Update Terraform google to v5

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
google (source)	required_provider	major	4.83.0 -> 5.2.0

---

Release Notes

hashicorp/terraform-provider-google (google)

v5.2.0

Compare Source

FEATURES:

• New Data Source: google_secret_manager_secrets (#​16182)
• New Resource: google_alloydb_user (#​16141)
• New Resource: google_firestore_backup_schedule (#​16186)
• New Resource: google_redis_cluster (#​16203)

IMPROVEMENTS:

• alloydb: added cluster_type and secondary_config fields to support secondary clusters in google_alloydb_cluster resource. (#​16197)
• compute: added recreate_closed_psc flag to support recreating the PSC Consumer forwarding rule if the psc_connection_status is closed on google_compute_forwarding_rule. (#​16188)
• compute: added INTERNET_IP_PORT, INTERNET_FQDN_PORT, SERVERLESS, and PRIVATE_SERVICE_CONNECT as acceptable values for the network_endpoint_type field for the resource_compute_network_endpoint_group resource (#​16194)
• compute: added SEV_LIVE_MIGRATABLE_V2 to guest_os_features enum on google_compute_image resource. (#​16187)
• compute: added allow_subnet_cidr_routes_overlap field to google_compute_subnetwork resource (#​16116)
• compute: promoted labels, effective_labels, terraform_labels, and label_fingerprint fields in google_compute_address to GA (#​16120)
• compute: promoted internal_ip and external_ip fields in resources google_compute_instance_group_manager and google_compute_region_instance_group_manager to GA (#​16140)
• compute: promoted internal_ip and external_ip fields in resources google_compute_per_instance_config and google_compute_region_per_instance_config to GA (#​16140)
• iamworkforcepool: promoted field oidc.jwks_json in resource google_iam_workforce_pool to GA (#​16199)

BUG FIXES:

• alloydb: added client_connection_config field to google_alloydb_instance resource (#​16202)
• bigquery: removed mutual exclusivity checks for view, materialized_view, and schema for the google_bigquery_table resource (#​16193)
• compute: added certificate_manager_certificates field to google_compute_target_https_proxy resource (#​16179)
• compute: fixed an issue where external google_compute_global_address can't be created when network_tier in google_compute_project_default_network_tier is set to STANDARD (#​16144)
• compute: fixed a false permadiff on ip_address when it is set to ipv6 on google_compute_forwarding_rule (#​16115)
• provider: fixed a bug where an update request was sent to services when updateMask is empty (#​16111)

v5.1.0

Compare Source

FEATURES:

• New Resource: google_database_migration_service_private_connection (#​16104)
• New Resource: google_edgecontainer_cluster (#​16055)
• New Resource: google_edgecontainer_node_pool (#​16055)
• New Resource: google_edgecontainer_vpn_connection (#​16055)
• New Resource: google_firebase_hosting_custom_domain (#​16062)
• New Resource: google_gke_hub_fleet (#​16072)

IMPROVEMENTS:

• compute: added device_name field to scratch_disk block of google_compute_instance resource (#​16049)
• container: added node_config.linux_node_config.cgroup_mode field to google_container_node_pool (#​16103)
• databasemigrationservice: added support for oracle profiles to google_database_migration_service_connection_profile (#​16087)
• firestore: added api_scope field to google_firestore_index resource (#​16085)
• gkehub: added location field to google_gke_hub_membership_iam_* resources (#​16105)
• gkehub: added location field to google_gke_hub_membership resource (#​16105)
• gkeonprem: added update-in-place support for vcenter fields in google_gkeonprem_vmware_cluster (#​16073)
• identityplatform: added sms_region_config to the resource google_identity_platform_config (#​16044)

BUG FIXES:

• dns: fixed record set configuration parsing in google_dns_record_set (#​16042)
• provider: fixed an issue where the plugin-framework implementation of the provider handled default region values that were self-links differently to the SDK implementation. This issue is not believed to have affected users because of downstream functions that turn self links into region names. (#​16100)
• provider: fixed a bug that caused update requests to be sent for resources with a terraform_labels field even if no fields were updated (#​16111)

v5.0.0

Compare Source

KNOWN ISSUES:

• Updating some resources post-upgrade results in an error like "The update_mask in the Update{{Resource}}Request must be set". This should be resolved in 5.1.0, see https://github.com/hashicorp/terraform-provider-google/issues/16091 for details.

