6.30.0 (Unreleased)

6.29.0 (Apr 8, 2025)

FEATURES:

New Resource: google_clouddeploy_deploy_policy (#9694)
New Resource: google_control_plane_access (#9709)
New Resource: google_folder_service_identity (#9703)
New Resource: google_os_config_v2_policy_orchestrator_for_organization (#9696)

IMPROVEMENTS:

accesscontextmanager: added session_settings field to gcp_user_access_binding resource (#9720)
cloudedeploy: added timed_promote_release_rule and repair_rollout_rule fields to google_clouddeploy_automation resource (#9694)
compute: added group_placement_policy.0.tpu_topology field to google_compute_resource_policy resource. (#9702)
datastream: added support for creating streams for Salesforce source in google_datastream_stream. (#9706)
gkeonprem: added enable_advanced_cluster field to google_gkeonprem_vmware_admin_cluster resource (#9693)
gkeonprem: added enable_advanced_cluster field to google_gkeonprem_vmware_cluster resource (#9693)
memorystore: added automated_backup_config field to google_memorystore_instance resource (#9708)
netapp: added tiering_policy to google_netapp_volume_replication resource (#9716)
parametermanagerregional: added kms_key_version field to google_parameter_manager_regional_parameter_version resource and datasource (#9712)
parametermanagerregional: added kms_key field to google_parameter_manager_regional_parameter resource and google_parameter_manager_regional_parameters datasource (#9712)
redis: added automated_backup_config field to google_redis_cluster (#9682)
storage: added md5hexhash field in google_storage_bucket_object (#9722)
workbench: added confidential_instance_config field to google_workbench_instance resource (#9688)

BUG FIXES:

colab: fixed an issue where google_colab_* resources incorrectly required a provider-level region matching the resource location (#9714)
datastream: updated private_keyto be mutable in google_datastream_connection_profile resource. (#9689)
gkehub: enabled partial results to be returned when a cloud region is unreachable in google_gke_hub_feature (#9715)

6.28.0 (Apr 1, 2025)

DEPRECATIONS:

compute: deprecated enable_flow_logs in favor of log_config on google_compute_subnetwork resource. If log_config is present, flow logs are enabled, and enable_flow_logs can be safely removed. (#9679)
containerregistry: Deprecated google_container_registry resource, and google_container_registry_image and google_container_registry_repository data sources. Use google_artifact_registry_repository instead. (#9650)

FEATURES:

New Data Source: google_compute_region_backend_service (#9616)
New Data Source: google_organization_iam_custom_roles (#9628)
New Data Source: google_storage_control_folder_intelligence_config (#9655)
New Data Source: google_storage_control_organization_intelligence_config (#9655)
New Data Source: google_storage_control_project_intelligence_config (#9655)
New Resource: google_apigee_dns_zone (#9622)
New Resource: google_dataproc_metastore_database_iam_* resources (#9615)
New Resource: google_dataproc_metastore_table_iam_* (#9647)
New Resource: google_discovery_engine_sitemap (#9608)
New Resource: google_eventarc_enrollment (#9623)
New Resource: google_firebase_app_hosting_build (#9646)
New Resource: google_memorystore_instance_desired_user_created_endpoints (#9652)
New Resource: google_storage_control_folder_intelligence_config (#9644)
New Resource: google_storage_control_organization_intelligence_config (#9617)

IMPROVEMENTS:

accesscontextmanager: added roles field to ingress and egress policies of google_access_context_manager_service_perimeter* resources (#9661)
cloudfunctions2: added binary_authorization_policy field to google_cloudfunctions2_function resource (#9649)
cloudrunv2: added gpu_zonal_redundancy_disabled field to google_cloud_run_v2_service resource (#9639)
compute: added md5_authentication_keys field to google_compute_router resource (#9673)
compute: added EXTERNAL_IPV6_SUBNETWORK_CREATION as a supported value for the mode field in google_compute_public_delegated_prefix resource (#9630)
compute: added external_ipv6_prefix, stack_type, and ipv6_access_type fields to google_compute_subnetwork data source (#9660)
compute: added path_matchers.route_rules.custom_error_response_policy field to google_compute_url_map resource (#9656)
compute: added source_machine_image_encryption_key field to google_compute_instance_from_machine_image resource (#9632)
compute: added tls_settings field to google_compute_backend_service resource (#9654)
compute: added several boot_disk, attached_disk, and instance_encryption_key fields to google_compute_instance and google_compute_instance_template resources (#9669)
compute: added image_encryption_key.raw_key and image_encryption_key.rsa_encrypted_key fields to google_compute_image resource (#9669)
compute: added snapshot_encryption_key.rsa_encrypted_key field to google_compute_snapshot resource (#9669)
container: added disable_l4_lb_firewall_reconciliation field to google_container_cluster resource (#9648)
datafusion: added tags field to google_data_fusion_instance resource to allow setting tags for instances at creation time (#9609)
datastream: added blmt_config field to bigquery_destination_config resource to enable support for BigLake Managed Tables streams (#9677)
datastream: added secret_manager_stored_password field to google_datastream_connection_profile resource (#9633)
identityplatform: added disabled_user_signup and disabled_user_deletion to google_identity_platform_tenant resource (#9613)
memorystore: added psc_attachment_details field to google_memorystore_instance resource, to enable use of the fine-grained resource google_memorystore_instance_desired_user_created_connections (#9652)
memorystore: added the cross_cluster_replication_config field to the google_redis_cluster resource (#9670)
metastore: added deletion_protection field to google_dataproc_metastore_federation resource (#9674)
networksecurity: added antivirus_overrides field to google_network_security_security_profile resource (#9643)
networksecurity: added connected_deployment_groups and associations fields to google_network_security_mirroring_endpoint_group resource (#9606)
networksecurity: added locations field to google_network_security_mirroring_deployment_group resource (#9607)
networksecurity: added locations field to google_network_security_mirroring_endpoint_group_association resource (#9603)
parametermanager: added kms_key_version field to google_parameter_manager_parameter_version resource and datasource (#9642)
parametermanager: added kms_key field to google_parameter_manager_parameter resource and google_parameter_manager_parameters datasource (#9642)
provider: added external_credentials block in provider (#9658)
redis: added automated_backup_config field to google_redis_cluster resource (#9682)
storage: added content_base64 field in google_storage_bucket_object_content datasource (#9638)

BUG FIXES:

alloydb: added a mutex to google_alloydb_cluster to prevent conflicts among multiple cluster operations (#9604)
artifactregistry: fixed type assertion panic in google_artifact_registry_repository resource (#9672)
bigtable: fixed automated_backup_policy field for google_bigtable_table resource (#9627)
cloudrunv2: fixed the diffs for unchanged template.template.containers.env in google_cloud_run_v2_job resource (#9681)
compute: fixed a regression in google_compute_subnetwork where setting log_config would not enable flow logs without enable_flow_logs also being set to true. To enable or disable flow logs, please use log_config. enable_flow_logs is now deprecated and will be removed in the next major release. (#9679)
compute: fixed unable to update the preview field for google_compute_region_security_policy_rule resource (#9614)
compute: fixed unable to update the preview field for google_compute_security_policy_rule resource (#9614)
orgpolicy: fix permadiff in google_org_policy_policy when multiple rules are present (#9611)
resourcemanager: increased page size for list services api to help any teams hitting ListEnabledRequestsPerMinutePerProject quota issues (#9637)
spanner: fixed issue with applying changes in provider default_labels on google_spanner_instance resource (#9629)
storage: fixed google_storage_anywhere_cache to cancel long-running operations after create and update requests timeout (#9625)
workbench: fixed metadata permadiff in google_workbench_instance resource (#9641)

6.27.0 (Mar 25, 2025)

FEATURES:

New Data Source: google_compute_images (#9556)
New Data Source: google_organization_iam_custom_role (#9577)
New Resource: google_lustre_instance (#9601)
New Resource: google_os_config_v2_policy_orchestrator (#9579)
New Resource: google_storage_control_project_intelligence_config (#9570)

IMPROVEMENTS:

bigquery: added secondary_location and replication_status fields to support managed disaster recovery feature in google_bigquery_reservation (#9575)
clouddeploy: added dns_endpoint field to to google_clouddeploy_target resource (#9553)
compute: added group_placement_policy.0.gpu_topology field to google_compute_resource_policy resource (#9555)
compute: added shielded_instance_initial_state structure to google_compute_image resource (#9583)
compute: added LINK_TYPE_ETHERNET_400G_LR4 enum value to link_type field in google_compute_interconnect resource (#9571)
compute: added architecture and guest_os_features to google_compute_instance (#9558)
compute: added instance_lifecycle_policy.on_failed_health_check field in resources google_compute_instance_group_manager and google_compute_region_instance_group_manager (#9598)
compute: added workload_policy.type, workload_policy.max_topology_distance and workload_policy.accelerator_topology fields to google_compute_resource_policy resource (#9599)
container: added ip_endpoints_config field to google_container_cluster resource (#9597)
container: added node_config.windows_node_config field to google_container_node_pool resource. (#9559)
container: added pod_autoscaling field to google_container_cluster resource (#9574)
memorystore: added the maintenance_policy field to the google_memorystore_instance resource (#9595)
memorystore: enabled update support for node_type field in google_memorystore_instance resource (#9568)
networkmanagement: added destination.forwarding_rule, destination.gke_master_cluster, destination.fqdn, destination.cloud_sql_instance, destination.redis_instance, destination.redis_cluster, fields to google_network_management_connectivity_test resource (#9591)
networkmanagement: added round_trip, bypass_firewall_checks fields to google_network_management_connectivity_test resource (#9591)
networkmanagement: added source.gke_master_cluster, source.cloud_sql_instance, source.cloud_function, source.app_engine_version, source.cloud_run_revision fields to google_network_management_connectivity_test resource (#9591)
networksecurity: added connected_deployment_group and associations fields to google_network_security_intercept_endpoint_group resource (#9586)
networksecurity: added locations field to google_network_security_intercept_deployment_group resource (#9578)
networksecurity: added locations field to google_network_security_intercept_endpoint_group_association resource (#9600)
redis: added update support for google_redis_cluster node_type (#9554)
storage: added metadata_options in google_storage_transfer_job (#9567)

BUG FIXES:

bigqueryanalyticshub: fixed a bug in google_bigquery_analytics_hub_listing_subscription where a subscription using a different project than the dataset would not work (#9596)
cloudrun: fixed the perma-diffs for unchanged template.spec.containers.env in google_cloud_run_service resource (#9572)
cloudrunv2: fixed the perma-diffs for unchanged template.containers.env in google_cloud_run_v2_service resource (#9572)
compute: fixed the issue that user can't use regional disk in google_compute_instance_template (#9569)
dataflow: fixed a permadiff on template_gcs_path in google_dataflow_job resource (#9564)
storage: lowered the minimum required items for custom_placement_config.data_locations from 2 to 1, and removed the Terraform-enforced maximum item limit for the field in google_storage_bucket (#9562)

6.26.0 (Mar 18, 2025)

FEATURES:

New Data Source: google_project_iam_custom_role (#9551)
New Data Source: google_project_iam_custom_roles (#9519)
New Resource: google_eventarc_pipeline (#9508)
New Resource: google_firebase_app_hosting_backend (#9531)
New Resource: google_managed_kafka_connect_cluster (#9552)
New Resource: google_managed_kafka_connector (#9552)

