feat(deps): Update Terraform Google Provider to v7 (major)

[renovate]

Note: This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Type	Update	Change
google (source)	required_provider	major	>= 3.50, < 7 → >= 3.50, < 8
google-beta (source)	required_provider	major	>= 3.50, < 7 → >= 3.50, < 8

---

Release Notes

hashicorp/terraform-provider-google (google)

v7.14.1

Compare Source

BUG FIXES:

• provider: fixed an issue where error type 409 and 412 were not being correctly retried. This commonly shows up in IAM resources, but can appear in other resources as well (#​25596)
• servicedirectory: fixed an issue where google_service_directory_endpoint or google_service_directory_service without metadata specified would have other fields removed on update (#​25588)

v7.14.0

Compare Source

DEPRECATIONS:

• managedkafka: added deprecation warning for google_managed_kafka_connect_cluster additional_subnets field (#​25487)

FEATURES:

• New Data Source: google_artifact_registry_versions (#​25512)
• New Data Source: google_cloud_identity_policies (#​25513)
• New Data Source: google_compute_region_security_policy (#​25488)
• New Data Source: google_compute_storage_pool (#​25485)
• New Resource: google_compute_cross_site_network (#​25479)
• New Resource: google_compute_wire_group (#​25479)
• New Resource: google_network_services_multicast_group_consumer_activation (#​25515)
• New Resource: google_network_services_multicast_group_producer_activation (#​25472)

IMPROVEMENTS:

• alloydb: added connection_pool_config, connection_pool_config.enabled and connection_pool_config.flags in google_alloydb_instance resource (#​25484)
• colab: added software_config.post_startup_script_config field to google_colab_runtime_template (#​25509)
• compute: added new field instance_flexibility_policy.instance_selection.min_cpu_platform & instance_flexibility_policy.instance_selection.disks to google_compute_region_instance_group_manager (#​25444)
• dataplex: removed the need for import in google_dataplex_entry when using first party source systems (#​25507)
• dataproc: added auto_stop_time and idle_stop_ttl to google_dataproc_cluster resource (#​25456)
• eventarc: added retry_policy field to google_eventarc_trigger resource (#​25467)
• networksecurity: enabled in-place update for custom_mirroring_profile.mirroring_deployment_groups on google_network_security_security_profile (#​25508)
• spanner: added autoscaling_config.autoscaling_targets.total_cpu_utilization_percent field to google_spanner_instance resource (#​25495)
• sql: added changes to ignore changes in backup configuration's fields like enabled, binary_log_enabled, start_time, point_in_time_recovery_enabled, transaction_log_retention_days and backup_retention_settings.retained_backups in google_sql_database_instance if the instance is managed by Google Cloud Backup and Disaster (DR) Recovery Service. (#​25516)

BUG FIXES:

• compute: fixed google_compute_network in-place update to enable enable_ula_internal_ipv6. (#​25468)
• iam: fixed error 409 concurrency policy changes by correctly detecting the error type. (#​25473)
• sql: fixed an issue where the computed psc_service_attachment_link attribute was not being exported properly in google_sql_database_instance resource and datasources (#​25510)

v7.13.0

Compare Source

NOTES:

• alloydb: reverted requiring initial_user.password as required on create for new google_alloydb_cluster resources, instead initial_user.password or initial_user.user must be set if initial_user is specified for google_alloydb_cluster resources (#​25366)
• privateca: modified encryption_spec field from google_privateca_ca_pool resource to be mutable and allow cmek key rotation (#​25267)

DEPRECATIONS:

• cloudquotas: deprecated effective_container and effective_enablement fields in the google_cloud_quotas_quota_adjuster_settings resource (#​25443)
• dlp: deprecated publish_findings_to_cloud_data_catalog field in google_data_loss_prevention_job_trigger resource. Use publish_findings_to_dataplex_catalog field instead. (#​25250)
• networkservices: removed google_service_binding resource due to service binding support being disabled (#​25367)

FEATURES:

• New Resource: google_ces_app_version (#​25297)
• New Resource: google_compute_organization_security_policy (#​25322)
• New Resource: google_dialogflow_generator (#​25340)
• New Resource: google_dialogflow_version (#​25179)
• New Resource: google_discovery_engine_widget_config (#​25378)
• New Resource: google_iam_workforce_pool_provider_scim_token (#​25270)
• New Resource: google_network_services_lb_edge_extension (#​25299)
• New Resource: google_network_services_multicast_consumer_association (#​25321)
• New Resource: google_network_services_multicast_group_range_activation (#​25386)
• New Resource: google_network_services_multicast_group_range (#​25353)
• New Resource: google_network_services_multicast_producer_association (#​25291)

