v3.45.0

BREAKING CHANGES:

• pubsub: changing the value of google_pubsub_subscription.enable_message_ordering will now recreate the resource. Previously, an error was returned. (#2624)
• spanner: google_spanner_database resources now cannot be destroyed unless deletion_protection = false is set in state for the resource. (#2612)

NOTES:

• compute: added a warning to google_compute_vpn_gateway (#2607)

FEATURES:

• New Data Source: google_spanner_instance (#2602)
• New Resource: google_notebooks_instance_iam_binding (#2605)
• New Resource: google_notebooks_instance_iam_member (#2605)
• New Resource: google_notebooks_instance_iam_policy (#2605)
• New Resource: access_context_manager_access_level_condition (#2595)
• New Resource: google_bigquery_routine (#2622)
• New Resource: google_iam_workload_identity_pool (#2623)
• New Resource: google_data_catalog_taxonomy (#2626)
• New Resource: google_data_catalog_policy_tag (#2626)
• New Resource: google_data_catalog_taxonomy_iam_binding (#2626)
• New Resource: google_data_catalog_taxonomy_iam_member (#2626)
• New Resource: google_data_catalog_taxonomy_iam_policy (#2626)
• New Resource: google_data_catalog_policy_tag_iam_binding (#2626)
• New Resource: google_data_catalog_policy_tag_iam_member (#2626)
• New Resource: google_data_catalog_policy_tag_iam_policy (#2626)

IMPROVEMENTS:

• billing_budget: added disable_default_iam_recipients field to google_billing_budget to allow disable sending email notifications to default recipients. (#2606)
• compute: added interface attribute to google_compute_disk (#2609)
• compute: added mtu field to google_compute_network resource (#2617)
• compute: added support for updating network_interface.[d].network_ip on google_compute_instance when changing network or subnetwork (#2590)
• compute: promoted HA VPN fields in google_compute_vpn_tunnel to GA (#2607)
• compute: promoted google_compute_external_vpn_gateway to GA (#2607)
• compute: promoted google_compute_ha_vpn_gateway to GA (#2607)
• provider: added support for service account impersonation. (#2604)
• spanner: added deletion_protection field to google_spanner_database to make deleting them require an explicit intent. (#2612)

BUG FIXES:

• all: fixed misleading "empty non-retryable error" message that was appearing in debug logs (#2618)
• compute: fixed incorrect import format for google_compute_global_network_endpoint (#2594)
• compute: fixed issue where google_compute_[region_]backend_service.backend.max_utilization could not be updated (#2620)
• iap: fixed an eventual consistency bug causing creates for google_iap_brand to fail (#2592)
• provider: fixed an issue where the request headers would grow proportionally to the number of resources in a given terraform apply (#2621)
• serviceusage: fixed bug where concurrent activations/deactivations of project services would fail, now they retry (#2591)

v3.44.0

BREAKING CHANGE:

• Added deletion_protection to google_sql_database_instance, which defaults to true. SQL instances can no longer be destroyed without setting deletion_protection = false. (#2579)

FEATURES:

• New Data Source: google_app_engine_default_service_account (#2568)
• New Data Source: google_pubsub_topic (#2556)

IMPROVEMENTS:

• bigquery: added ability for google_bigquery_dataset_access to retry quota errors since quota refreshes quickly. (#2584)
• bigquery: added MONTH and YEAR as allowed values in google_bigquery_table.time_partitioning.type (#2562)
• cloud_tasks: added stackdriver_logging_config field to cloud_tasks_queue resource (#2572)
• compute: added support for updating network_interface.[d].network_ip on google_compute_instance when changing network or subnetwork (#2590)
• compute: added maintenance_policy field to google_compute_node_group (#2586)
• compute: added filter field to google_compute_image datasource (#2573)
• dataproc: Added graceful_decomissioning_timeout field to dataproc_cluster resource (#2571)
• iam: fixed google_service_account_id_token datasource to work with User ADCs and Impersonated Credentials (#2560)
• logging: Added support for exclusions options for google_logging_project_sink (#2569)
• logging: added bucket creation based on custom-id given for the resource google_logging_project_bucket_config (#2575)
• oslogin: added ability to set a project on google_os_login_ssh_public_key (#2583)
• redis: Added auth_enabled field to google_redis_instance (#2570)
• resourcemanager: added a precheck that the serviceusage API is enabled to google_project when auto_create_network is false, as configuring the GCE API is required in that circumstance (#2566)
• sql: added a check to google_sql_database_instance to catch failures early by seeing if Service Networking Connections already exists for the private network of the instance. (#2579)