IMPROVEMENTS:

alloydb: added psc_config field to ``google_alloydb_cluster` resource (#9548)
bigquery: added table_metadata_view query param to google_bigquery_table (#9530)
bigquery: added support for continuous query to google_bigquery_job (#9520)
clouddeploy: added dns_endpoint field to to google_clouddeploy_target resource (#9553)
compute: added UNRESTRICTED option to the tls_early_data field in the google_compute_target_https_proxy resource (#9527)
compute: added enable_flow_logs and state fields to google_compute_subnetwork resource (#9541)
container: added additional value KCP_HPA for logging_config.enable_components field in google_container_cluster resource (#9529)
dataform: added deletion_policy field to google_dataform_repository resource. Default value is DELETE. Setting deletion_policy to FORCE will delete any child resources of this repository as well. (#9549)
memorystore: added update support for engine_version field in google_memorystore_instance resource (#9534)
metastore: added create_time and update_time fields to google_dataproc_metastore_federation resource (#9528)
metastore: added create_time and update_time fields to google_dataproc_metastore_service resource (#9523)
networksecurity: added not_operations field to google_network_security_authz_policy resource (#9511)
networkservices: added ip_version and envoy_headers fields to google_network_services_gateway resource (#9514)
sql: increased settings.insights_config.query_string_length and settings.insights_config.query_string_length limits for Enterprise Plus edition sql_database_instance resource. (#9539)
storageinsights: added parquet_options field to google_storage_insights_report_config resource (#9522)
workflows: added execution_history_level field to google_workflows_workflow resource (#9509)

BUG FIXES:

accesscontextmanager: fixed panic on empty access_policies in google_access_context_manager_access_policy (#9536)
compute: adjusted mapped image names that were preventing usage of fedora-coreos in google_compute_image resource (#9513)
container: re-added DNS_SCOPE_UNSPECIFIED value to the dns_config.cluster_dns_scope field in google_container_cluster resource and suppressed diffs between DNS_SCOPE_UNSPECIFIED in config and empty/null in state (#9547)
discoveryengine: changed field dataStoreIds to mutable in google_discovery_engine_search_engine (#9506)
networksecurity: min_tls_version and tls_feature_profile fields updated to use the server assigned default and prevent a permadiff in google_network_security_tls_inspection_policy resource. (#9514)
oslogin: added a wait after creating google_os_login_ssh_public_key to allow for propagation (#9546)
spanner: fixed issue with disabling autoscaling in google_spanner_instance (#9542)

6.25.0 (Mar 11, 2025)

NOTES:

eventarc: google_eventarc_channel now uses MMv1 engine instead of DCL. (#9488)
workbench: increased create timeout for google_workbench_instance to 40mins. (#9468)

FEATURES:

New Data Source: google_compute_region_ssl_policy (#9439)
New Resource: google_eventarc_google_api_source (#9492)
New Resource: google_iam_oauth_client_credential (#9491)
New Resource: google_iam_oauth_client (#9456)
New Resource: google_network_security_backend_authentication_config (#9481)

IMPROVEMENTS:

alloydb: added psc_instance_config.psc_interface_configs field to google_alloydb_instance resource (#9469)
compute: added create_snapshot_before_destroy to google_compute_disk and google_compute_region_disk to enable creating a snapshot before disk deletion (#9442)
compute: added custom_metrics field to google_compute_backend_service and google_compute_region_backend_service (#9473)
compute: added ip_collection and ipv6_gce_endpoint fields to google_compute_subnetwork resource (#9490)
compute: added log_config.optional_mode and log_config.optional_fields fields to google_compute_region_backend_service resource (#9484)
compute: added rsa_encrypted_key to google_compute_region_disk (#9442)
compute: added scheduling.termination_time field to google_compute_instance, google_compute_instance_from_machine_image, google_compute_instance_from_template, google_compute_instance_template, and google_compute_region_instance_template resources (#9479)
compute: added update support for firewall_policy in google_compute_firewall_policy_association resource. It is recommended to only perform this operation in combination with a protective lifecycle tag such as "create_before_destroy" or "prevent_destroy" on your previous firewall_policy resource in order to prevent situations where a target attachment has no associated policy. (#9495)
compute: made purpose field updatable in google_compute_subnetwork. (#9489)
container: added "JOBSET" as a supported value for enable_components in google_container_cluster resource (#9453)
datastream: added support for creating connection profiles for Salesforce in google_datastream_connection_profile (#9482)
firebasedataconnect: added deletion_policy field to google_firebase_data_connect_service resource (#9496)
networksecurity: added description field to google_network_security_intercept_deployment, google_network_security_intercept_deployment_group, google_network_security_intercept_endpoint_group resources (#9474)
networksecurity: added description field to google_network_security_mirroring_deployment, google_network_security_mirroring_deployment_group, google_network_security_mirroring_endpoint_group resources (#9476)
tpuv2: added spot field to google_tpu_v2_vm resource (#9478)
workstations: added tags field to google_workstations_workstation_cluster resource (#9441)

BUG FIXES:

backupdr: added missing SUNDAY option to days_of_week field in google_backup_dr_backup_plan resource (#9446)
compute: fixed network_interface.internal_ipv6_prefix_length not being set or read in Terraform state in google_compute_instance resource (#9444)
compute: fixed bug in google_compute_router_nat where max_ports_per_vm couldn't be unset once set. (#9483)
container: fixed perma-diff in google_container_cluster when cluster_dns_scope is unspecified (#9443)
networksecurity: added wait time on google_network_security_gateway_security_policy_rule resource when creating and deleting to prevent race conditions (#9448)

6.24.0 (Mar 3, 2025)

NOTES:

gemini: removed unsupported value GEMINI_CLOUD_ASSIST for field product in google_gemini_logging_setting_binding resource (#9438)
gemini: removed unsupported value GEMINI_CODE_ASSIST for field product in google_gemini_data_sharing_with_google_setting_binding resource (Beta) (#9437)
iam: added member value to the error message when member validation fails for google_project_iam_* (#9406)

DEPRECATIONS:

datacatalog: deprecated google_data_catalog_entry and google_data_catalog_tag resources. For steps to transition your Data Catalog users, workloads, and content to Dataplex Catalog, see https://cloud.google.com/dataplex/docs/transition-to-dataplex-catalog. (#9393)
notebooks: deprecated non-functional google_notebooks_location resource (#9373)

FEATURES:

New Data Source: google_memorystore_instance (#9400)
New Resource: google_apihub_host_project_registration (#9419)
New Resource: google_compute_instant_snapshot (#9412)
New Resource: google_eventarc_message_bus (#9423)
New Resource: google_gemini_data_sharing_with_google_setting_binding (GA) (#9437)
New Resource: google_gemini_gcp_enablement_setting_binding (GA) (#9407)
New Resource: google_gemini_gemini_gcp_enablement_setting_binding (#9392)
New Resource: google_storage_anywhere_cache (#9389)

IMPROVEMENTS:

compute: added creation_timestamp, next_hop_peering, warnings.code, warnings.message, warnings.data.key, warnings.data.value, next_hop_hub, route_type, as_paths.path_segment_type, as_paths.as_lists and route_status fields to google_compute_route resource (#9386)
compute: added max_stream_duration field to google_compute_url_map resource (#9387)
compute: added fields architecture, source_instant_snapshot, source_storage_object, resource_manager_tags to google_compute_disk. (#9412)
container: added enum value UPGRADE_INFO_EVENT for GKE notification filter in google_container_cluster resource (#9421)
iam: added AZURE_AD_GROUPS_ID field to google_iam_workforce_pool_provider.extra_attributes_oauth2_client.attributes_type resource (#9433)
networkconnectivity: added policy_mode field to google_network_connectivity_hub resource (#9409)
networkservices: added location field to google_network_services_grpc_route resource (#9429)
storagetransfer: added logging_config field to google_storage_transfer_job resource (#9378)

BUG FIXES:

bigquery: updated the max_staleness field in google_bigquery_table to be a computed field (#9411)
chronicle: fixed an error during resource creation with certain run_frequency configurations in google_chronicle_rule_deployment (#9422)
discoveryengine: fixed bug preventing creation of google_discovery_engine_target_site resources (#9436)
eventarc: fixed an issue where google_eventarc_trigger creation failed due to the region could not be parsed from the trigger's name (#9383)
gemini: fixed permadiff on product field in google_gemini_data_sharing_with_google_setting_binding resource (Beta) (#9437)
publicca: encoded b64_mac_key in base64url, instead of base64 in google_public_ca_external_account_key (#9424)
storage: fixed a 412 error returned on some google_storage_bucket_iam_policy deletions (#9434)

6.23.0 (Feb 26, 2025)

NOTES:

The google_sql_user resource now supports password_wo write-only arguments
The google_bigquery_data_transfer_config resource now supports secret_access_key_wo write-only arguments
The google_secret_version resource now supports secret_data_wo write-only arguments

IMPROVEMENTS:

sql: added password_wo and password_wo_version fields to google_sql_user resource (#21616)
bigquerydatatransfer: added secret_access_key_wo and secret_access_key_wo_version fields to google_bigquery_data_transfer_config resource (#21617)
secretmanager: added secret_data_wo and secret_data_wo_version fields to google_secret_version resource (#21618)

6.22.0 (Feb 24, 2025)

NOTES:

provider: The Terraform Provider for Google Cloud's regular release date will move from Monday to Tuesday in early March. The 2025/03/10 release will be made on 2025/03/11.

DEPRECATIONS:

datacatalog: deprecated google_data_catalog_tag_template. Use google_dataplex_aspect_type instead. For steps to transition your Data Catalog users, workloads, and content to Dataplex Catalog, see https://cloud.google.com/dataplex/docs/transition-to-dataplex-catalog. (#9347)
datacatalog: deperecated google_data_catalog_entry_group. Use google_dataplex_entry_group instead. For steps to transition your Data Catalog users, workloads, and content to Dataplex Catalog, see https://cloud.google.com/dataplex/docs/transition-to-dataplex-catalog. (#9349)

FEATURES:

New Data Source: google_alloydb_cluster (#9361)
New Data Source: google_project_ancestry (#9326)
New Resource: google_gemini_data_sharing_with_google_setting_binding (#9356)
New Resource: google_spanner_instance_partition (#9354)

IMPROVEMENTS:

compute: added import_subnet_routes_with_public_ip and export_subnet_routes_with_public_ip fields to google_compute_network_peering_routes_config resource (#9320)
developerconnect: added bitbucket_cloud_config and bitbucket_data_center_config fields to google_developer_connect_connection resource (ga) (#9338)
iam: added extra_attributes_oauth2_client field to google_iam_workforce_pool_provider resource (#9336)
redis: added kms_key field to google_redis_cluster resource (#9334)
tpuv2: added network_config field to google_tpu_v2_queued_resource resource (#9332)

BUG FIXES:

apigee: fixed error when deleting google_apigee_organization (#9352)
bigtable: fixed a bug where sometimes updating an instance's cluster list could result in an error if there was an existing cluster with autoscaling enabled (#9368)
chronicle: fixed bug setting enabled on creation in google_chronicle_rule_deployment (#9343)

6.21.0 (Feb 18, 2025)

NOTES:

provider: The Terraform Provider for Google Cloud's regular release date will move from Monday to Tuesday in early March. The 2025/03/10 release will be made on 2025/03/11.

