v6.17.0

FEATURES:

• New Data Source: google_parameter_manager_regional_parameter (beta) (#9030)
• New Resource: google_apigee_environment_addons_config (#9021)
• New Resource: google_beyondcorp_security_gateway (#9017)
• New Resource: google_chronicle_reference_list (beta) (#9047)
• New Resource: google_chronicle_rule_deployment (#9043)
• New Resource: google_chronicle_rule (#9032)
• New Resource: google_colab_runtime_template (#9050)
• New Resource: google_edgenetwork_interconnect_attachment (#9024)
• New Resource: google_parameter_manager_parameter (#9041)
• New Resource: google_parameter_manager_regional_parameter_version (#9062)
• New Resource: google_parameter_manager_regional_parameter (#9026)

IMPROVEMENTS:

• accesscontextmanager: added etag to google_access_context_manager_service_perimeter_resource to prevent overriding list of resources (#9058)
• compute: added BPS_100G enum value to bandwidth field of google_compute_interconnect_attachment. (#9040)
• compute: added support for IPV6_ONLY stack_type to google_compute_subnetwork, google_compute_instance, google_compute_instance_template and google_compute_region_instance_template. (#9020)
• compute: promoted bgp_best_path_selection_mode ,bgp_bps_always_compare_med and bgp_bps_inter_region_cost fields in google_compute_network from Beta to Ga (#9029)
• compute: promoted next_hop_origin ,next_hop_med and next_hop_inter_region_cost output fields in google_compute_route form Beta to GA (#9029)
• discoveryengine: added advanced_site_search_config field to google_discovery_engine_data_store resource (#9060)
• gemini: added force_destroy field to resource google_code_repository_index, enabling deletion of the resource even when it has dependent RepositoryGroups (#9036)
• networkservices: added in-place update support for ports field on google_network_services_gateway resource (#9056)
• sql: sql_source_representation_instance now uses string representation of databaseVersion (#9027)
• sql: added replication_cluster field to google_sql_database_instance resource (#9044)
• sql: added support of switchover for MySQL and PostgreSQL in google_sql_database_instance resource (#9044)
• workbench: changed container_image field of google_workbench_instance resource to modifiable. (#9046)

BUG FIXES:

• apigee: fixed error 404 for organization update requests. (#9022)
• artifactregistry: fixed artifact_registry_repository not accepting durations with 'm', 'h' or 'd' (#9054)
• networkservices: fixed bug where google_network_services_gateway could not be updated in place (#9056)
• storagetransfer: fixed a permadiff with transfer_spec.aws_s3_data_source.aws_access_key in google_storage_transfer_job (#9019)

v6.16.0

FEATURES:

• New Data Source: google_kms_autokey_config (#8986)
• New Resource: google_beyondcorp_security_gateway (#9017)
• New Resource: google_chronicle_data_access_label (#8999)
• New Resource: google_chronicle_data_access_scope (#9000)
• New Resource: google_cloud_quotas_quota_adjuster_settings (#9005)

IMPROVEMENTS:

• chronicle: updated watchlist_id field to be optional in google_chronicle_watchlist resource (#8988)
• developerconnect: added crypto_key_config, github_enterprise_config, gitlab_config , and gitlab_enterprise_config fields to google_developer_connect_connection resource (#8998)
• dns: added health_check and external_endpoints fields to google_dns_record_set resource (#9016)
• sql: added server_ca_pool field to google_sql_database_instance resource (#9008)
• vmwareengine: allowed import of non-STANDARD private clouds in google_vmwareengine_private_cloud (#9006)

BUG FIXES:

• dataproc: fixed boolean fields in shielded_instance_config in the google_dataproc_cluster resource (#9003)
• gkeonprem: fixed permadiff on vcenter field in google_gkeonprem_vmware_cluster resource (#9011)
• kms: fixed permadiff on google_kms_autokey_config by introducing a 5 second sleep post-create / post-update (#8992)
• networkservices: fixed google_network_services_gateway resource so that it correctly waits for the router to be deleted on terraform destroy (#8993)
• provider: fixed issue where GOOGLE_CLOUD_QUOTA_PROJECT env var would override explicit billing_project (#9012)

v6.15.0

NOTES:

• compute: google_compute_firewall_policy_association now uses MMv1 engine instead of DCL. (#8948)

DEPRECATIONS:

• compute: deprecated numeric_id (string) field in google_compute_network resource. Use the new network_id (integer) field instead (#8915)

FEATURES:

• New Data Source: google_gke_hub_feature (#8930)
• New Data Source: google_kms_autokey_config (#8986)
• New Data Source: google_kms_key_handle (#8933)
• New Resource: google_gkeonprem_vmware_admin_cluster (#8932)
• New Resource: google_chronicle_watchlist (#8983)
• New Resource: google_network_security_intercept_endpoint_group_association (#8958)
• New Resource: google_network_security_intercept_endpoint_group (#8912)
• New Resource: google_storage_folder (#8961)

IMPROVEMENTS:

• artifactregistry: added vulnerability_scanning_config field to google_artifact_registry_repository resource (#8934)
• bigquery: added condition field to google_bigquery_dataset_access resource (#8921)
• bigquery: added condition field to google_bigquery_dataset resource (#8921)
• bigquery: added external_catalog_table_options field to google_bigquery_table resource (#8942)
• composer: added airflow_metadata_retention_config field to google_composer_environment (#8963)
• compute: added back the validation for target_service field on the google_compute_service_attachment resource to validade a ForwardingRule or Gateway URL (#8924)
• compute: added availability_domain field to google_compute_instance, google_compute_instance_template and google_compute_region_instance_template resources (#8914)
• compute: added network_id (integer) field to google_compute_network resource and data source (#8915)
• compute: added preset_topology field to google_network_connectivity_hub resource (#8929)
• compute: added subnetwork_id field to google_compute_subnetwork data source (#8893)
• compute: made setting resource policies for google_compute_instance outside of terraform or using google_compute_disk_resource_policy_attachment no longer affect the boot_disk.initialize_params.resource_policies field (#8959)
• container: changed google_container_cluster to apply maintenance policy updates after upgrades during cluster update (#8922)
• container: made nodepool concurrent operations scale better for google_container_cluster and google_container_node_pool resources (#8943)
• datastream: added gtid and binary_log_position fields to google_datastream_stream resource (#8967)
• developerconnect: added support for setting up a google_developer_connect_connection resource without specifying the authorizer_credentials field (#8953)
• filestore: added tags field to google_filestore_backup to allow setting tags for backups at creation time (#8928)
• networkconnectivity: added group field to google_network_connectivity_spoke resource (#8909)
• parallelstore: added deployment_type field to google_parallelstore_instance resource (#8939)
• storagetransfer: added replication_spec field to google_storage_transfer_job resource (#8976)
• workbench: made gcs-data-bucket metadata key modifiable in google_workbench_instance resource (#8936)
• workstations: added source_workstation field to google_workstations_workstation resource (#8938)

BUG FIXES:

• accesscontextmanager: fixed permadiff due to reordering on google_access_context_manager_service_perimeter_dry_run_egress_policy egress_from.identities (#8980)
• accesscontextmanager: fixed permadiff due to reordering on google_access_context_manager_service_perimeter_dry_run_ingress_policy ingress_from.identities (#8980)
• accesscontextmanager: fixed permadiff due to reordering on google_access_context_manager_service_perimeter_egress_policy egress_from.identities (#8980)
• accesscontextmanager: fixed permadiff due to reordering on google_access_context_manager_service_perimeter_ingress_policy ingress_from.identities (#8980)
• apigee: fixed 404 error when updating google_apigee_environment (#8949)
• bigquery: fixed DROP COLUMN error with bigquery flexible column names in google_bigquery_table (#8982)
• compute: allowed Service Attachment with Project Number to be used as google_compute_forwarding_rule.target (#8978)
• compute: fixed an issue where terraform plan -refresh=false with google_compute_ha_vpn_gateway.gateway_ip_version would plan a resource replacement if a full refresh had not been run yet. Terraform now assumes that the value is the default value, IPV4, until a refresh is completed. (#8904)
• compute: fixed panic when zonal resize request fails on google_compute_resize_request (#8941)
• compute: fixed perma-destroy for psc_data in google_compute_region_network_endpoint_group resource (#8972)
• compute: fixed google_compute_instance_guest_attributes to return an empty list when queried values don't exist instead of throwing an error (#8957)
• integrationconnectors: allowed AUTH_TYPE_UNSPECIFIED option in google_integration_connectors_connection resource to support non-standard auth types (#8971)
• logging: fixed bug in google_logging_project_bucket_config when providing project in the format of <project-id-only> (#8923)
• networkconnectivity: made include_export_ranges and exclude_export_ranges fields mutable in google_network_connectivity_spoke to avoid recreation of resources (#8946)
• sql: fixed permadiff when settings.data_cache_config is set to false for google_sql_database_instance resource (#8889)
• storage: made resource_google_storage_bucket_object generate diff for md5hash, generation, crc32c if content changes (#8908)
• vertexai: made contents_delta_uri an optional field in google_vertex_ai_index (#8969)
• workbench: fixed an issue where a server-added metadata tag of "resource-url" would not be ignored on google_workbench_instance (#8927)

v6.14.1

BUG FIXES:

• compute: fixed an issue where google_compute_firewall_policy_rule was incorrectly removed from the Terraform state (#8940)

v6.14.0

FEATURES:

• New Resource: google_network_security_intercept_deployment_group (#8859)
• New Resource: google_network_security_intercept_deployment (#8876)
• New Resource: google_network_security_authz_policy (#8847)
• New Resource: google_network_services_authz_extension (#8847)

IMPROVEMENTS:

• compute: google_compute_instance is no longer recreated when changing boot_disk.auto_delete (#8837)
• compute: added CA_ENTERPRISE_ANNUAL option for field cloud_armor_tier in google_compute_project_cloud_armor_tier resource (#8848)
• compute: added network_tier field to google_compute_global_forwarding_rule resource (#8838)
• compute: made metadata_startup_script able to be updated via graceful switch in google_compute_instance (#8888)
• firebasehosting: added headers field in google_firebase_hosting_version resource (beta) (#8887)
• identityplatform: marked quota.0.sign_up_quota_config subfields conditionally required in google_identity_platform_config to move errors from apply time up to plan time, and clarified the rule in documentation (#8869)
• networkconnectivity: added support for updating linked_vpn_tunnels.include_import_ranges, linked_interconnect_attachments.include_import_ranges, linked_router_appliance_instances. instances and linked_router_appliance_instances.include_import_ranges in google_network_connectivity_spoke (#8883)
• orgpolicy: added parameters fields to google_org_policy_policy resource (beta) (#8881)
• storage: added hdfs_data_source field to google_storage_transfer_job resource (#8839)
• tpuv2: added network_configs and network_config.queue_count fields to google_tpu_v2_vm resource (#8865)

BUG FIXES:

• accesscontextmanager: fixed an update bug in google_access_context_manager_perimeter by removing the broken output-only etag field in google_access_context_manager_perimeter and google_access_context_manager_perimeters (#8891)
• compute: fixed permadiff on the recaptcha_options field for google_compute_security_policy resource (#8861)
• compute: fixed issue where updating labels on resource_google_compute_resource_policy would fail because of a patch error with guest_flush (#8874)
• networkconnectivity: fixed linked_router_appliance_instances.instances.virtual_machine and linked_router_appliance_instances.instances.ip_address attributes in google_network_connectivity_spoke to be correctly marked as required. Otherwise the request to create the resource will fail. (#8883)
• privateca: fixed an issue which causes error when updating labels for activated sub-CA (#8872)
• sql: fixed permadiff when 'settings.data_cache_config' is set to false for 'google_sql_database_instance' resource (#8889)

v6.13.0

NOTES:

• New ephemeral resources google_service_account_access_token, google_service_account_id_token, google_service_account_jwt, google_service_account_key now support ephemeral values.
  DEPRECATIONS:
• gkehub: deprecated configmanagement.config_sync.metrics_gcp_service_account_email in google_gke_hub_feature_membership resource (#8827)

FEATURES:

• New Ephemeral Resource: google_service_account_access_token (#20542)
• New Ephemeral Resource: google_service_account_id_token (#20542)
• New Ephemeral Resource: google_service_account_jwt (#20542)
• New Ephemeral Resource: google_service_account_key (#20542)
• New Data Source: google_backup_dr_backup_vault (#8775)
• New Data Source: google_backup_dr_backup (#8762)
• New Resource: google_gemini_code_repository_index (#8781)
• New Resource: google_gemini_repository_group_iam_binding (#8824)
• New Resource: google_gemini_repository_group_iam_member (#8824)
• New Resource: google_gemini_repository_group_iam_policy (#8824)
• New Resource: google_gemini_repository_group (#8824)
• New Resource: google_iam_projects_policy_binding (#8756)
• New Resource: google_network_security_mirroring_deployment (#8791)
• New Resource: google_network_security_mirroring_deployment_group (#8791)
• New Resource: google_network_security_mirroring_endpoint_group_association (#8791)
• New Resource: google_network_security_mirroring_endpoint_group (#8791)
• New Resource: google_tpu_v2_queued_resource (#8760)

IMPROVEMENTS:

• accesscontextmanager: added etag to google_access_context_manager_service_perimeter and google_access_context_manager_service_perimeters (#8767)

• alloydb: increased default timeout on google_alloydb_cluster to 120m from 30m (#8820)

