DEPRECATIONS:
- container: fixed an overly-broad deprecation on
master_auth
, constraining it tomaster_auth.username
andmaster_auth.password
DEPRECATIONS:
- container: deprecated
workload_identity_config.0.identity_namespace
and it will be removed in a future major release as it has been deprecated in the API. Useworkload_identity_config.0.workload_pool
instead. Switching your configuration from one value to the other will trigger a diff at plan time, and a spurious update. (#10327) - container: deprecated the following
google_container_cluster
fields:instance_group_urls
andmaster_auth
(#10356)
IMPROVEMENTS:
- container: added
node_config.0.guest_accelerator.0.gpu_partition_size
field to google_container_node_pool (#10339) - container: added
workload_identity_config.0.workload_pool
togoogle_container_cluster
(#10327) - container_cluster: Updated
monitoring_config
to acceptWORKLOAD
(#10321) - provider: Added links to nested types documentation for manually generated pages (#10333)
BUG FIXES:
- cloudrun: fixed a permadiff on the field
template.spec.containers.ports.name
of thegoogle_cloud_run_service
resource (#10340) - composer: removed
config.node_config.zone
requirement ongoogle_composer_environment
(#10353) - compute: fixed permadiff for
failover_policy
ongoogle_compute_region_backend_service
(#10316) - compute: fixed to make
description
updatable without recreation ongoogle_compute_instance_group_manager
(#10329) - container: fixed a permadiff on
google_container_node_pool.workload_metadata_config.mode
(#10313) - iam: fixed request batching bug where failed requests would show unnecessary backslash escaping to the user. (#10303)
- securitycenter: fixed bug where
google_scc_notification_config.streaming_config.filter
was not updating. (#10315)
DEPRECATIONS:
- compute: deprecated the
enable_display
field ingoogle_compute_instance_template
in thegoogle
(GA) provider. It will only be available in thegoogle-beta
provider in a future release, as the underlying feature is in beta. (#10281)
BUG FIXES:
- compute: fixed bug where
google_compute_router_peer
could not set an advertised route priority of 0, causing permadiff. (#10292) - container: fixed a crash on
monitoring_config
ofgoogle_container_cluster
(#10290) - iam: fixed request batching bug where failed requests would show unnecessary backslash escaping to the user. (#10303)
- storage: fixed a bug to better handle eventual consistency among
google_storage_bucket
resources. (#10287)
NOTES:
- reorganized documentation to group all Compute Engine and Monitoring (Stackdriver) resources together. (#10205)
DEPRECATIONS:
- container: deprecated
workload_metadata_configuration.node_metadata
in favor ofworkload_metadata_configuration.mode
ingoogle_container_cluster
(#10238) - dataproc: deprecated the
google_dataproc_workflow_template.version
field, as it wasn't actually useful. The field is used during updates, but updates aren't currently possible with the resource. (#10183) - runtimeconfig: deprecated the Runtime Configurator service in the
google
(GA) provider includinggoogle_runtimeconfig_config
,google_runtimeconfig_variable
,google_runtimeconfig_config_iam_policy
,google_runtimeconfig_config_iam_binding
,google_runtimeconfig_config_iam_member
,data.google_runtimeconfig_config
. They will only be available in thegoogle-beta
provider in a future release, as the underlying service is in beta. (#10232) BREAKING CHANGES: - gke_hub: made the
config_membership
field ingoogle_gke_hub_feature
required, disallowing invalid configurations (#10199) - gke_hub: made the
configmanagement
,feature
,location
,membership
fields ingoogle_gke_hub_feature_membership
required, disallowing invalid configurations (#10199)
FEATURES:
- New Data Source:
google_service_networking_peered_dns_domain
(#10229) - New Data Source:
google_sourcerepo_repository
(#10203) - New Data Source:
google_storage_bucket
(#10190) - New Resource:
google_pubsub_lite_reservation
(#10263) - New Resource:
google_service_networking_peered_dns_domain
(#10229)
IMPROVEMENTS:
- composer: added support for composer v2 fields
workloads_config
andcloud_composer_network_ipv4_cidr_block
tocomposer_environment
(10269) - compute: added external IPv6 support on
google_compute_subnetwork
andgoogle_compute_instance.network_interfaces
(#10189) - container: added support for
workload_metadata_configuration.mode
ingoogle_container_cluster
(#10238) - eventarc: added support for
uid
output field,cloud_function
destination togoogle_eventarc_trigger
(#10199) - gke_hub: added support for
gcp_service_account_email
when configuring Git sync ingoogle_gke_hub_feature_membership
(#10199) - gke_hub: added support for
resource_state
,state
outputs togoogle_gke_hub_feature
(#10199) - pubsub: Added support for references to
google_pubsub_lite_reservation
togoogle_pubsub_lite_topic
. (#10263)
BUG FIXES:
- monitoring: fixed typo in
google_monitoring_uptime_check_config
whereNOT_MATCHES_REGEX
could not be specified. (#10249)
DEPRECATIONS:
- dataproc: deprecated the
google_dataproc_workflow_template.version
field, as it wasn't actually useful. The field is used during updates, but updates aren't currently possible with the resource. (#10183)
FEATURES:
- New Resource:
google_org_policy_policy
(#10111)
IMPROVEMENTS:
- cloudbuild: added field
service_account
togoogle_cloudbuild_trigger
(#10159) - composer: added field
scheduler_count
togoogle_composer_environment
(#10158) - compute: Disabled recreation of GCE instances when updating
resource_policies
property (#10173) - container: added support for
logging_config
andmonitoring_config
togoogle_container_cluster
(#10125) - kms: added support for
import_only
togoogle_kms_crypto_key
(#10157) - networkservices: boosted the default timeout for
google_network_services_edge_cache_origin
from 30m to 60m (#10182)
BUG FIXES:
- container: fixed an issue where a node pool created with error (eg. GKE_STOCKOUT) would not be captured in state (#10137)
- filestore: Allowed updating
reserved_ip_range
ongoogle_filestore_instance
via recreation of the instance (#10146) - serviceusage: enabled the service api to retry on failed operation calls in anticipation of transient errors that occur when first enabling the service. (#10171)
IMPROVEMENTS:
- healthcare: promoted
google_healthcare_hl7_v2_store.parseConfig.version
to GA (#10099)
BUG FIXES:
- dns: fixed an issue in
google_dns_record_set
whererrdatas
could not be updated (#10089) - dns: fixed an issue in
google_dns_record_set
where creating the resource would result in an 409 error (#10089) - platform: fixed a bug in wrongly writing to state when creation failed on
google_organization_policy
(#10082)
IMPROVEMENTS:
- bigtable: enabled support for
user_project_override
ingoogle_bigtable_instance
andgoogle_bigtable_table
(#10060) - compute: added
iap
fields togoogle_compute_region_backend_service
(#10038) - compute: allowed passing an IP address to the
nextHopIlb
field ofgoogle_compute_route
resource (#10048) - iam: added
disabled
field togoogle_service_account
resource (#10033) - provider: added links to nested types documentation within a resource (#10063)
- storage: added field
path
togoogle_storage_transfer_job
(#10047)
BUG FIXES:
- appengine: fixed bug where
deployment.container.image
would update to an old version even if inignore_changes
(#10058) - bigquery: fixed a bug where
destination_encryption_config.kms_key_name
stored the version rather than the key name. (#10068) - redis: extended the default timeouts on
google_redis_instance
(#10037) - serviceusage: fixed an issue in
google_project_service
where users could not reenable services that were disabled outside of Terraform. (#10045)
FEATURES:
- New Data Source:
google_secret_manager_secret
(#9983)
IMPROVEMENTS:
- compute: added update support to
google_compute_service_attachment
(#9982)
BUG FIXES:
- container: fixed a bug in failing to remove
maintenance_exclusion
ongoogle_container_cluster
(#10025) - compute: fixed an issue in
google_compute_router_nat
where removinglog_config
resulted in a perma-diff (#9950) - compute: fixed
advanced_machine_features
error messages ingoogle_compute_instance
(#10023) - eventarc: fixed bug where resources deleted outside of Terraform would cause errors (#9997)
- functions: fixed an error message on
google_cloudfunctions_function
(#10011) - logging: fixed the data type for
bucket_options.linear_buckets.width
ongoogle_logging_metric
(#9985) - osconfig: fixed import on
google_os_config_guest_policies
(#10019) - storage: fixed an undetected change on
days_since_noncurrent_time
ofgoogle_storage_bucket
(#10024)
FEATURES:
- New Resource:
google_privateca_certificate_template
(#9905)
IMPROVEMENTS:
- privateca: added
certificate_template
togoogle_privateca_certificate
. (#9915) - compute: allowed setting
ip_address
field ofgoogle_compute_router_peer
(#9913) - compute: promoted
google_compute_service_attachment
to ga (#9914) - compute: promoted
role
andpurpose
fields ingoogle_compute_subnetwork
to ga (#9914) - kms: added support for
destroy_scheduled_duration
togoogle_kms_crypto_key
(#9911)
BUG FIXES:
- endpoints: fixed a timezone discrepancy in
config_id
ongoogle_endpoints_service
(#9912) - cloudbuild: marked
google_cloudbuild_trigger
as requiring one of branch_name/tag_name/commit_sha within build.source.repo_source (#9952) - compute: fixed a crash on
enable
field ofgoogle_compute_router_peer
(#9940) - compute: fixed a permanent diff for
next_hop_instance_zone
ongoogle_compute_route
whennext_hop_instance
was set to a self link (#9931) - compute: fixed an issue in
google_compute_router_nat
where removinglog_config
resulted in a perma-diff (#9950) - privateca: fixed a permadiff bug for
publishing_options
ongoogle_privateca_ca_pool
when both attributes set false (#9926) - spanner: fixed instance updates to processing units (#9933)
- storage: added support for timeouts on
google_storage_bucket_object
(#9937)
FEATURES:
- New Resource:
google_privateca_certificate_template
(#9905) - New Resource:
google_compute_firewall_policy
(#9887) - New Resource:
google_compute_firewall_policy_association
(#9887) - New Resource:
google_compute_firewall_policy_rule
(#9887)
IMPROVEMENTS:
- sql: added field
collation
togoogle_sql_database_instance
(#9888)
BUG FIXES:
- apigateway: fixed import functionality for all
apigateway
resources (#9871) - dns: fixed not-exists error message on data source
google_dns_managed_zone
(#9898) - healthcare: fixed bug where changes to
google_healthcare_hl7_v2_store.parser_config
subfields would error with "...parser_config.version field is immutable..." (#9900) - os_config: fixed imports for
google_os_config_guest_policies
(#9872) - pubsub: added polling to
google_pubsub_schema
to deal with eventually consistent deletes (#9863) - secretmanager: fixed an issue where
replication
fields would not update ingoogle_secret_manager_secret
(#9894) - service_usage: fixed imports on
google_service_usage_consumer_quota_override
(#9876) - sql: fixed a permadiff bug for
type
when BUILT_IN ongoogle_sql_user
(#9864) - sql: fixed bug in
google_sql_user
with CLOUD_IAM_USERs on POSTGRES. (#9859)
IMPROVEMENTS:
- compute: Added
enable
attribute togoogle_compute_router_peer
(#9776) - compute: added support for
L3_DEFAULT
asip_protocol
forgoogle_compute_forwarding_rule
andUNSPECIFIED
asprotocol
forgoogle_compute_region_backend_service
to support network load balancers that forward all protocols and ports. (#9799) - compute: added support for
security_settings
togoogle_compute_backend_service
(#9797) - essentialcontacts: promoted
google_essential_contacts_contact
to GA (#9822) - gkehub: added
google_gke_hub_membership
support for both//container.googleapis.com/${google_container_cluster.my-cluster.id}
andgoogle_container_cluster.my-cluster.id
inendpoint.0.gke_cluster.0.resource_link
(#9765) - provider: Added provider support for
request_reason
(#9794) - provider: added support for
billing_project
across all resources. Ifuser_project_override
is set totrue
and abilling_project
is set, theX-Goog-User-Project
header will be sent for all resources. (#9852)
BUG FIXES:
- assuredworkloads: fixed resource deletion so
google_assured_workloads_workload
can delete what it creates (#9835) - bigquery: fixed the permadiff bug on
location
of thegoogle_bigquery_dataset
(#9810) - composer: fixed environment version regexp to explicitly require . (dot) instead of any character after 'preview' (example: composer-2.0.0-preview.0-airflow-2.1.1) (#9804)
- compute: changed
wait_for_instances
ingoogle_compute_instance_group_manager
andgoogle_compute_region_instance_group_manager
to no longer block plan / refresh, waiting on managed instance statuses during apply instead (#9832) - compute: fixed a bug where
negative_caching_policy
cannot be set always revalidate ongoogle_compute_backend_service
(#9821) - compute: fixed instances where compute resource calls would have their urls appended with a redundant
/projects
after the host (#9834) - firestore: removed diff for server generated field
__name__
ongoogle_firestore_index
(#9820) - privateca: fixed the creation of subordinate
google_privateca_certificate_authority
withmax_issuer_path_length = 0
. (#9856) - privateca: Fixed null for
ignore_active_certificates_on_deletion
on the importedgoogle_privateca_certificate_authority
(#9781)
FEATURES:
- New Resource:
google_dialogflow_cx_environment
(#9738)
IMPROVEMENTS:
- gkehub: added support for both
//container.googleapis.com/${google_container_cluster.my-cluster.id}
andgoogle_container_cluster.my-cluster.id
references ingoogle_gke_hub_membership.endpoint.0.gke_cluster.0.resource_link
(#9765) - kms: added
name
field togoogle_kms_crypto_key_version
datasource (#9762)
BUG FIXES:
- apigee: fixed update behavior on
google_apigee_envgroup
(#9740) - privateca: fixed a failure to create
google_privateca_certificate_authority
of typeSUBORDINATE
due to an invalid attempt to activate it on creation. (#9761)
NOTES:
- spanner: The
num_nodes
field ongoogle_spanner_instance
will have its default removed in a future major release, and eithernum_nodes
orprocessing_units
will be required. (#9716)
FEATURES:
- New Resource:
google_dialogflow_cx_entity_type
(#9717) - New Resource:
google_dialogflow_cx_page
(#9683)
IMPROVEMENTS:
- spanner: added
processing_units
togoogle_spanner_instance
(#9716) - storage: added support for
customer_encryption
onresource_storage_bucket_object
(#9704)
FEATURES:
- New Resource:
google_gke_hub_membership
(#9616)
IMPROVEMENTS:
- servicenetworking: added support for
user_project_override
andbilling_project
togoogle_service_networking_connection
(#9668)
BUG FIXES:
- storagetransfer: Fixed a crash on
azure_blob_storage_data_source
forgoogle_storage_transfer_job
(#9644) - sql: fixed bug that wouldn't insert the
google_sql_user
in state for iam users. (#9625) - storage: fixed a crash when
azure_credentials
was defined ingoogle_storage_transfer_job
(#9671)
FEATURES:
- New Resource:
google_scc_notification_config
(#9578)
IMPROVEMENTS:
- compute: fixed a permadiff bug in
log_config
field ofgoogle_compute_region_backend_service
(#9568) - dlp: added
crypto_replace_ffx_fpe_config
andcrypto_replace_ffx_fpe_config
as primitive transformation types togoogle_data_loss_prevention_deidentify_template
(#9572)
BUG FIXES:
- bigquerydatatransfer: fixed a bug where
destination_dataset_id
was required, it is now optional. (#9605) - billing: Fixed ordering of
budget_filter. projects
ongoogle_billing_budget
(#9598) - compute: removed default value of
0.8
fromgoogle_backend_service.backend.max_utilization
and it will now default from API. Allmax_connections_xxx
andmax_rate_xxx
will also default from API as these are all conditional on balancing mode. (#9587) - sql: fixed bug where the provider would retry on an error if the database instance name couldn't be reused. (#9591)
FEATURES:
- New Resource:
google_dialogflow_cx_flow
(#9551) - New Resource:
google_dialogflow_cx_intent
(#9537) - New Resource:
google_dialogflow_cx_version
(#9554) - New Resource:
google_network_services_edge_cache_keyset
(#9540) - New Resource:
google_network_services_edge_cache_origin
(#9540) - New Resource:
google_network_services_edge_cache_service
(#9540)
IMPROVEMENTS:
- apigee: Added SLASH_22 support for
peering_cidr_range
ongoogle_apigee_instance
(#9558) - cloudbuild: Added
pubsub_config
andwebhook_config
parameter togoogle_cloudbuild_trigger
. (#9541)
BUG FIXES:
- pubsub: fixed pubsublite update issues (#9544)
FEATURES:
- New Resource: google_privateca_ca_pool (#9480)
- New Resource: google_privateca_certificate (#9480)
- New Resource: google_privateca_certificate_authority (#9480)
IMPROVEMENTS:
- bigquery: added
kms_key_version
as an output onbigquery_table.encryption_configuration
and thedestination_encryption_configuration
blocks ofbigquery_job.query
,bigquery_job.load
, andbigquery_copy
. (#9500) - compute: added
advanced_machine_features
togoogle_compute_instance
(#9470) - compute: promoted all
cdn_policy
sub fields ingoogle_compute_backend_service
,google_compute_region_backend_service
andgoogle_compute_backend_bucket
to GA (#9432) - dlp: Added
replace_with_info_type_config
todlp_deidentify_template
. (#9446) - storage: added
temporary_hold
andevent_based_hold
attributes togoogle_storage_bucket_object
(#9487)
BUG FIXES:
- bigquery: Fixed permadiff due to lowercase mode/type in
google_bigquery_table.schema
(#9499) - billing: made
all_updates_rule.*
fields updatable ongoogle_billing_budget
(#9473) - billing: made
amount.specified_amount.units
updatable ongoogle_billing_budget
(#9465) - compute: fixed perma-diff in
google_compute_instance
(#9460) - storage: fixed handling of object paths that contain slashes for
google_storage_object_access_control
(#9502)
FEATURES:
- New Resource:
google_app_engine_service_network_settings
(#9414) - New Resource:
google_vertex_ai_dataset
(#9411) - New Resource:
google_cloudbuild_worker_pool
(#9417)
IMPROVEMENTS:
- bigtable: added
cluster.kms_key_name
field togoogle_bigtable_instance
(#9393) - compute: promoted all
cdn_policy
sub fields ingoogle_compute_backend_service
,google_compute_region_backend_service
andgoogle_compute_backend_bucket
to GA (#9432) - secretmanager: added
ttl
,expire_time
,topics
androtation
fields togoogle_secret_manager_secret
(#9398)
BUG FIXES:
- container: allowed setting
node_config.service_account
at the same time asenable_autopilot = true
forgoogle_container_cluster
(#9399) - container: fixed issue where creating a node pool with a name that already exists would import that resource.
