chore(deps): update terraform-provider-google to v7 (major)
This MR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| google (source) | required_provider | major |
6.49.2 -> 7.6.0
|
| google-beta (source) | required_provider | major |
6.49.2 -> 7.6.0
|
View the Renovate pipeline for this MR
Release Notes
hashicorp/terraform-provider-google (google)
v7.6.0
DEPRECATIONS:
- networksecurity: deprecated
ignore_case,exact,prefix,suffixandcontainsfields inhttp_rules.from.not_sources.principalsandhttp_rules.from.sources.principalsblocks ingoogle_network_security_authz_policyresource. Use the equivalent fields inhttp_rules.from.not_sources.principals.principalorhttp_rules.from.sources.principals.principalinstead. (#24543)
BREAKING CHANGES:
- container:
node_configblocks that had setkubelet_configwithout explicitly settingcpu_cfs_quotaimplicitly setcfu_cfs_quotatofalsewhen unset. From this version onwards, an unsetcpu_cfs_quotawill instead match the API default of truetrue. Resources that are recreated will receive the new value; old resources are unaffected, and may change values by explicitly setting the intended one. (#24569) - storageinsights: removed
activity_data_retention_period_daysfield fromgoogle_storage_insights_dataset_configresource due to a delayed launch. It will be readded when the feature launches. (#24570)
FEATURES:
-
New Resource:
google_kms_folder_kaj_policy_config(#24513) -
New Resource:
google_vertex_ai_cache_config(#24541) -
New Resource:
google_vertex_ai_reasoning_engine(#24512)
IMPROVEMENTS:
- backupdr: added
data_sourceandrules_config_infofields togoogle_backup_dr_backup_plan_associationsdatasource (#24517) - beyondcorp: added
external,proxy_protocol, andschemafields togoogle_beyondcorp_security_gateway_applicationresource (#24542) - beyondcorp: changed
endpoint_matchersfield to not be required anymore in thegoogle_beyondcorp_security_gateway_applicationresource (#24542) - cloudrunv2: added
default_uri_disabledfield togoogle_cloud_run_v2_serviceresource (#24556) - compute: added
shared_secret_woandshared_secret_wo_versionfields togoogle_compute_vpn_tunnelresource, enabling write-only management of the shared secret. (#24491) - dlp: added
SENSITIVITY_UNKNOWNas possible enum value foractions.tag_resources.tag_conditions.sensitivity_score.scoreingoogle_data_loss_prevention_discovery_configresource (#24564) - dlp: added
actions.save_findings.output_config.storage_pathfield togoogle_data_loss_prevention_job_triggerresource (#24558) - filestore: added
file_shares.nfs_export_options.networkandnetworks.psc_config.endpoint_projectfields togoogle_filestore_instanceresource (#24567) - lustre: increased creation timeout from 20min to 40min for
google_lustre_instanceresource (#24559) - netapp: added
hybrid_replication_user_commandsfield with subfieldcommandstogoogle_netapp_volume_replicationresource (#24554) - netapp: added
replication_schedule,hybrid_replication_type,large_volume_constituent_countfields tohybrid_replication_parametersfield ingoogle_netapp_volumeresource (#24554) - networksecurity: added
ip_blocksfield togoogle_network_security_authz_policyresource (#24543) - secretmanager: added ephemeral support for
google_secret_manager_secret_versionresource (#24566) - sql: added
source_instance_deletion_timefield togoogle_sql_database_instance_latest_recovery_timedata source (#24576) - sql: added
source_instance_deletion_timefield togoogle_sql_database_instanceresource (#24576) - storagetransfer: added
user_project_overrideandbilling_projectfields togoogle_storage_transfer_jobresource (#24504)
BUG FIXES:
- container: fixed the default for
node_config.kubelet_config.cpu_cfs_quotaongoogle_container_cluster,google_container_node_pool,google_container_cluster.node_poolto align with the API. Terraform will now send atruevalue when the field is unset on creation, and preserve any previously set value when unset. Explicitly set values will work as defined in configuration. (#24569)
v7.5.0
BREAKING CHANGES:
- netapp: changed
peer_ip_addressesfield type from String to Array ingoogle_netapp_volumeresource, as it was unusable otherwise (#24428)
FEATURES:
-
New Data Source:
google_artifact_registry_maven_artifacts(#24487) -
New Data Source:
google_artifact_registry_npm_packages(#24486) -
New Resource:
google_apigee_api_deployment(#24469) -
New Resource:
google_discovery_engine_data_connector(#24472) -
New Resource:
google_managed_kafka_connect_cluster(#24443) -
New Resource:
google_managed_kafka_connector(#24443) -
New Resource:
google_kms_organization_kaj_policy_config(#24471) -
New Resource:
google_saas_runtime_rollout_kind(#24447)
IMPROVEMENTS:
- cloudrunv2: added
mount_optionsin gcsfuse volumes forgoogle_cloud_run_v2_service,google_cloud_run_v2_job, andgoogle_cloud_run_v2_workerpoolresources. (#24413) - cloudrunv2: added
startup_probeandliveness_probetogoogle_cloud_run_v2_worker_poolresource (#24418) - compute: added
bandwidth_allocationfield togoogle_compute_wire_groupresource (#24460) - compute: added
shared_secret_woandshared_secret_wo_versionfields forgoogle_compute_vpn_tunnelresource, enabling write-only management of the shared secret. (#24491) - dialogflow: added
new_recognition_result_notification_configfield togoogle_dialogflow_conversation_profileresource (#24468) - discoveryengine: added
featuresfield togoogle_discovery_engine_search_engineresource (#24445) - dlp: added
other_cloud_targetandother_cloud_starting_locationtogoogle_data_loss_prevention_discovery_config(#24463) - gkebackup: added
backup_config.selected_namespace_labelsfield togoogle_gke_backup_backup_planresource (#24427) - looker: added
gemini_enabledfield togoogle_looker_instanceresource (#24461) - netapp: added
hot_tier_bypass_mode_enabledandhot_tier_size_used_gibfields togoogle_netapp_volume(#24454) - netapp: added
