v6.14.0

FEATURES:

• New Resource: google_network_security_intercept_deployment_group (#8859)
• New Resource: google_network_security_intercept_deployment (#8876)
• New Resource: google_network_security_authz_policy (#8847)
• New Resource: google_network_services_authz_extension (#8847)

IMPROVEMENTS:

• compute: google_compute_instance is no longer recreated when changing boot_disk.auto_delete (#8837)
• compute: added CA_ENTERPRISE_ANNUAL option for field cloud_armor_tier in google_compute_project_cloud_armor_tier resource (#8848)
• compute: added network_tier field to google_compute_global_forwarding_rule resource (#8838)
• compute: made metadata_startup_script able to be updated via graceful switch in google_compute_instance (#8888)
• firebasehosting: added headers field in google_firebase_hosting_version resource (beta) (#8887)
• identityplatform: marked quota.0.sign_up_quota_config subfields conditionally required in google_identity_platform_config to move errors from apply time up to plan time, and clarified the rule in documentation (#8869)
• networkconnectivity: added support for updating linked_vpn_tunnels.include_import_ranges, linked_interconnect_attachments.include_import_ranges, linked_router_appliance_instances. instances and linked_router_appliance_instances.include_import_ranges in google_network_connectivity_spoke (#8883)
• orgpolicy: added parameters fields to google_org_policy_policy resource (beta) (#8881)
• storage: added hdfs_data_source field to google_storage_transfer_job resource (#8839)
• tpuv2: added network_configs and network_config.queue_count fields to google_tpu_v2_vm resource (#8865)

BUG FIXES:

• accesscontextmanager: fixed an update bug in google_access_context_manager_perimeter by removing the broken output-only etag field in google_access_context_manager_perimeter and google_access_context_manager_perimeters (#8891)
• compute: fixed permadiff on the recaptcha_options field for google_compute_security_policy resource (#8861)
• compute: fixed issue where updating labels on resource_google_compute_resource_policy would fail because of a patch error with guest_flush (#8874)
• networkconnectivity: fixed linked_router_appliance_instances.instances.virtual_machine and linked_router_appliance_instances.instances.ip_address attributes in google_network_connectivity_spoke to be correctly marked as required. Otherwise the request to create the resource will fail. (#8883)
• privateca: fixed an issue which causes error when updating labels for activated sub-CA (#8872)
• sql: fixed permadiff when 'settings.data_cache_config' is set to false for 'google_sql_database_instance' resource (#8889)

v6.13.0

NOTES:

• New ephemeral resources google_service_account_access_token, google_service_account_id_token, google_service_account_jwt, google_service_account_key now support ephemeral values.
  DEPRECATIONS:
• gkehub: deprecated configmanagement.config_sync.metrics_gcp_service_account_email in google_gke_hub_feature_membership resource (#8827)

FEATURES:

• New Ephemeral Resource: google_service_account_access_token (#20542)
• New Ephemeral Resource: google_service_account_id_token (#20542)
• New Ephemeral Resource: google_service_account_jwt (#20542)
• New Ephemeral Resource: google_service_account_key (#20542)
• New Data Source: google_backup_dr_backup_vault (#8775)
• New Data Source: google_backup_dr_backup (#8762)
• New Resource: google_gemini_code_repository_index (#8781)
• New Resource: google_gemini_repository_group_iam_binding (#8824)
• New Resource: google_gemini_repository_group_iam_member (#8824)
• New Resource: google_gemini_repository_group_iam_policy (#8824)
• New Resource: google_gemini_repository_group (#8824)
• New Resource: google_iam_projects_policy_binding (#8756)
• New Resource: google_network_security_mirroring_deployment (#8791)
• New Resource: google_network_security_mirroring_deployment_group (#8791)
• New Resource: google_network_security_mirroring_endpoint_group_association (#8791)
• New Resource: google_network_security_mirroring_endpoint_group (#8791)
• New Resource: google_tpu_v2_queued_resource (#8760)

IMPROVEMENTS:

• accesscontextmanager: added etag to google_access_context_manager_service_perimeter and google_access_context_manager_service_perimeters (#8767)

