Skip to content

Releases: hashicorp/terraform-provider-google

v6.2.0

09 Sep 17:09
Compare
Choose a tag to compare

FEATURES:

  • New Data Source: google_certificate_manager_certificates (#19361)
  • New Resource: google_network_security_server_tls_policy (#19314)
  • New Resource: google_scc_v2_folder_scc_big_query_export (#19327)
  • New Resource: google_scc_v2_project_scc_big_query_export (#19311)

IMPROVEMENTS:

  • assuredworkload: added field partner_service_billing_account to google_assured_workloads_workload (#19358)
  • bigtable: added support for column_family.type in google_bigtable_table (#19302)
  • cloudrun: promoted support for nfs and csi volumes (for Cloud Storage FUSE) for google_cloud_run_service to GA (#19359)
  • cloudrunv2: promoted support for nfs and gcs volumes for google_cloud_run_v2_job to GA (#19359)
  • compute: added boot_disk.interface field to google_compute_instance resource (#19319)
  • container: added node_pool_auto_config.node_kublet_config.insecure_kubelet_readonly_port_enabled field to google_container_cluster. (#19320)
  • container: added insecure_kubelet_readonly_port_enabled to node_pool.node_config.kubelet_config and node_config.kubelet_config in google_container_node_pool resource. (#19312)
  • container: added insecure_kubelet_readonly_port_enabled to node_pool_defaults.node_config_defaults, node_pool.node_config.kubelet_config, and node_config.kubelet_config in google_container_cluster resource. (#19312)
  • container: added support for in-place updates for google_compute_node_pool.node_config.gcfs_config and google_container_cluster.node_config.gcfs_cluster and google_container_cluster.node_pool.node_config.gcfs_cluster (#19365)
  • container: promoted the additive_vpc_scope_dns_domain field on the google_container_cluster resource to GA (#19313)
  • iambeta: added x509 field to google_iam_workload_identity_pool_provider resource (#19375)
  • networkconnectivity: added include_export_ranges to google_network_connectivity_spoke (#19346)
  • pubsub: added cloud_storage_config.max_messages and cloud_storage_config.avro_config.use_topic_schema fields to google_pubsub_subscription resource (#19338)
  • redis: added the maintenance_policy field to the google_redis_cluster resource (#19341)
  • resourcemanager: added tags field to google_project to allow setting tags for projects at creation time (#19351)
  • securitycenter: added support for empty streaming_config.filter values in google_scc_notification_config resources (#19369)

BUG FIXES:

  • compute: fixed google_compute_interconnect to support correct available_features option of IF_MACSEC (#19330)
  • compute: fixed a bug where advertised_route_priority was accidentally set to 0 during updates in google_compute_router_peer (#19366)
  • compute: fixed a permadiff caused by setting start_time in an incorrect H:mm format in google_compute_resource_policies resources (#19297)
  • compute: fixed network_interface.subnetwork_project validation to match with the project in network_interface.subnetwork field when network_interface.subnetwork has full self_link in google_compute_instance resource (#19348)
  • container: removed unnecessary force replacement in node pool gcfs_config (#19365
  • kms: updated the google_kms_autokey_config resource's folder field to accept values that are either full resource names (folders/{folder_id}) or just the folder id ({folder_id} only) (#19364))
  • storage: added retry support for 429 errors in google_storage_bucket resource (#19353)

v6.1.0

04 Sep 16:57
Compare
Choose a tag to compare

FEATURES:

  • New Data Source: google_kms_crypto_key_latest_version (#19249)
  • New Data Source: google_kms_crypto_key_versions (#19241)

IMPROVEMENTS:

  • databasemigrationservice: added support in google_database_migration_service_connection_profile for creating DMS connection profiles that link to existing Cloud SQL instances/AlloyDB clusters. (#19291)
  • alloydb: added subscription_type and trial_metadata field to google_alloydb_cluster resource (#19262)
  • bigquery: added encryption_configuration field to google_bigquery_data_transfer_config resource (#19267)
  • bigqueryanalyticshub: added selected_resources, and restrict_direct_table_access to google_bigquery_analytics_hub_listing resource (#19244)
  • bigqueryanalyticshub: added sharing_environment_config to google_bigquery_analytics_hub_data_exchange resource (#19244)
  • cloudtasks: added http_target field to google_cloud_tasks_queue resource (#19253)
  • compute: added accelerators field to google_compute_node_template resource (#19292)
  • compute: allowed disabling server_tls_policy during update in google_compute_target_https_proxy resources (#19233)
  • container: added secret_manager_config field to google_container_cluster resource (ga) (#19288)
  • datastream: added transaction_logs and change_tables to the datastream_stream resource (#19248)
  • discoveryengine: added chunking_config and layout_parsing_config fields to google_discovery_engine_data_store resource (#19274)
  • dlp: added inspect_template_modified_cadence field to big_query_target and cloud_sql_target in google_data_loss_prevention_discovery_config resource (#19282)
  • dlp: added tag_resources field to google_data_loss_prevention_discovery_config resource (#19282)
  • networksecurity: google_network_security_client_tls_policy in v1 (#19293)

