v5.29.1

5.29.1 (May 14, 2024)

BREAKING CHANGES:

• compute: removed secondary_ip_range.reserved_internal_range field from google_compute_subnetwork (7363)

v5.29.0

BREAKING CHANGES:

• compute: added required reserved_internal_range subfield to reserved_internal_range in google_compute_subnetwork. This field can be set to null as an equivalent to leaving it unspecified.

NOTES:

• compute: added documentation for md5_authentication_key field in google_compute_router_peer resource. The field was introduced in v5.12.0, but documentation was unintentionally omitted at that time. (#7306)

FEATURES:

• New Resource: google_bigtable_authorized_view (#7310)
• New Resource: google_integration_connectors_managed_zone (#7320)
• New Resource: google_network_connectivity_regional_endpoint (#7313)

IMPROVEMENTS:

• clouddeploy: added custom_target field to google_clouddeploy_target resource (#7309)
• clouddeploy: added google_cloud_build_repo to custom_target_type resource (#7325)
• compute: added preconfigured_waf_config field to google_compute_region_security_policy_rule resource; (#7324)
• compute: added rate_limit_options field to 'google_compute_region_security_policy_rule' resource; (#7324)
• compute: added security_profile_group, tls_inspect to google_compute_firewall_policy_rule (#7309)
• compute: added security_profile_group, tls_inspect to google_compute_network_firewall_policy_rule (#7309)
• compute: added fields reserved_internal_range and secondary_ip_ranges.reserved_internal_range to google_compute_subnetwork resource (#7318)
• container: added dns_config.additive_vpc_scope_dns_domain field to google_container_cluster resource (#7321)
• container: added enable_nested_virtualization field to google_container_node_pool and google_container_cluster resource. (#7314)
• iam: added extra_attributes_oauth2_client field to google_iam_workforce_pool_provider resource (#7319)
• privateca: added maximum_lifetime field to google_privateca_certificate_template resource (#7309)

BUG FIXES:

• bigquery: added allow_resource_tags_on_deletion to google_bigquery_table to allow deletion of table when it still has associated resource tags (#7327)

v5.28.0

DEPRECATIONS:

• integrations: deprecated create_sample_workflows and provision_gmek fields in google_integrations_client. (#7285)

FEATURES:

• New Data Source: google_storage_buckets (#7291)
• New Resource: google_compute_security_policy_rule (#7282)
• New Resource: google_privileged_access_manager_entitlement (#7283)

IMPROVEMENTS:

• alloydb: added maintenance_update_policy field to google_alloydb_cluster resource (#7288)
• container: added node_config.secondary_boot_disks field to google_container_node_pool (#7292)
• integrations: added create_sample_integrations field to google_integrations_client, replacing deprecated field create_sample_workflows. (#7285)
• redis: added redis_configs field to google_redis_cluster resource (#7289)

BUG FIXES:

• dns: fixed bug where the deletion of google_dns_managed_zone resources was blocked by any associated SOA-type google_dns_record_set resources (#7305)
• storage: fixed an issue where google_storage_bucket_object and google_storage_bucket_objects data sources would ignore custom endpoints (#7287)

v5.27.0

FEATURES:

• New Data Source: google_storage_bucket_objects (#7270)
• New Resource: google_composer_user_workloads_secret (#7257)
• New Resource: google_compute_security_policy_rule (#7282)
• New Resource: google_data_loss_prevention_discovery_config (#7252)
• New Resource: google_integrations_auth_config (#7268)
• New Resource: google_network_connectivity_internal_range (#7265)

IMPROVEMENTS:

• alloydb: added network_config field to google_alloydb_instance resource (#7271)
• alloydb: added public_ip_address field to google_alloydb_instance resource (#7271)
• apigee: added forward_proxy_uri field to google_apigee_environment resource (#7260)
• bigquerydatapolicy: added data_masking_policy.routine field to google_bigquery_data_policy resource (#7250)
• compute: added server_tls_policy field to google_compute_region_target_https_proxy resource (#7280)
• filestore: added protocol field to google_filestore_instance resource to support NFSv3 and NFSv4.1 (#7254)
• firebasehosting: added config.rewrites.path field to google_firebase_hosting_version resource (#7258)
• logging: added intercept_children field to google_logging_organization_sink and google_logging_folder_sink resources (#7279)
• monitoring: added service_agent_authentication field to google_monitoring_uptime_check_config resource (#7276)
• privateca: added subject_key_id field to google_privateca_certificate and google_privateca_certificate_authority resources (#7273)
• secretmanager: added version_destroy_ttl field to google_secret_manager_secret resource (#7253)

BUG FIXES:

• appengine: added suppression for a diff in google_app_engine_standard_app_version.automatic_scaling when the block is unset in configuration (#7262)
• sql: fixed issues with updating the enable_google_ml_integration field in google_sql_database_instance resource (#7249)

v5.26.0

FEATURES:

• New Resource: google_project_iam_member_remove (#7242)

IMPROVEMENTS:

• apigee: added support for api_consumer_data_location, api_consumer_data_encryption_key_name, and control_plane_encryption_key_name in google_apigee_organization (#7245)
• artifactregistry: added remote_repository_config.<facade>_repository.custom_repository.uri field to google_artifact_registry_repository resource. (#7230)
• bigquery: added resource_tags field to google_bigquery_table resource (#7247)
• billing: added ownership_scope field to google_billing_budget resource (#7239)
• cloudfunctions2: added build_config.service_account field to google_cloudfunctions2_function resource (#7231)
• composer: fixed validation on google_composer_environment resource so it will identify a disallowed upgrade to Composer 3 before attempting to provide feedback that's specific to using Composer 3 (#7213)
• compute: added params.resource_manager_tags field to resource_compute_instance_group_manager and resource_compute_region_instance_group_manager that enables to create these resources with tags (beta) (#7226)
• resourcemanager: added the field api_method to datasource google_active_folder so you can use either SEARCH or LIST to find your folder (#7248)
• storage: added labels validation to google_storage_bucket resource (#7212)
• workstations: added output-only field control_plane_ip to google_workstations_workstation_cluster resource (beta) (#7240)

BUG FIXES:

• apigee: fixed permadiff in ordering of google_apigee_organization.properties.property. (#7234)
• cloudrun: fixed the bug that computed metadata.0.labels and metadata.0.annotations fields don't appear in terraform plan when creating resource google_cloud_run_service and google_cloud_run_domain_mapping (#7217)
• dns: fixed bug where some methods of authentication didn't work when using dns data sources (#7233)
• iam: fixed a bug that prevented setting create_ignore_already_exists on existing resources in google_service_account. (#7236)
• sql: fixed issues with updating the enable_google_ml_integration field in google_sql_database_instance resource (#7249)
• storage: added validation to name field in google_storage_bucket resource (#7237)
• vmwareengine: fixed stretched cluster creation in google_vmwareengine_private_cloud (#7246)

v5.25.0

FEATURES:

• New Data Source: google_tags_tag_keys (#7196)
• New Data Source: google_tags_tag_values (#7196)
• New Resource: google_parallelstore_instance (#7209)

IMPROVEMENTS:

• bigquery: added in-place schema column drop support for google_bigquery_table resource (#7193)
• compute: added endpoint_types field to google_compute_router_nat resource (#7190)
• compute: added enable_ipv4, ipv4_nexthop_address and peer_ipv4_nexthop_address fields to google_compute_router_peer resource (#7207)
• compute: added identifier_range field to google_compute_router resource (#7207)
• compute: added ip_version field to google_compute_router_interface resource (#7207)
• compute: increased timeouts from 8 minutes to 20 minutes for google_compute_security_policy resource (#7204)
• container: added stateful_ha_config field to google_container_cluster resource (#7206)
• firestore: added vector_config field to google_firestore_index resource (#7180)
• gkebackup: added backup_schedule.rpo_config field to google_gke_backup_backup_plan resource (#7211)
• networksecurity: added disabled field to google_network_security_firewall_endpoint_association resource (#7184)
• sql: added enable_google_ml_integration field to google_sql_database_instance resource (#7208)
• storage: added labels validation to google_storage_bucket resource (#7212)
• vmwareengine: added preferred_zone and secondary_zone fields to google_vmwareengine_private_cloud resource (#7210)