hot_tier_size_gib,enable_hot_tier_auto_resize,cold_tier_size_used_gibandhot_tier_size_used_gibfields togoogle_netapp_storage_pool(#24454) - oracledatabase: added
gcp_oracle_zonefield togoogle_oracle_database_odb_networkresource (#24456) - privilegedaccessmanager: added
approval_workflow.steps.idfield togoogle_privileged_access_manager_entitlementresource (#24419) - pubsub: added support for
tagsfield togoogle_pubsub_topicandgoogle_pubsub_subscriptionresources (#24442) - sql: added
point_in_time_restore_contextfield togoogle_sql_database_instance(#24489) - storage: added
force_destroyfield togoogle_storage_insights_report_configresource (#24462) - storageinsights: added
activity_data_retention_period_daysfield togoogle_storage_insights_dataset_configresource (#24459) - vertexai: added
endpoint_config.private_service_connect_configblock togoogle_vertex_ai_endpoint_with_model_garden_deploymentresource (#24425) - vertexai: added
encryption_spec.kms_key_namefield togoogle_vertex_ai_index_endpointresource (#24490) - vertexai: added
encryption_spec.kms_key_namefield togoogle_vertex_ai_indexresource (#24441)
BUG FIXES:
- apihub: fixed a permadiff on
config_templateingoogle_apihub_pluginresource (#24429) - storage: fixed a panic caused by empty
corsblocksgoogle_storage_bucketresource (#24476)
v7.4.0
DEPRECATIONS:
- compute: deprecated the option to deploy a container during VM creation using the container startup agent in
google_compute_instance. Use alternative services to run containers on your VMs. Learn more at https://cloud.google.com/compute/docs/containers/migrate-containers. (#24375)
FEATURES:
-
New Data Source:
google_artifact_registry_maven_artifact(#24358) -
New Data Source:
google_compute_interconnect_location(#24377) -
New Resource:
google_network_services_wasm_plugin(#24406) -
New Resource:
google_resource_manager_capability(#24404)
IMPROVEMENTS:
- cloudrunv2: added
mount_optionsin gcsfuse volumes forgoogle_cloud_run_v2_service,google_cloud_run_v2_job, andgoogle_cloud_run_v2_workerpoolresources. (#24413) - compute: added
cipher_suitefield togoogle_compute_vpn_tunnelresource. (#24378) - container: added
auto_ipam_configtogoogle_container_clusterresource. (#24396) - storage: added support for
timeoutstogoogle_storage_bucket_iam_binding,google_storage_bucket_iam_member,google_storage_bucket_iam_policyresources (#24376)
BUG FIXES:
- bigtable: fixed
node_scaling_factorforcing new instance ongoogle_bigtable_instancewhen adding new cluster (#24410) - cloudscheduler: fixed a type assertion panic in
google_cloud_scheduler_jobwhen processing HTTP headers with nil or unexpected data types (#24360) - compute: fixed the
Network field cannot be modifiedissue ingoogle_compute_region_backend_service. Now updating thenetworkfield will force the resource to be recreated. (#24398) - netapp: fixed incorrect default value handling in
google_netapp_volumeforexport_policy.rulesattributeshas_root_accessandsquash_mode. When not specified, these fields will now take on the API default value with no diff. (#24395) - netapp: updated
google_netapp_storage_poolto source the default value for theqos_typefield from the API. If not specified in the configuration,qos_typewill now default to the value provided by the NetApp Volumes API. (#24394) - sql: fixed the permadiffs on
disk_sizewhendisk_autoresizeis enabled ingoogle_sql_database_instance(#24399) - workbench: added retry for
unable to queue the operation409 errors ingoogle_workbench_instanceresource. (#24392)
v7.3.0
FEATURES:
-
New Data Source:
google_backup_dr_data_source_reference(#24346) -
New Resource:
google_bigquery_datapolicyv2_data_policy(#24313) -
New Resource:
google_saas_runtime_release(#24289) -
New Resource:
google_secure_source_manager_hook(#24345)
IMPROVEMENTS:
- cloudrun: added
sub_pathfield togoogle_cloud_run_serviceresource. (#24341) - cloudrunv2: added
sub_pathfield togoogle_cloud_run_v2_servicegoogle_cloud_run_v2_jobandgoogle_cloud_run_v2_worker_poolresource. (#24341) - compute: added
labelsandlabel_fingerprintfields togoogle_compute_security_policyresource (#24322) - compute:
labelsunderinitialize_paramsare now updatable ongoogle_compute_instance(#24349) - container: added new fields
memory_managerandtopology_managertonode_kubelet_configblock (#24277) - datastream: added
destination_config.bigquery_destination_config.source_hierarchy_datasets.project_idfield togoogle_datastream_streamresource (#24340) - discoveryengine: added
app_typefield togoogle_discovery_engine_search_engineresource (#24320) - gkeonprem: added
proxyfield togoogle_gkeonprem_vmware_admin_clusterresource (#24338) - healthcare: added
validation_configtogoogle_healthcare_fhir_storeresource (#24336) - iamworkforcepool: added
extended_attributesfield toworkforce_pool_providerresource (#24308) - netapp: added
export_policy.rules.squash_modefield togoogle_netapp_volumeresource. (#24350) - privateca: added
encryption_specfield togoogle_privateca_ca_poolresource (#24328) - run: added
connectortovpc_accessongoogle_cloud_run_v2_worker_poolresource (#24337) - tags: added the
DATA_GOVERNANCEvalue togoogle_tags_tag_key.purpose(#24307)
BUG FIXES:
- bigquery: updated the schema change detection for
google_bigquery_tableto take into account presence of row access policy (#24284) - compute: fixed
allow_global_accessto correctly be immutable forgoogle_compute_forwarding_ruleresources with load balancing scheme of INTERNAL_MANAGED (#24312) - compute: fixed a crash in
google_compute_security_policydue to a changed API response for emptymatch.0.expr_optionsblocks (#24353) - dialogflow: added support for non-global endpoints for
google_dialogflow_conversation_profile(#24351) - publicca: use
RawURLEncodinginstead ofURLEncodingfor unpadded base64 encoding (#24283) - secretmanager: fixed a panic in
google_secret_manager_secret_versionin asecret_manager(#24326) - workbench: fixed issue that resource creation with computed