google_container_node_pool
(#9424) - dataproc: fixed crash when creating
google_dataproc_workflow_template
withsecondary_worker_config
empty except fornum_instances = 0
(#9381) - filestore: fixed an issue in
google_filestore_instance
where creating two instances simultaneously resulted in an error. (#9396) - sql: added support for
binary_logging
on replica instances forgooge_sql_database_instance
(#9428)
FEATURES:
- New Resource:
google_dialogflow_cx_agent
(#9338)
IMPROVEMENTS:
- provider: added support for mtls authentication (#9382)
- compute: added
advanced_machine_features
fields togoogle_compute_instance_template
(#9363) - compute: promoted
custom_response_headers
to GA forgoogle_compute_backend_service
andgoogle_compute_backend_bucket
(#9374) - redis: allowed
redis_version
to be upgraded ongoogle_redis_instance
(#9378) - redis: promoted fields
transit_encryption_mode
andserver_ca_certs
to GA ongoogle_redis_instance
(#9378)
BUG FIXES:
- apigee: added SLASH_23 support for
peering_cidr_range
ongoogle_apigee_instance
(#9343) - cloudrun: fixed a bug where plan would should a diff on
google_cloud_run_service
if the order of thetemplate.spec.containers.env
list was re-ordered outside of terraform. (#9340) - container: added
user_project_override
support to the ContainerOperationWaiter used bygoogle_container_cluster
(#9379)
IMPROVEMENTS:
- compute: added support for IPsec-encrypted Interconnect in the form of new fields on
google_compute_router
,google_compute_ha_vpn_gateway
,google_compute_interconnect_attachment
andgoogle_compute_address
(#9288) - container: Allowed specifying a cluster id field for
google_container_node_pool.cluster
to ensure that a node pool is recreated if the associated cluster is recreated. (#9309) - storagetransfer: added support for
azure_blob_storage_data_source
togoogle_storage_transfer_job
(#9311)
BUG FIXES:
- bigquery: Fixed
google_bigquery_table.schema
handling of policyTags (#9302) - bigtable: fixed bug that would error if creating multiple bigtable gc policies at the same time (#9305)
- compute: fixed bug where
encryption
showed a perma-diff on resources created prior to the feature being released. (#9303)
FEATURES:
- New Resource:
google_dialogflow_fulfillment
(#9253)
IMPROVEMENTS:
- compute: added
reservation_affinity
togoogle_compute_instance
andgoogle_compute_instance_template
(#9256) - compute: added support for
wait_for_instances_status
ongoogle_compute_instance_group_manager
andgoogle_compute_region_instance_group_manager
(#9231) - compute: added support for output-only
status
field ongoogle_compute_instance_group_manager
andgoogle_compute_region_instance_group_manager
(#9231) - compute: promoted
log_config
field ofgoogle_compute_health_check
andgoogle_compute_region_health_check
to GA (#9274) - compute: set the default value for log_config.enable on
google_compute_region_health_check
to avoid permanent diff on plan/apply. (#9274)
BUG FIXES:
- composer: fixed a check that did not allow for preview versions in
google_composer_environment
(#9255) - storage: fixed error when
matches_storage_class
is set empty ongoogle_storage_bucket
(#9221) - vpcaccess: fixed permadiff when
max_throughput
is not set ongoogle_vpc_access_connector
(#9282)
IMPROVEMENTS:
- compute: added
provisioned_iops
togoogle_compute_disk
(#9193) - compute: promoted
distribution_policy_target_shape
field ingoogle_compute_region_instance_group_manager
to GA. (#9186) - sql: added field
disk_autoresize_limit
tosql_database_instance
(#9203)
BUG FIXES:
- cloudrun: fixed a bug where resources would return successfully due to responses based on a previous version of the resource (#9213)
- storage: fixed error when
matches_storage_class
is set empty ongoogle_storage_bucket
(#9221)
IMPROVEMENTS:
- compute: added "description" field to "google_compute_resource_policy" resource (#9176)
- compute: added "instance_schedule_policy" field to "google_compute_resource_policy" resource (#9176)
- compute: promoted field
autoscaling_policy.scaling_schedules
ongoogle_compute_autoscaler
andgoogle_compute_region_autoscaler
to ga (#9165) - compute: promoted
autoscaling_policy.cpu_utilization.predictive_method
ongoogle_compute_autoscaler
andgoogle_compute_region_autoscaler
to ga. (#9156)
BUG FIXES:
- cloudidentity: fixed recreation on the
initial_group_config
ofgoogle_cloud_identity_group
(#9143) - compute: added mutex in
google_compute_metadata_item
to reduce retries + quota errors (#9168) - container: fixed bug where
enable_shielded_nodes
could not be false on resourcegoogle_container_cluster
(#9131)
FEATURES:
- New Resource:
google_pubsub_schema
(#9116)
IMPROVEMENTS:
- compute: added
initial_size
in resourcegoogle_compute_node_group
to account for scenarios where size may change under the hood (#9078) - compute: added support for setting
kms_key_name
ongoogle_compute_machine_image
(#9107) - dataflow: enabled updates for
google_dataflow_flex_template_job
(#9123)
BUG FIXES:
- compute: fixed bug where, when an organization security policy association was removed outside of terraform, the next plan/apply would fail. (#9095)
- container: added validation to check that both
node_version
andremove_default_node_pool
cannot be set ongoogle_container_cluster
(#9100) - dns: suppressed spurious diffs due to case changes in DS records (#9099)
FEATURES:
- New Resource: google_memcache_instance (#8982)
NOTES:
- all: changed default HTTP request timeout from 30 seconds to 120 seconds (#8966) DEPRECATIONS:
- compute: deprecated
distribution_policy_target_shape
ingoogle_compute_region_instance_group_manager
Use thegoogle-beta
provider to continue using this field (#8970) - compute: deprecated
min_ready_sec
ingoogle_compute_region_instance_group_manager
&google_compute_instance_group_manager
Use thegoogle-beta
provider to continue using this field (#8970) - container: deprecated
pod_security_policy_config
field on resourcegoogle_container_cluster
. Use thegoogle-beta
provider to continue using this field (#8970)
BREAKING CHANGES:
- bigquery: updating
dataset_id
orproject_id
ingoogle_bigquery_dataset
will now recreate the resource (#8973)
IMPROVEMENTS:
- accesscontextmanager: added support for
require_verified_chrome_os
in basic access levels. (#9071) - billingbudget: added support for import of
google_billing_budget
(#8990) - cloud_identity: added support for
initial_group_config
to the google_cloud_identity_group resource (#9035) - cloudrun: added support to bind secrets from Secret Manager to environment variables or files to
google_cloud_run_service
(#9073) - compute: added
initial_size
to account for scenarios where size may change under the hood in resourcegoogle_compute_node_group
(#9078) - healthcare: added support for
stream_configs
ingoogle_healthcare_dicom_store
(#8986) - secretmanager: added support for setting a CMEK on
google_secret_manager_secret
(#9046) - spanner: added
force_destroy
togoogle_spanner_instance
to delete instances that have backups enabled. (#9076) - spanner: added support for setting a CMEK on
google_spanner_database
(#8966) - workflows: marked
source_contents
andservice_account
as updatable ongoogle_workflows_workflow
(#9018)
BUG FIXES:
- bigquery: fixed
dataset_id
to force new resource if name is changed. (#8973) - cloudrun: fixed permadiff on
google_cloud_run_domain_mapping.metadata.labels
(#8971) - composer: changed
google_composer_environment.master_ipv4_cidr_block
to draw default from the API (#9017) - container: fixed container node pool not removed from the state when received 404 error on delete call for the resource
google_container_node_pool
(#9034) - dns: fixed empty
rrdatas
list ongoogle_dns_record_set
for AAAA records (#9029) - kms: fixed indirectly force replacement via
skip_initial_version_creation
ongoogle_kms_crypto_key
(#8988) - logging: fixed
metric_descriptor.labels
can't be updated on 'google_logging_metric' (#9057) - pubsub: fixed diff for
minimum_backoff
&maximum_backoff
ongoogle_pubsub_subscription
(#9048) - resourcemanager: fixed broken handling of IAM conditions for
google_organization_iam_member
,google_organization_iam_binding
, andgoogle_organization_iam_policy
(#9047) - serviceusage: added
google_project_service.service
validation to reject invalid service domains that don't contain a period (#8987) - storage: fixed bug where
role_entity
user wouldn't update if the role changed. (#9008)
BUG FIXES:
- compute: fixed bug where terraform would crash if updating from no
service_account.scopes
to more. (#9032)
NOTES:
- all: changed default HTTP request timeout from 30 seconds to 120 seconds (#8966)
BREAKING CHANGES:
- datacatalog: updating
parent
ingoogle_data_catalog_tag
will now recreate the resource (#8964)
FEATURES:
- New Data Source:
google_compute_ha_vpn_gateway
(#8952) - New Resource:
google_dataproc_workflow_template
(#8962)
IMPROVEMENTS:
- bigquery: Added BigTable source format in BigQuery table (#8923)
- cloudfunctions: removed bounds on the supported memory range in
google_cloudfunctions_function.available_memory_mb
(#8946) - compute: marked scheduling.0.node_affinities as updatable in
google_compute_instance
(#8927) - dataproc: added
shielded_instance_config
fields togoogle_dataproc_cluster
(#8910) - spanner: added support for setting a CMEK on
google_spanner_database
(#8966)
BUG FIXES:
- compute: fixed error when creating empty
scopes
ongoogle_compute_instance
(#8953) - container: fixed a bug that allowed specifying
node_config
ongoogle_container_cluster
when autopilot is used (#8905) - datacatalog: fixed an issue where
parent
ingoogle_data_catalog_tag
attempted to update the resource when change instead of recreating it (#8964) - datacatalog: set default false for
force_delete
ongoogle_data_catalog_tag_template
(#8922) - dns: added missing record types to
google_dns_record_set
resource (#8919) - sql: set
clone.point_in_time
optional forgoogle_sql_database_instance
(#8965)
FEATURES:
- New Resource: google_eventarc_trigger (#8895)
IMPROVEMENTS:
- compute: added the ability to specify
google_compute_forwarding_rule.ip_address
by a reference in addition to raw IP address (#8877) - compute: enabled fields
advertiseMode
,advertisedGroups
,peerAsn
, andpeerIpAddress
to be updatable on resourcegoogle_compute_router_peer
(#8862)
BUG FIXES:
- cloud_identity: fixed google_cloud_identity_group_membership import/update (#8867)
- compute: fixed an issue in
google_compute_instance
wheremin_node_cpus
could not be set (#8865) - compute: removed minimum for
scopes
field ongoogle_compute_instance
resource (#8893) - iam: fixed issue with principle and principleSet members not retaining their casing (#8860)
- workflows: fixed a bug in
google_workflows_workflow
that could cause inconsistent final plan errors when using thename
field in other resources (#8869)
FEATURES:
- New Resource:
google_tags_tag_key_iam_binding
(#8844) - New Resource:
google_tags_tag_key_iam_member
(#8844) - New Resource:
google_tags_tag_key_iam_policy
(#8844) - New Resource:
google_tags_tag_value_iam_binding
(#8844) - New Resource:
google_tags_tag_value_iam_member
(#8844) - New Resource:
google_tags_tag_value_iam_policy
(#8844) - New Resource:
google_apigee_envgroup_attachment
(#8853) - New Resource:
google_tags_tag_binding
(#8854) - New Resource:
google_tags_tag_key
(#8854) - New Resource:
google_tags_tag_value
(#8854)
IMPROVEMENTS:
- bigquery: added
require_partition_filter
field togoogle_bigquery_table
when provisioninghive_partitioning_options
(#8775) - compute: added field
maintenance_window.start_time
togoogle_compute_node_group
(#8847) - compute: added gVNIC support for
google_compute_instance_template
(#8842) - datacatalog: added
description
field togoogle_data_catalog_tag_template
resource (#8851) - iam: added support for third party identities via the principle and principleSet IAM members (#8860)
- tags: promoted
google_tags_tag_key
to GA (#8854) - tags: promoted
google_tags_tag_value
to GA (#8854)
BUG FIXES:
- compute: reverted datatype change for
mtu
ingoogle_compute_interconnect_attachment
as it was incompatible with existing state representation (#8829) - iam: fixed issue with principle and principleSet members not retaining their casing (#8860)
- storage: fixed intermittent
Provider produced inconsistent result after apply
error when creatinggoogle_storage_hmac_key
(#8817)
FEATURES:
- New Data Source:
google_monitoring_istio_canonical_service
(#8789) - New Resource:
google_apigee_instance_attachment
(#8795)
IMPROVEMENTS:
- added support for Apple silicon chip (updated to go 1.16) (#8693)
- container:
- sql: changed the default timeout of
google_sql_database_instance
to 30m from 20m (#8802)
BUG FIXES:
- bigquery: fixed issue where you couldn't extend an existing
schema
with additional columns ingoogle_bigquery_table
(#8803) - cloudidentity: modified
google_cloud_identity_groups
andgoogle_cloud_identity_group_memberships
to respect theuser_project_override
andbilling_project
configurations and send the appropriate headers to establish a quota project (#8762) - compute: added minimum for
scopes
field togoogle_compute_instance
resource (#8801) - notebooks: fixed permadiff on labels for
google_notebook_instance
(#8799) - secretmanager: set required on
secret_data
ingoogle_secret_manager_secret_version
(#8797)
FEATURES:
- New Data Source:
google_compute_health_check
(#8725) - New Data Source:
google_kms_secret_asymmetric
(#8745) - New Resource:
google_data_catalog_tag_template_iam_*
(#8730)
IMPROVEMENTS:
- accesscontextmanager: added support for ingress and egress policies to
google_access_context_manager_service_perimeter
(#8723) - compute: added
proxy_bind
togoogle_compute_target_tcp_proxy
,google_compute_target_http_proxy
andgoogle_compute_target_https_proxy
(#8706)
BUG FIXES:
- compute: fixed an issue where exceeding the operation rate limit would fail without retrying (#8746)
- compute: corrected underlying type to integer for field
mtu
ingoogle_compute_interconnect_attachment
(#8744)
IMPROVEMENTS:
- provider: The provider now supports Workload Identity Federation. The federated json credentials must be loaded through the
GOOGLE_APPLICATION_CREDENTIALS
environment variable. (#8671) - compute: added
proxy_bind
togoogle_compute_target_tcp_proxy
,google_compute_target_http_proxy
andgoogle_compute_target_https_proxy
(#8706) - compute: changed
google_compute_subnetwork
to accept more values in thepurpose
field (#8647) - compute: promoted field compute_instance.scheduling.min_node_cpus and related fields to ga (#8697)
- dataflow: added
enable_streaming_engine
argument togoogle_dataflow_job
(#8670) - healthcare: promoted
google_healthcare_consent_store*
to GA support (#8681)
BUG FIXES:
- container: Fixed updates on
export_custom_routes
andimport_custom_routes
ingoogle_compute_network_peering
(#8650)
NOTES: From this release onwards google_compute_shared_vpc_service_project
will not recognise the Shared VPC Admin role when assigned at the folder level in the GA provider, as that functionality is not enabled in the GA API. If you have folder-level IAM configured for Shared VPC permissions, use the google-beta
provider instead.