• alloydb: increased default timeout on google_alloydb_cluster to 120m from 30m (#8820)

• bigtable: added row_affinity field to google_bigtable_app_profile resource (#8753)

• cloudbuild: added private_service_connect field to google_cloudbuild_worker_pool resource (#8827)

• clouddeploy: added associated_entities field to google_clouddeploy_target resource (#8827)

• clouddeploy: added serial_pipeline.strategy.canary.runtime_config.kubernetes.gateway_service_mesh.route_destinations field to google_clouddeploy_delivery_pipeline resource (#8827)

• cloudidentity: added create_time field to google_cloud_identity_group_membership data source (#8711)

• compute: google_compute_instance, google_compute_instance_template, google_compute_region_instance_template now supports advanced_machine_features.enable_uefi_networking field (#8805)

• compute: added MRDMA and IRDMA options to the setting nic_type in the google_compute_instance and google_compute_instance_template resources (#8706)

• compute: google_compute_instance, google_compute_instance_template and google_compute_region_instance_template now support advanced_machine_features.performance_monitoring_unit (#8710)

• compute: added support for specifying storage pool with name or partial url (#8794)

• compute: added numeric_id to the google_compute_network data source (#8821)

• compute: added threshold_configs field to google_compute_security_policy resource (#8818)

• compute: added server generated id as forwarding_rule_id to google_compute_global_forwarding_rule (#8736)

• compute: added server generated id as health_check_id to google_region_health_check (#8736)

• compute: added server generated id as instance_group_manager_id to google_instance_group_manager (#8736)

• compute: added server generated id as instance_group_manager_id to google_region_instance_group_manager (#8736)

• compute: added server generated id as network_endpoint_id to google_region_network_endpoint (#8736)

• compute: added server generated id as subnetwork_id to google_subnetwork (#8736)

• compute: added the psc_data field to the google_compute_region_network_endpoint_group resource (#8766)

• container: added enterprise_config field to google_container_cluster resource (#8808)

• container: added node_pool_autoconfig.linux_node_config.cgroup_mode field to google_container_cluster resource (#8771)

• dataproc: added autotuning_config and cohort fields to google_dataproc_batch (#8740)

• dataproc: added cluster_config.preemptible_worker_config.instance_flexibility_policy.provisioning_model_mix field to google_dataproc_cluster resource (#8732)

• dataproc: added confidential_instance_config field to google_dataproc_cluster resource (#8790)

• discoveryengine: added HEALTHCARE_FHIR to industry_vertical field in google_discovery_engine_search_engine (#8778)

• gkehub: added configmanagement.config_sync.stop_syncing field to google_gke_hub_feature_membership resource (#8827)

• monitoring: added disable_metric_validation field to google_monitoring_alert_policy resource (#8817)

• oracledatabase: added deletion_protection field to google_oracle_database_autonomous_database (#8787)

• oracledatabase: added deletion_protection field to google_oracle_database_cloud_exadata_infrastructure (#8788)

• oracledatabase: added deletion_protection field to google_oracle_database_cloud_vm_cluster (#8730)

• parallelstore: added deployment_type to google_parallelstore_instance (#8769)

• redis: added the cross_cluster_replication_config field to the google_redis_cluster resource (#8721)

• resourcemanager: made google_service_account email and member fields available during plan (#8799)

BUG FIXES:

• apigee: fixed error of update in google_apigee_developer resource (#8728)
• apigee: made google_apigee_organization wait for deletion operation to complete. (#8795)
• cloudfunctions: fixed issue when updating vpc_connector_egress_settings field for google_cloudfunctions_function r...

v6.12.0

FEATURES:

• New Data Source: google_access_context_manager_access_policy (#8676)
• New Data Source: google_backup_dr_data_source (#8641)
• New Resource: google_dataproc_gdc_spark_application (#8662)
• New Resource: google_iam_folders_policy_binding (#8677)
• New Resource: google_iam_organizations_policy_binding (#8679)

IMPROVEMENTS:

