cloudsecuritycompliace: replace organization with parent to support PLE

[priyankksingh]

Description

This PR introduces Project Level Enablement (PLE) support for Cloud Security Compliance resources. Previously, these resources were strictly bound to the organization level. This change allows users to create and manage controls, frameworks, and deployments at the project level as well.

Key Changes:

• Introduced parent: Replaced the hardcoded organization parameter with a flexible parent parameter across CloudControl, Framework, and FrameworkDeployment.
• Backward Compatibility: The organization field is now marked as deprecated, but old configurations remain fully supported.
  • Added exactly_one_of: [parent, organization] with both fields marked as optional: true to allow seamless migration.
  • Added a pre_create custom code hook (cloudsecuritycompliance_set_parent.go.tmpl) to automatically construct the parent string for users who only provide organization.
  • Preserved the Terraform Identity Schema by keeping the legacy organizations/{{%organization}}/... format as the first entry in import_format, ensuring no state corruption for existing users.
• Perpetual Diff Fix: Added diff_suppress_func: 'tpgresource.CompareResourceNames' to targetResourceConfig.existingTargetResource in FrameworkDeployment.yaml to prevent state drift when the API normalizes between project IDs and project numbers.
• Expanded Testing: Added comprehensive Terraform acceptance tests demonstrating project-level configurations, folder-level deployments, and targeting specific applications like App Hub.

Release Note Template for Downstream PRs

See Write release notes for guidance.

cloudsecuritycompliance: added support for project parent to `google_cloud_security_compliance_cloud_control`, `google_cloud_security_compliance_framework`, and `google_cloud_security_compliance_framework_deployment` via the new `parent` field. The `organization` field has been deprecated.

cloudsecuritycompliance: deprecated the `organization` field  on `google_cloud_security_compliance_cloud_control`, `google_cloud_security_compliance_framework`, and `google_cloud_security_compliance_framework_deployment`. Use `parent` instead

[github-actions]

Googlers: For automatic test runs see go/terraform-auto-test-runs.

@slevenick, a repository maintainer, has been assigned to review your changes. If you have not received review feedback within 2 business days, please leave a comment on this PR asking them to take a look.

You can help make sure that review is quick by doing a self-review and by running impacted tests locally.

[priyankksingh]

@slevenick Can you please review the PR.

[slevenick]

We can't remove a field like organization on these resources as it will be a breaking change for users who have current configurations that use it.

We can discuss other options to achieve the goals here

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes for commit 96969a5:

Diff report

Your PR generated the following diffs in downstream repositories:

Repository	Diff Link	Changes
google provider	View Diff	14 files changed, 1481 insertions(+), 186 deletions(-)
google-beta provider	View Diff	14 files changed, 1481 insertions(+), 186 deletions(-)
terraform-google-conversion	View Diff	3 files changed, 24 insertions(+), 13 deletions(-)
Open in Cloud Shell	View Diff	8 files changed, 418 insertions(+)

Breaking Change(s) Detected

The following breaking change(s) were detected within your pull request.

• Field organization within resource google_cloud_security_compliance_framework_deployment was either removed or renamed - reference
• Field parent added as required on pre-existing resource google_cloud_security_compliance_framework_deployment - reference

If you believe this detection to be incorrect please raise the concern with your reviewer.
If you intend to make this change you will need to wait for a major release window.
An override-breaking-change label can be added to allow merging.

Missing test report

Your PR includes resource fields which are not covered by any test.

Resource: google_cloud_security_compliance_cloud_control (4 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_cloud_security_compliance_cloud_control" "primary" {
  organization = # value needed
}

Resource: google_cloud_security_compliance_framework (10 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_cloud_security_compliance_framework" "primary" {
  organization = # value needed
}

Test report

Analytics

Total Tests	Passed	Skipped	Affected
12	2	0	10

Affected Service Packages

• cloudsecuritycompliance

Learn how VCR tests work

---

Step 1: Replaying Mode

Action taken

Found 10 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit.

Click here to see the affected tests

• TestAccCloudSecurityComplianceCloudControl_cloudsecuritycomplianceCloudcontrolOrgBasicExample
• TestAccCloudSecurityComplianceCloudControl_cloudsecuritycomplianceCloudcontrolProjectBasicExample
• TestAccCloudSecurityComplianceFrameworkDeployment_cloudsecuritycomplianceFrameworkDeploymentFolderCreationExample
• TestAccCloudSecurityComplianceFrameworkDeployment_cloudsecuritycomplianceFrameworkDeploymentOrgBasicExample
• TestAccCloudSecurityComplianceFrameworkDeployment_cloudsecuritycomplianceFrameworkDeploymentOrgProjectBasicExample
• TestAccCloudSecurityComplianceFrameworkDeployment_cloudsecuritycomplianceFrameworkDeploymentProjectApplicationBasicExample
• TestAccCloudSecurityComplianceFrameworkDeployment_cloudsecuritycomplianceFrameworkDeploymentProjectBasicExample
• TestAccCloudSecurityComplianceFrameworkDeployment_cloudsecuritycomplianceFrameworkDeploymentProjectCreationExample
• TestAccCloudSecurityComplianceFramework_cloudsecuritycomplianceFrameworkOrgBasicExample
• TestAccCloudSecurityComplianceFramework_cloudsecuritycomplianceFrameworkProjectBasicExample