FEATURES:
IMPROVEMENTS:
- cloudrun: suppressed metadata.labels["cloud.googleapis.com/location"] value in
google_cloud_run_service
(#8574) - compute: added
mtu
field togoogle_compute_interconnect_attachment
(#8575) - compute: added support for
nic_type
togoogle_compute_instance
(GA only) (#8562) - datafusion: added support for the
DEVELOPER
instance type togoogle_data_fusion_instance
(#8590) - monitoring: added windows based availability sli to the resource
google_monitoring_slo
(#8588) - sql: added
settings.0.backup_configuration.transaction_log_retention_days
andsettings.0.backup_configuration.transaction_log_retention_days
fields togoogle_sql_database_instance
(#8582) - storage: added
kms_key_name
togoogle_storage_bucket_object
resource (#8615)
BUG FIXES:
- bigquery: fixed materialized view to be recreated when query changes (#8628)
- bigtable: fixed bug where gc_policy would attempt to recreate the resource when switching from deprecated attribute but maintaining the same underlying value (#8639)
- bigtable: required resource recreation if any fields change on
resource_bigtable_gc_policy
(#8552) - binaryauthorization: fixed permadiff in
google_binary_authorization_attestor
(#8636) - cloudfunction: added retry logic for
google_cloudfunctions_function
updates (#8554) - cloudidentity: fixed a bug where
google_cloud_identity_group
would periodically fail with a 403 (#8585) - compute: fixed a perma-diff for
nat_ips
that were specified as short forms ingoogle_compute_router_nat
(#8576) - compute: fixed perma-diff for cos-family disk images (#8602)
- compute: Fixed service account scope alias to be updated. (#8604)
- container: fixed container cluster not removed from the state when received 404 error on delete call for the resource
google_container_cluster
(#8594) - container: Fixed failure in deleting
maintenance_exclusion
forgoogle_container_cluster
(#8589) - container: fixed an issue where release channel UNSPECIFIED could not be set (#8595)
- essentialcontacts: made
language_tag
required forgoogle_essential_contacts_contact
(#8557)
FEATURES:
IMPROVEMENTS:
- compute: Added graceful termination to
google_container_node_pool
create calls so that partially created node pools will resume the original operation if the Terraform process is killed mid create. (#8492) - compute: Promoted gVNIC support for
google_compute_instance
resource to GA (#8506) - compute: added autoscaling_policy.cpu_utilization.predictive_method field to
google_compute_autoscaler
andgoogle_compute_region_autoscaler
(#8547) - redis : marked
auth_string
on theresource_redis_instance
resource as sensitive (#8513)
BUG FIXES:
- apigee: fixed IDs when importing
google_apigee_organization
resource (#8488) - artifactregistry: fixed issue where updating
google_artifact_registry_repository
always failed (#8491) - compute : fixed a bug where
guest_flush
could not be set to false for the resourcegoogle_compute_resource_policy
(#8517) - compute: fixed a panic on empty
target_size
ingoogle_compute_region_instance_group_manager
(#8528) - redis: fixed invalid value error on
auth_string
ingoogle_redis_instance
(#8493)
NOTES:
google_bigquery_table
resources now cannot be destroyed unlessdeletion_protection = false
is set in state for the resource. (#8453)
FEATURES:
- New Data Source:
google_iap_client
(#8450)
IMPROVEMENTS:
- bigquery: added
deletion_protection
field togoogle_bigquery_table
to make deleting them require an explicit intent. (#8453) - cloudrun: updated retry logic to attempt to retry 409 errors from the Cloud Run API, which may be returned intermittently on create. (#8440)
- compute: removed max items limit from
google_compute_target_ssl_proxy
. The API currently allows upto 15 Certificates. (#8478) - compute: added support for Private Services Connect for Google APIs in
google_compute_global_address
andgoogle_compute_global_forwarding_rule
(#8458) - iam: added a retry condition that retries editing
iam_binding
andiam_member
resources on policies that have frequently deleted service accounts (#8476) - sql: added
insights_config
block togoogle_sql_database_instance
resource (#8434)
BUG FIXES:
- compute: fixed an issue where the provider could return an error on a successful delete operation (#8463)
- dataproc : fixed an issue where
max_failure_per_hour
was not set correctly forgoogle_dataproc_job
(#8441) - dlp : modified
google_data_loss_prevention_stored_info_type
regex.group_indexes
field to trigger resource recreation on update (#8439) - sql: fixed diffs based on case for
charset
ingoogle_sql_database
(#8462)
DEPRECATIONS:
- compute: deprecated
source_disk_url
field ingoogle_compute_snapshot
. (#8410) - kms: deprecated
self_link
field ingoogle_kms_keyring
andgoogle_kms_cryptokey
resource as it is identical value toid
field. (#8410) - pubsub: deprecated
path
field ingoogle_pubsub_subscription
resource as it is identical value toid
field. (#8410)
FEATURES:
- New Resource:
google_essential_contacts_contact
(#8426)
IMPROVEMENTS:
- bigquery: added
status
field togoogle_bigquery_job
(#8377) - compute: added
disk.resource_policies
field to resourcegoogle_compute_instance_template
(#8393) - pubsub: marked
kms_key_name
field ingoogle_pubsub_topic
as updatable (#8424)
BUG FIXES:
- appengine: added retry for P4SA propagation delay (#8409)
- compute: fixed overly-aggressive detection of changes to google_compute_security_policy rules (#8417)
FEATURES:
- New Resource:
google_privateca_certificate
(#8371)
IMPROVEMENTS:
- all: added plan time validations for fields that expect base64 values. (#8304)
- sql: added support for point-in-time-recovery to
google_sql_database_instance
(#8367) - monitoring : added
availability
sli metric support for the resourcegoogle_monitoring_slo
(#8315)
BUG FIXES:
- bigquery: fixed bug where you could not reorder columns on
schema
for resourcegoogle_bigquery_table
(#8321) - cloudrun: suppressed
run.googleapis.com/ingress-status
annotation ingoogle_cloud_run_service
(#8361) - serviceaccount: loosened restrictions on
account_id
for datasourcegoogle_service_account
(#8344)
BREAKING CHANGES:
- Reverted
* bigquery: made incompatible changes to the
google_bigquery_table.schemafield to cause the resource to be recreated ([#8232](https://github.com/hashicorp/terraform-provider-google/pull/8232))
due to unintended interactions with a bug introduced in an earlier version of the resource.
FEATURES:
- New Data Source:
google_runtimeconfig_config
(#8268)
IMPROVEMENTS:
- compute: added
distribution_policy_target_shape
field togoogle_compute_region_instance_group_manager
resource (#8277) - container: promoted
master_global_access_config
,tpu_ipv4_cidr_block
,default_snat_status
anddatapath_provider
fields ofgoogle_container_cluster
to GA. (#8303) - dataproc: Added field
temp_bucket
togoogle_dataproc_cluster
cluster config. (#8131) - notebooks: added
tags
,service_account_scopes
,shielded_instance_config
togoogle_notebooks_instance
(#8289) - provider: added plan time validations for fields that expect base64 values. (#8304)
BUG FIXES:
- bigquery: fixed permadiff on expiration_ms for
google_bigquery_table
(#8298) - billing: fixed perma-diff on currency_code in
google_billing_budget
(#8266) - compute: changed private_ipv6_google_access in
google_compute_subnetwork
to correctly send a fingerprint (#8290) - healthcare: add retry logic on healthcare dataset not initialized error (#8256)
KNOWN ISSUES: New google_bigquery_table
behaviour introduced in this version had unintended consequences, and may incorrectly flag tables for recreation. We expect to revert this for 3.55.0
.
FEATURES:
- New Data Source:
google_cloud_run_locations
(#8192) - New Resource:
google_privateca_certificate_authority
(#8233) - New Resource:
google_privateca_certificate_authority_iam_binding
(#8249) - New Resource:
google_privateca_certificate_authority_iam_member
(#8249) - New Resource:
google_privateca_certificate_authority_iam_policy
(#8249)
IMPROVEMENTS:
- bigquery: made incompatible changes to the
google_bigquery_table.schema
field to cause the resource to be recreated (#8232) - bigtable: fixed an issue where the
google_bigtable_instance
resource was not inferring the zone from the provider. (#8222) - cloudscheduler: fixed unnecessary recreate for
google_cloud_scheduler_job
(#8248) - compute: added
scaling_schedules
fields togoogle_compute_autoscaler
andgoogle_compute_region_autoscaler
(beta) (#8245) - compute: fixed an issue where
google_compute_region_per_instance_config
,google_compute_per_instance_config
,google_compute_region_instance_group_manager
resources were not inferring the region/zone from the provider. (#8224) - memcache: fixed an issue where
google_memcached_instance
resource was not inferring the region from the provider. (#8188) - tpu: fixed an issue where
google_tpu_node
resource was not inferring the zone from the provider. (#8188) - vpcaccess: fixed an issue where
google_vpc_access_connector
resource was not inferring the region from the provider. (#8188)
BUG FIXES:
- bigquery: fixed an issue in
bigquery_dataset_iam_member
where deleted members were not handled correctly (#8231) - compute: fixed a perma-diff on
google_compute_health_check
whenlog_config.enable
is set to false (#8209) - notebooks: fixed permadiff on noRemoveDataDisk for
google_notebooks_instance
(#8246) - resourcemanager: fixed an inconsistent result when IAM conditions are specified with
google_folder_iam_*
(#8235) - healthcare: added retry logic on healthcare dataset not initialized error (#8256)
FEATURES:
- New Data Source:
google_compute_instance_template
(#8137) - New Resource:
google_apigee_organization
(#8178)
IMPROVEMENTS:
- accesscontextmanager: added support for
google_access_context_manager_gcp_user_access_binding
(#8168) - cloudbuild: promoted
github
fields ingoogle_cloud_build_trigger
to GA (#8167) - memcached: fixed an issue where
google_memcached_instance
resource was not inferring the region from the provider. (More info) - serviceaccount: added a
keepers
field togoogle_service_account_key
that recreates the field when it is modified (#8097) - sql: added restore from backup support to
google_sql_database_instance
(#8138) - sql: added support for MYSQL_8_0 on resource
google_sql_source_representation_instance
(#8135) - tpu: fixed an issue where
google_tpu_node
resource was not inferring the zone from the provider. (More info) - vpcaccess: fixed an issue where
google_vpc_access_connector
resource was not inferring the region from the provider. (More info)
BUG FIXES:
- bigquery: enhanced diff suppress to ignore certain api divergences on resource
table
(#8134) - container: fixed crash due to nil exclusions object when updating an existent cluster with maintenance_policy but without exclusions (#8126)
- project: fixed a bug in
google_project_access_approval_settings
where the defaultproject
was used rather thanproject_id
(#8169)
BREAKING CHANGES:
- billing: removed import support for
google_billing_budget
as it never functioned correctly (#8023)
FEATURES:
- New Data Source:
google_sql_backup_run
(#8100) - New Data Source:
google_storage_bucket_object_content
(#8016) - New Resource:
google_billing_subaccount
(#8022) - New Resource:
google_pubsub_lite_subscription
(#8011) - New Resource:
google_pubsub_lite_topic
(#8011)
IMPROVEMENTS:
- bigquery: promoted bigquery reservation to GA. (#8079)
- bigtable: added support for specifying
duration
forbigtable_gc_policy
to allow durations shorter than a day (#7879) - bigtable: added support for specifying
duration
forbigtable_gc_policy
to allow durations shorter than a day (#8081) - billing: promoted
google_billing_budget
to GA (#8023) - compute: Added support for Google Virtual Network Interface (gVNIC) for
google_compute_image
(#8007) - compute: added SHARED_LOADBALANCER_VIP as a valid option for
google_compute_address.purpose
(#7987) - compute: added field
multiwriter
to resourcedisk
(beta) (#8098) - compute: added support for
enable_independent_endpoint_mapping
togoogle_compute_router_nat
resource (#8049) - compute: added support for
filter.direction
togoogle_compute_packet_mirroring
(#8102) - compute: promoted
confidential_instance_config
field ingoogle_compute_instance
andgoogle_compute_instance_template
to GA (#8089) - compute: promoted
google_compute_forwarding_rule
is_mirroring_collector
to GA (#8102) - compute: promoted
google_compute_packet_mirroring
to GA (#8102) - dataflow: Added optional
kms_key_name
field forgoogle_dataflow_job
(#8116) - dataflow: added documentation about using
parameters
for custom service account and other pipeline options togoogle_dataflow_flex_template_job
(#7999) - redis: added
auth_string
output togoogle_redis_instance
whenauth_enabled
istrue
(#8090) - redis: promoted
google_redis_instance.auth_enabled
to GA (#8090) - sql: added support for setting the
type
field ongoogle_sql_user
to support IAM authentication (#8017) - sql: added support for setting the
type
field ongoogle_sql_user
to support IAM authentication (#8047)
BUG FIXES:
- compute: removed requirement for
google_compute_region_url_map
default_service, as it should be a choice of default_service or default_url_redirect (#2810) - cloud_tasks: fixed permadiff on retry_config.max_retry_duration for
google_cloud_tasks_queue
when the 0s is supplied (#8078) - cloudfunctions: fixed a bug where
google_cloudfunctions_function
would sometimes fail to update after being imported from gcloud (#8010) - cloudrun: fixed a permanent diff on
google_cloud_run_domain_mapping
spec.force_override
field (#8026) - container: added plan time validation to ensure
enable_private_nodes
is true ifmaster_ipv4_cidr_block
is set on resourcecluster
(#8066) - dataproc: updated jobs to no longer wait for job completion during create (#8064)
- filestore: updated retry logic to fail fast on quota error which cannot succeed on retry. (#8080)
- logging: fixed updating on disabled in
google_logging_project_sink
(#8093) - scheduler: Fixed syntax error in the Cloud Scheduler HTTP target example. (#8004)
- sql: fixed a bug in
google_sql_database_instance
that caused a permadiff onsettings.replication_type
(#8006) - storage: updated IAM resources to refresh etag sooner on an IAM conflict error, which will make applications of multiple IAM resources much faster. (#8080)
BUG FIXES:
- all: fixed a bug that would occur in various resources due to comparison of large integers (#8103)
FEATURES:
- New Resource:
google_firestore_document
(#7932) - New Resource:
google_notebooks_instance
(#7933) - New Resource:
google_notebooks_environment
(#7933)
IMPROVEMENTS:
- compute: added CDN features to
google_compute_region_backend_service
. (#7941) - compute: added Flexible Cache Control features to
google_compute_backend_service
. (#7941) - compute: added
replacement_method
field toupdate_policy
block ofgoogle_compute_instance_group_manager
(#7918) - compute: added
replacement_method
field toupdate_policy
block ofgoogle_compute_region_instance_group_manager
(#7918) - logging: added plan time validation for
unique_writer_identity
ongoogle_logging_project_sink
(#7974) - storage: added more lifecycle conditions to
google_storage_bucket
resource (#7937)
BUG FIXES:
- all: bump default request timeout to avoid conflicts if creating a resource takes longer than expected (#7976)
- compute: removed
custom_response_headers
from GAgoogle_compute_backend_service
since it only works in the Beta version (#7943) - project: fixed a bug where
google_project_default_service_accounts
would delete all IAM bindings on a project when run withaction = "DEPRIVILEGE"
(#7984) - spanner: fixed an issue in
google_spanner_database
where multi-statement updates were not formatted correctly (#7970) - sql: fixed a bug in
google_sql_database_instance
that caused a permadiff onsettings.replication_type
(#8006)
FEATURES:
- New Data Source:
google_composer_environment
(#7902) - New Data Source:
google_monitoring_cluster_istio_service
(#7847) - New Data Source:
google_monitoring_mesh_istio_service
(#7847)
IMPROVEMENTS:
- compute: added
replacement_method
field toupdate_policy
block ofgoogle_compute_instance_group_manager
(#7918) - compute: added
replacement_method
field toupdate_policy
block ofgoogle_compute_region_instance_group_manager
(#7918) - compute: added more fields to cdn_policy block of
google_compute_backend_bucket
(#7888) - compute: promoted
google_compute_managed_ssl_certificate
to GA (#7914) - compute: promoted
google_compute_resource_policy
to GA (#7917) - compute: updated
google_compute_url_map
's fields referring to backend services to be able to refer to backend buckets. (#7916) - container: added cluster state check before proceeding on the node pool activities (#7887)
- google: added support for more import formats to google_project_iam_custom_role (#7862)
- project: added new restore_policy
REVERT_AND_IGNORE_FAILURE
togoogle_project_default_service_accounts
(#7906)
BUG FIXES:
- bigqueryconnection: fixed failure to import a resource if it has a non-default project or location. (#7903)
- iam: fixed iam conflict handling so that optimistic-locking retries will succeed more often. (#7915)
- storage: fixed an issue in
google_storage_bucket
wherecors
could not be removed (#7858)
FEATURES:
- New Resource: google_healthcare_consent_store (#7803)
- New Resource: google_healthcare_consent_store_iam_binding (#7803)
- New Resource: google_healthcare_consent_store_iam_member (#7803)
- New Resource: google_healthcare_consent_store_iam_policy (#7803)
IMPROVEMENTS:
- bigquery: added
ORC
as a valid option tosource_format
field ofgoogle_bigquery_table
resource (#7804) - cloud_identity: promoted
google_cloud_identity_group_membership
to GA (#7786) - cloud_identity: promoted
google_cloud_identity_group
to GA (#7786) - cloud_identity: promoted data source
google_cloud_identity_group_memberships
to GA (#7786) - cloud_identity: promoted data source
google_cloud_identity_groups
to GA (#7786) - compute: added
custom_response_headers
field togoogle_compute_backend_service
resource (#7824) - container: added maintenance_exclusions_window to
google_container_cluster
(#7830) - logging: added description and disabled to logging sinks (#7809)
- runtimeconfig: marked value and text fields in
google_runtimeconfig_variable
resource as sensitive (#7808) - sql: added
deletion_policy
field togoogle_sql_user
to enable abandoning users rather than deleting them (#7820)
BUG FIXES:
- bigtable: added ignore_warnings flag to create call for
google_bigtable_app_profile
(#7806)
FEATURES:
- New Data Source:
google_iam_workload_identity_pool_provider
(#7733)
IMPROVEMENTS:
- apigateway: added api_config_id_prefix field to
google_api_gateway_api_config
resoure (#7753) - cloudfunctions: fixed a bug with
google_cloudfunction_function
that blocked updates when Organization Policies are enabled. (#7723) - compute: added
autoscaling_policy.0.scale_in_control
fields togoogle_compute_autoscaler
(#7773) - compute: added
autoscaling_policy.0.scale_in_control
fields togoogle_compute_region_autoscaler
(#7773) - compute: added update support for
google_compute_interconnect_attachment
bandwidth
field (#7762) - dataproc: added "FLINK", "DOCKER", "HBASE" as valid options for field
cluster_config.0.software_config.0.optional_components
ofgoogle_dataproc_cluster
resource (#7726)
BUG FIXES:
- cloudrun: added diff suppress function for
google_cloud_run_domain_mapping
metadata.annotations
to ignore API-set fields (#7764) - spanner: marked
google_spanner_instance.config
as ForceNew as is not updatable (#7763)
FEATURES:
- New Data Source:
google_iam_workload_identity_pool
(#7704) - New Resource:
google_iam_workload_identity_pool_provider
(#7712) - New Resource:
google_project_default_service_accounts
(#7709)
IMPROVEMENTS:
- cloudfunctions: fixed a bug with
google_cloudfunction_function
that blocked updates when Organization Policies are enabled. (#7723) - functions: added 4096 as a valid value for available_memory_mb field of
google_cloudfunction_function
(#7707) - cloudrun: patched
google_cloud_run_service
to suppress Google generated annotations (#7721)
BUG FIXES:
- dataflow: removed required validation for zone for
google_data_flow_job
when region is given in the config (#7703) - monitoring: Fixed type of
google_monitoring_slo
'srange
values - somerange
values are doubles, others are integers. (#7676) - pubsub: Fixed permadiff on push_config.attributes. (#7714)
- storage: fixed an issue in
google_storage_bucket
wherelifecycle_rules
were always included in update requests (#7727)
NOTES:
- compute: updated
google_compute_machine_image
resource to complete once the Image is ready. (#7629)
FEATURES:
- New Resource:
google_api_gateway_api_config_iam_binding
(#7626) - New Resource:
google_api_gateway_api_config_iam_member
(#7626) - New Resource:
google_api_gateway_api_config_iam_policy
(#7626) - New Resource:
google_api_gateway_api_config
(#7626) - New Resource:
google_api_gateway_api_iam_binding
(#7626) - New Resource:
google_api_gateway_api_iam_member
(#7626) - New Resource:
google_api_gateway_api_iam_policy
(#7626) - New Resource:
google_api_gateway_api
(#7626) - New Resource:
google_api_gateway_gateway_iam_binding
(#7626) - New Resource:
google_api_gateway_gateway_iam_member
(#7626) - New Resource:
google_api_gateway_gateway_iam_policy
(#7626) - New Resource:
google_api_gateway_gateway
(#7626) - New Resource:
google_compute_instance_from_machine_image
(#7629) - New Resource:
google_compute_machine_image_iam_binding
(#7629) - New Resource:
google_compute_machine_image_iam_member
(#7629) - New Resource:
google_compute_machine_image_iam_policy
(#7629) - New Resource:
google_iap_tunnel_iam_binding
(#7635) - New Resource:
google_iap_tunnel_iam_member
(#7635) - New Resource:
google_iap_tunnel_iam_policy
(#7635) - New Resource: compute: promoted
google_compute_region_network_endpoint_group
to GA (#7618)
IMPROVEMENTS:
- asset: added conditions to Cloud Asset Feeds (#7632)
- bigquery: added
email_preferences
field togoogle_bigquery_data_transfer_config
resource (#7665) - bigquery: added
schedule_options
field togoogle_bigquery_data_transfer_config
resource (#7633) - compute: added
private_ipv6_google_access
field togoogle_compute_subnetwork
(#7651) - compute: added storage_locations & cmek fields to
google_compute_machine_image
resource (#7629) - compute: added support for non-destructive updates to
export_custom_routes
andimport_custom_routes
forgoogle_compute_network_peering
(#7619) - compute: relax
load_balancing_scheme
validation ofgoogle_compute_region_backend_service
to support external network load-balancers (#7592) - datacatalog: Add taxonomy and policy_tag to
google_data_catalog
(#7588) - dlp: added
custom_info_types
togoogle_dlp_inspect_template
(#7650) - functions: added
build_environment_variables
field togoogle_cloudfunction_function
(#7596) - kms: added
skip_initial_version_creation
togoogle_kms_crypto_key
(#7647) - monitoring: Added Monitoring Query Language based alerting for
google_monitoring_alert_policy
(#7664)
BUG FIXES:
- compute: fixed an issue where
google_compute_health_check
port
values caused a diff whenport_specification
was unset or set to""
(#7623) - monitoring: added more retries for potential failed monitoring operations (#7631)
- osconfig: fixed an issue where the
rollout.disruption_budget.percentage
field ingoogle_os_config_patch_deployment
did not correspond to a field in the API (#7641) - sql: fixed a case in
google_sql_database_instance
where we inadvertently required theprojects.get
permission for a service networking precheck introduced inv3.44.0
(#7622)
BREAKING CHANGES:
- pubsub: changing the value of
google_pubsub_subscription.enable_message_ordering
will now recreate the resource. Previously, an error was returned. (#7584) - spanner:
google_spanner_database
resources now cannot be destroyed unlessdeletion_protection = false
is set in state for the resource. (#7557)
NOTES:
- compute: added a warning to
google_compute_vpn_gateway
(#7547)
FEATURES:
- New Data Source:
google_spanner_instance
(#7537) - New Resource:
access_context_manager_access_level_condition
(#7524) - New Resource:
google_bigquery_routine
(#7579)
IMPROVEMENTS:
- billing_budget: added
disable_default_iam_recipients
field togoogle_billing_budget
to allow disable sending email notifications to default recipients. (#7544) - compute: added
interface
attribute togoogle_compute_disk
(#7554) - compute: added support for updating
network_interface.[d].network_ip
ongoogle_compute_instance
when changing network or subnetwork (#7515) - compute: added
mtu
field togoogle_compute_network
resource (#7567) - compute: promoted HA VPN fields in
google_compute_vpn_tunnel
to GA (#7547) - compute: promoted
google_compute_external_vpn_gateway
to GA (#7547) - compute: promoted
google_compute_ha_vpn_gateway
to GA (#7547) - provider: added support for service account impersonation. (#7542)
- spanner: added
deletion_protection
field togoogle_spanner_database
to make deleting them require an explicit intent. (#7557)
BUG FIXES:
- all: fixed misleading "empty non-retryable error" message that was appearing in debug logs (#7569)
- compute: fixed incorrect import format for
google_compute_global_network_endpoint
(#7523) - compute: fixed issue where
google_compute_[region_]backend_service.backend.max_utilization
could not be updated (#7575) - iap: fixed an eventual consistency bug causing creates for
google_iap_brand
to fail (#7520) - provider: fixed an issue where the request headers would grow proportionally to the number of resources in a given
terraform apply
(#7576) - serviceusage: fixed bug where concurrent activations/deactivations of project services would fail, now they retry (#7519)
BREAKING CHANGE:
- Added
deletion_protection
togoogle_sql_database_instance
, which defaults to true. SQL instances can no longer be destroyed without settingdeletion_protection = false
. (#7499)
FEATURES:
- New Data Source:
google_app_engine_default_service_account
(#7472) - New Data Source:
google_pubsub_topic
(#7448)
IMPROVEMENTS:
- bigquery: added ability for
google_bigquery_dataset_access
to retry quota errors since quota refreshes quickly. (#7507) - bigquery: added
MONTH
andYEAR
as allowed values ingoogle_bigquery_table.time_partitioning.type
(#7461) - cloud_tasks: added
stackdriver_logging_config
field tocloud_tasks_queue
resource (#7487) - compute: added support for updating
network_interface.[d].network_ip
ongoogle_compute_instance
when changing network or subnetwork (#7515) - compute: added
maintenance_policy
field togoogle_compute_node_group
(#7510) - compute: added filter field to google_compute_image datasource (#7488)
- compute: promoted
autoscaling_policy
field ingoogle_compute_node_group
to GA (#7510) - dataproc: Added
graceful_decomissioning_timeout
field todataproc_cluster
resource (#7485) - iam: fixed
google_service_account_id_token
datasource to work with User ADCs and Impersonated Credentials (#7457) - logging: added bucket creation based on custom-id given for the resource
google_logging_project_bucket_config
(#7492) - logging: Added support for exclusions options for
google_logging_project_sink
(#7335) - oslogin: added ability to set a
project
ongoogle_os_login_ssh_public_key
(#7505) - resourcemanager: added a precheck that the serviceusage API is enabled to
google_project
whenauto_create_network
is false, as configuring the GCE API is required in that circumstance (#7447) - sql: added a check to
google_sql_database_instance
to catch failures early by seeing if Service Networking Connections already exists for the private network of the instance. (#7499)
BUG FIXES:
- accessapproval: fixed issue where, due to a recent API change,
google_*_access_approval.enrolled_services.cloud_product
entries specified as a URL would result in a permadiff (#7468) - compute: fixed ability to clear
description
field ongoogle_compute_health_check
andgoogle_compute_region_health_check
(#7500) - monitoring: fixed bug where deleting a
google_monitoring_dashboard
would give an "unsupported protocol scheme" error (#7453)
FEATURES:
- New Data Source:
google_pubsub_topic
(#7426) - New Data Source:
google_compute_global_forwarding_rule
(#7434) - New Data Source:
google_cloud_run_service
(#7388) - New Resource:
google_bigtable_table_iam_member
(#7410) - New Resource:
google_bigtable_table_iam_binding
(#7410) - New Resource:
google_bigtable_table_iam_policy
(#7410)
IMPROVEMENTS:
- appengine: added ability to manage pre-firestore appengine applications. (#7408)
- bigquery: added support for
google_bigquery_table
materialized_view
field (#7080) - compute: Marked
google_compute_per_instance_config
as GA (#7429) - compute: Marked
google_compute_region_per_instance_config
as GA (#7429) - compute: Marked
stateful_disk
as GA ingoogle_compute_instance_group_manager
(#7429) - compute: Marked
stateful_disk
as GA ingoogle_compute_region_instance_group_manager
(#7429) - compute: added additional fields to the
google_compute_forwarding_rule
datasource. (#7437) - dns: added
forwarding_path
field togoogle_dns_policy
resource (#7416) - netblock: changed
google_netblock_ip_ranges
to read from cloud.json file rather than DNS record (#7157)
BUG FIXES:
- accessapproval: fixed issue where, due to a recent API change,
google_*_access_approval.enrolled_services.cloud_product
entries specified as a URL would result in a permadiff - bigquery: fixed an issue in
google_bigquery_job
where non-US locations could not be read (#7418) - cloudrun: fixed an issue in
google_cloud_run_domain_mapping
where labels provided by Google would cause a diff (#7407) - compute: Fixed an issue where
google_compute_region_backend_service
requiredhealthChecks
for a serverless network endpoint group. (#7433) - container: fixed
node_config.image_type
perma-diff when specified in lower case. (#7412) - datacatalog: fixed an error in
google_data_catalog_tag
when trying to set boolean field tofalse
(#7409) - monitoring: fixed bug where deleting a
google_monitoring_dashboard
would give an "unsupported protocol scheme" error
FEATURES:
- New Resource: google_data_loss_prevention_deidentify_template (#7378)
IMPROVEMENTS:
- compute: added support for updating
network_interface.[d].network
andnetwork_interface.[d].subnetwork
properties ongoogle_compute_instance
. (#7358) - healthcare: added field
parser_config.version
togoogle_healthcare_hl7_v2_store
(#7357)
BUG FIXES:
- bigquery: fixed an issue where
google_bigquery_table
would crash while reading an empty schema (#7359) - compute: fixed an issue where
google_compute_instance_template
would throw an error for unspecifieddisk_size_gb
values while upgrading the provider. (#7355) - resourcemanager: fixed an issue in retrieving
google_active_folder
data source when the display name included whitespace (#7395)
IMPROVEMENTS:
- compute: added
SEV_CAPABLE
option toguest_os_features
ingoogle_compute_image
resource. (#7313) - tpu: added
use_service_networking
togoogle_tpu_node
which enables Shared VPC Support. (#7294)
DEPRECATIONS:
- bigtable: Deprecated
instance_type
forgoogle_bigtable_instance
- it is now recommended to leave field unspecified. (#7253)
FEATURES:
- New Data Source:
google_compute_region_ssl_certificate
(#7252) - New Resource:
google_compute_target_grpc_proxy
(#7277)
IMPROVEMENTS:
- cloudfunctions: added the ALLOW_INTERNAL_AND_GCLB option to
ingress_settings
ofgoogle_cloudfunctions_function
resource. (#7287) - cloudlbuild: added
options
andartifacts
properties togoogle_cloudbuild_trigger
(#7280) - compute: added GRPC as a valid value for
google_compute_backend_service.protocol
(and regional equivalent) (#7254) - compute: added support for configuring Internal load balancer for Cloud Run for Anthos (#7268)
- compute: added 'all' option for
google_compute_firewall
(#7225) - dataflow : added
transformnameMapping
togoogle_dataflow_job
(#7259) - dns: added
force_destroy
option togoogle_dns_managed_zone
to delete records created outside of Terraform (#7289) - serviceusage: added ability to pass
google.project.id
togoogle_project_service.project
(#7255) - spanner: added schema update/update ddl support for
google_spanner_database
(#7279)
BUG FIXES:
- bigtable: fixed the update behaviour of the
single_cluster_routing
sub-fields ingoogle_bigtable_app_profile
(#7266) - dataproc: fixed issues where updating
google_dataproc_cluster.cluster_config.autoscaling_policy
would do nothing, and where there was no way to remove a policy. (#7269) - osconfig: fixed a potential crash in
google_os_config_patch_deployment
due to an unchecked nil value inrecurring_schedule
(#7265) - serviceusage: fixed intermittent failure when a service is already being modified - added retries #7230)
- serviceusage: fixed an issue where
bigquery.googleapis.com
was getting enabled as thebigquery-json.googleapis.com
alias instead, incorrectly. This had no user impact yet, but the alias may go away in the future. (#7230)
IMPROVEMENTS:
- compute: added
storage_locations
field togoogle_compute_snapshot
(#7201) - compute: added
kms_key_service_account
,kms_key_self_link
fields tosnapshot_encryption_key
field ingoogle_compute_snapshot
(#7201) - compute: added
source_disk_encryption_key.kms_key_service_account
field togoogle_compute_snapshot
(#7201) - container: added
self_link
togoogle_container_cluster
(#7191) - container: marked
workload_metadata_config
as GA ingoogle_container_node_pool
(#7192)
BUG FIXES:
- bigquery: fixed a bug when a BigQuery table schema didn't have
name
in the schema. Previously it would panic; now it logs an error. (#7215) - bigquery: fixed bug where updating
clustering
would force a new resource rather than update. (#7195) - bigquerydatatransfer: fixed
params.secret_access_key
perma-diff for AWS S3 data transfer config types by adding asensitive_params
block with thesecret_access_key
attribute. (#7174) - compute: fixed bug where
delete_default_routes_on_create=true
was not actually deleting the default routes on create. (#7199)
DEPRECATIONS:
- storage: deprecated
bucket_policy_only
field ingoogle_storage_bucket
in favour ofuniform_bucket_level_access
(#7143)
FEATURES:
- New Resource: google_compute_disk_iam_binding (#7110)
- New Resource: google_compute_disk_iam_member (#7110)
- New Resource: google_compute_disk_iam_policy (#7110)
- New Resource: google_compute_region_disk_iam_binding (#7110)
- New Resource: google_compute_region_disk_iam_member (#7110)
- New Resource: google_compute_region_disk_iam_policy (#7110)
- New Resource: google_data_loss_prevention_inspect_template (#7123)
- New Resource: google_data_loss_prevention_job_trigger (#7123)
- New Resource: google_data_loss_prevention_stored_info_type (#7145)
IMPROVEMENTS:
- compute: Added graceful termination to
google_compute_instance_group_manager
create calls so that partially created instance group managers will resume the original operation if the Terraform process is killed mid create. (#7153) - container: added project override support to
google_container_cluster
andgoogle_container_nodepool
(#7114) - osconfig: added rollout field to
google_os_config_patch_deployment
(#7172) - provider: added a new field
billing_project
to the provider that's associated as a billing/quota project with most requests whenuser_project_override
is true (#7113) - resourcemanager: added additional fields to
google_projects
datasource (#7139) - serviceusage: added project override support to
google_project_service
(#7114)
BUG FIXES:
- bigquerydatatransfer: fixed
params.secret_access_key
perma-diff for AWS S3 data transfer config types by adding asensitive_params
block with thesecret_access_key
attribute. (#7174) - compute: Fixed bug with
google_netblock_ip_ranges
data source failing to read from the correct URL (#7156) - compute: fixed updating
google_compute_instance.shielded_instance_config
by adding it to theallow_stopping_for_update
list (#7132)
NOTES:
- Drop recommendation to use -provider= on import in documentation (#7100)
FEATURES:
- New Resource:
google_compute_image_iam_binding
(#7070) - New Resource:
google_compute_image_iam_member
(#7070) - New Resource:
google_compute_image_iam_policy
(#7070) - New Resource:
google_compute_disk_iam_binding
(#7110) - New Resource:
google_compute_disk_iam_member
(#7110) - New Resource:
google_compute_disk_iam_policy
(#7110) - New Resource:
google_compute_region_disk_iam_binding
(#7110) - New Resource:
google_compute_region_disk_iam_member
(#7110) - New Resource:
google_compute_region_disk_iam_policy
(#7110)
IMPROVEMENTS:
- appengine: added
vpc_access_connector
field togoogle_app_engine_standard_app_version
resource (#7062) - bigquery: added
notification_pubsub_topic
field togoogle_bigquery_data_transfer_config
resource (#7076) - compute: Added custom metadata fields and filter expressions to
google_compute_subnetwork
flow log configuration (#7099) - compute: Added support to
google_compute_backend_service
for setting a serverless regional network endpoint group asbackend.group
(#7066) - compute: added support for pd-balanced disk type for
google_compute_instance
(#7108) - container: added support for pd-balanced disk type for
google_container_node_pool
(#7108) - pubsub: added
retry_policy
togoogle_pubsub_subscription
resource (#7077)
BUG FIXES:
- compute: fixed an issue where
google_compute_url_map
path_matcher.default_route_action
would conflict withdefault_url_redirect
(#7063) - kms: updated
data_source_secret_manager_secret_version
to have consistent id value (#7098)
FEATURES:
- New Resource:
google_active_directory_domain_trust
(#7056) - New Resource:
google_access_context_manager_service_perimeters
(#7027) - New Resource:
google_access_context_manager_access_levels
(#7027) - New Resource:
google_folder_access_approval_settings
(#7010) - New Resource:
google_organization_access_approval_settings
(#7010) - New Resource:
google_project_access_approval_settings
(#7010) - New Resource:
google_bigquery_table_iam_policy
(#7041) - New Resource:
google_bigquery_table_iam_binding
(#7041) - New Resource:
google_bigquery_table_iam_member
(#7041)
IMPROVEMENTS:
- compute: added grpc_health_check block to compute_health_check (#7038)
- compute: added grpc_health_check block to compute_region_health_check (#7038)
- pubsub: added
enable_message_ordering
support togoogle_pubsub_subscription
(#7039) - sql: added project field to
google_sql_database_instance
datasource. (#7007) - storage: added
ARCHIVE
as an accepted class forgoogle_storage_bucket
andgoogle_storage_bucket_object
(#7030)
BUG FIXES:
- all: updated base urls for compute, dns, storage, and bigquery APIs to their recommended endpoints (#7045)
- bigquery: fixed a bug where
dataset_access.iam_member
would produce inconsistent results after apply. (#7047) - bigquery: fixed an issue with
use_legacy_sql
not being set tofalse
. (#7012) - dns: fixed an issue where
google_dns_managed_zone
would not removeprivate_visibility_config
on updates (#7022) - sql: fixed an issue where
google_sql_database_instance
would throw an error when removingprivate_network
. Removingprivate_network
now recreates the resource. (#7054)
NOTES:
- all: Updated lists of enums to display the enum options in the documentation pages. (#6946)
FEATURES:
- New Resource:
google_compute_region_network_endpoint_group
(supports serverless NEGs) (#6960) - New Resource:
google_game_services_game_server_cluster
(#6983) - New Resource:
google_game_services_game_server_config
(#6983) - New Resource:
google_game_services_game_server_deployment_rollout
(#6983) - New Resource:
google_game_services_game_server_deployment
(#6983) - New Resource:
google_game_services_realm
(#6983)
IMPROVEMENTS:
- appengine: converted
google_app_engine_standard_app_version
'sinbound_services
to an enum array, which enhances docs and provides some client-side validation. (#6956) - cloudbuild: added tags, source, queue_ttl, logs_bucket, substitutions, and secrets to
google_cloudbuild_trigger
(#6942) - cloudfunctions: Updated the
google_cloudfunctions_function
datasource to include new fields available in the API. (#6935) - compute: added
source_image
andsource_snapshot
togoogle_compute_image
(#6980) - compute: added confidential_instance_config block to google_compute_instance (#7000)
- compute: added confidential_instance_config block to google_compute_instance_template (#7000)
- container: added
release_channel_default_version
field todata.google_container_engine_versions
(GA) (#6963) - container: added
release_channel
togoogle_container-cluster
(GA) (#6955) - iam: Added
public_key_type
field togoogle_service_account_key
(#6999) - pubsub: added
filter
field togoogle_pubsub_subscription
resource (#6997) - resource-manager: updated documentation for
folder_iam_*
andorganization_iam_*
resources. (#6991) - sql: added support for point_in_time_recovery for
google_sql_database_instance
(#6944)
BUG FIXES:
- appengine: Set
iap
to computed ingoogle_app_engine_application
(#6951) - artifactrepository: Fixed import failure of
google_artifact_registry_repository
. (#6957) - compute: fixed shielded instance config, which had been failing to apply due to a field rename on the GCP side. (#6943)
- monitoring: fixed validation rules for
google_monitoring_slo
windows_based_sli.metric_sum_in_range.max
field (#6974) - osconfig: fixed
google_os_config_patch_deployment
windows_update.classifications
field to work correctly, accepting multiple values. (#6946)
NOTES:
- redis: explicitly noted in
google_redis_instance
documentation that"REDIS_5_0"
is supported (#6917) - all: fix markdown formatting while showing enum values in documentation (#6924).
