IMPROVEMENTS:
- container: added update support for
authenticator_groups_configingoogle_container_cluster(#4591) - dataflow: added ability to import
google_dataflow_job(#4595) - dns: added
managed_zone_idattribute togoogle_dns_managed_zonedata source (#4593) - metastore: added
metadata_integrationandhive_metastore_config.auxiliary_versionsfields togoogle_dataproc_metastore_serviceresource (#4598) - monitoring: added
accepted_response_status_codestogoogle_monitoring_uptime_check_config(#4594) - sql: added
password_validation_policyfield togoogle_cloud_sqlresource (#4597)
BUG FIXES:
- bigquery: removed force replacement for
display_nameongoogle_bigquery_data_transfer_config(#4592) - compute: fixed permadiff for
instance_termination_actioningoogle_compute_instance_template(#4590)
NOTES:
- Updated to Golang 1.18 (#4564)
FEATURES:
- New Resource:
google_dataplex_asset(#4543) - New Resource:
google_gke_hub_membership_iam_binding(#4583) - New Resource:
google_gke_hub_membership_iam_member(#4583) - New Resource:
google_gke_hub_membership_iam_policy(#4583)
IMPROVEMENTS:
- certificatemanager: added
state,authorization_attempt_infoandprovisioning_issueoutput fields togoogle_certificate_manager_certificate(#4548) - cloudfunctions2: added field
event_filtersto resourcegoogle_cloudfunctions2_function(#4547) - compute: added
certificate_maptocompute_target_https_proxyresource (#4550) - compute: added validation for name field on
google_compute_network(#4579) - compute: made
portoptional ingoogle_compute_network_endpointto allow network endpoints to be associated withGCE_VM_IPnetwork endpoint groups (#4575) - container: added support for additional values
APISERVER,CONTROLLER_MANAGER, andSCHEDULERingoogle_container_cluster.monitoring_config(#4565) - gkehub: added
monitoringandmutation_enabledfields to resourcefeature_membership(#4572) - gkehub: added better support for import for
google_gke_hub_membership(#4542) - pubsub: added
bigquery_configtogoogle_pubsub_subscription(#4545) - scheduler: added
pausedfield togoogle_cloud_scheduler_job(#4535) - scheduler: added
stateoutput field togoogle_cloud_scheduler_job(#4535)
BUG FIXES:
- apigee: fixed an issue where
google_apigee_instancecreation would fail due to multiple concurrent instances (#4584) - billingbudget: fixed a bug where
google_billing_budget.budget_filter.serviceswas not updating. (#4577) - compute: fixed perma-diff on
google_compute_diskfor new arm64 images (#4533) - dataflow: fixed bug where permadiff would show on
google_dataflow_job.additional_experiments(#4576) - storage: fixed a bug in
google_storage_bucketwherenamewas incorrectly validated. (#4566)
FEATURES:
- New Resource:
google_dataplex_zone(#4511)
IMPROVEMENTS:
- bucket: added support for
matches_prefixandmatches_suffixinconditionof alifecycle_ruleingoogle_storage_bucket(#4527) - compute: added
networkandsubnetworkfields togoogle_compute_region_network_endpoint_groupfor PSC. (#4528) - container: added field
boot_disk_kms_keytoauto_provisioning_defaultsingoogle_container_cluster(#4524) - notebooks: added
bootDiskTypesupport forPD_EXTREMEingoogle_notebooks_instance(#4530) - notebooks: added
softwareConfig.upgradeable,softwareConfig.postStartupScriptBehavior,softwareConfig.kernelsingoogle_notebooks_runtime(#4530) - storage: added name validation for
google_storage_bucket(#4532)
BUG FIXES:
- compute: fixed perma-diff on
google_compute_diskfor new arm64 images (#4533) - dns: fixed a bug where
google_dns_record_setwould create an inconsistent plan when using interpolated values inrrdatas(#4515) - kms: fixed setting of resource id post-import for
google_kms_crypto_key(#4520) - provider: fixed a bug where user-agent was showing "dev" rather than the provider version (#4509)
FEATURES:
- New Data Source:
google_service_account_jwt(#4489) - New Resource:
google_certificate_map_entry(#4501) - New Resource:
google_certificate_map(#4501) - New Resource:
google_compute_backend_bucket_iam_binding(#4484) - New Resource:
google_compute_backend_bucket_iam_member(#4484) - New Resource:
google_compute_backend_bucket_iam_policy(#4484) - New Resource:
google_dataproc_metastore_federation(#4482) - New Resource:
google_dataproc_metastore_federation_iam_binding(#4482) - New Resource:
google_dataproc_metastore_federation_iam_member(#4482) - New Resource:
google_dataproc_metastore_federation_iam_policy(#4482)
IMPROVEMENTS:
- billingbudget: made
thresholdRulesoptional ingoogle_billing_budget(#4480) - compute: added
instance_termination_actionfield togoogle_compute_instance_templateresource to support Spot VM termination action (#4488) - compute: added
instance_termination_actionfield togoogle_compute_instanceresource to support Spot VM termination action (#4488) - compute: added
request_coalescingandbypass_cache_on_request_headersfields tocompute_backend_bucket(#4484) - compute: added field
all_instances_configtogoogle_compute_instance_group_managerandgoogle_compute_region_instance_group_manager(#4506) - compute: added support for
espprotocol ingoogle_compute_packet_mirroring.filters.ip_protocols(#4496) - monitoring: added
evaluation_missing_datafield togoogle_monitoring_alert_policy(#4502) - notebooks: added field
reserved_ip_rangetogoogle_notebooks_runtime(#4492)
BUG FIXES:
- bigtable: fixed an incorrect diff when adding two or more clusters (#4490)
- compute: allowed properly updating
adaptive_protection_configincompute_security_policy(#4478) - notebooks: fixed a bug where
google_notebooks_runtimecan't be updated (#4492) - sql: fixed an issue in
google_sql_database_instancewhere updates would fail because of thecollationfield (#4505)
FEATURES:
- New Resource:
google_cloudiot_registry_iam_binding(#4452) - New Resource:
google_cloudiot_registry_iam_member(#4452) - New Resource:
google_cloudiot_registry_iam_policy(#4452) - New Resource:
google_compute_snapshot_iam_binding(#4445) - New Resource:
google_compute_snapshot_iam_member(#4445) - New Resource:
google_compute_snapshot_iam_policy(#4445)
IMPROVEMENTS:
- container: added
binauthz_evaluation_modefield toresource_container_cluster. (#4451) - kms: added support for MAC value in
google_kms_crypto_key.purpose(#4458) - metastore: added