View the replaying VCR build log

---

Step 2: Recording Mode

Recording Mode	Replaying Rerun	Test Name
✅ Log	✅	TestAccCloudSecurityComplianceCloudControl_cloudsecuritycomplianceCloudcontrolOrgBasicExample
✅ Log	✅	TestAccCloudSecurityComplianceCloudControl_cloudsecuritycomplianceCloudcontrolProjectBasicExample
✅ Log	✅	TestAccCloudSecurityComplianceFrameworkDeployment_cloudsecuritycomplianceFrameworkDeploymentFolderCreationExample
✅ Log	✅	TestAccCloudSecurityComplianceFrameworkDeployment_cloudsecuritycomplianceFrameworkDeploymentOrgBasicExample
✅ Log	✅	TestAccCloudSecurityComplianceFrameworkDeployment_cloudsecuritycomplianceFrameworkDeploymentOrgProjectBasicExample
✅ Log	✅	TestAccCloudSecurityComplianceFrameworkDeployment_cloudsecuritycomplianceFrameworkDeploymentProjectApplicationBasicExample
✅ Log	✅	TestAccCloudSecurityComplianceFrameworkDeployment_cloudsecuritycomplianceFrameworkDeploymentProjectBasicExample
✅ Log	✅	TestAccCloudSecurityComplianceFrameworkDeployment_cloudsecuritycomplianceFrameworkDeploymentProjectCreationExample
✅ Log	✅	TestAccCloudSecurityComplianceFramework_cloudsecuritycomplianceFrameworkOrgBasicExample
✅ Log	✅	TestAccCloudSecurityComplianceFramework_cloudsecuritycomplianceFrameworkProjectBasicExample

🟢 All tests passed!

View the recording VCR build log or the debug logs folder for detailed results.

@priyankksingh VCR tests complete for 96969a5!

[slevenick]

Per offline comms, dismissing review until it's fully implemented

[priyankksingh]

@slevenick PR is ready for review. I have tested locally for all the 3 resources with old and new schema changes.

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes for commit 3a2cfcd:

Diff report

Your PR generated the following diffs in downstream repositories:

Repository	Diff Link	Changes
google provider	View Diff	14 files changed, 2456 insertions(+), 172 deletions(-)
google-beta provider	View Diff	14 files changed, 2456 insertions(+), 172 deletions(-)
terraform-google-conversion	View Diff	3 files changed, 24 insertions(+), 13 deletions(-)
Open in Cloud Shell	View Diff	8 files changed, 418 insertions(+)

Test report

Analytics

Total Tests	Passed	Skipped	Affected
17	17	0	0

Affected Service Packages

• cloudsecuritycompliance

Learn how VCR tests work

---

Step 1: Replaying Mode

🟢 All tests passed in Replaying mode! No Recording was needed.

View the replaying VCR build log

@priyankksingh, @slevenick VCR tests complete for 3a2cfcd!

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes for commit 70a0a41:

Diff report

Your PR generated the following diffs in downstream repositories:

Repository	Diff Link	Changes
google provider	View Diff	14 files changed, 2456 insertions(+), 172 deletions(-)
google-beta provider	View Diff	14 files changed, 2456 insertions(+), 172 deletions(-)
terraform-google-conversion	View Diff	3 files changed, 24 insertions(+), 13 deletions(-)
Open in Cloud Shell	View Diff	8 files changed, 418 insertions(+)

Test report

Analytics

Total Tests	Passed	Skipped	Affected
17	17	0	0

Affected Service Packages

• cloudsecuritycompliance

Learn how VCR tests work

---

Step 1: Replaying Mode

🟢 All tests passed in Replaying mode! No Recording was needed.

View the replaying VCR build log

@priyankksingh, @slevenick VCR tests complete for 70a0a41!