IMPROVEMENTS:

• alloydb: added password_wo and password_wo_version fields to google_alloydb_user resource (#​25266)
• apphub: added identity field to google_apphub_service and google_apphub_workload resources (#​25363)
• backupdr: added encryption_config field to google_backup_dr_backup_vault resource (#​25221)
• ces: added client_function.parameters.max_items, client_function.parameters.min_items, client_function.parameters.maximum, client_function.parameters.minimum, client_function.parameters.title, client_function.response.max_items, client_function.response.min_items, client_function.response.maximum, client_function.response.minimum, and client_function.response.title fields to google_ces_tool resource (#​25309)
• ces: added entry_agent field to google_ces_example resource (#​25182)
• ces: added google_search_tool.context_urls, google_search_tool.preferred_domains, and open_api_tool.api_authentication.bearer_token_config fields to google_ces_tool resource (#​25309)
• ces: added message.chunk.tool_response and message.chunk.tool_call fields to google_ces_example resource (#​25182)
• ces: added pinned and variable_declarations.schema.title fields to google_ces_app resource (#​25233)
• cloudsecuritycompliance: added cloud_control_details.parameters.parameter_value.oneof_value fields to google_cloud_security_compliance_framework_deployment resource (#​25382)
• cloudsecuritycompliance: added cloud_control_details.parameters.parameter_value.oneof_value fields to google_cloud_security_compliance_framework resource (#​25382)
• cloudsecuritycompliance: added parameter_spec.default_value.oneof_value and validation.allowed_values.values.oneof_value fields to google_cloud_security_compliance_cloud_control resource (#​25441)
• cloudsecuritycompliance: added sub_parameters field to google_cloud_security_compliance_cloud_control resource (#​25441)
• colab: added custom_environment_spec field to google_colab_notebook_execution resource (#​25379)
• compute: added network_pass_through_lb_traffic_policy field to google_compute_region_backend_service resource. (#​25223)
• compute: added params field to google_compute_interconnect resource (#​25350)
• compute: added show_nat_ips and nat_ips fields to google_compute_service_attachment (#​25296)
• compute: added snapshot_type field to google_compute_snapshot resource (#​25348)
• compute: added new field instance_flexibility_policy.instance_selection.min_cpu_platform & instance_flexibility_policy.instance_selection.disks to google_compute_region_instance_group_manager (#​25444)
• container: added autoscaled_rollout_policy field to google_container_node_pool resource (beta) (#​25362)
• container: added node_kernel_module_loading.policy field to google_container_node_pool and google_container_cluster resources (#​25383)
• filestore: added support for updating directory_services fields in place in google_filestore_instance (#​25315)
• iamworkforcepool: added claim_mapping, purge_time, and service_agent fields to google_iam_workforce_pool_provider_scim_tenant resource (#​25270)
• looker: added controlled_egress_enabled and controlled_egress_config fields to google_looker_instance resource (#​25214)
• lustre: added kms_key field to google_lustre_instance resource (#​25261)
• modelarmor: added google_mcp_server_floor_setting field to google_model_armor_floorsetting resource (#​25313)
• monitoring: fixes an issue with google_monitoring_alert_policy where it ignores the resource project during Import (#​25287)
• netapp: added public docs link for google_netapp_host_group resource (#​25368)
• netapp: added 'nfsv4' to custom update export_policy object in google_netapp_volume resource (#​25442)
• oracledatabase: added properties.cpu_core_count, properties.secret_id, and properties.vault_id fields to google_oracle_database_autonomous resource (#​25264)
• oracledatabase: added properties.time_zone.version field to google_oracle_database_cloud_vm_cluster resource (#​25264)
• servicedirectory: promoted google_service_directory_namespace, google_service_directory_service, and google_service_directory_endpoint to GA (#​25177)
• servicedirectory: replaced metadata KeyValuePair with annotations KeyValueAnnotations in google_service_directory_service, and google_service_directory_endpoint resources (#​25177)
• sql: added write-only argument for root_password in google_sql_database_instance resource (#​25252)
• storage: added contexts for resource google_storage_bucket_object (#​25346)
• vertex_ai: added resourceLimits, minInstances, maxInstances, containerConcurrency and sourceCodeSpec fields to google_vertex_ai_reasoning_engine resource (#​25349)