databaseType,releaseChannel, andhiveMetastoreConfig.endpointProtocolarguments (#4443)
BUG FIXES:
- bigquery: fixed case-sensitivity for
user_by_emailandgroup_by_emailongoogle_bigquery_dataset_access(#4446) - clouddeploy: fixed permadiff on
execution_configsingoogle_clouddeploy_targetresource (#4450) - cloudscheduler: fixed a diff on the last slash of uri on
google_cloud_scheduler_job(#4444) - compute: fixed force recreation on
provisioned_iopsofgoogle_compute_disk(#4464) - compute: fixed missing
network_interface.0.ipv6_access_config.0.external_ipv6output ongoogle_compute_instance(#4470) - documentai: fixed a bug where eu region could not be utilized for documentai resources (#4472)
- gkehub: fixed a bug where
issuercan't be updated ongoogle_gke_hub_membership(#4471)
FEATURES:
- New Resource: google_bigquery_connection_iam_binding (#4437)
- New Resource: google_bigquery_connection_iam_member (#4437)
- New Resource: google_bigquery_connection_iam_policy (#4437)
- New Resource: google_cloud_tasks_queue_iam_binding (#4427)
- New Resource: google_cloud_tasks_queue_iam_member (#4427)
- New Resource: google_cloud_tasks_queue_iam_policy (#4427)
- New Resource: google_dataproc_autoscaling_policy_iam_binding (#4441)
- New Resource: google_dataproc_autoscaling_policy_iam_member (#4441)
- New Resource: google_dataproc_autoscaling_policy_iam_policy (#4441)
- New Resource: google_dataproc_metastore_service_iam_binding (#4416)
- New Resource: google_dataproc_metastore_service_iam_member (#4416)
- New Resource: google_dataproc_metastore_service_iam_policy (#4416)
IMPROVEMENTS:
- bigquery: fixed a permadiff in
google_bigquery_job.query. destination_table(#4401) - billing: added
calendar_periodandcustom_periodfields togoogle_billing_budget(#4429) - cloudsql: added attribute
projectto data sourcegoogle_sql_backup_run(#4402) - composer: added CMEK, PUPI and IP_masq_agent support for Composer 2 in
google_composer_environmentresource (#4430) - compute: added
max_ports_per_vmfield togoogle_compute_router_natresource (#4400) - compute: added
GCE_VM_IPsupport togoogle_compute_network_endpoint_groupresource. (#4434) - privateca: added support to subordinate CA activation (#4422)
- redis: added CMEK key field
customer_managed_keyingoogle_redis_instance(#4435) - spanner: added field
version_retention_periodtogoogle_spanner_databaseresource (#4424) - sql: added
settings.location_preference.secondary_zonefield ingoogle_sql_database_instance(#4433) - sql: added
sql_server_audit_configfield ingoogle_sql_database_instance(#4403)
BUG FIXES:
- composer: fixed a problem with updating Cloud Composer's
scheduler_countfield (hashicorp/terraform-provider-google#11940) (#4408) - composer: fixed permadiff on
private_environment_config.cloud_composer_connection_subnetwork(#4411) - container: fixed an issue where
node_config.min_cpu_platformcould cause a perma-diff ingoogle_container_cluster(#4426) - filestore: fixed a case where
google_filestore_instance.networks.networkwould incorrectly see a diff between state and config when the networkidformat was used (#4431) - serviceusage: fixed an issue where
google_project_service_identitydidn't handle service identities without emails correctly (#4432)
IMPROVEMENTS:
- clouddeploy: added
suspendfield togoogle_clouddeploy_delivery_pipelineresource (#4394) - compute: added maxPortsPerVm field to
google_compute_router_natresource (#4400) - compute: added
psc_connection_idandpsc_connection_statusoutput fields togoogle_compute_forwarding_ruleandgoogle_compute_global_forwarding_ruleresources (#4392) - container: added
tpu_configtogoogle_container_cluster(beta only) (#4390) - containeraws: made
config.instance_typefield updatable ingoogle_container_aws_node_pool(#4392)
BUG FIXES:
- compute: fixed default handling for
enable_dynamic_port_allocationto be managed by the api (#4391) - vertexai: Fixed a bug where terraform crashes when
force_destroyis set ingoogle_vertex_ai_featurestoreresource (#4398)
FEATURES:
- New Resource:
google_cloudfunctions2_function_iam_binding(#4377) - New Resource:
google_cloudfunctions2_function_iam_member(#4377) - New Resource:
google_cloudfunctions2_function_iam_policy(#4377) - New Resource:
google_compute_region_ssl_policy(#4376) - New Resource:
google_documentai_processor(#4389) - New Resource:
google_documentai_processor_default_version(#4389)
IMPROVEMENTS:
- accesscontextmanager: Added
external_resourcestoegress_toingoogle_access_context_manager_service_perimeterandgoogle_access_context_manager_service_perimetersresource (#4378) - apigateway: Added
grpc_servicesandmanaged_service_configstogoogle_api_gateway_api_config(#4388) - cloudbuild: Added
include_build_logstogoogle_cloudbuild_trigger(#4380) - compute: Added
ssl_policyfield togoogle_compute_region_target_https_proxy(#4376) - container: Added
managed_prometheustomonitoring_configingoogle_container_cluster(#4373) - container: Added
tpu_configtogoogle_container_cluster(#4390)
BUG FIXES:
- dns: Fixed a bug where
google_dns_record_setresource can not be changed from default routing to Geo routing policy. (#4383) - sql: Fixed a bug where
google_sql_database_instancewould fail if a replica was created, with an encryption key, in a different region than the master instance. (#4379)
IMPROVEMENTS:
- bigquery: added
connection_idtoexternal_data_configurationforgoogle_bigquery_table(#4365) - cloudfunctions2: added support for configuring
service_account_emailtogoogle_cloudfunctions2_functionresource (#4367) - compute: added
advanced_options_configtogoogle_compute_security_policy(#4354) - compute: added
cache_key_policyfield togoogle_compute_backend_bucketresource (#4349) - compute: added
include_named_cookiestocdn_policyoncompute_backend_serviceresource (#4358) - compute: added internal IPv6 support on
google_compute_networkandgoogle_compute_subnetwork(#4368) - container: added
managed_prometheustomonitoring_configingoogle_container_cluster(#4373) - container: added
spotfield tonode_configsub-resource (#4350) - gkehub: added
prevent_driftfield togoogle_gke_hub_feature_membershipresource (#4370) - monitoring: added support for JSONPath content matchers to