BUG FIXES:

  • bigquery: fixed an error which could occur with email field values containing non-lower-case characters in google_bigquery_dataset_access resource (#19259)
  • bigqueryanalyticshub: made bigquery_dataset immutable in google_bigquery_analytics_hub_listing as it was not updatable in the API. Now modifying the field in Terraform will correctly recreate the resource rather than causing Terraform to report it would attempt an invalid update. (#19244)
  • container: fixed update inconsistency in google_container_cluster resource (#19247)
  • pubsub: fixed a validation bug that didn't allow empty filter definitions for google_pubsub_subscription resources (#19284)
  • resourcemanager: fixed a bug where data.google_client_config failed silently when inadequate credentials were used to configure the provider (#19286)
  • sql: fixed importing google_sql_user where host is an IPv4 CIDR (#19243)
  • sql: fixed overwriting of name field for IAM Group user in google_sql_user resource (#19234)

v5.43.1

30 Aug 18:08
Compare
Choose a tag to compare

NOTES:

  • 5.43.1 is a backport release, and some changes will not appear in 6.X series releases until 6.1.0

BUG FIXES:

  • pubsub: fixed a validation bug that didn't allow empty filter definitions for google_pubsub_subscription resources (#19284)

v6.0.1

26 Aug 22:27
4077e69
Compare
Choose a tag to compare

BREAKING CHANGES:

  • sql: removed settings.ip_configuration.require_ssl from google_sql_database_instance in favor of settings.ip_configuration.ssl_mode. This field was intended to be removed in 6.0.0. (#19263)

v6.0.0

26 Aug 18:11
1f38e4d
Compare
Choose a tag to compare

Terraform Google Provider 6.0.0 Upgrade Guide

BREAKING CHANGES:

  • provider: changed provider labels to add the goog-terraform-provisioned: true label by default. (#19190)
  • activedirectory: added deletion_protection field to google_active_directory_domain resource. This field defaults to true, preventing accidental deletions. To delete the resource, you must first set deletion_protection = false before destroying the resource. (#18906)
  • alloydb: removed network in google_alloy_db_cluster. Use network_config.network instead. (#19181)
  • bigquery: added client-side validation to prevent table view creation if schema contains required fields for google_bigquery_table resource (#18767)
  • bigquery: removed allow_resource_tags_on_deletion from google_bigquery_table. Resource tags are now always allowed on table deletion. (#19077)
  • bigqueryreservation: removed multi_region_auxiliary from google_bigquery_reservation (#18922)
  • billing: revised the format of id for google_billing_project_info (#18823)
  • cloudrunv2: added deletion_protection field to google_cloudrunv2_service. This field defaults to true, preventing accidental deletions. To delete the resource, you must first set deletion_protection = false before destroying the resource.(#19019)
  • cloudrunv2: changed liveness_probe to no longer infer a default value from api on google_cloud_run_v2_service. Removing this field and applying the change will now remove liveness probe from the Cloud Run service. (#18764)
  • cloudrunv2: retyped containers.env to SET from ARRAY for google_cloud_run_v2_service and google_cloud_run_v2_job. (#18855)
  • composer: ip_allocation_policy = [] in google_composer_environment is no longer valid configuration. Removing the field from configuration should not produce a diff. (#19207)
  • compute: added new required field enabled in google_compute_backend_service and google_compute_region_backend_service (#18772)
  • compute: changed certifcate_id in google_compute_managed_ssl_certificate to correctly be output only. (#19069)
  • compute: revised and in some cases removed default values of connection_draining_timeout_sec, balancing_mode and outlier_detection in google_compute_region_backend_service and google_compute_backend_service. (#18720)
  • compute: revised the format of id for compute_network_endpoints (#18844)
  • compute: guest_accelerator = [] is no longer valid configuration in google_compute_instance. To explicitly set an empty list of objects, set guest_accelerator.count = 0. (#19207)
  • compute: google_compute_instance_from_template and google_compute_instance_from_machine_image network_interface.alias_ip_range, network_interface.access_config, attached_disk, guest_accelerator, service_account, scratch_disk can no longer be set to an empty block []. Removing the fields from configuration should not produce a diff. (#19207)
  • compute: secondary_ip_ranges = [] in google_compute_subnetwork is no longer valid configuration. To set an explicitly empty list, use send_secondary_ip_range_if_empty and completely remove secondary_ip_range from config. (#19207)
  • container: made advanced_datapath_observability_config.enable_relay required in google_container_cluster (#19060)
  • container: removed deprecated field advanced_datapath_observability_config.relay_mode from google_container_cluster resource. Users are expected to use enable_relay field instead. (#19060)
  • container: three label-related fields are now in google_container_cluster resource. resource_labels field is non-authoritative and only manages the labels defined by the users on the resource through Terraform. The new output-only terraform_labels field merges the labels defined by the users on the resource through Terraform and the default labels configured on the provider. The new output-only effective_labels field lists all of labels present on the resource in GCP, including the labels configured through Terraform, the system, and other clients. (#19062)
  • container: made three fields resource_labels, terraform_labels, and effective_labels be present in google_container_cluster datasources. All three fields will have all of labels present on the resource in GCP including the labels configured through Terraform, the system, and other clients, equivalent to effective_labels on the resource. (#19062)
  • container: guest_accelerator = [] is no longer valid configuration in google_container_cluster and google_container_node_pool. To explicitly set an empty list of objects, set guest_accelerator.count = 0. (#19207)
  • container: guest_accelerator.gpu_driver_installation_config = [] and guest_accelerator.gpu_sharing_config = [] are no longer valid configuration in google_container_cluster and google_container_node_pool. Removing the fields from configuration should not produce a diff. (#19207)
  • datastore: removed google_datastore_index in favor of google_firestore_index (#19160)
  • edgenetwork: three label-related fields are now in google_edgenetwork_network and google_edgenetwork_subnet resources. labels field is non-authoritative and only manages the labels defined by the users on the resource through Terraform. The new output-only terraform_labels field merges the labels defined by the users on the resource through Terraform and the default labels configured on the provider. The new output-only effective_labels field lists all of labels present on the resource in GCP, including the labels configured through Terraform, the system, and other clients. (#19062)
  • identityplatform: removed resource google_identity_platform_project_default_config in favor of google_identity_platform_project_config (#18992)
  • pubsub: allowed schema_settings in google_pubsub_topic to be removed (#18631)
  • integrations: removed create_sample_workflows and provision_gmek from google_integrations_client (#19148)
  • redis: added a deletion_protection_enabled field to the google_redis_cluster resource. This field defaults to true, preventing accidental deletions. To delete the resource, you must first set deletion_protection_enabled = false before destroying the resource. (#19173)
  • resourcemanager: added deletion_protection field to google_folder to make deleting them require an explicit intent. Folder resources now cannot be destroyed unless deletion_protection = false is set for the resource. (#19021)
  • resourcemanager: made deletion_policy in google_project 'PREVENT' by default. This makes deleting them require an explicit intent. google_project resources cannot be destroyed unless deletion_policy is set to 'ABANDON' or 'DELETE' for the resource. (#19114)
  • sql: removed settings.ip_configuration.require_ssl in google_sql_database_instance. Please use settings.ip_configuration.ssl_mode instead. (#18843)
  • storage: removed no_age field from lifecycle_rule.condition in the google_storage_bucket resource (#19048)
  • vpcaccess: removed default values for min_throughput and min_instances fields on google_vpc_access_connector and made them default to values returned from the API when not provided by users (#18697)
  • vpcaccess: added a conflicting fields restriction between min_throughput and min_instances fields on google_vpc_access_connector (#18697)
  • vpcaccess: added a co...
Read more

v5.43.0

26 Aug 17:44
5f4e065
Compare
Choose a tag to compare

DEPRECATIONS:

  • storage: deprecated lifecycle_rule.condition.no_age field in google_storage_bucket. Use the new lifecycle_rule.condition.send_age_if_zero field instead. (#19172)

FEATURES:

  • New Resource: google_kms_ekm_connection_iam_binding (#19132)
  • New Resource: google_kms_ekm_connection_iam_member (#19132)
  • New Resource: google_kms_ekm_connection_iam_policy (#19132)
  • New Resource: google_scc_v2_organization_scc_big_query_exports (#19184)

IMPROVEMENTS:

  • compute: added label_fingerprint field to google_compute_global_address resource (#19204)
  • compute: exposed service side id as new output field forwarding_rule_id on resource google_compute_forwarding_rule (#19139)
  • container: added EXTENDED as a valid option for release_channel field in google_container_cluster resource (#19141)
  • logging: changed enable_analytics parsing to "no preference" in analytics if omitted, instead of explicitly disabling analytics in google_logging_project_bucket_config (#19126)
  • pusbub: added validation to filter field in resource google_pubsub_subscription (#19131)
  • resourcemanager: added default_labels field to google_client_config data source (#19170)
  • vmwareengine: added PC undelete support in google_vmwareengine_private_cloud (#19192)

BUG FIXES:

  • alloydb: fixed a permadiff on psc_instance_config in google_alloydb_instance resource (#19143)
  • compute: fixed a malformed URL that affected updating the server_tls_policy property on google_compute_target_https_proxy resources (#19164)
  • compute: fixed bug where the labels field could not be updated on google_compute_global_address (#19204)
  • compute: fixed force diff replacement logic for network_ip on resource google_compute_instance (#19135)

v5.42.0

19 Aug 16:56
Compare
Choose a tag to compare

DEPRECATIONS:

  • compute: setting google_compute_subnetwork.secondary_ip_range = [] to explicitly set a list of empty objects is deprecated and will produce an error in the upcoming major release. Use send_secondary_ip_range_if_empty while removing secondary_ip_range from config instead. (#19122)

FEATURES:

  • New Data Source: google_artifact_registry_locations (#19047)
  • New Data Source: google_cloud_identity_transitive_group_memberships (#19038)
  • New Resource: google_discovery_engine_schema (#19124)
  • New Resource: google_scc_folder_notification_config (#19057)
  • New Resource: google_scc_v2_folder_notification_config (#19055)
  • New Resource: google_vertex_ai_index_endpoint_deployed_index (#19061)

IMPROVEMENTS:

  • clouddeploy: added serial_pipeline.stages.strategy.canary.runtime_config.kubernetes.gateway_service_mesh.pod_selector_label and serial_pipeline.stages.strategy.canary.runtime_config.kubernetes.service_networking.pod_selector_label fields to google_clouddeploy_delivery_pipeline resource (#19100)
  • compute: added send_secondary_ip_range_if_empty to google_compute_subnetwork (#19122)
  • discoveryengine: added skip_default_schema_creation field to google_data_store resource (#19017)
  • dns: changed load_balancer_type field from required to optional in google_dns_record_set (#19050)
  • firestore: added cmek_config field to google_firestore_database resource (#19107)
  • servicenetworking: added update_on_creation_fail field to google_service_networking_connection resource. When it is set to true, enforce an update of the reserved peering ranges on the existing service networking connection in case of a new connection creation failure. (#19035)
  • sql: added server_ca_mode field to google_sql_database_instance resource (#18998)

BUG FIXES:

  • bigquery: made google_bigquery_dataset_iam_member non-authoritative. To remove a bigquery dataset iam member, use an authoritative resource like google_bigquery_dataset_iam_policy (#19121)
  • cloudfunctions2: fixed a "Provider produced inconsistent final plan" bug affecting the service_config.environment_variables field in google_cloudfunctions2_function resource (#19024)
  • cloudfunctions2: fixed a permadiff on storage_source.generation in google_cloudfunctions2_function resource (#19031)
  • compute: fixed issue where sub-resources managed by google_compute_forwarding_rule prevented resource deletion (#19117)
  • logging: changed google_logging_project_bucket_config.enable_analytics behavior to set "no preference" in analytics if omitted, instead of explicitly disabling analytics. (#19126)
  • workbench: fixed a bug with google_workbench_instance metadata drifting when using custom containers. (#19119)

v5.41.0

13 Aug 18:12
6523d84
Compare
Choose a tag to compare

DEPRECATIONS:

  • resourcemanager: deprecated skip_delete field in the google_project resource. Use deletion_policy instead. (#18867)

FEATURES:

  • New Data Source: google_logging_log_view_iam_policy (#18990)
  • New Data Source: google_scc_v2_organization_source_iam_policy (#19004)
  • New Resource: google_access_context_manager_service_perimeter_dry_run_egress_policy (#18994)
  • New Resource: google_access_context_manager_service_perimeter_dry_run_ingress_policy (#18994)
  • New Resource: google_scc_v2_folder_mute_config (#18924)
  • New Resource: google_scc_v2_project_mute_config (#18993)
  • New Resource: google_scc_v2_project_notification_config (#19008)
  • New Resource: google_scc_v2_organization_source (#19004)
  • New Resource: google_scc_v2_organization_source_iam_binding (#19004)
  • New Resource: google_scc_v2_organization_source_iam_member (#19004)
  • New Resource: google_scc_v2_organization_source_iam_policy (#19004)
  • New Resource: google_logging_log_view_iam_binding (#18990)
  • New Resource: google_logging_log_view_iam_member (#18990)
  • New Resource: google_logging_log_view_iam_policy (#18990)