IMPROVEMENTS:
- bigtable: added support for labels in
google_bigtable_instance
(#6921) - cloudfunctions: updated
google_cloudfunctions_function
datasource to include new fields. (#6935) - redis: added
persistence_iam_identity
output field togoogle_redis_instance
(#6917) - storage: added google_storage_bucket_object.media_link. (#6897)
BUG FIXES:
- all: fixed crash due to nil context when loading credentials (#6903)
- compute: fixed issue where the
project
field indata.google_compute_network_endpoint_group
was returning an error when specified (#6918) - sourcerepo: fixed perma-diff in
google_sourcerepo_repository
(#6886)
DEPRECATIONS:
- compute: deprecated
enable_logging
ongoogle_compute_firewall
, definelog_config.metadata
to enable logging instead. (#6871)
FEATURES:
- New Resource:
google_active_directory_domain
(#6866)
IMPROVEMENTS:
- cloudrun: added
ports
field togoogle_cloud_run_service
templates.spec.containers
(#6873) - compute: added
log_config.metadata
togoogle_compute_firewall
, defining this will enable logging. (#6871)
BUG FIXES:
- container: Fixed a crash in
google_container_cluster
when""
was specified forresource_usage_export_config.bigquery_destination.dataset_id
. (#6839) - endpoints: Fixed a crash when
google_endpoints_service
is used on a machine without timezone data (#6849) - resourcemanager: bumped
google_project
timeout defaults to 10 minutes (from 4) (#6859)
FEATURES:
- New Data Source:
google_sql_database_instance
#2841 (#6797) - New Resource:
google_cloud_asset_folder_feed
(#6821) - New Resource:
google_cloud_asset_organization_feed
(#6821) - New Resource:
google_cloud_asset_project_feed
(#6821) - New Resource:
google_monitoring_metric_descriptor
(#6829)
IMPROVEMENTS:
- filestore: Added support for filestore high scale tier. (#6828)
- resourcemanager: Added
folder_id
as computed attribute togoogle_folder
resource and datasource. (#6823) - compute: Added support to
google_compute_backend_service
for setting a network endpoint group asbackend.group
. (#6853)
BUG FIXES:
- container: Fixed a crash in
google_container_cluster
when""
was specified forresource_usage_export_config.bigquery_destination.dataset_id
. (#6839) - bigquery: Fixed bug where a permadiff would show up when adding a column to the middle of a
bigquery_table.schema
(#6803)
FEATURES:
- New Data Source:
google_service_account_id_token
(#6791) - New Resource:
google_cloudiot_device
(#6785)
IMPROVEMENTS:
- bigquery: added support for BigQuery custom schemas for external data using CSV / NDJSON (#6772)
FEATURES:
- New Resource:
google_os_config_patch_deployment
(#6741)
IMPROVEMENTS:
- iam: made the
condition
block GA for all IAM resource and datasource types. (#6748)
BUG FIXES:
- container: added the ability to update
database_encryption
without recreating the cluster. (#6757) - endpoints: fixed
google_endpoints_service
to allow dependent resources to plan based on theconfig_id
value. (#6722) - runtimeconfig: fixed
Requested entity was not found.
error when config was deleted outside of terraform. (#6753)
NOTES:
- added the
https://www.googleapis.com/auth/cloud-identity
scope to the provider by default (#6681) google_app_engine_*_version
'sservice
field is required; previously it would have passed validation but failed on apply if it were absent. (#6720)
FEATURES:
- New Resource:
google_kms_key_ring_import_job
(#6682) - New Resource:
google_folder_iam_audit_config
(#6708)
IMPROVEMENTS:
- bigquery: Added
"HOUR"
option forgoogle_bigquery_table
time partitioning (type
) (#6702) - bigquery: Added support for BigQuery hourly time partitioning (#6675)
- compute: Added
mode
togoogle_compute_region_autoscaler
autoscaling_policy
(#6685) - container: Promoted
google_container_cluster
database_encryption
to GA. (#6701) - endpoints:
google_endpoints_service
now allows dependent resources to plan based on theconfig_id
value. (#6722) - monitoring: added
request_method
,content_type
, andbody
fields within thehttp_check
object togoogle_monitoring_uptime_check_config
resource (#6700)
BUG FIXES:
- compute: fixed an issue in
compute_url_map
wherepath_matcher
sub-fields would conflict withdefault_service
(#6721)
FEATURES:
- New Data Source:
google_redis_instance
(#6649) - New Resource:
google_notebook_environment
(#6639) - New Resource:
google_notebook_instance
(#6639)
IMPROVEMENTS:
- appengine: Enabled provisioning Firestore on a new project by adding the option to specify
database_type
ingoogle_app_engine_application
(#6629) - compute: Added
mode
togoogle_compute_autoscaler
autoscaling_policy
(#6664) - dns: enabled google_dns_policy to accept network id (#6624)
BUG FIXES:
- appengine: Added polling to
google_app_engine_firewall_rule
to prevent issues with eventually consistent creation (#6633) - compute: Allowed updating
google_compute_network_peering_routes_config
import_custom_routes
andexport_custom_routes
to false (#6625) - netblock: fixed the google netblock ranges returned by the
google_netblock_ip_ranges
by targeting json on gstatic domain instead of reading SPF dns records (solution provided by network team) (#6650)
IMPROVEMENTS:
- accesscontextmanager: Added
custom
config togoogle_access_context_manager_access_level
(#6611) - cloudbuild: Added
invert_regex
flag in Github PullRequestFilter and PushFilter in triggerTemplate (#6594) - cloudrun: Added
template.spec.timeout_seconds
togoogle_cloud_run_service
(#6575) - compute: Added
export_subnet_routes_with_public_ip
andimport_subnet_routes_with_public_ip
togoogle_compute_network_peering
(#6586) - compute: Added support for
google_compute_instance_group
instances
to accept instance id field as well as self_link (#6569) - dns: Added support for
google_dns_policy
network to acceptgoogle_compute_network.id
(#6624) - redis: Added validation for name attribute in
redis_instance
(#6581) - sql: Promoted
google_sql_database_instance
root_password
(MS SQL) to GA (#6601)
BUG FIXES:
- bigquery: Fixed
range_partitioning.range.start
so that the value0
is sent ingoogle_bigquery_table
(#6562) - container: Fixed a regression in
google_container_cluster
where the location was not inferred when using asubnetwork
shortname value likename
(#6568) - datastore: Added retries to
google_datastore_index
requests when under contention. (#6563) - kms: Fixed the
id
value in thegoogle_kms_crypto_key_version
datasource to include a/v1
part following//cloudkms.googleapis.com/
, making it useful for interpolation into Binary Authorization. (#6576)
FEATURES:
- New Resource:
google_data_catalog_tag
(#6550) - New Resource:
google_bigquery_dataset_iam_binding
(#6553) - New Resource:
google_bigquery_dataset_iam_member
(#6553) - New Resource:
google_bigquery_dataset_iam_policy
(#6553) - New Resource:
google_memcache_instance
(#6540) - New Resource:
google_network_management_connectivity_test
(#6529)
IMPROVEMENTS:
- compute: added
default_route_action
tocompute_url_map
andcompute_url_map.path_matchers
(#6547) - dialogflow: Changed
google_dialogflow_agent.time_zone
to be updatable (#6519) - dns: enabled google_dns_managed_zone to accept network id for two attributes (#6533)
- healthcare: Added support for
streaming_configs
togoogle_healthcare_fhir_store
(#6551) - monitoring: added
matcher
attribute tocontent_matchers
block forgoogle_monitoring_uptime_check_config
(#6558)
BUG FIXES:
- compute: fixed issue where trying to update the region of
google_compute_subnetwork
would fail instead of destroying/recreating the subnetwork (#6522) - dataflow: added retries in
google_dataflow_job
for common retryable API errors when waiting for job to update (#6552) - dataflow: changed the update logic for
google_dataflow_job
to wait for the replacement job to start successfully before modifying the resource ID to point to the replacement job (#6534)
FEATURES:
- New Resource:
google_data_catalog_tag_template
(#6485) - New Resource:
google_container_analysis_occurence
(#6474)
IMPROVEMENTS:
- appengine: added
inbound_services
toStandardAppVersion
resource (#6514) - bigquery: Promoted
google_bigquery_table
range_partitioning
to GA (#6488) - bigquery: Added support for
google_bigquery_table
hive_partitioning_options
(#6488) - container: Promoted
google_container_cluster.workload_identity_config
to GA. (#6490) - container_analysis: Added top-level generic note fields to
google_container_analysis_note
(#6474)
BUG FIXES:
- bigquery: Fixed an issue where
google_bigquery_job
would return "was present, but now absent" error after job creation (#6489) - container: Changed retry logic for
google_container_node_pool
deletion to use timeouts and retry errors more specifically when cluster is updating. (#6335) - dataflow: fixed an issue where
google_dataflow_job
would try to updatemax_workers
(#6468) - dataflow: fixed an issue where updating
on_delete
ingoogle_dataflow_job
would cause the job to be replaced (#6468) - compute: fixed issue where removing all target pools from
google_compute_instance_group_manager
orgoogle_compute_region_instance_group_manager
had no effect (#6492) - functions: Added retry to
google_cloudfunctions_function
creation when API returns error while pulling source from GCS (#6476) - provider: Removed credentials from output error when provider cannot parse given credentials (#6473)
FEATURES:
- New Data Source:
google_secret_manager_secret_version
(#6432) - New Resources:
google_data_catalog_entry_group_iam_*
(#6438) - New Resource:
google_data_catalog_entry_group
(#6438) - New Resource:
google_data_catalog_entry
(#6444) - New Resource:
google_dns_policy
is now GA (#6439) - New Resource:
google_secret_manager_secret
(#6432) - New Resources:
google_secret_manager_secret_iam_*
(#6432) - New Resource:
google_secret_manager_secret_version
(#6432)
IMPROVEMENTS:
- appengine: added
handlers
togoogle_flexible_app_version
(#6449) - bigquery: suppressed diffs between fully qualified URLs and relative paths that reference the same table or dataset in
google_bigquery_job
(#6451) - dns: Promoted the following
google_dns_managed_zone
fields to GA:forwarding_config
,peering_config
(#6439)
BUG FIXES:
- appengine: added ability to fully sync
StandardAppVersion
resources (#6435) - bigquery: Fixed an issue with
google_bigquery_dataset_access
failing for primitive roleroles/bigquery.dataViewer
(#6431) - dataflow: fixed an issue where
google_dataflow_job
would try to updatemax_workers
(#6468) - dataflow: fixed an issue where updating
on_delete
ingoogle_dataflow_job
would cause the job to be replaced (#6468) - os_login: Fixed
google_os_login_ssh_public_key
key
field attempting to update in-place (#6433)
BREAKING CHANGES:
- The base url for the
monitoring
endpoint no longer includes the API version (previously "v3/"). If you use amonitoring_custom_endpoint
, remove the trailing "v3/". (#6424)
FEATURES:
- New Data Source:
google_iam_testable_permissions
(#6382) - New Resource:
google_monitoring_dashboard
(#6424)
IMPROVEMENTS:
- bigquery: Added ability for various
table_id
fields (and onedataset_id
field) ingoogle_bigquery_job
to specify a relative path instead of just the table id (#6404) - composer: Added support for
google_composer_environment
config.private_environment_config.cloud_sql_ipv4_cidr_block
(#6392) - composer: Added support for
google_composer_environment
config.private_environment_config.web_server_ipv4_cidr_block
(#6392) - container: Added update support for
node_config.workload_metadata_config
togoogle_container_node_pool
(#6430) - container: Added the ability to unspecify
google_container_cluster
'smin_master_version
field (#6373) - monitoring: Added window-based SLI to
google_monitoring_slo
(#6381)
BUG FIXES:
- compute: Fixed an issue where
google_compute_route
creation failed while VPC peering was in progress. (#6410) - Fixed an issue where data source
google_organization
would ignore exact domain matches if multiple domains were found (#6420) - compute: Fixed
google_compute_interconnect_attachment
edge_availability_domain
diff when the field is unspecified (#6419) - compute: fixed error where plan would error if
google_compute_region_disk_resource_policy_attachment
had been deleted outside of terraform. (#6367) - compute: raise limit on number of
src_ip_ranges
values ingoogle_compute_security_policy
to supported 10 (#6394) - iam: Fixed an issue where
google_service_account
shows an error after creating the resource (#6391)
BREAKING CHANGE:
google_bigtable_instance
resources now cannot be destroyed unlessdeletion_protection = false
is set in state for the resource. (#6357)
FEATURES:
- New Resource:
google_dialogflow_entity_type
(#6339)
IMPROVEMENTS:
- bigtable: added
deletion_protection
field togoogle_bigtable_instance
to make deleting them require an explicit intent. (#6357) - compute: Added
google_compute_region_backend_service
port_name
parameter (#6327) - dataproc: Updated
google_dataproc_cluster.software_config.optional_components
to include new options. (#6330) - monitoring: Added
request_based
SLI support togoogle_monitoring_slo
(#6353) - storage: added
google_storage_bucket
bucket name to the error message when the bucket can't be deleted because it's not empty (#6355)
BUG FIXES:
- bigquery: Fixed error where
google_bigquery_dataset_access
resources could not be found post-creation if role was set to a predefined IAM role with an equivalent primitive role (e.g.roles/bigquery.dataOwner
andOWNER
) (#6307) - compute: Fixed permadiff in
google_compute_instance_template
'snetwork_tier
. (#6344) - compute: Removed permadiff or errors on update for
google_compute_backend_service
andgoogle_compute_region_backend_service
whenconsistent_hash
values were previously set on backend service but are not supported by updated value oflocality_lb_policy
(#6316) - sql: Fixed occasional failure to delete
google_sql_database_instance
andgoogle_sql_user
. (#6318)
FEATURES:
- New Resource:
google_compute_region_target_http_proxy
is now GA (#6245) - New Resource:
google_compute_region_target_https_proxy
is now GA (#6245) - New Resource:
google_compute_region_url_map
is now GA (#6245) - New Resource:
google_logging_billing_account_bucket_config
(#6227) - New Resource:
google_logging_folder_bucket_config
(#6227) - New Resource:
google_logging_organization_bucket_config
(#6227) - New Resource:
google_logging_project_bucket_config
(#6227)
IMPROVEMENTS:
- all: added configurable timeouts to several resources that did not previously have them (#6226)
- bigquery: added
service_account_name
field togoogle_bigquery_data_transfer_config
resource (#6221) - cloudfunctions: Added validation to label keys for
google_cloudfunctions_function
as API errors aren't useful. (#6228) - compute: Promoted the following
google_compute_backend_service
fields to GA:circuit_breakers
,consistent_hash
,custom_request_headers
,locality_lb_policy
,outlier_detection
(#6245) - compute: Promoted the following
google_compute_region_backend_service
fields to GA:affinity_cookie_ttl_sec
,circuit_breakers
,consistent_hash
,failover_policy
,locality_lb_policy
,outlier_detection
,log_config
,failover
(#6245) - container: Promoted
google_container_cluster.addons_config.cloudrun_config
from beta to GA. (#6304) - container: Promoted
google_container_cluster.enable_shielded_nodes
from beta to GA. (#6303) - container: Promoted
node_locations
togoogle_container_node_pool
andgoogle_container_cluster.node_pool
from beta to GA (#6253) - dataflow: Added drift detection for
google_dataflow_job
template_gcs_path
andtemp_gcs_location
fields (#6257) - dataflow: Added support for update-by-replacement to
google_dataflow_job
(#6257) - dataflow: Added support for providing additional experiments to Dataflow job (#6196)
- storage: Added retries for
google_storage_bucket_iam_*
on 412 (precondition not met) errors for eventually consistent bucket creation. (#6235)
BUG FIXES:
- all: fixed bug where timeouts specified in units other than minutes were getting incorrectly rounded. Also fixed several instances of timeout values being used from the wrong method. (#6218)
- accesscontextmanager: Fixed setting
require_screen_lock
to true forgoogle_access_context_manager_access_level
(#6234) - appengine: Changed
google_app_engine_application
to respect updates iniap
(#6216) - bigquery: Fixed error where
google_bigquery_dataset_access
resources could not be found post-creation if role was set to a predefined IAM role with an equivalent primative role (e.g.roles/bigquery.dataOwner
andOWNER
) (#6307) - bigquery: Fixed the
google_sheets_options
at least one of logic. (#6280) - cloudscheduler: Fixed permadiff for
google_cloud_scheduler_job.retry_config.*
block when API provides default values (#6278) - compute: Added lock to prevent
google_compute_route
from changing while peering operations are happening on its network (#6243) - compute: fixed issue where the default value for the attribute
advertise_mode
ongoogle_compte_router_peer
was not populated on import (#6265) - container: Fix occasional error with
container_node_pool
partially-successful creations not being recorded if an error occurs on the GCP side. (#6305) - container: fixed issue where terraform would error if a gke instance group was deleted out-of-band (#6242)
- storage: Fixed setting/reading
google_storage_bucket_object
metadata on API object (#6271) - storage: Marked the credentials field in
google_storage_object_signed_url
as sensitive so it doesn't expose private credentials. (#6272)
FEATURES:
- New Resource:
google_healthcare_dataset_iam_binding
is now GA (#6193) - New Resource:
google_healthcare_dataset_iam_member
is now GA (#6193) - New Resource:
google_healthcare_dataset_iam_policy
is now GA (#6193) - New Resource:
google_healthcare_dataset
is now GA (#6164) - New Resource:
google_healthcare_dicom_store_iam_binding
is now GA (#6193) - New Resource:
google_healthcare_dicom_store_iam_member
is now GA (#6193) - New Resource:
google_healthcare_dicom_store_iam_policy
is now GA (#6193) - New Resource:
google_healthcare_dicom_store
is now GA (#6164) - New Resource:
google_healthcare_fhir_store_iam_binding
is now GA (#6193) - New Resource:
google_healthcare_fhir_store_iam_member