BUG FIXES:

• bigquery: fixed the permadiff when email field values contain non-lower-case characters in access in google_bigquery_dataset (#​25317)
• bigquery: fixed the permadiff when table schema is unchanged for a google_bigquery_table with row access policies (#​25256)
• cloudrunv2: fixed permadiff if scaling field is unset on resource google_cloud_run_v2_service (#​25310)
• compute: fixed an issue where the bgp_always_compare_med field could not be unset in in google_compute_network. It can now be unset by configuring the new field delete_bgp_always_compare_med to a value of true. (#​25288)
• compute: fixed crashes when no network_endpoints block specified in google_compute_network_endpoints resource or no network endpoints exist (#​25220)
• compute: fixed the terms field in google_compute_router_route_policy to be updatable without forcing resource recreation (#​25289)
• container: fixed a perpetual diff in google_container_cluster resource when enable_l4_ilb_subsetting is enabled by the GKE control plane and not explicitly set in the configuration (#​25323)
• dialogflowcx: fixed update_mask in google_dialogflow_cx_playbook where a granular update mask is required. (#​25254)
• discoveryengine: fixed a permadiff on advanced_site_search_config in google_discovery_engine_data_store resource (#​25387)
• iamworkforcepool: fixed bug in google_iam_workforce_pool_provider_scim_token where base_uri wasn't set correctly from the API (#​25270)
• logging: fixed an issue with google_logging_*_sink.include_children fields not being updatable to true (#​25247)
• memorystore: fixed an issue where a permadiff on desired_auto_created_endpoints caused the google_memorystore_instance resource to recreated. (#​25278)
• spanner: prevented recreation when kms_key_name and kms_key_names are same for google_spanner_database (#​25215)

v7.12.0

Compare Source

DEPRECATIONS:

• backupdr: deprecated required_type in google_backup_dr_backup_plan_associations and google_backup_dr_data_source_references. Both resources no longer have functionality, and will be removed in the next major release. (#​25107)

FEATURES:

• New Resource: google_ces_agent (#​25106)
• New Resource: google_ces_guardrail (#​25112)
• New Resource: google_ces_tool (#​25113)
• New Resource: google_cloud_security_compliance_cloud_control (#​25137)
• New Resource: google_cloud_security_compliance_framework_deployment (#​25138)
• New Resource: google_cloud_security_compliance_framework (#​25111)
• New Resource: google_discovery_engine_serving_config (#​25105)
• New Resource: google_oracle_database_exascale_db_storage_vault (#​25129)

IMPROVEMENTS:

• apphub: added functional_type, registration_type, and extended_metadata fields to google_apphub_service and google_apphub_workload resources (#​25145)
• ces: added bearer_token_config field to google_ces_toolset resource (#​25119)
• ces: added client_certificate_settings field to google_ces_app resource (#​25117)
• compute: added block_names field to google_compute_reservation resource (#​25121)
• compute: added sub_block_names field to google_compute_reservation_block data source (#​25121)
• compute: added tls_settings field to google_compute_regional_backend_service resource (#​25068)
• container: added end_time_behavior field to google_container_cluster resource (#​25120)
• container: added writable_cgroups field to node_config.defaults.containerd_config in google_container_cluster resource (#​25140)
• dataplex: added catalog_publishing_enabled field to data_profile_spec in google_dataplex_datascan resource (#​25143)
• dns: added forwarding_config.target_name_servers.ipv6_address argument to google_dns_managed_zone resource (#​25131)
• gkeonprem: added advanced_networking, multiple_network_interfaces_config and bgp_lb_config fields to google_gkeonprem_bare_metal_cluster resource (#​25136)
• managedkafka: added broker_capacity_config field to google_managed_kafka_cluster resource (#​25074)
• networksecurity: added endpoint_settings.jumbo_frames_enabled field to google_network_security_firewall_endpoint resource (#​25073)
• run: added readiness_probe field to cloud_run_service resource (#​25114)

BUG FIXES:

• backupdr: updated google_backup_dr_backup_plan_associations and google_backup_dr_data_source_references to use LIST APIs, and require the correct List permissions (#​25107)
• provider: an issue preventing X.509 certificates from being used for authentication when supplied as Application Default Credentials as been resolved (#​25144)

v7.11.0

Compare Source

DEPRECATIONS:

• pubsublite: google_pubsub_lite_reservation will be turned down effective March 18, 2026. Use google_pubsub_reservation instead. (#​25058)
• pubsublite: google_pubsub_lite_subscription will be turned down effective March 18, 2026. Use google_pubsub_subscription instead. (#​25058)
• pubsublite: google_pubsub_lite_topic will be turned down effective March 18, 2026. Use google_pubsub_topic instead. (#​25058)

BREAKING CHANGES:

• netapp: made google_netapp_volume.export_policy.rules.squash_mode not preserve values returned by the API. Without this change, unsetting squash_mode in the provider can cause an API error. (#​25059)

FEATURES:

• New Data Source: google_artifact_registry_python_packages (#​25053)
• New Data Source: google_cloud_identity_policy (#​24946)
• New Data Source: google_compute_reservation_block (#​25034)
• New Data Source: google_compute_reservation_sub_block (#​25034)
• New Resource: google_ces_deployment (#​24945)
• New Resource: google_ces_example (#​25056)
• New Resource: google_discovery_engine_user_store (#​25054)

IMPROVEMENTS:

• bigquery: added external_data_configuration.decimal_target_types to google_bigquery_table (#​24936)
• compute: added internal_ipv6_prefix field to the google_compute_subnetwork resource (#​25037)
• compute: added ipv6_access_type field and INTERNAL_IPV6_SUBNETWORK_CREATION as a supported value for the mode field in google_compute_public_delegated_prefix resource (#​24940)
• compute: added ipv6_access_type field to google_compute_public_advertised_prefix resource (#​24911)
• dataplex: added data_documentation_spec field to google_dataplex_datascan resource to support the DATA_DOCUMENTATION scan type (#​25044)
• dataproc: added resource_manager_tags to google_dataproc_cluster resource (#​25057)
• lustre: added placement_policy field to google_lustre_instance resource (#​25042)
• netapp: added cache_parameters field to google_netapp_volume resource (#​24909)
• secretmanager: added project and short name support for secret on google_secret_manager_secret_version (#​25045)
• secretmanager: added project and short name support for secret on ephemeral google_secret_manager_secret_version (#​25045)

BUG FIXES:

• alloydb: fixed issue with creation when initial_user.password was set to a computed value in google_alloydb_cluster (#​25036)
• bigquery: fixed extraneous diffs in google_bigquery_table.external_data_configuration.schema (#​24936)
• compute: fixed a breaking change in google_compute_instance introduced in 7.9.0 where a destroy-diff is prompted for instances with preset GPUs (#​25021)
• container: added KUBE_DNS as an accepted value for cluster_dns field on google_container_cluster (#​24953)
• netapp: fixed bug where unsetting export_policy.rules.squash_mode on google_netapp_volume can cause an API error (#​25059)
• pubsub: fixed bug where google_pubsub_subscription could only be updated if bigquery_config was modified (#​24952)
• sql: fixed bug where final_backup_description in google_sql_database_instance resource wasn't set on the final backup on delete (#​25055)
• storage: fixed bug where certain changes to google_storage_bucket_acl.role_entity were ignored (#​24949)
• workstations: fixed bug in google_workstations_workstation where setting source_workstation caused a permadiff that forced recreation (#​24941)
• vmwareengine: made deletion of google_vmwareengine_private_cloud wait until the deletion completes (#​25040)

v7.10.0

Compare Source

BREAKING CHANGES:

• alloydb: marked initial_user.password as required on create of new google_alloydb_cluster resources. This change aligns the provider with existing API constraints to surface errors earlier. (#​25022)

FEATURES:

• New Resource: google_ces_app (#​24861)
• New Resource: google_ces_toolset (#​24885)
• New Resource: google_discovery_engine_control (#​24883)
• New Resource: google_netapp_host_group (#​24876)
• New Resource: google_network_management_organization_vpc_flow_logs_config (#​24896)
• New Resource: google_network_services_multicast_domain (#​24864)
• New Resource: google_privileged_access_manager_settings (#​24878)
• New Ephemeral Resource: google_client_config (#​24900)

