, but the alias may go away in the future. (#2469)IMPROVEMENTS:
compute_target_instance (#2456)google_compute_snapshot (#2461)kms_key_service_account, kms_key_self_link fields to snapshot_encryption_key field in google_compute_snapshot (#2461)source_disk_encryption_key.kms_key_service_account field to google_compute_snapshot (#2461)self_link to google_container_cluster (#2457)BUG FIXES:
name in the schema. Previously it would panic; now it logs an error. (#2462)clustering would force a new resource rather than update. (#2459)params.secret_access_key perma-diff for AWS S3 data transfer config types by adding a sensitive_params block with the secret_access_key attribute. (#2451)delete_default_routes_on_create=true was not actually deleting the default routes on create. (#2460DEPRECATIONS:
bucket_policy_only field in google_storage_bucket in favour of uniform_bucket_level_access (#2442)FEATURES:
IMPROVEMENTS:
google_compute_instance_group_manager create calls so that partially created instance group managers will resume the original operation if the Terraform process is killed mid create. (#2446)google_container_cluster and google_container_nodepool (#2428)PD_BALANCED as a possible disk type for google_notebooks_instance (#2438)google_os_config_patch_deployment (#2449)billing_project to the provider that's associated as a billing/quota project with most requests when user_project_override is true (#2427)google_projects datasource (#2440)google_project_service (#2428)BUG FIXES:
params.secret_access_key perma-diff for AWS S3 data transfer config types by adding a sensitive_params block with the secret_access_key attribute. (#2451)google_netblock_ip_ranges data source failing to read from the correct URL (#2448)google_compute_instance.shielded_instance_config by adding it to the allow_stopping_for_update list (#2436)google_notebooks_instance.instance_owners field by making it a list instead of a string (#2438)NOTES:
FEATURES:
google_compute_image_iam_binding (#2410)google_compute_image_iam_member (#2410)google_compute_image_iam_policy (#2410)google_compute_disk_iam_binding (#2424)google_compute_disk_iam_member (#2424)google_compute_disk_iam_policy (#2424)google_compute_region_disk_iam_binding (#2424)google_compute_region_disk_iam_member (#2424)google_compute_region_disk_iam_policy (#2424)IMPROVEMENTS:
vpc_access_connector field to google_app_engine_standard_app_version resource (#2405)notification_pubsub_topic field to google_bigquery_data_transfer_config resource (#2411)database_config and web_server_config to google_composer_environment resource (#2419)google_compute_subnetwork flow log configuration (#2416)google_compute_backend_service for setting a serverless regional network endpoint group as backend.group (#2408)google_compute_instance (#2421)kubelet_config and linux_node_config to GKE node pools (#2279, #2403)google_container_node_pool (#2421)resource_memcached_instance (#2414)retry_policy to google_pubsub_subscription resource (#2412)BUG FIXES:
google_compute_url_map path_matcher.default_route_action would conflict with default_url_redirect (#2406)data_source_secret_manager_secret_version to have consistent id value (#2415)FEATURES:
google_active_directory_domain_trust (#2401)google_access_context_manager_service_perimeters (#2382)google_access_context_manager_access_levels (#2382)google_folder_access_approval_settings (#2373)google_organization_access_approval_settings (#2373)google_project_access_approval_settings (#2373)google_bigquery_table_iam_policy (#2392)google_bigquery_table_iam_binding (#2392)google_bigquery_table_iam_member (#2392)IMPROVEMENTS:
last_period_amount field to google_billing_budget to allow setting budget amount automatically to the last billing period's spend. (#2378)enable_message_ordering support to google_pubsub_subscription (#2390)google_sql_database_instance datasource. (#2370)ARCHIVE as an accepted class for google_storage_bucket and google_storage_bucket_object (#2385)BUG FIXES:
dataset_access.iam_member would produce inconsistent results after apply. (#2397)use_legacy_sql not being set to false. (#2375)google_cloud_identity_group and google_cloud_identity_group_membership (#2379)google_compute_health_check to avoid permanent diff on plan/apply. (#2399)google_dns_managed_zone would not remove private_visibility_config on updates (#2380)google_sql_database_instance would throw an error when removing private_network. Removing private_network now recreates the resource. (#2400)NOTES:
FEATURES:
google_compute_region_network_endpoint_group (supports serverless NEGs) (#2348)IMPROVEMENTS:
google_app_engine_standard_app_version's inbound_services to an enum array, which enhances docs and provides some client-side validation. (#2344)monitoring_notification_channels to allow sending budget notifications to Cloud Monitoring email notification channels. (#2366)google_cloudbuild_trigger (#2335)google_cloudfunctions_function datasource to include new fields available in the API. (#2334)source_image and source_snapshot to google_compute_image (#2356)public_key_type field to google_service_account_key (#2368)google_memcache_instance (#2336)filter field to google_pubsub_subscription resource (#2367)folder_iam_* and organization_iam_* resources. (#2365)google_sql_database_instance (#2338)BUG FIXES:
iap to computed in google_app_engine_application (#2342)google_artifact_registry_repository. (#2345)google_monitoring_slo windows_based_sli.metric_sum_in_range.max field (#2354)google_os_config_patch_deployment windows_update.classifications field to work correctly, accepting multiple values. (#2340)NOTES:
google_redis_instance documentation that "REDIS_5_0" is supported (#2323)FEATURES:
google_compute_compute_organization_security_policy_association (#2333)google_compute_compute_organization_security_policy_rule (#2333)google_compute_compute_organization_security_policy (#2333)IMPROVEMENTS:
google_bigtable_instance (#2325)google_cloudfunctions_function datasource to include new fields available in the API. (#2334)persistence_iam_identity output field to google_redis_instance (#2323)media_link to google_storage_bucket_object (#2331)BUG FIXES:
project field in data.google_compute_network_endpoint_group was returning an error when specified (#2324)data_disk_type or disk_encryption would cause a diff on the next plan (#2332)google_sourcerepo_repository (#2316)DEPRECATIONS:
enable_logging on google_compute_firewall, define log_config.metadata to enable logging instead. (#2310)FEATURES:
google_active_directory_domain (#2309)google_dataflow_flex_template_job (#2303)IMPROVEMENTS:
ports field to google_cloud_run_service templates.spec.containers (#2311)log_config.metadata to google_compute_firewall, defining this will enable logging. (#2310)BUG FIXES:
google_container_cluster when "" was specified for resource_usage_export_config.bigquery_destination.dataset_id. (#2296)google_endpoints_service is used on a machine without timezone data (#2302)google_project timeout defaults to 10 minutes (from 4) (#2306FEATURES:
google_sql_database_instance #2841 (#2273)google_cloud_asset_folder_feed (#2284)google_cloud_asset_organization_feed (#2284)google_cloud_asset_project_feed (#2284)google_monitoring_metric_descriptor (#2290)google_os_config_guest_policies (#2276)IMPROVEMENTS:
default_snat_status field for google_container_cluster resource. (#2283)nfs_export_options field on google_filestore_instance.file_shares. (#2289)folder_id as computed attribute to google_folder resource and datasource. (#2287)google_compute_backend_service for setting a network endpoint group as backend.group. (#2304)BUG FIXES:
google_container_cluster.pod_security_policy_config not being set when disabled.google_container_cluster when "" was specified for resource_usage_export_config.bigquery_destination.dataset_id. (#2296)bigquery_table.schema (#2275)network or subnet to a full URL would succeed, but cause a diff on the next plan (#2288)labels (#2288)FEATURES:
google_service_account_id_token (#2269)google_cloudiot_device (#2266)IMPROVEMENTS:
version field to be settable in google_data_fusion_instance resource (#2268)BUG FIXES:
useIpAlias was not defaulting to true inside the ip_allocation_policy block (#2260)memcache_parameters to work correctly on google_memcache_instance (#2261)FEATURES:
google_game_services_game_server_deployment_rollout (#2258)google_os_config_patch_deployment (#2253)IMPROVEMENTS:
kms_key_name to google_artifact_registry_repository (#2254)BUG FIXES:
database_encryption without recreating the cluster. (#2259)ip_allocation_policy block (#2260)google_endpoints_service to allow dependent resources to plan based on the config_id value. (#2248)Requested entity was not found. error when config was deleted outside of terraform. (#2257)NOTES:
https://www.googleapis.com/auth/cloud-identity scope to the provider by default (#2224)google_app_engine_*_version's service field is required; previously it would have passed validation but failed on apply if it were absent. (#6720)FEATURES:
google_cloud_identity_group_memberships (#2240)google_cloud_identity_groups (#2240)google_cloud_identity_group_membership (#2224)google_cloud_identity_group (#2224)google_kms_key_ring_import_job (#2225)google_folder_iam_audit_config (#2237)IMPROVEMENTS:
"HOUR" option for google_bigquery_table time partitioning (type) (#2235)mode to google_compute_region_autoscaler autoscaling_policy (#2226)scale_down_control to google_compute_region_autoscaler autoscaling_policy (#2226)networking_mode to google_container_cluster (#2243)google_endpoints_service-dependent resources to plan based on the config_id value. (#2248)request_method, content_type, and body fields within the http_check object to google_monitoring_uptime_check_config resource (#2233)BUG FIXES:
google_compute_managed_ssl_certificate where multiple fully qualified domain names would cause a permadiff (#2241)compute_url_map where path_matcher sub-fields would conflict with default_service (#2247)google_container_cluster where workload_metadata_config would cause a permadiff (#2242)FEATURES:
google_redis_instance (#2209)google_notebook_environment (#2199)google_notebook_instance (#2199)IMPROVEMENTS:
database_type in google_app_engine_application (#2193)mode to google_compute_autoscaler autoscaling_policy (#2214)remove_instance_state_on_destroy to google_compute_per_instance_config to control deletion of underlying instance state. (#2187)remove_instance_state_on_destroy to google_compute_region_per_instance_config to control deletion of underlying instance state. (#2187)scale_down_control for google_compute_autoscaler autoscaling_policy (#2214)google_compute_address.purpose (#2204)google_dns_policy to accept network id (#2189)BUG FIXES:
google_app_engine_firewall_rule to prevent issues with eventually consistent creation (#2197)google_compute_network_peering_routes_config import_custom_routes and export_custom_routes to false (#2190)google_netblock_ip_ranges by targeting json on gstatic domain instead of reading SPF dns records (solution provided by network team) (#2210)IMPROVEMENTS:
custom config to google_access_context_manager_access_level (#2180)invert_regex flag in Github PullRequestFilter and PushFilter in triggerTemplate (#2171)template.spec.timeout_seconds to google_cloud_run_service (#2164)cpu_over_commit_type to google_compute_node_template (#2176)min_node_cpus to the scheduling blocks on compute_instance and compute_instance_template (#2169)export_subnet_routes_with_public_ip and import_subnet_routes_with_public_ip to google_compute_network_peering (#2170)remove_instance_state_on_destroy to google_compute_per_instance_config to control deletion of underlying instance state. (#2187)private_cluster_config.master_global_access_config to google_container_cluster (#2157)google_compute_instance_group instances to accept instance id field as well as self_link (#2161)google_dns_policy network to accept google_compute_network.id (#2189)redis_instance (#2167)BUG FIXES:
range_partitioning.range.start so that the value 0 is sent in google_bigquery_table (#2153)google_container_cluster where the location was not inferred when using a subnetwork shortname value like name (#2160)google_datastore_index requests when under contention. (#2154)id value in the google_kms_crypto_key_version datasource to include a /v1 part following //cloudkms.googleapis.com/, making it useful for interpolation into Binary Authorization. (#2165)FEATURES:
google_data_catalog_tag (#2144)google_bigquery_dataset_iam_binding (#2147)google_bigquery_dataset_iam_member (#2147)google_bigquery_dataset_iam_policy (#2147)google_memcache_instance (#2142)google_network_management_connectivity_test (#2138)IMPROVEMENTS:
default_route_action to compute_url_map and compute_url_map.path_matchers (#2143)google_container_cluster (#2149)google_dialogflow_agent.time_zone to be updatable (#2133)streaming_configs to google_healthcare_fhir_store (#2145)matcher attribute to content_matchers block for google_monitoring_uptime_check_config (#2150)BUG FIXES:
google_compute_subnetwork would fail instead of destroying/recreating the subnetwork (#2134)google_dataflow_job for common retryable API errors when waiting for job to update (#2146)google_dataflow_job to wait for the replacement job to start successfully before modifying the resource ID to point to the replacement job (#2140)BREAKING CHANGES:
google_bigquery_connection. This field is required as the resource is not useful without them. (#2111)FEATURES:
google_data_catalog_tag_template (#2120)google_container_analysis_occurence (#2114)IMPROVEMENTS:
inbound_services to StandardAppVersion resource (#2131)google_bigquery_table hive_partitioning_options (#2121)google_container_analysis_note (#2114)BUG FIXES:
google_bigquery_job would return “was present, but now absent” error after job creation (#2122)google_container_node_pool deletion to use timeouts and retry errors more specifically when cluster is updating. (#2115)google_dataflow_job would try to update max_workers (#2110)on_delete in google_dataflow_job would cause the job to be replaced (#2110)google_compute_instance_group_manager or google_compute_region_instance_group_manager had no effect (#2124)google_cloudfunctions_function creation when API returns error while pulling source from GCS (#2116)BREAKING CHANGES:
google_bigquery_connection. This field is required as the resource is not useful without them. (#2111)FEATURES:
google_compute_machine_image (#2109)google_data_catalog_entry_group_iam_* (#2098)google_data_catalog_entry_group (#2098)google_data_catalog_entry (#2100)IMPROVEMENTS:
handlers to google_flexible_app_version (#2105)google_bigquery_job (#2107)node_config.workload_metadata_config to google_container_node_pool (#2091)BUG FIXES:
StandardAppVersion resources (#2096)google_bigquery_dataset_access failing for primitive role roles/bigquery.dataViewer (#2092)google_dataflow_job would try to update max_workers (#2110)on_delete in google_dataflow_job would cause the job to be replaced (#2110)google_os_login_ssh_public_key key field attempting to update in-place (#2094)BREAKING CHANGES:
monitoring endpoint no longer includes the API version (previously “v3/”). If you use a monitoring_custom_endpoint, remove the trailing “v3/”. (#2088)FEATURES:
google_iam_testable_permissions (#2071)google_monitoring_dashboard (#2088)IMPROVEMENTS:
table_id fields (and one dataset_id field) in google_bigquery_job to specify a relative path instead of just the table id (#2079)google_composer_environment config.private_environment_config.cloud_sql_ipv4_cidr_block (#2075)google_composer_environment config.private_environment_config.web_server_ipv4_cidr_block (#2075)google_composer_environment web_server_network_access_control for private environments (#2075)node_config.workload_metadata_config to google_container_node_pool (#2091)min_cpu_platform to google_container_cluster.cluster_autoscaling.auto_provisioning_defaults (#2086)release_channel_default_version to data.google_container_engine_versions, allowing you to find the default version for a release channel (#2068)google_container_cluster's min_master_version field (#2068)google_container_cluster's release_channel field (#2068)config_connector_config google_container_cluster (#2064)google_monitoring_slo (#2070)BUG FIXES:
google_compute_route creation failed while VPC peering was in progress. (#2082)google_organization would ignore exact domain matches if multiple domains were found (#2085)google_compute_interconnect_attachment edge_availability_domain diff when the field is unspecified (#2084)google_compute_region_disk_resource_policy_attachment had been deleted outside of terraform. (#2065)src_ip_ranges values in google_compute_security_policy to supported 10 (#2076)google_service_account shows an error after creating the resource (#2074)BREAKING CHANGE:
google_bigtable_instance resources now cannot be destroyed unless deletion_protection = false is set in state for the resource. (#2061)FEATURES:
google_compute_region_per_instance_config (#2046)google_dialogflow_entity_type (#2052)IMPROVEMENTS:
deletion_protection field to google_bigtable_instance to make deleting them require an explicit intent. (#2061)google_compute_region_backend_service portName parameter (#2048)google_dataproc_cluster.software_config.optional_components to include new options. (#2049)request_based SLI support to google_monitoring_slo (#2058)google_storage_bucket bucket name to the error message when the bucket can‘t be deleted because it’s not empty (#2059)BUG FIXES:
google_bigquery_dataset_access resources could not be found post-creation if role was set to a predefined IAM role with an equivalent primative role (e.g. roles/bigquery.dataOwner and OWNER) (#2039)google_compute_instance_template's network_tier. (#2054)google_compute_backend_service and google_compute_region_backend_service when consistent_hash values were previously set on backend service but are not supported by updated value of locality_lb_policy (#2044)google_sql_database_instance and google_sql_user. (#2045)FEATURES:
google_compute_per_instance_config (#2029)google_logging_billing_account_bucket_config (#2008)google_logging_folder_bucket_config (#2008)google_logging_organization_bucket_config (#2008)google_logging_project_bucket_config (#2008)IMPROVEMENTS:
service_account_name field to google_bigquery_data_transfer_config resource (#2004)google_cloudfunctions_function as API errors aren't useful. (#2009)stateful_disk to both google_compute_instance_group_manager and google_compute_region_instance_group_manager. (#2006)kalm_config addon to google_container_cluster (#2027)google_dataflow_job template_gcs_path and temp_gcs_location fields (#2021)google_dataflow_job (#2021)additional_experiments field to google_dataflow_job (#2005)google_dataproc_cluster (#2035)google_storage_bucket_iam_* on 412 (precondition not met) errors for eventually consistent bucket creation. (#2011)BUG FIXES:
require_screen_lock to true for google_access_context_manager_access_level (#2010)google_app_engine_application to respect updates in iap (#2000)google_bigquery_dataset_access resources could not be found post-creation if role was set to a predefined IAM role with an equivalent primative role (e.g. roles/bigquery.dataOwner and OWNER) (#2039)google_sheets_options at least one of logic. (#2030)google_cloud_scheduler_job.retry_config.* block when API provides default values (#2028)google_compute_route from changing while peering operations are happening on its network (#2016)google_compute_backend_service and google_compute_backend_service on updating locality_lb_policy (#2012)advertise_mode on google_compte_router_peer was not populated on import (#2024)container_node_pool partially-successful creations not being recorded if an error occurs on the GCP side. (#2038)google_storage_bucket_object metadata on API object (#2025)google_storage_object_signed_url as sensitive so it doesn't expose private credentials. (#2026)google_artifact_registry_repository (#1981)google_artifact_registry_repository_iam_policy (#1981)google_artifact_registry_repository_iam_binding (#1981)google_artifact_registry_repository_iam_member (#1981)google_bigquery_connection (#2014)IMPROVEMENTS:
automatic_scaling, basic_scaling, and manual_scaling to google_app_engine_standard_app_version (#1984)service_account_name field to google_bigquery_data_transfer_config resource (#2004)google_bigtable_table (#1988)google_cloudfunctions_function as API errors aren't useful. (#2009)stateful_disk to both google_compute_instance_group_manager and google_compute_region_instance_group_manager. (#2006)google_compute_url_map and google_compute_region_url_map (#1998)additional_experiments field to google_dataflow_job (#2005)service_directory_config field togoogle_dns_managed_zone (#1976)google_compute_backend_service and google_compute_backend_service field `locality_lb_policy (#2012)BUG FIXES:
require_screen_lock to true for google_access_context_manager_access_level (#2010)google_app_engine_application to respect updates in iap (#2000)google_storage_bucket_iam_* on 412 (precondition not met) errors for eventually consistent bucket creation. (#2011)FEATURES:
google_bigquery_job (#1959)google_monitoring_slo (#1953)google_service_directory_endpoint (#1964)google_service_directory_namespace (#1964)google_service_directory_service (#1964)IMPROVEMENTS:
bigtable_instace resource from 3 to 1. (#1968)google_container_cluster Compute Engine persistent disk CSI driver (#1969)google_compute_instance resource_policies field (#1957)google_compute_resource_policy group placement policies (#1957)schema field to google_healthcare_hl7_v2_store (#1962)BUG FIXES:
google_dataproc_cluster preemptible_worker_config.0.num_instances is sized to 0 and other preemptible_worker_config subfields are set (#1954)google_project so that projects are more likely to be ready before the resource finishes creation (#1970)binary_log_enabled to be disabled. (#1973)google_sql_database when the parent instance is deleted, removing it from state (#1972)FEATURES:
google_firebase_web_app_config (#1950)google_firebase_web_app (#1950)google_monitoring_app_engine_service (#1944)google_firebase_web_app (#1950)google_monitoring_custom_service (#1944)google_compute_global_network_endpoint (#1948)google_compute_global_network_endpoint_group (#1948)google_monitoring_slo (#1953)IMPROVEMENTS:
iap.enabled field to google_app_engine_application resource (#1943)name field to google_organization_iam_custom_role (#1951)name field to google_project_iam_custom_role (#1951)BUG FIXES:
google_container_node_pool resources in non-RUNNING states (#1952)addons_config.cloudrun_config able to be updated without recreating and destroying. (#1942)addons_config.dns_cache_config able to be updated without recreating and destroying. (#1942)display_name optional on google_monitoring_notification_channel (#1947)FEATURES:
google_bigquery_dataset_access (#1924)google_dialogflow_intent (#1936)google_os_login_ssh_public_key (#1922)IMPROVEMENTS:
spec and use_explicit_dry_run_spec to google_access_context_manager_service_perimeter to test perimeter configurations in dry-run mode. (#1940)google_compute_interconnect_attachment admin_enabled (#1931)log_config to google_compute_health_check and google_compute_region_health_check to enable health check logging. (#1934)google_compute_instance (#1933)google_sourcerepo_repo pubsub_configs.topic to accept short topic names in addition to full references. (#1938)BUG FIXES:
google_compute_interconnect_attachment admin_enabled (#1931)google_compute_interconnect_attachment candidate_subnets (#1931)google_compute_instance_from_template instance defaults were overriding scheduling (#1939)project can now be unset in iap_web_iam_member and will read from the default project (#1935)google_project_services attempted to read a project before enabling the API that allows that read (#1937)google_sql_database_instance when settings.ip_configuration was set but ipv4_enabled was not set to true and private_network was not configured, by defaulting ipv4_enabled to true. (#1926)google_storage_bucket that contained non-deletable objects would retry indefinitely (#1929)FEATURES:
google_monitoring_uptime_check_ips (#1912)firebase_project_location: finalizes the firebase location. (#1919)IMPROVEMENTS:
ingress_settings field to google_cloudfunctions_function (#1898)vpc_connector_egress_settings to google_cloudfunctions_function (#1904)status.vpc_accessible_services to google_access_context_manager_service_perimeter to control which services are available from the perimeter's VPC networks to the restricted Google APIs IP address range. (#1910)google_compute_reservation (#1908)enable_resource_consumption_metering to resource_usage_export_config in google_container_cluster (#1901)google_dns_managed_zone.dnssec_config (#1914)dead_letter_policy support to google_pubsub_subscription (#1913)BUG FIXES:
port could not be removed from health checks (#1906)google_storage_bucket_iam_member showed a diff for bucket self links (#1918)FEATURES:
google_compute_instance_group_named_port (#1869)google_service_usage_consumer_quota_override (#1884)google_firebase_project: enables Firebase for a referenced Google project (#1885)google_iap_brand (#1848)google_iap_client (#1848)google_appengine_flexible_app_version (#1849)IMPROVEMENTS:
regions field to google_access_context_manager_access_level (#1882)google_compute_subnet_iam_* IAM resources (#1877)google_kms_secret (#1886)google_kms_secret_ciphertext (#1886)BUG FIXES:
google_kms_crypto_key_version where public_key would return empty after apply (#1879)google_logging_metric in a non-default project. (#1876)google_storage_bucket_object) during retried requests (#1894)FEATURES:
google_compute_instance_serial_port (#1860)google_compute_region_ssl_certificate (#1863)IMPROVEMENTS:
current_status to the google_compute_instance resource (#1857)dns_cache_config field to google_container_cluster resource (#1853)upgrade_settings to read defaults from API for the google_container_node_pool resource (#1859)connect_mode field to google_redis_instance resource (#1854)BREAKING CHANGES:
google_dialogflow_agent.time_zone to ForceNew. Updating this field will require recreation. This is due to a change in API behavior. (#1827)FEATURES:
google_bigquery_reservation (#1833)google_compute_region_disk_resource_policy_attachment (#1836)google_sql_source_representation_instance (#1832)IMPROVEMENTS:
instance_name value in google_bigtable_table and google_bigtable_gc_policy (#1830)autoscaling_policy to google_compute_node_group (#1841)network_endpoint_group value in google_network_endpoint (#1831)google_dialogflow_agent to not read tier status (#1829)sensitive_labels to google_monitoring_notification_channel so that labels like password and auth_token can be managed separately from the other labels and marked as sensitive. (#1844)BUG FIXES:
vpc_connector to be updated properly in google_cloudfunctions_function (#1825)google_compute_security_policy from allowing two rules with the same priority. (#1828)google_compute_instance.scheduling.node_affinities.operator would incorrectly accept NOT rather than NOT_IN. (#1835)google_container_node_pool resources created in the 2.X series were failing to update after 3.11. (#1846)IMPROVEMENTS:
google_project_service no longer attempts to enable a service that is already enabled. (#1814)instance value in google_bigtable_app_profile (#1804)BUG FIXES:
google_compute_instance_template would cause a crash. (#1812)google_storage_*_access_control resources to prevent errors from ACLs being added at the same time. (#1806)google_container_cluster with autoscaling block. (#1766)FEATURES:
google_compute_backend_bucket (#1778)google_app_engine_service_split_traffic (#1785)google_compute_packet_mirroring (#1791)google_game_services_game_server_cluster (#1789)google_game_services_game_server_config (#1789)google_game_services_game_server_deployment_rollout (#1789)google_game_services_game_server_deployment (#1789)google_game_services_realm (#1789)IMPROVEMENTS:
google_bigquery_table (#1782)google_compute_router for non-empty advertised_groups or advertised_ip_ranges values when advertise_mode is DEFAULT in the bgp block. (#1776)google_compute_instance resources with the desired_status field (#1786)google_project_iam_member and google_project_iam_binding's project field can be specified with an optional projects/ prefix (#1780)metadata to google_storage_bucket_object. (#1779)BUG FIXES:
google_project to check for valid permissions on the parent billing account before creating and tainting the resource. (#1777)google_container_cluster with autoscaling block (#1766)BREAKING CHANGES:
use_ip_aliases and create_subnetwork fields to fix misleading diff for removed fields (#1760)FEATURES:
google_dns_keys (#1768)google_datastore_index (#1755)google_storage_hmac_key (#1765)google_endpoints_service_iam_binding (#1761)google_endpoints_service_iam_member (#1761)google_endpoints_service_iam_policy (#1761)IMPROVEMENTS:
google_container_cluster in error states (#1759)google_container_node_pool so node pools created in an error state will be marked as tainted on creation. (#1758)google_container_node_pool in error states and updated resource to wait for a stable state after any changes. (#1758)google_container_cluster (#1750)job_id field to google_dataflow_job (#1754)type field to google_dataflow_job. (#1771)version field to google_healthcare_fhir_store (#1769)FEATURES:
google_container_registry (#1725)IMPROVEMENTS:
display_name and instance_type (#1751)google_container_cluster will wait for a stable state after updates. (#1737)autoscaling_profile to google_container_cluster (#1756)boot_disk_kms_key to node_config block. (#1736)job_id field to google_dataflow_job (#1754)google_project, added retries for billing metadata requests (#1735)encryption_key_name to google_sql_database_instance (#1724)BUG FIXES:
annotations and limits (#1727)auto_provisioning_defaults to allow both oauth_scopes and service_account to be set (#1748)google_firestore_index when database or collection were non-default. (#1741)google_kms_crypto_key_version datasource would throw an Invalid Index error on plan (#1740)NOTES:
id field for many resources, including format (#1697) BREAKING CHANGES:google_compute_**region**_backend_service backend.capacity_scaler to no longer accept the API default if not INTERNAL. Non-INTERNAL backend services must now specify capacity_scaler explicitly and have a total capacity greater than 0. In addition, API default of 1.0 must now be explicitly set and will be treated as nil or zero if not set in config. (#1707)FEATURES:
secret_manager_secret_version (#1708)google_access_context_manager_service_perimeter_resource (#1712)secret_manager_secret_version (#1708)secret_manager_secret (#1708)google_dialogflow_agent (#1706)IMPROVEMENTS:
google_app_engine_application.iap (#1703)google_compute_security_policy rule.match.expr field is now GA (#1692)google_cloud_router's bgp.asn field. (#1699)BUG FIXES:
backend.capacity_scaler to actually set zero (0.0) value. (#1707)google_compute_**region**_backend_service so it no longer has a permadiff if backend.capacity_scaler is unset in config by requiring capacity scaler. (#1707)google_compute_project_metadata_item to fail on create if its key is already present in the project metadata. (#1714)bigquery_options so the default value from the api will be set in state. (#1694)settings.ip_configuration.authorized_networks.expiration_time (#1691)IMPROVEMENTS:
google_dns_managed_zone added support for Non-RFC1918 fields for reverse lookup and fowarding paths. (#1685)labels and user_labels filters to data source google_monitoring_notification_channel (#1666)BUG FIXES:
google_compute_instance_template added plan time check for any disks marked boot outside of the first disk (#1684)google_container_cluster's cluster_autoscaling.auto_provisioning_defaults. (#1679)bigquery_options so the default value from the api will be set in state. (#1694)project-owner showing up in the diff for google_storage_bucket_acl (#1674)KNOWN ISSUES:
num_nodes. There will be a fix in the 3.7.0 release of the provider. No known workarounds exist at the moment, but will be tracked in https://github.com/terraform-providers/terraform-provider-google/issues/5492.FEATURES:
IMPROVEMENTS:
google_compute_interconnect_attachment to avoid modifications when the attachment is UNPROVISIONED (#1664)google_compute_network_peering routes fields available in GA (#1650)service_account field to google_data_fusion_instance (#1660)google_iap_tunnel_instance_iam_* IAM resources (#1654)description field of google_service_account. It is now limited to 256 characters. (#1646)attempt_deadline to google_cloud_scheduler_job. (#1639)default_event_based_hold to google_storage_bucket (#1626)BUG FIXES:
google_compute_instance_from_template with existing boot disks (#1655)google_compute_instance when attempting to update a field that requires stopping and starting an instance with an encrypted disk (#1658)DEPRECATIONS:
data.google_kms_secret_ciphertext as there was no way to make it idempotent. Instead, use the google_kms_secret_ciphertext resource. (#1586)google_sql_database_instance (#1628)FEATURES:
google_kms_secret_ciphertext (#1586)IMPROVEMENTS:
google_bigtable_instance (#1589)target to google_compute_forwarding_rule (#1630)lifecycle_config to google_dataproc_cluster.cluster_config (#1593)data_source_google_iam_policy data source (#1173)description field of google_service_account. It is now limited to 256 characters. (#1646)BUG FIXES:
google_bigtable_gc_policy, google_bigtable_instance, google_bigtable_table (#1597)google_cloudfunctions_function name to allow for 63 characters. (#1640)max_dispatches_per_second to a double instead of an integer. (#1633)compute_resource_policy to no longer allow invalid start_time values that weren't hourly. (#1603)google_compute_network_peering resources. (#1601)usage_export_bucket and the setting had been disabled manually. (#1610)google_compute_router_nat timeout fields causing a diff when using a long-lived resource (#1613)google_compute_target_https_proxy.quic_override causing a diff when using a long-lived resource (#1611)google_identity_platform_default_supported_idp_config to correctly allow configuration of both idp_id and client_id separately (#1638)labels from causing a perma diff on AlertPolicy (#1622)DEPRECATIONS:
data.google_kms_secret_ciphertext as there was no way to make it idempotent. Instead, use the google_kms_secret_ciphertext resource. (#1586)BREAKING CHANGES:
google_iap_web_iam_*, google_iap_web_type_compute_iam_*, google_iap_web_type_app_engine_*, and google_iap_app_engine_service_iam_* resources now support IAM Conditions (beta provider only). If any conditions had been created out of band before this release, take extra care to ensure they are present in your Terraform config so the provider doesn't try to create new bindings with no conditions. Terraform will show a diff that it is adding the condition to the resource, which is safe to apply. (#1527)google_kms_key_ring_iam_* and google_kms_crypto_key_iam_* resources now support IAM Conditions (beta provider only). If any conditions had been created out of band before this release, take extra care to ensure they are present in your Terraform config so the provider doesn't try to create new bindings with no conditions. Terraform will show a diff that it is adding the condition to the resource, which is safe to apply. (#1524)google_cloud_run_domain_mapping to correctly match Cloud Run API expected format for spec.route_name, {serviceName}, instead of invalid projects/{project}/global/services/{serviceName} (#1563)google_compute_firewall, google_compute_health_check, and google_compute_region_health_check. This effectively changes an API-side failure that was only accessible in v3.3.0 to a plan-time one. (#1534)google_logging_metric.metric_descriptors.labels from a list to a set (#1559)google_organization_policy, google_folder_organization_policy, and google_project_organization_policy. This effectively changes an API-side failure that was only accessible in v3.3.0 to a plan-time one. (#1534)FEATURES:
google_sql_ca_certs (#1580)google_identity_platform_default_supported_idp_config (#1523)google_identity_platform_inbound_saml_config (#1523)google_identity_platform_oauth_idp_config (#1523)google_identity_platform_tenant_default_supported_idp_config (#1523)google_identity_platform_tenant_inbound_saml_config (#1523)google_identity_platform_tenant_oauth_idp_config (#1523)google_identity_platform_tenant (#1523)google_kms_crypto_key_iam_policy (#1554)google_kms_secret_ciphertext (#1586)IMPROVEMENTS:
google_composer_environment (#1539)container_cluster create calls so that partially created clusters will resume the original operation if the Terraform process is killed mid create. (#1533)google_compute_disk_resource_policy_attachment parsing of region from zone to allow for provider-level zone and make error message more accurate` (#1557)google_data_fusion_instance (#1545)google_data_fusion_instance (#1538)google_healthcare_*_iam_* to reduce likelihood of errors from very low default write quota. (#1558)google_iap_web_iam_*, google_iap_web_type_compute_iam_*, google_iap_web_type_app_engine_*, and google_iap_app_engine_service_iam_* resources (beta provider only) (#1527)google_kms_key_ring_iam_* and google_kms_crypto_key_iam_* resources (beta provider only) (#1524)send_after controlling the time interval after which a batched request sends. (#1565)BUG FIXES:
bigquery_table.encryption_configuration to correctly recreate the table when modified (#1591)google_cloud_run_domain_mapping to correctly match Cloud Run API expected format for spec.route_name, {serviceName}, instead of invalid projects/{project}/global/services/{serviceName} (#1563)cloud_run_domain_mapping to poll for success or failure and throw an appropriate error when ready status returns as false. (#1564)google_cloudrun_service to allow update instead of force-recreation for changes in spec env and command fields (#1566)google_cloud_run_domain_mapping to allow force-recreation. (#1556)cloud_run_domain_mapping was waiting on DNS verification. (#1587)google_compute_backend_service to allow updating cdn_policy.cache_key_policy.* fields to false or empty. (#1569)google_compute_subnetwork did not record a value for name when self_link was specified. (#1579)tags would cause a crash (#1543)google_endpoints_service to fix 403 “Service not found” errors during initial creation (#1560)google_logging_metric.metric_descriptors.labels a set to prevent diff from ordering (#1559)data.google_organization (#1553)network field as required in order to fail invalid configs at plan-time instead of at apply-time (#1577)BREAKING CHANGES:
google_storage_bucket_iam_* resources now support IAM Conditions (beta provider only). If any conditions had been created out of band before this release, take extra care to ensure they are present in your Terraform config so the provider doesn't try to create new bindings with no conditions. Terraform will show a diff that it is adding the condition to the resource, which is safe to apply. (#1479)FEATURES:
google_compute_region_health_check is now available in GA (#1507)google_deployment_manager_deployment (#1498)IMPROVEMENTS:
PARQUET as an option in google_bigquery_table.external_data_configuration.source_format (#1514)allow_global_access for to google_compute_forwarding_rule resource. (#1511)google_compute_managed_ssl_certificate (#1519)security_config to google_dataproc_cluster (#1492)google_storage_bucket_iam_* resources (beta provider only) (#1479)id and bucket fields for google_storage_bucket_iam_* resources to use b/{bucket_name} (#1479)BUG FIXES:
google_compute_router_interface. (#1517)google_compute_firewall, google_compute_health_check, and google_compute_region_health_check to enable the use of dynamic blocks with those resources. (#1520)google_organization_policy , google_folder_organization_policy , and google_project_organization_policy to enable the use of dynamic blocks with those resources. (#1520)/ character in their name (#1521)google_sql_database_instance with the name of a previously deleted instance (#1500)DEPRECATIONS:
fingerprint field in google_compute_subnetwork. Its value is now always "". (#1482)FEATURES:
data_source_google_bigquery_default_service_account (#1471)google_cloud_run_service IAM resources: google_cloud_run_service_iam_policy, google_cloud_run_service_iam_binding, google_cloud_run_service_iam_member (#1456)IMPROVEMENTS:
synchronous_timeout to provider block to allow setting higher per-operation-poll timeouts. (#1449)google_bigquery_table (#1471)org_id field to google_organization datasource to expose the raw organization id (#1485)metadata block for google_cloud_run_service. (#1478)expr to google_compute_security_policy.rule.match (#1465)path_rules to google_compute_region_url_map (#1489)path_rules to google_compute_url_map (#1483)route_rules to google_compute_region_url_map (#1493)google_compute_url_map (#1435)visibility field to google_dns_managed_zone data source (#1462)pubsub_configs to google_sourcerepo_repository (#1455)BUG FIXES:
dns_record_sets. (#1477)exponential_buckets.growth_factor from integer to double. (#1484)BREAKING CHANGES:
peer_ip_address in google_compute_router_peer is now required, to match the API behavior. (#1396)FEATURES:
google_billing_budget (#1428)google_cloud_tasks_queue (#1369)google_organization_iam_audit_config (#1427)IMPROVEMENTS:
require_admin_approval and require_corp_owned in google_access_context_manager_access_level's device_policy. (#1403)google_cloudbuild_trigger (#1404)google_folder in the form of the bare folder id, rather than requiring folders/{bare_id} (#1430)google_compute_project_metadata_item. (#1436)google_compute_disk disk_encryption_key.raw_key is now sensitive (#1445)google_compute_disk source_image_encryption_key.raw_key is now sensitive (#1452)google_compute_network_peering resource can now be imported (#1439)management_type in google_compute_router_peer is now available. (#1396)network can now be specified on google_compute_region_backend_service, which allows internal load balancers to target the non-primary interface of an instance. (#1418)peering_name in google_container_cluster.private_cluster_config. (#1438)auto_provisioning_defaults to google_container_cluster.cluster_autoscaling (#1434)upgrade_settings support to google_container_node_pool (#1400)google_container_cluster and google_container_node_pool (#1386)private_instance and network_config fields to google_data_fusion_instance (#1411)user_project_override for the kms_crypto_key resource (#1422)user_project_override for the kms_secret_ciphertext data source (#1433)root_password field to google_sql_database_instance resource (#1432)BUG FIXES:
2.X series caused an error at plan time (#1448)trigger_template and github in google_cloud_build_trigger. (#1410)google_cloud_functions_function update timeout. (#1447)google_compute_disk disk_encryption_key.raw_key is now sensitive (#1453)self_link in several datasources will now error on invalid values instead of crashing (#1373)advertised_ip_ranges in google_compute_router_peer can now be updated without recreating the resource. (#1396)min_cpu_platform on google_compute_instance as computed so if it is not specified it will not cause diffs (#1429)google_dataproc_autoscaling_policy secondary_worker_config.min_instances from 2 to 0. (#1408)google_dns_record_set deletion to fail when the managed zone ceased to exist before the deletion event. (#1446)deleted: principals in IAM resources (#1417)google_sql_user create and update to reduce flakiness (#1399)NOTES:
These are the changes between 3.0.0-beta.1 and the 3.0.0 final release. For changes since 2.20.0, see also the 3.0.0-beta.1 changelog entry below.