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes for commit 2333782:

Diff report

Your PR generated the following diffs in downstream repositories:

Repository	Diff Link	Changes
google provider	View Diff	780 files changed, 2537 insertions(+), 944 deletions(-)
google-beta provider	View Diff	855 files changed, 2537 insertions(+), 1019 deletions(-)
terraform-google-conversion	View Diff	3 files changed, 24 insertions(+), 13 deletions(-)
Open in Cloud Shell	View Diff	8 files changed, 418 insertions(+)

Test report

Analytics

Total Tests	Passed	Skipped	Affected
5836	5322	503	11

Affected Service Packages

• bigquery
• cloudrun
• containerattached
• gemini
• identityplatform
• modelarmor
• networkmanagement
• securitycenter
• apigateway
• beyondcorp
• cloudscheduler
• developerconnect
• logging
• vectorsearch
• workflows
• cloudbuildv2
• networkconnectivityv1
• dialogflow
• dialogflowcx
• config
• hypercomputecluster
• tags
• tpuv2
• cloudidentity
• firebaseextensions
• firebasehosting
• firestore
• gkehub
• migrationcenter
• oslogin
• securityscanner
• vmwareengine
• apigee
• clouddomains
• firebaseremoteconfig
• notebooks
• privateca
• secretmanagerregional
• securityposture
• activedirectory
• apihub
• backupdr
• bigqueryanalyticshub
• cloudtasks
• datalineage
• datastream
• gkehub2
• bigquerydatatransfer
• certificatemanager
• deploymentmanager
• firebaseappcheck
• firebasestorage
• iap
• osconfig
• parametermanagerregional
• accessapproval
• bigquerydatapolicyv2
• dataproc
• iambeta
• redis
• siteverification
• sourcerepo
• storagebatchoperations
• dns
• pubsublite
• workstations
• billingbudgets
• cloudasset
• discoveryengine
• saasruntime
• compute
• storagecontrol
• datafusion
• essentialcontacts
• firebase
• observability
• spanner
• storage
• storageinsights
• biglakeiceberg
• binaryauthorization
• iamworkforcepool
• parallelstore
• resourcemanager
• workloadidentity
• apphub
• datapipeline
• gkeonprem
• cloudquotas
• edgecontainer
• gkebackup
• integrations
• kms
• lustre
• memcache
• modelarmorglobal
• accesscontextmanager
• artifactregistry
• cloudbilling
• networksecurity
• servicedirectory
• chronicle
• firebaseailogic
• managedkafka
• monitoring
• resourcemanagerv3
• sql
• transcoder
• alloydb
• bigtable
• clouddeploy
• edgenetwork
• publicca
• securitycentermanagement
• looker
• netapp
• networkconnectivity
• bigqueryconnection
• vpcaccess
• blockchainnodeengine
• datacatalog
• eventarc
• iam3
• parametermanager
• biglake
• cloudrunv2
• databasemigrationservice
• documentaiwarehouse
• integrationconnectors
• memorystore
• containeranalysis
• composer
• documentai
• pubsub
• securitycenterv2
• appengine
• ces
• dataform
• firebaseapphosting
• networkservices
• servicenetworking
• dataprocmetastore
• mlengine
• osconfigv2
• vertexai
• colab
• dataprocgdc
• healthcare
• oracledatabase
• cloudbuild
• datalossprevention
• filestore
• orgpolicy
• secretmanager
• serviceusage
• workbench
• bigqueryreservation
• cloudfunctions2
• contactcenterinsights
• dataplex
• firebasedataconnect
• iam2
• securesourcemanager
• bigquerydatapolicy
• cloudids
• cloudsecuritycompliance
• firebasedatabase
• privilegedaccessmanager
• storagetransfer

Learn how VCR tests work

---

Step 1: Replaying Mode

Action taken

Found 11 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit.

Click here to see the affected tests

• TestAccBeyondcorpAppConnection_beyondcorpAppConnectionBasicExample
• TestAccCloudRunService_cloudRunServiceGpuExample
• TestAccDataformConfig_update
• TestAccDataformRepository_dataformRepositoryWithCloudsourceRepoAndSshExample
• TestAccDataprocMetastoreService_dataprocMetastoreServicePrivateServiceConnectExample
• TestAccDatastreamConnectionProfile_sshKey_update
• TestAccDiscoveryEngineDataStore_discoveryengineDatastoreKmsKeyNameExample
• TestAccGKEHubFeature_gkehubFeatureFleetObservability
• TestAccManagedKafkaConnector_managedkafkaConnectorBasicExample
• TestAccProjectIamMemberRemove_memberInMultipleBindings
• TestAccPubsubSubscription_pubsubSubscriptionTagsExample