Terraform Google Provider 5.0.0 Upgrade Guide

NOTES:

• provider: some provider default values are now shown at plan-time (#​15707)

LABELS REWORK:

• provider: default labels configured on the provider through the new default_labels field are now supported. The default labels configured on the provider will be applied to all of the resources with standard labels field.
• provider: resources with labels - three label-related fields are now in all of the resources with standard labels field. labels field is non-authoritative and only manages the labels defined by the users on the resource through Terraform. The new output-only terraform_labels field merges the labels defined by the users on the resource through Terraform and the default labels configured on the provider. The new output-only effective_labels field lists all of labels present on the resource in GCP, including the labels configured through Terraform, the system, and other clients.
• provider: resources with annotations - two annotation-related fields are now in all of the resources with standard annotations field. The annotations field is non-authoritative and only manages the annotations defined by the users on the resource through Terraform. The new output-only effective_annotations field lists all of annotations present on the resource in GCP, including the annotations configured through Terraform, the system, and other clients.
• provider: datasources with labels - three fields labels, terraform_labels, and effective_labels are now present in most resource-based datasources. All three fields have all of labels present on the resource in GCP including the labels configured through Terraform, the system, and other clients, equivalent to effective_labels on the resource.
• provider: datasources with annotations - both annotations and effective_annotations are now present in most resource-based datasources. Both fields have all of annotations present on the resource in GCP including the annotations configured through Terraform, the system, and other clients, equivalent to effective_annotations on the resource.

BREAKING CHANGES:

• provider: added provider-level validation so these fields are not set as empty strings in a user's config: credentials, access_token, impersonate_service_account, project, billing_project, region, zone (#​15968)
• provider: fixed many import functions throughout the provider that matched a subset of the provided input when possible. Now, the GCP resource id supplied to "terraform import" must match exactly. (#​15977)
• provider: made data sources return errors on 404s when applicable instead of silently failing (#​15799)
• provider: made empty strings in the provider configuration block no longer be ignored when configuring the provider(#​15968)
• accesscontextmanager: changed multiple array fields to sets where appropriate to prevent duplicates and fix diffs caused by server side reordering. (#​15756)
• bigquery: added more input validations for google_bigquery_table schema (#​15338)
• bigquery: made routine_type required for google_bigquery_routine (#​15517)
• cloudfunction2: made location required on google_cloudfunctions2_function (#​15830)
• cloudiot: removed deprecated datasource google_cloudiot_registry_iam_policy (#​15739)
• cloudiot: removed deprecated resource google_cloudiot_device (#​15739)
• cloudiot: removed deprecated resource google_cloudiot_registry (#​15739)
• cloudiot: removed deprecated resource google_cloudiot_registry_iam_* (#​15739)
• cloudrunv2: removed deprecated field liveness_probe.tcp_socket from google_cloud_run_v2_service resource. (#​15430)
• cloudrunv2: removed deprecated fields startup_probe and liveness_probe from google_cloud_run_v2_job resource. (#​15430)
• cloudrunv2: retyped volumes.cloud_sql_instance.instances to SET from ARRAY for google_cloud_run_v2_service (#​15831)
• compute: made google_compute_node_group require one of initial_size or autoscaling_policy fields configured upon resource creation (#​16006)
• compute: made size in google_compute_node_group an output only field. (#​16006)
• compute: removed default value for rule.rate_limit_options.encorce_on_key on resource google_compute_security_policy (#​15681)
• compute: retyped consumer_accept_lists to a SET from an ARRAY type for google_compute_service_attachment (#​15985)
• container: added deletion_protection to google_container_cluster which is enabled to true by default. When enabled, this field prevents Terraform from deleting the resource. (#​16013)
• container: changed management.auto_repair and management.auto_upgrade defaults to true in google_container_node_pool (#​15931)
• container: changed networking_mode default to VPC_NATIVE for newly created google_container_cluster resources (#​6402)
• container: removed enable_binary_authorization in google_container_cluster (#​15868)
• container: removed default for logging_variant in google_container_node_pool (#​15931)
• container: removed default value in network_policy.provider in google_container_cluster (#​15920)
• container: removed the behaviour that google_container_cluster will delete the cluster if it's created in an error state. Instead, it will mark the cluster as tainted, allowing manual inspection and intervention. To proceed with deletion, run another terraform apply. (#​15887)
• container: reworked the taint field in google_container_cluster and google_container_node_pool to only manage a subset of taint keys based on those already in state. Most existing resources are unaffected, unless they use sandbox_config- see upgrade guide for details. (#​15959)
• dataplex: removed data_profile_result and data_quality_result from google_dataplex_scan (#​15505)
• firebase: changed deletion_policy default to DELETE for google_firebase_web_app. (#​15406)
• firebase: removed google_firebase_project_location (#​15764)
• gameservices: removed Terraform support for gameservices (#​15558)
• logging: changed the default value of unique_writer_identity from false to true in google_logging_project_sink. (#​15743)
• logging: made growth_factor, num_finite_buckets, and scale required for google_logging_metric (#​15680)
• looker: removed LOOKER_MODELER as a possible value in google_looker_instance.platform_edition (#​15956)
• monitoring: fixed perma-diffs in google_monitoring_dashboard.dashboard_json by suppressing values returned by the API that are not in configuration (#​16014)
• monitoring: made labels immutable in google_monitoring_metric_descriptor (#​15988)
• privateca: removed deprecated fields config_values, pem_certificates from google_privateca_certificate (#​15537)
• secretmanager: removed automatic field in google_secret_manager_secret resource (#​15859)
• servicenetworking: used Create instead of Patch to create google_service_networking_connection (#​15761)
• servicenetworking: used the deleteConnection method to delete the resource google_service_networking_connection (#​15934)