Please see the 3.0.0 upgrade guide for upgrade guidance.
BREAKING CHANGES:
cloud_run_service to v1. Significant updates have been made to the resource including a breaking schema change. (#1426)BUG FIXES:
google_compute_instance_group_manager and google_compute_region_instance_group_manager that created an artificial diff when removing a now-removed field from a config (#1401)google_dns_managed_zone datasource to always return a 404 (#1405)BREAKING CHANGES:
os_type required on block google_access_context_manager_access_level.basic.conditions.device_policy.os_constraints. MM#2665ssl_management_type required on google_app_engine_domain_mapping.ssl_settings MM#2608shell required on google_app_engine_standard_app_version.entrypoint. MM#2608source_url required on google_app_engine_standard_app_version.deployment.files and google_app_engine_standard_app_version.deployment.zip. MM#2608split_health_checks required on google_app_engine_application.feature_settings MM#2608script_path required on google_app_engine_standard_app_version.handlers.script. MM#2665cluster_id required on google_bigtable_app_profile.single_cluster_routing. MM#2608range or skip_leading_rows required on google_bigquery_table.external_data_configuration.google_sheets_options. MM#2608role required on google_bigquery_dataset.access. MM#2665single_cluster_routing or multi_cluster_routing_use_any required on google_bigtable_app_profile. MM#2665name_pattern required on google_binary_authorization_policy.admission_whitelist_patterns. MM#2665evaluation_mode and enforcement_mode required on google_binary_authorization_policy.cluster_admission_rules. MM#2665branch required on google_cloudbuild_trigger.github. MM#2608steps required on google_cloudbuild_trigger.build. MM#2608name required on google_cloudbuild_trigger.build.steps. MM#2608name and path required on google_cloudbuild_trigger.build.steps.volumes. MM#2608filename or build required on google_cloudbuild_trigger. MM#2665nodejs6 as option for runtime in function and made it required. MM#2499pubsub_target, http_target or app_engine_http_target required on google_cloudscheduler_job. MM#2665event_notification_config (singular) from google_cloudiot_registry. Use plural event_notification_configs instead. MM#2390public_key_certificate required on google_cloudiot_registry. credentials . MM#2608service_account_email required on google_cloudscheduler_job.http_target.oauth_token and google_cloudscheduler_job.http_target.oidc_token. MM#2608airflow_config_overrides, pypi_packages, env_variables, image_version, or python_versionrequired ongoogle_composer_environment.config.software_config`. MM#2608use_ip_aliases required on google_composer_environment.config.node_config.ip_allocation_policy. MM#2608enable_private_endpoint required on google_composer_environment.config.private_environment_config. MM#2608enable_private_endpoint or master_ipv4_cidr_block required on google_composer_environment.config.private_environment_config MM#2682node_count, node_config, software_config or private_environment_config required on google_composer_environment.config MM#2682google_compute_backend_service's backend field field now requires the group subfield to be set. MM#2373ip_version field from google_compute_forwarding_rule MM#2436ipv4_range field from google_compute_network. MM#2436auto_create_routes field from google_compute_network_peering. MM#2436google_compute_instance_templates with 375gb scratch disks MM#2495google_compute_instance_template fail at plan time when scratch disks do not have disk_type "local-ssd". MM#2282enable_flow_logs field from google_compute_subnetwork. This is now controlled by the presence of the log_config block MM#2597raw_key required on google_compute_snapshot.snapshot_encryption_key. MM#2608auto_delete, device_name, disk_encryption_key_raw, kms_key_self_link, initialize_params, mode or source required on google_compute_instance.boot_disk. MM#2608size, type, image, or labels required on google_compute_instance.boot_disk.initialize_params. MM#2608enable_secure_boot, enable_vtpm, or enable_integrity_monitoring required on google_compute_instance.shielded_instance_config. MM#2608on_host_maintenance, automatic_restart, preemptible, or node_affinities required on google_compute_instance.scheduling. MM#2608interface required on google_compute_instance.scratch_disk. MM#2608enable_secure_boot, enable_vtpm, or enable_integrity_monitoring required on google_compute_instance_template.shielded_instance_config. MM#2608on_host_maintenance, automatic_restart, preemptible, or node_affinities are now required on google_compute_instance_template.scheduling. MM#2608kms_key_self_link required on google_compute_instance_template.disk.disk_encryption_key. MM#2608range required on google_compute_router_peer. advertised_ip_ranges. MM#2608instance_template for google_compute_instance_group_manager and google_compute_region_instance_group_manager. Use version.instance_template instead. MM#2595update_strategy for google_compute_instance_group_manager. Use update_policy instead. MM#2595google_compute_forwarding_rule or google_compute_global_forwarding_rule MM#2620update_strategy field from google_compute_region_instance_group_manager. MM#2436http_health_check, https_health_check, http2_health_check, tcp_health_check or ssl_health_check required on google_compute_health_check. MM#2665http_health_check, https_health_check, http2_health_check, tcp_health_check or ssl_health_check required on google_compute_region_health_check. MM#2665zone and region fields from data source google_container_engine_versions. MM#2436zone, region and additional_zones fields from google_container_cluster. MM#2436zone and region fields from google_container_node_pool. MM#2436google_container_cluster's logging_service and monitoring_service defaults to enable GKE Stackdriver Monitoring. MM#2471kubernetes_dashboard from google_container_cluster.addons_config MM#2551taint MM#2537disabled required on google_container_cluster.addons_config.http_load_balancing, google_container_cluster.addons_config.horizontal_pod_autoscaling, google_container_cluster.addons_config.network_policy_config, google_container_cluster.addons_config.cloudrun_config, and google_container_cluster.addons_config.istio_config. MM#2608http_load_balancing, horizontal_pod_autoscaling , network_policy_config, cloudrun_config, or istio_config required on