View the replaying VCR build log

---

Step 2: Recording Mode

Recording Mode	Replaying Rerun	Test Name
✅ Log	✅	TestAccDataformConfig_update
✅ Log	✅	TestAccGKEHubFeature_gkehubFeatureFleetObservability
✅ Log	✅	TestAccProjectIamMemberRemove_memberInMultipleBindings
❌ Error · Log	-	TestAccBeyondcorpAppConnection_beyondcorpAppConnectionBasicExample
❌ Error · Log	-	TestAccCloudRunService_cloudRunServiceGpuExample
❌ Error · Log	-	TestAccDataformRepository_dataformRepositoryWithCloudsourceRepoAndSshExample
❌ Error · Log	-	TestAccDataprocMetastoreService_dataprocMetastoreServicePrivateServiceConnectExample
❌ Error · Log	-	TestAccDatastreamConnectionProfile_sshKey_update
❌ Error · Log	-	TestAccDiscoveryEngineDataStore_discoveryengineDatastoreKmsKeyNameExample
❌ Error · Log	-	TestAccManagedKafkaConnector_managedkafkaConnectorBasicExample
❌ Error · Log	-	TestAccPubsubSubscription_pubsubSubscriptionTagsExample

Caution

Issues requiring attention before PR completion

🔴 Initial Recording Failed: Some tests failed during the recording step. See the table above for details.

Please address these issues to complete your PR. If you believe these detections are incorrect or unrelated to your change, please raise the concern with your reviewer.

View the recording VCR build log or the debug logs folder for detailed results.

@priyankksingh, @slevenick VCR tests complete for 2333782!

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes for commit fc8b5e7:

Diff report

Your PR generated the following diffs in downstream repositories:

Repository	Diff Link	Changes
google provider	View Diff	780 files changed, 2537 insertions(+), 944 deletions(-)
google-beta provider	View Diff	855 files changed, 2537 insertions(+), 1019 deletions(-)
terraform-google-conversion	View Diff	3 files changed, 24 insertions(+), 13 deletions(-)
Open in Cloud Shell	View Diff	8 files changed, 418 insertions(+)

Test report

Analytics

Total Tests	Passed	Skipped	Affected
5837	5323	503	11

Affected Service Packages

• bigqueryconnection
• bigquerydatapolicyv2
• firebaseremoteconfig
• firebasestorage
• gkebackup
• transcoder
• workloadidentity
• alloydb
• netapp
• cloudbilling
• datalineage
• modelarmorglobal
• publicca
• iambeta
• parametermanagerregional
• discoveryengine
• logging
• sql
• cloudfunctions2
• cloudrunv2
• dataproc
• developerconnect
• firebaseailogic
• integrationconnectors
• privilegedaccessmanager
• storagetransfer
• dataprocmetastore
• documentai
• iam3
• observability
• tpuv2
• workflows
• certificatemanager
• cloudsecuritycompliance
• datapipeline
• essentialcontacts
• datalossprevention
• gemini
• migrationcenter
• osconfigv2
• clouddeploy
• notebooks
• storagebatchoperations
• accesscontextmanager
• apigee
• cloudidentity
• dataplex
• hypercomputecluster
• spanner
• workbench
• documentaiwarehouse
• gkeonprem
• oslogin
• pubsublite
• cloudbuild
• edgenetwork
• privateca
• containeranalysis
• firebasedatabase
• securesourcemanager
• securityscanner
• chronicle
• contactcenterinsights
• firebaseappcheck
• siteverification
• vmwareengine
• bigqueryanalyticshub
• cloudrun
• firebaseextensions
• memorystore
• resourcemanager
• activedirectory
• apigateway
• cloudbuildv2
• dataform
• dialogflow
• modelarmor
• orgpolicy
• vpcaccess
• deploymentmanager
• dialogflowcx
• firebasedataconnect
• managedkafka
• parallelstore
• sourcerepo
• vectorsearch
• bigquerydatatransfer
• billingbudgets
• firestore
• iam2
• integrations
• redis
• secretmanager
• artifactregistry
• blockchainnodeengine
• cloudids
• composer
• gkehub2
• parametermanager
• securitycentermanagement
• backupdr
• serviceusage
• storage
• storagecontrol
• cloudquotas
• tags
• biglakeiceberg
• bigquerydatapolicy
• binaryauthorization
• compute
• eventarc
• healthcare
• networkservices
• workstations
• apihub
• bigqueryreservation
• cloudasset
• datacatalog
• resourcemanagerv3
• servicenetworking
• colab
• looker
• memcache
• networkconnectivityv1
• networkmanagement
• pubsub
• secretmanagerregional
• vertexai
• beyondcorp
• biglake
• ces
• filestore
• firebasehosting
• networkconnectivity
• networksecurity
• securitycenter
• databasemigrationservice
• dataprocgdc
• firebase
• securityposture
• accessapproval
• bigtable
• datastream
• iap
• osconfig
• bigquery
• config
• edgecontainer
• monitoring
• saasruntime
• apphub
• cloudtasks
• containerattached
• iamworkforcepool
• identityplatform
• mlengine
• appengine
• datafusion
• dns
• gkehub
• kms
• servicedirectory
• storageinsights
• clouddomains
• cloudscheduler
• firebaseapphosting
• lustre
• oracledatabase
• securitycenterv2

Learn how VCR tests work

---

Step 1: Replaying Mode

Action taken

Found 11 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit.