BUG FIXES:

• networksecurity: fixed an issue where google_network_security_firewall_endpoint_association resource could not be created due to a bad parameter (#7184)
• privateca: fixed permission issue by specifying signer certs chain when activating a sub-CA across regions for google_privateca_certificate_authority resource (#7197)

v5.24.0

IMPROVEMENTS:

• cloudrunv2: added template.volumes.nfs field to google_cloud_run_v2_job resource (#7169)
• container: added enable_cilium_clusterwide_network_policy field to google_container_cluster resource (#7171)
• container: added node_pool_auto_config.resource_manager_tags field to google_container_cluster resource (#7162)
• gkeonprem: added disable_bundled_ingress field to google_gkeonprem_vmware_cluster resource (#7163)
• redis: added node_type and precise_size_gb fields to google_redis_cluster (#7174)
• storage: added project_number attribute to google_storage_bucket resource and data source (#7164)
• storage: added ability to provide project argument to google_storage_bucket data source. This will not impact reading the resource's data, instead this helps users avoid calls to the Compute API within the data source. (#7164)

BUG FIXES:

• appengine: fixed a crash in google_app_engine_flexible_app_version due to the deployment field not being returned by the API (#7175)
• bigquery: fixed a crash when google_bigquery_table had a primary_key.columns entry set to "" (#7166)
• compute: fixed update scenarios on google_compute_region_target_https_proxy and google_compute_target_https_proxy resources. (#7170)
• dataflow: fixed an issue where the provider would crash when enable_streaming_engine is set as a parameter value in google_dataflow_flex_template_job (#7160)

v5.23.0

NOTES:

• provider: introduced support for provider-defined functions. This feature is in Terraform v1.8.0+. (#7153)

DEPRECATIONS:

• kms: deprecated attestation.external_protection_level_options in favor of external_protection_level_options in google_kms_crypto_key_version (#7155)

FEATURES:

• New Data Source: google_apphub_application (#7143)
• New Resource: google_cloud_quotas_quota_preference (#7126)
• New Resource: google_vertex_ai_deployment_resource_pool (#7158)
• New Resource: google_integrations_client (#7129)

IMPROVEMENTS:

• bigquery: added dataGovernanceType to google_bigquery_routine resource (#7149)
• bigquery: added support for external_data_configuration.json_extension to google_bigquery_table (#7138)
• compute: added cloud_router_ipv6_address, customer_router_ipv6_address fields to google_compute_interconnect_attachment resource (#7151)
• compute: added generated_id field to google_compute_region_backend_service resource (#7128)
• integrations: added deletion support for google_integrations_client resource (#7142)
• kms: added crypto_key_backend field to google_kms_crypto_key resource (#7155)
• metastore: added scheduled_backup field to google_dataproc_metastore_service resource (#7140)
• provider: added provider-defined function name_from_id for retrieving the short-form name of a resource from its self link or id (#7153)
• provider: added provider-defined function project_from_id for retrieving the project id from a resource's self link or id (#7153)
• provider: added provider-defined function region_from_zone for deriving a region from a zone's name (#7153)
• provider: added provider-defined functions location_from_id, region_from_id, and zone_from_id for retrieving the location/region/zone names from a resource's self link or id (#7153)

BUG FIXES:

• cloudrunv2: fixed Terraform state inconsistency when resource google_cloud_run_v2_job creation fails (#7159)
• cloudrunv2: fixed Terraform state inconsistency when resource google_cloud_run_v2_service creation fails (#7159)
• container: fixed google_container_cluster permadiff when master_ipv4_cidr_block is set for a private flexible cluster (#7147)
• dataflow: fixed an issue where the provider would crash when enableStreamingEngine is set as a parameter value in google_dataflow_flex_template_job (#7160)
• kms: added top-level external_protection_level_options field in google_kms_crypto_key_version resource (#7155)

v5.22.0

BREAKING CHANGES:

• networksecurity: added required field billing_project_id to google_network_security_firewall_endpoint resource. Any configuration without billing_project_id specified will cause resource creation fail (beta) (#7124)

FEATURES:

• New Data Source: google_cloud_quotas_quota_info (#7092)
• New Data Source: google_cloud_quotas_quota_infos (#7116)
• New Resource: google_access_context_manager_service_perimeter_dry_run_resource (#7115)

IMPROVEMENTS:

• accesscontextmanager: supported managing service perimeter dry run resources outside the perimeter via new resource google_access_context_manager_service_perimeter_dry_run_resource (#7115)
• cloudrunv2: added plan-time validation to restrict number of ports to 1 in google_cloud_run_v2_service (#7103)
• cloudrunv2: supported mounting Cloud Storage buckets using GCSFuse in google_cloud_run_v2_job (#7102)
• composer: added field count to validate number of DAG processors in google_composer_environment (#7120)
• compute: added enumeration value SEV_LIVE_MIGRATABLE_V2 for the guest_os_features of google_compute_disk (#7123)
• compute: added status.all_instances_config.revision field to google_compute_instance_group_manager and google_compute_region_instance_group_manager (#7104)
• compute: added field path_template_match to resource google_compute_region_url_map (#7094)
• compute: added field path_template_rewrite to resource google_compute_region_url_map (#7094)
• pubsub: added ingestion_data_source_settings field to google_pubsub_topic resource (#7111)
• storage: added 'soft_delete_policy' to 'google_storage_bucket' resource (#7119)
• workstations: added host.gceInstance.boostConfig to google_workstations_workstation_config (#7122)

BUG FIXES:

• accesscontextmanager: fixed an issue with access_context_manager_service_perimeter_ingress_policy and access_context_manager_service_perimeter_egress_policy where updates could not be applied after initial creation. Any updates applied to these resources will now involve their recreation. To ensure that new policies are added before old ones are removed, add a lifecycle block with create_before_destroy = true to your resource configuration alongside other updates. (#7105)
• firebase: made the google_firebase_android_app resource's package_name field required and immutable. This prevents API errors encountered by users who attempted to update or leave that field unset in their configurations. (#7100)
• spanner: removed validation function for the field version_retention_period in the resource google_spanner_database and directly returned error from backend (#7117)

v5.21.0

FEATURES:

• New Data Source: google_apphub_discovered_service (#7080)
• New Data Source: google_apphub_discovered_workload (#7083)
• New Data Source: google_cloud_quotas_quota_info (#7092)
• New Resource: google_apphub_workload (#7088)
• New Resource: google_firebase_app_check_device_check_config (#7062)
• New Resource: google_iap_tunnel_dest_group (#7072)
• New Resource: google_kms_ekm_connection (#7059)
• New Resource: google_apphub_application (#7051)
• New Resource: google_apphub_service (#7090)
• New Resource: google_apphub_service_project_attachment (#7073)
• New Resource: google_network_security_firewall_endpoint_association (#7075)

IMPROVEMENTS:

• cloudrunv2: added support for scaling.min_instance_count in google_cloud_run_v2_service. (#7053)
• firestore: added cmek_config field to google_firestore_database resource (#7054)
• gkeonprem: allowed vcenter_network to be set in google_gkeonprem_vmware_cluster, previously it was output-only (#7055)
• storagetransferservice: added field transfer_spec.azure_blob_storage_data_source.credentials_secret to google_storage_transfer_job (#7091)
• workstations: added support for ephemeral_directories in google_workstations_workstation_config (#7061)

BUG FIXES:

• compute: allowed sending empty values for SERVERLESS in google_compute_region_network_endpoint_group resource (#7052)
• notebooks: fixed an issue where default tags would cause a diff recreating google_notebooks_instance resources (#7086)
• storage: fixed an issue where two or more lifecycle rules with different values of no_age field always generates change in google_storage_bucket resource. (#7060)