FEATURES:

New Data Source: google_alloydb_instance (#9307)
New Resource: google_firebase_data_connect_service (#9304)
New Resource: google_gemini_data_sharing_with_google_setting (#9250)
New Resource: google_gemini_gemini_gcp_enablement_setting (beta) (#9253)
New Resource: google_gemini_logging_setting_binding (#9292)
New Resource: google_gemini_release_channel_setting_binding (#9287)
New Resource: google_netapp_volume_quota_rule (#9248)

IMPROVEMENTS:

accesscontextmanager: added etag to access context manager directional policy resources google_access_context_manager_service_perimeter_dry_run_egress_policy, google_access_context_manager_service_perimeter_dry_run_ingress_policy, google_access_context_manager_service_perimeter_egress_policy and google_access_context_manager_service_perimeter_ingress_policy to prevent overriding changes (#9302)
accesscontextmanager: added title field to policy blocks under google_access_context_manager_service_perimeter and variants (#9259)
artifactregistry: set pageSize to 1000 to speedup google_artifact_registry_docker_image data source queries (#9297)
compute: added graceful_shutdown field to google_compute_instance, google_compute_instance_template and google_compute_region_instance_template resource (#9278)
compute: added labels field to google_compute_ha_vpn_gateway resource (#9309)
compute: added validation for disk names in google_compute_disk (#9280)
container: added new fields container_log_max_size, container_log_max_files, image_gc_low_threshold_percent, image_gc_high_threshold_percent, image_minimum_gc_age, image_maximum_gc_age, and allowed_unsafe_sysctls to node_kubelet_config block in google_container_cluster resource. (#9274)
monitoring: added condition_sql field to google_monitoring_alert_policy resource (#9242)
networkservices: added location field to google_network_services_mesh resource (#9282)
workstations: added update support to persistent_directories.gce_pd.size_gb and persistent_directories.gce_pd.disk_type in google_workstations_workstation_config resource (#9305)
securitycenter: added type, expiry_time field to google_scc_mute_config resource (#9273)

BUG FIXES:

chronicle: fixed creation issues when optional fields were missing for google_chronicle_rule_deployment resource (#9312)
dns: fixed a bug where google_dns_managed_zone is unable to update with service_directory_config specified (#9239)
databasemigrationservice: fixed error details type on google_database_migration_service_migration_job (#9244)
networkservices: fixed a bug with google_network_services_authz_extension.wire_format sending an invalid default value by removing the Terraform default and letting the API set the default. (#9245)

6.20.0 (Feb 10, 2025)

NOTES:

provider: The Terraform Provider for Google Cloud's regular release date will move from Monday to Tuesday in early March. The 2025/03/10 release will be made on 2025/03/11.
compute: google_compute_firewall_policy now uses MMv1 engine instead of DCL. (#9228)

FEATURES:

New Data Source: google_beyondcorp_application_iam_policy (#9205)
New Data Source: google_parameter_manager_parameter_version_render (#9190)
New Data Source: google_parameter_manager_regional_parameter_version_render (#9232)
New Resource: google_beyondcorp_application (#9205)
New Resource: google_beyondcorp_application_iam_binding (#9205)
New Resource: google_beyondcorp_application_iam_member (#9205)
New Resource: google_beyondcorp_application_iam_policy (#9205)
New Resource: google_bigquery_analytics_hub_listing_subscription (#9195)
New Resource: google_colab_notebook_execution (#9186)
New Resource: google_colab_schedule (#9226)
New Resource: google_compute_network_firewall_policy_packet_mirroring_rule (#9202)
New Resource: google_gemini_logging_setting (#9198)
New Resource: google_gemini_release_channel_setting (#9207)

IMPROVEMENTS:

accesscontextmanager: added resource to sources in egress_from under resources google_access_context_manager_service_perimeter, google_access_context_manager_service_perimeters, google_access_context_manager_service_perimeter_egress_policy, google_access_context_manager_service_perimeter_dry_run_egress_policy (#9196)
cloudrunv2: added base_image_uri and build_info to google_cloud_run_v2_service (#9229)
colab: added auto_upgrade field to google_colab_runtime (#9216)
colab: added software_config.post_startup_script_config field to google_colab_runtime_template (#9206)
colab: added desired_state field to google_colab_runtime, making it startable/stoppable (#9209)
compute: added ip_collection field to google_compute_forwarding_rule resource (#9194)
compute: added mode and allocatable_prefix_length fields to google_compute_public_delegated_prefix resource (#9218)
compute: allow parallelization of google_compute_per_instance_config and google_compute_region_per_instance_config deletions by not locking on the parent resource, but including instance name. (#9181)
container: added auto_monitoring_config field and subfields to the google_container_cluster resource (#9224)
filestore: added initial_replication field for peer instance configuration and effective_replication output for replication configuration output to google_filestore_instance (#9200)
memorystore: added CLUSTER_DISABLED to mode field in google_memorystore_instance (#9178)
networkservices: added compression_mode and allowed_methods fields to google_network_services_edge_cache_service resource (#9201)
privateca: added user_defined_access_urls and subfields to google_privateca_certificate_authority resource to add support for custom CDP AIA URLs (#9221)
workbench: added enable_third_party_identity field to google_workbench_instance resource (#9236)

6.19.0 (Feb 3, 2025)

NOTES:

tpuv2: made service use the v2alpha1 Cloud TPU API version, which is used for Public Preview features (#9131)

DEPRECATIONS:

beyondcorp: deprecated location on google_beyondcorp_security_gateway. The only valid value is global, which is now also the default value. The field will be removed in a future major release. (#9121)

FEATURES:

New Data Source: google_parameter_manager_parameter_version (#9154)
New Data Source: google_parameter_manager_parameters (#9148)
New Data Source: google_parameter_manager_regional_parameter_version (#9165)
New Resource: google_beyondcorp_security_gateway_iam_binding (#9169)
New Resource: google_beyondcorp_security_gateway_iam_member (#9169)
New Resource: google_beyondcorp_security_gateway_iam_policy (#9169)

IMPROVEMENTS:

accesscontextmanager: added etag to google_access_context_manager_service_perimeter_dry_run_resource to prevent overriding list of resources (#9120)
bigquery: added schema_foreign_type_info field and related schema handling to google_bigquery_table resource (beta) (#9122)
compute: allowed parallelization of google_compute_(region_)per_instance_config by not locking on the parent resource, but including instance name. (#9116)
compute: added network_profile field to google_compute_network resource. (#9135)
compute: added zero_advertised_route_priority field to google_compute_router_peer (#9133)
container: added max_run_duration to node_config in google_container_cluster and google_container_node_pool (#9163)
dataproc: added encryption_config to google_dataproc_workflow_template (#9168)
gkehub2: added support for fleet_default_member_config.config_management.config_sync.metrics_gcp_service_account_email field to google_gke_hub_feature resource (#9147)
iam: added prefix and regex fields to google_service_accounts data source (#9129)
pubsub: added ingestion_data_source_settings.aws_msk and ingestion_data_source_settings.confluent_cloud fields to google_pubsub_topic resource (#9114)
spanner: added encryption_config field to google_spanner_backup_schedule (#9161)
workflows: added tags and workflow_tags fields to google_workflows_workflow resource (#9152)

BUG FIXES:

alloydb: marked google_alloydb_user.password as sensitive (#9124)
beyondcorp: corrected location to always be global in google_beyondcorp_security_gateway (#9121)
cloudquotas: removed validation for parent in google_cloud_quotas_quota_adjuster_settings (#9153)
compute: made google_compute_router_peer.advertised_route_priority use server-side default if unset. To set the value to 0 you must also set zero_advertised_route_priority = true. (#9133)
container: fixed a diff caused by server-side set values for node_config.resource_labels (#9171)
container: marked cluster_autoscaling.resource_limits.maximum as required, as requests would fail if it was not set (#9151)
firestore: fixed error preventing deletion of wildcard fields in google_firestore_field (#9140)
netapp: fixed an issue where a diff on zone would be found if it was unspecified in google_netapp_storage_pool (#9157)
networksecurity: fixed sporadic-diff in google_network_security_security_profile (#9162)
spanner: fixed bug with google_spanner_instance.force_destroy not setting billing_project value correctly (#9132)
storage: fixed an issue where plans with a dependency on the content field in the google_storage_bucket_object_content data source could erroneously fail (#9166)

6.18.1 (January 29, 2025)

BUG FIXES:

container: fixed a diff caused by server-side set values for node_config.resource_labels (#9171)

6.18.0 (January 27, 2025)

FEATURES:

New Data Source: google_compute_instance_template_iam_policy (#9085)
New Data Source: google_kms_key_handles (#9105)
New Data Source: google_organizations (#9093)
New Data Source: google_parameter_manager_parameter (#9084)
New Data Source: google_parameter_manager_regional_parameters (#9089)
New Resource: google_apihub_api_hub_instance (#9080)
New Resource: google_chronicle_retrohunt (#9090)
New Resource: google_colab_runtime (#9076)
New Resource: google_colab_runtime_template_iam_binding (#9091)
New Resource: google_colab_runtime_template_iam_member (#9091)
New Resource: google_colab_runtime_template_iam_policy (#9091)
New Resource: google_compute_instance_template_iam_binding (#9085)
New Resource: google_compute_instance_template_iam_member (#9085)
New Resource: google_compute_instance_template_iam_policy (#9085)
New Resource: google_parameter_manager_parameter_version (#9111)
New Resource: google_redis_cluster_user_created_connections (#9099)

IMPROVEMENTS:

alloydb: added support for skip_await_major_version_upgrade field in google_alloydb_cluster resource, allowing for major_version to be updated (#9066)
apigee: added properties field to google_apigee_environment resource (#9072)
bug: added support for setting custom_learned_route_priority to 0 in 'google_compute_router_peer' by adding the zero_custom_learned_route_priority field (#9083)
cloudrunv2: added build_config to google_cloud_run_v2_service (#9100)
compute: added dest_network_scope, src_network_scope and src_networks fields to google_compute_firewall_policy_rule resource (beta) (#9082)
compute: added dest_network_scope, src_network_scope and src_networks fields to google_compute_firewall_policy_with_rules resource (beta) (#9082)
compute: added dest_network_scope, src_network_scope and src_networks fields to google_compute_network_firewall_policy_rule resource (beta) (#9082)
compute: added dest_network_scope, src_network_scope and src_networks fields to google_compute_network_firewall_policy_with_rules resource (beta) (#9082)
compute: added dest_network_scope, src_network_scope and src_networks fields to google_compute_region_network_firewall_policy_rule resource (beta) (#9082)
compute: added dest_network_scope, src_network_scope and src_networks fields to google_compute_region_network_firewall_policy_with_rules resource (beta) (#9082)
compute: added pdp_scope field to google_compute_public_advertised_prefix resource (#9096)
compute: adding labels field to google_compute_interconnect_attachment (#9095)
compute: fixed a issue where custom_learned_route_priority was accidentally set to 0 during updates in 'google_compute_router_peer' (#9083)
filestore: added support for tags field to google_filestore_instance resource (#9086)
networksecurity: added custom_mirroring_profile and custom_intercept_profile fields to google_network_security_security_profile and google_network_security_security_profile_group resources (#9110)
pubsub: added enforce_in_transit fields to google_pubsub_topic resource (#9069)
pubsub: added ingestion_data_source_settings.azure_event_hubs field to google_pubsub_topic resource (#9065)
redis: added psc_service_attachments field to google_redis_cluster resource, to enable use of the fine-grained resource google_redis_cluster_user_created_connections (#9099)