labelsfield fails ingoogle_workbench_instanceresource (#24311) - workbench: made
report-notebook-metricsmetadata key settable forgoogle_workbench_instance(#24310)
v7.2.0
FEATURES:
-
New Data Source:
google_artifact_registry_python_package(#24267) -
New Data Source:
google_backup_dr_data_source_references(#24268) -
New Resource:
google_discovery_engine_acl_config(#24276) -
New Resource:
google_saas_runtime_unit_kind(#24236)
IMPROVEMENTS:
- chronicle: made the
scope_infofield ingoogle_chronicle_reference_listconfigurable (#24250) - compute: added
header_actiontopath_matcheranddefault_servicelevel ongoogle_compute_region_url_mapresource (#24253) - container: added
secret_manager_config.rotation_configfield togoogle_container_clusterresource (#24244) - container: added new fields
memory_managerandtopology_managertogoogle_container_cluster.node_config.kubelet_configandgoogle_container_node_pool.node_config.kubelet_config(#24277) - sql: added
final_backup_descriptionandfinal_backup_configfields togoogle_sql_database_instanceresource (#24273) - storage: added
aws_s3_compatible_data_sourcetogoogle_storage_transfer_jobresource (#24241)
BUG FIXES:
- provider: fixed an issue with
universe_domainwhere the provider tried to connect to "googleapis.com" for user email logging whenuniverse_domainwas set (#24238) - container: fixed a faulty diff for arrays on
user_managed_keys_configthat caused faulty cluster updates to be triggered ingoogle_container_cluster(#24256) - osconfig: fixed a permadiff in
google_osconfig_patch_deploymentwherepatch_config.yum.minimaldoesn't sendfalsefor empty values (#24247)
v7.1.1
BUG FIXES:
- bigtable: fixed an error encountered when applying
google_bigtable_table_iam_*resources after upgrading to 7.x and replacinginstancewithinstance_name(#24255)
v7.1.0
DEPRECATIONS:
- container: deprecated
enterprise_configfield ingoogle_container_clusterresource. GKE Enterprise features are now available without an Enterprise tier. (#24210) - storage: removed deprecated status for field to
detect_md5hashingoogle_storage_bucket_objectresource (#24147)
FEATURES:
-
New Data Source:
google_iap_web_forwarding_rule_service_iam_policy(#24178) -
New Resource:
google_iap_web_forwarding_rule_service_iam_binding(#24178) -
New Resource:
google_iap_web_forwarding_rule_service_iam_member(#24178) -
New Resource:
google_iap_web_forwarding_rule_service_iam_policy(#24178)
IMPROVEMENTS:
- artifactregistry: added
registry_urias attribute togoogle_artifact_registry_repository(#24164) - backupdr: added 'supported_resource_types' field to
google_backup_dr_backup_planresource (#24189) - backupdr: added
create_timefield togoogle_backup_dr_backupdata source (#24183) - cloudbuild: added
worker_config.enable_nested_virtualizationfield togoogle_cloudbuild_worker_poolresource (#24176) - cloudrunv2: added support for
multi_region_settingsfield togoogle_cloud_run_v2_serviceresource (#24149) - compute: add
params.resource_manager_tagsfield to thegoogle_compute_region_backend_service(#24191) - compute: added
public_delegated_sub_prefixsfield to resourcegoogle_compute_public_delegated_prefix(#24202) - compute: added
update_strategyfield togoogle_compute_network_peeringresource (#24180) - firestore: added
uniquefield togoogle_firestore_indexresource (#24163) - netapp: added
qos_typeandavailable_throughput_mibpsfields togoogle_netapp_storage_poolresource (#24161) - netapp: added
throughput_mibpsfield togoogle_netapp_volumeresource (#24161) - networkservices: allowed
EXPLICIT_ROUTING_MODEforrouting_modeongoogle_network_services_gatewayresource (#24151) - sql: added
consumer_network_status,ip_address, andstatusfields topsc_auto_connectionsfield ongoogle_sql_database_instanceresource (#24201) - storagetransfer: added
service_accountfield togoogle_storage_transfer_jobresource (#24193) - storagetransfer: added
transfer_spec.aws_s3_data_source.credentials_secrettogoogle_storage_transfer_jobresource (#24152)
BUG FIXES:
- compute: fixed certain spurious diffs for
google_compute_region_backend_service.backend.group(#24157) - compute: fixed permadiff on
google_compute_region_network_endpoint_groupwhen nonetworkis specified (#24182) - memorystore: fixed permadiffs that cause destroy+recreate on new
google_memorystore_instancewhendesired_psc_auto_connectionsis set (#24212) - netapp: fixed a permadiff on
total_iopsingoogle_netapp_storage_poolresource (#24207) - oracledatabase: fixed permadiffs on
google_oracle_database_autonomous_databaseresource for theodb_networkandodb_subnetfields (#24184)
v7.0.1
BUG FIXES:
- storage: fixed a conversion crash in
google_storage_bucketstate migration #24186
v7.0.0
Terraform Google Provider 7.0.0 Upgrade Guide
BREAKING RESOURCE REMOVALS:
- beyondcorp: removed
google_beyondcorp_application, its associated IAM resourcesgoogle_beyondcorp_application_iam_binding,google_beyondcorp_application_iam_member, andgoogle_beyondcorp_application_iam_policy, and thegoogle_beyondcorp_application_iam_policydatasource. Usegoogle_beyondcorp_security_gateway_applicationinstead. #23999 - notebooks: removed
google_notebooks_location#23607 - tpu: removed
google_tpu_node. Usegoogle_tpu_v2_vminstead. #23964
BREAKING FIELD REMOVALS:
- cloudrunv2: removed
template.containers.depends_onwithinresource google_cloud_run_v2_worker_pool#23815 - colab: removed
post_startup_script_configfield from fromgoogle_colab_runtime_templateresource #24026 - compute: removed field
enable_flow_logsfromgoogle_compute_subnetwork#23704 - gkehub: removed
configmanagement.binauthzfield ingoogle_gke_hub_feature_membership#24076 - gkehub: removed
descriptionfield ingoogle_gke_hub_membership#23587 - memorystore: removed
allow_fewer_zones_deploymentfield fromgoogle_memorystore_instanceresource because it isn't user-configurable #24079 - redis: removed