• artifactregistry: added common_repository field to google_artifact_registry_repository resource (#8681)
• backupdr: added access_restriction field togoogle_backup_dr_backup_vault resource (beta) (#8656)
• cloudrunv2: added urls output field to google_cloud_run_v2_service resource (#8686)
• compute: added IDPF as a possible value for the network_interface.nic_type field in google_compute_instance resource (#8664)
• compute: added IDPF as a possible value for the guest_os_features.type field in google_compute_image resource (#8664)
• compute: added replica_names field to sql_database_instance resource (#8637)
• filestore: added performance_config field to google_filestore_instance resource (#8647)
• redis: added persistence_config to google_redis_cluster. (#8643)
• securesourcemanager: added workforce_identity_federation_config field to google_secure_source_manager_instance resource (#8670)
• spanner: added default_backup_schedule_type field to google_spanner_instance (#8644)
• sql: added psc_auto_connections fields to google_sql_database_instance resource (#8682)

BUG FIXES:

• accesscontextmanager: fixed permadiff in perimeter google_access_context_manager_service_perimeter_ingress_policy and google_access_context_manager_service_perimeter_egress_policy resources when there are duplicate resources in the rules (#8675)
• accesscontextmanager: fixed comparison of identity_type in ingress_from and egress_from when the IDENTITY_TYPE_UNSPECIFIED is set (#8648)
• compute: fixed permadiff on attempted type field updates in google_computer_security_policy, updating this field will now force recreation of the resource (#8689)
• identityplatform: fixed perma-diff in google_identity_platform_config (#8663)

v6.11.2

BUG FIXES:

• vertexai: fixed issue with google_vertex_ai_endpoint where upgrading to 6.11.0 would delete all traffic splits that were set outside Terraform (which was previously a required step for all meaningful use of this resource). (#8708)

v6.11.1

BUG FIXES:

• container: fixed diff on google_container_cluster.user_managed_keys_config field for resources that had not set it. (#8687)
• container: marked google_container_cluster.user_managed_keys_config as immutable because it can't be updated in place. (#8687)

v6.11.0

NOTES:

• compute: migrated google_compute_firewall_policy_rule from DCL engine to MMv1 engine. (#8604)

BREAKING CHANGES:

• looker: made oauth_config a required field in google_looker_instance, as creating this resource without that field always triggers an API error (#8633)

DEPRECATIONS:

• backupdr: deprecated force_delete on google_backup_dr_backup_vault. Use ignore_inactive_datasources instead (#8616)

FEATURES:

• New Data Source: google_backup_dr_backup_plan_association (#8632)
• New Data Source: google_backup_dr_backup_plan (#8603)
• New Data Source: google_spanner_database (#8568)
• New Resource: google_apigee_api (#8567)
• New Resource: google_backup_dr_backup_plan_association (#8632)
• New Resource: google_backup_dr_backup_plan (#8603)
• New Resource: google_compute_region_resize_request (#8588)
• New Resource: google_dataproc_gdc_application_environment (#8609)
• New Resource: google_dataproc_gdc_service_instance (#8591)
• New Resource: google_iam_principal_access_boundary_policy (#8634)
• New Resource: google_network_management_vpc_flow_logs_config (#8623)

IMPROVEMENTS:

• apigee: added in-place update support for google_apigee_env_references (#8621)
• apigee: added in-place update support for google_apigee_environment resource (#8627)
• backupdr: added ignore_inactive_datasources and ignore_backup_plan_references fields to google_backup_dr_backup_vault resource (#8616)
• bigquery: added external_catalog_dataset_options fields to google_bigquery_dataset resource (#8558)
• cloudrunv2: added gcs.mount_options to google_cloud_run_v2_service and google_cloud_run_v2_job (#8613)
• compute: added rules property to google_compute_region_security_policy resource (#8574)
• compute: added disks field to google_compute_node_template resource (#8620)
• compute: added replica_names field to sql_database_instance resource (#8637)
• compute: added new field instance_flexibility_policy to resource google_compute_region_instance_group_manager (#8581)
• compute: increased google_compute_security_policy timeouts from 20 minutes to 30 minutes (#8589)
• container: added control_plane_endpoints_config field to google_container_cluster resource. (#8630)
• container: added parallelstore_csi_driver_config field to google_container_cluster resource. (#8607)
• container: added user_managed_keys_config field to google_container_cluster resource. (#8562)
• firestore: allowed single field indexes to support __name__ DESC indexes in google_firestore_index resources (#8576)
• privateca: added support for sub-CA to be activated into STAGED state (#8560)
• spanner: added default_backup_schedule_type field to google_spanner_instance (#8644)
• vertexai: added traffic_split, private_service_connect_config, predict_request_response_logging_config, dedicated_endpoint_enabled, and dedicated_endpoint_dns fields to google_vertex_ai_endpoint resource (#8619)
• workflows: added deletion_protection field to google_workflows_workflow resource (#8563)