BUG FIXES:

apigee: fixed properties field update on google_apigee_environment resource (#9107)
artifactregistry: fixed perma-diff in google_artifact_registry_repository (#9109)
compute: fixed failure when creating google_compute_global_forwarding_rule with labels targeting PSC endpoint (#9106)
container: fixed additive_vpc_scope_dns_domain being ignored in Autopilot cluster definition (#9075)
container: fixed propagation of node_pool_defaults.node_config_defaults.insecure_kubelet_readonly_port_enabled in node config. (#9074)
iam: fixed missing result by adding pagination for data source google_service_accounts. (#9094)
metastore: increased timeout on google_dataproc_metastore_service operations to 75m from 60m. This will expose server-returned reasons for operation failure instead of masking them with a Terraform timeout. (#9102)
resourcemanager: added a slightly longer wait (two 10s checks bumped to 15s) for issues with billing associations in google_project. Default network deletion should succeed more often. (#9103)

6.17.0 (January 21, 2025)

FEATURES:

New Data Source: google_parameter_manager_regional_parameter (beta) (#9030)
New Resource: google_apigee_environment_addons_config (#9021)
New Resource: google_chronicle_reference_list (beta) (#9047)
New Resource: google_chronicle_rule_deployment (#9043)
New Resource: google_chronicle_rule (#9032)
New Resource: google_colab_runtime_template (#9050)
New Resource: google_edgenetwork_interconnect_attachment (#9024)
New Resource: google_parameter_manager_parameter (#9041)
New Resource: google_parameter_manager_regional_parameter_version (#9062)
New Resource: google_parameter_manager_regional_parameter (#9026)

IMPROVEMENTS:

accesscontextmanager: added etag to google_access_context_manager_service_perimeter_resource to prevent overriding list of resources (#9058)
compute: added BPS_100G enum value to bandwidth field of google_compute_interconnect_attachment. (#9040)
compute: added support for IPV6_ONLY stack_type to google_compute_subnetwork, google_compute_instance, google_compute_instance_template and google_compute_region_instance_template. (#9020)
compute: promoted bgp_best_path_selection_mode ,bgp_bps_always_compare_med and bgp_bps_inter_region_cost fields in google_compute_network from Beta to Ga (#9029)
compute: promoted next_hop_origin ,next_hop_med and next_hop_inter_region_cost output fields in google_compute_route form Beta to GA (#9029)
discoveryengine: added advanced_site_search_config field to google_discovery_engine_data_store resource (#9060)
gemini: added force_destroy field to resource google_code_repository_index, enabling deletion of the resource even when it has dependent RepositoryGroups (#9036)
networkservices: added in-place update support for ports field on google_network_services_gateway resource (#9056)
sql: sql_source_representation_instance now uses string representation of databaseVersion (#9027)
sql: added replication_cluster field to google_sql_database_instance resource (#9044)
sql: added support of switchover for MySQL and PostgreSQL in google_sql_database_instance resource (#9044)
workbench: changed container_image field of google_workbench_instance resource to modifiable. (#9046)

BUG FIXES:

apigee: fixed error 404 for organization update requests. (#9022)
artifactregistry: fixed artifact_registry_repository not accepting durations with 'm', 'h' or 'd' (#9054)
networkservices: fixed bug where google_network_services_gateway could not be updated in place (#9056)
storagetransfer: fixed a permadiff with transfer_spec.aws_s3_data_source.aws_access_key in google_storage_transfer_job (#9019)

6.16.0 (January 13, 2025)

FEATURES:

New Data Source: google_kms_autokey_config (#8986)
New Resource: google_beyondcorp_security_gateway (#9017)
New Resource: google_chronicle_data_access_label (#8999)
New Resource: google_chronicle_data_access_scope (#9000)
New Resource: google_cloud_quotas_quota_adjuster_settings (#9005)

IMPROVEMENTS:

chronicle: updated watchlist_id field to be optional in google_chronicle_watchlist resource (#8988)
developerconnect: added crypto_key_config, github_enterprise_config, gitlab_config , and gitlab_enterprise_config fields to google_developer_connect_connection resource (#8998)
dns: added health_check and external_endpoints fields to google_dns_record_set resource (#9016)
sql: added server_ca_pool field to google_sql_database_instance resource (#9008)
vmwareengine: allowed import of non-STANDARD private clouds in google_vmwareengine_private_cloud (#9006)

BUG FIXES:

dataproc: fixed boolean fields in shielded_instance_config in the google_dataproc_cluster resource (#9003)
gkeonprem: fixed permadiff on vcenter field in google_gkeonprem_vmware_cluster resource (#9011)
kms: fixed permadiff on google_kms_autokey_config by introducing a 5 second sleep post-create / post-update (#8992)
networkservices: fixed google_network_services_gateway resource so that it correctly waits for the router to be deleted on terraform destroy (#8993)
provider: fixed issue where GOOGLE_CLOUD_QUOTA_PROJECT env var would override explicit billing_project (#9012)

6.15.0 (January 6, 2025)

NOTES:

compute: google_compute_firewall_policy_association now uses MMv1 engine instead of DCL. (#8948)

DEPRECATIONS:

compute: deprecated numeric_id (string) field in google_compute_network resource. Use the new network_id (integer) field instead (#8915)

FEATURES:

New Data Source: google_gke_hub_feature (#8930)
New Data Source: google_kms_autokey_config (#8986)
New Data Source: google_kms_key_handle (#8933)
New Resource: google_gkeonprem_vmware_admin_cluster (#8932)
New Resource: google_chronicle_watchlist (#8983)
New Resource: google_network_security_intercept_endpoint_group_association (#8958)
New Resource: google_network_security_intercept_endpoint_group (#8912)
New Resource: google_storage_folder (#8961)

IMPROVEMENTS:

artifactregistry: added vulnerability_scanning_config field to google_artifact_registry_repository resource (#8934)
bigquery: added condition field to google_bigquery_dataset_access resource (#8921)
bigquery: added condition field to google_bigquery_dataset resource (#8921)
bigquery: added external_catalog_table_options field to google_bigquery_table resource (#8942)
composer: added airflow_metadata_retention_config field to google_composer_environment (#8963)
compute: added back the validation for target_service field on the google_compute_service_attachment resource to validade a ForwardingRule or Gateway URL (#8924)
compute: added availability_domain field to google_compute_instance, google_compute_instance_template and google_compute_region_instance_template resources (#8914)
compute: added network_id (integer) field to google_compute_network resource and data source (#8915)
compute: added preset_topology field to google_network_connectivity_hub resource (#8929)
compute: added subnetwork_id field to google_compute_subnetwork data source (#8893)
compute: made setting resource policies for google_compute_instance outside of terraform or using google_compute_disk_resource_policy_attachment no longer affect the boot_disk.initialize_params.resource_policies field (#8959)
container: changed google_container_cluster to apply maintenance policy updates after upgrades during cluster update (#8922)
container: made nodepool concurrent operations scale better for google_container_cluster and google_container_node_pool resources (#8943)
datastream: added gtid and binary_log_position fields to google_datastream_stream resource (#8967)
developerconnect: added support for setting up a google_developer_connect_connection resource without specifying the authorizer_credentials field (#8953)
filestore: added tags field to google_filestore_backup to allow setting tags for backups at creation time (#8928)
networkconnectivity: added group field to google_network_connectivity_spoke resource (#8909)
parallelstore: added deployment_type field to google_parallelstore_instance resource (#8939)
storagetransfer: added replication_spec field to google_storage_transfer_job resource (#8976)
workbench: made gcs-data-bucket metadata key modifiable in google_workbench_instance resource (#8936)
workstations: added source_workstation field to google_workstations_workstation resource (#8938)

BUG FIXES:

accesscontextmanager: fixed permadiff due to reordering on google_access_context_manager_service_perimeter_dry_run_egress_policy egress_from.identities (#8980)
accesscontextmanager: fixed permadiff due to reordering on google_access_context_manager_service_perimeter_dry_run_ingress_policy ingress_from.identities (#8980)
accesscontextmanager: fixed permadiff due to reordering on google_access_context_manager_service_perimeter_egress_policy egress_from.identities (#8980)
accesscontextmanager: fixed permadiff due to reordering on google_access_context_manager_service_perimeter_ingress_policy ingress_from.identities (#8980)
apigee: fixed 404 error when updating google_apigee_environment (#8949)
bigquery: fixed DROP COLUMN error with bigquery flexible column names in google_bigquery_table (#8982)
compute: allowed Service Attachment with Project Number to be used as google_compute_forwarding_rule.target (#8978)
compute: fixed an issue where terraform plan -refresh=false with google_compute_ha_vpn_gateway.gateway_ip_version would plan a resource replacement if a full refresh had not been run yet. Terraform now assumes that the value is the default value, IPV4, until a refresh is completed. (#8904)
compute: fixed panic when zonal resize request fails on google_compute_resize_request (#8941)
compute: fixed perma-destroy for psc_data in google_compute_region_network_endpoint_group resource (#8972)
compute: fixed google_compute_instance_guest_attributes to return an empty list when queried values don't exist instead of throwing an error (#8957)
integrationconnectors: allowed AUTH_TYPE_UNSPECIFIED option in google_integration_connectors_connection resource to support non-standard auth types (#8971)
logging: fixed bug in google_logging_project_bucket_config when providing project in the format of <project-id-only> (#8923)
networkconnectivity: made include_export_ranges and exclude_export_ranges fields mutable in google_network_connectivity_spoke to avoid recreation of resources (#8946)
sql: fixed permadiff when settings.data_cache_config is set to false for google_sql_database_instance resource (#8889)
storage: made resource_google_storage_bucket_object generate diff for md5hash, generation, crc32c if content changes (#8908)
vertexai: made contents_delta_uri an optional field in google_vertex_ai_index (#8969)
workbench: fixed an issue where a server-added metadata tag of "resource-url" would not be ignored on google_workbench_instance (#8927)

6.14.1 (December 18, 2024)

BUG FIXES:

compute: fixed an issue where google_compute_firewall_policy_rule was incorrectly removed from the Terraform state (#8940)

6.14.0 (December 16, 2024)

FEATURES:

New Resource: google_network_security_intercept_deployment_group (#8859)
New Resource: google_network_security_intercept_deployment (#8876)
New Resource: google_network_security_authz_policy (#8847)
New Resource: google_network_services_authz_extension (#8847)

IMPROVEMENTS:

compute: google_compute_instance is no longer recreated when changing boot_disk.auto_delete (#8837)
compute: added CA_ENTERPRISE_ANNUAL option for field cloud_armor_tier in google_compute_project_cloud_armor_tier resource (#8848)
compute: added network_tier field to google_compute_global_forwarding_rule resource (#8838)
compute: made metadata_startup_script able to be updated via graceful switch in google_compute_instance (#8888)
firebasehosting: added headers field in google_firebase_hosting_version resource (#8887)
identityplatform: marked quota.0.sign_up_quota_config subfields conditionally required in google_identity_platform_config to move errors from apply time up to plan time, and clarified the rule in documentation (#8869)
networkconnectivity: added support for updating linked_vpn_tunnels.include_import_ranges, linked_interconnect_attachments.include_import_ranges, linked_router_appliance_instances. instances and linked_router_appliance_instances.include_import_ranges in google_network_connectivity_spoke (#8883)
orgpolicy: added parameters fields to google_org_policy_policy resource (#8881)
storage: added hdfs_data_source field to google_storage_transfer_job resource (#8839)
tpuv2: added network_configs and network_config.queue_count fields to google_tpu_v2_vm resource (#8865)

