v6.20.0

NOTES:

• provider: The Terraform Provider for Google Cloud's regular release date will move from Monday to Tuesday in early March. The 2025/03/10 release will be made on 2025/03/11.
• compute: google_compute_firewall_policy now uses MMv1 engine instead of DCL. (#9228)

FEATURES:

• New Data Source: google_beyondcorp_application_iam_policy (#9205)
• New Data Source: google_parameter_manager_parameter_version_render (#9190)
• New Data Source: google_parameter_manager_regional_parameter_version_render (#9232)
• New Resource: google_beyondcorp_application (#9205)
• New Resource: google_beyondcorp_application_iam_binding (#9205)
• New Resource: google_beyondcorp_application_iam_member (#9205)
• New Resource: google_beyondcorp_application_iam_policy (#9205)
• New Resource: google_bigquery_analytics_hub_listing_subscription (#9195)
• New Resource: google_colab_notebook_execution (#9186)
• New Resource: google_colab_schedule (#9226)
• New Resource: google_compute_network_firewall_policy_packet_mirroring_rule (#9202)
• New Resource: google_gemini_logging_setting (#9198)
• New Resource: google_gemini_release_channel_setting (#9207)

IMPROVEMENTS:

• accesscontextmanager: added resource to sources in egress_from under resources google_access_context_manager_service_perimeter, google_access_context_manager_service_perimeters, google_access_context_manager_service_perimeter_egress_policy, google_access_context_manager_service_perimeter_dry_run_egress_policy (#9196)
• cloudrunv2: added base_image_uri and build_info to google_cloud_run_v2_service (#9229)
• colab: added auto_upgrade field to google_colab_runtime (#9216)
• colab: added software_config.post_startup_script_config field to google_colab_runtime_template (#9206)
• colab: added desired_state field to google_colab_runtime, making it startable/stoppable (#9209)
• compute: added ip_collection field to google_compute_forwarding_rule resource (#9194)
• compute: added mode and allocatable_prefix_length fields to google_compute_public_delegated_prefix resource (#9218)
• compute: allow parallelization of google_compute_per_instance_config and google_compute_region_per_instance_config deletions by not locking on the parent resource, but including instance name. (#9181)
• container: added auto_monitoring_config field and subfields to the google_container_cluster resource (#9224)
• filestore: added initial_replication field for peer instance configuration and effective_replication output for replication configuration output to google_filestore_instance (#9200)
• memorystore: added CLUSTER_DISABLED to mode field in google_memorystore_instance (#9178)
• networkservices: added compression_mode and allowed_methods fields to google_network_services_edge_cache_service resource (#9201)
• privateca: added user_defined_access_urls and subfields to google_privateca_certificate_authority resource to add support for custom CDP AIA URLs (#9221)
• workbench: added enable_third_party_identity field to google_workbench_instance resource (#9236)

BUG FIXES:

• appengine: added a mitigation for an upcoming default change to standard_scheduler_settings.max_instances for new google_app_engine_standard_app_version resources. If the field is not specified in configuration, diffs will now be ignored. (#9233)
• bigquery: added diff suppression for legacy values in renewal_plan field in google_bigquery_capacity_commitment resource (#9189)
• compute: fixed google_compute_(region_)resize_request requiring region/zone to be specified in all cases. They can now be pulled from the provider. (#9235)
• container: reverted locking behavior in google_container_node_pool that caused regression of operation apply time spike started in v6.15 (#9188)
• dns: fixed a bug where google_dns_managed_zone is unable to update with service_directory_config specified (#9239)
• workbench: fixed a bug with google_workbench_instance metadata removal not working as expected (#9208)

v5.45.2

NOTES:

• 5.45.2 is a backport release. The changes in this release will be available in 6.20.0 and users upgrading to 6.X should upgrade to that version or higher.