Click here to see the affected tests

• TestAccAlloydbInstance_updateInstanceWithPscInterfaceConfigs
• TestAccBeyondcorpAppConnection_beyondcorpAppConnectionBasicExample
• TestAccCloudRunService_cloudRunServiceGpuExample
• TestAccDataformConfig_update
• TestAccDataformRepository_dataformRepositoryWithCloudsourceRepoAndSshExample
• TestAccDataprocMetastoreService_dataprocMetastoreServicePrivateServiceConnectExample
• TestAccDatastreamConnectionProfile_sshKey_update
• TestAccDiscoveryEngineDataStore_discoveryengineDatastoreKmsKeyNameExample
• TestAccFirebaseAppCheckAppAttestConfig_firebaseAppCheckAppAttestConfigUpdate
• TestAccManagedKafkaConnector_managedkafkaConnectorBasicExample
• TestAccPubsubSubscription_pubsubSubscriptionTagsExample

View the replaying VCR build log

---

Step 2: Recording Mode

Recording Mode	Replaying Rerun	Test Name
✅ Log	✅	TestAccAlloydbInstance_updateInstanceWithPscInterfaceConfigs
✅ Log	✅	TestAccDatastreamConnectionProfile_sshKey_update
✅ Log	✅	TestAccFirebaseAppCheckAppAttestConfig_firebaseAppCheckAppAttestConfigUpdate
✅ Log	❌ Error · Log	TestAccDataformConfig_update
❌ Error · Log	-	TestAccBeyondcorpAppConnection_beyondcorpAppConnectionBasicExample
❌ Error · Log	-	TestAccCloudRunService_cloudRunServiceGpuExample
❌ Error · Log	-	TestAccDataformRepository_dataformRepositoryWithCloudsourceRepoAndSshExample
❌ Error · Log	-	TestAccDataprocMetastoreService_dataprocMetastoreServicePrivateServiceConnectExample
❌ Error · Log	-	TestAccDiscoveryEngineDataStore_discoveryengineDatastoreKmsKeyNameExample
❌ Error · Log	-	TestAccManagedKafkaConnector_managedkafkaConnectorBasicExample
❌ Error · Log	-	TestAccPubsubSubscription_pubsubSubscriptionTagsExample

Caution

Issues requiring attention before PR completion

🔴 Initial Recording Failed: Some tests failed during the recording step. See the table above for details.

🔴 Replaying Rerun Failed: Some tests failed due to non-determinism when VCR replayed the response. See the table above for details.

Please address these issues to complete your PR. If you believe these detections are incorrect or unrelated to your change, please raise the concern with your reviewer.

View the recording VCR build log or the debug logs folder for detailed results.

@priyankksingh, @slevenick VCR tests complete for fc8b5e7!

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes for commit 042b12f:

Diff report

Your PR generated the following diffs in downstream repositories:

Repository	Diff Link	Changes
google provider	View Diff	780 files changed, 2537 insertions(+), 944 deletions(-)
google-beta provider	View Diff	856 files changed, 2537 insertions(+), 1020 deletions(-)
terraform-google-conversion	View Diff	3 files changed, 24 insertions(+), 13 deletions(-)
Open in Cloud Shell	View Diff	8 files changed, 418 insertions(+)