BUG FIXES:

accesscontextmanager: fixed an update bug in google_access_context_manager_perimeter by removing the broken output-only etag field in google_access_context_manager_perimeter and google_access_context_manager_perimeters (#8891)
compute: fixed permadiff on the recaptcha_options field for google_compute_security_policy resource (#8861)
compute: fixed issue where updating labels on resource_google_compute_resource_policy would fail because of a patch error with guest_flush (#8874)
networkconnectivity: fixed linked_router_appliance_instances.instances.virtual_machine and linked_router_appliance_instances.instances.ip_address attributes in google_network_connectivity_spoke to be correctly marked as required. Otherwise the request to create the resource will fail. (#8883)
privateca: fixed an issue which causes error when updating labels for activated sub-CA (#8872)
sql: fixed permadiff when 'settings.data_cache_config' is set to false for 'google_sql_database_instance' resource (#8889)

6.13.0 (December 9, 2024)

NOTES:

New ephemeral resources google_service_account_access_token, google_service_account_id_token, google_service_account_jwt, google_service_account_key now support ephemeral values. DEPRECATIONS:
gkehub: deprecated configmanagement.config_sync.metrics_gcp_service_account_email in google_gke_hub_feature_membership resource (#8827)

FEATURES:

New Ephemeral Resource: google_service_account_access_token (#20542)
New Ephemeral Resource: google_service_account_id_token (#20542)
New Ephemeral Resource: google_service_account_jwt (#20542)
New Ephemeral Resource: google_service_account_key (#20542)
New Data Source: google_backup_dr_backup_vault (#8775)
New Data Source: google_backup_dr_backup (beta) (#8762)
New Resource: google_gemini_code_repository_index (#8781)
New Resource: google_gemini_repository_group_iam_binding (beta only) (#8824)
New Resource: google_gemini_repository_group_iam_member (beta only) (#8824)
New Resource: google_gemini_repository_group_iam_policy (beta only) (#8824)
New Resource: google_gemini_repository_group (beta only) (#8824)
New Resource: google_iam_projects_policy_binding (beta) (#8756)
New Resource: google_network_security_mirroring_deployment (#8791)
New Resource: google_network_security_mirroring_deployment_group (#8791)
New Resource: google_network_security_mirroring_endpoint_group_association (#8791)
New Resource: google_network_security_mirroring_endpoint_group (#8791)
New Resource: google_tpu_v2_queued_resource (beta) (#8760)

IMPROVEMENTS:

accesscontextmanager: added etag to google_access_context_manager_service_perimeter and google_access_context_manager_service_perimeters (#8767)
alloydb: increased default timeout on google_alloydb_cluster to 120m from 30m (#8820)
bigtable: added row_affinity field to google_bigtable_app_profile resource (#8753)
cloudbuild: added private_service_connect field to google_cloudbuild_worker_pool resource (#8827)
clouddeploy: added associated_entities field to google_clouddeploy_target resource (#8827)
clouddeploy: added serial_pipeline.strategy.canary.runtime_config.kubernetes.gateway_service_mesh.route_destinations field to google_clouddeploy_delivery_pipeline resource (#8827)
composer: added multiple composer 3 related fields to google_composer_environment (GA) (#8784)
compute: google_compute_instance, google_compute_instance_template, google_compute_region_instance_template now supports advanced_machine_features.enable_uefi_networking field (#8805)
compute: added support for specifying storage pool with name or partial url (#8794)
compute: added numeric_id to the google_compute_network data source (#8821)
compute: added threshold_configs field to google_compute_security_policy resource (#8818)
compute: added server generated id as forwarding_rule_id to google_compute_global_forwarding_rule (#8736)
compute: added server generated id as health_check_id to google_region_health_check (#8736)
compute: added server generated id as instance_group_manager_id to google_instance_group_manager (#8736)
compute: added server generated id as instance_group_manager_id to google_region_instance_group_manager (#8736)
compute: added server generated id as network_endpoint_id to google_region_network_endpoint (#8736)
compute: added server generated id as subnetwork_id to google_subnetwork (#8736)
compute: added the psc_data field to the google_compute_region_network_endpoint_group resource (#8766)
container: added enterprise_config field to google_container_cluster resource (#8808)
container: added node_pool_autoconfig.linux_node_config.cgroup_mode field to google_container_cluster resource (#8771)
dataproc: added autotuning_config and cohort fields to google_dataproc_batch (#8740)
dataproc: added cluster_config.preemptible_worker_config.instance_flexibility_policy.provisioning_model_mix field to google_dataproc_cluster resource (#8732)
dataproc: added confidential_instance_config field to google_dataproc_cluster resource (#8790)
discoveryengine: added HEALTHCARE_FHIR to industry_vertical field in google_discovery_engine_search_engine (#8778)
gkehub: added configmanagement.config_sync.stop_syncing field to google_gke_hub_feature_membership resource (#8827)
monitoring: added disable_metric_validation field to google_monitoring_alert_policy resource (#8817)
oracledatabase: added deletion_protection field to google_oracle_database_autonomous_database (#8787)
oracledatabase: added deletion_protection field to google_oracle_database_cloud_exadata_infrastructure (#8788)
oracledatabase: added deletion_protection field to google_oracle_database_cloud_vm_cluster (#8730)
parallelstore: added deployment_type to google_parallelstore_instance (#8769)
resourcemanager: made google_service_account email and member fields available during plan (#8799)

BUG FIXES:

apigee: fixed error of update in google_apigee_developer resource (#8728)
apigee: made google_apigee_organization wait for deletion operation to complete. (#8795)
cloudfunctions: fixed issue when updating vpc_connector_egress_settings field for google_cloudfunctions_function resource. (#8755)
dataproc: ensured oneOf condition is honored when expanding the job configuration for Hive, Pig, Spark-sql, and Presto in google_dataproc_job. (#8765)
gkehub: fixed allowable value INSTALLATION_UNSPECIFIED in template_library.installation (#8831)
sql: fixed edition downgrade failure for an ENTERPRISE_PLUS instance with data cache enabled. (#8731)

6.12.0 (November 18, 2024)

FEATURES:

New Data Source: google_access_context_manager_access_policy (#8676)
New Data Source: google_backup_dr_data_source (#8641)
New Resource: google_dataproc_gdc_spark_application (#8662)
New Resource: google_iam_folders_policy_binding (#8677)
New Resource: google_iam_organizations_policy_binding (#8679)

IMPROVEMENTS:

artifactregistry: added common_repository field to google_artifact_registry_repository resource (#8681)
backupdr: added access_restriction field togoogle_backup_dr_backup_vault resource (beta) (#8656)
cloudrunv2: added urls output field to google_cloud_run_v2_service resource (#8686)
compute: added IDPF as a possible value for the network_interface.nic_type field in google_compute_instance resource (#8664)
compute: added IDPF as a possible value for the guest_os_features.type field in google_compute_image resource (#8664)
compute: added replica_names field to sql_database_instance resource (#8637)
filestore: added performance_config field to google_filestore_instance resource (#8647)
redis: added persistence_config to google_redis_cluster. (#8643)
securesourcemanager: added workforce_identity_federation_config field to google_secure_source_manager_instance resource (#8670)
spanner: added default_backup_schedule_type field to google_spanner_instance (#8644)
sql: added psc_auto_connections fields to google_sql_database_instance resource (#8682)

BUG FIXES:

accesscontextmanager: fixed permadiff in perimeter google_access_context_manager_service_perimeter_ingress_policy and google_access_context_manager_service_perimeter_egress_policy resources when there are duplicate resources in the rules (#8675)
accesscontextmanager: fixed comparison of identity_type in ingress_from and egress_from when the IDENTITY_TYPE_UNSPECIFIED is set (#8648)
compute: fixed permadiff on attempted type field updates in google_computer_security_policy, updating this field will now force recreation of the resource (#8689)
identityplatform: fixed perma-diff in google_identity_platform_config (#8663)

6.11.2 (November 15, 2024)

BUG FIXES:

vertexai: fixed issue with google_vertex_ai_endpoint where upgrading to 6.11.0 would delete all traffic splits that were set outside Terraform (which was previously a required step for all meaningful use of this resource). (#8708)

6.11.1 (November 12, 2024)

BUG FIXES:

container: fixed diff on google_container_cluster.user_managed_keys_config field for resources that had not set it. (#8687)
container: marked google_container_cluster.user_managed_keys_config as immutable because it can't be updated in place. (#8687)

6.11.0 (November 11, 2024)

NOTES:

compute: migrated google_compute_firewall_policy_rule from DCL engine to MMv1 engine. (#8604)

BREAKING CHANGES:

looker: made oauth_config a required field in google_looker_instance, as creating this resource without that field always triggers an API error (#8633)

DEPRECATIONS:

backupdr: deprecated force_delete on google_backup_dr_backup_vault. Use ignore_inactive_datasources instead (#8616)

FEATURES:

New Data Source: google_backup_dr_backup_plan_association (#8632)
New Data Source: google_backup_dr_backup_plan (#8603)
New Data Source: google_spanner_database (#8568)
New Resource: google_apigee_api (#8567)
New Resource: google_backup_dr_backup_plan_association (#8632)
New Resource: google_backup_dr_backup_plan (#8603)
New Resource: google_compute_region_resize_request (#8588)
New Resource: google_dataproc_gdc_application_environment (#8609)
New Resource: google_dataproc_gdc_service_instance (#8591)
New Resource: google_iam_principal_access_boundary_policy (#8634)
New Resource: google_network_management_vpc_flow_logs_config (#8623)

IMPROVEMENTS:

apigee: added in-place update support for google_apigee_env_references (#8621)
apigee: added in-place update support for google_apigee_environment resource (#8627)
backupdr: added ignore_inactive_datasources and ignore_backup_plan_references fields to google_backup_dr_backup_vault resource (#8616)
bigquery: added external_catalog_dataset_options fields to google_bigquery_dataset resource (#8558)
cloudrunv2: added gcs.mount_options to google_cloud_run_v2_service and google_cloud_run_v2_job (#8613)
compute: added rules property to google_compute_region_security_policy resource (#8574)
compute: added disks field to google_compute_node_template resource (#8620)
compute: added replica_names field to sql_database_instance resource (#8637)
compute: added new field instance_flexibility_policy to resource google_compute_region_instance_group_manager (#8581)
compute: increased google_compute_security_policy timeouts from 20 minutes to 30 minutes (#8589)
container: added control_plane_endpoints_config field to google_container_cluster resource. (#8630)
container: added parallelstore_csi_driver_config field to google_container_cluster resource. (#8607)
container: added user_managed_keys_config field to google_container_cluster resource. (#8562)
firestore: allowed single field indexes to support __name__ DESC indexes in google_firestore_index resources (#8576)
privateca: added support for google_privateca_certificate_authority with type = "SUBORDINATE" to be activated into "STAGED" state (#8560)
spanner: added default_backup_schedule_type field to google_spanner_instance (#8644)
vertexai: added traffic_split, private_service_connect_config, predict_request_response_logging_config, dedicated_endpoint_enabled, and dedicated_endpoint_dns fields to google_vertex_ai_endpoint resource (#8619)
workflows: added deletion_protection field to google_workflows_workflow resource (#8563)

