FEATURES:
- New Data Source:
google_firebase_hosting_channel
(#13686) - New Data Source:
google_logging_sink
(#13742) - New Data Source:
google_sql_databases
(#13738)
IMPROVEMENTS:
- cloudbuild: added
bitbucket_server_trigger_config
field togoogle_cloudbuild_trigger
resource (#13728) - cloudbuild: added
github.enterprise_config_resource_name
field togoogle_cloudbuild_trigger
resource (#13739) - compute: added field
rsa_encrypted_key
togoogle_compute_disk
resource (#13685) - sql: added replica promotion support to
google_sql_database_instance
. This change will allow users to promote read replica as stand alone primary instance. (#13682)
BUG FIXES:
- bigquery: fixed permadiff on
max_time_travel_hours
ofgoogle_bigquery_dataset
(#13691) - compute: added possibility to remove
stateful_disk
incompute_instance_group_manager
andcompute_region_instance_group_manager
. (#13737) - sql: fixed an issue with updating the
settings.activation_policy
field ingoogle_sql_database_instance
(#13736)
BUG FIXES:
- provider: fixed crash when trying to configure the provider with invalid credentials
FEATURES:
- New Resource:
google_apigee_addons_config
(#13654) - New Resource:
google_alloydb_backup
(#13639) - New Resource:
google_alloydb_cluster
(#13639) - New Resource:
google_alloydb_instance
(#13639) - New Resource:
google_compute_region_target_tcp_proxy
(#13640) - New Resource:
google_firestore_database
(#13675) - New Resource:
google_workstations_workstation_cluster
(#13619)
IMPROVEMENTS:
- compute: added
resource_policies
field togoogle_compute_instance_template
(#13677) - compute: added the
labels
field to thegoogle_compute_external_vpn_gateway
resource (#13642) - datastream: added
postgresql_source_config
&oracle_source_config
ingoogle_datastream_stream
(#13646) - datastream: added support for creating
google_datastream_stream
withdesired_state=RUNNING
(#13646) - datastream: exposed validation errors during
google_datastream_stream
creation (#13646) - firebase: marked
deletion_policy
as updatable without recreation ongoogle_firebase_android_app
andgoogle_firebase_apple_app
(#13643) - sql: added
enable_private_path_for_google_cloud_services
field togoogle_sql_database_instance
resource (#13668) - vertex_ai: added the field
description
togoogle_vertex_ai_featurestore_entitytype
(#13641)
BUG FIXES:
- composer: fixed an issue with cleaning up environments created in an error state (#13644)
- compute: fixed wrong maximum limit description for possible VPC MTUs (#13674)
- datafusion: fixed
version
can't be updated ongoogle_data_fusion_instance
(#13658)
FEATURES:
- New Data Source:
google_secret_manager_secret_version_access
(#13605) - New Resource:
google_workstations_workstation_cluster
(#13619)
IMPROVEMENTS:
- bigquery: added support for federated Azure identities to BigQuery Omni connections. (#13614)
- bigquery: added
cloud_spanner.use_serverless_analytics
field (#13588) - bigquery: added
cloud_sql.service_account_id
andazure.identity
output fields (#13588) - compute: added
locality_lb_policies
field togoogle_compute_backend_service
(#13604) - sql: updated the
settings.deletion_protection_enabled
property documentation. (#13581) - sql: made
root_password
field updatable ingoogle_sql_database_instance
(#13574)
BUG FIXES:
- cloudfunctions: updated max_instances field to take API's result as default value (#13575)
- container: fixed an issue with resuming failed cluster creation (#13580)
- gke: fixed the error of Invalid address to set on
config_connector_config
of the data sourcegoogle_container_cluster
(#13566) - secretmanager: fixed incorrect required_with for topics in
google_secret_managed_secret
(#13612)
DEPRECATIONS:
- cloudrunv2: deprecated
liveness_probe.tcp_socket
field fromgoogle_cloud_run_v2_service
resource as it is not supported by the API and it will be removed in a future major release (#13563) - cloudrunv2: deprecated
startup_probe
andliveness_probe
fields fromgoogle_cloud_run_v2_job
resource as they are not supported by the API and they will be removed in a future major release (#13531)
FEATURES:
- New Resource:
google_iam_access_boundary_policy
(#13565) - New Resource:
google_tags_location_tag_bindings
(#13524)
IMPROVEMENTS:
- cloudbuild: added
github_enterprise_config
fields togoogle_cloudbuild_trigger
resource. (#13518) - cloudrunV2: added
annotations
togoogle_cloud_run_v2_service
resource (#13509) - compute: added
tcp_time_wait_timeout_sec
field togoogle_compute_router_nat
resource (#13554) - compute: added
share_settings
field to thegoogle_compute_node_group
resource. (#13522) - containerattached: added
deletion_policy
field togoogle_container_attached_cluster
resource. (#13551) - datastream: added
customer_managed_encryption_key
anddestination_config.bigquery_destination_config.source_hierarchy_datasets.dataset_template.kms_key_name
fields togoogle_datastream_stream
resource (#13549) - dlp: added
publish_findings_to_cloud_data_catalog
andpublish_summary_to_cscc
togoogle_data_loss_prevention_job_trigger
resource (#13562) - sql: added point_in_time_recovery_enabled for SQLServer in
google_sql_database_instance
(#13555) - spanner: added support for IAM conditions with
google_spanner_database_iam_member
andgoogle_spanner_instance_iam_member
(#13556) - sql: added additional fields to
google_sql_source_representation_instance
(#13523)
BUG FIXES:
- bigquery: fixed bug where valid iam member values for bigquery were prevented from actuation by validation (#13520)
- bigquery: fixed permadiff on
external_data_configuration.connection_id
ofgoogle_bigquery_table
(#13560) - gke: fixed the error of Invalid address to set on
config_connector_config
of the data sourcegoogle_container_cluster
(#13566) - google_project: fixes misleading examples that could cause
firebase:enabled
label to be accidentally removed. (#13552)
FEATURES:
- New Data Source:
google_compute_network_peering
(#13476) - New Data Source:
google_compute_router_nat
(#13475) - New Resource:
google_cloud_run_v2_job_iam_binding
(#13492) - New Resource:
google_cloud_run_v2_job_iam_member
(#13492) - New Resource:
google_cloud_run_v2_job_iam_policy
(#13492) - New Resource:
google_cloud_run_v2_service_iam_binding
(#13492) - New Resource:
google_cloud_run_v2_service_iam_member
(#13492) - New Resource:
google_cloud_run_v2_service_iam_policy
(#13492) - New Resource:
google_gke_backup_backup_plan_iam_binding
(#13508) - New Resource:
google_gke_backup_backup_plan_iam_member
(#13508) - New Resource:
google_gke_backup_backup_plan_iam_policy
(#13508)
IMPROVEMENTS:
- bigquery_table - added
reference_file_schema_uri
(#13493) - billingbudget: made fields
credit_types
andsubaccounts
updatable forgoogle_billing_budget
(#13466) - cloudrunV2: added
annotations
toCloudRunV2_service
resource (#13509) - composer: added
recovery_config
ingoogle_composer_environment
resource (#13504) - compute: added support for 'edge_security_policy' field to 'google_compute_backend_service' resource. (#13494)
- compute: added
max_run_duration
field togoogle_compute_instance
andgoogle_compute_instance_template
resource (beta) (#13489) - dataproc: added support for
dataproc_metric_config
to resourcegoogle_dataproc_cluster
(#13480) - dlp: added all subfields under
deidentify_template.record_transformations.field_transformations.primitive_transformation
togoogle_data_loss_prevention_deidentify_template
(#13498) - sql: changed the default create timeout of
google_sql_database_instance
to 40m from 30m (#13481)
BUG FIXES:
- certificatemanager: removed incorrect indication that the
self_managed
field ingoogle_certificate_manager_certificate
was treated as sensitive, and markedself_managed.pem_private_key
as sensitive (#13505) - cloudplatform: fixed the error with header
X-Goog-User-Project
ongoogle_client_openid_userinfo
(#13474) - cloudsql: fixed
disk_type
can't be updated ongoogle_sql_database_instance
(#13483) - vertexai: fixed updating value_type in google_vertex_ai_featurestore_entitytype_feature (#13491)
FEATURES:
- New Data Source:
google_project_service
(#13434) - New Data Source:
google_sql_database_instances
(#13433) - New Data Source:
google_container_attached_install_manifest
(#13443) - New Data Source:
google_container_attached_install_manifest
(#13455) - New Data Source:
google_container_attached_versions
(#13443) - New Resource:
google_datastream_stream
(#13385)
IMPROVEMENTS:
- android_app: added general fields
sha1_hashes
,sha256_hashes
andetag
togoogle_firebase_android_app
. (#13444) - cloudids: added
threat_exception
field togoogle_cloud_ids_endpoint
resource (#13442) - compute: added deletion for
statefulIps
fields ininstance_group_manager
andregion_instance_group_manager
. (#13428) - compute: added field
expire_time
to resourcegoogle_compute_region_ssl_certificate
(#13392) - compute: added field
expire_time
to resourcegoogle_compute_ssl_certificate
(#13392) - container: added
release_channel_latest_version
ingoogle_container_engine_versions
datasource (#13384) - container: added
google_container_aws_node_pool
autoscaling_metrics_collection
field (#13462) - container: added update support for
google_container_aws_node_pool
tags
field (#13462) - container: added
config_connector_config
addon field togoogle_container_cluster
(#13380) - container: added
kubelet_config
field togoogle_container_node_pool
(#13423) - dataproc: added support for
node_group_affinity.