• bigtable: added row_affinity field to google_bigtable_app_profile resource (#8753)

• cloudbuild: added private_service_connect field to google_cloudbuild_worker_pool resource (#8827)

• clouddeploy: added associated_entities field to google_clouddeploy_target resource (#8827)

• clouddeploy: added serial_pipeline.strategy.canary.runtime_config.kubernetes.gateway_service_mesh.route_destinations field to google_clouddeploy_delivery_pipeline resource (#8827)

• cloudidentity: added create_time field to google_cloud_identity_group_membership data source (#8711)

• compute: google_compute_instance, google_compute_instance_template, google_compute_region_instance_template now supports advanced_machine_features.enable_uefi_networking field (#8805)

• compute: added MRDMA and IRDMA options to the setting nic_type in the google_compute_instance and google_compute_instance_template resources (#8706)

• compute: google_compute_instance, google_compute_instance_template and google_compute_region_instance_template now support advanced_machine_features.performance_monitoring_unit (#8710)

• compute: added support for specifying storage pool with name or partial url (#8794)

• compute: added numeric_id to the google_compute_network data source (#8821)

• compute: added threshold_configs field to google_compute_security_policy resource (#8818)

• compute: added server generated id as forwarding_rule_id to google_compute_global_forwarding_rule (#8736)

• compute: added server generated id as health_check_id to google_region_health_check (#8736)

• compute: added server generated id as instance_group_manager_id to google_instance_group_manager (#8736)

• compute: added server generated id as instance_group_manager_id to google_region_instance_group_manager (#8736)

• compute: added server generated id as network_endpoint_id to google_region_network_endpoint (#8736)

• compute: added server generated id as subnetwork_id to google_subnetwork (#8736)

• compute: added the psc_data field to the google_compute_region_network_endpoint_group resource (#8766)

• container: added enterprise_config field to google_container_cluster resource (#8808)

• container: added node_pool_autoconfig.linux_node_config.cgroup_mode field to google_container_cluster resource (#8771)

• dataproc: added autotuning_config and cohort fields to google_dataproc_batch (#8740)

• dataproc: added cluster_config.preemptible_worker_config.instance_flexibility_policy.provisioning_model_mix field to google_dataproc_cluster resource (#8732)

• dataproc: added confidential_instance_config field to google_dataproc_cluster resource (#8790)

• discoveryengine: added HEALTHCARE_FHIR to industry_vertical field in google_discovery_engine_search_engine (#8778)

• gkehub: added configmanagement.config_sync.stop_syncing field to google_gke_hub_feature_membership resource (#8827)

• monitoring: added disable_metric_validation field to google_monitoring_alert_policy resource (#8817)

• oracledatabase: added deletion_protection field to google_oracle_database_autonomous_database (#8787)

• oracledatabase: added deletion_protection field to google_oracle_database_cloud_exadata_infrastructure (#8788)

• oracledatabase: added deletion_protection field to google_oracle_database_cloud_vm_cluster (#8730)

• parallelstore: added deployment_type to google_parallelstore_instance (#8769)

• redis: added the cross_cluster_replication_config field to the google_redis_cluster resource (#8721)

• resourcemanager: made google_service_account email and member fields available during plan (#8799)

BUG FIXES:

• apigee: fixed error of update in google_apigee_developer resource (#8728)
• apigee: made google_apigee_organization wait for deletion operation to complete. (#8795)
• cloudfunctions: fixed issue when updating vpc_connector_egress_settings field for google_cloudfunctions_function r...

v6.12.0

FEATURES:

• New Data Source: google_access_context_manager_access_policy (#8676)
• New Data Source: google_backup_dr_data_source (#8641)
• New Resource: google_dataproc_gdc_spark_application (#8662)
• New Resource: google_iam_folders_policy_binding (#8677)
• New Resource: google_iam_organizations_policy_binding (#8679)

IMPROVEMENTS:

• artifactregistry: added common_repository field to google_artifact_registry_repository resource (#8681)
• backupdr: added access_restriction field togoogle_backup_dr_backup_vault resource (beta) (#8656)
• cloudrunv2: added urls output field to google_cloud_run_v2_service resource (#8686)
• compute: added IDPF as a possible value for the network_interface.nic_type field in google_compute_instance resource (#8664)
• compute: added IDPF as a possible value for the guest_os_features.type field in google_compute_image resource (#8664)
• compute: added replica_names field to sql_database_instance resource (#8637)
• filestore: added performance_config field to google_filestore_instance resource (#8647)
• redis: added persistence_config to google_redis_cluster. (#8643)
• securesourcemanager: added workforce_identity_federation_config field to google_secure_source_manager_instance resource (#8670)
• spanner: added default_backup_schedule_type field to google_spanner_instance (#8644)
• sql: added psc_auto_connections fields to google_sql_database_instance resource (#8682)