google_monitoring_uptime_check_configresource (#4361) - monitoring: added support for
user_labelstogoogle_monitoring_sloresource (#4363) - sql: added
sql_server_user_detailsfield togoogle_sql_userresource (#4364)
BUG FIXES:
- certificatemanager: fixed bug where
DEFAULTscope would permadiff and force replace the certificate. (#4356) - dns: fixed perma-diff for updated labels in
google_dns_managed_zone(#4372) - storagetransfer: fixed perm diff on transfer_options for
google_storage_transfer_job(#4357)
IMPROVEMENTS:
- compute: added
cache_key_policyfield togoogle_compute_backend_bucketresource (#4349)
FEATURES:
- New Data Source:
google_tags_tag_key(#4337) - New Data Source:
google_tags_tag_value(#4337) - New Resource:
google_dataplex_lake(#4341)
IMPROVEMENTS:
- bigqueryconnection: updated connection types to support v1 ga (#4323)
- cloudfunctions: added docker registry support for Cloud Functions (#4324)
- memcache: added
maintenance_policyandmaintenance_scheduletogoogle_memcache_instance(#4338) - service-directory: marked network field immutable in
google_service_directory_endpoint(#4334)
BUG FIXES:
- binaryauthorization: fixed permadiff in
google_binary_authorization_attestor(#4325) - service: added re-polling for service account after creation, 404s sometimes due to eventual consistency (#4333)
NOTE: Due to technical difficulties encountered in the release process, the 4.22.0 release for google-beta occurred several hours after the corresponding google provider release.
FEATURES:
- New Resource:
google_certificate_manager_certificate(#4301) - New Resource:
google_certificate_manager_dns_authorization(#4301) - New Resource:
google_clouddeploy_delivery_pipeline(#4288) - New Resource:
google_clouddeploy_target(#4288)
IMPROVEMENTS:
- bigquery: added connection of type cloud_resource for
google_bigquery_connection(#4312) - cloudfunctions: added
https_trigger_security_leveltogoogle_cloudfunctions_function(#4295) - cloudrun: added
traffic.tagandtraffic.urlfields togoogle_cloud_run_service(#4283) - compute: added
enable_dynamic_port_allocationtogoogle_compute_router_nat(#4316) - compute: added field
update_policy.most_disruptive_allowed_actiontogoogle_compute_instance_group_managerandgoogle_compute_region_instance_group_manager(#4282) - compute: added support for NEG type
PRIVATE_SERVICE_CONNECTinNetworkEndpointGroup(#4303) - compute: added support for
domain_namesattribute ingoogle_compute_service_attachment(#4313) - compute: added value
REFRESHto field update_policy.minimal_actioningoogle_compute_instance_group_managerandgoogle_compute_region_instance_group_manager` (#4282) - container: added field
exclusion_optionstogoogle_container_cluster(#4291) - monitoring: added
checker_typefield togoogle_monitoring_uptime_check_configresource (#4302) - privateca: add a new field
desired_stateto manage CertificateAuthority state. (#4279) - sql: added
active_directory_configfield ingoogle_sql_database_instance(#4298) - sql: removed requirement that Cloud SQL Insight is only allowed for Postgres in
google_sql_database_instance(#4310)
BUG FIXES:
- cloudfunctions: fixed an issue where
google_cloudfunctions2_functionwould not update (#4278) - compute: fixed extra diffs generated on
google_security_policyruleswhen modifying a rule (#4287) - container: fixed Autopilot cluster couldn't omit master ipv4 cidr in
google_container_cluster(#4280) - resourcemanager: fixed a bug in wrongly writing to state when creation failed on
google_project_organization_policy(#4297) - storage: not specifying
contentorsourceforgoogle_storage_bucket_objectnow fails at plan-time instead of apply-time. (#4292)
IMPROVEMENTS:
- cloudfunctions: added CMEK support for Cloud Functions (#4272)
- compute: added
service_directory_registrationstogoogle_compute_forwarding_ruleresource (#4276) - compute: removed validation checking against a fixed set of persistent disk types (#4273)
- container: removed validation checking against a fixed set of persistent disk types (#4273)
- containeraws: added
image_typeandinstance_placementtogoogle_container_aws_node_poolresource (#4276) - containeraws: added
instance_placementandlogging_configtogoogle_container_aws_clusterresource (#4276) - containeraws: added
proxy_configtogoogle_container_aws_node_poolresource (#4276) - containerazure: added
image_typetogoogle_container_azure_node_poolresource (#4276) - containerazure: added
logging_configtogoogle_container_azure_clusterresource (#4276) - containerazure: added
proxy_configtogoogle_container_azure_node_poolresource (#4276) - dataproc: removed validation checking against a fixed set of persistent disk types (#4273)
- dns: added
routing_policytogoogle_dns_record_setresource (#4265)
BUG FIXES:
- cloudfunctions: fixed an issue where
google_cloudfunctions2_functionwould not update (#4278) - compute: fixed a crash in
google_compute_instancewhen the instance is deleted outside of Terraform (#4262) - provider: removed printing credentials to the console if malformed JSON is given (#4266)
NOTES:
google_privateca_certificate_authorityresources now cannot be destroyed unlessdeletion_protection = falseis set in state for the resource. (#4241)
FEATURES:
- New Data Source:
google_compute_disk(#4255)
IMPROVEMENTS:
- apigee:
consumer_accept_listandservice_attachmenttogoogle_apigee_instance. (#4260) - compute: added
subsettingfield togoogle_compute_region_backend_service(#4246) - privateca: added
deletion_protectionforgoogle_privateca_certificate_authority. (#4241) - privateca: added new output fields on
google_privateca_certificateincludingissuer_certificate_authority,pem_certificate_chainandcertificate_description.x509_description(#4242) - redis: added multi read replica field
read_replicas_modeandsecondary_ip_rangeingoogle_redis_instance(#4259)
BUG FIXES:
- compute: fixed a crash when
compute.instanceis not found (#4262) - provider: removed printing credentials to the console if malformed JSON is given (#4266)
- sql: fixed bug where
encryption_key_namewas not being propagated to the API. (#4261)
IMPROVEMENTS:
- cloudbuild: made
CLOUD_LOGGING_ONLYavailable as a cloud build logging option. (#4224) - compute: added
