v6.15.0

NOTES:

• compute: google_compute_firewall_policy_association now uses MMv1 engine instead of DCL. (#20744)

DEPRECATIONS:

• compute: deprecated numeric_id (string) field in google_compute_network resource. Use the new network_id (integer) field instead (#20698)

FEATURES:

• New Data Source: google_gke_hub_feature (#20721)
• New Resource: google_storage_folder (#20767)

IMPROVEMENTS:

• artifactregistry: added vulnerability_scanning_config field to google_artifact_registry_repository resource (#20726)
• backupdr: promoted datasource google_backup_dr_backup to ga (#20677)
• backupdr: promoted datasource google_backup_dr_data_source to ga (#20677)
• bigquery: added condition field to google_bigquery_dataset_access resource (#20707)
• bigquery: added condition field to google_bigquery_dataset resource (#20707)
• composer: added airflow_metadata_retention_config field to google_composer_environment (#20769)
• compute: added back the validation for target_service field on the google_compute_service_attachment resource to validade a ForwardingRule or Gateway URL (#20711)
• compute: added availability_domain field to google_compute_instance, google_compute_instance_template and google_compute_region_instance_template resources (#20694)
• compute: added network_id (integer) field to google_compute_network resource and data source (#20698)
• compute: added preset_topology field to google_network_connectivity_hub resource (#20720)
• compute: added subnetwork_id field to google_compute_subnetwork data source (#20666)
• compute: made setting resource policies for google_compute_instance outside of terraform or using google_compute_disk_resource_policy_attachment no longer affect the boot_disk.initialize_params.resource_policies field (#20764)
• container: changed google_container_cluster to apply maintenance policy updates after upgrades during cluster update (#20708)
• container: made nodepool concurrent operations scale better for google_container_cluster and google_container_node_pool resources (#20738)
• datastream: added gtid and binary_log_position fields to google_datastream_stream resource (#20777)
• developerconnect: added support for setting up a google_developer_connect_connection resource without specifying the authorizer_credentials field (#20756)
• filestore: added tags field to google_filestore_backup to allow setting tags for backups at creation time (#20718)
• networkconnectivity: added group field to google_network_connectivity_spoke resource (#20689)
• networkmanagement: promoted google_network_management_vpc_flow_logs_config resource to ga (#20701)
• parallelstore: added deployment_type field to google_parallelstore_instance resource (#20785)
• storagetransfer: added replication_spec field to google_storage_transfer_job resource (#20788)
• workbench: made gcs-data-bucket metadata key modifiable in google_workbench_instance resource (#20728)

BUG FIXES:

• accesscontextmanager: fixed permadiff due to reordering on google_access_context_manager_service_perimeter_dry_run_egress_policy egress_from.identities (#20794)
• accesscontextmanager: fixed permadiff due to reordering on google_access_context_manager_service_perimeter_dry_run_ingress_policy ingress_from.identities (#20794)
• accesscontextmanager: fixed permadiff due to reordering on google_access_context_manager_service_perimeter_egress_policy egress_from.identities (#20794)
• accesscontextmanager: fixed permadiff due to reordering on google_access_context_manager_service_perimeter_ingress_policy ingress_from.identities (#20794)
• apigee: fixed 404 error when updating google_apigee_environment (#20745)
• bigquery: fixed DROP COLUMN error with bigquery flexible column names in google_bigquery_table (#20797)
• compute: allowed Service Attachment with Project Number to be used as google_compute_forwarding_rule.target (#20790)
• compute: fixed an issue where terraform plan -refresh=false with google_compute_ha_vpn_gateway.gateway_ip_version would plan a resource replacement if a full refresh had not been run yet. Terraform now assumes that the value is the default value, IPV4, until a refresh is completed. (#20682)
• compute: fixed panic when zonal resize request fails on google_compute_resize_request (#20734)
• compute: fixed perma-destroy for psc_data in google_compute_region_network_endpoint_group resource (#20783)
• compute: fixed google_compute_instance_guest_attributes to return an empty list when queried values don't exist instead of throwing an error (#20760)
• integrationconnectors: allowed AUTH_TYPE_UNSPECIFIED option in google_integration_connectors_connection resource to support non-standard auth types (#20782)
• logging: fixed bug in google_logging_project_bucket_config when providing project in the format of <project-id-only> (#20709)
• networkconnectivity: made include_export_ranges and exclude_export_ranges fields mutable in google_network_connectivity_spoke to avoid recreation of resources (#20742)
• sql: fixed permadiff when settings.data_cache_config is set to false for google_sql_database_instance resource (#20656)
• storage: made resource_google_storage_bucket_object generate diff for md5hash, generation, crc32c if content changes (#20687)
• vertexai: made contents_delta_uri an optional field in google_vertex_ai_index (#20780)
• workbench: fixed an issue where a server-added metadata tag of "resource-url" would not be ignored on google_workbench_instance (#20717)