Test report

Analytics

Total Tests	Passed	Skipped	Affected
5839	5327	503	9

Affected Service Packages

• migrationcenter
• bigqueryreservation
• datacatalog
• iam3
• managedkafka
• resourcemanagerv3
• securitycentermanagement
• storagebatchoperations
• cloudasset
• containeranalysis
• essentialcontacts
• logging
• memcache
• privilegedaccessmanager
• contactcenterinsights
• firebaseapphosting
• privateca
• siteverification
• blockchainnodeengine
• firebaseextensions
• securityposture
• tpuv2
• apigateway
• iam2
• looker
• parallelstore
• publicca
• pubsub
• sql
• appengine
• artifactregistry
• monitoring
• securityscanner
• servicenetworking
• deploymentmanager
• firebase
• gkehub2
• lustre
• sourcerepo
• storagetransfer
• backupdr
• datalineage
• firebaseappcheck
• pubsublite
• securesourcemanager
• tags
• vectorsearch
• workbench
• accesscontextmanager
• certificatemanager
• integrations
• mlengine
• oslogin
• vertexai
• databasemigrationservice
• datalossprevention
• edgecontainer
• iamworkforcepool
• netapp
• networkmanagement
• networkservices
• spanner
• dataprocgdc
• firebasedataconnect
• gkeonprem
• integrationconnectors
• modelarmorglobal
• oracledatabase
• servicedirectory
• ces
• networkconnectivity
• osconfig
• bigqueryconnection
• cloudquotas
• edgenetwork
• eventarc
• secretmanager
• bigquerydatapolicy
• cloudtasks
• developerconnect
• firebaseailogic
• resourcemanager
• cloudidentity
• datapipeline
• orgpolicy
• secretmanagerregional
• vpcaccess
• workflows
• apphub
• bigquery
• firebasedatabase
• firebasehosting
• iap
• saasruntime
• healthcare
• accessapproval
• billingbudgets
• cloudbuildv2
• cloudrun
• serviceusage
• storage
• workloadidentity
• chronicle
• cloudbilling
• dataproc
• dataprocmetastore
• dialogflowcx
• documentaiwarehouse
• filestore
• gemini
• alloydb
• biglakeiceberg
• osconfigv2
• transcoder
• binaryauthorization
• cloudscheduler
• apigee
• biglake
• bigquerydatapolicyv2
• cloudbuild
• compute
• datastream
• discoveryengine
• redis
• cloudids
• cloudsecuritycompliance
• containerattached
• dns
• firestore
• hypercomputecluster
• observability
• cloudrunv2
• dataplex
• documentai
• memorystore
• parametermanagerregional
• bigqueryanalyticshub
• cloudfunctions2
• colab
• dialogflow
• kms
• modelarmor
• workstations
• datafusion
• gkebackup
• activedirectory
• apihub
• clouddomains
• config
• dataform
• firebasestorage
• networksecurity
• parametermanager
• bigquerydatatransfer
• securitycenterv2
• storageinsights
• beyondcorp
• clouddeploy
• firebaseremoteconfig
• iambeta
• notebooks
• storagecontrol
• vmwareengine
• bigtable
• identityplatform
• networkconnectivityv1
• securitycenter
• composer
• gkehub

Learn how VCR tests work

---

Step 1: Replaying Mode

Action taken

Found 9 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit.

Click here to see the affected tests

• TestAccBeyondcorpAppConnection_beyondcorpAppConnectionBasicExample
• TestAccCloudRunService_cloudRunServiceGpuExample
• TestAccDataformConfig_update
• TestAccDataformRepository_dataformRepositoryWithCloudsourceRepoAndSshExample
• TestAccDataprocMetastoreService_dataprocMetastoreServicePrivateServiceConnectExample
• TestAccDatastreamConnectionProfile_sshKey_update
• TestAccDiscoveryEngineDataStore_discoveryengineDatastoreKmsKeyNameExample
• TestAccManagedKafkaConnector_managedkafkaConnectorBasicExample
• TestAccPubsubSubscription_pubsubSubscriptionTagsExample

View the replaying VCR build log

---

Step 2: Recording Mode

Recording Mode	Replaying Rerun	Test Name
✅ Log	✅	TestAccDatastreamConnectionProfile_sshKey_update
✅ Log	❌ Error · Log	TestAccDataformConfig_update
❌ Error · Log	-	TestAccBeyondcorpAppConnection_beyondcorpAppConnectionBasicExample
❌ Error · Log	-	TestAccCloudRunService_cloudRunServiceGpuExample
❌ Error · Log	-	TestAccDataformRepository_dataformRepositoryWithCloudsourceRepoAndSshExample
❌ Error · Log	-	TestAccDataprocMetastoreService_dataprocMetastoreServicePrivateServiceConnectExample
❌ Error · Log	-	TestAccDiscoveryEngineDataStore_discoveryengineDatastoreKmsKeyNameExample
❌ Error · Log	-	TestAccManagedKafkaConnector_managedkafkaConnectorBasicExample
❌ Error · Log	-	TestAccPubsubSubscription_pubsubSubscriptionTagsExample

Caution

Issues requiring attention before PR completion

🔴 Initial Recording Failed: Some tests failed during the recording step. See the table above for details.

🔴 Replaying Rerun Failed: Some tests failed due to non-determinism when VCR replayed the response. See the table above for details.

Please address these issues to complete your PR. If you believe these detections are incorrect or unrelated to your change, please raise the concern with your reviewer.

View the recording VCR build log or the debug logs folder for detailed results.

@priyankksingh, @slevenick VCR tests complete for 042b12f!

