v6.10.0

FEATURES:

• New Data Source: google_compute_instance_guest_attributes (#8556)
• New Data Source: google_service_accounts (#8532)
• New Resource: google_iap_settings (#8548)

IMPROVEMENTS:

• apphub: added GLOBAL enum value to scope.type field in google_apphub_application resource (#8504)
• assuredworkloads: added workload_options field to google_assured_workloads_workload resource (#8495)
• backupdr: marked networks field optional in google_backup_dr_management_server resource (#8594)
• bigquery: added external_catalog_dataset_options fields to google_bigquery_dataset resource (beta) (#8558)
• bigquery: added descriptive validation errors for missing required fields in google_bigquery_job destination table configuration (#8542)
• compute: desired_status on google_compute_instance can now be set to TERMINATED or SUSPENDED on instance creation (#8515)
• compute: added header_action and redirect_options fields to google_compute_security_policy_rule resource (#8544)
• compute: added interface.ipv6-address field in google_compute_external_vpn_gateway resource (#8552)
• compute: added plan-time validation to name on google_compute_instance (#8520)
• compute: added support for advanced_machine_features.turbo_mode to google_compute_instance, google_compute_instance_template, and google_compute_region_instance_template (#8551)
• container: added in-place update support for labels, resource_manager_tags and workload_metadata_config in google_container_cluster.node_config (#8522)
• memorystore: added mode flag to google_memorystore_instance (#8498)
• resourcemanager: added disabled to google_service_account datasource (#8518)
• spanner: added asymmetric_autoscaling_options field to google_spanner_instance (#8503)
• sql: removed the client-side default of ENTERPRISE for edition in google_sql_database_instance so that edition is determined by the API when unset. This will cause new instances to use ENTERPRISE_PLUS as the default for POSTGRES_16. (#8490)
• vmwareengine: added autoscaling_settings to google_vmwareengine_private_cloud resource (#8529)

BUG FIXES:

• accesscontextmanager: fixed permadiff for perimeter ingress / egress rule resources (#8526)
• compute: fixed an error in google_compute_region_security_policy_rule that prevented updating the default rule (#8535)
• compute: fixed an error in google_compute_security_policy_rule that prevented updating the default rule (#8535)
• container: fixed missing in-place updates for some google_container_cluster.node_config subfields (#8522)

v6.9.0

DEPRECATIONS:

• containerattached: deprecated security_posture_config field in google_container_attached_cluster resource (#8446)

FEATURES:

• New Data Source: google_oracle_database_autonomous_database (#8440)
• New Data Source: google_oracle_database_autonomous_databases (#8438)
• New Data Source: google_oracle_database_cloud_exadata_infrastructures (#8430)
• New Data Source: google_oracle_database_cloud_vm_clusters (#8437)
• New Resource: google_apigee_app_group (#8451)
• New Resource: google_apigee_developer (#8445)
• New Resource: google_network_connectivity_group (#8439)

IMPROVEMENTS:

• compute: google_compute_network_firewall_policy_association now uses MMv1 engine instead of DCL. (#8489)
• compute: google_compute_region_network_firewall_policy_association now uses MMv1 engine instead of DCL. (#8489)
• compute: added creation_timestamp field to google_compute_instance, google_compute_instance_template, google_compute_region_instance_template (#8442)
• compute: added key_revocation_action_type to google_compute_instance and related resources (#8473)
• looker: added deletion_policy to google_looker_instance to allow force-destroying instances with nested resources by setting deletion_policy = FORCE (#8453)
• monitoring: added alert_strategy.notification_prompts field to google_monitoring_alert_policy (#8457)
• storage: added hierarchical_namespace to google_storage_bucket resource (#8428)
• sql: removed the client-side default of ENTERPRISE for edition in google_sql_database_instance so that edition is determined by the API when unset. This will cause new instances to use ENTERPRISE_PLUS as the default for POSTGRES_16. (#8490)
• vmwareengine: added autoscaling_settings to google_vmwareengine_cluster resource (#8477)
• workstations: added max_usable_workstations field to google_workstations_workstation_config resource. (#8421)

BUG FIXES:

• compute: fixed an issue where immutable distribution_zones was incorrectly sent to the API when updating distribution_policy_target_shape in google_compute_region_instance_group_manager resource (#8470)
• container: fixed a crash in google_container_node_pool caused by an occasional nil pointer (#8452)
• essentialcontacts: fixed google_essential_contacts_contact import to include required parent field. (#8423)
• sql: made google_sql_database_instance.0.settings.0.data_cache_config accept server-side changes when unset. When unset, no diffs will be created when instances change in edition and the feature is enabled or disabled as a result. (#8485)
• storage: removed retry on 404s during refresh for google_storage_bucket, preventing hanging when refreshing deleted buckets (#8478)

v6.8.0

FEATURES:

• New Data Source: google_oracle_database_cloud_exadata_infrastructure (#8407)
• New Data Source: google_oracle_database_cloud_vm_cluster (#8410)
• New Data Source: google_oracle_database_db_nodes (#8420)
• New Data Source: google_oracle_database_db_servers (#8389)
• New Resource: google_oracle_database_autonomous_database (#8411)
• New Resource: google_oracle_database_cloud_exadata_infrastructure (#8371)
• New Resource: google_oracle_database_cloud_vm_cluster (#8397)
• New Resource: google_transcoder_job_template (#8406)
• New Resource: google_transcoder_job (#8406)

IMPROVEMENTS:

• cloudfunctions: increased the timeouts to 20 minutes for google_cloudfunctions_function resource (#8372)
• cloudrunv2: added invoker_iam_disabled field to google_cloud_run_v2_service (#8395)
• compute: made google_compute_network_firewall_policy_rule use MMv1 engine instead of DCL. (#8412)
• compute: made google_compute_region_network_firewall_policy_rule use MMv1 engine instead of DCL. (#8412)
• compute: added ip_address_selection_policy field to google_compute_backend_service and google_compute_region_backend_service. (#8413)
• compute: added provisioned_throughput field to google_compute_instance_template resource (#8405)
• compute: added provisioned_throughput field to google_compute_region_instance_template resource (#8405)
• container: google_container_cluster will now accept server-specified values for node_pool_auto_config.0.node_kubelet_config when it is not defined in configuration and will not detect drift. Note that this means that removing the value from configuration will now preserve old settings instead of reverting the old settings. (#8385)
• container: added support for additional values KCP_CONNECTION, and KCP_SSHDin google_container_cluster.logging_config (#8381)
• dialogflowcx: added advanced_settings.logging_settings and advanced_settings.speech_settings to google_dialogflow_cx_agent and google_dialogflow_cx_flow (#8374)
• networkconnectivity: added linked_producer_vpc_network field to google_network_connectivity_spoke resource (#8376)
• secretmanager: added is_secret_data_base64 field to google_secret_manager_secret_version and google_secret_manager_secret_version_access datasources (#8394)
• secretmanager: added is_secret_data_base64 field to google_secret_manager_regional_secret_version and google_secret_manager_regional_secret_version_access datasources (#8394)
• spanner: added kms_key_names to encryption_config in google_spanner_database (#8403)
• workstations: added max_usable_workstations field to google_workstations_workstation_config resource (#8421)
• workstations: added field allowed_ports to google_workstations_workstation_config (#8402)

BUG FIXES:

• bigquery: fixed a regression that caused google_bigquery_dataset_iam_* resources to attempt to set deleted IAM members, thereby triggering an API error (#8408)
• compute: fixed an issue in google_compute_backend_service and google_compute_region_backend_service to allow sending false for iap.enabled (#8369)
• container: node_config.linux_node_config, node_config.workload_metadata_config and node_config.kubelet_config will now successfully send empty messages to the API when terraform plan indicates they are being removed, rather than null, which caused an error. The sole reliable case is node_config.linux_node_config when the block is removed, where there will still be a permadiff, but the update request that's triggered will no longer error and other changes displayed in the plan should go through. (#8400)
• pubsub: fixed permadiff with configuring an empty retry_policy in google_pubsub_subscription (#8365)

v6.7.0

FEATURES:

• New Resource: google_healthcare_pipeline_job (#8330)
• New Resource: google_secure_source_manager_branch_rule (#8360)

IMPROVEMENTS:

• container: google_container_cluster will now accept server-specified values for node_pool_auto_config.0.node_kubelet_config when it is not defined in configuration and will not detect drift. Note that this means that removing the value from configuration will now preserve old settings instead of reverting the old settings. (#8385)
• discoveryengine: added chat_engine_config.dialogflow_agent_to_link field to google_discovery_engine_chat_engine resource (#8333)
• networkconnectivity: added field migration to resource google_network_connectivity_internal_range (#8350)
• networkservices: added routing_mode field to google_network_services_gateway resource (#8355)

