Releases: hashicorp/terraform-provider-google
Releases · hashicorp/terraform-provider-google
v6.2.0
FEATURES:
- New Data Source:
google_certificate_manager_certificates
(#19361) - New Resource:
google_network_security_server_tls_policy
(#19314) - New Resource:
google_scc_v2_folder_scc_big_query_export
(#19327) - New Resource:
google_scc_v2_project_scc_big_query_export
(#19311)
IMPROVEMENTS:
- assuredworkload: added field
partner_service_billing_account
togoogle_assured_workloads_workload
(#19358) - bigtable: added support for
column_family.type
ingoogle_bigtable_table
(#19302) - cloudrun: promoted support for nfs and csi volumes (for Cloud Storage FUSE) for
google_cloud_run_service
to GA (#19359) - cloudrunv2: promoted support for nfs and gcs volumes for
google_cloud_run_v2_job
to GA (#19359) - compute: added
boot_disk.interface
field togoogle_compute_instance
resource (#19319) - container: added
node_pool_auto_config.node_kublet_config.insecure_kubelet_readonly_port_enabled
field togoogle_container_cluster
. (#19320) - container: added
insecure_kubelet_readonly_port_enabled
tonode_pool.node_config.kubelet_config
andnode_config.kubelet_config
ingoogle_container_node_pool
resource. (#19312) - container: added
insecure_kubelet_readonly_port_enabled
tonode_pool_defaults.node_config_defaults
,node_pool.node_config.kubelet_config
, andnode_config.kubelet_config
ingoogle_container_cluster
resource. (#19312) - container: added support for in-place updates for
google_compute_node_pool.node_config.gcfs_config
andgoogle_container_cluster.node_config.gcfs_cluster
andgoogle_container_cluster.node_pool.node_config.gcfs_cluster
(#19365) - container: promoted the
additive_vpc_scope_dns_domain
field on thegoogle_container_cluster
resource to GA (#19313) - iambeta: added
x509
field togoogle_iam_workload_identity_pool_provider
resource (#19375) - networkconnectivity: added
include_export_ranges
togoogle_network_connectivity_spoke
(#19346) - pubsub: added
cloud_storage_config.max_messages
andcloud_storage_config.avro_config.use_topic_schema
fields togoogle_pubsub_subscription
resource (#19338) - redis: added the
maintenance_policy
field to thegoogle_redis_cluster
resource (#19341) - resourcemanager: added
tags
field togoogle_project
to allow setting tags for projects at creation time (#19351) - securitycenter: added support for empty
streaming_config.filter
values ingoogle_scc_notification_config
resources (#19369)
BUG FIXES:
- compute: fixed
google_compute_interconnect
to support correctavailable_features
option ofIF_MACSEC
(#19330) - compute: fixed a bug where
advertised_route_priority
was accidentally set to 0 during updates ingoogle_compute_router_peer
(#19366) - compute: fixed a permadiff caused by setting
start_time
in an incorrect H:mm format ingoogle_compute_resource_policies
resources (#19297) - compute: fixed
network_interface.subnetwork_project
validation to match with the project innetwork_interface.subnetwork
field whennetwork_interface.subnetwork
has full self_link ingoogle_compute_instance
resource (#19348) - container: removed unnecessary force replacement in node pool
gcfs_config
(#19365 - kms: updated the
google_kms_autokey_config
resource'sfolder
field to accept values that are either full resource names (folders/{folder_id}
) or just the folder id ({folder_id}
only) (#19364)) - storage: added retry support for 429 errors in
google_storage_bucket
resource (#19353)
v6.1.0
FEATURES:
- New Data Source:
google_kms_crypto_key_latest_version
(#19249) - New Data Source:
google_kms_crypto_key_versions
(#19241)
IMPROVEMENTS:
- databasemigrationservice: added support in
google_database_migration_service_connection_profile
for creating DMS connection profiles that link to existing Cloud SQL instances/AlloyDB clusters. (#19291) - alloydb: added
subscription_type
andtrial_metadata
field togoogle_alloydb_cluster
resource (#19262) - bigquery: added
encryption_configuration
field togoogle_bigquery_data_transfer_config
resource (#19267) - bigqueryanalyticshub: added
selected_resources
, andrestrict_direct_table_access
togoogle_bigquery_analytics_hub_listing
resource (#19244) - bigqueryanalyticshub: added
sharing_environment_config
togoogle_bigquery_analytics_hub_data_exchange
resource (#19244) - cloudtasks: added
http_target
field togoogle_cloud_tasks_queue
resource (#19253) - compute: added
accelerators
field togoogle_compute_node_template
resource (#19292) - compute: allowed disabling