redirect_optionsfield forgoogle_compute_security_policyrules (#4217) - compute: added
FIXED_STANDARDandSTANDARDas valid values to the fieldnetwork_interface.0.access_configs.0.network_tierofgoogle_compute_instance_templateresource (#4233) - compute: added
FIXED_STANDARDandSTANDARDas valid values to the fieldnetwork_interface.0.access_configs.0.network_tierofgoogle_compute_instanceresource (#4233) - compute: added passing
exceed_redirect_optionsfield forgoogle_compute_security_policyrules (#4238) - container: added
gke_backup_agent_configinaddons_configtogoogle_container_cluster(beta) (#4231) - filestore: added
kms_key_namefield togoogle_filestore_instanceresource to support CMEK (#11493) - logging: made
google_logging_*_bucket_configdeletable (#4234) - notebooks: updated
container_imagesongoogle_notebooks_runtimeto default to the value returned by the API if not set (#4216) - provider: modified request retry logic to retry all per-minute quota limits returned with a 403 error code. Previously, only read requests were retried. This will generally affect Google Compute Engine resources. (#4223)
BUG FIXES:
- bigquery: fixed a bug where
encryption_configuration.kms_key_namestored the version rather than the key name. (#4221) - compute: fixed url_mask required mis-annotation in
google_compute_region_network_endpoint_group, making it optional (#4227) - spanner: fixed escaping of database names with Postgres dialect in
google_spanner_database(#4228)
FEATURES:
- New Resource:
google_privateca_certificate_template_iam_binding(#4201) - New Resource:
google_privateca_certificate_template_iam_member(#4201) - New Resource:
google_privateca_certificate_template_iam_policy(#4201)
IMPROVEMENTS:
- bigtable: added
gc_rulestogoogle_bigtable_gc_policyresource. (#4212) - dialogflow: added support for location based dialogflow resources (#4206)
- metastore: added support for encryption_config during service creation. (#4204)
- privateca: support update on CertificateAuthority and Certificate (#4207)
BUG FIXES:
- Update mutex on google_apigee_instance_attachment to lock on org_id. (#4203)
- vpcaccess: fixed an issue where
google_vpc_access_connectorwould be repeatedly recreated whennetworkwas not specified (#4205)
FEATURES:
- New Data Source:
google_access_approval_folder_service_account(#4179) - New Data Source:
google_access_approval_organization_service_account(#4179) - New Data Source:
google_access_approval_project_service_account(#4179) - New Resource:
google_access_context_manager_access_policy_iam_binding(#4180) - New Resource:
google_access_context_manager_access_policy_iam_member(#4180) - New Resource:
google_access_context_manager_access_policy_iam_policy(#4180) - New Resource:
google_endpoints_service_consumers_iam_binding(#4160) - New Resource:
google_endpoints_service_consumers_iam_member(#4160) - New Resource:
google_endpoints_service_consumers_iam_policy(#4160) - New Resource:
google_iam_deny_policy(#4194)
IMPROVEMENTS:
- access approval: added
active_key_version,ancestor_has_active_key_version, andinvalid_key_versionfields togoogle_folder_access_approval_settings,google_organization_access_approval_settings, andgoogle_project_access_approval_settingsresources (#4179) - access context manager: added support for scoped policies in
google_access_context_manager_access_policy(#4180) - apigee: added
deployment_typeandapi_proxy_typetogoogle_apigee_environment(#4177) - bigtable: updated the examples to show users can create all 3 different flavors of AppProfile (#4172)
- cloudbuild: added
approval_configtogoogle_cloudbuild_trigger(#4162) - composer: added support for
airflow-1andairflow-2aliases in image version argument (#4185) - dataflow: added
skip_wait_on_job_terminationattribute togoogle_dataflow_jobandgoogle_dataflow_flex_template_jobresources (issue #10559) (#4196) - dataproc: added
presto_configtodataproc_job(#4171) - healthcare: added support V3 parser version for Healthcare HL7 stores. (#4189)
- healthcare: added support for
ANALYTICS_V2andLOSSLESSBigQueryDestination schema types togoogle_healthcare_fhir_store(#4186) - os-config: added field
migInstancesAllowedto resourceos_config_patch_deployment(#4195) - privateca: added support for IAM conditions to CaPool (#4170)
- pubsub: added
enable_exactly_once_deliverytogoogle_pubsub_subscription(#4166) - spanner: added support for setting database_dialect on
google_spanner_database(#4158)
BUG FIXES:
- redis: fixed an issue where older redis instances had a dangerous diff on the field
read_replicas_mode, adding a default ofREAD_REPLICAS_DISABLED. Now, if the field is not set in config, the value of the field will keep the old value from state. (#4184) - tags: fixed issue where tags could not be applied sequentially to the same parent in
google_tags_tag_binding(#4191)
FEATURES:
- New Data Source:
google_dataproc_metastore_service(#4155) - New Resource:
google_firebaserules_release(#4132) - New Resource:
google_firebaserules_ruleset(#4132)
IMPROVEMENTS:
- bigtable: added support for
autoscaling_configtogoogle_bigtable_instance(#4150) - composer: Added support for
composer-1andcomposer-2aliases in image version argument (#4131) - compute: added support for attaching a
edge_security_policytogoogle_compute_backend_bucket(#4154) - compute: added support for field
typetogoogle_compute_security_policy(#4154) - eventarc: added gke and workflows destination for eventarc trigger resource. (#4152)
- networkservices: added
included_cookie_namesto cache key policy configuration (#4147) - spanner: added support for setting database_dialect on
google_spanner_database(#4158) - storagetransfer: added
repeat_intervalfield togoogle_storage_transfer_jobresource (#4144)
BUG FIXES:
- apikeys: fixed a bug where
google_apikeys_key.key_stringwas not being set. (#4139) - container: fixed a bug where
google_container_cluster.authenticator_groups_configcould not be set in tandem withenable_autopilot(#4140) - iam: fixed an issue where special identifiers
allAuthenticatedUsersandallUserswere flattened to lower case in IAM members. (#4156) - logging: fixed bug where