BUG FIXES:

• dns: fixed a bug where google_dns_managed_zone is unable to update with service_directory_config specified (#9171)

v6.19.0

NOTES:

• tpuv2: made service use the v2alpha1 Cloud TPU API version, which is used for Public Preview features (#9131)

DEPRECATIONS:

• beyondcorp: deprecated location on google_beyondcorp_security_gateway. The only valid value is global, which is now also the default value. The field will be removed in a future major release. (#9121)

FEATURES:

• New Data Source: google_parameter_manager_parameter_version (#9154)
• New Data Source: google_parameter_manager_parameters (#9148)
• New Data Source: google_parameter_manager_regional_parameter_version (#9165)
• New Resource: google_beyondcorp_security_gateway_iam_binding (#9169)
• New Resource: google_beyondcorp_security_gateway_iam_member (#9169)
• New Resource: google_beyondcorp_security_gateway_iam_policy (#9169)

IMPROVEMENTS:

• accesscontextmanager: added etag to google_access_context_manager_service_perimeter_dry_run_resource to prevent overriding list of resources (#9120)
• bigquery: added schema_foreign_type_info field and related schema handling to google_bigquery_table resource (beta) (#9122)
• compute: allowed parallelization of google_compute_(region_)per_instance_config by not locking on the parent resource, but including instance name. (#9116)
• compute: added network_profile field to google_compute_network resource. (#9135)
• compute: added zero_advertised_route_priority field to google_compute_router_peer (#9133)
• container: added max_run_duration to node_config in google_container_cluster and google_container_node_pool (#9163)
• dataproc: added encryption_config to google_dataproc_workflow_template (#9168)
• gkehub2: added support for fleet_default_member_config.config_management.config_sync.metrics_gcp_service_account_email field to google_gke_hub_feature resource (#9147)
• iam: added prefix and regex fields to google_service_accounts data source (#9129)
• pubsub: added ingestion_data_source_settings.aws_msk and ingestion_data_source_settings.confluent_cloud fields to google_pubsub_topic resource (#9114)
• spanner: added encryption_config field to google_spanner_backup_schedule (#9161)
• workflows: added tags and workflow_tags fields to google_workflows_workflow resource (#9152)

BUG FIXES:

• alloydb: marked google_alloydb_user.password as sensitive (#9124)
• beyondcorp: corrected location to always be global in google_beyondcorp_security_gateway (#9121)
• cloudquotas: removed validation for parent in google_cloud_quotas_quota_adjuster_settings (#9153)
• compute: made google_compute_router_peer.advertised_route_priority use server-side default if unset. To set the value to 0 you must also set zero_advertised_route_priority = true. (#9133)
• container: fixed a diff caused by server-side set values for node_config.resource_labels (#9171)
• container: marked cluster_autoscaling.resource_limits.maximum as required, as requests would fail if it was not set (#9151)
• firestore: fixed error preventing deletion of wildcard fields in google_firestore_field (#9140)
• netapp: fixed an issue where a diff on zone would be found if it was unspecified in google_netapp_storage_pool (#9157)
• networksecurity: fixed sporadic-diff in google_network_security_security_profile (#9162)
• spanner: fixed bug with google_spanner_instance.force_destroy not setting billing_project value correctly (#9132)
• storage: fixed an issue where plans with a dependency on the content field in the google_storage_bucket_object_content data source could erroneously fail (#9166)

v6.18.1

BUG FIXES:

• container: fixed a diff caused by server-side set values for node_config.resource_labels (#9171)

v5.45.1

NOTES:

• 5.45.1 is a backport release, responding to a new GKE label being applied that can cause unwanted diffs in node pools. The changes in this release will be available in 6.18.1 and users upgrading to 6.X should upgrade to that version or higher.

BUG FIXES:

• container: fixed a diff caused by server-side set values for node_config.resource_labels (#9171)

v6.18.0

FEATURES:

• New Data Source: google_compute_instance_template_iam_policy (#9085)
• New Data Source: google_kms_key_handles (#9105)
• New Data Source: google_organizations (#9093)
• New Data Source: google_parameter_manager_parameter (#9084)
• New Data Source: google_parameter_manager_regional_parameters (#9089)
• New Resource: google_apihub_api_hub_instance (#9080)
• New Resource: google_chronicle_retrohunt (#9090)
• New Resource: google_colab_runtime (#9076)
• New Resource: google_colab_runtime_template_iam_binding (#9091)
• New Resource: google_colab_runtime_template_iam_member (#9091)
• New Resource: google_colab_runtime_template_iam_policy (#9091)
• New Resource: google_compute_instance_template_iam_binding (#9085)
• New Resource: google_compute_instance_template_iam_member (#9085)
• New Resource: google_compute_instance_template_iam_policy (#9085)
• New Resource: google_parameter_manager_parameter_version (#9111)
• New Resource: google_redis_cluster_user_created_connections (#9099)