allow_fewer_zones_deploymentfield fromgoogle_redis_clusterresource because it isn't user-configurable #24079 - resourcemanager: removed non-functional
projectfield fromgoogle_service_account_keydatasource #24000 - vertexai: removed
enable_secure_private_service_connectingoogle_vertex_ai_endpoint#23843
BREAKING INCREASED VALIDATION:
- cloudfunctions2: made
event_typea required field forevent_triggeringoogle_cloudfunctions2_function#23918 - networkservices: made
load_balancing_schemerequired ingoogle_network_services_lb_traffic_extension#23748 - sql: made
password_wo_versionrequired whenpassword_wois set ingoogle_sql_user#24083 - storage: added validation requiring the
topicfield to be in the form "projects//topics/" ingoogle_storage_notification#24135 - storagetransfer: added path validation for GCS path source and sink in
google_storage_transfer_job#23493 - vertexai: made
metadata, andmetadata.configrequired ingoogle_vertex_ai_index. Resource creation would fail without these attributes already, so no change is necessary to existing configurations. #23971
OTHER BREAKING CHANGES:
- alloydb: added
deletion_protectionfield with a default value oftruetogoogle_alloydb_clusterresource #24024 - apigee: changed
certs_infofield ingoogle_apigee_keystores_aliases_key_cert_fileto be output-only #24135 - apigee: migrated
google_apigee_keystores_aliases_key_cert_fileto the plugin framework #24135 - artifactregistry: removed the default values for
public_repositoryfields ingoogle_artifact_registry_repository. If your state is reliant on them, they will now need to be manually included in your configuration. #23970 - bigquery: removed the default value of
view.use_legacy_sqlingoogle_bigquery_table#24065 - bigtable: renamed instance to
instance_namefor bigtable_table_iam objects #23399 - billing: made
budget_filter.credit typesandbudget_filter.subaccountsno longer optional+computed, only optional, ingoogle_billing_budgetresource #24078 - cloudfunctions2: changed
service_config.servicefield ingoogle_cloudfunctions2_functionresource to be output-only #23790 - compute:
subnetworksandinstancesfields ingoogle_compute_packet_mirroringhave been converted from arrays to sets #24021 - compute:
advertised_ip_rangesfield group ingoogle_compute_routerhas been converted from a list to a set #24030 - compute:
disk.type,disk.modeanddisk.interfaceno longer use provider configured default values and instead will be set by the API ingoogle_compute_instance_templateandgoogle_compute_region_instance_templateresources #24055 - provider: fixed many import functions throughout the provider that erroneously matched a subset of the provided input, leading to unclear error messages when using
terraform inputwith invalid resource IDs. #24010 - resourcemanager: changed
disable_on_destroydefault value tofalseingoogle_project_service#23951 - securesourcemanager: changed
deletion_policydefault value fromDELETEtoPREVENT#23963 - storage:
retention_periodfield ingoogle_storage_buckethas been converted frominttostringdata type #23535 - storage: migrated
google_storage_notificationto the plugin framework #24135
FEATURES:
-
New Data Source:
google_artifact_registry_npm_package(#24072) -
New Data Source:
google_certificate_manager_dns_authorization(#24009) -
New Resource:
google_iap_web_region_forwarding_rule_service_iam_binding(#24041) -
New Resource:
google_iap_web_region_forwarding_rule_service_iam_member(#24041) -
New Resource:
google_iap_web_region_forwarding_rule_service_iam_policy(#24041) -
New Resource:
google_saas_runtime_saas(#24028)
IMPROVEMENTS:
- cloudbuild: added
developer_connect_event_configfield togoogle_cloudbuild_triggerresource (#24043) - cloudtasks: added
desired_statefield togoogle_cloud_tasks_queueresource (#24053) - cloudrunv2: added
max_instance_countfield togoogle_cloud_run_v2_serviceresource. (#24031) - compute: added
params.resourceManagerTagsfield to thegoogle_compute_backend_service(#24062) - compute: added
params.resource_manager_tagsfield togoogle_compute_backend_bucket(#24068) - compute: added
short_namefield togoogle_compute_organization_security_policyresource (#24059) - container: added
cluster_autoscaling.default_compute_class_enabledfield togoogle_container_clusterresource (#24023) - dialogflowcx: added
enableMultiLanguageTraining,locked,answerFeedbackSettings,personalizationSettings,clientCertificateSettings,startPlaybook,satisfiesPzs, andsatisfiesPzitogoogle_dialogflow_cx_agentresource. (#24007) - lustre: increased
google_lustre_instanceresource create timeout to 120m from 20m (#24056) - oracledatabase: enabled default_from_api flag for ODB Network related fields in
google_oracle_database_cloud_vm_clusterresource (#24045) - sql: added feature to restore
google_sql_database_instanceusingbackupdr_backup(#24066) - ssm: made
ca_poolargument optional for private instances that use Google-managed trusted certificates.tosecure_source_manager` resource (#24039)
BUG FIXES:
- container: fixed issue where a failed creation on
google_container_node_poolwould result in an unrecoverable tainted state (#24077) - gkeonprem: set
default_from_apiin image field ingoogle_vmware_node_pool(#24022) - workbench: made
install-monitoring-agentmetadata key settable forgoogle_workbench_instance(#24080)
v6.50.0
NOTES:
- bigtable: It is recommended for
google_bigtable_table_iam_*resources to upgrade to v6.50.0 and switch frominstancetoinstance_namein your configuration before upgrading to v7.X (#24400)
DEPRECATIONS:
- bigtable: deprecated
instancein favor ofinstance_nameingoogle_bigtable_table_iam_*resources (#24400)
IMPROVEMENTS:
- bigtable: added
instance_namefield togoogle_bigtable_table_iam_*resources (#24400)
v6.49.3
BUG FIXES:
- compute: fixed a crash in
google_compute_security_policydue to a changed API response for emptymatch.0.expr_optionsblocks (#24353)
hashicorp/terraform-provider-google-beta (google-beta)