ingoogle_dataproc_cluster
(#13400) - dataproc: added support for
reservation_affinity
ingoogle_dataproc_cluster
(#13393) - dlp: added field
identifying_fields
tobig_query_options
for creating DLP jobs. (#13463) - metastore: added
telemetry_config
field togoogle_dataproc_metastore_service
(#13432) - sql: added the ability to set
point_in_time_recovery_enabled
flag forgoogle_sql_database_instance
SQLSERVER
instances (#13454) - sql: added
instance_type
field togoogle_sql_database_instance
resource (#13406) - vertexai: added
scaling
field ingoogle_vertex_ai_featurestore
(#13458)
BUG FIXES:
- android_app: modified the
package_name
field suffix to always start with a letter ingoogle_firebase_android_app
. (#13444) - bigqueryconnection: fixed a bug where
aws.access_role.iam_role_id
cannot be updated ongoogle_bigquery_connection
(#13460) - cloudplatform: fixed a bug where
google_folder
deletion would fail to handle async operations (#13377) - container: fixed a bug preventing updates to
master_global_access_config
ingoogle_container_cluster
(#13383) - spanner: fixed crash when
google_spanner_database.ddl
item was nil (#13441)
FEATURES:
- New Data Source:
google_beyondcorp_app_connection
(#13336) - New Data Source:
google_beyondcorp_app_connector
(#13305) - New Data Source:
google_beyondcorp_app_gateway
(#13305) - New Data Source:
google_cloudbuild_trigger
(#13329) - New Data Source:
google_compute_instance_group_manager
(#13297) - New Data Source:
google_firebase_apple_app
(#13239) - New Data Source:
google_pubsub_subscription
(#13296) - New Data Source:
google_sql_database
(#13376) - New Resource:
google_apigee_sync_authorization
(#13324) - New Resource:
google_beyondcorp_app_connection
(#13318) - New Resource:
google_container_attached_cluster
(#13374) - New Resource:
google_dns_managed_zone_iam_*
(#13304) - New Resource:
google_gke_backup_backup_plan
(#13359) - New Resource:
google_iam_workforce_pool_provider
(#13299) - New Resource:
google_iam_workforce_pool
(#13299)
IMPROVEMENTS:
- cloudfunctions2: added
available_cpu
andmax_instance_request_concurrency
to support concurrency ingoogle_cloudfunctions2_function
resource (#13315) - compute: added support for local IP ranges in
google_compute_firewall
(#13240) - compute: added
router_appliance_instance
field togoogle_compute_router_bgp_peer
(#13373) - compute: added support for
generated_id
field ingoogle_compute_backend_service
to get the value ofid
defined by the server (#13242) - compute: added support for
image_encryption_key
togoogle_compute_image
(#13253) - compute: added support for
source_snapshot
,source_snapshot_encyption_key
, andsource_image_encryption_key
togoogle_compute_instance_template
(#13253) - container: promoted
google_container_node_pool.placement_policy
to GA (#13372) - container: added
gateway_api_config
block togoogle_container_cluster
resource for supporting the gke gateway api controller (#13233) - container: supported in-place update for
labels
ingoogle_container_node_pool
(#13284) - dataproc: added support for
SPOT
option forpreemptibility
ingoogle_dataproc_cluster
(#13335) - dlp: added field
deidentify_config.record_transformations.field_transformations
togoogle_data_loss_prevention_deidentify_template
(#13282) - dlp: added field
deidentify_config.record_transformations.record_suppressions
togoogle_data_loss_prevention_deidentify_template
(#13300) - dlp: added
version
field togoogle_data_loss_prevention_inspect_template
resource (#13366) - osconfig: added support for
skip_await_rollout
ingoogle_os_config_os_policy_assignment
(#13340) - sql: added new deletion protection feature
deletion_protection_enabled
ingoogle_sql_database_instance
to guard against deletion from all surfaces (#13249) - sql: made
settings.sql_server_audit_config.bucket
field ingoogle_sql_database_instance
to be optional. (#13252) - storagetransfer: supported in-place update for
schedule
ingoogle_storage_transfer_job
(#13262)
BUG FIXES:
- bigquery: fixed a permadiff on
labels
ofgoogle_bigquery_dataset
when it is referenced ingoogle_dataplex_asset
(#13333) - compute: fixed a permadiff on
private_ip_google_access
ofgoogle_compute_subnetwork
(#13244) - compute: fixed an issue where
enable_dynamic_port_allocation
was not able to set tofalse
ingoogle_compute_router_nat
(#13243) - container: fixed a permadiff on
location_policy
ofgoogle_container_cluster
andgoogle_container_node_pool
(#13283) - identityplatform: fixed issues with
google_identity_platform_config
creation (#13301) - resourcemanager: fixed the
google_project
datasource silently returning empty results when the project was not found or not in the ACTIVE state. Now, an error will be surfaced instead. (#13358) - sql: fixed
sql_database_instance
leaking root users (#13258)
NOTES:
- sql: fixed an issue where
google_sql_database
was abandoned by default as of version4.45.0
. Users who have upgraded to4.45.0
or4.46.0
will see a diff when running their nextterraform apply
after upgrading this version, indicating thedeletion_policy
field's value has changed from"ABANDON"
to"DELETE"
. This will create a no-op call against the API, but can otherwise be safely applied. (#13226)
FEATURES:
IMPROVEMENTS:
- bigtable: added
deletion_protection
field togoogle_bigtable_table
(#13232) - compute: made
google_compute_subnetwork.ipv6_access_type
field updatable in-place (#13211) - container: added
auto_provisioning_defaults.cluster_autoscaling.upgrade_settings
ingoogle_container_cluster
(#13199) - container: added
gateway_api_config
block togoogle_container_cluster
resource for supporting the gke gateway api controller (#13233) - container: promoted
gke_backup_agent_config
ingoogle_container_cluster
to GA (#13223) - container: promoted
min_cpu_platform
ingoogle_container_cluster
to GA (#13199) - datacatalog: added update support for
fields
ingoogle_data_catalog_tag_template
(#13216) - iam: Added plan-time validation for IAM members (#13203)
- logging: added
bucket_name
field togoogle_logging_metric
(#13210) - logging: made
metric_descriptor
field optional forgoogle_logging_metric
(#13225)
BUG FIXES:
- composer: fixed a crash when updating
ip_allocation_policy
ofgoogle_composer_environment
(#13188) - sql: fixed an issue where
google_sql_database
was abandoned by default as of version4.45.0
. Users who have upgraded to4.45.0
or4.46.0
will see a diff when running their nextterraform apply
after upgrading this version, indicating thedeletion_policy
field's value has changed from"ABANDON"
to"DELETE"
. This will create a no-op call against the API, but can otherwise be safely applied. (#13226)
FEATURES:
- New Data Source:
google_firebase_android_app
(#13186) - New Resource:
google_cloud_run_v2_job
(#13154) - New Resource:
google_cloud_run_v2_service
(#13166) - New Resource:
google_gke_backup_backup_plan
(beta) (#13176) - New Resource: google_firebase_storage_bucket (#13183)
IMPROVEMENTS:
- network_services: added
origin_override_action
andorigin_redirect
togoogle_network_services_edge_cache_origin
(#13153) - bigquerydatatransfer: recreate
google_bigquery_data_transfer_config
for Cloud Storage transfers when immutable paramsdata_path_template
anddestination_table_name_template
are changed (#13137) - compute: Added fields to resource
google_compute_security_policy
to support Cloud Armor bot management (#13159) - container: Added support for concurrent node pool mutations on a cluster. Previously, node pool mutations were restricted to run synchronously clientside. NOTE: While this feature is supported in Terraform from this release onwards, only a limited number of GCP projects will support this behavior initially. The provider will automatically process mutations concurrently as the feature rolls out generally. (#13173)
- container: promoted
managed_prometheus
field ingoogle_container_cluster
to GA (#13150) - metastore: added general field
network_config
togoogle_dataproc_metastore_service
(#13184) - storage: added support for
autoclass
ingoogle_storage_bucket
resource (#13185)
BUG FIXES:
- alloydb: made
machine_config.cpu_count
updatable ongoogle_alloydb_instance
(#13144) - composer: fixed a crash when updating
ip_allocation_policy
ofgoogle_composer_environment
(#13188) - container: fixed GKE permadiff/thrashing when
update_settings. max_surge
orupdate_settings. max_unavailable
values are updating ongoogle_container_node_pool
(#13171) - datastream: fixed
google_datastream_private_connection
ignoring failures during creation (#13160) - kms: fixed issues with deleting crypto key versions in states other than ENABLED (#13167)
FEATURES:
- New Data Source:
google_logging_project_cmek_settings
(#13078) - New Resource:
google_vertex_ai_tensorboard
(#13065) - New Resource:
google_data_fusion_instance_iam_binding
(#13134) - New Resource:
google_data_fusion_instance_iam_member
(#13134) - New Resource:
google_data_fusion_instance_iam_policy
(#13134) - New Resource:
google_eventarc_google_channel_config
(#13080) - New Resource:
google_vertex_ai_index
(#13132)
IMPROVEMENTS:
- bigquerydatatransfer: forced recreation on
google_bigquery_data_transfer_config
for Cloud Storage transfers when immutable paramsdata_path_template
anddestination_table_name_template
are changed (#13137) - bigtable: added support for abandoning GC policy (#13066)
- cloudsql: added
connector_enforcement
field togoogle_sql_database_instance
resource (#13059) - compute: added
default_route_action.cors_policy
field togoogle_compute_region_url_map
resource (#13063) - compute: added
default_route_action.fault_injection_policy
field togoogle_compute_region_url_map
resource (#13063) - compute: added
default_route_action.timeout
field togoogle_compute_region_url_map
resource (#13063) - compute: added
default_route_action.url_rewrite
field togoogle_compute_region_url_map
resource (#13063) - compute: added
include_http_headers
field to thecdn_policy
field ofgoogle_compute_backend_service
resource (#13093) - compute: added field
list_managed_instances_results
togoogle_compute_instance_group_manager
andgoogle_compute_region_instance_group_manager
(#13079) - compute: added subnetwork and private_ip_address arguments to resource_compute_router_interface (#13105)
- container: added
resource_labels
field tonode_config
resource (#13104) - container: added field
enable_private_nodes
innetwork_config
togoogle_container_node_pool
(#13128) - container: added field
gcp_public_cidrs_access_enabled
andprivate_endpoint_subnetwork
togoogle_container_cluster
(#13128) - container: added update support for
enable_private_endpoint
andenable_private_nodes
ingoogle_container_cluster
(#13128) - container: promoted
network_config
ingoogle_container_node_pool
to GA. (#13128) - datafusion: added
api_endpoint
andp4_service_account
attributes togoogle_data_fusion_instance
(#13134) - datafusion: added
zone
,display_name
,crypto_key_config
,event_publish_config
, andenable_rbac
args togoogle_data_fusion_instance
(#13134) - logging: added
cmek_settings
field togoogle_logging_project_bucket_config