IMPROVEMENTS:

• cloudfunctions2: added direct_vpc_network_interface and direct_vpc_egress field to google_cloudfunctions2_function resource (#​24895)
• cloudrunv2: added template.container.depends_on field to google_cloud_run_v2_worker_pool resource (#​24893)
• compute: added grpc_tls_health_check field to google_compute_healthcheck resource (#​24872)
• container: added network_tier_config to google_container_cluster resource. (#​24877)
• eventarc: added labels field to google_eventarc_channel resource (#​24854)
• netapp: added block_devices field and ISCSI protocol support to goolge_netapp_volume resource, and increased timeouts on its operations (#​24898)
• netapp: added type field to google_netapp_storage_pool resource (#​24867)
• vertexai: added psc_automation_configs field to google_vertex_ai_endpoint resource (#​24870)
• vertexai: added sync_config.continuous field to google_vertex_ai_feature_online_store_featureview (#​24881)

BUG FIXES:

• accesscontextmanager: fixed issue where google_access_context_manager_service_perimeter_[dry_run_][egress|ingress]_policy caused the provider to crash when a provided identity casing was invalid. (#​24886)
• apigee: fixed issue where credentials block was not populated in the Terraform state in google_apigee_developer_app resource (#​24880)
• compute: fixed google_compute_network_firewall_policy_rule staying disabled after apply with disabled = false (#​24879)
• compute: fixed a breaking change in google_compute_instance introduced in 7.9.0 where a destroy-diff is prompted for instances with preset GPUs (#​25020
• compute: resolve permadiff for display_name in new deployments of google_compute_organization_security_policy (#​24882)
• storage: fixed a conversion error in google_storage_bucket state migration. This bug impacted Pulumi users. (#​24853)

v7.9.0

Compare Source

BREAKING CHANGES:

• beyondcorp: made the ports field in endpoint_matchers required in response to a change in the API surface. (#​24770)

FEATURES:

• New Resource: google_firestore_user_creds (#​24794)
• New Resource: google_network_security_dns_threat_detector (#​24744)

IMPROVEMENTS:

• appengine: added ssl_policy to application on google_app_engine_application resource (#​24786)
• bigquery: added support for IAM conditions in google_bigquery_dataset_iam_* (#​24778)
• compute: promoted policy_type to GA in google_compute_network_firewall_policy, google_compute_network_firewall_policy_with_rules, google_compute_region_network_firewall_policy, google_compute_region_network_firewall_policy_with_rules. (#​24769)
• container: added dns_endpoint_confg.enable_k8s_tokens_via_dns and dns_endpoint_config.enable_k8s_certs_via_dns fields to google_container_cluster resource (#​24774)
• container: added fleet.membership_type field to google_container_cluster resource (#​24759)
• dataplex: added data_classification field to google_dataplex_aspect_type resource (#​24807)
• iamworkforcepool: added scim_usage field to workforce_pool_provider resource (#​24787)
• memorystore: added available_maintenance_versions field to google_memorystore_instance resource (#​24745)
• memorystore: added maintenance_version field to google_memorystore_instance resource (#​24740)
• redis: added available_maintenance_versions field to google_redis_cluster resource (#​24745)
• redis: added maintenance_version field to google_redis_cluster resource (#​24740)
• storagetransfer: added transfer_manifest field to google_storage_transfer_job resource (#​24768)

BUG FIXES:

• bigquery: added validation for target_types in google_bigquery_dataset_access (#​24810)
• cloudquotas: resolved permadiff for preferred_value in google_cloud_quotas_quota_preference (#​24776)
• compute: fixed scenario where google_compute_instance would not be staged for recreation if guest_accelerator.count was updated to 0 from non-zero value (#​24762)
• sql: fixed an issue where dataDiskSize was unintentionally null instead of set to the current value in API requests, triggering unrelated errors (#​24790)

v7.8.0

Compare Source

FEATURES:

• New Data Source: google_artifact_registry_packages (#​24696)
• New Data Source: google_network_management_connectivity_tests (#​24635)
• New Resource: google_apigee_environment_api_revision_deployment (#​24657)
• New Resource: google_dataplex_entry_link (#​24737)
• New Resource: google_discovery_engine_assistant (#​24724)
• New Resource: google_oracle_database_db_system (#​24733)
• New Resource: google_saas_runtime_unit (#​24692)

