v7.3.0

FEATURES:

• New Data Source: google_backup_dr_data_source_reference (#10707)
• New Resource: google_bigquery_datapolicyv2_data_policy (#10693)
• New Resource: google_saas_runtime_release (#10685)
• New Resource: google_secure_source_manager_hook (#10706)

IMPROVEMENTS:

• cloudrun: added sub_path field to google_cloud_run_service resource. (#10705)
• cloudrunv2: added sub_path field to google_cloud_run_v2_service google_cloud_run_v2_job and google_cloud_run_v2_worker_pool resource. (#10705)
• compute: added labels and label_fingerprint fields to google_compute_security_policy resource (#10696)
• compute: labels under initialize_params are now updatable on google_compute_instance (#10710)
• container: added new fields memory_manager and topology_manager to node_kubelet_config block (#10681)
• datastream: added destination_config.bigquery_destination_config.source_hierarchy_datasets.project_id field to google_datastream_stream resource (#10704)
• discoveryengine: added app_type field to google_discovery_engine_search_engine resource (#10694)
• gkeonprem: added proxy field to google_gkeonprem_vmware_admin_cluster resource (#10702)
• healthcare: added validation_config to google_healthcare_fhir_store resource (#10700)
• iamworkforcepool: added extended_attributes field to workforce_pool_provider resource (#10688)
• netapp: added export_policy.rules.squash_mode field to google_netapp_volume resource. (#10711)
• privateca: added encryption_spec field to google_privateca_ca_pool resource (#10699)
• run: added connector to vpcAccess on google_cloud_run_v2_worker_pool resource (#10701)
• tags: added the DATA_GOVERNANCE value to google_tags_tag_key.purpose (#10687)

BUG FIXES:

• bigquery: updated the schema change detection for google_bigquery_table to take into account presence of row access policy (#10683)
• compute: fixed allow_global_access to correctly be immutable for google_compute_forwarding_rule resources with load balancing scheme of INTERNAL_MANAGED (#10692)
• compute: fixed a crash in google_compute_security_policy due to a changed API response for empty match.0.expr_options blocks (#10715)
• dialogflow: added support for non-global endpoints for google_dialogflow_conversation_profile (#10712)
• publicca: use RawURLEncoding instead of URLEncoding for unpadded base64 encoding (#10682)
• secretmanager: fixed a panic in google_secret_manager_secret_version in a secret_manager (#10698)
• workbench: fixed issue that resource creation with computed labels field fails in google_workbench_instance resource (#10691)
• workbench: made report-notebook-metrics metadata key settable for google_workbench_instance (#10690)

v6.49.3

BUG FIXES:

• compute: fixed a crash in google_compute_security_policy due to a changed API response for empty match.0.expr_options blocks (#10715)

v7.2.0

FEATURES:

• New Data Source: google_artifact_registry_python_package (#10671)
• New Data Source: google_backup_dr_data_source_references (#10672)
• New Resource: google_discovery_engine_acl_config (#10680)
• New Resource: google_saas_runtime_unit_kind (#10652)

IMPROVEMENTS:

• chronicle: made the scope_info field in google_chronicle_reference_list configurable (#10663)
• compute: added header_action to path_matcher and default_service level on google_compute_region_url_map resource (#10665)
• container: added secret_manager_config.rotation_config field to google_container_cluster resource (#10659)
• container: added new fields memory_manager and topology_manager to google_container_cluster.node_config.kubelet_config and google_container_node_pool.node_config.kubelet_config (#10681)
• healthcare: added consent_config field to google_healthcare_fhir_store resource (#10666)
  New Resource: google_network_management_organization_vpc_flow_logs_config (#10660)
• sql: added final_backup_description and final_backup_config fields to google_sql_database_instance resource (#10678)
• storage: added aws_s3_compatible_data_source to google_storage_transfer_job resource (#10656)

BUG FIXES:

• provider: fixed an issue with universe_domain where the provider tried to connect to "googleapis.com" for user email logging when universe_domain was set (#10654)
• container: fixed a faulty diff for arrays on user_managed_keys_config that caused faulty cluster updates to be triggered in google_container_cluster (#10668)
• osconfig: fixed permadiff in google_osconfig_patch_deployment where patch_config.yum.minimal doesn't send false for empty values (#10661)

v7.1.1

• bigtable: fixed an error encountered when applying google_bigtable_table_iam_* resources after upgrading to 7.x and replacing instance with instance_name (#10667)

v7.1.0

DEPRECATIONS:

• container: deprecated enterprise_config field in google_container_cluster resource. GKE Enterprise features are now available without an Enterprise tier. (#10646)
• storage: removed deprecated status for field to detect_md5hash in google_storage_bucket_object resource (#10605)

FEATURES:

• New Data Source: google_iap_web_forwarding_rule_service_iam_policy (#10621)
• New Resource: google_iap_web_forwarding_rule_service_iam_binding (#10621)
• New Resource: google_iap_web_forwarding_rule_service_iam_member (#10621)
• New Resource: google_iap_web_forwarding_rule_service_iam_policy (#10621)