BUG FIXES:

• bigtable: fixed an error where BigTable IAM resources could be created with conditions but the condition was not stored in state (#8334)
• container: fixed issue which caused to not being able to disable enable_cilium_clusterwide_network_policy field on google_container_cluster. (#8338)
• container: fixed a diff triggered by a new API-side default value for node_config.0.kubelet_config.0.insecure_kubelet_readonly_port_enabled. Terraform will now accept server-specified values for node_config.0.kubelet_config when it is not defined in configuration and will not detect drift. Note that this means that removing the value from configuration will now preserve old settings instead of reverting the old settings. (#8385)
• dataproc: fixed a bug in google_dataproc_cluster that prevented creation of clusters with internal_ip_only set to false (#8363)
• iam: addressed google_service_account creation issues caused by the eventual consistency of the GCP IAM API by ignoring 403 errors returned on polling the service account after creation. (#8336)
• logging: fixed the whitespace permadiff on exclusions.filter field in google_logging_billing_account_sink, google_logging_folder_sink, google_logging_organization_sink and google_logging_project_sink resources (#8343)
• pubsub: fixed permadiff with configuring an empty retry_policy. (#8365)
• secretmanager: fixed the issue of unpopulated fields labels, annotations and version_destroy_ttl in the terraform state for the google_secret_manager_secrets datasource (#8346)

v5.44.2

Notes:

• 5.44.2 is a backport release, responding to a GKE rollout that created permadiffs for many users. The changes in this release will be available in 6.7.0 and users upgrading to 6.X should upgrade to that version or higher.

IMPROVEMENTS:

• container: google_container_cluster will now accept server-specified values for node_pool_auto_config.0.node_kubelet_config when it is not defined in configuration and will not detect drift. Note that this means that removing the value from configuration will now preserve old settings instead of reverting the old settings. (#8385)

BUG FIXES:

• container: fixed a diff triggered by a new API-side default value for node_config.0.kubelet_config.0.insecure_kubelet_readonly_port_enabled. Terraform will now accept server-specified values for node_config.0.kubelet_config when it is not defined in configuration and will not detect drift. Note that this means that removing the value from configuration will now preserve old settings instead of reverting the old settings. (#8385)

v6.6.0

FEATURES:

• New Resource: google_dataproc_batch (#8306)
• New Resource: google_healthcare_pipeline_job (#8330)
• New Resource: google_site_verification_owner (#8287)

IMPROVEMENTS:

• assuredworkloads: added HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS and HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS_WITH_US_SUPPORT enum values to compliance_regime in the google_assured_workloads_workload resource (#8326)
• compute: added bgp_best_path_selection_mode ,bgp_bps_always_compare_med and bgp_bps_inter_region_cost fields to google_compute_network resource (#8321)
• compute: added next_hop_origin ,next_hop_med and next_hop_inter_region_cost output fields to google_compute_route resource (#8321)
• compute: added enum STATEFUL_COOKIE_AFFINITY and strong_session_affinity_cookie field to google_compute_backend_service and google_compute_region_backend_service resource (#8296)
• compute: added TDX instance option for confidential_instance_type in google_compute_instance (#8320)
• containeraws: added kubelet_config field group to the google_container_aws_node_pool resource (#8326)
• dataproc: switched to the v1 API for google_dataproc_autoscaling_policy resource (#8306)
• pubsub: added GCS ingestion settings and platform log settings to google_pubsub_topic resource (#8298)
• sourcerepo: added create_ignore_already_exists field to google_sourcerepo_repository resource (#8329)
• sql: added in-place update support for settings.time_zone in google_sql_database_instance resource (#8293)
• tags: increased maximum accepted input length for the short_name field in google_tags_tag_key and google_tags_tag_value resources (#8324)

BUG FIXES:

• bigquery: fixed google_bigquery_dataset_iam_member to be able to delete itself and overwrite the existing iam members for bigquery dataset keeping the authorized datasets as they are. (#8304)
• bigquery: fixed an error which could occur with service account field values containing non-lower-case characters in google_bigquery_dataset_access (#8319)
• compute: fixed an issue where the boot_disk.initialize_params.resource_policies field in google_compute_instance forced a resource recreation when used in combination with google_compute_disk_resource_policy_attachment (#8309)
• compute: fixed the issue that labels was not set when creating the resource google_compute_interconnect (#8284)
• tags: removed google_tags_location_tag_binding resource from the Terraform state when its parent resource has been removed outside of Terraform (#8310)
• workbench: fixed a bug in the google_workbench_instance resource where the removal of labels was not functioning as expected. (#8280)

v6.5.0

DEPRECATIONS:

• compute: deprecated macsec.pre_shared_keys.fail_open field in google_compute_interconnect resource. Use the new macsec.fail_open field instead (#8245)

FEATURES:

• New Data Source: google_compute_region_instance_group_manager (#8259)
• New Data Source: google_privileged_access_manager_entitlement (#8253)
• New Data Source: google_secret_manager_regional_secret_version_access (#8220)
• New Data Source: google_secret_manager_regional_secret_version (#8209)
• New Data Source: google_secret_manager_regional_secrets (#8217)
• New Resource: google_compute_region_network_firewall_policy_with_rules (#8225)
• New Resource: google_compute_router_nat_address (#8227)
• New Resource: google_logging_log_scope (#8235)

IMPROVEMENTS:

• apigee: added activate field to google_apigee_nat_address resource (#8261)
• bigquery: added biglake_configuration field to google_bigquery_table resource to support BigLake Managed Tables (#8221)
• cloudrun: added node_selector field to google_cloud_run_service resource (#8216)
• cloudrunv2: added node_selector field to google_cloud_run_v2_service resource (#8216)
• compute: added existing_reservations field to google_compute_region_commitment resource (#8256)
• compute: added host_error_timeout_seconds field to google_compute_instance resource (#8252)
• compute: added hostname field to google_compute_instance data source (#8268)
• compute: added initial_nat_ip field to google_compute_router_nat resource (#8227)
• compute: added macsec.fail_open field to google_compute_interconnect resource (#8245)
• compute: added SUSPENDED as a possible value to desired_state field in google_compute_instance resource (#8257)
• compute: added import support for projects/{{project}}/meta-data/{{key}} format for google_compute_project_metadata_item resource (#8274)
• compute: marked customer_name and location fields as optional in google_compute_interconnect resource to support cross cloud interconnect (#8279)
• container: added linux_node_config.hugepages_config field to google_container_node_pool resource (#8210)
• looker: added psc_enabled and psc_config fields to google_looker_instance resource (#8211)
• networkconnectivity: added include_import_ranges field to google_network_connectivity_spoke resource for linked_vpn_tunnels, linked_interconnect_attachments and linked_router_appliance_instances (#8215)
• secretmanagerregional: added version_aliases field to google_secret_manager_regional_secret resource (#8209)
• workbench: increased create timeout to 20 minutes for google_workbench_instance resource (#8228)

BUG FIXES:

• bigquery: fixed in-place update of google_bigquery_table resource when external_data_configuration.schema field is set (#8234)
• bigquerydatapolicy: fixed permadiff on policy_tag field in google_bigquery_datapolicy_data_policy resource (#8239)
• composer: fixed storage_config.bucket field to support a bucket name with or without "gs://" prefix (#8229)
• container: added support for setting addons_config.gcp_filestore_csi_driver_config and enable_autopilot in the same google_container_cluster (#8260)
• container: fixed node_config.kubelet_config updates in google_container_cluster resource (#8238)
• container: fixed a bug where specifying node_pool_defaults.node_config_defaults with enable_autopilot = true would cause google_container_cluster resource creation failure (#8223)
• workbench: fixed a bug in the google_workbench_instance resource where the removal of labels was not functioning as expected (#8280)

v6.4.0

DEPRECATIONS:

• securitycenterv2: deprecated google_scc_v2_organization_scc_big_query_exports. Use google_scc_v2_organization_scc_big_query_export instead. (#8166)

FEATURES:

• New Data Source: google_secret_manager_regional_secret_version (#8209)
• New Data Source: google_secret_manager_regional_secret (#8189)
• New Resource: google_compute_firewall_policy_with_rules (#8181)
• New Resource: google_database_migration_service_migration_job (#8187)
• New Resource: google_discovery_engine_target_site (#8174)
• New Resource: google_healthcare_workspace (#8179)
• New Resource: google_scc_folder_scc_big_query_export (#8183)
• New Resource: google_scc_organization_scc_big_query_export (#8172)
• New Resource: google_scc_project_scc_big_query_export (#8173)
• New Resource: google_scc_v2_organization_scc_big_query_export (#8166)
• New Resource: google_secret_manager_regional_secret_version (#8199)
• New Resource: google_secret_manager_regional_secret (#8170)
• New Resource: google_site_verification_web_resource (#8180)
• New Resource: google_spanner_backup_schedule (#8160)