IMPROVEMENTS:

  • clouddeploy: added gke.proxy_url field to google_clouddeploy_target (#19016)
  • cloudrunv2: added field binary_authorization.policy to resource google_cloud_run_v2_job and resource google_cloud_run_v2_service to support named binary authorization policy. (#18995)
  • compute: added source_regions field to google_compute_healthcheck resource (#19006)
  • compute: added update-in-place support for the google_compute_target_https_proxy.server_tls_policy field (#18996)
  • compute: added update-in-place support for the google_compute_region_target_https_proxy.server_tls_policy field (#19007)
  • container: added auto_provisioning_locations field to google_container_cluster (#18928)
  • dataform: added kms_key_name field to google_dataform_repository resource (#18947)
  • discoveryengine: added skip_default_schema_creation field to google_discovery_engine_data_store resource (#19017)
  • gkehub: added configmanagement.management and configmanagement.config_sync.enabled fields to google_gkehub_feature_membership (#19016)
  • gkehub: added management field to google_gke_hub_feature.fleet_default_member_config.configmanagement (#18963)
  • resourcemanager: added deletion_policy field to the google_project resource. Setting deletion_policy to PREVENT will protect the project against any destroy actions caused by a terraform apply or terraform destroy. Setting deletion_policy to ABANDON allows the resource to be abandoned rather than deleted and it behaves the same with skip_delete = true. Default value is DELETE. skip_delete = true takes precedence over deletion_policy = "DELETE".
  • storage: added force_destroy field to google_storage_managed_folder resource (#18973)
  • storage: added generation field to google_storage_bucket_object resource (#18971)

BUG FIXES:

  • compute: fixed google_compute_instance.alias_ip_range update behavior to avoid temporarily deleting unchanged alias IP ranges (#19015)
  • compute: fixed the bug that creation of PSC forwarding rules fails in google_compute_forwarding_rule resource when provider default labels are set (#18984)
  • sql: fixed a perma-diff in settings.insights_config in google_sql_database_instance (#18962)

v5.40.0

05 Aug 16:39
7ed1a15
Compare
Choose a tag to compare

NOTES:

  • resourcemanager: This release included a deprecation of skip_delete in google_project without the future field (deletion_policy) being available. This will be corrected in a future 5.X release prior to the release of 6.0.0 where the deletion_policy field will be made available.

DEPRECATIONS:

  • resourcemanager: deprecated skip_delete field in the google_project resource. Instead use the new field deletion_policy in the next major release (#18867)

IMPROVEMENTS:

  • bigquery: added support for value DELTA_LAKE to source_format in google_bigquery_table resource (#18915)
  • compute: added access_mode field to google_compute_disk resource (#18857)
  • compute: added stack_type, and gateway_ip_version fields to google_compute_router resource (#18839)
  • container: added field ray_operator_config for resource_container_cluster (#18825)
  • container: promoted additional_node_network_configs and additional_pod_network_configs fields to GA in the google_container_node_pool resource (#18842)
  • container: promoted enable_multi_networking to GA in the google_container_cluster resource (#18842)
  • monitoring: updated goal field to accept a max threshold of up to 0.9999 in google_monitoring_slo resource (#18845)
  • networkconnectivity: added export_psc field to google_network_connectivity_hub resource (#18866)
  • sql: added enable_dataplex_integration field to google_sql_database_instance resource (#18852)

BUG FIXES:

  • bigquery: fixed a permadiff when handling "assets" in params in the google_bigquery_data_transfer_config resource (#18898)
  • bigquery: fixed an issue preventing certain keys in params from being assigned values in google_bigquery_data_transfer_config (#18888)
  • compute: fixed perma-diff of advertised_ip_ranges field in google_compute_router resource (#18869)
  • container: fixed perma-diff on node_config.guest_accelerator.gpu_driver_installation_config field in GKE 1.30+ in google_container_node_pool resource (#18835)
  • sql: fixed a perma-diff in settings.insights_config in google_sql_database_instance (#18962)

v5.39.1

30 Jul 18:21
e692deb
Compare
Choose a tag to compare

BUG FIXES:

  • datastream: fixed a breaking change in 5.39.0 google_datastream_stream that made one of destination_config.bigquery_destination_config.merge or destination_config.bigquery_destination_config.append_only required (#18903)