v7.6.0
DEPRECATIONS:
- networksecurity: deprecated
ignore_case,exact,prefix,suffixandcontainsfields inhttp_rules.from.not_sources.principalsandhttp_rules.from.sources.principalsblocks ingoogle_network_security_authz_policyresource. Use the equivalent fields inhttp_rules.from.not_sources.principals.principalorhttp_rules.from.sources.principals.principalinstead. (#10809)
BREAKING CHANGES:
- container:
node_configblocks that had setkubelet_configwithout explicitly settingcpu_cfs_quotaimplicitly setcfu_cfs_quotatofalsewhen unset. From this version onwards, an unsetcpu_cfs_quotawill instead match the API default of truetrue. Resources that are recreated will receive the new value; old resources are unaffected, and may change values by explicitly setting the intended one. (#10823) - storageinsights: removed
activity_data_retention_period_daysfield fromgoogle_storage_insights_dataset_configresource due to a delayed launch. It will be readded when the feature launches. (#10824)
FEATURES:
-
New Resource:
google_kms_folder_kaj_policy_config(#10798) -
New Resource:
google_vertex_ai_cache_config(#10807) -
New Resource:
google_vertex_ai_reasoning_engine(#10797)
IMPROVEMENTS:
- backupdr: added
data_sourceandrules_config_infofields togoogle_backup_dr_backup_plan_associationsdatasource (#10802) - beyondcorp: added
external,proxy_protocol, andschemafields togoogle_beyondcorp_security_gateway_applicationresource (#10808) - beyondcorp: changed
endpoint_matchersfield to not be required anymore in thegoogle_beyondcorp_security_gateway_applicationresource (#10808) - bigquery: added
reservationfield togoogle_bigquery_jobresource (#10796) - compute: added
backend.max_in_flight_requests,backend.max_in_flight_requests_per_instance,backend.max_in_flight_requests_per_endpointandbackend.traffic_durationfields togoogle_compute_backend_serviceresource (#10799) - compute: added
shared_secret_woandshared_secret_wo_versionfields togoogle_compute_vpn_tunnelresource, enabling write-only management of the shared secret. (#10788) - dlp: added
SENSITIVITY_UNKNOWNas possible enum value foractions.tag_resources.tag_conditions.sensitivity_score.scoreingoogle_data_loss_prevention_discovery_configresource (#10820) - dlp: added
actions.save_findings.output_config.storage_pathfield togoogle_data_loss_prevention_job_triggerresource (#10816) - lustre: increased creation timeout from 20min to 40min for
google_lustre_instanceresource (#10817) - netapp: added
hybrid_replication_user_commandsfield with subfieldcommandstogoogle_netapp_volume_replicationresource (#10813) - netapp: added
replication_schedule,hybrid_replication_type,large_volume_constituent_countfields tohybrid_replication_parametersfield ingoogle_netapp_volumeresource (#10813) - networksecurity: added
ip_blocksfield togoogle_network_security_authz_policyresource (#10809) - secretmanager: added ephemeral support for
google_secret_manager_secret_versionresource (#10821) - sql: added
source_instance_deletion_timefield togoogle_sql_database_instance_latest_recovery_timedata source (#10827) - sql: added
source_instance_deletion_timefield togoogle_sql_database_instanceresource (#10827) - storagetransfer: added
user_project_overrideandbilling_projectfields togoogle_storage_transfer_jobresource (#10790)
BUG FIXES:
- container: fixed the default for
node_config.kubelet_config.cpu_cfs_quotaongoogle_container_cluster,google_container_node_pool,google_container_cluster.node_poolto align with the API. Terraform will now send atruevalue when the field is unset on creation, and preserve any previously set value when unset. Explicitly set values will work as defined in configuration. (#10823)
v7.5.0
BREAKING CHANGES:
- netapp: changed
peer_ip_addressesfield type from String to Array ingoogle_netapp_volumeresource, as it was unusable otherwise (#10757)
FEATURES:
-
New Data Source:
google_artifact_registry_maven_artifacts(#10785) -
New Data Source:
google_artifact_registry_npm_packages(#10784) -
New Resource:
google_apigee_api_deployment(#10776) -
New Resource:
google_discovery_engine_data_connector(#10778) -
New Resource:
google_kms_organization_kaj_policy_config(#10777) -
New Resource:
google_saas_runtime_rollout_kind(#10764)
IMPROVEMENTS:
- cloudrunv2: added
startup_probeandliveness_probetogoogle_cloud_run_v2_worker_poolresource (#10749) - compute: added
bandwidth_allocationfield togoogle_compute_wire_groupresource (#10770) - compute: added
shared_secret_woandshared_secret_wo_versionfields forgoogle_compute_vpn_tunnelresource, enabling write-only management of the shared secret. (#10788) - dialogflow: added
new_recognition_result_notification_configfield togoogle_dialogflow_conversation_profileresource (#10775) - discoveryengine: added
featuresfield togoogle_discovery_engine_search_engineresource (#10762) - dlp: added
other_cloud_targetandother_cloud_starting_locationtogoogle_data_loss_prevention_discovery_config(#10773) - gkebackup: added
backup_config.selected_namespace_labelsfield togoogle_gke_backup_backup_planresource (#10756) - looker: added
gemini_enabledfield togoogle_looker_instanceresource (#10771) - netapp: added
hot_tier_size_used_gibfields togoogle_netapp_volume(#10766) - netapp: added
cold_tier_size_used_gibandhot_tier_size_used_gibfields togoogle_netapp_storage_pool(#10766) - networksecurity: added
typeandmirroring_deployment_groupsfields togoogle_network_security_mirroring_endpoint_groupresource (#10783) - oracledatabase: added
gcp_oracle_zonefield togoogle_oracle_database_odb_networkresource (#10767) - privilegedaccessmanager: added
approval_workflow.steps.idfield togoogle_privileged_access_manager_entitlementresource (#10750) - pubsub: added support for
tagsfield togoogle_pubsub_topicandgoogle_pubsub_subscriptionresources (#10760) - sql: added
point_in_time_restore_contextfield togoogle_sql_database_instance(#10786) - storage: added