IMPROVEMENTS:

• alloydb: added enable_outbound_public_ip field to google_alloydb_instance resource (#8156)
• apigee: added in-place update for consumer_accept_list field in google_apigee_instance resource (#8155)
• compute: added interface field to google_compute_attached_disk resource (#8154)
• compute: added in-place update in google_compute_interconnect resource except for remote_location and requested_features fields (#8203)
• filestore: added deletion_protection_enabled and deletion_protection_reason fields to google_filestore_instance resource (#8158)
• looker: added fips_enabled field to google_looker_instance resource (#8206)
• metastore: added deletion_protection field to google_dataproc_metastore_service resource (#8200)
• netapp: added allow_auto_tiering field to google_netapp_storage_pool resource (#8163)
• netapp: added tiering_policy field to google_netapp_volume resource (#8163)
• secretmanagerregional: added version_aliases field to google_secret_manager_regional_secret resource (#8209)
• spanner: added edition field to google_spanner_instance resource (#8160)

BUG FIXES:

• compute: fixed a permadiff on iap field in google_compute_backend and google_compute_region_backend resources (#8204)
• container: fixed a bug where specifying node_pool_defaults.node_config_defaults with enable_autopilot = true will cause google_container_cluster resource creation failure (#8223)
• container: fixed a permadiff on node_config.gcfs_config field in google_container_cluster and google_container_node_pool resources (#8207)
• container: fixed the in-place update for node_config.gcfs_config in google_container_cluster and google_container_node_pool resources (#8207)
• container: made node_config.kubelet_config.cpu_manager_policy field optional to fix its update in google_container_cluster resource (#8171)
• dns: fixed a permadiff on dnssec_config field in google_dns_managed_zone resource (#8165)
• pubsub: allowed filter field to contain line breaks in google_pubsub_subscription resource (#8161)

v5.44.1

NOTES:

• 5.44.1 is a backport release, intended to pull in critical container improvements and fixes for issues introduced in 5.44.0

IMPROVEMENTS:

• container: added in-place update support for gcfs_config in in google_container_cluster and google_container_node_pool (#8101) (#8207)

BUG FIXES:

• container: fixed a permadiff on gcfs_config in google_container_cluster and google_container_node_pool (#8207)
• container: fixed a bug where specifying node_pool_defaults.node_config_defaults with enable_autopilot = true will cause google_container_cluster resource creation failure. (#8223)

v6.3.0

FEATURES:

• New Data Source: google_bigquery_tables (#8130)
• New Resource: google_compute_network_firewall_policy_with_rules (#8118)
• New Resource: google_developer_connect_connection (#8150)
• New Resource: google_developer_connect_git_repository_link (#8150)
• New Resource: google_memorystore_instance (#8126)

IMPROVEMENTS:

• compute: added connected_endpoints.consumer_network and connected_endpoints.psc_connection_id fields to google_compute_service_attachment resource (#8148)
• compute: added propagated_connection_limit and connected_endpoints.propagated_connection_count fields to google_compute_service_attachment resource (#8148)
• compute: added field http_keep_alive_timeout_sec to google_region_compute_target_http_proxy and google_region_compute_target_http_proxy resources (#8151)
• compute: added support for boot_disk.initialize_params.resource_policies in google_compute_instance and google_instance_template (#8134)
• container: added storage_pools to node_config in google_container_cluster and google_container_node_pool (#8146)
• containerattached: added security_posture_config field to google_container_attached_cluster resource (#8137)
• netapp: added large_capacity and multiple_endpoints to google_netapp_volume resource (#8116)
• resourcemanager: added tags field to google_folder to allow setting tags for folders at creation time (#8113)

BUG FIXES:

• compute: setting network_ip to "" will no longer cause diff and will be treated the same as null (#8128)
• dataproc: updated google_dataproc_cluster to protect against handling nil kerberos_config values (#8129)
• dns: added a mutex to google_dns_record_set to prevent conflicts when multiple resources attempt to operate on the same record set (#8139)
• managedkafka: added 5 second wait post google_managed_kafka_topic creation to fix eventual consistency errors (#8149)