resource (#13078) - sql: added 'deny_maintenance_period' field for 'google_sql_database_instance' within which 'end_date', 'start_date' and 'time' fields are present. (#13106)
- sql: added field
deletion_policy
to resourcegoogle_sql_database
(#13107)
BUG FIXES:
- compute: fixed a crash with
google_compute_instance_template
on a newly released field whenadvanced_machine_features
was set (#13108) - compute: fixed a failure in updating
most_disruptive_allowed_action
ongoogle_compute_per_instance_config
andgoogle_compute_region_per_instance_config
(#13067) - compute: fixed the error when
metadata
andmachine_type
are updated whilemetadata_startup_script
was already provided ongoogle_compute_instance
(#13077) - container: fixed the inability to update
authenticator_groups_config
ongoogle_container_cluster
(#13111) - container: fixed the data source
google_container_cluster
to return an error if it does not exist (#13070) - sql: fixed
googe_sql_database_instance
to includebackup_configuration
in initial create request (#13092) - storage: fixed permdiff when
website
,website.main_page_suffix
,website.not_found_page
are removed ongoogle_storage_bucket
(#13069)
BUG FIXES:
- compute: fixed a crash with
google_compute_instance_template
on a newly released field whenadvanced_machine_features
was set (#13108)
FEATURES:
- New Resource:
google_alloydb_instance
(#12981) - New Resource:
google_beyondcorp_app_connector
(#13011) - New Resource:
google_beyondcorp_app_gateway
(#13011) - New Resource:
google_compute_network_firewall_policy_association
(#13013) - New Resource:
google_compute_network_firewall_policy_rule
(#13031) - New Resource:
google_compute_network_firewall_policy
(#12969) - New Resource:
google_compute_region_network_firewall_policy_association
(#13013) - New Resource:
google_compute_region_network_firewall_policy_rule
(#13031) - New Resource:
google_compute_region_network_firewall_policy
(#12969) - New Resource:
google_eventarc_channel
(#13021) - New Resource:
google_firebase_apple_app
(#13047) - New Resource:
google_firebase_hosting_channel
(#13053) - New Resource:
google_firebase_hosting_site
(#12960) - New Resource:
google_kms_crypto_key_versions
(#12926) - New Resource:
google_storage_transfer_agent_pool
(#12945) - New Resource:
google_identity_platform_project_default_config
(#12977)
IMPROVEMENTS:
- bigquery: supported authorized routines on resource
bigquery_dataset
andbigquery_dataset_access
(#12979) - cloudidentity: made security label settable by making labels updatable in
google_cloud_identity_groups
(#12943) - cloudsql: added
connector_enforcement
field togoogle_sql_database_instance
resource (#13059) - compute: added optional
redundant_interface
argument togoogle_compute_router_interface
resource (#13032) - compute: added
default_route_action.request_mirror_policy
field togoogle_compute_region_url_map
resource (#13030) - compute: added
default_route_action.retry_policy
field togoogle_compute_region_url_map
resource (#13030) - compute: added
default_route_action.weighted_backend_services
field togoogle_compute_region_url_map
resource (#13030) - compute: modified machine_type field in compute instance resource to accept short name. (#12965)
- compute: added
visible_core_count
field togoogle_compute_instance
(#13043) - container: added
enable_l4_ilb_subsetting
to GAgoogle_container_cluster
(#12988) - container: added
node_config.logging_variant
togoogle_container_node_pool
. (#13049) - container: added
node_pool_defaults.node_config_defaults.logging_variant
,node_pool.node_config.logging_variant
, andnode_config.logging_variant
togoogle_container_cluster
. (#13049) - container: added support for Shielded Instance configuration for node auto-provisioning to
google_container_cluster
(#12930) - container: added management attribute to the
google_container_cluster
resource (#12987) - container: added field
blue_green_settings
togoogle_container_node_pool
(#12984) - container: added field
strategy
togoogle_container_node_pool
(#12984) - container: added support for additional values
APISERVER
,CONTROLLER_MANAGER
, andSCHEDULER
ingoogle_container_cluster.monitoring_config
(#12978) - datafusion: added
enable_rbac
field togoogle_data_fusion_instance
resource (#12992) - dlp: added fields
rows_limit
,rows_limit_percent
, andsample_method
tobig_query_options
ingoogle_data_loss_prevention_job_trigger
(#12980) - dlp: added pubsub action to
google_data_loss_prevention_job_trigger
(#12929) - dns: added
gke_clusters
field togoogle_dns_managed_zone
resource (#13048) - dns: added
gke_clusters
field togoogle_dns_response_policy
resource (#13048) - eventarc: added field
channel
togoogle_eventarc_trigger
(#13021) - gkehub: added
mesh
field andmanagement
subfield to resourcefeature_membership
(#13012) - networkservices: added
aws_v4_authentication
field togoogle_network_services_edge_cache_origin
to support S3-compatible Origins (#13020) - networkservices: added
signed_token_options
andadd_signatures
field togoogle_network_services_edge_cache_service
andvalidation_shared_keys
togoogle_network_services_edge_cache_keyset
to support dual-token authentication (#13041) - sql: added
query_plan_per_minute
field toinsights_config
ingoogle_sql_database_instance
resource (#12951) - vertexai: added fields to
vertex_ai_featurestore_entitytype
to support feature value monitoring (#12983)
BUG FIXES:
- apigee: fixed permadiff on
consumer_accept_list
forgoogle_apigee_instance
(#13037) - appengine: fixed permadiff on
serviceaccount
for 'google_app_engine_flexible_app_version' (#12982) - bigtable: updated ForceNew logic for
kms_key_name
(#13018) - bigtable: updated the error handling logic to remove the resource on resource not found error only (#12953)
- billingbudget: fixed a bug where
budget_filter.credit_types_treatment
ingoogle_billing_budget
resource was not updating. (#12947) - cloudbuild: fixed a failure when BITBUCKET is provided for
repo_type
ongoogle_cloudbuild_trigger
(#13027) - cloudids: fixed
endpoint_forwarding_rule
andendpoint_ip
attributes forgoogle_cloud_ids_endpoint
(#12957) - compute: fixed perma-diff on
google_compute_disk
for new amd64 images (#12961) - compute: made
target_https_proxy
possible to setssl_certificates
andcertificate_map
ingoogle_compute_target_https_proxy
at the same time (#12950) - container: fixed a bug where
cluster_autoscaling.auto_provisioning_defaults.service_account
can not be set whenenable_autopilot = true
forgoogle_container_cluster
(#13024) - dialogflowcx: fixed a deployment issue for
google_dialogflow_cx_version
andgoogle_dialogflow_cx_environment
when they are deployed to a non-global location (#13014) - dns: fixed apply failure when
description
is set to empty string ongoogle_dns_managed_zone
(#12948) - provider: fixed a crash during provider authentication for certain environments (#13056)
- storage: fixed a crash when
log_bucket
is updated with empty body ongoogle_storage_bucket
(#13058) - vertexai: made google_vertex_ai_featurestore_entitytype always use regional endpoint corresponding to parent's region (#12959)
FEATURES:
- New Resource:
google_kms_crypto_key_version
(#12926)
BUG FIXES:
- storage: fixed a crash in
google_storage_bucket
when upgrading provider to version4.42.0
withlifecycle_rule.condition.age
unset (#12922)
FEATURES:
- New Data Source:
google_compute_addresses
(#12829) - New Data Source:
google_compute_region_network_endpoint_group
(#12849) - New Resource:
google_alloydb_cluster
(#12772) - New Resource:
google_bigquery_analytics_hub_data_exchange_iam
(#12845) - New Resource:
google_bigquery_analytics_hub_data_exchange
(#12845) - New Resource:
google_bigquery_analytics_hub_listing_iam
(#12845) - New Resource:
google_bigquery_analytics_hub_listing
(#12845) - New Resource:
google_iam_workforce_pool
(#12863) - New Resource:
google_monitoring_generic_service
(#12796) - New Resource:
google_scc_source_iam_binding
(#12840) - New Resource:
google_scc_source_iam_member
(#12840) - New Resource:
google_scc_source_iam_policy
(#12840) - New Resource:
google_vertex_ai_endpoint
(#12858) - New Resource:
google_vertex_ai_featurestore_entitytype_feature
(#12797) - New Resource:
google_vertex_ai_featurestore_entitytype
(#12797) - New Resource:
google_vertex_ai_featurestore
(#12797)
IMPROVEMENTS:
- appengine: added
member
field togoogle_app_engine_default_service_account
datasource (#12768) - bigquery: added
max_time_travel_hours
field ingoogle_bigquery_dataset
resource (#12830) - bigquery: added
member
field togoogle_bigquery_default_service_account
datasource (#12768) - cloudbuild: added
script
field togoogle_cloudbuild_trigger
resource (#12841) - cloudplatform: validated
project_id
forgoogle_project
data-source (#12846) - compute: added
source_disk
field togoogle_compute_disk
andgoogle_compute_region_disk
resource (#12779) - compute: added general field
rules
togoogle_compute_router_nat
(#12815) - container: added support for in-place update of
node_config.0.tags
forgoogle_container_node_pool
resource (#12773) - container: added support for the Disk type and size configuration on the GKE Node Auto-provisioning (#12786)
- container: promote
enable_cost_allocation
field ingoogle_container_cluster
to GA (#12866) - datastream: added
private_connectivity
field togoogle_datastream_connection_profile
(#12844) - dns: added
enable_geo_fencing
torouting_policy
block ofgoogle_dns_record_set
resource (#12859) - dns: added
health_checked_targets
towrr
andgeo
blocks ofgoogle_dns_record_set
resource (#12859) - dns: added
primary_backup
torouting_policy
block ofgoogle_dns_record_set
resource (#12859) - firebase: added deletion support and new field
deletion_policy
forgoogle_firebase_web_app
(#12812) - privateca: added a new field
skip_grace_period
to skip the grace period when deleting a CertificateAuthority. (#12784) - serviceaccount: added
member
field togoogle_service_account
resource and datasource (#12768) - sql: added
time_zone
field ingoogle_sql_database_instance
(#12760) - storage: added
member
field togoogle_storage_project_service_account
andgoogle_storage_transfer_project_service_account
datasource (#12768) - storage: promoted
public_access_prevention
field ongoogle_storage_bucket
resource to GA (#12766) - vpcaccess: promoted
machine_type
,min_instances
,max_instances
, andsubnet
ingoogle_vpc_access_connector
to GA (#12838)
BUG FIXES:
- compute: made
vm_count
ingoogle_compute_resource_policy
optional (#12807) - container: fixed inability to update
datapath_provider
ongoogle_container_cluster
by making field changes trigger resource recreation (#12887) - pubsub: ensured topics are recreated when their schemas change. (#12806)
- redis: updated
persistence_config.rdb_snapshot_period
to optional in thegoogle_redis_instance
resource. (#12872)
KNOWN ISSUES:
- container: This release introduced a new field,
node_config.0.guest_accelerator.0.gpu_sharing_config
, to an https://www.terraform.io/language/attr-as-blocks field (node_config.0.guest_accelerator
). As detailed on the linked page, this may cause issues for modules and/or formats other than HCL.