is now GA (#6193) - New Resource:
google_healthcare_fhir_store_iam_policy
is now GA (#6193) - New Resource:
google_healthcare_fhir_store
is now GA (#6164) - New Resource:
google_healthcare_hl7_v2_store_iam_binding
is now GA (#6193) - New Resource:
google_healthcare_hl7_v2_store_iam_member
is now GA (#6193) - New Resource:
google_healthcare_hl7_v2_store_iam_policy
is now GA (#6193) - New Resource:
google_healthcare_hl7_v2_store
is now GA (#6164)
IMPROVEMENTS:
- appengine: Added
automatic_scaling
,basic_scaling
, andmanual_scaling
togoogle_app_engine_standard_app_version
(#6183) - bigquery: added
service_account_name
field togoogle_bigquery_data_transfer_config
resource (#6221) - bigtable: added ability to add/remove column families in
google_bigtable_table
(#6188) - cloudfunctions: Added validation to label keys for
google_cloudfunctions_function
as API errors aren't useful. (#6228) - compute: Added support for default URL redirects to
google_compute_url_map
andgoogle_compute_region_url_map
(#6203) - dataflow: Add support for
additional_experiments
togoogle_dataflow_job
(#6196)
BUG FIXES:
- accesscontextmanager: Fixed setting
require_screen_lock
to true forgoogle_access_context_manager_access_level
(#6234) - appengine: Changed
google_app_engine_application
to respect updates iniap
(#6216) - sql: Allowed
binary_log_enabled
to be disabled. (#6163) - storage: Added retries for
google_storage_bucket_iam_*
on 412 (precondition not met) errors for eventually consistent bucket creation. (#6235)
FEATURES:
- New Resource:
google_bigquery_job
(#6134) - New Resource:
google_monitoring_slo
(#6118) - New Resource:
google_service_directory_endpoint
(#6150) - New Resource:
google_service_directory_namespace
(#6150) - New Resource:
google_service_directory_service
(#6150)
IMPROVEMENTS:
- bigtable: Reduced the minimum number of nodes for the
bigtable_instace
resource from 3 to 1. (#6159) - container: Added support for
google_container_cluster
Compute Engine persistent disk CSI driver (#6160) - compute: Added support for
google_compute_instance
resource_policies
field (#6125) - compute: Added support for
google_compute_resource_policy
group placement policies (#6125)
BUG FIXES:
- dataproc: Fixed diff when
google_dataproc_cluster
preemptible_worker_config.0.num_instances
is sized to 0 and otherpreemptible_worker_config
subfields are set (#6123) - resourcemanager: Added a wait to
google_project
so that projects are more likely to be ready before the resource finishes creation (#6161) - sql: Allowed
binary_log_enabled
to be disabled. (#6163) - sql: Fixed behaviour in
google_sql_database
when the parent instance is deleted, removing it from state (#6162)
FEATURES:
- New Data Source:
google_monitoring_app_engine_service
(#6078) - New Resource:
google_monitoring_custom_service
(#6078) - New Resource:
google_compute_global_network_endpoint
(#6095) - New Resource:
google_compute_global_network_endpoint_group
(#6095) - New Resource:
google_monitoring_slo
(#6118)
IMPROVEMENTS:
- appengine: Added
iap.enabled
field togoogle_app_engine_application
resource (#6076) - iam: Added
name
field togoogle_organization_iam_custom_role
(#6111) - iam: Added
name
field togoogle_project_iam_custom_role
(#6111)
BUG FIXES:
- container: Fixed importing/reading
google_container_node_pool
resources in non-RUNNING states (#6115) - monitoring: Made
display_name
optional ongoogle_monitoring_notification_channel
(#6090)
FEATURES:
- New Resource:
google_bigquery_dataset_access
(#6035) - New Resource:
google_dialogflow_intent
(#6061) - New Resource:
google_os_login_ssh_public_key
(#6026)
IMPROVEMENTS:
- accesscontextmanager: added
spec
anduse_explicit_dry_run_spec
togoogle_access_context_manager_service_perimeter
to test perimeter configurations in dry-run mode. (#6071) - compute: Added update support for
google_compute_interconnect_attachment
admin_enabled
(#6046) - compute: Added field
log_config
togoogle_compute_health_check
andgoogle_compute_region_health_check
to enable health check logging. (#6058) - compute: Added more import formats for
google_compute_instance
(#6023) - sourcerepo: allowed
google_sourcerepo_repo
pubsub_configs.topic
to accept short topic names in addition to full references. (#6069)
BUG FIXES:
- compute: Fixed diff on default value for
google_compute_interconnect_attachment
admin_enabled
(#6046) - compute: Fixed perma-diff on
google_compute_interconnect_attachment
candidate_subnets
(#6046) - compute: fixed bug where
google_compute_instance_from_template
instance defaults were overridingscheduling
(#6070) - iap:
project
can now be unset iniap_web_iam_member
and will read from the defaultproject
(#6060) - serviceusage: fixed issue where
google_project_services
attempted to read a project before enabling the API that allows that read (#6062) - sql: fixed error that occurred on
google_sql_database_instance
whensettings.ip_configuration
was set butipv4_enabled
was not set to true andprivate_network
was not configured, by defaultingipv4_enabled
to true. (#6041) - storage: fixed an issue where
google_storage_bucket_iam_member
showed a diff for bucket self links (#6019) - storage: fixed bug where deleting a
google_storage_bucket
that contained non-deletable objects would retry indefinitely (#6044)
FEATURES:
- New Data Source:
google_monitoring_uptime_check_ips
(#6009)
IMPROVEMENTS:
- cloudfunctions: Added
ingress_settings
field togoogle_cloudfunctions_function
(#5981) - cloudfunctions: added support for
vpc_connector_egress_settings
togoogle_cloudfunctions_function
(#5984) - accesscontextmanager: added
status.vpc_accessible_services
togoogle_access_context_manager_service_perimeter
to control which services are available from the perimeter's VPC networks to the restricted Google APIs IP address range. (#6006) - cloudrun: added ability to autogenerate revision name (#5987)
- compute: added ability to resize
google_compute_reservation
(#5999) - container: added
resource_usage_export_config
togoogle_container_cluster
, previously only available ingoogle-beta
(#5990) - dns: added ability to update
google_dns_managed_zone.dnssec_config
(#6011) - pubsub: Added
dead_letter_policy
support togoogle_pubsub_subscription
(#6010)
BUG FIXES:
- compute: Fixed an issue where
port
could not be removed from health checks (#5997) - storage: fixed an issue where
google_storage_bucket_iam_member
showed a diff for bucket self links (#6019)
FEATURES:
- New Resource:
google_compute_instance_group_named_port
(#5932) - New Resource:
google_service_usage_consumer_quota_override
(#5966) - New Resource:
google_iap_brand
(#5881) - New Resource:
google_iap_client
(#5881) - New Resource:
google_appengine_flexible_app_version
(#5882)
IMPROVEMENTS:
- accesscontextmanager: Added
regions
field togoogle_access_context_manager_access_level
(#5961) - compute: added field
network
togoogle_compute_region_backend_service
, which allows internal load balancers to target the non-primary interface of an instance. (#5957) - compute: added support for IAM conditions in
google_compute_subnet_iam_*
IAM resources (#5954) - container: Added field
maintenance_policy.recurring_window
togoogle_container_cluster
(#5962) - kms: Added new field
additional_authenticated_data
for Cloud KMS data sourcegoogle_kms_secret
(#5968) - kms: Added new field
additional_authenticated_data
for Cloud KMS resourcegoogle_kms_secret_ciphertext
(#5968)
BUG FIXES:
- kms: Fixed an issue in
google_kms_crypto_key_version
wherepublic_key
would return empty after apply (#5956) - logging: Fixed import issue with
google_logging_metric
in a non-default project. (#5944) - provider: Fixed an error with resources failing to upload large files (e.g. with
google_storage_bucket_object
) during retried requests (#5977)
FEATURES:
- New Data Source:
google_compute_instance_serial_port
(#5911) - New Resource:
google_compute_region_ssl_certificate
(#5913)
IMPROVEMENTS:
- compute: Added new attribute reference
current_status
to thegoogle_compute_instance
resource (#5903) - compute: Added
allow_global_access
togoogle_compute_forwarding_rule
resource. (#5912) - container: Added
dns_cache_config
field togoogle_container_cluster
resource (#5887) - container: Added
upgrade_settings
togoogle_container_node_pool
resource (#5910) - provider: Added provider-wide request retries for common temporary GCP error codes and network errors (#5902)
- redis: Added
connect_mode
field togoogle_redis_instance
resource (#5888)
BREAKING CHANGES:
- dialogflow: Changed
google_dialogflow_agent.time_zone
to ForceNew. Updating this field will require recreation. This is due to a change in API behavior. (#5831)
FEATURES:
- New Resource:
google_compute_region_disk_resource_policy_attachment
(#5849) - New Resource:
google_sql_source_representation_instance
(#5839)
IMPROVEMENTS:
- bigtable: Added support for full-name/id
instance_name
value ingoogle_bigtable_table
andgoogle_bigtable_gc_policy
(#5837) - compute: Added
autoscaling_policy
togoogle_compute_node_group
(#5864) - compute: Added support for full-name/id
network_endpoint_group
value ingoogle_network_endpoint
(#5838) - compute: Added support for
google_compute_router_nat
drain_nat_ips
(previously beta-only). (#5821) - dialogflow: Changed
google_dialogflow_agent
to not readtier
status (#5835) - monitoring: Added
sensitive_labels
togoogle_monitoring_notification_channel
so that labels likepassword
andauth_token
can be managed separately from the other labels and marked as sensitive. (#5873)
BUG FIXES:
- all: fixed issue where nested objects were getting sent as null values to GCP on create instead of being omitted from requests (#5825)
- cloudfunctions: fixed
vpc_connector
to be updated properly ingoogle_cloudfunctions_function
(#5829) - compute: fixed
google_compute_security_policy
from allowing two rules with the same priority. (#5834) - compute: fixed bug where
google_compute_instance.scheduling.node_affinities.operator
would incorrectly acceptNOT
rather thanNOT_IN
. (#5841) - container: Fixed issue where
google_container_node_pool
resources created in the 2.X series were failing to update after 3.11. (#5877)
IMPROVEMENTS:
- serviceusage:
google_project_service
no longer attempts to enable a service that is already enabled. (#5810) - bigtable: Added support for full-name/id
instance
value ingoogle_bigtable_app_profile
(#5780) - compute: Added
google_compute_router_nat
drain_nat_ips
field (formerly beta). (#5821) - pubsub: Added polling to ensure correct resource state for negative-cached PubSub resources (#5813)
BUG FIXES:
- compute: Fixed a scenario where
google_compute_instance_template
would cause a crash. (#5808) - container: Fixed panic when upgrading
google_container_cluster
with autoscaling block (#5782) - storage: Added check for bucket retention policy list being empty. (#5793)
- storage: Added locking for operations involving
google_storage_*_access_control
resources to prevent errors from ACLs being added at the same time. (#5791)
FEATURES:
- New Data Source:
google_compute_backend_bucket
(#5720) - New Resource:
google_app_engine_service_split_traffic
(#5729) - New Resource:
google_compute_packet_mirroring
(#5755) - New Resource:
google_vpc_access_connector
(GA provider) (#5752)
IMPROVEMENTS:
- bigquery: Landed support for range-based partitioning in
google_bigquery_table
(#5723) - compute: added check on
google_compute_router
for non-empty advertised_groups or advertised_ip_ranges values when advertise_mode is DEFAULT in the bgp block. (#5718) - compute: added the ability to manage the status of
google_compute_instance
resources with thedesired_status
field (#4797) - iam:
google_project_iam_member
andgoogle_project_iam_binding
'sproject
field can be specified with an optionalprojects/
prefix (#5722) - storage: added
metadata
togoogle_storage_bucket_object
. (#5721)
BUG FIXES:
- compute: Updated
google_project
to check for valid permissions on the parent billing account before creating and tainting the resource. (#5719) - container: Fixed panic when upgrading
google_container_cluster
withautoscaling
block (#5782)
BREAKING CHANGES:
- container: Fully removed
use_ip_aliases
andcreate_subnetwork
fields to fix misleading diff for removed fields (#5666)
FEATURES:
- New Data Source:
google_dns_keys
(#5703) - New Resource:
google_storage_hmac_key
(#5679) - New Resource:
google_datastore_index
(#5655) - New Resource:
google_endpoints_service_iam_binding
(#5668) - New Resource:
google_endpoints_service_iam_member
(#5668) - New Resource:
google_endpoints_service_iam_policy
(#5668)
IMPROVEMENTS:
- container: Allowed import/update/deletion of
google_container_cluster
in error states. (#5663) - container: Changed
google_container_node_pool
so node pools created in an error state will be marked as tainted on creation. (#5662) - container: Allowed import/update/deletion of
google_container_node_pool
in error states and updated resource to wait for a stable state after any changes. (#5662) - container: added label_fingerprint to
google_container_cluster
(#5647) - container: Enabled configuring autoscaling profile in
google_container_cluster
(https://cloud.google.com/kubernetes-engine/docs/concepts/cluster-autoscaler#autoscaling_profiles) (#5659) - dataflow: added
job_id
attribute (#5644) - dataflow: added computed
type
field togoogle_dataflow_job
. (#5709) - provider: Added retries for common network errors we've encountered. (#5675)
FEATURES:
- New Resource:
google_container_registry
(#5593)
IMPROVEMENTS:
- all: improve error handling of 404s. (#5601)
- bigtable: added update support for
display_name
andinstance_type
(#5648) - container:
google_container_cluster
will wait for a stable state after updates. (#5616) - container: added
boot_disk_kms_key
tonode_config
block. (#5615) - dataflow: added
job_id
field togoogle_dataflow_job
(#5653) - dialogflow: improve error handling by increasing retry count (#5603)
- resourcemanager: fixed retry behavior for updates in
google_project
, added retries for billing metadata requests (#5578) - sql: add
encryption_key_name
togoogle_sql_database_instance
(#5591)
BUG FIXES:
- cloudrun: fixed permadiff caused by new API default values on
annotations
andlimits
(#5600) - compute: Fixed bug where
google_project
would fail to create if theauto_create_network
was false and thecompute-skipDefaultNetworkCreation
organization policies was enforced. (#5601) - container: Removed restriction on
auto_provisioning_defaults
to allow bothoauth_scopes
andservice_account
to be set (#5642) - firestore: fixed import of
google_firestore_index
when database or collection were non-default. (#5626) - iam: Fixed an erroneous error during import of IAM resources when a provider default project/zone/region is not defined. (#5613)
- kms: Fixed issue where
google_kms_crypto_key_version
datasource would throw an Invalid Index error on plan (#5619)
NOTES:
- provider: added documentation for the
id
field for many resources, including format (#5543) BREAKING CHANGES: - compute: Added conditional requirement of
google_compute_**region**_backend_service
backend.capacity_scaler
to no longer accept the API default if not INTERNAL. Non-INTERNAL backend services must now specifycapacity_scaler
explicitly and have a total capacity greater than 0. In addition, API default of 1.0 must now be explicitly set and will be treated as nil or zero if not set in config. (#5561)
FEATURES:
- New Data Source:
secret_manager_secret_version
(#5562) - New Resource:
google_access_context_manager_service_perimeter_resource
(#5574) - New Resource:
secret_manager_secret_version
(#5562) - New Resource:
secret_manager_secret
(#5562) - New Resource:
google_dialogflow_agent
(#5559)
IMPROVEMENTS:
- appengine: added support for
google_app_engine_application.iap
(#5556) - compute:
google_compute_security_policy
rule.match.expr
field is now GA (#5532) - compute: added additional validation to
google_cloud_router
'sbgp.asn
field. (#5547)
BUG FIXES:
- bigtable: fixed diff for DEVELOPMENT instances that are returned from the API with one node (#5557)
- compute: Fixed
backend.capacity_scaler
to actually set zero (0.0) value. (#5561) - compute: Fixed
google_compute_**region**_backend_service
so it no longer has a permadiff ifbackend.capacity_scaler
is unset in config by requiring capacity scaler. (#5561) - compute: updated
google_compute_project_metadata_item
to fail on create if its key is already present in the project metadata. (#5576) - logging: updated
bigquery_options
so the default value from the api will be set in state. (#5534) - sql: undeprecated
settings.ip_configuration.authorized_networks.expiration_time
(#5531)
BREAKING CHANGES:
- iam: starts reading/writing IAM policies at version 3 in the GA provider. If you have an IAM resource defined in your config that has a condition on it created outside of Terraform, you should start using the beta provider and defining the condition in your config to avoid unexpected behavior. (#5469)
IMPROVEMENTS:
- dns:
google_dns_managed_zone
added support for Non-RFC1918 fields for reverse lookup and fowarding paths. (#5493) - monitoring: Added
labels
anduser_labels
filters to data sourcegoogle_monitoring_notification_channel
(#5470)
BUG FIXES:
- bigtable: fixed diff for DEVELOPMENT instances that are returned from the API with one node (#5557)
- compute:
google_compute_instance_template
added plan time check for any disks markedboot
outside of the first disk (#5491) - container: Fixed perma-diff in
google_container_cluster
'scluster_autoscaling.auto_provisioning_defaults
. (#5486) - iam: fixed issue where users of the GA provider who used IAM conditions outside of Terraform were getting an error (#5469)
- logging: updated
bigquery_options
so the default value from the api will be set in state. (#5534) - storage: Stopped
project-owner
showing up in the diff forgoogle_storage_bucket_acl
(#5479)
KNOWN ISSUES:
- bigtable: due to API changes, bigtable DEVELOPMENT instances may show a diff on
num_nodes
. There will be a fix in the 3.7.0 release of the provider. No known workarounds exist at the moment, but will be tracked in hashicorp#5492.
