v6.27.0

FEATURES:

• New Data Source: google_compute_images (#21872)
• New Data Source: google_organization_iam_custom_role (#21922)
• New Resource: google_lustre_instance (#21963)
• New Resource: google_os_config_v2_policy_orchestrator (#21930)
• New Resource: google_storage_control_project_intelligence_config (#21902)
• New Resource: google_chronicle_data_access_label (#21956)
• New Resource: google_compute_router_route_policy (#21945)

IMPROVEMENTS:

• bigquery: added secondary_location and replication_status fields to support managed disaster recovery feature in google_bigquery_reservation (#21920)
• clouddeploy: added dns_endpoint field to to google_clouddeploy_target resource (#21868)
• compute: added shielded_instance_initial_state structure to google_compute_image resource (#21937)
• compute: added LINK_TYPE_ETHERNET_400G_LR4 enum value to link_type field in google_compute_interconnect resource (#21903)
• compute: added architecture and guest_os_features to google_compute_instance (#21875)
• compute: added workload_policy.type, workload_policy.max_topology_distance and workload_policy.accelerator_topology fields to google_compute_resource_policy resource (#21961)
• container: added ip_endpoints_config field to google_container_cluster resource (#21959)
• container: added node_config.windows_node_config field to google_container_node_pool resource. (#21876)
• container: added pod_autoscaling field to google_container_cluster resource (#21919)
• memorystore: added the maintenance_policy field to the google_memorystore_instance resource (#21957)
• memorystore: enabled update support for node_type field in google_memorystore_instance resource (#21899)
• metastore: promoted scaling_config field of google_dataproc_metastore_service resource to GA (#21877)
• networksecurity: added connected_deployment_group and associations fields to google_network_security_intercept_endpoint_group resource (#21940)
• networksecurity: added locations field to google_network_security_intercept_deployment_group resource (#21923)
• networksecurity: added locations field to google_network_security_intercept_endpoint_group_association resource (#21962)
• redis: added update support for google_redis_cluster node_type (#21870)
• storage: added metadata_options in google_storage_transfer_job (#21897)

BUG FIXES:

• bigqueryanalyticshub: fixed a bug in google_bigquery_analytics_hub_listing_subscription where a subscription using a different project than the dataset would not work (#21958)
• cloudrun: fixed the perma-diffs for unchanged template.spec.containers.env in google_cloud_run_service resource (#21916)
• cloudrunv2: fixed the perma-diffs for unchanged template.containers.env in google_cloud_run_v2_service resource (#21916)
• compute: fixed the issue that user can't use regional disk in google_compute_instance_template (#21901)
• dataflow: fixed a permadiff on template_gcs_path in google_dataflow_job resource (#21894)
• storage: lowered the minimum required items for custom_placement_config.data_locations from 2 to 1, and removed the Terraform-enforced maximum item limit for the field in google_storage_bucket (#21878)

v6.26.0

FEATURES:

• New Data Source: google_project_iam_custom_role (#21866)
• New Data Source: google_project_iam_custom_roles (#21813)
• New Resource: google_eventarc_pipeline (#21761)
• New Resource: google_firebase_app_hosting_backend (#21840)
• New Resource: google_network_security_mirroring_deployment (#21853)
• New Resource: google_network_security_mirroring_deployment_group (#21853)
• New Resource: google_network_security_mirroring_endpoint_group_association (#21853)
• New Resource: google_network_security_mirroring_endpoint_group (#21853)

IMPROVEMENTS:

• alloydb: added psc_config field to ``google_alloydb_cluster` resource (#21863)
• bigquery: added table_metadata_view query param to google_bigquery_table (#21838)
• clouddeploy: added dns_endpoint field to to google_clouddeploy_target resource (#21868)
• compute: added UNRESTRICTED option to the tls_early_data field in the google_compute_target_https_proxy resource (#21821)
• compute: added enable_flow_logs and state fields to google_compute_subnetwork resource (#21851)
• compute: promoted fields single_instance_assignment and filter to GA for google_compute_autoscaler resource (#21760)
• container: added additional value KCP_HPA for logging_config.enable_components field in google_container_cluster resource (#21836)
• dataform: added deletion_policy field to google_dataform_repository resource. Default value is DELETE. Setting deletion_policy to FORCE will delete any child resources of this repository as well. (#21864)
• memorystore: added update support for engine_version field in google_memorystore_instance resource (#21843)
• metastore: added create_time and update_time fields to google_dataproc_metastore_federation resource (#21824)
• metastore: added create_time and update_time fields to google_dataproc_metastore_service resource (#21817)
• networksecurity: added not_operations field to google_network_security_authz_policy resource (#21785)
• networkservices: added ip_version and envoy_headers fields to google_network_services_gateway resource (#21788)
• sql: increased settings.insights_config.query_string_length and settings.insights_config.query_string_length limits for Enterprise Plus edition sql_database_instance resource. (#21848)
• storageinsights: added parquet_options field to google_storage_insights_report_config resource (#21816)
• workflows: added execution_history_level field to google_workflows_workflow resource (#21782)

BUG FIXES:

• accesscontextmanager: fixed panic on empty access_policies in google_access_context_manager_access_policy (#21845)
• compute: adjusted mapped image names that were preventing usage of fedora-coreos in google_compute_image resource (#21787)
• container: re-added DNS_SCOPE_UNSPECIFIED value to the dns_config.cluster_dns_scope field in google_container_cluster resource and suppressed diffs between DNS_SCOPE_UNSPECIFIED in config and empty/null in state (#21861)
• discoveryengine: changed field dataStoreIds to mutable in google_discovery_engine_search_engine (#21759)
• networksecurity: min_tls_version and tls_feature_profile fields updated to use the server assigned default and prevent a permadiff in google_network_security_tls_inspection_policy resource. (#21788)
• oslogin: added a wait after creating google_os_login_ssh_public_key to allow propagation (#21860)
• spanner: fixed issue with disabling autoscaling in google_spanner_instance (#21852)

v6.25.0

NOTES:

• eventarc: google_eventarc_channel now uses MMv1 engine instead of DCL. (#21728)
• workbench: increased create timeout for google_workbench_instance to 40mins. (#21700)

FEATURES:

• New Data Source: google_compute_region_ssl_policy (#21633)
• New Resource: google_eventarc_google_api_source (#21732)
• New Resource: google_iam_oauth_client_credential (#21731)
• New Resource: google_iam_oauth_client (#21660)
• New Resource: network_services_endpoint_policy (#21676)
• New Resource: network_services_grpc_route (#21676)
• New Resource: network_services_http_route (#21676)
• New Resource: network_services_mesh (#21676)
• New Resource: network_services_service_binding (#21676)
• New Resource: network_services_tcp_route (#21676)
• New Resource: network_services_tls_route (#21676)

IMPROVEMENTS:

• alloydb: added psc_instance_config.psc_interface_configs field to google_alloydb_instance resource (#21701)
• compute: added create_snapshot_before_destroy to google_compute_disk and google_compute_region_disk to enable creating a snapshot before disk deletion (#21636)
• compute: added custom_metrics field to google_compute_backend_service and google_compute_region_backend_service (#21710)
• compute: added ip_collection and ipv6_gce_endpoint fields to google_compute_subnetwork resource (#21730)
• compute: added log_config.optional_mode and log_config.optional_fields fields to google_compute_region_backend_service resource (#21722)
• compute: added rsa_encrypted_key to google_compute_region_disk (#21636)
• compute: added scheduling.termination_time field to google_compute_instance, google_compute_instance_from_machine_image, google_compute_instance_from_template, google_compute_instance_template, and google_compute_region_instance_template resources (#21717)
• compute: added update support for 'purpose' field in google_compute_subnetwork resource (#21729)
• compute: added update support for firewall_policy in google_compute_firewall_policy_association resource. It is recommended to only perform this operation in combination with a protective lifecycle tag such as "create_before_destroy" or "prevent_destroy" on your previous firewall_policy resource in order to prevent situations where a target attachment has no associated policy. (#21735)
• container: added "JOBSET" as a supported value for enable_components in google_container_cluster resource (#21657)
• firebasedataconnect: added deletion_policy field to google_firebase_data_connect_service resource (#21736)
• networksecurity: added description field to google_network_security_intercept_deployment, google_network_security_intercept_deployment_group, google_network_security_intercept_endpoint_group resources (#21711)
• networksecurity: added description field to google_network_security_mirroring_deployment, google_network_security_mirroring_deployment_group, google_network_security_mirroring_endpoint_group resources (#21714)
• tpuv2: added spot field to google_tpu_v2_vm resource (#21716)
• workstations: added tags field to google_workstations_workstation_cluster resource (#21635)