BREAKING CHANGES:
- sql: updated
google_sql_user.sql_server_user_details
to be read only. Any configuration attempting to set this field is invalid and will cause the provider to fail during plan time. (#12742)
FEATURES:
- New Resource:
google_cloud_ids_endpoint
(#12744)
IMPROVEMENTS:
- appengine: added support for
service_account
field togoogle_app_engine_standard_app_version
resource (#12732) - bigquery: added
avro_options
field togoogle_bigquery_table
resource (#12750) - compute: added
node_config.0.guest_accelerator.0.gpu_sharing_config
field togoogle_container_node_pool
resource (#12733) - datafusion: added
crypto_key_config
field togoogle_data_fusion_instance
resource (#12737) - filestore: removed constraint that forced multiple
google_filestore_instance
creations to occur serially (#12753)
BUG FIXES:
- kms: fixed apply failure when
google_kms_crypto_key
is removed after its versions were destroyed earlier (#12752) - monitoring: fixed a bug causing a perma-diff in
google_monitoring_alert_policy
whencross_series_reducer
was set to "REDUCE_NONE" (#12741)
FEATURES:
- New Data Source:
google_cloudfunctions2_function
(#12673) - New Data Source:
google_compute_snapshot
(#12671) - New Resource:
google_compute_region_target_tcp_proxy
(#12715) - New Resource:
google_identity_platform_config
(#12665) - New Resource:
google_bigquery_datapolicy_data_policy
(#12725) - New Resource:
google_bigquery_datapolicy_data_policy_iam_binding
(#12725) - New Resource:
google_bigquery_datapolicy_data_policy_iam_member
(#12725) - New Resource:
google_bigquery_datapolicy_data_policy_iam_policy
(#12725) - New Resource:
google_org_policy_custom_constraint
(#12691)
IMPROVEMENTS:
- bigqueryreservation: added
concurrency
andmultiRegionAuxiliary
togoogle_bigquery_reservation
(#12687) - bigtable: added additional retry GC policy operations with a longer poll interval to avoid quota issues (#12717)
- bigtable: improved error messaging (#12707)
- compute: added support for
compression_mode
field ingoogle_compute_backend_bucket
andgoogle_compute_backend_service
(#12674) - datastream: added field
bigquery_profile
togoogle_datastream_connection_profile
(#12693) - dns: added field
cloud_logging_config
togoogle_dns_managed_zone
(#12675) - metastore: added support
BIGQUERY
as a value inmetastore_type
forgoogle_dataproc_metastore_service
(#12724) - storage: added
custom_placement_config
field togoogle_storage_bucket
resource to support custom dual-region GCS buckets (#12723) - sql: added
password_policy
field togoogle_sql_user
resource (#12668)
BUG FIXES:
- storage: fixed a bug where user specified labels get overwritten by Dataplex auto generated labels (#12694)
- storagetransfer: fixed a bug in
google_storagetransfer_job
refreshes whentransfer_schedule
was empty (#12704)
FEATURES:
- New Data Source:
google_artifact_registry_repository
(#12637) - New Resource:
google_identity_platform_config
(#12665)
IMPROVEMENTS:
- certificatemanager: added public/private PEM fields
pem_certificate
/pem_private_key
and deprecatedcertificate_pem
/private_key_pem
(#12664) - clouddeploy: added
serial_pipeline.stages.strategy
field togoogle_clouddeploy_delivery_pipeline
(#12619) - container: added
notification_config.pubsub.filter
field togoogle_container_cluster
(#12643) - eventarc: added
channels
andconditions
fields togoogle_eventarc_trigger
(#12619) - healthcare: added
notification_configs
field togoogle_healthcare_fhir_store
resource (#12646) - iap: added ability to import
google_iap_brand
using ID using {{project}}/{{brand_id}} format (#12633) - secretmanager: added output field 'version' to resource 'secret_manager_secret_version' (#12658)
- sql: added
maintenance_version
andavailable_maintenance_versions
fields togoogle_sql_database_instance
resource (#12659) - storagetransfer: added
notification_config
field togoogle_storage_transfer_job
resource (#12625) - tags: added
purpose
andpurpose_data
properties togoogle_tags_tag_key
(#12649)
BUG FIXES:
- bigquery: fixed a bug where
allow_quoted_newlines
andallow_jagged_rows
could not be set to false ongoogle_bigquery_table
(#12627) - cloudfunction: fixed inability to update
docker_repository
andkms_key_name
ongoogle_cloudfunctions_function
(#12662) - compute: fixed inability to manage Cloud Armor
adaptive_protection_config
ongoogle_compute_security_policy
(#12661) - iam: fixed diffs between
policy_data
fromgoogle_iam_policy
data source and policy data in API responses (#12652) - iam: fixed permadiff resulting from empty fields being sent in requests to set conditional IAM policies (#12653)
- secretmanager: fixed a bug where
google_secret_manager_secret_version
that was destroyed outside of Terraform would not be recreated on apply (#12644) - storagetransfer: fixed a crash in
google_storagetransfer_job
whentransfer_schedule
is empty (#12704)
FEATURES:
- New Data Source:
google_vpc_access_connector
(#12580) - New Resource:
google_datastream_private_connection
(#12574)
IMPROVEMENTS:
- appengine: Added
egress_setting
for fieldvpc_access_connector
togoogle_app_engine_standard_app_version
(#12606) - bigquery: added
json_extension
field to theload
block ofgoogle_bigquery_job
resource (#12597) - cloudfunctions: Added
build_worker_pool
togoogle_cloudfunctions_function
(#12591) - compute: added
json_custom_config
field togoogle_compute_security_policy
resource (#12611) - redis: Added support
persistence_config
field togoogle_redis_instance
resource. (#12569) - storage: added support for
overwriteWhen
field totransfer_options
ingoogle_storage_transfer_job
resource (#12573)
BUG FIXES:
- bigtable: added drift detection on
gc_rules
forgoogle_bigtable_gc_policy
(#12568) - compute: fixed the inability to update
most_disruptive_allowed_action
for bothgoogle_compute_per_instance_config
andgoogle_compute_region_per_instance_config
(#12566) - container: fixed allow passing empty list to
monitoring_config
andlogging_config
ingoogle_container_cluster
(#12605) - sql: fixed a bug causing a perma-diff on
disk_type
due to API values being downcased (#12567) - storage: fixed the inability to set 0 for
lifecycle_rule.condition.age
ongoogle_storage_bucket
(#12593)
FEATURES:
- New Resource:
google_apigee_nat_address
(#12536) - New Resource:
google_dialogflow_cx_webhook
(#12498) - New Resource:
google_filestore_snapshot
(#12490)
IMPROVEMENTS:
- apigee: added read-only field
connection_state
togoogle_apigee_endpoint_attachment
(#12500) - bigtable: added support for
autoscaling_config.storage_target
togoogle_bigtable_instance
(#12510) - cloudbuild: added support for
BITBUCKET
option togit_source.repo_type
ingoogle_cloudbuild_trigger
(#12542) - dns: added in validation for trailing dot at end of DNS record name (#12521)
- project: added validation for field
project_id
ingoogle_project
datasource. (#12553) - serviceaccount: added
expires_in
attribute for generatingexp
claim togoogle_service_account_jwt
datasource (#12539)
BUG FIXES:
- notebooks: fixed perma-diff in
google_notebooks_instance
(#12493) - privateca: fixed an issue that blocked subordinate CA data sources when
state
was notAWAITING_USER_ACTIVATION
(#12511) - storage: fixed permdiff on the field
versioning
ofgoogle_storage_bucket
(#12495)
FEATURES:
- New Resource:
google_datastream_connection_profile
(#12475)
IMPROVEMENTS:
- appengine: added field
service_account
togoogle_app_engine_flexible_app_version
(#12463) - bigtable: increased timeout in
google_bigtable_table
creation. (#12468) - cloudbuild: added
location
field togoogle_cloudbuild_trigger
resource (#12450) - compute: added
certificate_map
tocompute_target_ssl_proxy
resource (#12467) - compute: added field
chain_name
togoogle_compute_resource_policy.snapshot_properties
(#12481) - compute: added field
chain_name
to resourcegoogle_compute_snapshot
(#12481) - container: added
autoscaling.total_min_node_count
,autoscaling.total_max_node_count
, andautoscaling.location_policy
togoogle_container_cluster.node_pool
(#12453) - container: added field
node_pool_defaults
toresource_container_cluster
. (#12452) - dataproc: added option
shielded_instance_config
to resourcegoogle_dataproc_workflow_template
. (#12451) - metastore: extended default timeouts for
google_dataproc_metastore_service
from 40m to 60m (#12462) - pubsub: made
google_pubsub_subscription.enable_exactly_once_delivery
mutable so that it updates subscription without recreation. (#12438)
IMPROVEMENTS:
- apigee: added support for
nodeConfig
ingoogle_apigee_environment
(#12394) - apigee: added a
properties
field togoogle_apigee_organization
(#12433) - cloudfunctions2: added
secret_environment_variables
andsecret_volumes
togoogle_cloudfunctions2_function
(#12417) - compute: added support for param
visible_core_count
ingoogle_compute_instance
andgoogle_compute_instance_template
underadvanced_machine_features
(#12404) - compute: added support documentation links to error messages for certain Compute Operation errors. (#12418)
- container: added
service_external_ips_config
support tocluster_container
resource. (#12415) - container: added
enable_cost_allocation
togoogle_container_cluster
(#12416) - dns: added
behavior
field togoogle_dns_response_policy_rule
resource (#12407) - monitoring: added
force_delete
field togoogle_monitoring_notification_channel
resource (#12414)
BUG FIXES:
- compute: fixed the
id
format of the data sourcegoogle_compute_instance
(#12405)
NOTES:
- updated Bigtable go client version from 1.13 to 1.16. (#12349)
IMPROVEMENTS:
- apigee: added support for specifying retention when deleting
google_apigee_organization
(#12336) - appengine: added
app_engine_apis
field togoogle_app_engine_standard_app_version
resource (#12339) - cloudfunction2: promoted to
google_cloudfunctions2_function
ga (#12322) - compute: improved error messaging for compute errors (#12333)
- container: added general field
reservation_affinity
togoogle_container_node_pool
(#12375) - container: added field
auto_provisioning_network_tags
togoogle_container_cluster
(beta) (#12347) - sql: added support for major version upgrade to
google_sql_database_instance
resource (#12338)
BUG FIXES:
- bigtable: fixed comparing column family name when reading a GC policy. (#12381)
- bigtable: passed
isTopeLevel
in getGCPolicyFromJSON() instead of hardcoding it to true. (#12351) - composer: corrected the description of
image_version
field. (#12329)
FEATURES:
- New Resource:
google_cloudfunctions2_function
(#12322)
IMPROVEMENTS:
- container: added update support for
authenticator_groups_config
ingoogle_container_cluster
(#12310) - dataflow: added ability to import
google_dataflow_job
(#12316) - dns: added
managed_zone_id
attribute togoogle_dns_managed_zone
data source (#12312) - monitoring: added
accepted_response_status_codes
tomonitoring_uptime_check
(#12313) - sql: added
password_validation_policy
field togoogle_cloud_sql
resource (#12320)
BUG FIXES:
- bigquery: removed force replacement for
display_name
ongoogle_bigquery_data_transfer_config
(#12311) - compute: fixed permadiff for
instance_termination_action
ingoogle_compute_instance_template
(#12309)
NOTES:
- Updated to Golang 1.18 (#12246)
FEATURES:
- New Resource:
google_dataplex_asset
(#12210) - New Resource:
google_gke_hub_membership_iam_binding
(#12280) - New Resource:
google_gke_hub_membership_iam_member
(#12280) - New Resource:
google_gke_hub_membership_iam_policy
(#12280)
IMPROVEMENTS:
- certificatemanager: added
state
,authorization_attempt_info
andprovisioning_issue
output fields togoogle_certificate_manager_certificate
(#12224) - compute: added
certificate_map
tocompute_target_https_proxy
resource (#12227) - compute: added validation for name field on
google_compute_network
(#12271) - compute: made
port
optional ingoogle_compute_network_endpoint
to allow network endpoints to be associated withGCE_VM_IP
network endpoint groups (#12267) - container: added support for additional values
APISERVER
,CONTROLLER_MANAGER
, andSCHEDULER
ingoogle_container_cluster.monitoring_config
(#12247) - gkehub: added
monitoring
andmutation_enabled
fields to resourcefeature_membership
(#12265) - gkehub: added better support for import for