google_container_cluster.addons_config. MM#2608enabled required on google_container_cluster.network_policy. MM#2608enable_private_endpoint required on google_container_cluster.private_cluster_config. MM#2608enabled required on google_container_cluster.vertical_pod_autoscaling. MM#2608cidr_blocks required on google_container_cluster.master_authorized_networks_config. MM#2608username, password or client_certificate_config required on google_container_cluster.master_auth. MM#2608daily_maintenance_window or recurring_window required on google_container_cluster.maintenance_policy MM#2682google_container_cluster ip_allocation_policy.use_ip_aliases. If it's set to true, remove it from your config. If false, remove ip_allocation_policy as a whole. MM#2615google_container_cluster ip_allocation_policy.create_subnetwork, ip_allocation_policy.subnetwork_name, ip_allocation_policy.node_ipv4_cidr_block. Define an explicit google_compute_subnetwork and use subnetwork instead. MM#2615channel required on google_container_cluster.release_channel. MM#2608staging_bucket, gce_cluster_config, master_config, worker_config, preemptible_worker_config, software_config, initialization_action or encryption_config required on google_dataproc_cluster.cluster_config. MM#2608zone, network, subnetwork, tags, service_account, service_account_scopes, internal_ip_only or metadata required on google_dataproc_cluster.cluster_config.gce_cluster_config. MM#2608num_instances, image_uri, machine_type, min_cpu_platform, disk_config, or accelerators required on google_dataproc_cluster.cluster_config.master_config and google_dataproc_cluster.cluster_config.worker_config. MM#2608num_local_ssds, boot_disk_size_gb or boot_disk_type required on google_dataproc_cluster.cluster_config.preemptible_worker_config.disk_config, google_dataproc_cluster.cluster_config.master_config.disk_config and google_dataproc_cluster.cluster_config.worker_config.disk_config. MM#2608num_instances or disk_config required on google_dataproc_cluster.cluster_config.preemptible_worker_config. MM#2608image_version, override_properties or optional_components is now required on google_dataproc_cluster.cluster_config.software_config. MM#2608policy_uri required on google_dataproc_cluster.cluster_config.autoscaling_config. MM#2608max_failures_per_hour required on google_dataproc_job.scheduling. MM#2608driver_log_levels required on google_dataproc_job.pyspark_config.logging_config, google_dataproc_job.spark_config.logging_config, google_dataproc_job.hadoop_config.logging_config, google_dataproc_job.hive_config.logging_config, google_dataproc_job.pig_config.logging_config, google_dataproc_job.sparksql_config.logging_config. MM#2608main_class or main_jar_file_uri required on google_dataproc_job.spark_config and google_dataproc_job.hadoop_config. MM#2608query_file_uri or query_list required on google_dataproc_job.hive_config, google_dataproc_job.pig_config, and google_dataproc_job.sparksql_config. MM#2608networks required on google_dns_managed_zone.private_visibility_config. MM#2608network_url required on google_dns_managed_zone.private_visibility_config.networks. MM#2608iam_audit_config resources overwrite existing audit config on create. Previous implementations merged config with existing audit configs on create. MM#2438list_policy, boolean_policy, or restore_policy required on google_organization_policy. MM#2608all or values required on google_organization_policy.list_policy.allow and google_organization_policy.list_policy.deny. MM#2608google_project_iam_policy can handle the project field in either of the following forms: project-id or projects/project-id MM#2700allow or deny required on google_organization_policy.list_policy MM#2682pgp_key, private_key_encrypted and private_key_fingerprint from google_service_account_key MM#2680is_internal and internal_checkers fields from google_monitoring_uptime_check_config. MM#2436labels field from google_monitoring_alert_policy. MM#2436content required on google_monitoring_uptime_check_config.content_matchers. MM#2608http_check or tcp_check is now required on google_monitoring_uptime_check_config. MM#2665auth_info, port, headers, path, use_ssl, or mask_headers is now required on google_monitoring_uptime_check_config.http_check MM#2665https://www.googleapis.com/auth/userinfo.email scope to the provider by default MM#2473google_pubsub_subscription.name (e.g. projects/my-project/subscriptions/my-subscription). name now must be the shortname (e.g. my-subscription) MM#2561google_folder_organization_policy and google_organization_policy import format to use slashes instead of colons. MM#2638google_project_services MM#2403bigquery-json.googleapis.com in google_project_service. Specify biquery.googleapis.com instead. MM#2626name and value required on google_sql_database_instance.settings.database_flags. MM#2608binary_log_enabled, enabled, start_time, and location required on google_sql_database_instance.settings.backup_configuration. MM#2608authorized_networks, ipv4_enabled, require_ssl, and private_network required on google_sql_database_instance.settings.ip_configuration. MM#2608day, hour, and update_track required on google_sql_database_instance.settings.maintenance_window. MM#2608cert, common_name, create_time, expiration_time, or sha1_fingerprint required on google_sql_database_instance.settings.server_ca_cert. MM#2608ca_certificate, client_certificate, client_key, connect_retry_interval, dump_file_path, failover_target, master_heartbeat_period, password, ssl_cipher, username, and verify_server_certificate required on google_sql_database_instance.settings.replica_configuration. MM#2608value required on google_sql_database_instance.settings.ip_configuration.authorized_networks. MM#2608is_live flag from google_storage_bucket. MM#2436main_page_suffix or not_found_page required on google_storage_bucket.website. MM#2608min_time_elapsed_since_last_modification, max_time_elapsed_since_last_modification, include_prefixes, or exclude_prefixes required on google_storage_transfer_job.transfer_spec.object_conditions. MM#2608overwrite_objects_already_existing_in_sink, delete_objects_unique_in_sink, and delete_objects_from_source_after_transfer required on google_storage_transfer_job.transfer_spec.transfer_options. MM#2608gcs_data_source, aws_s3_data_source, or http_data_source required on google_storage_transfer_job.transfer_options. MM#2608