BUG FIXES:

• backupdr: added missing SUNDAY option to days_of_week field in google_backup_dr_backup_plan resource (#21640)
• compute: fixed network_interface.internal_ipv6_prefix_length not being set or read in Terraform state in google_compute_instance resource (#21638)
• compute: fixed bug in google_compute_router_nat where max_ports_per_vm couldn't be unset once set. (#21721)
• container: fixed perma-diff in google_container_cluster when cluster_dns_scope is unspecified (#21637)
• networksecurity: added wait time on google_network_security_gateway_security_policy_rule resource when creating and deleting to prevent race conditions (#21643)

v6.24.0

NOTES:

• gemini: removed unsupported value GEMINI_CLOUD_ASSIST for field product in google_gemini_logging_setting_binding resource (#21630)
• iam: added member value to the error message when member validation fails for google_project_iam_* (#21586)

DEPRECATIONS:

• datacatalog: deprecated google_data_catalog_entry and google_data_catalog_tag resources. For steps to transition your Data Catalog users, workloads, and content to Dataplex Catalog, see https://cloud.google.com/dataplex/docs/transition-to-dataplex-catalog. (#21541)
• notebooks: deprecated non-functional google_notebooks_location resource (#21517)

FEATURES:

• New Data Source: google_memorystore_instance (#21579)
• New Resource: google_apihub_host_project_registration (#21607)
• New Resource: google_compute_instant_snapshot (#21598)
• New Resource: google_eventarc_message_bus (#21611)
• New Resource: google_gemini_data_sharing_with_google_setting_binding (GA) (#21629)
• New Resource: google_gemini_gcp_enablement_setting_binding (GA) (#21587)
• New Resource: google_gemini_gemini_gcp_enablement_setting_binding (#21540)
• New Resource: google_storage_anywhere_cache (#21537)

IMPROVEMENTS:

• alloydb: added ability to upgrade major version in google_alloydb_cluster with database_version (#21582)
• compute: added creation_timestamp, next_hop_peering, warnings.code, warnings.message, warnings.data.key, warnings.data.value, next_hop_hub, route_type, as_paths.path_segment_type, as_paths.as_lists and route_status fields to google_compute_route resource (#21534)
• compute: added max_stream_duration field to google_compute_url_map resource (#21535)
• compute: added network_interface.network_attachment field to google_compute_instance resource (ga) (#21606)
• compute: added network_interface.network_attachment to google_compute_instance data source (ga) (#21606)
• compute: added fields architecture, source_instant_snapshot, source_storage_object, resource_manager_tags to google_compute_disk. (#21598)
• container: added enum value UPGRADE_INFO_EVENT for GKE notification filter in google_container_cluster resource (#21609)
• iam: added AZURE_AD_GROUPS_ID field to google_iam_workforce_pool_provider.extra_attributes_oauth2_client.attributes_type resource (#21624)
• networkconnectivity: added policy_mode field to google_network_connectivity_hub resource (#21589)
• networkservices: added location field to google_network_services_grpc_route resource (#21621)
• storagetransfer: added logging_config field to google_storage_transfer_job resource (#21523)

BUG FIXES:

• bigquery: updated the max_staleness field in google_bigquery_table to be a computed field (#21596)
• chronicle: fixed an error during resource creation with certain run_frequency configurations in google_chronicle_rule_deployment (#21610)
• discoveryengine: fixed bug preventing creation of google_discovery_engine_target_site resources (#21628)
• eventarc: fixed an issue where google_eventarc_trigger creation failed due to the region could not be parsed from the trigger's name (#21528)
• publicca: encode b64_mac_key in base64url, not in base64 (#21612)
• storage: fixed a 412 error returned on some google_storage_bucket_iam_policy deletions (#21626)

v6.23.0

NOTES:

• The google_sql_user resource now supports password_wo write-only arguments
• The google_bigquery_data_transfer_config resource now supports secret_access_key_wo write-only arguments
• The google_secret_version resource now supports secret_data_wo write-only arguments

IMPROVEMENTS:

• sql: added password_wo and password_wo_version fields to google_sql_user resource (#21616)
• bigquerydatatransfer: added secret_access_key_wo and secret_access_key_wo_version fields to google_bigquery_data_transfer_config resource (#21617)
• secretmanager: added secret_data_wo and secret_data_wo_version fields to google_secret_version resource (#21618)

v6.22.0

NOTES:

• provider: The Terraform Provider for Google Cloud's regular release date will move from Monday to Tuesday in early March. The 2025/03/10 release will be made on 2025/03/11.

DEPRECATIONS:

• datacatalog: deprecated google_data_catalog_tag_template. Use google_dataplex_aspect_type instead. For steps to transition your Data Catalog users, workloads, and content to Dataplex Catalog, see https://cloud.google.com/dataplex/docs/transition-to-dataplex-catalog. (#9347)
• datacatalog: deprecated google_data_catalog_entry_group. Use google_dataplex_entry_group instead. For steps to transition your Data Catalog users, workloads, and content to Dataplex Catalog, see https://cloud.google.com/dataplex/docs/transition-to-dataplex-catalog. (#9349)

FEATURES:

• New Data Source: google_alloydb_cluster (#21496)
• New Data Source: google_project_ancestry (#21413)
• New Resource: google_gemini_data_sharing_with_google_setting_binding (#21479)
• New Resource: google_gemini_logging_setting_binding (#21429)
• New Resource: google_gemini_logging_setting (#21404)
• New Resource: google_spanner_instance_partition (#21475)

IMPROVEMENTS:

• backupdr: promoted google_backup_dr_management_server, google_backup_dr_backup_plan_association, and google_backup_dr_backup_plan resources to GA
• compute: added import_subnet_routes_with_public_ip and export_subnet_routes_with_public_ip fields to google_compute_network_peering_routes_config resource (#21405)
• developerconnect: added bitbucket_cloud_config and bitbucket_data_center_config fields to google_developer_connect_connection resource (#21433)
• gemini: promoted google_gemini_release_channel_setting resource to GA (#21481)
• iam: added extra_attributes_oauth2_client field to google_iam_workforce_pool_provider resource (#21430)
• iambeta: promoted google_iam_workload_identity_pool and google_iam_workload_identity_pool_provider data sources to GA (#21408)
• redis: added kms_key field to google_redis_cluster resource (#21428)
• tpuv2: added network_config field to google_tpu_v2_queued_resource resource (#21426)

BUG FIXES:

• apigee: fixed error when deleting google_apigee_organization (#21473)
• bigtable: fixed a bug where sometimes updating an instance's cluster list could result in an error if there was an existing cluster with autoscaling enabled (#21503)
• chronicle: fixed bug setting enabled on creation in google_chronicle_rule_deployment (#21460)

v6.21.0

NOTES:

• provider: The Terraform Provider for Google Cloud's regular release date will move from Monday to Tuesday in early March. The 2025/03/10 release will be made on 2025/03/11.