google_gke_hub_membership
(#12207) - pubsub: added
bigquery_config
togoogle_pubsub_subscription
(#12216) - scheduler: added
paused
field togoogle_cloud_scheduler_job
(#12190) - scheduler: added
state
output field togoogle_cloud_scheduler_job
(#12190)
BUG FIXES:
- apigee: fixed an issue where
google_apigee_instance
creation would fail due to multiple concurrent instances (#12289) - billingbudget: fixed a bug where
google_billing_budget.budget_filter.services
was not updating. (#12270) - compute: fixed perma-diff on
google_compute_disk
for new arm64 images (#12184) - dataflow: fixed bug where permadiff would show on
google_dataflow_job.additional_experiments
(#12268) - storage: fixed a bug in
google_storage_bucket
wherename
was incorrectly validated. (#12248)
FEATURES:
- New Resource:
google_dataplex_zone
(#12146)
IMPROVEMENTS:
- bucket: added support for
matches_prefix
andmatches_suffix
incondition
of alifecycle_rule
ingoogle_storage_bucket
(#12175) - compute: added
network
andsubnetwork
fields togoogle_compute_region_network_endpoint_group
for PSC. (#12176) - container: added field
boot_disk_kms_key
toauto_provisioning_defaults
ingoogle_container_cluster
(#12173) - notebooks: added
bootDiskType
support forPD_EXTREME
ingoogle_notebooks_instance
(#12181) - notebooks: added
softwareConfig.upgradeable
,softwareConfig.postStartupScriptBehavior
,softwareConfig.kernels
ingoogle_notebooks_runtime
(#12181) - notebooks: promoted
nicType
andreservationAffinity
ingoogle_notebooks_instance
to GA (#12181) - storage: added name validation for
google_storage_bucket
(#12183)
BUG FIXES:
- Cloud IAM: fixed incorrect basePath for
IAMBetaBasePathKey
ongoogle_iam_workload_identity_pool
(ga) (#12145) - compute: fixed perma-diff on
google_compute_disk
for new arm64 images (#12184) - dns: fixed a bug where
google_dns_record_set
would create an inconsistent plan when using interpolated values inrrdatas
(#12157) - kms: fixed setting of resource id post-import for
google_kms_crypto_key
(#12164) - provider: fixed a bug where user-agent was showing "dev" rather than the provider version (#12137)
FEATURES:
- New Data Source:
google_service_account_jwt
(#12107) - New Resource:
google_certificate_map_entry
(#12127) - New Resource:
google_certificate_map
(#12127)
IMPROVEMENTS:
- billingbudget: made
thresholdRules
optional ingoogle_billing_budget
(#12087) - compute: added
instance_termination_action
field togoogle_compute_instance_template
resource to support Spot VM termination action (#12105) - compute: added
instance_termination_action
field togoogle_compute_instance
resource to support Spot VM termination action (#12105) - compute: added
request_coalescing
andbypass_cache_on_request_headers
fields tocompute_backend_bucket
(#12098) - compute: added support for
esp
protocol ingoogle_compute_packet_mirroring.filters.ip_protocols
(#12118) - compute: promoted
rules.rate_limit_options
,rules.redirect_options
,adaptive_protection_config
incompute_security_policy
to GA (#12085) - dataproc: promoted
lifecycle_config
andendpoint_config
ingoogle_dataproc_cluster
to GA (#12129) - monitoring: added
evaluation_missing_data
field togoogle_monitoring_alert_policy
(#12128) - notebooks: added
reserved_ip_range
field togoogle_notebooks_runtime
(#12113)
BUG FIXES:
- bigtable: fixed an incorrect diff when adding two or more clusters (#12109)
- compute: allowed properly updating
adaptive_protection_config
incompute_security_policy
(#12085) - notebooks: fixed a bug where
google_notebooks_runtime
can't be updated (#12113) - sql: fixed an issue in
google_sql_database_instance
where updates would fail because of thecollation
field (#12131)
FEATURES:
- New Resource:
google_artifact_registry_repository_iam_binding
(#12063) - New Resource:
google_artifact_registry_repository_iam_member
(#12063) - New Resource:
google_artifact_registry_repository_iam_policy
(#12063) - New Resource:
google_artifact_registry_repository
(#12063) - New Resource:
google_iam_workload_identity_pool_provider
(#12065) - New Resource:
google_iam_workload_identity_pool
(#12065) - New Resource:
google_cloudiot_registry_iam_binding
(#12036) - New Resource:
google_cloudiot_registry_iam_member
(#12036) - New Resource:
google_cloudiot_registry_iam_policy
(#12036) - New Resource:
google_compute_snapshot_iam_binding
(#12028) - New Resource:
google_compute_snapshot_iam_member
(#12028) - New Resource:
google_compute_snapshot_iam_policy
(#12028) - New Resource:
google_dataproc_metastore_service
(#12026)
IMPROVEMENTS:
- container: added
binauthz_evaluation_mode
field toresource_container_cluster
. (#12035) - dataproc: added Support for Dataproc on GKE in
google_dataproc_cluster
(#12076) - dataproc: added
metastore_config
ingoogle_dataproc_cluster
(#12040) - metastore: add
databaseType
,releaseChannel
, andhiveMetastoreConfig.endpointProtocol
arguments (#12026) - sql: added attribute "encryption_key_name" to
google_sql_database_instance
resource. (#12039)
BUG FIXES:
- bigquery: fixed case-sensitive for
user_by_email
andgroup_by_email
ongoogle_bigquery_dataset_access
(#12029) - clouddeploy: fixed permadiff on
execution_configs
ingoogle_clouddeploy_target
resource (#12033) - cloudscheduler: fixed a diff on the last slash of uri on
google_cloud_scheduler_job
(#12027) - compute: fixed force recreation on
provisioned_iops
ofgoogle_compute_disk
(#12058) - compute: fixed missing
network_interface.0.ipv6_access_config.0.external_ipv6
output ongoogle_compute_instance
(#12072) - documentai: fixed a bug where eu region could not be utilized for documentai resources (#12074)
- gkehub: fixed a bug where
issuer
can't be updated ongoogle_gke_hub_membership
(#12073)
FEATURES:
- New Resource: google_bigquery_connection_iam_binding (#12004)
- New Resource: google_bigquery_connection_iam_member (#12004)
- New Resource: google_bigquery_connection_iam_policy (#12004)
- New Resource: google_cloud_tasks_queue_iam_binding (#11987)
- New Resource: google_cloud_tasks_queue_iam_member (#11987)
- New Resource: google_cloud_tasks_queue_iam_policy (#11987)
- New Resource: google_dataproc_autoscaling_policy_iam_binding (#12008)
- New Resource: google_dataproc_autoscaling_policy_iam_member (#12008)
- New Resource: google_dataproc_autoscaling_policy_iam_policy (#12008)
- New Resource: monitoring: Promoted 'monitoredproject' to GA (#11974)
IMPROVEMENTS:
- bigquery: fixed a permadiff in
google_bigquery_job.query. destination_table
(#11936) - billing: added
calendar_period
andcustom_period
fields togoogle_billing_budget
(#11993) - cloudsql: added attribute
project
to data sourcegoogle_sql_backup_run
(#11938) - composer: added CMEK, PUPI and IP_masq_agent support for Composer 2 in
google_composer_environment
resource (#11994) - compute: added
max_ports_per_vm
field togoogle_compute_router_nat
resource (#11933) - compute: added
GCE_VM_IP
support togoogle_compute_network_endpoint_group
resource. (#11997) - compute: promoted
disk_encryption_key.kms_key_name
ongoogle_compute_region_disk
(#11976) - container: promoted
gce_persistent_disk_csi_driver_config
addon ingoogle_container_cluster
resource to GA (#11999) - container: promoted
notification_config
anddns_cache_config
ongoogle_container_cluster
(#11944) - privateca: added support to subordinate CA activation (#11980)
- redis: added CMEK key field
customer_managed_key
ingoogle_redis_instance
(#11998) - spanner: added field
version_retention_period
togoogle_spanner_database
resource (#11982) - sql: added
settings.location_preference.secondary_zone
field ingoogle_sql_database_instance
(#11996) - sql: added
sql_server_audit_config
field ingoogle_sql_database_instance
(#11941)
BUG FIXES:
- composer: fixed a problem with updating Cloud Composer's
scheduler_count
field (hashicorp#11940) (#11951) - composer: fixed permadiff on
private_environment_config.cloud_composer_connection_subnetwork
(#11954) - container: fixed an issue where
node_config.min_cpu_platform
could cause a perma-diff ingoogle_container_cluster
(#11986) - filestore: fixed a case where
google_filestore_instance.networks.network
would incorrectly see a diff between state and config when the networkid
format was used (#11995)
IMPROVEMENTS:
- clouddeploy: added
suspend
field togoogle_clouddeploy_delivery_pipeline
resource (#11914) - compute: added maxPortsPerVm field to
google_compute_router_nat
resource (#11933) - compute: added
psc_connection_id
andpsc_connection_status
output fields togoogle_compute_forwarding_rule
andgoogle_compute_global_forwarding_rule
resources (#11892) - containeraws: made
config.instance_type
field updatable ingoogle_container_aws_node_pool
(#11892)
BUG FIXES:
- compute: fixed default handling for
enable_dynamic_port_allocation
to be managed by the api (#11887) - vertexai: Fixed a bug where terraform crashes when
force_destroy
is set ingoogle_vertex_ai_featurestore
resource (#11928)
FEATURES:
- New Resource:
google_cloudfunctions2_function_iam_binding
(#11853) - New Resource:
google_cloudfunctions2_function_iam_member
(#11853) - New Resource:
google_cloudfunctions2_function_iam_policy
(#11853) - New Resource:
google_documentai_processor
(#11879) - New Resource:
google_documentai_processor_default_version
(#11879)
IMPROVEMENTS:
- accesscontextmanager: Added
external_resources
toegress_to
ingoogle_access_context_manager_service_perimeter
andgoogle_access_context_manager_service_perimeters
resource (#11857) - cloudbuild: Added
include_build_logs
togoogle_cloudbuild_trigger
(#11866) - composer: Promoted
config.privately_used_public_ips
andconfig.ip_masq_agent
ingoogle_composer_environment
resource to GA. (#11849)
BUG FIXES:
- dns: fixed a bug where
google_dns_record_set
resource can not be changed from default routing to Geo routing policy. (#11872)
IMPROVEMENTS:
- bigquery: added
connection_id
toexternal_data_configuration
forgoogle_bigquery_table
(#11836) - composer: promoted
config.master_authorized_networks_config
ingoogle_composer_environment
resource to GA. (#11810) - compute: added
advanced_options_config
togoogle_compute_security_policy
(#11809) - compute: added
cache_key_policy
field togoogle_compute_backend_bucket
resource (#11791) - compute: added
include_named_cookies
tocdn_policy
oncompute_backend_service
resource (#11818) - compute: added internal IPv6 support on
google_compute_network
andgoogle_compute_subnetwork
(#11842) - container: added
spot
field tonode_config
sub-resource (#11796) - monitoring: added support for JSONPath content matchers to
google_monitoring_uptime_check_config
resource (#11829) - monitoring: added support for
user_labels
ingoogle_monitoring_slo
resource (#11833 - sql: added
sql_server_user_details
field togoogle_sql_user
resource (#11834)
BUG FIXES:
- certificatemanager: fixed bug where
DEFAULT
scope would permadiff and force replace the certificate. (#11811) - dns: fixed perma-diff for updated labels in
google_dns_managed_zone
(#11846) - storagetransfer: fixed perm diff on transfer_options for
google_storage_transfer_job
(#11812)
IMPROVEMENTS:
- compute: added
cache_key_policy
field togoogle_compute_backend_bucket
resource (#11791)
FEATURES:
- New Data Source:
google_tags_tag_key
(#11753) - New Data Source:
google_tags_tag_value
(#11753) - New Resource:
google_dataplex_lake
(#11769)
IMPROVEMENTS:
- bigqueryconnection: updated connection types to support v1 ga (#11728)
- cloudfunctions: added docker registry support for Cloud Functions (#11729)
- memcache: added
maintenance_policy
andmaintenance_schedule
togoogle_memcache_instance
(#11759)
BUG FIXES:
- binaryauthorization: fixed permadiff in
google_binary_authorization_attestor
(#11731) - service: added re-polling for service account after creation, 404s sometimes due to eventual consistency (#11749)
FEATURES:
- New Resource:
google_bigquery_connection
(#11701) - New Resource:
google_certificate_manager_certificate
(#11685) - New Resource:
google_certificate_manager_dns_authorization
(#11685) - New Resource:
google_clouddeploy_delivery_pipeline
(#11658) - New Resource:
google_clouddeploy_target
(#11658)
IMPROVEMENTS:
- bigquery: Added connection of type cloud_resource for