BUG FIXES:

compute: fixed a diff based on server-side reordering of match.src_address_groups and match.dest_address_groups in google_compute_network_firewall_policy_rule (#8592)
compute: fixed permadiff on the preconfigured_waf_config field for google_compute_security_policy resource (#8622)
container: fixed in-place updates for node_config.containerd_config in google_container_cluster and google_container_node_pool (#8566)

6.10.0 (November 4, 2024)

FEATURES:

New Data Source: google_compute_instance_guest_attributes (#8556)
New Data Source: google_service_accounts (#8532)
New Resource: google_iap_settings (#8548)

IMPROVEMENTS:

apphub: added GLOBAL enum value to scope.type field in google_apphub_application resource (#8504)
assuredworkloads: added workload_options field to google_assured_workloads_workload resource (#8495)
backupdr: marked networks field optional in google_backup_dr_management_server resource (#8594)
bigquery: added external_catalog_dataset_options fields to google_bigquery_dataset resource (beta) (#8558)
bigquery: added descriptive validation errors for missing required fields in google_bigquery_job destination table configuration (#8542)
compute: desired_status on google_compute_instance can now be set to TERMINATED or SUSPENDED on instance creation (#8515)
compute: added header_action and redirect_options fields to google_compute_security_policy_rule resource (#8544)
compute: added interface.ipv6-address field in google_compute_external_vpn_gateway resource (#8552)
compute: added plan-time validation to name on google_compute_instance (#8520)
compute: added support for advanced_machine_features.turbo_mode to google_compute_instance, google_compute_instance_template, and google_compute_region_instance_template (#8551)
container: added in-place update support for labels, resource_manager_tags and workload_metadata_config in google_container_cluster.node_config (#8522)
memorystore: added mode flag to google_memorystore_instance (#8498)
resourcemanager: added disabled to google_service_account datasource (#8518)
spanner: added asymmetric_autoscaling_options field to google_spanner_instance (#8503)
sql: removed the client-side default of ENTERPRISE for edition in google_sql_database_instance so that edition is determined by the API when unset. This will cause new instances to use ENTERPRISE_PLUS as the default for POSTGRES_16. (#8490)
vmwareengine: added autoscaling_settings to google_vmwareengine_private_cloud resource (#8529)

BUG FIXES:

accesscontextmanager: fixed permadiff for perimeter ingress / egress rule resources (#8526)
compute: fixed an error in google_compute_region_security_policy_rule that prevented updating the default rule (#8535)
compute: fixed an error in google_compute_security_policy_rule that prevented updating the default rule (#8535)
container: fixed missing in-place updates for some google_container_cluster.node_config subfields (#8522)

6.9.0 (October 28, 2024)

DEPRECATIONS:

containerattached: deprecated security_posture_config field in google_container_attached_cluster resource (#8446)

FEATURES:

New Data Source: google_oracle_database_autonomous_database (#8440)
New Data Source: google_oracle_database_autonomous_databases (#8438)
New Data Source: google_oracle_database_cloud_exadata_infrastructures (#8430)
New Data Source: google_oracle_database_cloud_vm_clusters (#8437)
New Resource: google_apigee_app_group (#8451)
New Resource: google_apigee_developer (#8445)
New Resource: google_network_connectivity_group (#8439)

IMPROVEMENTS:

compute: google_compute_network_firewall_policy_association now uses MMv1 engine instead of DCL. (#8489)
compute: google_compute_region_network_firewall_policy_association now uses MMv1 engine instead of DCL. (#8489)
compute: added creation_timestamp field to google_compute_instance, google_compute_instance_template, google_compute_region_instance_template (#8442)
compute: added key_revocation_action_type to google_compute_instance and related resources (#8473)
looker: added deletion_policy to google_looker_instance to allow force-destroying instances with nested resources by setting deletion_policy = FORCE (#8453)
monitoring: added alert_strategy.notification_prompts field to google_monitoring_alert_policy (#8457)
storage: added hierarchical_namespace to google_storage_bucket resource (#8428)
sql: removed the client-side default of ENTERPRISE for edition in google_sql_database_instance so that edition is determined by the API when unset. This will cause new instances to use ENTERPRISE_PLUS as the default for POSTGRES_16. (#8490)
vmwareengine: added autoscaling_settings to google_vmwareengine_cluster resource (#8477)
workstations: added max_usable_workstations field to google_workstations_workstation_config resource. (#8421)

BUG FIXES:

compute: fixed an issue where immutable distribution_zones was incorrectly sent to the API when updating distribution_policy_target_shape in google_compute_region_instance_group_manager resource (#8470)
container: fixed a crash in google_container_node_pool caused by an occasional nil pointer (#8452)
essentialcontacts: fixed google_essential_contacts_contact import to include required parent field. (#8423)
sql: made google_sql_database_instance.0.settings.0.data_cache_config accept server-side changes when unset. When unset, no diffs will be created when instances change in edition and the feature is enabled or disabled as a result. (#8485)
storage: removed retry on 404s during refresh for google_storage_bucket, preventing hanging when refreshing deleted buckets (#8478)

6.8.0 (October 21, 2024)

FEATURES:

New Data Source: google_oracle_database_cloud_exadata_infrastructure (#8407)
New Data Source: google_oracle_database_cloud_vm_cluster (#8410)
New Data Source: google_oracle_database_db_nodes (#8420)
New Data Source: google_oracle_database_db_servers (#8389)
New Resource: google_oracle_database_autonomous_database (#8411)
New Resource: google_oracle_database_cloud_exadata_infrastructure (#8371)
New Resource: google_oracle_database_cloud_vm_cluster (#8397)
New Resource: google_transcoder_job_template (#8406)
New Resource: google_transcoder_job (#8406)

IMPROVEMENTS:

cloudfunctions: increased the timeouts to 20 minutes for google_cloudfunctions_function resource (#8372)
cloudrunv2: added invoker_iam_disabled field to google_cloud_run_v2_service (#8395)
compute: made google_compute_network_firewall_policy_rule use MMv1 engine instead of DCL. (#8412)
compute: made google_compute_region_network_firewall_policy_rule use MMv1 engine instead of DCL. (#8412)
compute: added ip_address_selection_policy field to google_compute_backend_service and google_compute_region_backend_service. (#8413)
compute: added provisioned_throughput field to google_compute_instance_template resource (#8405)
compute: added provisioned_throughput field to google_compute_region_instance_template resource (#8405)
container: google_container_cluster will now accept server-specified values for node_pool_auto_config.0.node_kubelet_config when it is not defined in configuration and will not detect drift. Note that this means that removing the value from configuration will now preserve old settings instead of reverting the old settings. (#8385)
container: added support for additional values KCP_CONNECTION, and KCP_SSHDin google_container_cluster.logging_config (#8381)
dialogflowcx: added advanced_settings.logging_settings and advanced_settings.speech_settings to google_dialogflow_cx_agent and google_dialogflow_cx_flow (#8374)
networkconnectivity: added linked_producer_vpc_network field to google_network_connectivity_spoke resource (#8376)
secretmanager: added is_secret_data_base64 field to google_secret_manager_secret_version and google_secret_manager_secret_version_access datasources (#8394)
secretmanager: added is_secret_data_base64 field to google_secret_manager_regional_secret_version and google_secret_manager_regional_secret_version_access datasources (#8394)
spanner: added kms_key_names to encryption_config in google_spanner_database (#8403)
workstations: added max_usable_workstations field to google_workstations_workstation_config resource (#8421)
workstations: added field allowed_ports to google_workstations_workstation_config (#8402)

BUG FIXES:

bigquery: fixed a regression that caused google_bigquery_dataset_iam_* resources to attempt to set deleted IAM members, thereby triggering an API error (#8408)
compute: fixed an issue in google_compute_backend_service and google_compute_region_backend_service to allow sending false for iap.enabled (#8369)
container: node_config.linux_node_config, node_config.workload_metadata_config and node_config.kubelet_config will now successfully send empty messages to the API when terraform plan indicates they are being removed, rather than null, which caused an error. The sole reliable case is node_config.linux_node_config when the block is removed, where there will still be a permadiff, but the update request that's triggered will no longer error and other changes displayed in the plan should go through. (#8400)

6.7.0 (October 14, 2024)

FEATURES:

New Resource: google_healthcare_pipeline_job (#8330)
New Resource: google_secure_source_manager_branch_rule (#8360)

IMPROVEMENTS:

container: google_container_cluster will now accept server-specified values for node_pool_auto_config.0.node_kubelet_config when it is not defined in configuration and will not detect drift. Note that this means that removing the value from configuration will now preserve old settings instead of reverting the old settings. (#8385)
discoveryengine: added chat_engine_config.dialogflow_agent_to_link field to google_discovery_engine_chat_engine resource (#8333)
networkconnectivity: added field migration to resource google_network_connectivity_internal_range (#8350)
networkservices: added routing_mode field to google_network_services_gateway resource (#8355)

BUG FIXES:

bigtable: fixed an error where BigTable IAM resources could be created with conditions but the condition was not stored in state (#8334)
container: fixed issue which caused to not being able to disable enable_cilium_clusterwide_network_policy field on google_container_cluster. (#8338)
container: fixed a diff triggered by a new API-side default value for node_config.0.kubelet_config.0.insecure_kubelet_readonly_port_enabled. Terraform will now accept server-specified values for node_config.0.kubelet_config when it is not defined in configuration and will not detect drift. Note that this means that removing the value from configuration will now preserve old settings instead of reverting the old settings. (#8385)
dataproc: fixed a bug in google_dataproc_cluster that prevented creation of clusters with internal_ip_only set to false (#8363)
iam: addressed google_service_account creation issues caused by the eventual consistency of the GCP IAM API by ignoring 403 errors returned on polling the service account after creation. (#8336)
logging: fixed the whitespace permadiff on exclusions.filter field in google_logging_billing_account_sink, google_logging_folder_sink, google_logging_organization_sink and google_logging_project_sink resources (#8343)
pubsub: fixed permadiff with configuring an empty retry_policy in google_pubsub_subscription. This will result in minimum_backoff and maximum_backoff using server-side defaults. To use "immedate retry", do not specify a retry_policy block at all. (#8365)
secretmanager: fixed the issue of unpopulated fields labels, annotations and version_destroy_ttl in the terraform state for the google_secret_manager_secrets datasource (#8346)

6.6.0 (October 7, 2024)

FEATURES:

New Resource: google_dataproc_batch (#8306)
New Resource: google_healthcare_pipeline_job (#8330)
New Resource: google_site_verification_owner (#8287)