FEATURES:

• New Data Source: google_alloydb_instance (#21383)
• New Resource: google_firebase_data_connect_service (#21368)
• New Resource: google_gemini_data_sharing_with_google_setting (#21393)
• New Resource: google_gemini_gemini_gcp_enablement_setting (#21357)
• New Resource: google_gemini_logging_setting_binding (#21354)
• New Resource: google_gemini_release_channel_setting (#21387
• New Resource: google_gemini_release_channel_setting_binding (#21387
• New Resource: google_netapp_volume_quota_rule (#21283)

IMPROVEMENTS:

• accesscontextmanager: added etag to access context manager directional policy resources google_access_context_manager_service_perimeter_dry_run_egress_policy, google_access_context_manager_service_perimeter_dry_run_ingress_policy, google_access_context_manager_service_perimeter_egress_policy and google_access_context_manager_service_perimeter_ingress_policy to prevent overriding changes (#21366)
• accesscontextmanager: added title field to policy blocks under google_access_context_manager_service_perimeter and variants (#21302)
• artifactregistry: set pageSize to 1000 to speedup google_artifact_registry_docker_image data source queries (#21360)
• compute: added labels field to google_compute_ha_vpn_gateway resource (#21385)
• compute: added validation for disk names in google_compute_disk (#21335)
• container: added new fields container_log_max_size, container_log_max_files, image_gc_low_threshold_percent, image_gc_high_threshold_percent, image_minimum_gc_age, image_maximum_gc_age, and allowed_unsafe_sysctls to node_kubelet_config block in google_container_cluster resource. (#21319)
• monitoring: added condition_sql field to google_monitoring_alert_policy resource (#21277)
• networkservices: added location field to google_network_services_mesh resource (#21337)
• securitycenter: added type, expiry_time field to google_scc_mute_config resource (#21318)

BUG FIXES:

• chronicle: fixed creation issues when optional fields were missing for google_chronicle_rule_deployment resource (#21389)
• databasemigrationservice: fixed error details type on google_database_migration_service_migration_job (#21279)
• networkservices: fixed a bug with google_network_services_authz_extension.wire_format sending an invalid default value by removing the Terraform default and letting the API set the default. (#21280)

v6.20.0

NOTES:

• provider: The Terraform Provider for Google Cloud's regular release date will move from Monday to Tuesday in early March. The 2025/03/10 release will be made on 2025/03/11.
• compute: google_compute_firewall_policy now uses MMv1 engine instead of DCL. (#21235)

FEATURES:

• New Data Source: google_beyondcorp_application_iam_policy (#21199)
• New Data Source: google_parameter_manager_parameter_version_render (#21104)
• New Resource: google_beyondcorp_application (#21199)
• New Resource: google_beyondcorp_application_iam_binding (#21199)
• New Resource: google_beyondcorp_application_iam_member (#21199)
• New Resource: google_beyondcorp_application_iam_policy (#21199)
• New Resource: google_bigquery_analytics_hub_listing_subscription (#21189)
• New Resource: google_colab_notebook_execution (#21100)
• New Resource: google_colab_schedule (#21233)

IMPROVEMENTS:

• accesscontextmanager: added resource to sources in egress_from under resources google_access_context_manager_service_perimeter, google_access_context_manager_service_perimeters, google_access_context_manager_service_perimeter_egress_policy, google_access_context_manager_service_perimeter_dry_run_egress_policy (#21190)
• cloudrunv2: added base_image_uri and build_info to google_cloud_run_v2_service (#21236)
• colab: added auto_upgrade field to google_colab_runtime (#21214)
• colab: added software_config.post_startup_script_config field to google_colab_runtime_template (#21200)
• colab: added desired_state field to google_colab_runtime, making it startable/stoppable. (#21207)
• compute: added ip_collection field to google_compute_forwarding_rule resource (#21188)
• compute: added mode and allocatable_prefix_length fields to google_compute_public_delegated_prefix resource (#21216)
• compute: allow parallelization of google_compute_per_instance_config and google_compute_region_per_instance_config deletions by not locking on the parent resource, but including instance name. (#21095)
• container: added auto_monitoring_config field and subfields to the google_container_cluster resource (#21229)
• filestore: added initial_replication field for peer instance configuration and effective_replication output for replication configuration output to google_filestore_instance (#21194)
• memorystore: added CLUSTER_DISABLED to mode field in google_memorystore_instance (#21092)
• networkservices: added compression_mode and allowed_methods fields to google_network_services_edge_cache_service resource (#21195)
• privateca: added user_defined_access_urls and subfields to google_privateca_certificate_authority resource to add support for custom CDP AIA URLs (#21220)
• workbench: added enable_third_party_identity field to google_workbench_instance resource (#21265)