force_destroyfield togoogle_storage_insights_report_configresource (#10772) - storageinsights: added
activity_data_retention_period_daysfield togoogle_storage_insights_dataset_configresource (#10769) - vertexai: added
endpoint_config.private_service_connect_configblock togoogle_vertex_ai_endpoint_with_model_garden_deploymentresource (#10754) - vertexai: added
encryption_spec.kms_key_namefield togoogle_vertex_ai_index_endpointresource (#10787) - vertexai: added
encryption_spec.kms_key_namefield togoogle_vertex_ai_indexresource (#10759)
BUG FIXES:
- apihub: fixed a permadiff on
config_templateingoogle_apihub_pluginresource (#10758) - storage: fixed a panic caused by empty
corsblocksgoogle_storage_bucketresource (#10781)
v7.4.0
DEPRECATIONS:
- compute: deprecated the option to deploy a container during VM creation using the container startup agent in
google_compute_instance. Use alternative services to run containers on your VMs. Learn more at https://cloud.google.com/compute/docs/containers/migrate-containers. (#10725)
FEATURES:
-
New Data Source:
google_artifact_registry_maven_artifact(#10718) -
New Data Source:
google_compute_interconnect_location(#10727) -
New Resource:
google_network_services_wasm_plugin(#10742)
IMPROVEMENTS:
- compute: added
scheduling.0.skip_guest_os_shutdownfield togoogle_compute_instance_templateresource (#10729) - compute: added
scheduling.0.skip_guest_os_shutdownfield togoogle_compute_instanceresource (#10729) - compute: added
scheduling.0.skip_guest_os_shutdownfield togoogle_compute_region_instance_templateresource (#10729) - compute: added
tunneling_configfield togoogle_compute_service_attachmentresource (#10730) - container: added
auto_ipam_configtogoogle_container_clusterresource. (#10737) - privilegedaccessmanager: added
privileged_access.gcp_iam_access.role_bindings.idfield togoogle_privileged_access_manager_entitlementresource (#10743) - storage: added support for
timeoutstogoogle_storage_bucket_iam_binding,google_storage_bucket_iam_member,google_storage_bucket_iam_policyresources (#10726)
BUG FIXES:
- bigtable: fixed
node_scaling_factorforcing new instance ongoogle_bigtable_instancewhen adding new cluster (#10744) - cloudscheduler: fixed a type assertion panic in
google_cloud_scheduler_jobwhen processing HTTP headers with nil or unexpected data types (#10720) - compute: fixed the
Network field cannot be modifiedissue ingoogle_compute_region_backend_service. Now updating thenetworkfield will force the resource to be recreated (#10738) - netapp: fixed incorrect default value handling in
google_netapp_volumeforexport_policy.rulesattributeshas_root_accessandsquash_mode. When not specified, these fields will now take on the API default value with no diff. (#10736) - netapp: updated
google_netapp_storage_poolto source the default value for theqos_typefield from the API. If not specified in the configuration,qos_typewill now default to the value provided by the NetApp Volumes API. (#10735) - sql: fixed the permadiffs on
disk_sizewhendisk_autoresizeis enabled ingoogle_sql_database_instance(#10739) - workbench: added retry for
unable to queue the operation409 errors ingoogle_workbench_instanceresource. (#10733)
v7.3.0
FEATURES:
-
New Data Source:
google_backup_dr_data_source_reference(#10707) -
New Resource:
google_bigquery_datapolicyv2_data_policy(#10693) -
New Resource:
google_saas_runtime_release(#10685) -
New Resource:
google_secure_source_manager_hook(#10706)
IMPROVEMENTS:
- cloudrun: added
sub_pathfield togoogle_cloud_run_serviceresource. (#10705) - cloudrunv2: added
sub_pathfield togoogle_cloud_run_v2_servicegoogle_cloud_run_v2_jobandgoogle_cloud_run_v2_worker_poolresource. (#10705) - compute: added
labelsandlabel_fingerprintfields togoogle_compute_security_policyresource (#10696) - compute:
labelsunderinitialize_paramsare now updatable ongoogle_compute_instance(#10710) - container: added new fields
memory_managerandtopology_managertonode_kubelet_configblock (#10681) - datastream: added
destination_config.bigquery_destination_config.source_hierarchy_datasets.project_idfield togoogle_datastream_streamresource (#10704) - discoveryengine: added
app_typefield togoogle_discovery_engine_search_engineresource (#10694) - gkeonprem: added
proxyfield togoogle_gkeonprem_vmware_admin_clusterresource (#10702) - healthcare: added
validation_configtogoogle_healthcare_fhir_storeresource (#10700) - iamworkforcepool: added
extended_attributesfield toworkforce_pool_providerresource (#10688) - netapp: added
export_policy.rules.squash_modefield togoogle_netapp_volumeresource. (#10711) - privateca: added
encryption_specfield togoogle_privateca_ca_poolresource (#10699) - run: added
connectortovpcAccessongoogle_cloud_run_v2_worker_poolresource (#10701) - tags: added the
DATA_GOVERNANCEvalue togoogle_tags_tag_key.purpose(#10687)
BUG FIXES:
- bigquery: updated the schema change detection for
google_bigquery_tableto take into account presence of row access policy (#10683) - compute: fixed
allow_global_accessto correctly be immutable forgoogle_compute_forwarding_ruleresources with load balancing scheme of INTERNAL_MANAGED (#10692) - compute: fixed a crash in
google_compute_security_policydue to a changed API response for emptymatch.0.expr_optionsblocks (#10715) - dialogflow: added support for non-global endpoints for
google_dialogflow_conversation_profile(#10712) - publicca: use
RawURLEncodinginstead ofURLEncodingfor unpadded base64 encoding (#10682) - secretmanager: fixed a panic in
google_secret_manager_secret_versionin asecret_manager(#10698) - workbench: fixed issue that resource creation with computed
labelsfield fails ingoogle_workbench_instanceresource (#10691) - workbench: made
report-notebook-metricsmetadata key settable forgoogle_workbench_instance(#10690)
v7.2.0
FEATURES:
-
New Data Source:
google_artifact_registry_python_package(#10671) -
New Data Source:
google_backup_dr_data_source_references(#10672) -
New Resource:
google_discovery_engine_acl_config(#10680) -
New Resource:
google_saas_runtime_unit_kind(#10652)
IMPROVEMENTS:
- chronicle: made the
scope_infofield ingoogle_chronicle_reference_listconfigurable (#10663) - compute: added
header_actiontopath_matcheranddefault_servicelevel ongoogle_compute_region_url_mapresource (#10665) - container: added
secret_manager_config.rotation_configfield togoogle_container_clusterresource (#10659) - container: added new fields
memory_managerandtopology_managertogoogle_container_cluster.node_config.kubelet_configandgoogle_container_node_pool.node_config.kubelet_config(#10681) - healthcare: added
consent_configfield togoogle_healthcare_fhir_storeresource (#10666) New Resource:google_network_management_organization_vpc_flow_logs_config(#10660) - sql: added
final_backup_descriptionandfinal_backup_configfields togoogle_sql_database_instanceresource (#10678) - storage: added
aws_s3_compatible_data_sourcetogoogle_storage_transfer_jobresource (#10656)
BUG FIXES:
- provider: fixed an issue with
universe_domainwhere the provider tried to connect to "googleapis.com" for user email logging whenuniverse_domainwas set (#10654) - container: fixed a faulty diff for arrays on
user_managed_keys_configthat caused faulty cluster updates to be triggered ingoogle_container_cluster(#10668) - osconfig: fixed permadiff in
google_osconfig_patch_deploymentwherepatch_config.yum.minimaldoesn't sendfalsefor empty values (#10661)
v7.1.1
BUG FIXES:
- bigtable: fixed an error encountered when applying
google_bigtable_table_iam_*resources after upgrading to 7.x and replacinginstancewithinstance_name(#10667)
v7.1.0
DEPRECATIONS:
- container: deprecated
enterprise_configfield ingoogle_container_clusterresource. GKE Enterprise features are now available without an Enterprise tier. (#10646) - storage: removed deprecated status for field to
detect_md5hashingoogle_storage_bucket_objectresource (#10605)
FEATURES:
-
New Data Source:
google_iap_web_forwarding_rule_service_iam_policy(#10621) -
New Resource:
google_iap_web_forwarding_rule_service_iam_binding(#10621) -
New Resource:
google_iap_web_forwarding_rule_service_iam_member(#10621) -
New Resource:
google_iap_web_forwarding_rule_service_iam_policy(#10621)
IMPROVEMENTS:
- artifactregistry: added
registry_urias attribute togoogle_artifact_registry_repository(#10618) - backupdr: added
create_timefield togoogle_backup_dr_backupdata source (#10626) - cloudbuild: added
worker_config.enable_nested_virtualizationfield togoogle_cloudbuild_worker_poolresource (#10619) - cloudrunv2: added support for
multi_region_settingsfield togoogle_cloud_run_v2_serviceresource (#10607) - compute: add
params.resource_manager_tagsfield to thegoogle_compute_region_backend_service(#10634) - compute: added
public_delegated_sub_prefixsfield to resourcegoogle_compute_public_delegated_prefix(#10638) - compute: added
update_strategyfield togoogle_compute_network_peeringresource (#10623) - firestore: added
uniquefield togoogle_firestore_indexresource (#10617) - netapp: added
qos_typeandavailable_throughput_mibpsfields togoogle_netapp_storage_poolresource (#10615) - netapp: added
throughput_mibpsfield togoogle_netapp_volumeresource (#10615) - networkservices: allowed
EXPLICIT_ROUTING_MODEforrouting_modeongoogle_network_services_gatewayresource (#10608) - sql: added
consumer_network_status,ip_address, andstatusfields topsc_auto_connectionsfield ongoogle_sql_database_instanceresource (#10637) - storagetransfer: added
service_accountfield togoogle_storage_transfer_jobresource (#10635) - storagetransfer: added
transfer_spec.aws_s3_data_source.credentials_secrettogoogle_storage_transfer_jobresource (#10609)
BUG FIXES:
- compute: fixed certain spurious diffs for
google_compute_region_backend_service.backend.group(#10611) - compute: fixed permadiff on
google_compute_region_network_endpoint_groupwhen nonetworkis specified (#10625) - memorystore: fixed permadiffs that cause destroy+recreate on new
google_memorystore_instancewhendesired_psc_auto_connectionsis set (#10648) - netapp: fixed a permadiff on
total_iopsingoogle_netapp_storage_poolresource (#10643) - oracledatabase: fixed permadiffs on
google_oracle_database_autonomous_databaseresource for theodb_networkandodb_subnetfields (#10627)
v7.0.1
BUG FIXES:
- storage: fixed a conversion crash in
google_storage_bucketstate migration #10629
v7.0.0
Terraform Google Provider 7.0.0 Upgrade Guide
BREAKING RESOURCE REMOVALS:
- beyondcorp: removed
google_beyondcorp_application, its associated IAM resourcesgoogle_beyondcorp_application_iam_binding,google_beyondcorp_application_iam_member, andgoogle_beyondcorp_application_iam_policy, and thegoogle_beyondcorp_application_iam_policydatasource. Usegoogle_beyondcorp_security_gateway_applicationinstead. #10536 - notebooks: removed
google_notebooks_location#10350 - tpu: removed
google_tpu_node. Usegoogle_tpu_v2_vminstead. #10516
BREAKING FIELD REMOVALS:
- cloudrunv2: removed
template.containers.depends_onwithinresource google_cloud_run_v2_worker_pool#10444 - colab: removed
post_startup_script_configfield from fromgoogle_colab_runtime_templateresource #10555 - compute: removed field
enable_flow_logsfromgoogle_compute_subnetwork#10398 - gkehub: removed
configmanagement.binauthzfield ingoogle_gke_hub_feature_membership#10585 - gkehub: removed
descriptionfield ingoogle_gke_hub_membership#10344 - memorystore: removed
allow_fewer_zones_deploymentfield fromgoogle_memorystore_instanceresource because it isn't user-configurable #10588 - redis: removed
allow_fewer_zones_deploymentfield fromgoogle_redis_clusterresource because it isn't user-configurable #10588 - resourcemanager: removed non-functional