FEATURES:
- New Data Source: google_monitoring_notification_channel (#5405)
- New Resource: Added
google_iap_tunnel_instance_iam_*
IAM resources for IAP Tunnel Instances (#5429) - New Resource: google_compute_network_peering_routes_config (#5426)
IMPROVEMENTS:
- compute: added waiting logic to
google_compute_interconnect_attachment
to avoid modifications when the attachment is UNPROVISIONED (#5459) - compute: made the
google_compute_network_peering
routes fields available in GA (#5419) - container: Promoted
enable_binary_authorization
from beta into ga. (#5456) - scheduler: Added
attempt_deadline
togoogle_cloud_scheduler_job
. (#5399) - storage: added
default_event_based_hold
togoogle_storage_bucket
(#5373)
BUG FIXES:
- compute: Fixed
google_compute_instance_from_template
with existing boot disks (#5430) - compute: Fixed a bug in
google_compute_instance
when attempting to update a field that requires stopping and starting an instance with an encrypted disk (#5436)
DEPRECATIONS:
- kms: deprecated
data.google_kms_secret_ciphertext
as there was no way to make it idempotent. Instead, use thegoogle_kms_secret_ciphertext
resource. (#5314) - sql: deprecated first generation-only fields on
google_sql_database_instance
(#5376)
FEATURES:
- New Resource:
google_kms_secret_ciphertext
(#5314)
IMPROVEMENTS:
- bigtable: added the ability to add/remove clusters from
google_bigtable_instance
(#5318) - compute: added support for other resource types (like a Proxy) as a
target
togoogle_compute_forwarding_rule
. (#5383) - dataproc: added
lifecycle_config
togoogle_dataproc_cluster.cluster_config
(#5323) - iam: updated to allow for empty bindings in
data_source_google_iam_policy
data source (#4525) - provider: added retries for batched requests so failed batches will retry each single request separately. (#5355)
- resourcemanager: restricted the length of the
description
field ofgoogle_service_account
. It is now limited to 256 characters. (#5409)
BUG FIXES:
- bigtable: Fixed error on reading non-existent
google_bigtable_gc_policy
,google_bigtable_instance
,google_bigtable_table
(#5331) - cloudfunctions: Fixed validation of
google_cloudfunctions_function
name to allow for 63 characters. (#5400) - cloudtasks: Changed
max_dispatches_per_second
to a double instead of an integer. (#5393) - compute: Added validation for
compute_resource_policy
to no longer allow invalidstart_time
values that weren't hourly. (#5342) - compute: Fixed errors from concurrent creation/deletion of overlapping
google_compute_network_peering
resources. (#5338) - compute: Stopped panic when using
usage_export_bucket
and the setting had been disabled manually. (#5349) - compute: fixed
google_compute_router_nat
timeout fields causing a diff when using a long-lived resource (#5353) - compute: fixed
google_compute_target_https_proxy.quic_override
causing a diff when using a long-lived resource (#5351) - identityplatform: fixed
google_identity_platform_default_supported_idp_config
to correctly allow configuration of bothidp_id
andclient_id
separately (#5398) - monitoring: Stopped
labels
from causing a perma diff onAlertPolicy
(#5367)
DEPRECATIONS:
- kms: deprecated
data.google_kms_secret_ciphertext
as there was no way to make it idempotent. Instead, use thegoogle_kms_secret_ciphertext
resource. (#5314)
BREAKING CHANGES:
- cloudrun: Changed
google_cloud_run_domain_mapping
to correctly match Cloud Run API expected format forspec.route_name
, {serviceName}, instead of invalid projects/{project}/global/services/{serviceName} (#5264) - compute: Added back ConflictsWith restrictions for ExactlyOneOf restrictions that were removed in v3.3.0 for
google_compute_firewall
,google_compute_health_check
, andgoogle_compute_region_health_check
. This effectively changes an API-side failure that was only accessible in v3.3.0 to a plan-time one. (#5220) - logging: Changed
google_logging_metric.metric_descriptors.labels
from a list to a set (#5258) - resourcemanager: Added back ConflictsWith restrictions for ExactlyOneOf restrictions that were removed in v3.3.0 for
google_organization_policy
,google_folder_organization_policy
, andgoogle_project_organization_policy
. This effectively changes an API-side failure that was only accessible in v3.3.0 to a plan-time one. (#5220)
FEATURES:
- New Data Source: google_sql_ca_certs (#5306)
- New Resource:
google_identity_platform_default_supported_idp_config
(#5199) - New Resource:
google_identity_platform_inbound_saml_config
(#5199) - New Resource:
google_identity_platform_oauth_idp_config
(#5199) - New Resource:
google_identity_platform_tenant_default_supported_idp_config
(#5199) - New Resource:
google_identity_platform_tenant_inbound_saml_config
(#5199) - New Resource:
google_identity_platform_tenant_oauth_idp_config
(#5199) - New Resource:
google_identity_platform_tenant
(#5199) - New Resource:
google_kms_crypto_key_iam_policy
(#5247) - New Resource:
google_kms_secret_ciphertext
(#5314)
IMPROVEMENTS:
- composer: Increased default timeouts for
google_composer_environment
(#5223) - compute: Added graceful termination to
container_cluster
create calls so that partially created clusters will resume the original operation if the Terraform process is killed mid create. (#5217) - compute: Fixed
google_compute_disk_resource_policy_attachment
parsing of region from zone to allow for provider-level zone and make error message more accurate` (#5257) - provider: Reduced default
send_after
controlling the time interval after which a batched request sends. (#5268)
BUG FIXES:
- all: fixed issue where many fields that were removed in 3.0.0 would show a diff when they were removed from config (#5313)
- bigquery: fixed
bigquery_table.encryption_configuration
to correctly recreate the table when modified (#5321) - cloudrun: Changed
google_cloud_run_domain_mapping
to correctly match Cloud Run API expected format forspec.route_name
, {serviceName}, instead of invalid projects/{project}/global/services/{serviceName} (#5264) - cloudrun: Changed
cloud_run_domain_mapping
to poll for success or failure and throw an appropriate error when ready status returns as false. (#5267) - cloudrun: Fixed
google_cloudrun_service
to allow update instead of force-recreation for changes inspec
env
andcommand
fields (#5269) - cloudrun: Removed unsupported update for
google_cloud_run_domain_mapping
to allow force-recreation. (#5253) - cloudrun: Stopped returning an error when a
cloud_run_domain_mapping
was waiting on DNS verification. (#5315) - compute: Fixed
google_compute_backend_service
to allow updatingcdn_policy.cache_key_policy.*
fields to false or empty. (#5276) - compute: Fixed behaviour where
google_compute_subnetwork
did not record a value forname
whenself_link
was specified. (#5288) - container: fixed issue where an empty variable in
tags
would cause a crash (#5226) - endpoints: Added operation wait for
google_endpoints_service
to fix 403 "Service not found" errors during initial creation (#5259) - logging: Made
google_logging_metric.metric_descriptors.labels
a set to prevent diff from ordering (#5258) - resourcemanager: added retries for
data.google_organization
(#5246)
FEATURES:
- New Resource:
google_compute_region_health_check
is now available in GA (#5149) - New Resource:
google_deployment_manager_deployment
(#5139)
IMPROVEMENTS:
- bigquery: added
PARQUET
as an option ingoogle_bigquery_table.external_data_configuration.source_format
(#5170) - compute: Added support for
next_hop_ilb
togoogle_compute_route
(#5162) - dataproc: added support for
security_config
togoogle_dataproc_cluster
(#5129) - storage: updated
id
andbucket
fields forgoogle_storage_bucket_iam_*
resources to useb/{bucket_name}
(#5099)
BUG FIXES:
- compute: Fixed an issue where interpolated values caused plan-time errors in
google_compute_router_interface
. (#5178) - compute: relaxed ExactlyOneOf restrictions on
google_compute_firewall
,google_compute_health_check
, andgoogle_compute_region_health_check
to enable the use of dynamic blocks with those resources. (#5194) - iam: Fixed a bug that causes badRequest errors on IAM resources due to deleted serviceAccount principals (#5142)
- resourcemanager: relaxed ExactlyOneOf restrictions on
google_organization_policy
,google_folder_organization_policy
, andgoogle_project_organization_policy
to enable the use of dynamic blocks with those resources. (#5194) - sourcerepo: Fixed a bug preventing repository IAM resources from referencing repositories with the
/
character in their name (#5195) - sql: fixed bug where terraform would keep retrying to create new
google_sql_database_instance
with the name of a previously deleted instance (#5141)
DEPRECATIONS:
- compute: deprecated
fingerprint
field ingoogle_compute_subnetwork
. Its value is now always""
. (#5105)
FEATURES:
- New Data Source:
data_source_google_bigquery_default_service_account
(#5081) - New Resource: cloudrun: Added support for
google_cloud_run_service
IAM resources:google_cloud_run_service_iam_policy
,google_cloud_run_service_iam_binding
,google_cloud_run_service_iam_member
(#5051)
IMPROVEMENTS:
- all: Added
synchronous_timeout
to provider block to allow setting higher per-operation-poll timeouts. (#5013) - bigquery: Added KMS support to
google_bigquery_table
(#5081) - cloudresourcemanager: Added
org_id
field togoogle_organization
datasource to expose the raw organization id (#5115) - cloudrun: Stopped requiring the root
metadata
block forgoogle_cloud_run_service
. (#5094) - compute: added support for
expr
togoogle_compute_security_policy.rule.match
(#5070) - compute: added support for
path_rules
togoogle_compute_region_url_map
(#5122) - compute: added support for
path_rules
togoogle_compute_url_map
(#5106) - compute: added support for
route_rules
togoogle_compute_region_url_map
(#5130) - compute: added support for header actions and route rules to
google_compute_url_map
(#4992) - dns: Added
visibility
field togoogle_dns_managed_zone
data source (#5063) - sourcerepo: added support for
pubsub_configs
togoogle_sourcerepo_repository
(#5050)
BUG FIXES:
- dns: fixed 503s caused by high numbers of
dns_record_set
s. (#5093) - logging: updated
exponential_buckets.growth_factor
from integer to double. (#5111) - storage: fixed bug where users without storage.objects.list permissions couldn't delete empty buckets (#5006)
BREAKING CHANGES:
- compute: field
peer_ip_address
ingoogle_compute_router_peer
is now required, to match the API behavior. (#4923)
FEATURES:
- New Resource:
google_billing_budget
(#5005) - New Resource:
google_cloud_tasks_queue
(#4880) - New Resource:
google_organization_iam_audit_config
(#4977)
IMPROVEMENTS:
- accesscontextmanager: added support for
requireAdminApproval
andrequireCorpOwned
ingoogle_access_context_manager_access_level
'sdevicePolicy
. (#4931) - all: added retries for timeouts while fetching operations (#4605)
- cloudbuild: Added build timeout to
google_cloudbuild_trigger
(#4938) - cloudresourcemanager: added support for importing
google_folder
in the form of the bare folder id, rather than requiringfolders/{bare_id}
(#4981) - compute: Updated default timeouts on
google_compute_project_metadata_item
. (#4995) - compute:
google_compute_disk
disk_encryption_key.raw_key
is now sensitive (#5009) - compute:
google_compute_firewall
enable_logging
is now GA (#4999) - compute:
google_compute_network_peering
resource can now be imported (#4998) - compute: computed attribute
management_type
ingoogle_compute_router_peer
is now available. (#4923) - container:
authenticator_groups_config
ingoogle_container_cluster
is now GA (#4969) - container:
google_container_cluster.vertical_pod_autoscaling
is now GA (#5033) - container: added
auto_provisioning_defaults
togoogle_container_cluster.cluster_autoscaling
(#4991) - container: added
upgrade_settings
support togoogle_container_node_pool
(#4926) - container: increased timeouts on
google_container_cluster
andgoogle_container_node_pool
(#4902) - dataproc:
google_dataproc_autoscaling_policy
is now GA.google_dataproc_cluster.autoscaling_config
is also available in GA (#4966) - dataproc:
google_dataproc_cluster
min_cpu_platform
on bothworker_config
andmaster_config
is now GA (#4968) - kms: enabled use of
user_project_override
for thekms_crypto_key
resource (#4967) - kms: enabled use of
user_project_override
for thekms_secret_ciphertext
data source (#4985) - sql: added
root_password
field togoogle_sql_database_instance
resource (#4983)
BUG FIXES:
- bigquery: fixed an issue where bigquery table id formats from the
2.X
series caused an error at plan time (#5012) - cloudbuild: Fixed incorrect dependency between
trigger_template
andgithub
ingoogle_cloud_build_trigger
. (#4946) - cloudfunctions: Fixed inability to set
google_cloud_functions_function
update timeout. (#5011) - cloudrun: Wait for the cloudrun resource to reach a ready state before returning success. (#4945)
- compute:
self_link
in several datasources will now error on invalid values instead of crashing (#4887) - compute: field
advertised_ip_ranges
ingoogle_compute_router_peer
can now be updated without recreating the resource. (#4923) - compute: marked
min_cpu_platform
ongoogle_compute_instance
as computed so if it is not specified it will not cause diffs (#4980) - dns: Fixed issue causing
google_dns_record_set
deletion to fail when the managed zone ceased to exist before the deletion event. (#5010) - iam: disallowed
deleted:
principals in IAM resources (#4958) - sql: added retries to
google_sql_user
create and update to reduce flakiness (#4860)
NOTES:
These are the changes between 3.0.0-beta.1 and the 3.0.0 final release. For changes since 2.20.0, see also the 3.0.0-beta.1 changelog entry below.