server_tls_policy
during update ingoogle_compute_target_https_proxy
resources (#19233) - container: added
secret_manager_config
field togoogle_container_cluster
resource (ga) (#19288) - datastream: added
transaction_logs
andchange_tables
to thedatastream_stream
resource (#19248) - discoveryengine: added
chunking_config
andlayout_parsing_config
fields togoogle_discovery_engine_data_store
resource (#19274) - dlp: added
inspect_template_modified_cadence
field tobig_query_target
andcloud_sql_target
ingoogle_data_loss_prevention_discovery_config
resource (#19282) - dlp: added
tag_resources
field togoogle_data_loss_prevention_discovery_config
resource (#19282) - networksecurity:
google_network_security_client_tls_policy
in v1 (#19293)
BUG FIXES:
- bigquery: fixed an error which could occur with email field values containing non-lower-case characters in
google_bigquery_dataset_access
resource (#19259) - bigqueryanalyticshub: made
bigquery_dataset
immutable ingoogle_bigquery_analytics_hub_listing
as it was not updatable in the API. Now modifying the field in Terraform will correctly recreate the resource rather than causing Terraform to report it would attempt an invalid update. (#19244) - container: fixed update inconsistency in
google_container_cluster
resource (#19247) - pubsub: fixed a validation bug that didn't allow empty filter definitions for
google_pubsub_subscription
resources (#19284) - resourcemanager: fixed a bug where data.google_client_config failed silently when inadequate credentials were used to configure the provider (#19286)
- sql: fixed importing
google_sql_user
wherehost
is an IPv4 CIDR (#19243) - sql: fixed overwriting of
name
field for IAM Group user ingoogle_sql_user
resource (#19234)
v5.43.1
v6.0.1
v6.0.0
Terraform Google Provider 6.0.0 Upgrade Guide
BREAKING CHANGES:
- provider: changed provider labels to add the
goog-terraform-provisioned: true
label by default. (#19190) - activedirectory: added
deletion_protection
field togoogle_active_directory_domain
resource. This field defaults totrue
, preventing accidental deletions. To delete the resource, you must first setdeletion_protection = false
before destroying the resource. (#18906) - alloydb: removed
network
ingoogle_alloy_db_cluster
. Usenetwork_config.network
instead. (#19181) - bigquery: added client-side validation to prevent table view creation if schema contains required fields for
google_bigquery_table
resource (#18767) - bigquery: removed
allow_resource_tags_on_deletion
fromgoogle_bigquery_table
. Resource tags are now always allowed on table deletion. (#19077) - bigqueryreservation: removed
multi_region_auxiliary
fromgoogle_bigquery_reservation
(#18922) - billing: revised the format of
id
forgoogle_billing_project_info
(#18823) - cloudrunv2: added
deletion_protection
field togoogle_cloudrunv2_service
. This field defaults totrue
, preventing accidental deletions. To delete the resource, you must first setdeletion_protection = false
before destroying the resource.(#19019) - cloudrunv2: changed
liveness_probe
to no longer infer a default value from api ongoogle_cloud_run_v2_service
. Removing this field and applying the change will now remove liveness probe from the Cloud Run service. (#18764) - cloudrunv2: retyped
containers.env
to SET from ARRAY forgoogle_cloud_run_v2_service
andgoogle_cloud_run_v2_job
. (#18855) - composer:
ip_allocation_policy = []
ingoogle_composer_environment
is no longer valid configuration. Removing the field from configuration should not produce a diff. (#19207) - compute: added new required field
enabled
ingoogle_compute_backend_service
andgoogle_compute_region_backend_service
(#18772) - compute: changed
certifcate_id
ingoogle_compute_managed_ssl_certificate
to correctly be output only. (#19069) - compute: revised and in some cases removed default values of
connection_draining_timeout_sec
,balancing_mode
andoutlier_detection
ingoogle_compute_region_backend_service
andgoogle_compute_backend_service
. (#18720) - compute: revised the format of
id
forcompute_network_endpoints
(#18844) - compute:
guest_accelerator = []
is no longer valid configuration ingoogle_compute_instance
. To explicitly set an empty list of objects, set guest_accelerator.count = 0. (#19207) - compute:
google_compute_instance_from_template
andgoogle_compute_instance_from_machine_image
network_interface.alias_ip_range, network_interface.access_config, attached_disk, guest_accelerator, service_account, scratch_disk