BUG FIXES:

• accesscontextmanager: fixed permadiff in perimeter google_access_context_manager_service_perimeter_ingress_policy and google_access_context_manager_service_perimeter_egress_policy resources when there are duplicate resources in the rules (#8675)
• accesscontextmanager: fixed comparison of identity_type in ingress_from and egress_from when the IDENTITY_TYPE_UNSPECIFIED is set (#8648)
• compute: fixed permadiff on attempted type field updates in google_computer_security_policy, updating this field will now force recreation of the resource (#8689)
• identityplatform: fixed perma-diff in google_identity_platform_config (#8663)

v6.11.2

BUG FIXES:

• vertexai: fixed issue with google_vertex_ai_endpoint where upgrading to 6.11.0 would delete all traffic splits that were set outside Terraform (which was previously a required step for all meaningful use of this resource). (#8708)

v6.11.1

BUG FIXES:

• container: fixed diff on google_container_cluster.user_managed_keys_config field for resources that had not set it. (#8687)
• container: marked google_container_cluster.user_managed_keys_config as immutable because it can't be updated in place. (#8687)

v6.11.0

NOTES:

• compute: migrated google_compute_firewall_policy_rule from DCL engine to MMv1 engine. (#8604)

BREAKING CHANGES:

• looker: made oauth_config a required field in google_looker_instance, as creating this resource without that field always triggers an API error (#8633)

DEPRECATIONS:

• backupdr: deprecated force_delete on google_backup_dr_backup_vault. Use ignore_inactive_datasources instead (#8616)

FEATURES:

• New Data Source: google_backup_dr_backup_plan_association (#8632)
• New Data Source: google_backup_dr_backup_plan (#8603)
• New Data Source: google_spanner_database (#8568)
• New Resource: google_apigee_api (#8567)
• New Resource: google_backup_dr_backup_plan_association (#8632)
• New Resource: google_backup_dr_backup_plan (#8603)
• New Resource: google_compute_region_resize_request (#8588)
• New Resource: google_dataproc_gdc_application_environment (#8609)
• New Resource: google_dataproc_gdc_service_instance (#8591)
• New Resource: google_iam_principal_access_boundary_policy (#8634)
• New Resource: google_network_management_vpc_flow_logs_config (#8623)

IMPROVEMENTS:

• apigee: added in-place update support for google_apigee_env_references (#8621)
• apigee: added in-place update support for google_apigee_environment resource (#8627)
• backupdr: added ignore_inactive_datasources and ignore_backup_plan_references fields to google_backup_dr_backup_vault resource (#8616)
• bigquery: added external_catalog_dataset_options fields to google_bigquery_dataset resource (#8558)
• cloudrunv2: added gcs.mount_options to google_cloud_run_v2_service and google_cloud_run_v2_job (#8613)
• compute: added rules property to google_compute_region_security_policy resource (#8574)
• compute: added disks field to google_compute_node_template resource (#8620)
• compute: added replica_names field to sql_database_instance resource (#8637)
• compute: added new field instance_flexibility_policy to resource google_compute_region_instance_group_manager (#8581)
• compute: increased google_compute_security_policy timeouts from 20 minutes to 30 minutes (#8589)
• container: added control_plane_endpoints_config field to google_container_cluster resource. (#8630)
• container: added parallelstore_csi_driver_config field to google_container_cluster resource. (#8607)
• container: added user_managed_keys_config field to google_container_cluster resource. (#8562)
• firestore: allowed single field indexes to support __name__ DESC indexes in google_firestore_index resources (#8576)
• privateca: added support for sub-CA to be activated into STAGED state (#8560)
• spanner: added default_backup_schedule_type field to google_spanner_instance (#8644)
• vertexai: added traffic_split, private_service_connect_config, predict_request_response_logging_config, dedicated_endpoint_enabled, and dedicated_endpoint_dns fields to google_vertex_ai_endpoint resource (#8619)
• workflows: added deletion_protection field to google_workflows_workflow resource (#8563)

BUG FIXES:

• compute: fixed a diff based on server-side reordering of match.src_address_groups and match.dest_address_groups in google_compute_network_firewall_policy_rule (#8592)
• compute: fixed permadiff on the preconfigured_waf_config field for google_compute_security_policy resource (#8622)
• container: fixed in-place updates for node_config.containerd_config in google_container_cluster and google_container_node_pool (#8566)