google_bigquery_connection
(#11701) - cloudfunctions: added
https_trigger_security_level
togoogle_cloudfunctions_function
(#11672) - cloudrun: added
traffic.tag
andtraffic.url
fields togoogle_cloud_run_service
(#11641) - compute: Added
enable_dynamic_port_allocation
togoogle_compute_router_nat
(#11707) - compute: added field
update_policy.most_disruptive_allowed_action
togoogle_compute_instance_group_manager
andgoogle_compute_region_instance_group_manager
(#11640) - compute: added support for NEG type
PRIVATE_SERVICE_CONNECT
inNetworkEndpointGroup
(#11687) - compute: added support for
domain_names
attribute ingoogle_compute_service_attachment
(#11702) - compute: added value
REFRESH
to field update_policy.minimal_actionin
google_compute_instance_group_managerand
google_compute_region_instance_group_manager` (#11640) - container: added field
exclusion_options
togoogle_container_cluster
(#11662) - monitoring: Added
checker_type
field togoogle_monitoring_uptime_check_config
resource (#11686) - privateca: add a new field
desired_state
to manage CertificateAuthority state. (#11638) - sql: added
active_directory_config
field ingoogle_sql_database_instance
(#11678) - sql: removed requirement that Cloud SQL Insight is only allowed for Postgres in
google_sql_database_instance
(#11699)
BUG FIXES:
- compute: fixed extra diffs generated on
google_security_policy
rules
when modifying a rule (#11656) - container: fixed Autopilot cluster couldn't omit master ipv4 cidr in
google_container_cluster
(#11639) - resourcemanager: fixed a bug in wrongly writing to state when creation failed on
google_project_organization_policy
(#11676) - storage: not specifying
content
orsource
forgoogle_storage_bucket_object
now fails at plan-time instead of apply-time. (#11663)
IMPROVEMENTS:
- cloudfunctions: added CMEK support for Cloud Functions (#11627)
- compute: added
service_directory_registrations
togoogle_compute_forwarding_rule
resource (#11635) - compute: removed validation checking against a fixed set of persistent disk types (#11630)
- container: removed validation checking against a fixed set of persistent disk types (#11630)
- containeraws: added
proxy_config
togoogle_container_aws_node_pool
resource (#11635) - containerazure: added
proxy_config
togoogle_container_azure_node_pool
resource (#11635) - dataproc: removed validation checking against a fixed set of persistent disk types (#11630)
- dns: added
routing_policy
togoogle_dns_record_set
resource (#11610)
BUG FIXES:
- compute: fixed a crash in
google_compute_instance
when the instance is deleted outside of Terraform (#11602) - provider: removed printing credentials to the console if malformed JSON is given (#11614)
NOTES:
google_privateca_certificate_authority
resources now cannot be destroyed unlessdeletion_protection = false
is set in state for the resource. (#11551)
FEATURES:
- New Data Source:
google_compute_disk
(#11584)
IMPROVEMENTS:
- apigee: added
consumer_accept_list
andservice_attachment
togoogle_apigee_instance
. (#11595) - compute: added
provisioning_model
field togoogle_compute_instance_template
andgoogle_compute_instance
resources to support Spot VM (#11552) - privateca: added
deletion_protection
forgoogle_privateca_certificate_authority
. (#11551) - privateca: added new output fields on
google_privateca_certificate
includingissuer_certificate_authority
,pem_certificate_chain
andcertificate_description.x509_description
(#11553) - redis: added multi read replica field
read_replicas_mode
andsecondary_ip_range
ingoogle_redis_instance
(#11592)
BUG FIXES:
- compute: fixed a crash when
compute.instance
is not found (#11602) - provider: removed printing credentials to the console if malformed JSON is given (#11599)
- sql: fixed bug where
encryption_key_name
was not being propagated to the API. (#11601)
IMPROVEMENTS:
- cloudbuild: made
CLOUD_LOGGING_ONLY
available as a cloud build logging option. (#11511) - compute: added
redirect_options
field forgoogle_compute_security_policy
rules (#11492) - compute: added
FIXED_STANDARD
andSTANDARD
as valid values to the fieldnetwork_interface.0.access_configs.0.network_tier
ofgoogle_compute_instance_template
resource (#11536) - compute: added
FIXED_STANDARD
andSTANDARD
as valid values to the fieldnetwork_interface.0.access_configs.0.network_tier
ofgoogle_compute_instance
resource (#11536) - filestore: added
kms_key_name
field togoogle_filestore_instance
resource to support CMEK (#11493) - filestore: promoted enterprise features to GA (#11493)
- logging: made
google_logging_*_bucket_config
deletable (#11538) - notebooks: updated
container_images
ongoogle_notebooks_runtime
to default to the value returned by the API if not set (#11491) - provider: modified request retry logic to retry all per-minute quota limits returned with a 403 error code. Previously, only read requests were retried. This will generally affect Google Compute Engine resources. (#11508)
BUG FIXES:
- bigquery: fixed a bug where
encryption_configuration.kms_key_name
stored the version rather than the key name. (#11496) - compute: fixed url_mask required mis-annotation in
google_compute_region_network_endpoint_group
, making it optional (#11517) - spanner: fixed escaping of database names with Postgres dialect in
google_spanner_database
(#11518)
FEATURES:
- New Resource:
google_privateca_certificate_template_iam_binding
(#11464) - New Resource:
google_privateca_certificate_template_iam_member
(#11464) - New Resource:
google_privateca_certificate_template_iam_policy
(#11464)
IMPROVEMENTS:
- bigtable: added
gc_rules
togoogle_bigtable_gc_policy
resource. (#11481) - dialogflow: added support for location based dialogflow resources (#11470)
- metastore: added support for encryption_config during service creation. (#11468)
- privateca: added support for update on CertificateAuthority and Certificate (#11476)
BUG FIXES:
- apigee: updated mutex on google_apigee_instance_attachment to lock on org_id. (#11467)
- vpcaccess: fixed an issue where
google_vpc_access_connector
would be repeatedly recreated whennetwork
was not specified (#11469)
FEATURES:
- New Data Source:
google_access_approval_folder_service_account
(#11407) - New Data Source:
google_access_approval_organization_service_account
(#11407) - New Data Source:
google_access_approval_project_service_account
(#11407) - New Resource:
google_access_context_manager_access_policy_iam_binding
(#11409) - New Resource:
google_access_context_manager_access_policy_iam_member
(#11409) - New Resource:
google_access_context_manager_access_policy_iam_policy
(#11409) - New Resource:
google_endpoints_service_consumers_iam_binding
(#11372) - New Resource:
google_endpoints_service_consumers_iam_member
(#11372) - New Resource:
google_endpoints_service_consumers_iam_policy
(#11372) - New Resource:
google_iam_deny_policy
(#11446)
IMPROVEMENTS:
- access approval: added
active_key_version
,ancestor_has_active_key_version
, andinvalid_key_version
fields togoogle_folder_access_approval_settings
,google_organization_access_approval_settings
, andgoogle_project_access_approval_settings
resources (#11407) - access context manager: added support for scoped policies in
google_access_context_manager_access_policy
(#11409) - apigee: added
deployment_type
andapi_proxy_type
togoogle_apigee_environment
(#11405) - bigtable: updated the examples to show users can create all 3 different flavors of AppProfile (#11394)
- cloudbuild: added
approval_config
togoogle_cloudbuild_trigger
(#11375) - composer: added support for
airflow-1
andairflow-2
aliases in image version argument (#11422) - dataflow: added
skip_wait_on_job_termination
attribute togoogle_dataflow_job
andgoogle_dataflow_flex_template_job
resources (issue #10559) (#11452) - dataproc: added
presto_config
todataproc_job
(#11393) - healthcare: added support V3 parser version for Healthcare HL7 stores. (#11430)
- healthcare: added support for
ANALYTICS_V2
andLOSSLESS
BigQueryDestination schema types togoogle_healthcare_fhir_store
(#11426) - os-config: added field
migInstancesAllowed
to resourceos_config_patch_deployment
(#11447) - privateca: added support for IAM conditions to CaPool (#11392)
- pubsub: added
enable_exactly_once_delivery
togoogle_pubsub_subscription
(#11384) - spanner: added support for setting database_dialect on
google_spanner_database
(#11363)
BUG FIXES:
- redis: fixed an issue where older redis instances had a dangerous diff on the field
read_replicas_mode
, adding a default ofREAD_REPLICAS_DISABLED
. Now, if the field is not set in config, the value of the field will keep the old value from state. (#11420) - tags: fixed issue where tags could not be applied sequentially to the same parent in
google_tags_tag_binding
(#11442)
NOTE: We're marked a change in this release as a BREAKING CHANGE
to indicate that the change may cause undesirable behavior for users in some circumstances. This is done to increase visibility on the change, which otherwise would have been marked under the BUG FIXES
category, and it is not believed to be a change that breaks the backwards compatibility of the provider requiring a major version change.
BREAKING CHANGES:
- composer: made the
google_composer_environment.config.software_config.image_version
field immutable as updating this field is only available in beta. (#11309)
FEATURES:
- New Resource:
google_firebaserules_release
(#11297) - New Resource:
google_firebaserules_ruleset
(#11297)
IMPROVEMENTS:
- apigee: added field
billing_type
(#11285) - bigtable: added support for
autoscaling_config
togoogle_bigtable_instance
(#11344) - composer: Added support for
composer-1
andcomposer-2
aliases in image version argument (#11296) - compute: added support for attaching a
edge_security_policy
togoogle_compute_backend_bucket
(#11350) - compute: added support for field
type
togoogle_compute_security_policy
(#11350) - eventarc: added gke and workflows destination for eventarc trigger resource. (#11347)
- networkservices: added
included_cookie_names
to cache key policy configuration (#11333) - redis: added read replica field
replicaCount
,nodes
,readEndpoint
,readEndpointPort
,readReplicasMode
ingoogle_redis_instance
(#11330) - spanner: added support for setting database_dialect on
google_spanner_database
(#11363) - storagetransfer: added
repeat_interval
field togoogle_storage_transfer_job
resource (#11328)
BUG FIXES:
- apikeys: fixed a bug where
google_apikeys_key.key_string
was not being set. (#11308) - container: fixed a bug where
google_container_cluster.authenticator_groups_config
could not be set in tandem withenable_autopilot
(#11310) - iam: fixed an issue where special identifiers
allAuthenticatedUsers
andallUsers
were flattened to lower case in IAM members. (#11359) - logging: fixed bug where
google_logging_project_bucket_config
would erroneously write to state after it errored out and wasn't actually created. (#11314) - monitoring: fixed a permadiff when
google_monitoring_uptime_check_config.http_check.path
does not begin with "/" (#11301) - osconfig: fixed a bug where
recurring_schedule.time_of_day
can not be set to 12am exact time ingoogle_os_config_patch_deployment
resource (#11293) - storage: fixed a bug where
google_storage_bucket
data source would retry for 20 min when bucket was not found. (#11295) - storage: fixed bug where
google_storage_transfer_job
that was deleted outside of Terraform would not be recreated on apply. (#11307)
FEATURES:
- New Resource: google_logging_log_view (#11282)
IMPROVEMENTS:
- apigee: added
billing_type
attribute togoogle_apigee_organization
resource. (#11285) - networkservices: added
disable_http2
property togoogle_network_services_edge_cache_service
resource (#11258) - networkservices: updated
google_network_services_edge_cache_origin
resource to read and write thetimeout
property, including a newread_timeout
field. (#11277) - networkservices: updated
google_network_services_edge_cache_origin
to retry_conditions to includeFORBIDDEN
(#11277)
BUG FIXES:
- dataproc: fixed a crash when
logging_config
only containsnil
entry ingoogle_dataproc_workflow_template
(#11280) - sql: fixed crash when one of