IMPROVEMENTS:

assuredworkloads: added HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS and HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS_WITH_US_SUPPORT enum values to compliance_regime in the google_assured_workloads_workload resource (#8326)
compute: added bgp_best_path_selection_mode ,bgp_bps_always_compare_med and bgp_bps_inter_region_cost fields to google_compute_network resource (#8321)
compute: added next_hop_origin ,next_hop_med and next_hop_inter_region_cost output fields to google_compute_route resource (#8321)
compute: added enum STATEFUL_COOKIE_AFFINITY and strong_session_affinity_cookie field to google_compute_backend_service and google_compute_region_backend_service resource (#8296)
compute: added TDX instance option for confidential_instance_type in google_compute_instance (#8320)
containeraws: added kubelet_config field group to the google_container_aws_node_pool resource (#8326)
dataproc: switched to the v1 API for google_dataproc_autoscaling_policy resource (#8306)
pubsub: added GCS ingestion settings and platform log settings to google_pubsub_topic resource (#8298)
sourcerepo: added create_ignore_already_exists field to google_sourcerepo_repository resource (#8329)
sql: added in-place update support for settings.time_zone in google_sql_database_instance resource (#8293)
tags: increased maximum accepted input length for the short_name field in google_tags_tag_key and google_tags_tag_value resources (#8324)

BUG FIXES:

bigquery: fixed google_bigquery_dataset_iam_member to be able to delete itself and overwrite the existing iam members for bigquery dataset keeping the authorized datasets as they are. (#8304)
bigquery: fixed an error which could occur with service account field values containing non-lower-case characters in google_bigquery_dataset_access (#8319)
compute: fixed an issue where the boot_disk.initialize_params.resource_policies field in google_compute_instance forced a resource recreation when used in combination with google_compute_disk_resource_policy_attachment (#8309)
compute: fixed the issue that labels was not set when creating the resource google_compute_interconnect (#8284)
tags: removed google_tags_location_tag_binding resource from the Terraform state when its parent resource has been removed outside of Terraform (#8310)
workbench: fixed a bug in the google_workbench_instance resource where the removal of labels was not functioning as expected. (#8280)

6.5.0 (September 30, 2024)

DEPRECATIONS:

compute: deprecated macsec.pre_shared_keys.fail_open field in google_compute_interconnect resource. Use the new macsec.fail_open field instead (#8245)

FEATURES:

New Data Source: google_compute_region_instance_group_manager (#8259)
New Data Source: google_privileged_access_manager_entitlement (#8253)
New Data Source: google_secret_manager_regional_secret_version_access (#8220)
New Data Source: google_secret_manager_regional_secret_version (#8209)
New Data Source: google_secret_manager_regional_secrets (#8217)
New Resource: google_compute_region_network_firewall_policy_with_rules (#8225)
New Resource: google_compute_router_nat_address (#8227)
New Resource: google_logging_log_scope (#8235)

IMPROVEMENTS:

apigee: added activate field to google_apigee_nat_address resource (#8261)
bigquery: added biglake_configuration field to google_bigquery_table resource to support BigLake Managed Tables (#8221)
cloudrun: added node_selector field to google_cloud_run_service resource (#8216)
cloudrunv2: added node_selector field to google_cloud_run_v2_service resource (#8216)
compute: added existing_reservations field to google_compute_region_commitment resource (#8256)
compute: added host_error_timeout_seconds field to google_compute_instance resource (#8252)
compute: added hostname field to google_compute_instance data source (#8268)
compute: added initial_nat_ip field to google_compute_router_nat resource (#8227)
compute: added macsec.fail_open field to google_compute_interconnect resource (#8245)
compute: added SUSPENDED as a possible value to desired_state field in google_compute_instance resource (#8257)
compute: added import support for projects/{{project}}/meta-data/{{key}} format for google_compute_project_metadata_item resource (#8274)
compute: marked customer_name and location fields as optional in google_compute_interconnect resource to support cross cloud interconnect (#8279)
container: added linux_node_config.hugepages_config field to google_container_node_pool resource (#8210)
looker: added psc_enabled and psc_config fields to google_looker_instance resource (#8211)
networkconnectivity: added include_import_ranges field to google_network_connectivity_spoke resource for linked_vpn_tunnels, linked_interconnect_attachments and linked_router_appliance_instances (#8215)
secretmanagerregional: added version_aliases field to google_secret_manager_regional_secret resource (#8209)
workbench: increased create timeout to 20 minutes for google_workbench_instance resource (#8228)

BUG FIXES:

bigquery: fixed in-place update of google_bigquery_table resource when external_data_configuration.schema field is set (#8234)
bigquerydatapolicy: fixed permadiff on policy_tag field in google_bigquery_datapolicy_data_policy resource (#8239)
composer: fixed storage_config.bucket field to support a bucket name with or without "gs://" prefix (#8229)
container: added support for setting addons_config.gcp_filestore_csi_driver_config and enable_autopilot in the same google_container_cluster (#8260)
container: fixed node_config.kubelet_config updates in google_container_cluster resource (#8238)
container: fixed a bug where specifying node_pool_defaults.node_config_defaults with enable_autopilot = true would cause google_container_cluster resource creation failure (#8223)
workbench: fixed a bug in the google_workbench_instance resource where the removal of labels was not functioning as expected (#8280)

6.4.0 (September 23, 2024)

DEPRECATIONS:

securitycenterv2: deprecated google_scc_v2_organization_scc_big_query_exports. Use google_scc_v2_organization_scc_big_query_export instead. (#8166)

FEATURES:

New Data Source: google_secret_manager_regional_secret_version (#8209)
New Data Source: google_secret_manager_regional_secret (#8189)
New Resource: google_compute_firewall_policy_with_rules (#8181)
New Resource: google_database_migration_service_migration_job (#8187)
New Resource: google_discovery_engine_target_site (#8174)
New Resource: google_healthcare_workspace (#8179)
New Resource: google_scc_folder_scc_big_query_export (#8183)
New Resource: google_scc_organization_scc_big_query_export (#8172)
New Resource: google_scc_project_scc_big_query_export (#8173)
New Resource: google_scc_v2_organization_scc_big_query_export (#8166)
New Resource: google_secret_manager_regional_secret_version (#8199)
New Resource: google_secret_manager_regional_secret (#8170)
New Resource: google_site_verification_web_resource (#8180)
New Resource: google_spanner_backup_schedule (#8160)

IMPROVEMENTS:

alloydb: added enable_outbound_public_ip field to google_alloydb_instance resource (#8156)
apigee: added in-place update for consumer_accept_list field in google_apigee_instance resource (#8155)
compute: added interface field to google_compute_attached_disk resource (#8154)
compute: added in-place update in google_compute_interconnect resource except for remote_location and requested_features fields (#8203)
filestore: added deletion_protection_enabled and deletion_protection_reason fields to google_filestore_instance resource (#8158)
looker: added fips_enabled field to google_looker_instance resource (#8206)
metastore: added deletion_protection field to google_dataproc_metastore_service resource (#8200)
netapp: added allow_auto_tiering field to google_netapp_storage_pool resource (#8163)
netapp: added tiering_policy field to google_netapp_volume resource (#8163)
secretmanagerregional: added version_aliases field to google_secret_manager_regional_secret resource (#8209)
spanner: added edition field to google_spanner_instance resource (#8160)

BUG FIXES:

compute: fixed a permadiff on iap field in google_compute_backend and google_compute_region_backend resources (#8204)
container: fixed a bug where specifying node_pool_defaults.node_config_defaults with enable_autopilot = true will cause google_container_cluster resource creation failure (#8223)
container: fixed a permadiff on node_config.gcfs_config field in google_container_cluster and google_container_node_pool resources (#8207)
container: fixed the in-place update for node_config.gcfs_config in google_container_cluster and google_container_node_pool resources (#8207)
container: made node_config.kubelet_config.cpu_manager_policy field optional to fix its update in google_container_cluster resource (#8171)
dns: fixed a permadiff on dnssec_config field in google_dns_managed_zone resource (#8165)
pubsub: allowed filter field to contain line breaks in google_pubsub_subscription resource (#8161)

6.3.0 (September 16, 2024)

FEATURES:

New Data Source: google_bigquery_tables (#8130)
New Resource: google_compute_network_firewall_policy_with_rules (#8118)
New Resource: google_developer_connect_connection (#8150)
New Resource: google_developer_connect_git_repository_link (#8150)
New Resource: google_memorystore_instance (#8126)

IMPROVEMENTS:

compute: added connected_endpoints.consumer_network and connected_endpoints.psc_connection_id fields to google_compute_service_attachment resource (#8148)
compute: added propagated_connection_limit and connected_endpoints.propagated_connection_count fields to google_compute_service_attachment resource (#8148)
compute: added field http_keep_alive_timeout_sec to google_region_compute_target_http_proxy and google_region_compute_target_http_proxy resources (#8151)
compute: added support for boot_disk.initialize_params.resource_policies in google_compute_instance and google_instance_template (#8134)
container: added storage_pools to node_config in google_container_cluster and google_container_node_pool (#8146)
containerattached: added security_posture_config field to google_container_attached_cluster resource (#8137)
netapp: added large_capacity and multiple_endpoints to google_netapp_volume resource (#8116)
resourcemanager: added tags field to google_folder to allow setting tags for folders at creation time (#8113)

BUG FIXES:

compute: setting network_ip to "" will no longer cause diff and will be treated the same as null (#8128)
dataproc: updated google_dataproc_cluster to protect against handling nil kerberos_config values (#8129)
dns: added a mutex to google_dns_record_set to prevent conflicts when multiple resources attempt to operate on the same record set (#8139)
managedkafka: added 5 second wait post google_managed_kafka_topic creation to fix eventual consistency errors (#8149)

6.2.0 (September 9, 2024)

FEATURES:

New Data Source: google_certificate_manager_certificates (#8099)
New Resource: google_backup_dr_backup_vault (#8083)
New Resource: google_scc_v2_folder_scc_big_query_export (#8079)
New Resource: google_scc_v2_project_scc_big_query_export (#8070)

IMPROVEMENTS:

assuredworkload: added field partner_service_billing_account to google_assured_workloads_workload (#8097)
bigtable: added support for column_family.type in google_bigtable_table (#8069)
cloudrunv2: added template.service_mesh to google_cloud_run_v2_service (#8096)
compute: added boot_disk.interface field to google_compute_instance resource (#8075)
container: added node_pool_auto_config.node_kublet_config.insecure_kubelet_readonly_port_enabled field to google_container_cluster. (#8076)
container: added insecure_kubelet_readonly_port_enabled to node_pool.node_config.kubelet_config and node_config.kubelet_config in google_container_node_pool resource. (#8071)
container: added insecure_kubelet_readonly_port_enabled to node_pool_defaults.node_config_defaults, node_pool.node_config.kubelet_config, and node_config.kubelet_config in google_container_cluster resource. (#8071)
container: added support for in-place updates for google_compute_node_pool.node_config.gcfs_config and google_container_cluster.node_config.gcfs_cluster and google_container_cluster.node_pool.node_config.gcfs_cluster (#8101)
iambeta: added x509 field to google_iam_workload_identity_pool_provider resource (#8110)
networkconnectivity: added include_export_ranges to google_network_connectivity_spoke (#8088)
pubsub: added cloud_storage_config.max_messages and cloud_storage_config.avro_config.use_topic_schema fields to google_pubsub_subscription resource (#8086)
redis: added the maintenance_policy field to the google_redis_cluster resource (#8087)
resourcemanager: added tags field to google_project to allow setting tags for projects at creation time (#8091)
securitycenter: added support for empty streaming_config.filter values in google_scc_notification_config resources (#8105)