google_logging_project_bucket_configwould erroneously write to state after it errored out and wasn't actually created. (#4141) - monitoring: fixed a permadiff when
google_monitoring_uptime_check_config.http_check.pathdoes not begin with "/" (#4135) - osconfig: fixed a bug where
recurring_schedule.time_of_daycan not be set to 12am exact time ingoogle_os_config_patch_deploymentresource (#4127) - sql: fixed bug where permadiff of
encryption_key_namewould show ongoogle_sql_database_instancefor replica instances. (#4130) - storage: fixed a bug where
google_storage_bucketdata source would retry for 20 min when bucket was not found. (#4129) - storage: fixed bug where
google_storage_transfer_jobthat was deleted outside of Terraform would not be recreated on apply. (#4138)
FEATURES:
- New Resource: google_logging_log_view (#4125)
IMPROVEMENTS:
- apigee: added
billing_typeattribute togoogle_apigee_organizationresource. (#4126) - networkservices: added
disable_http2property togoogle_network_services_edge_cache_serviceresource (#4119) - networkservices: updated
google_network_services_edge_cache_originresource to read and write thetimeoutproperty, including a newread_timeoutfield. (#4122) - networkservices: updated
google_network_services_edge_cache_originto retry_conditions to includeFORBIDDEN(#4122)
BUG FIXES:
- dataproc: fixed a crash when
logging_configonly containsnilentry ingoogle_dataproc_workflow_template(#4124) - sql: fixed crash when one of
settings.database_flagsis nil. (#4123)
FEATURES:
- New Resource:
google_bigqueryreservation_assignment(#4098) - New Resource:
google_apikeys_key(#4114)
IMPROVEMENTS:
- artifactregistry: added maven config for
google_artifact_registry_repository(#4112) - cloudbuild: added support for manual builds, git source for webhook/pubsub triggered builds and filter field (#4100)
- container: added support for gvnic to
google_container_node_pool(#4111) - dataproc: added
preemptibilityfield to thepreemptible_worker_configofgoogle_dataproc_cluster(#4107) - serviceusage: supported
forcebehavior for deleting consumer quota override (#4094)
BUG FIXES:
- dataproc: fixed a crash when
logging_configonly containsnilentry ingoogle_dataproc_job(#4108)
FEATURES:
- New Resource:
google_apigee_endpoint_attachment(#4074) - New Resource:
google_cloudfunctions2_function(#4093) - New Resource:
google_region_backend_service_iam_*(#4088) - New Datasource:
google_dns_record_set(#4085) - New Datasource:
google_privateca_certificate_authority(#4087)
IMPROVEMENTS:
- compute: added support for
keepalive_intervaltogoogle_compute_router.bgp(#4089) - compute: added update support for
google_compute_reservation.share_settings(#4092) - storagetransfer: added attribute
subject_idto data sourcegoogle_storage_transfer_project_service_account(#4073)
BUG FIXES:
- composer: allow region to be undefined in configuration for
google_composer_environment(#4083) - container: fixed a bug where
vertical_pod_autoscalingwould cause autopilot clusters to recreate (#4076)
NOTE:
- updated to go 1.16.14 (#4066)
FEATURES:
DEPRECATIONS:
- datafusion: deprecated
service_accountingoogle_datafusion_instance. Usetenant_project_idinstead to extract the tenant project ID (beta) (#4045)
IMPROVEMENTS:
- bigquery: added support for authorized datasets to
google_bigquery_dataset.accessandgoogle_bigquery_dataset_access(#4047) - bigtable: added
multi_cluster_routing_cluster_idsfields togoogle_bigtable_app_profile(#4051) - compute: added field
serverless_deploymenttogoogle_compute_network_endpoint_group(beta only) for API Gateway resources (#4041) - compute: updated
instanceattribute forgoogle_compute_network_endpointto be optional, as Hybrid connectivity NEGs use network endpoints with just IP and Port. (#4068) - compute: added
NON_GCP_PRIVATE_IP_PORTvalue fornetwork_endpoint_typein thegoogle_compute_network_endpoint_groupresource (#4068) - compute: added
provisioning_modelfield togoogle_compute_instance_templateresource to support Spot VM(beta) (#4033) - compute: added
provisioning_modelfield togoogle_compute_instanceresource to support Spot VM(beta) (#4033) - container: Add support for GKE Compact Placement (#4043)
- datafusion: added support for
tenant_project_idandgcs_bucketingoogle_datafusion_instanceresource. (#4045) - provider: added retries for
ReadRequesterrors incorrectly coded as403errors, particularly in Google Compute Engine (#4064)
BUG FIXES:
- apigee: fixed a bug where multiple
google_apigee_instancecould not be used on the samegoogle_apigee_organization(#4059) - compute: corrected an issue in
google_compute_security_policywhere only alpha values for certain enums were accepted (#4049) - compute: fixed permadiff in
google_compute_instance.scheduling.provisioning_model(#4044) - compute: fixed permadiff in
google_compute_instance_template.scheduling.provisioning_model(#4052)
IMPROVEMENTS:
- cloudfunctions: Added SecretManager integration support to
google_cloudfunctions_function. (#4040) - compute: Added field
serverless_deploymenttogoogle_compute_network_endpoint_group(#4041) - dataproc: increased the default timeout for
google_dataproc_clusterfrom 20m to 45m (#4027) - sql: added field
clone.allocated_ip_rangeto support address range picker for clone in resourcegoogle_sql_database_instance(#4037) - storagetransfer: added support for POSIX data source and data sink to
google_storage_transfer_jobviatransfer_spec.posix_data_sourceandtransfer_spec.posix_data_sinkfields (#4029)
BUG FIXES:
- cloudrun: updated
containers.ports.container_portto be optional instead of required ongoogle_cloud_run_service(#4030) - compute: marked
projectfield optional ingoogle_compute_instance_templatedata source (#4031)
FEATURES:
- New Resource:
google_backend_service_iam_*(#4021)
IMPROVEMENTS:
- compute: added
EXTERNAL_MANAGEDas option forload_balancing_schemeingoogle_compute_global_forwarding_ruleresource (#4011) - compute: added field
rate_limit_optionstogoogle_compute_security_policyrules (#4020) - container: added support for image type configuration on the GKE Node Auto-provisioning (#4023)
- container: added support for GCPFilestoreCSIDriver addon to
google_container_clusterresource. (#4015) - dataproc: increased the default timeout for