Please see the 3.0.0 upgrade guide for upgrade guidance.
BREAKING CHANGES:
- cloudrun: updated
cloud_run_service
to v1. Significant updates have been made to the resource including a breaking schema change. (#4972)
BUG FIXES:
- compute: fixed a bug in
google_compute_instance_group_manager
andgoogle_compute_region_instance_group_manager
that created an artificial diff when removing a now-removed field from a config (#4929) - dns: Fixed bug causing
google_dns_managed_zone
datasource to always return a 404 (#4940) - service_networking: fixed "An unknown error occurred" bug when creating multiple google_service_networking_connection resources in parallel (#4646)
BREAKING CHANGES:
- access_context_manager: Made
os_type
required on blockgoogle_access_context_manager_access_level.basic.conditions.device_policy.os_constraints
. MM#2665 - all: changed any id values that could not be interpolated as self_links into values that could MM#2461
- app_engine: Made
ssl_management_type
required ongoogle_app_engine_domain_mapping.ssl_settings
MM#2608 - app_engine: Made
shell
required ongoogle_app_engine_standard_app_version.entrypoint
. MM#2608 - app_engine: Made
source_url
required ongoogle_app_engine_standard_app_version.deployment.files
andgoogle_app_engine_standard_app_version.deployment.zip
. MM#2608 - app_engine: Made
split_health_checks
required ongoogle_app_engine_application.feature_settings
MM#2608 - app_engine: Made
script_path
required ongoogle_app_engine_standard_app_version.handlers.script
. MM#2665 - bigtable: Made
cluster_id
required ongoogle_bigtable_app_profile.single_cluster_routing
. MM#2608 - bigquery: Made at least one of
range
orskip_leading_rows
required ongoogle_bigquery_table.external_data_configuration.google_sheets_options
. MM#2608 - bigquery: Made
role
required ongoogle_bigquery_dataset.access
. MM#2665 - bigtable: Made exactly one of
single_cluster_routing
ormulti_cluster_routing_use_any
required ongoogle_bigtable_app_profile
. MM#2665 - binary_authorization: Made
name_pattern
required ongoogle_binary_authorization_policy.admission_whitelist_patterns
. MM#2665 - binary_authorization: Made
evaluation_mode
andenforcement_mode
required ongoogle_binary_authorization_policy.cluster_admission_rules
. MM#2665 - cloudbuild: made Cloud Build Trigger's trigger template required to match API requirements. MM#2352
- cloudbuild: Made
branch
required ongoogle_cloudbuild_trigger.github
. MM#2608 - cloudbuild: Made
steps
required ongoogle_cloudbuild_trigger.build
. MM#2608 - cloudbuild: Made
name
required ongoogle_cloudbuild_trigger.build.steps
. MM#2608 - cloudbuild: Made
name
andpath
required ongoogle_cloudbuild_trigger.build.steps.volumes
. MM#2608 - cloudbuild: Made exactly one of
filename
orbuild
required ongoogle_cloudbuild_trigger
. MM#2665 - cloudfunctions: deprecated
nodejs6
as option forruntime
infunction
and made it required. MM#2499 - cloudscheduler: Made exactly one of
pubsub_target
,http_target
orapp_engine_http_target
required ongoogle_cloudscheduler_job
. MM#2665 - cloudiot: removed
event_notification_config
(singular) fromgoogle_cloudiot_registry
. Use pluralevent_notification_configs
instead. MM#2390 - cloudiot: Made
public_key_certificate
required ongoogle_cloudiot_registry. credentials
. MM#2608 - cloudscheduler: Made
service_account_email
required ongoogle_cloudscheduler_job.http_target.oauth_token
andgoogle_cloudscheduler_job.http_target.oidc_token
. MM#2608 - composer: Made at least one of
airflow_config_overrides
,pypi_packages
,env_variables,
image_version, or
python_versionrequired on
google_composer_environment.config.software_config`. MM#2608 - composer: Made
use_ip_aliases
required ongoogle_composer_environment.config.node_config.ip_allocation_policy
. MM#2608 - composer: Made
enable_private_endpoint
required ongoogle_composer_environment.config.private_environment_config
. MM#2608 - composer: Made at least one of
enable_private_endpoint
ormaster_ipv4_cidr_block
required ongoogle_composer_environment.config.private_environment_config
MM#2682 - composer: Made at least one of
node_count
,node_config
,software_config
orprivate_environment_config
required ongoogle_composer_environment.config
MM#2682 - compute:
google_compute_backend_service
'sbackend
field field now requires thegroup
subfield to be set. MM#2373 - compute: permanently removed
ip_version
field fromgoogle_compute_forwarding_rule
MM#2436 - compute: permanently removed
ipv4_range
field fromgoogle_compute_network
. MM#2436 - compute: permanently removed
auto_create_routes
field fromgoogle_compute_network_peering
. MM#2436 - compute: permanently removed
update_strategy
field fromgoogle_compute_region_instance_group_manager
. MM#2436 - compute: added check to only allow
google_compute_instance_template
s with 375gb scratch disks MM#2495 - compute: made
google_compute_instance_template
fail at plan time when scratch disks do not havedisk_type
"local-ssd"
. MM#2282 - compute: removed
enable_flow_logs
field fromgoogle_compute_subnetwork
. This is now controlled by the presence of thelog_config
block MM#2597 - compute: Made
raw_key
required ongoogle_compute_snapshot.snapshot_encryption_key
. MM#2608 - compute: Made at least one of
auto_delete
,device_name
,disk_encryption_key_raw
,kms_key_self_link
,initialize_params
,mode
orsource
required ongoogle_compute_instance.boot_disk
. MM#2608 - compute: Made at least one of
size
,type
,image
, orlabels
required ongoogle_compute_instance.boot_disk.initialize_params
. MM#2608 - compute: Made at least one of
enable_secure_boot
,enable_vtpm
, orenable_integrity_monitoring
required ongoogle_compute_instance.shielded_instance_config
. MM#2608 - compute: Made at least one of
on_host_maintenance
,automatic_restart
,preemptible
, ornode_affinities
required ongoogle_compute_instance.scheduling
. MM#2608 - compute: Made
interface
required ongoogle_compute_instance.scratch_disk
. MM#2608 - compute: Made at least one of
enable_secure_boot
,enable_vtpm
, orenable_integrity_monitoring
required ongoogle_compute_instance_template.shielded_instance_config
. MM#2608 - compute: Made at least one of
on_host_maintenance
,automatic_restart
,preemptible
, ornode_affinities
are now required ongoogle_compute_instance_template.scheduling
. MM#2608 - compute: Made
kms_key_self_link
required ongoogle_compute_instance_template.disk.disk_encryption_key
. MM#2608 - compute: Made
range
required ongoogle_compute_router_peer. advertised_ip_ranges
. MM#2608 - compute: Made
channel
required ongoogle_container_cluster.release_channel
. MM#2608 - compute: Removed
instance_template
forgoogle_compute_instance_group_manager
andgoogle_compute_region_instance_group_manager
. Useversion.instance_template
instead. MM#2595 - compute: removed
update_strategy
forgoogle_compute_instance_group_manager
. Useupdate_policy
instead. MM#2595 - compute: stopped allowing selfLink or path style references as IP addresses for
google_compute_forwarding_rule
orgoogle_compute_global_forwarding_rule
MM#2620 - compute: Made exactly one of
http_health_check
,https_health_check
,http2_health_check
,tcp_health_check
orssl_health_check
required ongoogle_compute_health_check
. MM#2665 - compute: Made exactly one of
http_health_check
,https_health_check
,http2_health_check
,tcp_health_check
orssl_health_check
required ongoogle_compute_region_health_check
. MM#2665 - container: permanently removed
zone
andregion
fields from data sourcegoogle_container_engine_versions
. MM#2436 - container: permanently removed
zone
,region
andadditional_zones
fields fromgoogle_container_cluster
. MM#2436 - container: permanently removed
zone
andregion
fields fromgoogle_container_node_pool
. MM#2436 - container: set
google_container_cluster
'slogging_service
andmonitoring_service
defaults to enable GKE Stackdriver Monitoring. MM#2471 - container: removed
kubernetes_dashboard
fromgoogle_container_cluster.addons_config
MM#2551 - container: removed automatic suppression of GPU taints in GKE
taint
MM#2537 - container: Made
disabled
required ongoogle_container_cluster.addons_config.http_load_balancing
,google_container_cluster.addons_config.horizontal_pod_autoscaling
,google_container_cluster.addons_config.network_policy_config
,google_container_cluster.addons_config.cloudrun_config
, andgoogle_container_cluster.addons_config.istio_config
. MM#2608 - container: Made at least one of
http_load_balancing
,horizontal_pod_autoscaling
,network_policy_config
,cloudrun_config
, oristio_config
required ongoogle_container_cluster.addons_config
. MM#2608 - container: Made
enabled
required ongoogle_container_cluster.network_policy
. MM#2608 - container: Made
enable_private_endpoint
required ongoogle_container_cluster.private_cluster_config
. MM#2608 - container: Made
enabled
required ongoogle_container_cluster.vertical_pod_autoscaling
. MM#2608 - container: Made
cidr_blocks
required ongoogle_container_cluster.master_authorized_networks_config
. MM#2608 - container: Made at least one of
username
,password
orclient_certificate_config
required ongoogle_container_cluster.master_auth
. MM#2608 - container: removed
google_container_cluster
ip_allocation_policy.use_ip_aliases
. If it's set to true, remove it from your config. If false, removeip_allocation_policy
as a whole. MM#2615 - container: removed
google_container_cluster
ip_allocation_policy.create_subnetwork
,ip_allocation_policy.subnetwork_name
,ip_allocation_policy.node_ipv4_cidr_block
. Define an explicitgoogle_compute_subnetwork
and usesubnetwork
instead. MM#2615 - dataproc: Made at least one of
staging_bucket
,gce_cluster_config
,master_config
,worker_config
,preemptible_worker_config
,software_config
,initialization_action
orencryption_config
required ongoogle_dataproc_cluster.cluster_config
. MM#2608 - dataproc: Made at least one of
zone
,network
,subnetwork
,tags
,service_account
,service_account_scopes
,internal_ip_only
ormetadata
required ongoogle_dataproc_cluster.cluster_config.gce_cluster_config
. MM#2608 - dataproc: Made at least one of
num_instances
,image_uri
,machine_type
,min_cpu_platform
,disk_config
, oraccelerators
required ongoogle_dataproc_cluster.cluster_config.master_config
andgoogle_dataproc_cluster.cluster_config.worker_config
. MM#2608 - dataproc: Made at least one of
num_local_ssds
,boot_disk_size_gb
orboot_disk_type
required ongoogle_dataproc_cluster.cluster_config.preemptible_worker_config.disk_config
,google_dataproc_cluster.cluster_config.master_config.disk_config
andgoogle_dataproc_cluster.cluster_config.worker_config.disk_config
. MM#2608 - dataproc: Made at least one of
num_instances
ordisk_config
required ongoogle_dataproc_cluster.cluster_config.preemptible_worker_config
. MM#2608 - dataproc: Made at least one of
image_version
,override_properties
oroptional_components
is now required ongoogle_dataproc_cluster.cluster_config.software_config
. MM#2608 - dataproc: Made
policy_uri
required ongoogle_dataproc_cluster.cluster_config.autoscaling_config
. MM#2608 - dataproc: Made
max_failures_per_hour
required ongoogle_dataproc_job.scheduling
. MM#2608 - dataproc: Made
driver_log_levels
required ongoogle_dataproc_job.pyspark_config.logging_config
,google_dataproc_job.spark_config.logging_config
,google_dataproc_job.hadoop_config.logging_config
,google_dataproc_job.hive_config.logging_config
,google_dataproc_job.pig_config.logging_config
,google_dataproc_job.sparksql_config.logging_config
. MM#2608 - dataproc: Made at least one of
main_class
ormain_jar_file_uri
required ongoogle_dataproc_job.spark_config
andgoogle_dataproc_job.hadoop_config
. MM#2608 - dataproc: Made at least one of
query_file_uri
orquery_list
required ongoogle_dataproc_job.hive_config
,google_dataproc_job.pig_config
, andgoogle_dataproc_job.sparksql_config
. MM#2608 - dns: Made
networks
required ongoogle_dns_managed_zone.private_visibility_config
. MM#2608 - dns: Made
network_url
required ongoogle_dns_managed_zone.private_visibility_config.networks
. MM#2608 - iam: made
iam_audit_config
resources overwrite existing audit config on create. Previous implementations merged config with existing audit configs on create. MM#2438 - iam: Made exactly one of
list_policy
,boolean_policy
, orrestore_policy
required ongoogle_organization_policy
. MM#2608 - iam: Made exactly one of
all
orvalues
required ongoogle_organization_policy.list_policy.allow
andgoogle_organization_policy.list_policy.deny
. MM#2608 - iam:
google_project_iam_policy
can handle theproject
field in either of the following forms:project-id
orprojects/project-id
MM#2700 - iam: Made exactly one of
allow
ordeny
required ongoogle_organization_policy.list_policy
MM#2682 - iam: removed the deprecated
pgp_key
,private_key_encrypted
andprivate_key_fingerprint
fromgoogle_service_account_key
MM#2680 - monitoring: permanently removed
is_internal
andinternal_checkers
fields fromgoogle_monitoring_uptime_check_config
. MM#2436 - monitoring: permanently removed
labels
field fromgoogle_monitoring_alert_policy
. MM#2436 - monitoring: Made
content
required ongoogle_monitoring_uptime_check_config.content_matchers
. MM#2608 - monitoring: Made exactly one of
http_check
ortcp_check
is now required ongoogle_monitoring_uptime_check_config
. MM#2665 - monitoring: Made at least one of
auth_info
,port
,headers
,path
,use_ssl
, ormask_headers
is now required ongoogle_monitoring_uptime_check_config.http_check
MM#2665 - provider: added the
https://www.googleapis.com/auth/userinfo.email
scope to the provider by default MM#2473 - pubsub: removed ability to set a full path for
google_pubsub_subscription.name
(e.g.projects/my-project/subscriptions/my-subscription
).name
now must be the shortname (e.g.my-subscription
) MM#2561 - resourcemanager: converted
google_folder_organization_policy
andgoogle_organization_policy
import format to use slashes instead of colons. MM#2638 - serviceusage: removed
google_project_services
MM#2403 - serviceusage: stopped accepting
bigquery-json.googleapis.com
ingoogle_project_service
. Specifybiquery.googleapis.com
instead. MM#2626 - sql: Made
name
andvalue
required ongoogle_sql_database_instance.settings.database_flags
. MM#2608 - sql: Made at least one of
binary_log_enabled
,enabled
,start_time
, andlocation
required ongoogle_sql_database_instance.settings.backup_configuration
. MM#2608 - sql: Made at least one of
authorized_networks
,ipv4_enabled
,require_ssl
, andprivate_network
required ongoogle_sql_database_instance.settings.ip_configuration
. MM#2608 - sql: Made at least one of
day
,hour
, andupdate_track
required ongoogle_sql_database_instance.settings.maintenance_window
. MM#2608 - sql: Made at least one of
cert
,common_name
,create_time
,expiration_time
, orsha1_fingerprint
required ongoogle_sql_database_instance.settings.server_ca_cert
. MM#2608 - sql: Made at least one of
ca_certificate
,client_certificate
,client_key
,connect_retry_interval
,dump_file_path
,failover_target
,master_heartbeat_period
,password
,ssl_cipher
,username
, andverify_server_certificate
required ongoogle_sql_database_instance.settings.replica_configuration
. MM#2608 - sql: Made
value
required ongoogle_sql_database_instance.settings.ip_configuration.authorized_networks
. MM#2608 - storage: permanently removed
is_live
flag fromgoogle_storage_bucket
. MM#2436 - storage: Made at least one of
main_page_suffix
ornot_found_page
required ongoogle_storage_bucket.website
. MM#2608 - storage: Made at least one of
min_time_elapsed_since_last_modification
,max_time_elapsed_since_last_modification
,include_prefixes
, orexclude_prefixes
required ongoogle_storage_transfer_job.transfer_spec.object_conditions
. MM#2608 - storage: Made at least one of
overwrite_objects_already_existing_in_sink
,delete_objects_unique_in_sink
, anddelete_objects_from_source_after_transfer
required ongoogle_storage_transfer_job.transfer_spec.transfer_options
. MM#2608 - storage: Made at least one of
gcs_data_source
,aws_s3_data_source
, orhttp_data_source
required ongoogle_storage_transfer_job.transfer_options
. MM#2608