FEATURES:

• New Resource: google_scc_folder_custom_module (#​15979)
• New Resource: google_scc_organization_custom_module (#​16012)

IMPROVEMENTS:

• alloydb: added additional fields to google_alloydb_instance and google_alloydb_backup (#​15973)
• artifactregistry: added support for remote APT and YUM repositories to google_artifact_registry_repository (#​15973)
• baremetal: made delete a noop for the resource google_bare_metal_admin_cluster to better align with actual behavior (#​16010)
• bigtable: added state output attribute to google_bigtable_instance clusters (#​15961)
• compute: made google_compute_node_group mutable (#​16006)
• container: added the effective_taints attribute to google_container_cluster and google_container_node_pool, outputting all known taint values (#​15959)
• container: allowed setting addons_config.gcs_fuse_csi_driver_config on google_container_cluster with enable_autopilot: true. (#​15996)
• containeraws: added binary_authorization to google_container_aws_cluster (#​15989)
• containeraws: added update_settings to google_container_aws_node_pool (#​15989)
• google_compute_instance (#​15933)
• osconfig: added week_day_of_month.day_offset field to the google_os_config_patch_deployment resource (#​15997)
• secretmanager: allowed update for rotation.rotation_period field in google_secret_manager_secret resource (#​15952)
• sql: added preferred_zone field to google_sql_database_instance resource (#​15971)
• storagetransfer: added event_stream field to google_storage_transfer_job resource (#​16004)

BUG FIXES:

• bigquery: fixed diff suppression in external_data_configuration.connection_id in google_bigquery_table (#​15983)
• bigquery: fixed view and materialized view creation when schema is specified in google_bigquery_table (#​15442)
• bigtable: avoided re-creation of google_bigtable_instance when cluster is still updating and storage type changed (#​15961)
• bigtable: fixed a bug where dynamically created clusters would incorrectly run into duplication error in google_bigtable_instance (#​15940)
• compute: removed the default value for field reconcile_connections in resource google_compute_service_attachment, the field will now default to a value returned by the API when not set in configuration (#​15919)
• compute: replaced incorrect default value for enable_endpoint_independent_mapping with APIs default in resource google_compute_router_nat (#​15478)
• container: fixed an issue in google_container_node_pool where empty linux_node_config.sysctls would crash the provider (#​15941)
• dataflow: fixed issue causing error message when max_workers and num_workers were supplied via parameters in google_dataflow_flex_template_job (#​15976)
• dataflow: fixed max_workers read value permanently displaying as 0 in google_dataflow_flex_template_job (#​15976)
• dataflow: fixed permadiff when SdkPipeline values are supplied via parameters in google_dataflow_flex_template_job (#​15976)
• identityplayform: fixed a potential perma-diff for sign_in in google_identity_platform_config resource (#​15907)
• firebase: made google_firebase_rules.release immutable (#​15989)
• monitoring: fixed an issue where metadata was not able to be updated in google_monitoring_metric_descriptor (#​16014)
• monitoring: fixed bug where importing google_monitoring_notification_channel failed when no default project was supplied in provider configuration or through environment variables (#​15929)
• secretmanager: fixed an issue in google_secretmanager_secret where replacing replication.automatic with replication.auto would destroy and recreate the resource (#​15922)
• sql: fixed diffs when re-ordering existing database_flags in google_sql_database_instance (#​15678)
• tags: fixed import failure on google_tags_tag_binding (#​16005)
• vertexai: made contents_delta_uri a required field in google_vertex_ai_index as omitting it would result in an error (#​15992)

v4.84.0

Compare Source

DEPRECATIONS:

• alloydb: deprecated network field in favor of network_config on google_alloydb_cluster. (#​15881)
• identityplayform: deprecated google_identity_platform_project_default_config resource. Use google_identity_platform_config resource instead (#​15876)

FEATURES:

• New Data Source: google_certificate_manager_certificate_map (#​15906)
• New Resource: google_artifact_registry_vpcsc_config (#​15840)
• New Resource: google_dialogflow_cx_security_settings (#​15886)
• New Resource: google_gke_backup_restore_plan (#​15858)
• New Resource: google_edgenetwork_network (#​15891)
• New Resource: google_edgenetwork_subnet (#​15891)

IMPROVEMENTS:

• alloydb: added network_config field to support named IP ranges on google_alloydb_cluster. (#​15881)
• cloudrunv2: added fields network_interfaces to resource google_cloud_run_v2_job to support Direct VPC egress. (#​15870)
• cloudrunv2: added fields network_interfaces to resource google_cloud_run_v2_service to support Direct VPC egress. (#​15870)
• compute: updated the autoscaling_policy.mode to accept ONLY_SCALE_OUT on google_compute_autoscaler (#​15890)
• compute: added server_tls_policy argument to google_compute_target_https_proxy resource (#​15845)
• compute: added member attribute to google_compute_default_service_account datasource (#​15897)
• compute: added output field internal_ipv6_prefix to google_compute_subnetwork resource (#​15892)
• container: added node_config.fast_socket field to google_container_node_pool (#​15872)
• container: promoted node_pool_auto_config field in google_container_cluster from beta provider to GA provider. (#​15884)
• container: promoted field placement_policy.tpu_topology in resource google_container_node_pool to GA (#​15869)
• containeraws: added support for auto_repair in google_container_aws_node_pool (#​15862)
• containerazure: added support for auto_repair in google_container_azure_node_pool (#​15862)
• filestore: added support for the "ZONAL" value to tier in google_filestore_instance (#​15889)
• firestore: added delete_protection_state field to google_firestore_database resource. (#​15878)
• identityplatform: added sign-in field to google_identity_platform_config resource (#​15876)
• networkconnectivity: added support for linked_vpc_network in google_network_connectivity_spoke (#​15862)
• networkservices: increased default timeout for google_network_services_edge_cache_origin to 120m from 60m (#​15855)
• networkservices: increased default timeout for google_network_services_edge_cache_service to 60m from 30m (#​15861)
• secretmanager: added is_secret_data_base64 field to google_secret_manager_secret_version resource (#​15853)

BUG FIXES:

• bigquery: updated documentation for google_bigquery_table.time_partitioning.expiration_ms (#​15873)
• bigtable: added a read timeout to google_bigtable_instance (#​15856)
• bigtable: improved regional reliability when instance overlaps a downed region in the resource google_bigtable_instance (#​15900)
• eventarc: resolved permadiff on google_eventarc_trigger.event_data_content_type by defaulting to the value returned by the API if not set in the configuration. (#​15862)
• identityplatform: fixed a potential perma-diff for sign_in in google_identity_platform_config resource (#​15907)
• monitoring: fixed scaling issues when deploying terraform changes with many google_monitoring_monitored_project (#​15828)
• monitoring: fixed validation of service_id on google_monitoring_custom_service and slo_id on google_monitoring_slo (#​15841)
• osconfig: fixed no more than one setting is allowed under patch_config.windows_update on google_os_config_patch_deployment (#​15904)
• provider: addressed a bug where configuring the provider with unknown values did not behave as expected (#​15898)
• provider: fixed the provider so it resumes ignoring empty strings set in the provider block (#​15844)
• secretmanager: replaced the panic block with an error in import function of google_secret_manager_secret_version resource (#​15880)
• secretmanager: fixed an issue in google_secretmanager_secret where replacing replication.automatic with replication.auto would destroy and recreate the resource (#​15922)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.