google_dataproc_clusterfrom 20m to 45m (#4027) - redis: added
maintenance_policyandmaintenance_scheduletogoogle_redis_instance(#4010) - vpcaccess: updated field
networkingoogle_vpc_access_connectorto acceptself_linkorname(#4013)
BUG FIXES:
- storage: fixed bug where the provider crashes when
Object.owneris missing when usinggoogle_storage_object_acl(#4019)
BREAKING CHANGES:
- cloudrun: changed the
locationofgoogle_cloud_run_serviceso that modifying thelocationfield will recreate the resource rather than causing Terraform to report it would attempt an invalid update (#3998)
IMPROVEMENTS:
- provider: changed the default timeout for many resources to 20 minutes, the current Terraform default, where it was less than 20 minutes previously (#4002)
- redis: added
maintenance_policyandmaintenance_scheduletogoogle_redis_instance(#4010) - storage: added field
transfer_spec.aws_s3_data_source.role_arntogoogle_storage_transfer_job(#3999)
BUG FIXES:
- cloudrun: fixed a bug where changing the non-updatable
locationof agoogle_cloud_run_servicewould not force resource recreation (#3998) - compute: fixed a bug where
google_compute_firewallwould incorrectly findsource_rangesto be empty during validation (#4008) - notebooks: fixed permadiff in
google_notebooks_runtime.software_config(#3997)
BREAKING CHANGES:
- dlp: renamed the
characters_to_ignore.character_to_skipfield tocharacters_to_ignore.characters_to_skipingoogle_data_loss_prevention_deidentify_template. Any affected configurations will have been failing with an error at apply time already. (#3983)
FEATURES:
- New Resource:
google_network_connectivity_spoke(#3987)
IMPROVEMENTS:
- apigee: added
ip_rangefield togoogle_apigee_instance(#3989) - cloudrun: added support for
default_modeandmodesettings for created files withinsecretsingoogle_cloud_run_service(#3984) - compute: Added
share_settingsingoogle_compute_reservation(#3980)
BUG FIXES:
- all: Fixed operation polling to support custom endpoints. (#3986)
- cloudrun: Fixed permadiff in
google_cloud_run_service'stemplate.spec.service_account_name. (#3993) - dlp: Fixed typo in name of
characters_to_ignore.characters_to_skipfield forgoogle_data_loss_prevention_deidentify_template(#3983) - storagetransfer: fixed bug where
schedulewas required, but really it is optional. (#3995)
IMPROVEMENTS:
- compute: added
EXTERNAL_MANAGEDas option forload_balancing_schemeingoogle_compute_backend_serviceresource (#3975) - container: promoted
dns_configfield ofgoogle_container_clusterto GA (#3978) - monitoring: added
conditionMatchedLogandalertStrategyfields togoogle_monitoring_alert_policyresource (#3968)
BREAKING CHANGES:
- pubsub: changed
google_pubsub_schemaso that modifiying fields will recreate the resource rather than causing Terraform to report it would attempt an invalid update (#3933)
FEATURES:
- New Resource:
google_apigee_nat_address(#3941) - New Resource:
google_network_connectivity_hub(#3947)
IMPROVEMENTS:
- bigquery: added ability to create a table with both a schema and view simultaneously to
google_bigquery_table(#3950) - cloud_composer: Added support for Cloud Composer master authorized networks flag (#3937)
- container: Added field
identity_service_configtogoogle_container_cluster(#3957) - osconfig: Added daily os config patch deployments (#3945)
- storage: added configurable read timeout to
google_storage_bucket(#3938)
BUG FIXES:
- billingbudget: fixed a bug where
google_billing_budget.budget_filter.labelswas not updating. (#3932) - compute: fixed scenario where
region_instance_group_managerwould not start update ifwait_for_instanceswas set and initial status was notSTABLE(#3949) - healthcare: Added back
self_linkfunctionality which was accidentally removed in4.0.0release. (#3946) - pubsub: fixed update failure when attempting to change non-updatable resource
google_pubsub_schema(#3933) - storage: fixed a bug where
google_storage_bucket.lifecycle_rule.condition.days_since_custom_timewas not updating. (#3936) - vpcaccess: Added back
self_linkfunctionality which was accidentally removed in4.0.0release. (#3946)
FEATURES:
- New Data Source: google_container_aws_versions (#3928)
- New Data Source: google_container_azure_versions (#3928)
- New Resource: google_container_aws_cluster (#3928)
- New Resource: google_container_aws_node_pool (#3928)
- New Resource: google_container_azure_client (#3928)
- New Resource: google_container_azure_cluster (#3928)
- New Resource: google_container_azure_node_pool (#3928)
IMPROVEMENTS:
- bigquery: added the
return_table_typefield togoogle_bigquery_routine(#3922) - cloudbuild: added support for
available_secretstogoogle_cloudbuild_trigger(#3907) - cloudfunctions: added support for
min_instancestogoogle_cloudfunctions_function(#3904) - composer: added support for Private Service Connect by adding field
cloud_composer_connection_subnetworkingoogle_composer_environment(#3912) - compute: fixed bug where
google_compute_instance'scan_ip_forwardcould not be updated without recreating or restarting the instance. (#3920) - compute: added field
public_access_preventionto resourcebucket(#3919) - compute: added support for regional external HTTP(S) load balancer (#3916)
- privateca: added support for setting default values for basic constraints for
google_privateca_certificate,google_privateca_certificate_authority, andgoogle_privateca_ca_poolvia thenon_caandzero_max_issuer_path_lengthfields (#3902) - provider: enabled gRPC requests and response logging (#3910)
BUG FIXES:
- assuredworkloads: fixed a bug preventing
google_assured_workloads_workloadfrom being created in any region other than us-central1 (#3925)
DEPRECATIONS:
- filestore: deprecated
zoneongoogle_filestore_instancein favor oflocationto allow for regional instances (#3887)
FEATURES:
- New Resource:
google_os_config_os_policy_assignment(#3892) - New Resource:
google_recaptcha_enterprise_key(#3890)
IMPROVEMENTS:
- filestore: added support for
ENTERPRISEvalue ongoogle_filestore_instancetier(#3887) - privateca: added support for setting default values for basic constraints for
google_privateca_certificate,google_privateca_certificate_authority, andgoogle_privateca_ca_poolvia thenon_caandzero_max_issuer_path_lengthfields (#3902) - sql: added field