settings.database_flags
is nil. (#11279)
FEATURES:
- New Resource:
google_bigqueryreservation_assignment
(#11215) - New Resource:
google_apikeys_key
(#11249)
IMPROVEMENTS:
- artifactregistry: added maven config for
google_artifact_registry_repository
(#11246) - cloudbuild: added support for manual builds, git source for webhook/pubsub triggered builds and filter field (#11219)
- composer: added support for Private Service Connect by adding
cloud_composer_connection_subnetwork
field ingoogle_composer_environment
(#11223) - container: added support for gvnic to
google_container_node_pool
(#11240) - dataproc: added
preemptibility
field to thepreemptible_worker_config
ofgoogle_dataproc_cluster
(#11230) - serviceusage: supported
force
behavior for deleting consumer quota override (#11205)
BUG FIXES:
- dataproc: fixed a crash when
logging_config
only containsnil
entry ingoogle_dataproc_job
(#11232)
FEATURES:
- New Resource:
google_apigee_endpoint_attachment
(#11157) - New Datasource:
google_dns_record_set
(#11180) - New Datasource:
google_privateca_certificate_authority
(#11182)
IMPROVEMENTS:
- composer: added support for Cloud Composer maintenance window in GA (#11170)
- compute: added support for
keepalive_interval
togoogle_compute_router.bgp
(#11188) - compute: added update support for
google_compute_reservation.share_settings
(#11202) - storagetransfer: added attribute
subject_id
to data sourcegoogle_storage_transfer_project_service_account
(#11156)
BUG FIXES:
- composer: allow region to be undefined in configuration for
google_composer_environment
(#11178) - container: fixed a bug where
vertical_pod_autoscaling
would cause autopilot clusters to recreate (#11167)
NOTE:
- updated to go 1.16.14 (#11132)
IMPROVEMENTS:
- bigquery: added support for authorized datasets to
google_bigquery_dataset.access
andgoogle_bigquery_dataset_access
(#11091) - bigtable: added
multi_cluster_routing_cluster_ids
fields togoogle_bigtable_app_profile
(#11097) - compute: updated
instance
attribute forgoogle_compute_network_endpoint
to be optional, as Hybrid connectivity NEGs use network endpoints with just IP and Port. (#11147) - compute: added
NON_GCP_PRIVATE_IP_PORT
value fornetwork_endpoint_type
in thegoogle_compute_network_endpoint_group
resource (#11147) - datafusion: promoted
google_datafusion_instance
to GA (#11087) - provider: added retries for
ReadRequest
errors incorrectly coded as403
errors, particularly in Google Compute Engine (#11129)
BUG FIXES:
- apigee: fixed a bug where multiple
google_apigee_instance
could not be used on the samegoogle_apigee_organization
(#11121) - compute: corrected an issue in
google_compute_security_policy
where only alpha values for certain enums were accepted (#11095)
IMPROVEMENTS:
- cloudfunctions: Added SecretManager integration support to
google_cloudfunctions_function
. (#11062) - dataproc: increased the default timeout for
google_dataproc_cluster
from 20m to 45m (#11026) - sql: added field
clone.allocated_ip_range
to support address range picker for clone in resourcegoogle_sql_database_instance
(#11058) - storagetransfer: added support for POSIX data source and data sink to
google_storage_transfer_job
viatransfer_spec.posix_data_source
andtransfer_spec.posix_data_sink
fields (#11039)
BUG FIXES:
- cloudrun: updated
containers.ports.container_port
to be optional instead of required ongoogle_cloud_run_service
(#11040) - compute: marked
project
field optional ingoogle_compute_instance_template
data source (#11041)
FEATURES:
- New Resource:
google_backend_service_iam_*
(#11010)
IMPROVEMENTS:
- compute: added
EXTERNAL_MANAGED
as option forload_balancing_scheme
ingoogle_compute_global_forwarding_rule
resource (#10985) - compute: promoted
EXTERNAL_MANAGED
value forload_balancing_scheme
ingoogle_compute_backend_service
andgoogle_compute_global_forwarding_rule
to GA (#11018) - container: added support for image type configuration on the GKE Node Auto-provisioning (#11015)
- container: added support for GCPFilestoreCSIDriver addon to
google_container_cluster
resource. (#10998) - dataproc: increased the default timeout for
google_dataproc_cluster
from 20m to 45m (#11026) - redis: added
maintenance_policy
andmaintenance_schedule
togoogle_redis_instance
(#10978) - vpcaccess: updated field
network
ingoogle_vpc_access_connector
to acceptself_link
orname
(#10988)
BUG FIXES:
- storage: Fixed bug where the provider crashes when
Object.owner
is missing when usinggoogle_storage_object_acl
(#11006)
BREAKING CHANGES:
- cloudrun: changed the
location
ofgoogle_cloud_run_service
so that modifying thelocation
field will recreate the resource rather than causing Terraform to report it would attempt an invalid update (#10948)
IMPROVEMENTS:
- provider: changed the default timeout for many resources to 20 minutes, the current Terraform default, where it was less than 20 minutes previously (#10954)
- redis: added
maintenance_policy
andmaintenance_schedule
togoogle_redis_instance
(#10978) - storage: added field
transfer_spec.aws_s3_data_source.role_arn
togoogle_storage_transfer_job
(#10950)
BUG FIXES:
- cloudrun: fixed a bug where changing the non-updatable
location
of agoogle_cloud_run_service
would not force resource recreation (#10948) - compute: fixed a bug where
google_compute_firewall
would incorrectly findsource_ranges
to be empty during validation (#10976) - notebooks: fixed permadiff in
google_notebooks_runtime.software_config
(#10947)
BREAKING CHANGES:
- dlp: renamed the
characters_to_ignore.character_to_skip
field tocharacters_to_ignore.characters_to_skip
ingoogle_data_loss_prevention_deidentify_template
. Any affected configurations will have been failing with an error at apply time already. (#10910)
FEATURES:
- New Resource:
google_network_connectivity_spoke
(#10921)
IMPROVEMENTS:
- apigee: added
ip_range
field togoogle_apigee_instance
(#10928) - cloudrun: added support for
default_mode
andmode
settings for created files withinsecrets
ingoogle_cloud_run_service
(#10911) - compute: Added
share_settings
ingoogle_compute_reservation
(#10899) - container: promoted
dns_config
field ofgoogle_container_cluster
to GA (#10892)
BUG FIXES:
- all: Fixed operation polling to support custom endpoints. (#10913)
- cloudrun: Fixed permadiff in
google_cloud_run_service
'stemplate.spec.service_account_name
. (#10940) - dlp: Fixed typo in name of
characters_to_ignore.characters_to_skip
field forgoogle_data_loss_prevention_deidentify_template
(#10910) - storagetransfer: fixed bug where
schedule
was required, but really it is optional. (#10942)
IMPROVEMENTS:
- compute: added
EXTERNAL_MANAGED
as option forload_balancing_scheme
ingoogle_compute_backend_service
resource (#10889) - container: promoted
dns_config
field ofgoogle_container_cluster
to GA (#10892) - monitoring: added
conditionMatchedLog
andalertStrategy
fields togoogle_monitoring_alert_policy
resource (#10865)
BREAKING CHANGES:
- pubsub: changed
google_pubsub_schema
so that modifiying fields will recreate the resource rather than causing Terraform to report it would attempt an invalid update (#10768)
FEATURES:
- New Resource:
google_apigee_nat_address
(#10789) - New Resource:
google_network_connectivity_hub
(#10812)
IMPROVEMENTS:
- bigquery: added ability to create a table with both a schema and view simultaneously to
google_bigquery_table
(#10819) - cloud_composer: Added GA support for following fields:
web_server_network_access_control
,database_config
,web_server_config
,encryption_config
. (#10827) - cloud_composer: Added support for Cloud Composer master authorized networks flag (#10780)
- cloud_composer: Added support for Cloud Composer v2 in GA. (#10795)
- container: promoted
node_config.0.boot_disk_kms_key
ofgoogle_container_node_pool
to GA (#10829) - osconfig: Added daily os config patch deployments (#10807)
- storage: added configurable read timeout to
google_storage_bucket
(#10781)
BUG FIXES:
- billingbudget: fixed a bug where
google_billing_budget.budget_filter.labels
was not updating. (#10767) - compute: fixed scenario where
region_instance_group_manager
would not start update ifwait_for_instances
was set and initial status was notSTABLE
(#10818) - healthcare: Added back
self_link
functionality which was accidentally removed in4.0.0
release. (#10808) - pubsub: fixed update failure when attempting to change non-updatable resource
google_pubsub_schema
(#10768) - storage: fixed a bug where
google_storage_bucket.lifecycle_rule.condition.days_since_custom_time
was not updating. (#10778) - vpcaccess: Added back
self_link
functionality which was accidentally removed in4.0.0
release. (#10808)
FEATURES:
- New Data Source: google_container_aws_versions (#10754)
- New Data Source: google_container_azure_versions (#10754)
- New Resource: google_container_aws_cluster (#10754)
- New Resource: google_container_aws_node_pool (#10754)
- New Resource: google_container_azure_client (#10754)
- New Resource: google_container_azure_cluster (#10754)
- New Resource: google_container_azure_node_pool (#10754)
IMPROVEMENTS:
- bigquery: added the
return_table_type
field togoogle_bigquery_routine
(#10743) - cloudbuild: added support for
available_secrets
togoogle_cloudbuild_trigger
(#10714) - cloudfunctions: added support for
min_instances
togoogle_cloudfunctions_function
(#10712) - composer: added support for Private Service Connect by adding field
cloud_composer_connection_subnetwork
ingoogle_composer_environment
(#10724) - compute: fixed bug where
google_compute_instance
'scan_ip_forward
could not be updated without recreating or restarting the instance. (#10741) - compute: added field
public_access_prevention
to resourcebucket
(beta) (#10740) - compute: added support for regional external HTTP(S) load balancer (#10738)
- privateca: added support for setting default values for basic constraints for
google_privateca_certificate
,google_privateca_certificate_authority
, andgoogle_privateca_ca_pool
via thenon_ca
andzero_max_issuer_path_length
fields (#10702) - provider: enabled gRPC requests and response logging (#10721)
BUG FIXES:
- assuredworkloads: fixed a bug preventing
google_assured_workloads_workload
from being created in any region other than us-central1 (#10749)
DEPRECATIONS:
- filestore: deprecated
zone
ongoogle_filestore_instance
in favor oflocation
to allow for regional instances (#10662)
FEATURES:
- New Resource:
google_os_config_os_policy_assignment
(#10676) - New Resource:
google_recaptcha_enterprise_key
(#10672) - New Resource:
google_spanner_instance_iam_policy
(#10695) - New Resource:
google_spanner_instance_iam_binding
(#10695) - New Resource:
google_spanner_instance_iam_member
(#10695)
IMPROVEMENTS:
- filestore: added support for
ENTERPRISE
value ongoogle_filestore_instance
tier
(#10662) - privateca: added support for setting default values for basic constraints for
google_privateca_certificate
,google_privateca_certificate_authority
, andgoogle_privateca_ca_pool
via thenon_ca
andzero_max_issuer_path_length
fields (#10702) - sql: added field
allocated_ip_range
to resourcegoogle_sql_database_instance
(#10687)
BUG FIXES:
- compute: fixed incorrectly failing validation for
INTERNAL_MANAGED
google_compute_region_backend_service
. (#10664) - compute: fixed scenario where
instance_group_manager
would not start update ifwait_for_instances
was set and initial status was notSTABLE
(#10680) - container: fixed the
ROUTES
value for thenetworking_mode
field ingoogle_container_cluster
. A recent API change unintentionally changed the default to aVPC_NATIVE
cluster, and removed the ability to create aROUTES
-based one. Provider versions prior to this one will default toVPC_NATIVE
due to this change, and are unable to createROUTES
clusters. (#10686)
FEATURES:
- New Data Source:
google_compute_router_status
(#10573) - New Data Source:
google_folders
(#10658) - New Resource:
google_notebooks_runtime
(#10627) - New Resource:
google_vertex_ai_metadata_store
(#10657) - New Resource:
google_cloudbuild_worker_pool
(#10617)
IMPROVEMENTS:
- apigee: Added IAM support for
google_apigee_environment
. (#10608) - apigee: Added supported values for 'peeringCidrRange' in