[github-actions]

@slevenick This PR has been waiting for review for 3 weekdays. Please take a look! Use the label disable-review-reminders to disable these notifications.

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes for commit c2e3ad8:

Diff report

Your PR generated the following diffs in downstream repositories:

Repository	Diff Link	Changes
google provider	View Diff	785 files changed, 2540 insertions(+), 949 deletions(-)
google-beta provider	View Diff	859 files changed, 2540 insertions(+), 1023 deletions(-)
terraform-google-conversion	View Diff	3 files changed, 24 insertions(+), 13 deletions(-)
Open in Cloud Shell	View Diff	8 files changed, 418 insertions(+)

Test report

Analytics

Total Tests	Passed	Skipped	Affected
5851	5300	522	29

Affected Service Packages

• pubsublite
• spanner
• tpuv2
• bigquerydatapolicy
• securityscanner
• servicedirectory
• beyondcorp
• cloudrun
• essentialcontacts
• oslogin
• biglake
• blockchainnodeengine
• contactcenterinsights
• firebasestorage
• iam2
• resourcemanager
• accesscontextmanager
• edgecontainer
• networkconnectivity
• notebooks
• binaryauthorization
• cloudidentity
• datalossprevention
• filestore
• servicenetworking
• vmwareengine
• composer
• databasemigrationservice
• documentaiwarehouse
• firebasedatabase
• parametermanager
• privateca
• workloadidentity
• networkmanagement
• publicca
• apihub
• bigqueryanalyticshub
• cloudrunv2
• cloudsecuritycompliance
• compute
• gkehub
• memorystore
• netapp
• containeranalysis
• clouddomains
• gkebackup
• hypercomputecluster
• securitycenterv2
• dialogflowcx
• memcache
• storagebatchoperations
• datapipeline
• workflows
• bigquerydatapolicyv2
• dialogflow
• iambeta
• pubsub
• osconfigv2
• redis
• biglakeiceberg
• datafusion
• firebasehosting
• storage
• apphub
• bigquerydatatransfer
• dataplex
• developerconnect
• eventarc
• oracledatabase
• parametermanagerregional
• securitycenter
• activedirectory
• cloudfunctions2
• healthcare
• sql
• storagecontrol
• artifactregistry
• firebase
• lustre
• storagetransfer
• transcoder
• bigqueryconnection
• chronicle
• cloudscheduler
• gemini
• integrations
• kms
• mlengine
• monitoring
• datalineage
• saasruntime
• securitycentermanagement
• serviceusage
• sourcerepo
• tags
• datastream
• discoveryengine
• gkeonprem
• logging
• managedkafka
• securityposture
• appengine
• cloudquotas
• dns
• firebaseremoteconfig
• modelarmor
• secretmanager
• workbench
• bigquery
• dataprocmetastore
• documentai
• siteverification
• accessapproval
• cloudbuildv2
• dataform
• firestore
• iap
• containerattached
• datacatalog
• cloudids
• cloudtasks
• integrationconnectors
• modelarmorglobal
• vertexai
• apigateway
• cloudbuild
• clouddeploy
• iamworkforcepool
• observability
• osconfig
• parallelstore
• storageinsights
• apigee
• bigqueryreservation
• ces
• cloudasset
• workstations
• bigtable
• dataproc
• firebaseapphosting
• looker
• networkconnectivityv1
• billingbudgets
• config
• iam3
• licensemanager
• migrationcenter
• secretmanagerregional
• cloudbilling
• edgenetwork
• identityplatform
• resourcemanagerv3
• vectorsearch
• vpcaccess
• firebasedataconnect
• firebaseextensions
• gkehub2
• securesourcemanager
• alloydb
• backupdr
• certificatemanager
• dataprocgdc
• deploymentmanager
• firebaseailogic
• firebaseappcheck
• networksecurity
• colab
• networkservices
• orgpolicy
• privilegedaccessmanager

Learn how VCR tests work

---

Step 1: Replaying Mode

Action taken

Found 29 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit.