can no longer be set to an empty block[]
. Removing the fields from configuration should not produce a diff. (#19207) - compute:
secondary_ip_ranges = []
ingoogle_compute_subnetwork
is no longer valid configuration. To set an explicitly empty list, usesend_secondary_ip_range_if_empty
and completely removesecondary_ip_range
from config. (#19207) - container: made
advanced_datapath_observability_config.enable_relay
required ingoogle_container_cluster
(#19060) - container: removed deprecated field
advanced_datapath_observability_config.relay_mode
fromgoogle_container_cluster
resource. Users are expected to useenable_relay
field instead. (#19060) - container: three label-related fields are now in
google_container_cluster
resource.resource_labels
field is non-authoritative and only manages the labels defined by the users on the resource through Terraform. The new output-onlyterraform_labels
field merges the labels defined by the users on the resource through Terraform and the default labels configured on the provider. The new output-onlyeffective_labels
field lists all of labels present on the resource in GCP, including the labels configured through Terraform, the system, and other clients. (#19062) - container: made three fields
resource_labels
,terraform_labels
, andeffective_labels
be present ingoogle_container_cluster
datasources. All three fields will have all of labels present on the resource in GCP including the labels configured through Terraform, the system, and other clients, equivalent toeffective_labels
on the resource. (#19062) - container:
guest_accelerator = []
is no longer valid configuration ingoogle_container_cluster
andgoogle_container_node_pool
. To explicitly set an empty list of objects, set guest_accelerator.count = 0. (#19207) - container:
guest_accelerator.gpu_driver_installation_config = []
andguest_accelerator.gpu_sharing_config = []
are no longer valid configuration ingoogle_container_cluster
andgoogle_container_node_pool
. Removing the fields from configuration should not produce a diff. (#19207) - datastore: removed
google_datastore_index
in favor ofgoogle_firestore_index
(#19160) - edgenetwork: three label-related fields are now in
google_edgenetwork_network
andgoogle_edgenetwork_subnet
resources.labels
field is non-authoritative and only manages the labels defined by the users on the resource through Terraform. The new output-onlyterraform_labels
field merges the labels defined by the users on the resource through Terraform and the default labels configured on the provider. The new output-onlyeffective_labels
field lists all of labels present on the resource in GCP, including the labels configured through Terraform, the system, and other clients. (#19062) - identityplatform: removed resource
google_identity_platform_project_default_config
in favor ofgoogle_identity_platform_project_config
(#18992) - pubsub: allowed
schema_settings
ingoogle_pubsub_topic
to be removed (#18631) - integrations: removed
create_sample_workflows
andprovision_gmek
fromgoogle_integrations_client
(#19148) - redis: added a
deletion_protection_enabled
field to thegoogle_redis_cluster
resource. This field defaults totrue
, preventing accidental deletions. To delete the resource, you must first setdeletion_protection_enabled = false
before destroying the resource. (#19173) - resourcemanager: added
deletion_protection
field togoogle_folder
to make deleting them require an explicit intent. Folder resources now cannot be destroyed unlessdeletion_protection = false
is set for the resource. (#19021) - resourcemanager: made
deletion_policy
ingoogle_project
'PREVENT' by default. This makes deleting them require an explicit intent.google_project
resources cannot be destroyed unlessdeletion_policy
is set to 'ABANDON' or 'DELETE' for the resource. (#19114) - sql: removed
settings.ip_configuration.require_ssl
ingoogle_sql_database_instance
. Please usesettings.ip_configuration.ssl_mode
instead. (#18843) - storage: removed
no_age
field fromlifecycle_rule.condition
in thegoogle_storage_bucket
resource (#19048) - vpcaccess: removed default values for
min_throughput
andmin_instances
fields ongoogle_vpc_access_connector
and made them default to values returned from the API when not provided by users (#18697) - vpcaccess: added a conflicting fields restriction between
min_throughput
andmin_instances
fields ongoogle_vpc_access_connector
(#18697) - vpcaccess: added a co...