BUG FIXES:

• appengine: added a mitigation for an upcoming default change to standard_scheduler_settings.max_instances for new google_app_engine_standard_app_version resources. If the field is not specified in configuration, diffs will now be ignored. (#21257)
• bigquery: added diff suppression for legacy values in renewal_plan field in google_bigquery_capacity_commitment resource (#21103)
• compute: fixed google_compute_(region_)resize_request requiring region/zone to be specified in all cases. They can now be pulled from the provider. (#21264)
• container: reverted locking behavior in google_container_node_pool that caused regression of operation apply time spike started in v6.15 (#21102)
• gemini: fixed a bug where the force_destroy field in resource gemini_code_repository_index did not work properly (#21212)
• workbench: fixed a bug with google_workbench_instance metadata removal not working as expected (#21204)

v5.45.2

NOTES:

• 5.45.2 contains no changes from 5.45.1. This release is being made to ensure that the version numbers of the google and google-beta provider releases remain aligned, as google-beta's 5.45.2 release contains a beta-only change.

v6.19.0

DEPRECATIONS:

• beyondcorp: deprecated location on google_beyondcorp_security_gateway. The only valid value is global, which is now also the default value. The field will be removed in a future major release. (#21006)

FEATURES:

• New Data Source: google_parameter_manager_parameter_version (#21055)
• New Data Source: google_parameter_manager_parameters (#21043)
• New Data Source: google_parameter_manager_regional_parameter_version (#21073)
• New Resource: google_beyondcorp_security_gateway_iam_binding (#21078)
• New Resource: google_beyondcorp_security_gateway_iam_member (#21078)
• New Resource: google_beyondcorp_security_gateway_iam_policy (#21078)

IMPROVEMENTS:

• accesscontextmanager: added etag to google_access_context_manager_service_perimeter_dry_run_resource to prevent overriding list of resources (#21005)
• compute: allowed parallelization of google_compute_(region_)per_instance_config by not locking on the parent resource, but including instance name. (#21001)
• compute: added network_profile field to google_compute_network resource. (#21027)
• compute: added zero_advertised_route_priority field to google_compute_router_peer (#21024)
• container: added max_run_duration to node_config in google_container_cluster and google_container_node_pool (#21071)
• dataproc: added encryption_config to google_dataproc_workflow_template (#21077)
• gkehub2: added support for fleet_default_member_config.config_management.config_sync.metrics_gcp_service_account_email field to google_gke_hub_feature resource (#21042)
• iam: added prefix and regex fields to google_service_accounts data source (#21020)
• pubsub: added ingestion_data_source_settings.aws_msk and ingestion_data_source_settings.confluent_cloud fields to google_pubsub_topic resource (#20999)
• spanner: added encryption_config field to google_spanner_backup_schedule (#21067)
• workflows: added tags and workflow_tags fields to google_workflows_workflow resource (#21053)

BUG FIXES:

• alloydb: marked google_alloydb_user.password as sensitive (#21014)
• beyondcorp: corrected location to always be global in google_beyondcorp_security_gateway (#21006)
• cloudquotas: removed validation for parent in google_cloud_quotas_quota_adjuster_settings (#21054)
• compute: made google_compute_router_peer.advertised_route_priority use server-side default if unset. To set the value to 0 you must also set zero_advertised_route_priority = true. (#21024)
• container: fixed a diff caused by server-side set values for node_config.resource_labels (#21082)
• container: marked cluster_autoscaling.resource_limits.maximum as required, as requests would fail if it was not set (#21051)
• firestore: fixed error preventing deletion of wildcard google_firestore_field resources (#21034)
• netapp: fixed an issue where a diff on zone would be found if it was unspecified in google_netapp_storage_pool (#21060)
• networksecurity: fixed sporadic-diff in google_network_security_security_profile (#21070)
• spanner: fixed bug with google_spanner_instance.force_destroy not setting billing_project value correctly (#21023)
• storage: fixed an issue where plans with a dependency on the content field in the google_storage_bucket_object_content data source could erroneously fail (#21074)