IMPROVEMENTS:

• artifactregistry: added registry_uri as attribute to google_artifact_registry_repository (#10618)
• backupdr: added create_time field to google_backup_dr_backup data source (#10626)
• cloudbuild: added worker_config.enable_nested_virtualization field to google_cloudbuild_worker_pool resource (#10619)
• cloudrunv2: added support for multi_region_settings field to google_cloud_run_v2_service resource (#10607)
• compute: add params.resource_manager_tags field to the google_compute_region_backend_service (#10634)
• compute: added public_delegated_sub_prefixs field to resource google_compute_public_delegated_prefix (#10638)
• compute: added update_strategy field to google_compute_network_peering resource (#10623)
• firestore: added unique field to google_firestore_index resource (#10617)
• netapp: added qos_type and available_throughput_mibps fields to google_netapp_storage_pool resource (#10615)
• netapp: added throughput_mibps field to google_netapp_volume resource (#10615)
• networkservices: allowed EXPLICIT_ROUTING_MODE for routing_mode on google_network_services_gateway resource (#10608)
• sql: added consumer_network_status, ip_address, and status fields to psc_auto_connections field on google_sql_database_instance resource (#10637)
• storagetransfer: added service_account field to google_storage_transfer_job resource (#10635)
• storagetransfer: added transfer_spec.aws_s3_data_source.credentials_secret to google_storage_transfer_job resource (#10609)

BUG FIXES:

• compute: fixed certain spurious diffs for google_compute_region_backend_service.backend.group (#10611)
• compute: fixed permadiff on google_compute_region_network_endpoint_group when no network is specified (#10625)
• memorystore: fixed permadiffs that cause destroy+recreate on new google_memorystore_instance when desired_psc_auto_connections is set (#10648)
• netapp: fixed a permadiff on total_iops in google_netapp_storage_pool resource (#10643)
• oracledatabase: fixed permadiffs on google_oracle_database_autonomous_database resource for the odb_network and odb_subnet fields (#10627)

v7.0.1

BUG FIXES:

• storage: fixed a conversion crash in google_storage_bucket state migration #10629

v7.0.0

Terraform Google Provider 7.0.0 Upgrade Guide

BREAKING RESOURCE REMOVALS:

• beyondcorp: removed google_beyondcorp_application, its associated IAM resources google_beyondcorp_application_iam_binding, google_beyondcorp_application_iam_member, and google_beyondcorp_application_iam_policy, and the google_beyondcorp_application_iam_policy datasource. Use google_beyondcorp_security_gateway_application instead. #10536
• notebooks: removed google_notebooks_location #10350
• tpu: removedgoogle_tpu_node. Use google_tpu_v2_vm instead. #10516

BREAKING FIELD REMOVALS:

• cloudrunv2: removed template.containers.depends_on within resource google_cloud_run_v2_worker_pool #10444
• colab: removed post_startup_script_config field from from google_colab_runtime_template resource #10555
• compute: removed field enable_flow_logs from google_compute_subnetwork #10398
• gkehub: removed configmanagement.binauthz field in google_gke_hub_feature_membership #10585
• gkehub: removed description field in google_gke_hub_membership #10344
• memorystore: removed allow_fewer_zones_deployment field from google_memorystore_instance resource because it isn't user-configurable #10588
• redis: removed allow_fewer_zones_deployment field from google_redis_cluster resource because it isn't user-configurable #10588
• resourcemanager: removed non-functional project field from google_service_account_key datasource #10537

BREAKING INCREASED VALIDATION:

• cloudfunctions2: made event_type a required field for event_trigger in google_cloudfunctions2_function #10501
• networkservices: made load_balancing_scheme required in google_network_services_lb_traffic_extension #10419
• sql: made password_wo_version required when password_wo is set in google_sql_user #10591
• storage: added validation requiring the topic field to be in the form "projects//topics/" in google_storage_notification #10602
• storagetransfer: added path validation for GCS path source and sink in google_storage_transfer_job #10297
• vertexai: made metadata, and metadata.config required in google_vertex_ai_index. Resource creation would fail without these attributes already, so no change is necessary to existing configurations. #10520

OTHER BREAKING CHANGES:

• provider: fixed many import functions throughout the provider that erroneously matched a subset of the provided input, leading to unclear error messages when using terraform input with invalid resource IDs. #10545
• alloydb: added deletion_protection field with a default value of true to google_alloydb_cluster resource #10553
• apigee: changed certs_info field in google_apigee_keystores_aliases_key_cert_file to be output-only #10602
• apigee: migrated google_apigee_keystores_aliases_key_cert_file to the plugin framework #10602
• artifactregistry: removed the default values for public_repository fields in google_artifact_registry_repository. If your state is reliant on them, they will now need to be manually included in your configuration. #10519
• bigquery: removed the default value of view.use_legacy_sql in google_bigquery_table #10578
• bigtable: renamed instance to instance_name for bigtable_table_iam objects #10248
• billing: made budget_filter.credit types and budget_filter.subaccounts no longer optional+computed, only optional, in google_billing_budget resource #10587
• cloudfunctions2: changed service_config.service field in google_cloudfunctions2_function resource to be output-only #10432
• compute: subnetworks and instances fields in google_compute_packet_mirroring have been converted from arrays to sets #10550
• compute: advertised_ip_ranges field group in google_compute_router has been converted from a list to a set #10557
• compute: disk.type, disk.mode and disk.interface no longer use provider configured default values and instead will be set by the API in google_compute_instance_template and google_compute_region_instance_template resources #10569
• gkehub: updated beta api endpoint from v1beta1 to v1beta #10344
• resourcemanager: changed disable_on_destroy default value to false in google_project_service #10508
• securesourcemanager: changed deletion_policy default value from DELETE to PREVENT #10515
• storage: changed retention_period to string data type in resource google_storage_bucket #10311
• storage: migrated google_storage_notification to the plugin framework #10602