BUG FIXES:

• accessapproval: fixed issue where, due to a recent API change, google_*_access_approval.enrolled_services.cloud_product entries specified as a URL would result in a permadiff (#2565)
• compute: fixed ability to clear description field on google_compute_health_check and google_compute_region_health_check (#2580)
• monitoring: fixed bug where deleting a google_monitoring_dashboard would give an "unsupported protocol scheme" error (#2558)

v3.43.0

FEATURES:

• New Data Source: google_pubsub_topic (#2556)
• New Data Source: google_compute_global_forwarding_rule (#2548)
• New Data Source: google_cloud_run_service (#2539)
• New Resource: google_bigtable_table_iam_member (#2536)
• New Resource: google_bigtable_table_iam_binding (#2536)
• New Resource: google_bigtable_table_iam_policy (#2536)

IMPROVEMENTS:

• appengine: added ability to manage pre-firestore appengine applications. (#2533)
• bigquery: added support for google_bigquery_table materialized_view field (#2532)
• cloudbuild: Added COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY support to google_cloudbuild_trigger.github.pull_request.comment_control field (#2552)
• compute: added additional fields to the google_compute_forwarding_rule datasource. (#2550)
• dns: added forwarding_path field to google_dns_policy resource (#2540)
• netblock: changed google_netblock_ip_ranges to read from cloud.json file rather than DNS record (#2543)

BUG FIXES:

• accessapproval: fixed issue where, due to a recent API change, google_*_access_approval.enrolled_services.cloud_product entries specified as a URL would result in a permadiff
• artifactregistry: fixed an issue where google_artifact_registry_repository would import an empty state (#2546)
• bigquery: fixed an issue in google_bigquery_job where non-US locations could not be read (#2542)
• cloudrun: fixed an issue in google_cloud_run_domain_mapping where labels provided by Google would cause a diff (#2531)
• compute: Fixed an issue where google_compute_region_backend_service required healthChecks for a serverless network endpoint group. (#2547)
• container: fixed node_config.image_type perma-diff when specified in lower case. (#2538)
• datacatalog: fixed an error in google_data_catalog_tag when trying to set boolean field to false (#2534)
• monitoring: fixed bug where deleting a google_monitoring_dashboard would give an "unsupported protocol scheme" error

Release 3.42.0

FEATURES:

• New Resource: google_data_loss_prevention_deidentify_template (#2524)

IMPROVEMENTS:

• compute: added support for updating network_interface.[d].network and network_interface.[d].subnetwork properties on google_compute_instance. (#2517)
• container: added notification_config to google_container_cluster (#2521)
• dataflow: added region field to google_dataflow_flex_template_job resource (#2520)
• healthcare: added field parser_config.version to google_healthcare_hl7_v2_store (#2516)

BUG FIXES:

• bigquery: fixed an issue where google_bigquery_table would crash while reading an empty schema (#2518)
• compute: fixed an issue where google_compute_instance_template would throw an error for unspecified disk_size_gb values while upgrading the provider. (#2515)
• resourcemanager: fixed an issue in retrieving google_active_folder data source when the display name included whitespace (#2528)

v3.41.0

IMPROVEMENTS:

• container: Added support for datapath_provider to google_container_cluster (#2492)
• cloudfunctions: added the ALLOW_INTERNAL_AND_GCLB option to ingress_settings of google_cloudfunctions_function resource. (#2493)
• composer: allowed in-place updates to webserver and database machine type (#2491)
• compute: added SEV_CAPABLE option to guestOsFeatures in google_compute_image resource. (#2503)
• tpu: added use_service_networking to google_tpu_node which enables Shared VPC Support. (#2497)

BUG FIXES:

• cloudidentity: Fixed upstream breakage of google_identity_group. (#2507)

v3.40.0

DEPRECATIONS:

• bigtable: deprecated instance_type for google_bigtable_instance - it is now recommended to leave field unspecified. (#2477)