google_apigee_instance
. (#10636) - cloudbuild: added display_name and annotations to google_cloudbuild_worker_pool for compatibility with new GA. (#10617)
- container: added
node_group
tonode_config
for container clusters and node pools to support sole tenancy (#10646) - redis: Added Multi read replica field
replicaCount
,nodes
,readEndpoint
,readEndpointPort
,readReplicasMode
ingoogle_redis_instance
(#10607)
BUG FIXES:
- essentialcontacts: marked updating
email
ingoogle_essential_contacts_contact
as requiring recreation (#10592) - privateca: fixed crlAccessUrls in
CertificateAuthority
(#10577)
FEATURES:
- New Data Source:
google_compute_router_status
(#10573)
IMPROVEMENTS:
- compute: added support for
queue_count
togoogle_compute_instance.network_interface
andgoogle_compute_instance_template.network_interface
(#10571)
BUG FIXES:
- all: fixed an issue where some documentation for new resources was not showing up in the GA provider if it was beta-only. (#10545)
- bigquery: fixed update failure when attempting to change non-updatable fields in
google_bigquery_routine
. (#10546) - compute: fixed a bug when
cache_mode
is set to FORCE_CACHE_ALL ongoogle_compute_backend_bucket
(#10572) - compute: fixed a perma-diff on
google_compute_region_health_check
whenlog_config.enable
is set to false (#10553) - servicedirectory: added support for vpc network configuration in
google_service_directory_endpoint
. (#10569)
IMPROVEMENTS:
- cloudrun: Added support for secrets to GA provider. (#10519)
- compute: Added
bfd
togoogle_compute_router_peer
(#10487) - container: added
gcfs_config
tonode_config
ofgoogle_container_node_pool
resource (#10499) - container: promoted
confidential_nodes
field ingoogle_container_cluster
to GA (#10531) - provider: added retries for the
resourceNotReady
error returned when attempting to add resources to a recently-modified subnetwork (#10498) - pubsub: added
message_retention_duration
field togoogle_pubsub_topic
(#10501)
BUG FIXES:
- apigee: fixed a bug where multiple
google_apigee_instance_attachment
could not be used on the samegoogle_apigee_instance
(#10520) - bigquery: fixed a bug following import where schema is empty on
google_bigquery_table
(#10521) - billingbudget: fixed unable to provide
labels
ongoogle_billing_budget
(#10490) - compute: allowed
source_disk
to accept full image path ongoogle_compute_snapshot
(#10516) - compute: fixed a bug in
google_compute_firewall
that would cause changes insource_ranges
to not correctly be applied (#10515) - logging: fixed a bug with updating
description
ongoogle_logging_project_sink
,google_logging_folder_sink
andgoogle_logging_organization_sink
(#10493)
NOTES:
- compute: Google Compute Engine resources will now call the endpoint appropriate to the provider version rather than the beta endpoint by default (#10429)
- container: Google Kubernetes Engine resources will now call the endpoint appropriate to the provider version rather than the beta endpoint by default (#10430)
BREAKING CHANGES:
- appengine: marked
google_app_engine_standard_app_version
entrypoint
as required (#10425) - compute: removed the ability to specify the
trace-append
ortrace-ro
as scopes ingoogle_compute_instance
, usetrace
instead (#10377) - compute: changed
advanced_machine_features
ongoogle_compute_instance_template
to track changes when the block is undefined in a user's config (#10427) - compute: changed
source_ranges
ingoogle_compute_firewall_rule
to track changes when it is not set in a config file (#10439) - compute: changed the import / drift detection behaviours for
metadata_startup_script
,metadata.startup-script
ingoogle_compute_instance
. Now,metadata.startup-script
will be set by default, andmetadata_startup_script
will only be set if present. (#10392) - compute: removed
source_disk_link
field fromgoogle_compute_snapshot
(#10424) - compute: removed the
enable_display
field fromgoogle_compute_instance_template
(#10410) - compute: removed the
update_policy.min_ready_sec
field fromgoogle_compute_instance_group_manager
,google_compute_region_instance_group_manager
(#10410) - container:
instance_group_urls
has been removed in favor ofnode_pool.managed_instance_group_urls
(#10442) - container: changed default for
enable_shielded_nodes
to true forgoogle_container_cluster
(#10403) - container: changed
master_auth.client_certificate_config
to required (#10441) - container: removed
master_auth.username
andmaster_auth.password
fromgoogle_container_cluster
(#10441) - container: removed
workload_metadata_configuration.node_metadata
in favor ofworkload_metadata_configuration.mode
ingoogle_container_cluster
(#10400) - container: removed the
pod_security_policy_config
field fromgoogle_container_cluster
(#10410) - container: removed the
workload_identity_config.0.identity_namespace
field fromgoogle_container_cluster
, useworkload_identity_config.0.workload_pool
instead (#10410) - project: removed ability to specify
bigquery-json.googleapis.com
, the provider will no longer convert it as the upstream API migration is finished. Usebigquery.googleapis.com
instead. (#10370) - provider: changed
credentials
,access_token
precedence so thatcredentials
values in configuration take precedence overaccess_token
values assigned through environment variables (#10393) - provider: removed redundant default scopes. The provider's default scopes when authenticating with credentials are now exclusively "https://www.googleapis.com/auth/cloud-platform" and "https://www.googleapis.com/auth/userinfo.email". (#10374)
- pubsub: removed
path
field fromgoogle_pubsub_subscription
(#10424) - resourcemanager: made
google_project
removeorg_id
andfolder_id
from state when they are removed from config (#10373) - resourcemanager: added conflict between
org_id
,folder_id
at plan time ingoogle_project
(#10373) - resourcemanager: changed the
project
field toRequired
in allgoogle_project_iam_*
resources (#10394) - runtimeconfig: removed the Runtime Configurator service from the
google
(GA) provider includinggoogle_runtimeconfig_config
,google_runtimeconfig_variable
,google_runtimeconfig_config_iam_policy
,google_runtimeconfig_config_iam_binding
,google_runtimeconfig_config_iam_member
,data.google_runtimeconfig_config
. They are only available in thegoogle-beta
provider, as the underlying service is in beta. (#10410) - sql: added drift detection to the following
google_sql_database_instance
fields:activation_policy
(defaultsALWAYS
),availability_type
(defaultsZONAL
),disk_type
(defaultsPD_SSD
),encryption_key_name
(#10412) - sql: changed the
database_version
field toRequired
ingoogle_sql_database_instance
resource (#10398) - sql: removed the following
google_sql_database_instance
fields:authorized_gae_applications
,crash_safe_replication
,replication_type
(#10412) - storage: removed
bucket_policy_only
fromgoogle_storage_bucket
(#10397) - storage: changed the
location
field to required ingoogle_storage_bucket
(#10399)
VALIDATION CHANGES:
- bigquery: at least one of
statement_timeout_ms
,statement_byte_budget
, orkey_result_statement
is required ongoogle_bigquery_job.query.script_options.
(#10371) - bigquery: exactly one of
query
,load
,copy
orextract
is required ongoogle_bigquery_job
(#10371) - bigquery: exactly one of
source_table
orsource_model
is required ongoogle_bigquery_job.extract
(#10371) - cloudbuild: exactly one of
branch_name
,commit_sha
ortag_name
is required ongoogle_cloudbuild_trigger.build.source.repo_source
(#10371) - compute: at least one of
fixed_delay
orpercentage
is required ongoogle_compute_url_map.default_route_action.fault_injection_policy.delay
(#10371) - compute: at least one of
fixed
orpercent
is required ongoogle_compute_autoscaler.autoscaling_policy.scale_down_control.max_scaled_down_replicas
(#10371) - compute: at least one of
fixed
orpercent
is required ongoogle_compute_autoscaler.autoscaling_policy.scale_in_control.max_scaled_in_replicas
(#10371) - compute: at least one of
fixed
orpercent
is required ongoogle_compute_region_autoscaler.autoscaling_policy.scale_down_control.max_scaled_down_replicas
(#10371) - compute: at least one of
fixed
orpercent
is required ongoogle_compute_region_autoscaler.autoscaling_policy.scale_in_control.max_scaled_in_replicas
(#10371) - compute: at least one of
max_scaled_down_replicas
ortime_window_sec
is required ongoogle_compute_autoscaler.autoscaling_policy.scale_down_control
(#10371) - compute: at least one of
max_scaled_down_replicas
ortime_window_sec
is required ongoogle_compute_region_autoscaler.autoscaling_policy.scale_down_control
(#10371) - compute: at least one of
max_scaled_in_replicas
ortime_window_sec
is required ongoogle_compute_autoscaler.autoscaling_policy.scale_in_control.0.
(#10371) - compute: at least one of
max_scaled_in_replicas
ortime_window_sec
is required ongoogle_compute_region_autoscaler.autoscaling_policy.scale_in_control.0.
(#10371) - compute: required one of
source_tags
,source_ranges
orsource_service_accounts
on INGRESSgoogle_compute_firewall
resources (#10369) - dlp: at least one of
start_time
orend_time
is required ongoogle_data_loss_prevention_trigger.inspect_job.storage_config.timespan_config
(#10371) - dlp: exactly one of
url
orregex_file_set
is required ongoogle_data_loss_prevention_trigger.inspect_job.storage_config.cloud_storage_options.file_set
(#10371) - kms: removed
self_link
field fromgoogle_kms_crypto_key
andgoogle_kms_key_ring
(#10424) - osconfig: at least one of
linux_exec_step_config
orwindows_exec_step_config
is required ongoogle_os_config_patch_deployment.patch_config.post_step
(#10371) - osconfig: at least one of
linux_exec_step_config
orwindows_exec_step_config
is required ongoogle_os_config_patch_deployment.patch_config.pre_step
(#10371) - osconfig: at least one of
reboot_config
,apt
,yum
,goo
zypper
,windows_update
,pre_step
orpre_step
is required ongoogle_os_config_patch_deployment.patch_config
(#10371) - osconfig: at least one of
security
,minimal
,excludes
orexclusive_packages
is required ongoogle_os_config_patch_deployment.patch_config.yum
(#10371) - osconfig: at least one of
type
,excludes
orexclusive_packages
is required ongoogle_os_config_patch_deployment.patch_config.apt
(#10371) - osconfig: at least one of
with_optional
,with_update
,categories
,severities
,excludes
orexclusive_patches
is required ongoogle_os_config_patch_deployment.patch_config.zypper
(#10371) - osconfig: exactly one of
classifications
,excludes
orexclusive_patches
is required ongoogle_os_config_patch_deployment.inspect_job.patch_config.windows_update
(#10371) - spanner: at least one of
num_nodes
orprocessing_units
is required ongoogle_spanner_instance
(#10371)
IMPROVEMENTS:
- compute: added
encrypted_interconnect_router
togoogle_compute_router
(#10454) - container: added
managed_instance_group_urls
togoogle_container_node_pool
to replaceinstance_group_urls
ongoogle_container_cluster
(#10467) - kms: added support for EKM to
google_kms_crypto_key.protection_level
(#10391) - project: added support for
billing_project
ongoogle_project_service
(#10395) - spanner: increased the default timeout on
google_spanner_instance
operations from 4 minutes to 20 minutes, significantly reducing the likelihood that resources will time out (#10437)
BUG FIXES:
- bigquery: fixed a bug of cannot add required fields to an existing schema on
google_bigquery_table
(#10421) - compute: fixed a bug in updating multiple
ttl
fields ongoogle_compute_backend_bucket
(#10375) - compute: fixed a permadiff on
subnetwork
when it is optional ongoogle_compute_network_endpoint_group
(#10420) - compute: fixed perma-diff bug on
log_config.enable
of bothgoogle_compute_backend_service
andgoogle_compute_region_backend_service
(#10378) - compute: fixed the
google_compute_instance_group_manager.update_policy.0.min_ready_sec
field so that updating it to0
works (#10457) - compute: fixed the
google_compute_region_instance_group_manager.update_policy.0.min_ready_sec
field so that updating it to0
works (#10457) - spanner: fixed the schema for
data.google_spanner_instance
so that non-configurable fields are considered outputs (#10450)