BUG FIXES:

compute: fixed google_compute_interconnect to support correct available_features option of IF_MACSEC (#8082)
compute: fixed a bug where advertised_route_priority was accidentally set to 0 during updates in google_compute_router_peer (#8102)
compute: fixed a permadiff caused by setting start_time in an incorrect H:mm format in google_compute_resource_policies resources (#8067)
compute: fixed network_interface.subnetwork_project validation to match with the project in network_interface.subnetwork field when network_interface.subnetwork has full self_link in google_compute_instance resource (#8089)
kms: updated the google_kms_autokey_config resource's folder field to accept values that are either full resource names (folders/{folder_id}) or just the folder id ({folder_id} only) (#8100)
storage: added retry support for 429 errors in google_storage_bucket resource (#8092)

6.1.0 (September 4, 2024)

FEATURES:

New Data Source: google_kms_crypto_key_latest_version (#8032)
New Data Source: google_kms_crypto_key_versions (#8026)

IMPROVEMENTS:

databasemigrationservice: added support in google_database_migration_service_connection_profile for creating DMS connection profiles that link to existing Cloud SQL instances/AlloyDB clusters. (#8062)
alloydb: added subscription_type and trial_metadata field to google_alloydb_cluster resource (#8042)
bigquery: added encryption_configuration field to google_bigquery_data_transfer_config resource (#8045)
bigqueryanalyticshub: added selected_resources, and restrict_direct_table_access to google_bigquery_analytics_hub_listing resource (#8029)
bigqueryanalyticshub: added sharing_environment_config to google_bigquery_analytics_hub_data_exchange resource (#8029)
cloudtasks: added http_target field to google_cloud_tasks_queue resource (#8033)
compute: added accelerators field to google_compute_node_template resource (#8063)
compute: allowed disabling server_tls_policy during update in google_compute_target_https_proxy resources (#8023)
datastream: added transaction_logs and change_tables to datastream_stream resource (#8031)
discoveryengine: added chunking_config and layout_parsing_config fields to google_discovery_engine_data_store resource (#8049)
dlp: added inspect_template_modified_cadence field to big_query_target and cloud_sql_target in google_data_loss_prevention_discovery_config resource (#8054)
dlp: added tag_resources field to google_data_loss_prevention_discovery_config resource (#8054)

BUG FIXES:

bigquery: fixed an error which could occur with email field values containing non-lower-case characters in google_bigquery_dataset_access resource (#8039)
bigqueryanalyticshub: made bigquery_dataset immutable in google_bigquery_analytics_hub_listing as it was not updatable in the API. Now modifying the field in Terraform will correctly recreate the resource rather than causing Terraform to report it would attempt an invalid update. (#8029)
container: fixed update inconsistency in google_container_cluster resource (#8030)
pubsub: fixed a validation bug that didn't allow empty filter definitions for google_pubsub_subscription resources (#8055)
resourcemanager: fixed a bug where data.google_client_config failed silently when inadequate credentials were used to configure the provider (#8057)
sql: fixed importing google_sql_user where host is an IPv4 CIDR (#8028)
sql: fixed overwriting of name field for IAM Group user for google_sql_user resource (#8024)

6.0.1 (August 26, 2024)

BREAKING CHANGES:

sql: removed settings.ip_configuration.require_ssl from google_sql_database_instance in favor of settings.ip_configuration.ssl_mode. This field was intended to be removed in 6.0.0. (#8043)

6.0.0 (August 26, 2024)

Terraform Google Provider 6.0.0 Upgrade Guide

BREAKING CHANGES:

provider: changed provider labels to add the goog-terraform-provisioned: true label by default. (#8004)
activedirectory: added deletion_protection field to google_active_directory_domain resource. This field defaults to true, preventing accidental deletions. To delete the resource, you must first set deletion_protection = false before destroying the resource. (#7837)
alloydb: removed network in google_alloy_db_cluster. Use network_config.network instead. (#7999)
billing: revised the format of id for google_billing_project_info (#7793)
bigquery: added client-side validation to prevent table view creation if schema contains required fields for google_bigquery_table resource (#7755)
bigquery: removed allow_resource_tags_on_deletion from google_bigquery_table. Resource tags are now always allowed on table deletion. (#7940)
bigqueryreservation: removed multi_region_auxiliary from google_bigquery_reservation (#7844)
cloudrunv2: added deletion_protection field to google_cloudrunv2_service to make deleting them require an explicit intent. This field defaults to true, preventing accidental deletions. To delete the resource, you must first set deletion_protection = false before destroying the resource. (#7901)
cloudrunv2: changed liveness_probe to no longer infer a default value from api on google_cloud_run_v2_service. Removing this field and applying the change will now remove liveness probe from the Cloud Run service. (#7753)
cloudrunv2: retyped containers.env to SET from ARRAY for google_cloud_run_v2_service and google_cloud_run_v2_job. (#7812)
composer: ip_allocation_policy = [] in google_composer_environment is no longer valid configuration. Removing the field from configuration should not produce a diff. (#8011)
compute: added new required field enabled in google_compute_backend_service and google_compute_region_backend_service (#7758)
compute: revised and in some cases removed default values of connection_draining_timeout_sec, balancing_mode and outlier_detection in google_compute_region_backend_service and google_compute_backend_service. (#7723)
compute: updated resource id for compute_network_endpoints (#7806)
compute: stopped the certifcate_id field in google_compute_managed_ssl_certificate resource being incorrectly marked as a user-configurable value when it should just be an output. (#7936)
compute: guest_accelerator = [] is no longer valid configuration in google_compute_instance. To explicitly set an empty list of objects, set guest_accelerator.count = 0. (#8011)
compute: google_compute_instance_from_template and google_compute_instance_from_machine_image network_interface.alias_ip_range, network_interface.access_config, attached_disk, guest_accelerator, service_account, scratch_disk can no longer be set to an empty block []. Removing the fields from configuration should not produce a diff. (#8011)
compute: secondary_ip_ranges = [] in google_compute_subnetwork is no longer valid configuration. To set an explicitly empty list, use send_secondary_ip_range_if_empty and completely remove secondary_ip_range from config. (#8011)
container: made advanced_datapath_observability_config.enable_relay required in google_container_cluster (#7930)
container: removed deprecated field advanced_datapath_observability_config.relay_mode from google_container_cluster resource. Users are expected to use enable_relay field instead. (#7930)
container: three label-related fields are now in google_container_cluster resource. resource_labels field is non-authoritative and only manages the labels defined by the users on the resource through Terraform. The new output-only terraform_labels field merges the labels defined by the users on the resource through Terraform and the default labels configured on the provider. The new output-only effective_labels field lists all of labels present on the resource in GCP, including the labels configured through Terraform, the system, and other clients. (#7932)
container: made three fields resource_labels, terraform_labels, and effective_labels be present in google_container_cluster datasources. All three fields will have all of labels present on the resource in GCP including the labels configured through Terraform, the system, and other clients, equivalent to effective_labels on the resource. (#7932)
container: guest_accelerator = [] is no longer valid configuration in google_container_cluster and google_container_node_pool. To explicitly set an empty list of objects, set guest_accelerator.count = 0. (#8011)
container: guest_accelerator.gpu_driver_installation_config = [] and guest_accelerator.gpu_sharing_config = [] are no longer valid configuration in google_container_cluster and google_container_node_pool. Removing the fields from configuration should not produce a diff. (#8011)
datastore: removed google_datastore_index in favor of google_firestore_index (#7987)
edgenetwork: three label-related fields are now in google_edgenetwork_network and google_edgenetwork_subnet resources. labels field is non-authoritative and only manages the labels defined by the users on the resource through Terraform. The new output-only terraform_labels field merges the labels defined by the users on the resource through Terraform and the default labels configured on the provider. The new output-only effective_labels field lists all of labels present on the resource in GCP, including the labels configured through Terraform, the system, and other clients. (#7932)
identityplatform: removed resource google_identity_platform_project_default_config in favor of google_identity_platform_project_config (#7880)
integrations: removed create_sample_workflows and provision_gmek from google_integrations_client (#7977)
pubsub: allowed schema_settings in google_pubsub_topic to be removed (#7674)
redis: added a deletion_protection_enabled field to the google_redis_cluster resource. This field defaults to true, preventing accidental deletions. To delete the resource, you must first set deletion_protection_enabled = false before destroying the resource. (#7995)
resourcemanager: added deletion_protection field to google_folder to make deleting them require an explicit intent. Folder resources now cannot be destroyed unless deletion_protection = false is set for the resource. (#7903)
resourcemanager: made deletion_policy in google_project 'PREVENT' by default. This makes deleting them require an explicit intent. google_project resources cannot be destroyed unless deletion_policy is set to 'ABANDON' or 'DELETE' for the resource. (#7946)
storage: removed no_age field from lifecycle_rule.condition in the google_storage_bucket resource (#7923)
sql: removed settings.ip_configuration.require_ssl in google_sql_database_instance. Please use settings.ip_configuration.ssl_mode instead. (#7804)
vpcaccess: removed default values for min_throughput and min_instances fields on google_vpc_access_connector and made them default to values returned from the API when not provided by users (#7709)
vpcaccess: added a conflicting fields restriction between min_throughput and min_instances fields on google_vpc_access_connector (#7709)
vpcaccess: added a conflicting fields restriction between max_throughput and max_instances fields on google_vpc_access_connector (#7709)
workstation: defaulted host.gce_instance.disable_ssh to true for google_workstations_workstation_config (#7946)

IMPROVEMENTS:

compute: added fields reserved_internal_range and secondary_ip_ranges[].reserved_internal_range to google_compute_subnetwork resource (#7980)
compute: changed the behavior of name_prefix in multiple Compute resources to allow for a longer max length of 54 characters. See the upgrade guide and resource documentation for more details. (#7981)

BUG FIXES:

compute: fixed an issue regarding sending enabled field by default for null iap message in google_compute_backend_service and google_compute_region_backend_service (#7758)

Files

CHANGELOG.md

Latest commit

History

CHANGELOG.md

File metadata and controls

6.30.0 (Unreleased)

6.29.0 (Apr 8, 2025)

6.28.0 (Apr 1, 2025)

6.27.0 (Mar 25, 2025)

6.26.0 (Mar 18, 2025)

6.25.0 (Mar 11, 2025)

6.24.0 (Mar 3, 2025)

6.23.0 (Feb 26, 2025)

6.22.0 (Feb 24, 2025)

6.21.0 (Feb 18, 2025)

6.20.0 (Feb 10, 2025)

6.19.0 (Feb 3, 2025)

6.18.1 (January 29, 2025)

6.18.0 (January 27, 2025)

6.17.0 (January 21, 2025)

6.16.0 (January 13, 2025)

6.15.0 (January 6, 2025)

6.14.1 (December 18, 2024)

6.14.0 (December 16, 2024)

6.13.0 (December 9, 2024)

6.12.0 (November 18, 2024)

6.11.2 (November 15, 2024)

6.11.1 (November 12, 2024)

6.11.0 (November 11, 2024)

6.10.0 (November 4, 2024)

6.9.0 (October 28, 2024)

6.8.0 (October 21, 2024)

6.7.0 (October 14, 2024)

6.6.0 (October 7, 2024)

6.5.0 (September 30, 2024)

6.4.0 (September 23, 2024)

6.3.0 (September 16, 2024)

6.2.0 (September 9, 2024)

6.1.0 (September 4, 2024)

6.0.1 (August 26, 2024)

6.0.0 (August 26, 2024)