projectfield fromgoogle_service_account_keydatasource #10537
BREAKING INCREASED VALIDATION:
- cloudfunctions2: made
event_typea required field forevent_triggeringoogle_cloudfunctions2_function#10501 - networkservices: made
load_balancing_schemerequired ingoogle_network_services_lb_traffic_extension#10419 - sql: made
password_wo_versionrequired whenpassword_wois set ingoogle_sql_user#10591 - storage: added validation requiring the
topicfield to be in the form "projects//topics/" ingoogle_storage_notification#10602 - storagetransfer: added path validation for GCS path source and sink in
google_storage_transfer_job#10297 - vertexai: made
metadata, andmetadata.configrequired ingoogle_vertex_ai_index. Resource creation would fail without these attributes already, so no change is necessary to existing configurations. #10520
OTHER BREAKING CHANGES:
- provider: fixed many import functions throughout the provider that erroneously matched a subset of the provided input, leading to unclear error messages when using
terraform inputwith invalid resource IDs. #10545 - alloydb: added
deletion_protectionfield with a default value oftruetogoogle_alloydb_clusterresource #10553 - apigee: changed
certs_infofield ingoogle_apigee_keystores_aliases_key_cert_fileto be output-only #10602 - apigee: migrated
google_apigee_keystores_aliases_key_cert_fileto the plugin framework #10602 - artifactregistry: removed the default values for
public_repositoryfields ingoogle_artifact_registry_repository. If your state is reliant on them, they will now need to be manually included in your configuration. #10519 - bigquery: removed the default value of
view.use_legacy_sqlingoogle_bigquery_table#10578 - bigtable: renamed instance to
instance_namefor bigtable_table_iam objects #10248 - billing: made
budget_filter.credit typesandbudget_filter.subaccountsno longer optional+computed, only optional, ingoogle_billing_budgetresource #10587 - cloudfunctions2: changed
service_config.servicefield ingoogle_cloudfunctions2_functionresource to be output-only #10432 - compute:
subnetworksandinstancesfields ingoogle_compute_packet_mirroringhave been converted from arrays to sets #10550 - compute:
advertised_ip_rangesfield group ingoogle_compute_routerhas been converted from a list to a set #10557 - compute:
disk.type,disk.modeanddisk.interfaceno longer use provider configured default values and instead will be set by the API ingoogle_compute_instance_templateandgoogle_compute_region_instance_templateresources #10569 - gkehub: updated beta api endpoint from v1beta1 to v1beta #10344
- resourcemanager: changed
disable_on_destroydefault value tofalseingoogle_project_service#10508 - securesourcemanager: changed
deletion_policydefault value fromDELETEtoPREVENT#10515 - storage: changed
retention_periodtostringdata type in resourcegoogle_storage_bucket#10311 - storage: migrated
google_storage_notificationto the plugin framework #10602
FEATURES:
-
New Data Source:
google_artifact_registry_npm_package(#10582) -
New Data Source:
google_certificate_manager_dns_authorization(#10544) -
New Resource:
google_iap_web_region_forwarding_rule_service_iam_binding(#10561) -
New Resource:
google_iap_web_region_forwarding_rule_service_iam_member(#10561) -
New Resource:
google_iap_web_region_forwarding_rule_service_iam_policy(#10561) -
New Resource:
google_saas_runtime_saas(#10556)
IMPROVEMENTS:
- bigquery: added support for "connection_properties" for bigquery to
google_bigquery_job(beta) (#10554) - cloudbuild: added
developer_connect_event_configfield togoogle_cloudbuild_triggerresource (#10563) - cloudtasks: added
desired_statefield togoogle_cloud_tasks_queueresource (#10567) - cloudrunv2: added
max_instance_countfield togoogle_cloud_run_v2_serviceresource. (#10558) - compute: added
params.resourceManagerTagsfield to thegoogle_compute_backend_service(#10575) - compute: added
params.resource_manager_tagsfield togoogle_compute_backend_bucket(#10581) - compute: added
short_namefield togoogle_compute_organization_security_policyresource (#10572) - container: added
cluster_autoscaling.default_compute_class_enabledfield togoogle_container_clusterresource (#10552) - dialogflowcx: added
enableMultiLanguageTraining,locked,answerFeedbackSettings,personalizationSettings,clientCertificateSettings,startPlaybook,satisfiesPzs, andsatisfiesPzitogoogle_dialogflow_cx_agentresource. (#10543) - lustre: increased
google_lustre_instanceresource create timeout to 120m from 20m (#10570) - oracledatabase: enabled default_from_api flag for ODB Network related fields in
google_oracle_database_cloud_vm_clusterresource (#10564) - sql: added feature to restore
google_sql_database_instanceusingbackupdr_backup(#10579) - ssm: made
ca_poolargument optional for private instances that use Google-managed trusted certificates.tosecure_source_manager` resource (#10559)
BUG FIXES:
- container: fixed issue where a failed creation on
google_container_node_poolwould result in an unrecoverable tainted state (#10586) - gkeonprem: set
default_from_apiin image field ingoogle_vmware_node_pool(#10551) - workbench: made
install-monitoring-agentmetadata key settable forgoogle_workbench_instance(#10589)
v6.50.0
NOTES:
- bigtable: It is recommended for
google_bigtable_table_iam_*resources to upgrade to v6.50.0 and switch frominstancetoinstance_namein your configuration before upgrading to v7.X (#10746)
DEPRECATIONS:
- bigtable: deprecated
instancein favor ofinstance_nameingoogle_bigtable_table_iam_*resources (#10746)
IMPROVEMENTS:
- bigtable: added
instance_namefield togoogle_bigtable_table_iam_*resources (#10746)
v6.49.3
BUG FIXES:
- compute: fixed a crash in
google_compute_security_policydue to a changed API response for emptymatch.0.expr_optionsblocks (#10715)
Configuration
-
If you want to rebase/retry this MR, check this box
This MR has been generated by Renovate Bot.
Edited by renovate