FEATURES:

• New Data Source: google_artifact_registry_npm_package (#10582)
• New Data Source: google_certificate_manager_dns_authorization (#10544)
• New Resource: google_iap_web_region_forwarding_rule_service_iam_binding (#10561)
• New Resource: google_iap_web_region_forwarding_rule_service_iam_member (#10561)
• New Resource: google_iap_web_region_forwarding_rule_service_iam_policy (#10561)
• New Resource: google_saas_runtime_saas (#10556)

IMPROVEMENTS:

• bigquery: added support for "connection_properties" for bigquery to google_bigquery_job (beta) (#10554)
• cloudbuild: added developer_connect_event_config field to google_cloudbuild_trigger resource (#10563)
• cloudtasks: added desired_state field to google_cloud_tasks_queue resource (#10567)
• cloudrunv2: added max_instance_count field to google_cloud_run_v2_service resource. (#10558)
• compute: added params.resourceManagerTags field to the google_compute_backend_service (#10575)
• compute: added params.resource_manager_tags field to google_compute_backend_bucket (#10581)
• compute: added short_name field to google_compute_organization_security_policy resource (#10572)
• container: added cluster_autoscaling.default_compute_class_enabled field to google_container_cluster resource (#10552)
• dialogflowcx: added enableMultiLanguageTraining, locked, answerFeedbackSettings, personalizationSettings, clientCertificateSettings, startPlaybook, satisfiesPzs, and satisfiesPzi to google_dialogflow_cx_agent resource. (#10543)
• lustre: increased google_lustre_instance resource create timeout to 120m from 20m ([#10570](https://github.com/has...

v6.49.2

BUG FIXES:

• container: fixed issue where a failed creation on google_container_node_pool would result in an unrecoverable tainted state (#24077)

v6.49.1

BUG FIXES:

• secretmanager: fixed issue where upgrading to 6.49.0 would cause all google_secret_manager_secret_version resources to be recreated unless secret_data_wo_version was set (#10574)

v6.49.0

DEPRECATIONS:

• beyondcorp: google_beyondcorp_application_iam_binding, google_beyondcorp_application_iam_member and google_beyondcorp_application_iam_policy IAM resources, and the google_beyondcorp_application_iam_policy datasource have been deprecated and will be removed in the upcoming major release (#10532)
• tpu: deprecated google_tpu_tensorflow_versions data source. Use google_tpu_v2_runtime_versions instead. (#10514)

FEATURES:

• New Data Source: google_artifact_registry_tag (#10531)
• New Data Source: google_artifact_registry_tags (#10518)
• New Resource: google_dialogflow_conversation_profile (#10533)

IMPROVEMENTS:

• apikeys: added service_account_email to google_apikeys_key (#10538)
• bigqueryreservation: added support for scaling_mode and max_slots properties on google_bigquery_reservation (beta) (#10509)
• compute: added advanced_options_config field to google_compute_region_security_policy resource (#10498)
• container: added eviction_soft, eviction_soft_grace_period, eviction_minimum_reclaim, eviction_max_pod_grace_period_seconds, max_parallel_image_pulls, transparent_hugepage_enabled, transparent_hugepage_defrag and min_node_cpus fields to node_config block of google_container_node_pool and google_container_cluster resources (#10522)
• networkmanagement: added subnet and network fields to the google_network_management_vpc_flow_logs_config resource (beta) (#10506)
• networkmanagement: added output-only field target_resource_state to the google_network_management_vpc_flow_logs_config resource (#10506)
• resourcemanager: added management_project and configured_capabilities fields to the google_folder resource. (#10525)

BUG FIXES:

• cloud_tasks: correctly set name field to be required in google_cloud_tasks_queue resource (#10534)
• clouddeploy: allowed sending weekly_windows.start_time as an empty object in order to use default values in thegoogle_clouddeploy_deploy_policy resource (#10530)
• kms: skip_initial_version_creation field is no longer immutable in google_kms_crypto_key, but is still only settable at-creation (#10526)
• netapp: fixed bug where google_netapp_volume.large_capacity was not properly marked as immutable, causing updates to fail (and making it impossible to change the field value after creation) (#10541)
• networkconnectivity: added update support for linked_vpc_network in google_network_connectivity_spoke (#10507)