v6.14.1

BUG FIXES:

• compute: fixed an issue where google_compute_firewall_policy_rule was incorrectly removed from the Terraform state (#20733)

v6.14.0

FEATURES:

• New Resource: google_network_security_intercept_deployment_group (#20615)
• New Resource: google_network_security_intercept_deployment (#20634)
• New Resource: google_network_security_authz_policy (#20595)
• New Resource: google_network_services_authz_extension (#20595)

IMPROVEMENTS:

• compute: google_compute_instance is no longer recreated when changing boot_disk.auto_delete (#20580)
• compute: added CA_ENTERPRISE_ANNUAL option for field cloud_armor_tier in google_compute_project_cloud_armor_tier resource (#20596)
• compute: added network_tier field to google_compute_global_forwarding_rule resource (#20582)
• compute: added rule.rate_limit_options.enforce_on_key_configs field to google_compute_security_policy resource (#20597)
• compute: made metadata_startup_script able to be updated via graceful switch in google_compute_instance (#20655)
• container: added field enable_fqdn_network_policy to resource google_container_cluster (#20609)
• firebasehosting: added headers field in google_firebase_hosting_version resource (beta) (#20654)
• identityplatform: marked quota.0.sign_up_quota_config subfields conditionally required in google_identity_platform_config to move errors from apply time up to plan time, and clarified the rule in documentation (#20627)
• networkconnectivity: added support for updating linked_vpn_tunnels.include_import_ranges, linked_interconnect_attachments.include_import_ranges, linked_router_appliance_instances. instances and linked_router_appliance_instances.include_import_ranges in google_network_connectivity_spoke (#20650)
• orgpolicy: added parameters fields to google_org_policy_policy resource (beta) (#20647)
• storage: added hdfs_data_source field to google_storage_transfer_job resource (#20583)
• tpuv2: added network_configs and network_config.queue_count fields to google_tpu_v2_vm resource (#20621)

BUG FIXES:

• accesscontextmanager: fixed an update bug in google_access_context_manager_perimeter by removing the broken output-only etag field in google_access_context_manager_perimeter and google_access_context_manager_perimeters (#20691)
• compute: fixed permadiff on the recaptcha_options field for google_compute_security_policy resource (#20617)
• compute: fixed issue where updating labels on resource_google_compute_resource_policy would fail because of a patch error with guest_flush (#20632)
• networkconnectivity: fixed linked_router_appliance_instances.instances.virtual_machine and linked_router_appliance_instances.instances.ip_address attributes in google_network_connectivity_spoke to be correctly marked as required. Otherwise the request to create the resource will fail. (#20650)
• privateca: fixed an issue which causes error when updating labels for activated sub-CA (#20630)
• sql: fixed permadiff when 'settings.data_cache_config' is set to false for 'google_sql_database_instance' resource (#20656)

v6.13.0

NOTES:

• New ephemeral resources google_service_account_access_token, google_service_account_id_token, google_service_account_jwt, google_service_account_key now support ephemeral values.
• iam3: promoted resources google_iam_principal_access_boundary_policy, google_iam_organizations_policy_binding, google_iam_folders_policy_binding and google_iam_projects_policy_binding to GA (#20475)
  DEPRECATIONS:
• gkehub: deprecated configmanagement.config_sync.metrics_gcp_service_account_email in google_gke_hub_feature_membership resource (#20561)

FEATURES:

• New Ephemeral Resource: google_service_account_access_token (#20542)
• New Ephemeral Resource: google_service_account_id_token (#20542)
• New Ephemeral Resource: google_service_account_jwt (#20542)
• New Ephemeral Resource: google_service_account_key (#20542)
• New Data Source: google_backup_dr_backup_vault (#20468)
• New Data Source: google_composer_user_workloads_config_map (GA) (#20478)
• New Data Source: google_composer_user_workloads_secret (GA) (#20478)
• New Resource: google_composer_user_workloads_config_map (GA) (#20478)
• New Resource: google_composer_user_workloads_secret (GA) (#20478)
• New Resource: google_gemini_code_repository_index (#20474)
• New Resource: google_network_security_mirroring_deployment (#20489)
• New Resource: google_network_security_mirroring_deployment_group (#20489)
• New Resource: google_network_security_mirroring_endpoint_group_association (#20489)
• New Resource: google_network_security_mirroring_endpoint_group (#20489)

IMPROVEMENTS:

• accesscontextmanager: added etag to google_access_context_manager_service_perimeter and google_access_context_manager_service_perimeters (#20455)
• alloydb: increased default timeout on google_alloydb_cluster to 120m from 30m (#20547)
• bigtable: added row_affinity field to google_bigtable_app_profile resource (#20435)
• cloudbuild: added private_service_connect field to google_cloudbuild_worker_pool resource (#20561)
• clouddeploy: added associated_entities field to google_clouddeploy_target resource (#20561)
• clouddeploy: added serial_pipeline.strategy.canary.runtime_config.kubernetes.gateway_service_mesh.route_destinations field to google_clouddeploy_delivery_pipeline resource (#20561)
• composer: added multiple composer 3 related fields to google_composer_environment (GA) (#20478)
• compute: google_compute_instance, google_compute_instance_template, google_compute_region_instance_template now supports advanced_machine_features.enable_uefi_networking field (#20531)
• compute: added support for specifying storage pool with name or partial url (#20502)
• compute: added numeric_id to the google_compute_network data source (#20548)
• compute: added threshold_configs field to google_compute_security_policy resource (#20545)
• compute: added server generated id as forwarding_rule_id to google_compute_global_forwarding_rule (#20404)
• compute: added server generated id as health_check_id to google_region_health_check (#20404)
• compute: added server generated id as instance_group_manager_id to google_instance_group_manager (#20404)
• compute: added server generated id as instance_group_manager_id to google_region_instance_group_manager (#20404)
• compute: added server generated id as network_endpoint_id to google_region_network_endpoint (#20404)
• compute: added server generated id as subnetwork_id to google_subnetwork (#20404)
• compute: added the psc_data field to the google_compute_region_network_endpoint_group resource (#20454)
• container: added enterprise_config field to google_container_cluster resource (#20534)
• container: added node_pool_autoconfig.linux_node_config.cgroup_mode field to google_container_cluster resource (#20460)
• dataproc: added autotuning_config and cohort fields to google_dataproc_batch (#20410)
• dataproc: added cluster_config.preemptible_worker_config.instance_flexibility_policy.provisioning_model_mix field to google_dataproc_cluster resource (#20396)
• dataproc: added confidential_instance_config field to google_dataproc_cluster resource (#20488)
• discoveryengine: added HEALTHCARE_FHIR to industry_vertical field in google_discovery_engine_search_engine (#20471)
• gkehub: added configmanagement.config_sync.stop_syncing field to google_gke_hub_feature_membership resource (#20561)
• monitoring: added disable_metric_validation field to google_monitoring_alert_policy resource (#20544)
• oracledatabase: added deletion_protection field to google_oracle_database_autonomous_database (#20484)
• oracledatabase: added deletion_protection field to google_oracle_database_cloud_exadata_infrastructure (#20485)
• oracledatabase: added deletion_protection field to google_oracle_database_cloud_vm_cluster (#20392)
• parallelstore: added deployment_type to google_parallelstore_instance (#20457)
• resourcemanager: made google_service_account email and member fields available during plan (#20510)

BUG FIXES:

• apigee: made google_apigee_organization wait for deletion operation to complete. (#20504)
• cloudfunctions: fixed issue when updating vpc_connector_egress_settings field for google_cloudfunctions_function resource. (#20437)
• dataproc: ensured oneOf condition is honored when expanding the job configuration for Hive, Pig, Spark-sql, and Presto in google_dataproc_job. (#20453)
• gkehub: fixed allowable value INSTALLATION_UNSPECIFIED in template_library.installation (#20567)
• sql: fixed edition downgrade failure for an ENTERPRISE_PLUS instance with data cache enabled. (#20393)

v6.12.0

FEATURES:

• New Data Source: google_access_context_manager_access_policy (#20295)
• New Resource: google_dataproc_gdc_spark_application (#20242)
• New Resource: google_managed_kafka_cluster and google_managed_kafka_topic (#20237)

IMPROVEMENTS:

• artifactregistry: added common_repository field to google_artifact_registry_repository resource (#20305)
• cloudrunv2: added urls output field to google_cloud_run_v2_service resource (#20313)
• compute: added IDPF as a possible value for the network_interface.nic_type field in google_compute_instance resource (#20250)
• compute: added IDPF as a possible value for the guest_os_features.type field in google_compute_image resource (#20250)
• compute: added replica_names field to sql_database_instance resource (#20202)
• filestore: added performance_config field to google_filestore_instance (#20218)
• redis: added persistence_config to google_redis_cluster. (#20212)
• securesourcemanager: added workforce_identity_federation_config field to google_secure_source_manager_instance resource (#20290)
• spanner: added default_backup_schedule_type field to google_spanner_instance (#20213)
• sql: added psc_auto_connections fields to google_sql_database_instance resource (#20307)

BUG FIXES:

• accesscontextmanager: fixed permadiff in perimeter google_access_context_manager_service_perimeter_ingress_policy and google_access_context_manager_service_perimeter_egress_policy resources when there are duplicate resources in the rules (#20294)
• • accesscontextmanager: fixed comparison of identity_type in ingress_from and egress_from when the IDENTITY_TYPE_UNSPECIFIED is set (#20221)
• compute: fixed permadiff on attempted type field updates in google_computer_security_policy, updating this field will now force recreation of the resource (#20316)
• identityplatform: fixed perma-diff originating from the sign_in.anonymous.enabled field in google_identity_platform_config (#20244)

v6.11.2

BUG FIXES:

• vertexai: fixed issue with google_vertex_ai_endpoint where upgrading to 6.11.0 would delete all traffic splits that were set outside Terraform (which was previously a required step for all meaningful use of this resource). (#20350)

v6.11.1

BUG FIXES:

• container: fixed diff on google_container_cluster.user_managed_keys_config field for resources that had not set it. (#20314)
• container: marked google_container_cluster.user_managed_keys_config as immutable because it can't be updated in place. (#20314)

v6.11.0

NOTES:

• compute: migrated google_compute_firewall_policy_rule from DCL engine to MMv1 engine. (#20160)

BREAKING CHANGES:

• looker: made oauth_config a required field in google_looker_instance, as creating this resource without that field always triggers an API error (#20196)

FEATURES:

• New Data Source: google_spanner_database (#20114)
• New Resource: google_apigee_api (#20113)
• New Resource: google_dataproc_gdc_application_environment (#20165)
• New Resource: google_dataproc_gdc_service_instance (#20147)
• New Resource: google_memorystore_instance (#20108)

IMPROVEMENTS:

• apigee: added in-place update support for google_apigee_env_references (#20182)
• apigee: added in-place update support for google_apigee_environment resource (#20189)
• cloudrun: added empty_dir field to google_cloud_run_service (#20185)
• cloudrunv2: added empty_dir field to google_cloud_run_v2_service and google_cloud_run_v2_job (#20185)
• compute: added disks field to google_compute_node_template resource (#20180)
• compute: added preconfigured_waf_config field to google_compute_security_policy resource (#20183)
• compute: added replica_names field to sql_database_instance resource (#20202)
• compute: added instance_flexibility_policy field to google_compute_region_instance_group_manager resource (#20132)
• compute: increased google_compute_security_policy timeouts from 20 minutes to 30 minutes (#20145)
• container: added control_plane_endpoints_config field to google_container_cluster resource. (#20193)
• container: added parallelstore_csi_driver_config field to google_container_cluster resource. (#20163)
• container: added user_managed_keys_config field to google_container_cluster resource. (#20105)
• firestore: allowed single field indexes to support __name__ DESC indexes in google_firestore_index resources (#20124)
• privateca: added support for sub-CA to be activated into STAGED state (#20103)
• spanner: added default_backup_schedule_type field to google_spanner_instance (#20213)
• vertexai: added traffic_split, private_service_connect_config, predict_request_response_logging_config, dedicated_endpoint_enabled, and dedicated_endpoint_dns fields to google_vertex_ai_endpoint resource (#20179)
• workflows: added deletion_protection field to google_workflows_workflow resource (#20106)

BUG FIXES:

• compute: fixed a diff based on server-side reordering of match.src_address_groups and match.dest_address_groups in google_compute_network_firewall_policy_rule (#20148)
• compute: fixed permadiff on the preconfigured_waf_config field for google_compute_security_policy resource (#20183)
• container: fixed in-place updates for node_config.containerd_config in google_container_cluster and google_container_node_pool (#20112)

v5.45.0

NOTES:

• 5.45.0 is a backport release, responding to a new Spanner feature that may result in creation of unwanted backups for users. The changes in this release will be available in 6.11.0 and users upgrading to 6.X should upgrade to that version or higher.

IMPROVEMENTS:

• spanner: added default_backup_schedule_type field to google_spanner_instance (#20213)

v6.10.0

FEATURES:

• New Data Source: google_compute_instance_guest_attributes (#20095)
• New Data Source: google_service_accounts (#20062)
• New Resource: google_iap_settings (#20085)

IMPROVEMENTS:

• apphub: added GLOBAL enum value to scope.type field in google_apphub_application resource (#20015)
• assuredworkloads: added workload_options field to google_assured_workloads_workload resource (#19985)
• bigquery: added external_catalog_dataset_options fields to google_bigquery_dataset resource (beta) (#20097)
• bigquery: added descriptive validation errors for missing required fields in google_bigquery_job destination table configuration (#20077)
• compute: desired_status on google_compute_instance can now be set to TERMINATED or SUSPENDED on instance creation (#20031)
• compute: added header_action and redirect_options fields to google_compute_security_policy_rule resource (#20079)
• compute: added interface.ipv6-address field in google_compute_external_vpn_gateway resource (#20091)
• compute: added propagated_connection_limit and connected_endpoints.propagated_connection_count fields to google_compute_service_attachment resource (#20016)
• compute: added plan-time validation to name on google_compute_instance (#20036)
• compute: added support for advanced_machine_features.turbo_mode to google_compute_instance, google_compute_instance_template, and google_compute_region_instance_template (#20090)
• container: added in-place update support for labels, resource_manager_tags and workload_metadata_config in google_container_cluster.node_config (#20038)
• filestore: added protocol property to resource google_filestore_instance (#19982)
• memorystore: added mode flag to google_memorystore_instance (#19988)
• netapp: added zone and replica_zone fields to google_netapp_storage_pool resource (#19980)
• netapp: added zone and replica_zone fields to google_netapp_volume resource (#19980)
• networksecurity: added tls_inspection_policy field to google_network_security_gateway_security_policy (#19986)
• resourcemanager: added disabled to google_service_account datasource (#20034)
• spanner: added asymmetric_autoscaling_options field to google_spanner_instance (#20014)
• sql: removed the client-side default of ENTERPRISE for edition in google_sql_database_instance so that edition is determined by the API when unset. This will cause new instances to use ENTERPRISE_PLUS as the default for POSTGRES_16. (#19977)
• vmwareengine: added autoscaling_settings to google_vmwareengine_private_cloud resource (#20057)

BUG FIXES:

• accesscontextmanager: fixed permadiff for perimeter ingress / egress rule resources (#20046)
• compute: fixed an error in google_compute_security_policy_rule that prevented updating the default rule (#20066)
• container: fixed missing in-place updates for some google_container_cluster.node_config subfields (#20038)