allocated_ip_rangeto resourcegoogle_sql_database_instance(#3897)
BUG FIXES:
- compute: fixed incorrectly failing validation for
INTERNAL_MANAGEDgoogle_compute_region_backend_service. (#3888) - compute: fixed scenario where
instance_group_managerwould not start update ifwait_for_instanceswas set and initial status was notSTABLE(#3893) - container: fixed the
ROUTESvalue for thenetworking_modefield ingoogle_container_cluster. A recent API change unintentionally changed the default to aVPC_NATIVEcluster, and removed the ability to create aROUTES-based one. Provider versions prior to this one will default toVPC_NATIVEdue to this change, and are unable to createROUTESclusters. (#3896)
FEATURES:
- New Data Source:
google_compute_router_status(#3859) - New Data Source:
google_folders(#3886) - New Resource:
google_notebooks_runtime(#3878) - New Resource:
google_vertex_ai_metadata_store(#3885)
IMPROVEMENTS
- apigee: Added IAM support for
google_apigee_environment. (#3871): - apigee: Added supported values for 'peeringCidrRange' in
google_apigee_instance. (#3880) - cloudbuild: added display_name and annotations to google_cloudbuild_worker_pool for compatibility with new GA. (#3873)
- container: added
node_grouptonode_configfor container clusters and node pools to support sole tenancy (#3881) - container: added
spotfield tonode_configsub-resource (#3863) - redis: Added Multi read replica field
replicaCount,nodes,readEndpoint,readEndpointPort,readReplicasModeingoogle_redis_instance(#3870)
BUG FIXES:
- essentialcontacts: marked updating
emailingoogle_essential_contacts_contactas requiring recreation (#3864) - privateca: fixed crlAccessUrls in
CertificateAuthority(#3861)
BUG FIXES:
- provider: reverted a requirement in v4.2.0 for Terraform 0.13 and above. This release should be compatible with Terraform 0.12.31
FEATURES:
- New Data Source:
google_compute_router_status(#3859)
IMPROVEMENTS:
- compute: added support for
queue_counttogoogle_compute_instance.network_interfaceandgoogle_compute_instance_template.network_interface(#3857)
BUG FIXES:
- all: fixed an issue where some documentation for new resources was not showing up in the GA provider if it was beta-only. (#3848)
- bigquery: fixed update failure when attempting to change non-updatable fields in
google_bigquery_routine. (#3849) - compute: fixed a bug that would cause
google_instance_from_machine_imageto fail with a resourceInUseByAnotherResource error (#3855) - compute: fixed a bug when
cache_modeis set to FORCE_CACHE_ALL ongoogle_compute_backend_bucket(#3858) - compute: fixed a perma-diff on
google_compute_region_health_checkwhenlog_config.enableis set to false (#3853) - servicedirectory: added support for vpc network configuration in
google_service_directory_endpoint. (#3856)
IMPROVEMENTS:
- compute: Added
bfdtogoogle_compute_router_peer(#3822) - container: added
gcfs_configtonode_configofgoogle_container_node_poolresource (#3828) - provider: added retries for the
resourceNotReadyerror returned when attempting to add resources to a recently-modified subnetwork (#3827) - pubsub: added
message_retention_durationfield togoogle_pubsub_topic(#3831)
BUG FIXES:
- apigee: fixed a bug where multiple
google_apigee_instance_attachmentcould not be used on the samegoogle_apigee_instance(#3838) - bigquery: fixed a bug following import where schema is empty on
google_bigquery_table(#3839) - billingbudget: fixed unable to provide
labelsongoogle_billing_budget(#3823) - compute: allowed
source_diskto accept full image path ongoogle_compute_snapshot(#3835) - compute: fixed a bug in
google_compute_firewallthat would cause changes insource_rangesto not correctly be applied (#3834) - logging: fixed a bug with updating
descriptionongoogle_logging_project_sink,google_logging_folder_sinkandgoogle_logging_organization_sink(#3826)
NOTES:
- compute: Google Compute Engine resources will now call the endpoint appropriate to the provider version rather than the beta endpoint by default (#3787)
- container: Google Kubernetes Engine resources will now call the endpoint appropriate to the provider version rather than the beta endpoint by default (#3788)
BREAKING CHANGES:
- appengine: marked
google_app_engine_standard_app_versionentrypointas required (#3784) - compute: removed the ability to specify the
trace-appendortrace-roas scopes ingoogle_compute_instance, usetraceinstead (#3759) - compute: changed
advanced_machine_featuresongoogle_compute_instance_templateto track changes when the block is undefined in a user's config (#3786) - compute: changed
source_rangesingoogle_compute_firewall_ruleto track changes when it is not set in a config file (#3791) - compute: changed the import / drift detection behaviours for
metadata_startup_script,metadata.startup-scriptingoogle_compute_instance. Now,metadata.startup-scriptwill be set by default, andmetadata_startup_scriptwill only be set if present. (#3765) - compute: removed
source_disk_linkfield fromgoogle_compute_snapshot(#3783) - container:
instance_group_urlshas been removed in favor ofnode_pool.instance_group_urls(#3796) - container: changed default for
enable_shielded_nodesto true forgoogle_container_cluster(#3773) - container: made
master_auth.client_certificate_configrequired (#3794) - container: removed
master_auth.usernameandmaster_auth.passwordfromgoogle_container_cluster(#3794) - container: removed
workload_metadata_configuration.node_metadatain favor ofworkload_metadata_configuration.modeingoogle_container_cluster(#3772) - container: removed the
workload_identity_config.0.identity_namespacefield fromgoogle_container_cluster, useworkload_identity_config.0.workload_poolinstead (#3776) - kms: removed
self_linkfield fromgoogle_kms_crypto_keyandgoogle_kms_key_ring(#3783) - project: removed ability to specify
bigquery-json.googleapis.com, the provider will no longer convert it as the upstream API migration is finished. Usebigquery.googleapis.cominstead. (#3751) - provider: changed