v5.43.0
DEPRECATIONS:
- storage: deprecated
lifecycle_rule.condition.no_age
field ingoogle_storage_bucket
. Use the newlifecycle_rule.condition.send_age_if_zero
field instead. (#19172)
FEATURES:
- New Resource:
google_kms_ekm_connection_iam_binding
(#19132) - New Resource:
google_kms_ekm_connection_iam_member
(#19132) - New Resource:
google_kms_ekm_connection_iam_policy
(#19132) - New Resource:
google_scc_v2_organization_scc_big_query_exports
(#19184)
IMPROVEMENTS:
- compute: added
label_fingerprint
field togoogle_compute_global_address
resource (#19204) - compute: exposed service side id as new output field
forwarding_rule_id
on resourcegoogle_compute_forwarding_rule
(#19139) - container: added EXTENDED as a valid option for
release_channel
field ingoogle_container_cluster
resource (#19141) - logging: changed
enable_analytics
parsing to "no preference" in analytics if omitted, instead of explicitly disabling analytics ingoogle_logging_project_bucket_config
(#19126) - pusbub: added validation to
filter
field in resourcegoogle_pubsub_subscription
(#19131) - resourcemanager: added
default_labels
field togoogle_client_config
data source (#19170) - vmwareengine: added PC undelete support in
google_vmwareengine_private_cloud
(#19192)
BUG FIXES:
- alloydb: fixed a permadiff on
psc_instance_config
ingoogle_alloydb_instance
resource (#19143) - compute: fixed a malformed URL that affected updating the
server_tls_policy
property ongoogle_compute_target_https_proxy
resources (#19164) - compute: fixed bug where the
labels
field could not be updated ongoogle_compute_global_address
(#19204) - compute: fixed force diff replacement logic for
network_ip
on resourcegoogle_compute_instance
(#19135)
v5.42.0
DEPRECATIONS:
- compute: setting
google_compute_subnetwork.secondary_ip_range = []
to explicitly set a list of empty objects is deprecated and will produce an error in the upcoming major release. Usesend_secondary_ip_range_if_empty
while removingsecondary_ip_range
from config instead. (#19122)
FEATURES:
- New Data Source:
google_artifact_registry_locations
(#19047) - New Data Source:
google_cloud_identity_transitive_group_memberships
(#19038) - New Resource:
google_discovery_engine_schema
(#19124) - New Resource:
google_scc_folder_notification_config
(#19057) - New Resource:
google_scc_v2_folder_notification_config
(#19055) - New Resource:
google_vertex_ai_index_endpoint_deployed_index
(#19061)
IMPROVEMENTS:
- clouddeploy: added
serial_pipeline.stages.strategy.canary.runtime_config.kubernetes.gateway_service_mesh.pod_selector_label
andserial_pipeline.stages.strategy.canary.runtime_config.kubernetes.service_networking.pod_selector_label
fields togoogle_clouddeploy_delivery_pipeline
resource (#19100) - compute: added
send_secondary_ip_range_if_empty
togoogle_compute_subnetwork
(#19122) - discoveryengine: added
skip_default_schema_creation
field togoogle_data_store
resource (#19017) - dns: changed
load_balancer_type
field from required to optional ingoogle_dns_record_set
(#19050) - firestore: added
cmek_config
field togoogle_firestore_database
resource (#19107) - servicenetworking: added
update_on_creation_fail
field togoogle_service_networking_connection
resource. When it is set to true, enforce an update of the reserved peering ranges on the existing service networking connection in case of a new connection creation failure. (#19035) - sql: added
server_ca_mode
field togoogle_sql_database_instance
resource (#18998)
BUG FIXES:
- bigquery: made
google_bigquery_dataset_iam_member
non-authoritative. To remove a bigquery dataset iam member, use an authoritative resource likegoogle_bigquery_dataset_iam_policy
(#19121) - cloudfunctions2: fixed a "Provider produced inconsistent final plan" bug affecting the
service_config.environment_variables
field ingoogle_cloudfunctions2_function
resource (#19024) - cloudfunctions2: fixed a permadiff on
storage_source.generation
ingoogle_cloudfunctions2_function
resource (#19031) - compute: fixed issue where sub-resources managed by
google_compute_forwarding_rule
prevented resource deletion (#19117) - logging: changed
google_logging_project_bucket_config.enable_analytics
behavior to set "no preference" in analytics if omitted, instead of explicitly disabling analytics. (#19126) - workbench: fixed a bug with
google_workbench_instance
metadata drifting when using custom containers. (#19119)
v5.41.0
DEPRECATIONS:
- resourcemanager: deprecated
skip_delete
field in thegoogle_project
resource. Usedeletion_policy
instead. (#18867)
FEATURES:
- New Data Source:
google_logging_log_view_iam_policy
(#18990) - New Data Source:
google_scc_v2_organization_source_iam_policy
(#19004) - New Resource:
google_access_context_manager_service_perimeter_dry_run_egress_policy
(#18994) - New Resource:
google_access_context_manager_service_perimeter_dry_run_ingress_policy