Click here to see the affected tests

• TestAccCloudRunService_cloudRunServiceGpuExample
• TestAccComputeInstance_GracefulShutdownWithResetUpdate
• TestAccComputeInstance_advancedMachineFeatures
• TestAccComputeInstance_desiredStatusSuspendedOnCreation
• TestAccComputeInstance_desiredStatusTerminatedOnCreation
• TestAccComputeInstance_desiredStatusUpdateBasic
• TestAccComputeInstance_desiredStatus_suspended
• TestAccComputeInstance_diskEncryptionRestart
• TestAccComputeInstance_enableDisplay
• TestAccComputeInstance_instanceEncryption
• TestAccComputeInstance_metadataStartupScript_update
• TestAccComputeInstance_minCpuPlatform
• TestAccComputeInstance_performanceMonitoringUnit
• TestAccComputeInstance_serviceAccount_updated
• TestAccComputeInstance_serviceAccount_updated0to1to0scopes
• TestAccComputeInstance_shieldedVmConfig
• TestAccComputeInstance_soleTenantNodeAffinities
• TestAccComputeInstance_stopInstanceToUpdate
• TestAccComputeInstance_subnetworkUpdate
• TestAccComputeInstance_updateRunning_desiredStatusRunning_allowStoppingForUpdate
• TestAccComputeInstance_updateTerminated_desiredStatusRunning_allowStoppingForUpdate
• TestAccComputeInstance_updateTerminated_desiredStatusRunning_notAllowStoppingForUpdate
• TestAccDataformConfig_update
• TestAccDataformRepository_dataformRepositoryWithCloudsourceRepoAndSshExample
• TestAccDataprocMetastoreService_dataprocMetastoreServicePrivateServiceConnectExample
• TestAccDiscoveryEngineDataStore_discoveryengineDatastoreKmsKeyNameExample
• TestAccManagedKafkaConnector_managedkafkaConnectorBasicExample
• TestAccProjectIamMemberRemove_memberInMultipleBindings
• TestAccPubsubSubscription_pubsubSubscriptionTagsExample

View the replaying VCR build log

---

Step 2: Recording Mode

Recording Mode	Replaying Rerun	Test Name
✅ Log	✅	TestAccComputeInstance_GracefulShutdownWithResetUpdate
✅ Log	✅	TestAccComputeInstance_advancedMachineFeatures
✅ Log	✅	TestAccComputeInstance_desiredStatusSuspendedOnCreation
✅ Log	✅	TestAccComputeInstance_desiredStatusTerminatedOnCreation
✅ Log	✅	TestAccComputeInstance_desiredStatusUpdateBasic
✅ Log	✅	TestAccComputeInstance_desiredStatus_suspended
✅ Log	✅	TestAccComputeInstance_diskEncryptionRestart
✅ Log	✅	TestAccComputeInstance_enableDisplay
✅ Log	✅	TestAccComputeInstance_instanceEncryption
✅ Log	✅	TestAccComputeInstance_metadataStartupScript_update
✅ Log	✅	TestAccComputeInstance_minCpuPlatform
✅ Log	✅	TestAccComputeInstance_performanceMonitoringUnit
✅ Log	✅	TestAccComputeInstance_serviceAccount_updated
✅ Log	✅	TestAccComputeInstance_serviceAccount_updated0to1to0scopes
✅ Log	✅	TestAccComputeInstance_shieldedVmConfig
✅ Log	✅	TestAccComputeInstance_soleTenantNodeAffinities
✅ Log	✅	TestAccComputeInstance_stopInstanceToUpdate
✅ Log	✅	TestAccComputeInstance_subnetworkUpdate
✅ Log	✅	TestAccComputeInstance_updateRunning_desiredStatusRunning_allowStoppingForUpdate
✅ Log	✅	TestAccComputeInstance_updateTerminated_desiredStatusRunning_allowStoppingForUpdate
✅ Log	✅	TestAccComputeInstance_updateTerminated_desiredStatusRunning_notAllowStoppingForUpdate
✅ Log	✅	TestAccProjectIamMemberRemove_memberInMultipleBindings
✅ Log	❌ Error · Log	TestAccDataformConfig_update
❌ Error · Log	-	TestAccCloudRunService_cloudRunServiceGpuExample
❌ Error · Log	-	TestAccDataformRepository_dataformRepositoryWithCloudsourceRepoAndSshExample
❌ Error · Log	-	TestAccDataprocMetastoreService_dataprocMetastoreServicePrivateServiceConnectExample
❌ Error · Log	-	TestAccDiscoveryEngineDataStore_discoveryengineDatastoreKmsKeyNameExample
❌ Error · Log	-	TestAccManagedKafkaConnector_managedkafkaConnectorBasicExample
❌ Error · Log	-	TestAccPubsubSubscription_pubsubSubscriptionTagsExample

Caution

Issues requiring attention before PR completion

🔴 Initial Recording Failed: Some tests failed during the recording step. See the table above for details.

🔴 Replaying Rerun Failed: Some tests failed due to non-determinism when VCR replayed the response. See the table above for details.

Please address these issues to complete your PR. If you believe these detections are incorrect or unrelated to your change, please raise the concern with your reviewer.

View the recording VCR build log or the debug logs folder for detailed results.

@priyankksingh, @slevenick VCR tests complete for c2e3ad8!