credentials,access_tokenprecedence so thatcredentialsvalues in configuration take precedence overaccess_tokenvalues assigned through environment variables (#3766) - provider: removed redundant default scopes. The provider's default scopes when authenticating with credentials are now exclusively "https://www.googleapis.com/auth/cloud-platform" and "https://www.googleapis.com/auth/userinfo.email". (#3756)
- pubsub: removed
pathfromgoogle_pubsub_subscription(#3777) - pubsub: removed
pathfield fromgoogle_pubsub_subscription(#3783) - resourcemanager: made
google_projectremoveorg_idandfolder_idfrom state when they are removed from config (#3754) - resourcemanager: changed the
projectfield toRequiredin allgoogle_project_iam_*resources (#3767) - sql: added drift detection to the following
google_sql_database_instancefields:activation_policy(defaultsALWAYS),availability_type(defaultsZONAL),disk_type(defaultsPD_SSD),encryption_key_name(#3778) - sql: changed the
database_versionfield toRequiredingoogle_sql_database_instanceresource (#3770) - sql: removed the following
google_sql_database_instancefields:authorized_gae_applications,crash_safe_replication,replication_type(#3778) - storage: removed
bucket_policy_onlyfromgoogle_storage_bucket(#3769) - storage: changed the
locationfield to required ingoogle_storage_bucket(#3771)
VALIDATION CHANGES:
- bigquery: at least one of
statement_timeout_ms,statement_byte_budget, orkey_result_statementis required ongoogle_bigquery_job.query.script_options.(#3752) - bigquery: exactly one of
query,load,copyorextractis required ongoogle_bigquery_job(#3752) - bigquery: exactly one of
source_tableorsource_modelis required ongoogle_bigquery_job.extract(#3752) - cloudbuild: exactly one of
branch_name,commit_shaortag_nameis required ongoogle_cloudbuild_trigger.build.source.repo_source(#3752) - compute: at least one of
fixed_delayorpercentageis required ongoogle_compute_url_map.default_route_action.fault_injection_policy.delay(#3752) - compute: at least one of
fixedorpercentis required ongoogle_compute_autoscaler.autoscaling_policy.scale_down_control.max_scaled_down_replicas(#3752) - compute: at least one of
fixedorpercentis required ongoogle_compute_autoscaler.autoscaling_policy.scale_in_control.max_scaled_in_replicas(#3752) - compute: at least one of
fixedorpercentis required ongoogle_compute_region_autoscaler.autoscaling_policy.scale_down_control.max_scaled_down_replicas(#3752) - compute: at least one of
fixedorpercentis required ongoogle_compute_region_autoscaler.autoscaling_policy.scale_in_control.max_scaled_in_replicas(#3752) - compute: at least one of
max_scaled_down_replicasortime_window_secis required ongoogle_compute_autoscaler.autoscaling_policy.scale_down_control(#3752) - compute: at least one of
max_scaled_down_replicasortime_window_secis required ongoogle_compute_region_autoscaler.autoscaling_policy.scale_down_control(#3752) - compute: at least one of
max_scaled_in_replicasortime_window_secis required ongoogle_compute_autoscaler.autoscaling_policy.scale_in_control.0.(#3752) - compute: at least one of
max_scaled_in_replicasortime_window_secis required ongoogle_compute_region_autoscaler.autoscaling_policy.scale_in_control.0.(#3752) - compute: required one of
source_tags,source_rangesorsource_service_accountson INGRESSgoogle_compute_firewallresources (#3750) - dlp: at least one of
start_timeorend_timeis required ongoogle_data_loss_prevention_trigger.inspect_job.storage_config.timespan_config(#3752) - dlp: exactly one of
urlorregex_file_setis required ongoogle_data_loss_prevention_trigger.inspect_job.storage_config.cloud_storage_options.file_set(#3752) - resourcemanager: added conflict between
org_id,folder_idat plan time ingoogle_project(#3754) - osconfig: at least one of
linux_exec_step_configorwindows_exec_step_configis required ongoogle_os_config_patch_deployment.patch_config.post_step(#3752) - osconfig: at least one of
linux_exec_step_configorwindows_exec_step_configis required ongoogle_os_config_patch_deployment.patch_config.pre_step(#3752) - osconfig: at least one of
reboot_config,apt,yum,goozypper,windows_update,pre_steporpre_stepis required ongoogle_os_config_patch_deployment.patch_config(#3752) - osconfig: at least one of
security,minimal,excludesorexclusive_packagesis required ongoogle_os_config_patch_deployment.patch_config.yum(#3752) - osconfig: at least one of
type,excludesorexclusive_packagesis required ongoogle_os_config_patch_deployment.patch_config.apt(#3752) - osconfig: at least one of
with_optional,with_update,categories,severities,excludesorexclusive_patchesis required ongoogle_os_config_patch_deployment.patch_config.zypper(#3752) - osconfig: exactly one of
classifications,excludesorexclusive_patchesis required ongoogle_os_config_patch_deployment.inspect_job.patch_config.windows_update(#3752) - spanner: at least one of
num_nodesorprocessing_unitsis required ongoogle_spanner_instance(#3752)
IMPROVEMENTS:
- container: added
managed_instance_group_urlstogoogle_container_node_poolto replaceinstance_group_urlsongoogle_container_cluster(#3815) - kms: added support for EKM to
google_kms_crypto_key.protection_level(#3763) - project: added support for
billing_projectongoogle_project_service(#3768) - spanner: increased the default timeout on
google_spanner_instanceoperations from 4 minutes to 20 minutes, significantly reducing the likelihood that resources will time out (#3789)
BUG FIXES:
- bigquery: fixed a bug of cannot add required fields to an existing schema on
google_bigquery_table(#3781) - compute: fixed a bug in updating multiple
ttlfields ongoogle_compute_backend_bucket(#3757) - compute: fixed a perma-diff on
subnetworkwhen it is optional ongoogle_compute_network_endpoint_group(#3780) - compute: fixed perma-diff bug on
log_config.enableof bothgoogle_compute_backend_serviceandgoogle_compute_region_backend_service(#3760) - compute: fixed the
google_compute_instance_group_manager.update_policy.0.min_ready_secfield so that updating it to0works (#3810) - compute: fixed the
google_compute_region_instance_group_manager.update_policy.0.min_ready_secfield so that updating it to0works (#3810) - spanner: fixed the schema for
data.google_spanner_instanceso that non-configurable fields are considered outputs (#3804)