(#18994) - New Resource:
google_scc_v2_folder_mute_config
(#18924) - New Resource:
google_scc_v2_project_mute_config
(#18993) - New Resource:
google_scc_v2_project_notification_config
(#19008) - New Resource:
google_scc_v2_organization_source
(#19004) - New Resource:
google_scc_v2_organization_source_iam_binding
(#19004) - New Resource:
google_scc_v2_organization_source_iam_member
(#19004) - New Resource:
google_scc_v2_organization_source_iam_policy
(#19004) - New Resource:
google_logging_log_view_iam_binding
(#18990) - New Resource:
google_logging_log_view_iam_member
(#18990) - New Resource:
google_logging_log_view_iam_policy
(#18990)
IMPROVEMENTS:
- clouddeploy: added
gke.proxy_url
field togoogle_clouddeploy_target
(#19016) - cloudrunv2: added field
binary_authorization.policy
to resourcegoogle_cloud_run_v2_job
and resourcegoogle_cloud_run_v2_service
to support named binary authorization policy. (#18995) - compute: added
source_regions
field togoogle_compute_healthcheck
resource (#19006) - compute: added update-in-place support for the
google_compute_target_https_proxy.server_tls_policy
field (#18996) - compute: added update-in-place support for the
google_compute_region_target_https_proxy.server_tls_policy
field (#19007) - container: added
auto_provisioning_locations
field togoogle_container_cluster
(#18928) - dataform: added
kms_key_name
field togoogle_dataform_repository
resource (#18947) - discoveryengine: added
skip_default_schema_creation
field togoogle_discovery_engine_data_store
resource (#19017) - gkehub: added
configmanagement.management
andconfigmanagement.config_sync.enabled
fields togoogle_gkehub_feature_membership
(#19016) - gkehub: added
management
field togoogle_gke_hub_feature.fleet_default_member_config.configmanagement
(#18963) - resourcemanager: added
deletion_policy
field to thegoogle_project
resource. Settingdeletion_policy
toPREVENT
will protect the project against any destroy actions caused by a terraform apply or terraform destroy. Settingdeletion_policy
toABANDON
allows the resource to be abandoned rather than deleted and it behaves the same withskip_delete = true
. Default value isDELETE
.skip_delete = true
takes precedence overdeletion_policy = "DELETE"
. - storage: added
force_destroy
field togoogle_storage_managed_folder
resource (#18973) - storage: added
generation
field togoogle_storage_bucket_object
resource (#18971)
BUG FIXES:
- compute: fixed
google_compute_instance.alias_ip_range
update behavior to avoid temporarily deleting unchanged alias IP ranges (#19015) - compute: fixed the bug that creation of PSC forwarding rules fails in
google_compute_forwarding_rule
resource when provider default labels are set (#18984) - sql: fixed a perma-diff in
settings.insights_config
ingoogle_sql_database_instance
(#18962)
v5.40.0
NOTES:
- resourcemanager: This release included a deprecation of
skip_delete
ingoogle_project
without the future field (deletion_policy
) being available. This will be corrected in a future5.X
release prior to the release of6.0.0
where thedeletion_policy
field will be made available.
DEPRECATIONS:
- resourcemanager: deprecated
skip_delete
field in thegoogle_project
resource. Instead use the new fielddeletion_policy
in the next major release (#18867)
IMPROVEMENTS:
- bigquery: added support for value
DELTA_LAKE
tosource_format
ingoogle_bigquery_table
resource (#18915) - compute: added
access_mode
field togoogle_compute_disk
resource (#18857) - compute: added
stack_type
, andgateway_ip_version
fields togoogle_compute_router
resource (#18839) - container: added field
ray_operator_config
forresource_container_cluster
(#18825) - container: promoted
additional_node_network_configs
andadditional_pod_network_configs
fields to GA in thegoogle_container_node_pool
resource (#18842) - container: promoted
enable_multi_networking
to GA in thegoogle_container_cluster
resource (#18842) - monitoring: updated
goal
field to accept a max threshold of up to 0.9999 ingoogle_monitoring_slo
resource (#18845) - networkconnectivity: added
export_psc
field togoogle_network_connectivity_hub
resource (#18866) - sql: added
enable_dataplex_integration
field togoogle_sql_database_instance
resource (#18852)
BUG FIXES:
- bigquery: fixed a permadiff when handling "assets" in
params
in thegoogle_bigquery_data_transfer_config
resource (#18898) - bigquery: fixed an issue preventing certain keys in
params
from being assigned values ingoogle_bigquery_data_transfer_config
(#18888) - compute: fixed perma-diff of
advertised_ip_ranges
field ingoogle_compute_router
resource (#18869) - container: fixed perma-diff on
node_config.guest_accelerator.gpu_driver_installation_config
field in GKE 1.30+ ingoogle_container_node_pool
resource (#18835) - sql: fixed a perma-diff in
settings.insights_config
ingoogle_sql_database_instance
(#18962)