FEATURES:

• New Data Source: google_compute_region_ssl_certificate (#2476)
• New Resource: google_compute_target_grpc_proxy (#2488)

IMPROVEMENTS:

• cloudlbuild: added options and artifacts properties to google_cloudbuild_trigger (#2490)
• compute: added GRPC as a valid value for google_compute_backend_service.protocol (and regional equivalent) (#2478)
• compute: added 'all' option for google_compute_firewall (#2465)
• container: added support for load_balancer_type to google_container_cluster Cloud Run config addon. (#2487)
• dataflow: added transformnameMapping to google_dataflow_job (#2480)
• serviceusage: added ability to pass google.project.id to google_project_service.project (#2479)
• spanner: added schema update/update ddl support for google_spanner_database (#2489)

BUG FIXES:

• bigtable: fixed the update behaviour of the single_cluster_routing sub-fields in google_bigtable_app_profile (#2482)
• dataproc: fixed issues where updating google_dataproc_cluster.cluster_config.autoscaling_policy would do nothing, and where there was no way to remove a policy. (#2483)
• osconfig: fixed a potential crash in google_os_config_patch_deployment due to an unchecked nil value in recurring_schedule (#2481)
• serviceusage: fixed intermittent failure when a service is already being modified - added retries (#2469)
• serviceusage: fixed an issue where bigquery.googleapis.com was getting enabled as the bigquery-json.googleapis.com alias instead, incorrectly. This had no user impact yet, but the alias may go away in the future. (#2469)

v3.39.0

IMPROVEMENTS:

• compute: added network field to compute_target_instance (#2456)
• compute: added storage_locations field to google_compute_snapshot (#2461)
• compute: added kms_key_service_account, kms_key_self_link fields to snapshot_encryption_key field in google_compute_snapshot (#2461)
• compute: added source_disk_encryption_key.kms_key_service_account field to google_compute_snapshot (#2461)
• container: Added self_link to google_container_cluster (#2457)

BUG FIXES:

• bigquery: fixed a bug when a BigQuery table schema didn't have name in the schema. Previously it would panic; now it logs an error. (#2462)
• bigquery: fixed bug where updating clustering would force a new resource rather than update. (#2459)
• bigquerydatatransfer: fixed params.secret_access_key perma-diff for AWS S3 data transfer config types by adding a sensitive_params block with the secret_access_key attribute. (#2451)
• compute: fixed bug where delete_default_routes_on_create=true was not actually deleting the default routes on create. (#2460

v3.38.0

DEPRECATIONS:

• storage: deprecated bucket_policy_only field in google_storage_bucket in favour of uniform_bucket_level_access (#2442)

FEATURES:

• New Resource: google_compute_disk_iam_binding (#2424)
• New Resource: google_compute_disk_iam_member (#2424)
• New Resource: google_compute_disk_iam_policy (#2424)
• New Resource: google_compute_region_disk_iam_binding (#2424)
• New Resource: google_compute_region_disk_iam_member (#2424)
• New Resource: google_compute_region_disk_iam_policy (#2424)
• New Resource: google_data_loss_prevention_inspect_template (#2433)
• New Resource: google_data_loss_prevention_job_trigger (#2433)
• New Resource: google_data_loss_prevention_stored_info_type (#2444)
• New Resource: google_project_service_identity (#2430)

IMPROVEMENTS:

• compute: Added graceful termination to google_compute_instance_group_manager create calls so that partially created instance group managers will resume the original operation if the Terraform process is killed mid create. (#2446)
• container: added project override support to google_container_cluster and google_container_nodepool (#2428)
• notebooks: added PD_BALANCED as a possible disk type for google_notebooks_instance (#2438)
• osconfig: added rollout field to google_os_config_patch_deployment (#2449)
• provider: added a new field billing_project to the provider that's associated as a billing/quota project with most requests when user_project_override is true (#2427)
• resourcemanager: added additional fields to google_projects datasource (#2440)
• serviceusage: added project override support to google_project_service (#2428)

BUG FIXES:

• bigquerydatatransfer: fixed params.secret_access_key perma-diff for AWS S3 data transfer config types by adding a sensitive_params block with the secret_access_key attribute. (#2451)
• compute: Fixed bug with google_netblock_ip_ranges data source failing to read from the correct URL (#2448)
• compute: fixed updating google_compute_instance.shielded_instance_config by adding it to the allow_stopping_for_update list (#2436)
• notebooks: fixed broken google_notebooks_instance.instance_owners field by making it a list instead of a string (#2438)

v3.37.0

NOTES:

• Drop recommendation to use -provider= on import in documentation (#2417)

FEATURES:

• New Resource: google_compute_image_iam_binding (#2410)
• New Resource: google_compute_image_iam_member (#2410)
• New Resource: google_compute_image_iam_policy (#2410)
• New Resource: google_compute_disk_iam_binding (#2424)
• New Resource: google_compute_disk_iam_member (#2424)
• New Resource: google_compute_disk_iam_policy (#2424)
• New Resource: google_compute_region_disk_iam_binding (#2424)
• New Resource: google_compute_region_disk_iam_member (#2424)
• New Resource: google_compute_region_disk_iam_policy (#2424)

IMPROVEMENTS:

• appengine: added vpc_access_connector field to google_app_engine_standard_app_version resource (#2405)
• bigquery: added notification_pubsub_topic field to google_bigquery_data_transfer_config resource (#2411)
• composer: added database_config and web_server_config to google_composer_environment resource (#2419)
• compute: Added custom metadata fields and filter expressions to google_compute_subnetwork flow log configuration (#2416)
• compute: Added support to google_compute_backend_service for setting a serverless regional network endpoint group as backend.group (#2408)
• compute: added support for pd-balanced disk type for google_compute_instance (#2421)
• container: added support for kubelet_config and linux_node_config to GKE node pools (#2279, #2403)
• container: added support for pd-balanced disk type for google_container_node_pool (#2421)
• memcached: added discovery_endpoint to resource_memcached_instance (#2414)
• pubsub: added retry_policy to google_pubsub_subscription resource (#2412)

BUG FIXES:

• compute: fixed an issue where google_compute_url_map path_matcher.default_route_action would conflict with default_url_redirect (#2406)
• kms: updated data_source_secret_manager_secret_version to have consistent id value (#2415)

v3.36.0

FEATURES:

• New Resource: google_active_directory_domain_trust (#2401)
• New Resource: google_access_context_manager_service_perimeters (#2382)
• New Resource: google_access_context_manager_access_levels (#2382)
• New Resource: google_folder_access_approval_settings (#2373)
• New Resource: google_organization_access_approval_settings (#2373)
• New Resource: google_project_access_approval_settings (#2373)
• New Resource: google_bigquery_table_iam_policy (#2392)
• New Resource: google_bigquery_table_iam_binding (#2392)
• New Resource: google_bigquery_table_iam_member (#2392)

IMPROVEMENTS:

• billing: added last_period_amount field to google_billing_budget to allow setting budget amount automatically to the last billing period's spend. (#2378)
• compute: added confidential_instance_config block to google_compute_instance (#2369)
• compute: added confidential_instance_config block to google_compute_instance_template (#2369)
• compute: added grpc_health_check block to compute_health_check (#2389)
• compute: added grpc_health_check block to compute_region_health_check (#2389)
• pubsub: added enable_message_ordering support to google_pubsub_subscription (#2390)
• sql: added project field to google_sql_database_instance datasource. (#2370)
• storage: added ARCHIVE as an accepted class for google_storage_bucket and google_storage_bucket_object (#2385)

BUG FIXES:

• all: updated base urls for compute, dns, storage, and bigquery APIs to their recommended endpoints (#2396)
• bigquery: fixed a bug where dataset_access.iam_member would produce inconsistent results after apply. (#2397)
• bigquery: fixed an issue with use_legacy_sql not being set to false. (#2375)
• cloudidentity: fixed a bug with importing google_cloud_identity_group and google_cloud_identity_group_membership (#2379)
• cloudidentity: fixed cloud identity datasources to handle pagination (#2387)
• compute: set the default value for log_config.enable on google_compute_health_check to avoid permanent diff on plan/apply. (#2399)
• dns: fixed an issue where google_dns_managed_zone would not remove private_visibility_config on updates (#2380)
• sql: fixed an issue where google_sql_database_instance would throw an error when removing private_network. Removing private_network now recreates the resource. (#2400)