IMPROVEMENTS:

• compute: added IN_FLIGHT to balancing_mode on google_compute_backend_service resource (#​24710)
• compute: added new field instance_lifecycle_policy.on_repair.allow_changing_zone to google_compute_region_instance_group_manager & google_compute_instance_group_manager (#​24706)
• compute: promoted security_policy in compute_region_backend_service resource to GA (#​24693)
• compute: promoted the google_compute_preview_feature resource to GA. (#​24725)
• compute: the activation_status attribute within the google_compute_preview_feature resource now uses the ACTIVATION_STATE_UNSPECIFIED value instead of DISABLED. Support for DISABLED will be added in a future release. (#​24725)
• datastream: added backfill_all.mongodb_excluded_objects and source_config.mongodb_source_config fields to google_datastream_stream (#​24727)
• datastream: added mongodb_profile field to google_datastream_connection_profile (#​24727)
• discoveryengine: added connector_modes, sync_mode, incremental_refresh_interval, auto_run_disabled, and incremental_sync_disabled fields to google_discovery_engine_data_connector resource (#​24658)
• discoveryengine: added kms_key_name field to google_discovery_engine_search_engine resource (#​24658)
• discoveryengine: added in-place update support for entities.params and entities.key_property_mappings in google_discovery_engine_data_connector (#​24739)
• dlp: added publish_findings_to_dataplex_catalog field to google_data_loss_prevention_job_trigger (#​24722)
• iambeta: allowed GKE workload identity pool pattern in workload_identity_pool_id field of google_iam_workload_identity_pool resource. (#​24656)
• memorystore: added maintenance_version field to google_memorystore_instance resource (#​24740)
• memorystore: added available_maintenance_versions field to google_memorystore_instance resource (#​24745)
• networkconnectivity: added HYBRID_INSPECTION enum value to preset_topology field in google_network_connectivity_hub resource (#​24738)
• networkservices: added isolationConfig on google_network_services_service_lb_policies resource (#​24652)
• redis: added deletion_protection field to redis_instance to make deleting them require an explicit intent. redis_instance resources now cannot be destroyed unless deletion_protection = false is set for the resource. (#​24654)
• redis: added maintenance_version field to google_redis_cluster resource (#​24740)
• redis: added available_maintenance_versions field to google_redis_cluster resource (#​24745)
• saas_runtime: added default_release field to google_saas_runtime_unit_kind resource (#​24726)
• sql: added read_pool_auto_scale_config support to sql_database_instance resource (#​24723)

BUG FIXES:

• bigquery: fixed the issue where google_bigquery_table detected an incorrect schema diff on tables with row access policies when the schema was unchanged. (#​24711)
• compute: allow requested_link_count to be updated in-place in google_compute_interconnect resource (#​24705)

v7.7.0

Compare Source

BREAKING CHANGES:

• discoveryengine: changed type of google_discovery_engine_data_connector.entities.params. Previously, it was a map of string keys to string values; now, it must be a JSON-encoded string containing an object. This change is being made in a minor release because the field wasn't usable as intended – specifically, all current valid uses require mapping strings to lists of strings. (#​24658)

FEATURES:

• New Data Source: google_network_management_connectivity_tests (#​24635)
• New Resource: google_apigee_developer_app (#​24625)
• New Resource: google_discovery_engine_license_config (#​24619)
• New Resource: google_iam_workforce_pool_provider_scim_tenant (#​24587)
• New Resource: google_kms_project_kaj_policy_config (#​24622)
• New Resource: google_saas_runtime_tenant (#​24608)

IMPROVEMENTS:

• apigee: updated the scopes argument in google_apigee_api_product resource to be order-insensitive. (#​24625)
• beyondcorp: added proxy_protocol_config and service_discovery fields to google_beyondcorp_security_gateway resource (#​24609)
• cloudrunv2: added default_uri_disabled field to google_cloud_run_v2_service resource. (GA promotion) (#​24602)
• cloudrunv2: added health_check_disabled field to google_cloud_run_v2_service resource. (#​24602)
• compute: added params field to google_compute_router resource (GA) (#​24611)
• discoveryengine: added connector_modes, sync_mode, incremental_refresh_interval, auto_run_disabled, and incremental_sync_disabled fields to google_discovery_engine_data_connector resource (#​24658)
• discoveryengine: added kms_key_name field to google_discovery_engine_search_engine resource (#​24658)
• dlp: added publish_to_dataplex_catalog field to discovery_config resource (#​24621)
• gkeonprem: made it possible to set the on_prem_version field on google_gkeonprem_vmware_node_pool (previously output-only) (#​24614)
• memcache: added deletion_protection field to memcache_instance to make deleting them require an explicit intent. memcache_instance resources now cannot be destroyed unless deletion_protection = false is set for the resource. (#​24613)
• metastore: added tags field to google_dataproc_metastore_service and 'google_dataproc_metastore_federation' resources to allow setting tags for services and federation at creation time (#​24633)
• networksecurity: added URL_FILTERING option to enum field type for google_network_security_security_profile resource (#​24583)
• networksecurity: added url_filtering_profile field to google_network_security_security_profile_group resource (beta) (#​24583)
• networksecurity: added url_filtering_profile field to google_network_security_security_profile resource (beta) (#​24583)
• sql: added source_instance_deletion_time field to google_sql_database_instance_latest_recovery_time data source (#​24576)
• sql: added source_instance_deletion_time field to google_sql_database_instance resource (#​24576)

BUG FIXES:

• bigqueryanalyticshub: fixed google_bigquery_analytics_hub_listing_subscription import (#​24634)
• discoveryengine: fixed bug where it wasn't possible to specify values for knowledgeBaseSysId or catalogSysId in google_discovery_engine_data_connector.entities.params. (#​24658)

v7.6.0

Compare Source

DEPRECATIONS:

• networksecurity: deprecated ignore_case, exact, prefix, suffix and contains fields in http_rules.from.not_sources.principals and http_rules.from.sources.principals blocks in google_network_security_authz_policy resource. Use the equivalent fields in http_rules.from.not_sources.principals.principal or http_rules.from.sources.principals.principal instead. (#​24543)

BREAKING CHANGES:

• container: node_config blocks that had set kubelet_config without explicitly setting cpu_cfs_quota implicitly set cfu_cfs_quota to false when unset. From this version onwards, an unset cpu_cfs_quota will instead match the API default of true true. Resources that are recreated will receive the new value; old resources are unaffected, and may change values by explicitly setting the intended one. (#​24569)
• storageinsights: removed activity_data_retention_period_days field from google_storage_insights_dataset_config resource due to a delayed launch. It will be readded when the feature launches. (#​24570)

FEATURES:

• New Resource: google_kms_folder_kaj_policy_config (#​24513)
• New Resource: google_vertex_ai_cache_config (#​24541)
• New Resource: google_vertex_ai_reasoning_engine (#​24512)

IMPROVEMENTS:

• backupdr: added data_source and rules_config_info fields to google_backup_dr_backup_plan_associations datasource (#​24517)
• beyondcorp: added external, proxy_protocol, and schema fields to google_beyondcorp_security_gateway_application resource (#​24542)
• beyondcorp: changed endpoint_matchers field to not be required anymore in the google_beyondcorp_security_gateway_application resource (#​24542)
• cloudrunv2: added default_uri_disabled field to google_cloud_run_v2_service resource (#​24556)
• compute: added shared_secret_wo and shared_secret_wo_version fields to google_compute_vpn_tunnel resource, enabling write-only management of the shared secret. (#​24491)
• dlp: added SENSITIVITY_UNKNOWN as possible enum value for actions.tag_resources.tag_conditions.sensitivity_score.score in google_data_loss_prevention_discovery_config resource (#​24564)
• dlp: added actions.save_findings.output_config.storage_path field to google_data_loss_prevention_job_trigger resource (#​24558)
• filestore: added file_shares.nfs_export_options.network and networks.psc_config.endpoint_project fields to google_filestore_instance resource (#​24567)
• lustre: increased creation timeout from 20min to 40min for google_lustre_instance resource (#​24559)
• netapp: added hybrid_replication_user_commands field with subfield commands to google_netapp_volume_replication resource (#​24554)
• netapp: added replication_schedule, hybrid_replication_type, `large_volume_constituent

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[dpebot]

/gcbrun

[dpebot]

/gcbrun

[dpebot]

/gcbrun

[dpebot]

/gcbrun

[dpebot]

/gcbrun

[dpebot]

/gcbrun

[dpebot]

/gcbrun

[dpebot]

/gcbrun