IMPROVEMENTS:

• alloydb: added support for skip_await_major_version_upgrade field in google_alloydb_cluster resource, allowing for major_version to be updated (#9066)
• apigee: added properties field to google_apigee_environment resource (#9072)
• bug: added support for setting custom_learned_route_priority to 0 in 'google_compute_router_peer' by adding the zero_custom_learned_route_priority field (#9083)
• cloudrunv2: added build_config to google_cloud_run_v2_service (#9100)
• compute: added dest_network_scope, src_network_scope and src_networks fields to google_compute_firewall_policy_rule resource (beta) (#9082)
• compute: added dest_network_scope, src_network_scope and src_networks fields to google_compute_firewall_policy_with_rules resource (beta) (#9082)
• compute: added dest_network_scope, src_network_scope and src_networks fields to google_compute_network_firewall_policy_rule resource (beta) (#9082)
• compute: added dest_network_scope, src_network_scope and src_networks fields to google_compute_network_firewall_policy_with_rules resource (beta) (#9082)
• compute: added dest_network_scope, src_network_scope and src_networks fields to google_compute_region_network_firewall_policy_rule resource (beta) (#9082)
• compute: added dest_network_scope, src_network_scope and src_networks fields to google_compute_region_network_firewall_policy_with_rules resource (beta) (#9082)
• compute: added pdp_scope field to google_compute_public_advertised_prefix resource (#9096)
• compute: adding labels field to google_compute_interconnect_attachment (#9095)
• compute: fixed a issue where custom_learned_route_priority was accidentally set to 0 during updates in 'google_compute_router_peer' (#9083)
• filestore: added support for tags field to google_filestore_instance resource (#9086)
• networksecurity: added custom_mirroring_profile and custom_intercept_profile fields to google_network_security_security_profile and google_network_security_security_profile_group resources (#9110)
• pubsub: added enforce_in_transit fields to google_pubsub_topic resource (#9069)
• pubsub: added ingestion_data_source_settings.azure_event_hubs field to google_pubsub_topic resource (#9065)
• redis: added psc_service_attachments field to google_redis_cluster resource, to enable use of the fine-grained resource google_redis_cluster_user_created_connections (#9099)

BUG FIXES:

• apigee: fixed properties field update on google_apigee_environment resource (#9107)
• artifactregistry: fixed perma-diff in google_artifact_registry_repository (#9109)
• compute: fixed failure when creating google_compute_global_forwarding_rule with labels targeting PSC endpoint (#9106)
• container: fixed additive_vpc_scope_dns_domain being ignored in Autopilot cluster definition (#9075)
• container: fixed propagation of node_pool_defaults.node_config_defaults.insecure_kubelet_readonly_port_enabled in node config. (#9074)
• iam: fixed missing result by adding pagination for data source google_service_accounts. (#9094)
• metastore: increased timeout on google_dataproc_metastore_service operations to 75m from 60m. This will expose server-returned reasons for operation failure instead of masking them with a Terraform timeout. (#9102)
• resourcemanager: added a slightly longer wait (two 10s checks bumped to 15s) for issues with billing associations in google_project. Default network deletion should succeed more often. (#9103)

v6.17.0

FEATURES:

• New Data Source: google_parameter_manager_regional_parameter (beta) (#9030)
• New Resource: google_apigee_environment_addons_config (#9021)
• New Resource: google_chronicle_reference_list (beta) (#9047)
• New Resource: google_chronicle_rule_deployment (#9043)
• New Resource: google_chronicle_rule (#9032)
• New Resource: google_colab_runtime_template (#9050)
• New Resource: google_edgenetwork_interconnect_attachment (#9024)
• New Resource: google_parameter_manager_parameter (#9041)
• New Resource: google_parameter_manager_regional_parameter_version (#9062)
• New Resource: google_parameter_manager_regional_parameter (#9026)

IMPROVEMENTS:

• accesscontextmanager: added etag to google_access_context_manager_service_perimeter_resource to prevent overriding list of resources (#9058)
• compute: added BPS_100G enum value to bandwidth field of google_compute_interconnect_attachment. (#9040)
• compute: added support for IPV6_ONLY stack_type to google_compute_subnetwork, google_compute_instance, google_compute_instance_template and google_compute_region_instance_template. (#9020)
• compute: promoted bgp_best_path_selection_mode ,bgp_bps_always_compare_med and bgp_bps_inter_region_cost fields in google_compute_network from Beta to Ga (#9029)
• compute: promoted next_hop_origin ,next_hop_med and next_hop_inter_region_cost output fields in google_compute_route form Beta to GA (#9029)
• discoveryengine: added advanced_site_search_config field to google_discovery_engine_data_store resource (#9060)
• gemini: added force_destroy field to resource google_code_repository_index, enabling deletion of the resource even when it has dependent RepositoryGroups (#9036)
• networkservices: added in-place update support for ports field on google_network_services_gateway resource (#9056)
• sql: sql_source_representation_instance now uses string representation of databaseVersion (#9027)
• sql: added replication_cluster field to google_sql_database_instance resource (#9044)
• sql: added support of switchover for MySQL and PostgreSQL in google_sql_database_instance resource (#9044)
• workbench: changed container_image field of google_workbench_instance resource to modifiable. (#9046)

BUG FIXES:

• apigee: fixed error 404 for organization update requests. (#9022)
• artifactregistry: fixed artifact_registry_repository not accepting durations with 'm', 'h' or 'd' (#9054)
• networkservices: fixed bug where google_network_services_gateway could not be updated in place (#9056)
• storagetransfer: fixed a permadiff with transfer_spec.aws_s3_data_source.aws_access_key in google_storage_transfer_job (#9019)

v6.16.0

FEATURES:

• New Data Source: google_kms_autokey_config (#8986)
• New Resource: google_beyondcorp_security_gateway (#9017)
• New Resource: google_chronicle_data_access_label (#8999)
• New Resource: google_chronicle_data_access_scope (#9000)
• New Resource: google_cloud_quotas_quota_adjuster_settings (#9005)

IMPROVEMENTS:

• chronicle: updated watchlist_id field to be optional in google_chronicle_watchlist resource (#8988)
• developerconnect: added crypto_key_config, github_enterprise_config, gitlab_config , and gitlab_enterprise_config fields to google_developer_connect_connection resource (#8998)
• dns: added health_check and external_endpoints fields to google_dns_record_set resource (#9016)
• sql: added server_ca_pool field to google_sql_database_instance resource (#9008)
• vmwareengine: allowed import of non-STANDARD private clouds in google_vmwareengine_private_cloud (#9006)

BUG FIXES:

• dataproc: fixed boolean fields in shielded_instance_config in the google_dataproc_cluster resource (#9003)
• gkeonprem: fixed permadiff on vcenter field in google_gkeonprem_vmware_cluster resource (#9011)
• kms: fixed permadiff on google_kms_autokey_config by introducing a 5 second sleep post-create / post-update (#8992)
• networkservices: fixed google_network_services_gateway resource so that it correctly waits for the router to be deleted on terraform destroy (#8993)
• provider: fixed issue where GOOGLE_CLOUD_QUOTA_PROJECT env var would override explicit billing_project (#9012)

v6.15.0

NOTES:

• compute: google_compute_firewall_policy_association now uses MMv1 engine instead of DCL. (#8948)

DEPRECATIONS:

• compute: deprecated numeric_id (string) field in google_compute_network resource. Use the new network_id (integer) field instead (#8915)

FEATURES:

• New Data Source: google_gke_hub_feature (#8930)
• New Data Source: google_kms_autokey_config (#8986)
• New Data Source: google_kms_key_handle (#8933)
• New Resource: google_gkeonprem_vmware_admin_cluster (#8932)
• New Resource: google_chronicle_watchlist (#8983)
• New Resource: google_network_security_intercept_endpoint_group_association (#8958)
• New Resource: google_network_security_intercept_endpoint_group (#8912)
• New Resource: google_storage_folder (#8961)

IMPROVEMENTS:

• artifactregistry: added vulnerability_scanning_config field to google_artifact_registry_repository resource (#8934)
• bigquery: added condition field to google_bigquery_dataset_access resource (#8921)
• bigquery: added condition field to google_bigquery_dataset resource (#8921)
• bigquery: added external_catalog_table_options field to google_bigquery_table resource (#8942)
• composer: added airflow_metadata_retention_config field to google_composer_environment (#8963)
• compute: added back the validation for target_service field on the google_compute_service_attachment resource to validade a ForwardingRule or Gateway URL (#8924)
• compute: added availability_domain field to google_compute_instance, google_compute_instance_template and google_compute_region_instance_template resources (#8914)
• compute: added network_id (integer) field to google_compute_network resource and data source (#8915)
• compute: added preset_topology field to google_network_connectivity_hub resource (#8929)
• compute: added subnetwork_id field to google_compute_subnetwork data source (#8893)
• compute: made setting resource policies for google_compute_instance outside of terraform or using google_compute_disk_resource_policy_attachment no longer affect the boot_disk.initialize_params.resource_policies field (#8959)
• container: changed google_container_cluster to apply maintenance policy updates after upgrades during cluster update (#8922)
• container: made nodepool concurrent operations scale better for google_container_cluster and google_container_node_pool resources (#8943)
• datastream: added gtid and binary_log_position fields to google_datastream_stream resource (#8967)
• developerconnect: added support for setting up a google_developer_connect_connection resource without specifying the authorizer_credentials field (#8953)
• filestore: added tags field to google_filestore_backup to allow setting tags for backups at creation time (#8928)
• networkconnectivity: added group field to google_network_connectivity_spoke resource (#8909)
• parallelstore: added deployment_type field to google_parallelstore_instance resource (#8939)
• storagetransfer: added replication_spec field to google_storage_transfer_job resource (#8976)
• workbench: made gcs-data-bucket metadata key modifiable in google_workbench_instance resource (#8936)
• workstations: added source_workstation field to google_workstations_workstation resource (#8938)

BUG FIXES:

• accesscontextmanager: fixed permadiff due to reordering on google_access_context_manager_service_perimeter_dry_run_egress_policy egress_from.identities (#8980)
• accesscontextmanager: fixed permadiff due to reordering on google_access_context_manager_service_perimeter_dry_run_ingress_policy ingress_from.identities (#8980)
• accesscontextmanager: fixed permadiff due to reordering on google_access_context_manager_service_perimeter_egress_policy egress_from.identities (#8980)
• accesscontextmanager: fixed permadiff due to reordering on google_access_context_manager_service_perimeter_ingress_policy ingress_from.identities (#8980)
• apigee: fixed 404 error when updating google_apigee_environment (#8949)
• bigquery: fixed DROP COLUMN error with bigquery flexible column names in google_bigquery_table (#8982)
• compute: allowed Service Attachment with Project Number to be used as google_compute_forwarding_rule.target (#8978)
• compute: fixed an issue where terraform plan -refresh=false with google_compute_ha_vpn_gateway.gateway_ip_version would plan a resource replacement if a full refresh had not been run yet. Terraform now assumes that the value is the default value, IPV4, until a refresh is completed. (#8904)
• compute: fixed panic when zonal resize request fails on google_compute_resize_request (#8941)
• compute: fixed perma-destroy for psc_data in google_compute_region_network_endpoint_group resource (#8972)
• compute: fixed google_compute_instance_guest_attributes to return an empty list when queried values don't exist instead of throwing an error (#8957)
• integrationconnectors: allowed AUTH_TYPE_UNSPECIFIED option in google_integration_connectors_connection resource to support non-standard auth types (#8971)
• logging: fixed bug in google_logging_project_bucket_config when providing project in the format of <project-id-only> (#8923)
• networkconnectivity: made include_export_ranges and exclude_export_ranges fields mutable in google_network_connectivity_spoke to avoid recreation of resources (#8946)
• sql: fixed permadiff when settings.data_cache_config is set to false for google_sql_database_instance resource (#8889)
• storage: made resource_google_storage_bucket_object generate diff for md5hash, generation, crc32c if content changes (#8908)
• vertexai: made contents_delta_uri an optional field in google_vertex_ai_index (#8969)
• workbench: fixed an issue where a server-added metadata tag of "resource-url" would not be ignored on google_workbench_instance (#8927)

v6.14.1

BUG FIXES:

• compute: fixed an issue where google_compute_firewall_policy_rule was incorrectly removed from the Terraform state (#8940)