BUG FIXES:

• compute: fixed a diff based on server-side reordering of match.src_address_groups and match.dest_address_groups in google_compute_network_firewall_policy_rule (#8592)
• compute: fixed permadiff on the preconfigured_waf_config field for google_compute_security_policy resource (#8622)
• container: fixed in-place updates for node_config.containerd_config in google_container_cluster and google_container_node_pool (#8566)

v5.45.0

NOTES:

• 5.45.0 is a backport release, responding to a new Spanner feature that may result in creation of unwanted backups for users. The changes in this release will be available in 6.11.0 and users upgrading to 6.X should upgrade to that version or higher.

IMPROVEMENTS:

• spanner: added default_backup_schedule_type field to google_spanner_instance (#8644)

v6.10.0

FEATURES:

• New Data Source: google_compute_instance_guest_attributes (#8556)
• New Data Source: google_service_accounts (#8532)
• New Resource: google_iap_settings (#8548)

IMPROVEMENTS:

• apphub: added GLOBAL enum value to scope.type field in google_apphub_application resource (#8504)
• assuredworkloads: added workload_options field to google_assured_workloads_workload resource (#8495)
• backupdr: marked networks field optional in google_backup_dr_management_server resource (#8594)
• bigquery: added external_catalog_dataset_options fields to google_bigquery_dataset resource (beta) (#8558)
• bigquery: added descriptive validation errors for missing required fields in google_bigquery_job destination table configuration (#8542)
• compute: desired_status on google_compute_instance can now be set to TERMINATED or SUSPENDED on instance creation (#8515)
• compute: added header_action and redirect_options fields to google_compute_security_policy_rule resource (#8544)
• compute: added interface.ipv6-address field in google_compute_external_vpn_gateway resource (#8552)
• compute: added plan-time validation to name on google_compute_instance (#8520)
• compute: added support for advanced_machine_features.turbo_mode to google_compute_instance, google_compute_instance_template, and google_compute_region_instance_template (#8551)
• container: added in-place update support for labels, resource_manager_tags and workload_metadata_config in google_container_cluster.node_config (#8522)
• memorystore: added mode flag to google_memorystore_instance (#8498)
• resourcemanager: added disabled to google_service_account datasource (#8518)
• spanner: added asymmetric_autoscaling_options field to google_spanner_instance (#8503)
• sql: removed the client-side default of ENTERPRISE for edition in google_sql_database_instance so that edition is determined by the API when unset. This will cause new instances to use ENTERPRISE_PLUS as the default for POSTGRES_16. (#8490)
• vmwareengine: added autoscaling_settings to google_vmwareengine_private_cloud resource (#8529)

BUG FIXES:

• accesscontextmanager: fixed permadiff for perimeter ingress / egress rule resources (#8526)
• compute: fixed an error in google_compute_region_security_policy_rule that prevented updating the default rule (#8535)
• compute: fixed an error in google_compute_security_policy_rule that prevented updating the default rule (#8535)
• container: fixed missing in-place updates for some google_container_cluster.node_config subfields (#8522)

v6.9.0

DEPRECATIONS:

• containerattached: deprecated security_posture_config field in google_container_attached_cluster resource (#8446)

FEATURES:

• New Data Source: google_oracle_database_autonomous_database (#8440)
• New Data Source: google_oracle_database_autonomous_databases (#8438)
• New Data Source: google_oracle_database_cloud_exadata_infrastructures (#8430)
• New Data Source: google_oracle_database_cloud_vm_clusters (#8437)
• New Resource: google_apigee_app_group (#8451)
• New Resource: google_apigee_developer (#8445)
• New Resource: google_network_connectivity_group (#8439)

IMPROVEMENTS:

• compute: google_compute_network_firewall_policy_association now uses MMv1 engine instead of DCL. (#8489)
• compute: google_compute_region_network_firewall_policy_association now uses MMv1 engine instead of DCL. (#8489)
• compute: added creation_timestamp field to google_compute_instance, google_compute_instance_template, google_compute_region_instance_template (#8442)
• compute: added key_revocation_action_type to google_compute_instance and related resources (#8473)
• looker: added deletion_policy to google_looker_instance to allow force-destroying instances with nested resources by setting deletion_policy = FORCE (#8453)
• monitoring: added alert_strategy.notification_prompts field to google_monitoring_alert_policy (#8457)
• storage: added hierarchical_namespace to google_storage_bucket resource (#8428)
• sql: removed the client-side default of ENTERPRISE for edition in google_sql_database_instance so that edition is determined by the API when unset. This will cause new instances to use ENTERPRISE_PLUS as the default for POSTGRES_16. (#8490)
• vmwareengine: added autoscaling_settings to google_vmwareengine_cluster resource (#8477)
• workstations: added max_usable_workstations field to google_workstations_workstation_config resource. (#8421)

BUG FIXES:

• compute: fixed an issue where immutable distribution_zones was incorrectly sent to the API when updating distribution_policy_target_shape in google_compute_region_instance_group_manager resource (#8470)
• container: fixed a crash in google_container_node_pool caused by an occasional nil pointer (#8452)
• essentialcontacts: fixed google_essential_contacts_contact import to include required parent field. (#8423)
• sql: made google_sql_database_instance.0.settings.0.data_cache_config accept server-side changes when unset. When unset, no diffs will be created when instances change in edition and the feature is enabled or disabled as a result. (#8485)
• storage: removed retry on 404s during refresh for google_storage_bucket, preventing hanging when refreshing deleted buckets (#8478)

v6.8.0

FEATURES:

• New Data Source: google_oracle_database_cloud_exadata_infrastructure (#8407)
• New Data Source: google_oracle_database_cloud_vm_cluster (#8410)
• New Data Source: google_oracle_database_db_nodes (#8420)
• New Data Source: google_oracle_database_db_servers (#8389)
• New Resource: google_oracle_database_autonomous_database (#8411)
• New Resource: google_oracle_database_cloud_exadata_infrastructure (#8371)
• New Resource: google_oracle_database_cloud_vm_cluster (#8397)
• New Resource: google_transcoder_job_template (#8406)
• New Resource: google_transcoder_job (#8406)

IMPROVEMENTS:

• cloudfunctions: increased the timeouts to 20 minutes for google_cloudfunctions_function resource (#8372)
• cloudrunv2: added invoker_iam_disabled field to google_cloud_run_v2_service (#8395)
• compute: made google_compute_network_firewall_policy_rule use MMv1 engine instead of DCL. (#8412)
• compute: made google_compute_region_network_firewall_policy_rule use MMv1 engine instead of DCL. (#8412)
• compute: added ip_address_selection_policy field to google_compute_backend_service and google_compute_region_backend_service. (#8413)
• compute: added provisioned_throughput field to google_compute_instance_template resource (#8405)
• compute: added provisioned_throughput field to google_compute_region_instance_template resource (#8405)
• container: google_container_cluster will now accept server-specified values for node_pool_auto_config.0.node_kubelet_config when it is not defined in configuration and will not detect drift. Note that this means that removing the value from configuration will now preserve old settings instead of reverting the old settings. (#8385)
• container: added support for additional values KCP_CONNECTION, and KCP_SSHDin google_container_cluster.logging_config (#8381)
• dialogflowcx: added advanced_settings.logging_settings and advanced_settings.speech_settings to google_dialogflow_cx_agent and google_dialogflow_cx_flow (#8374)
• networkconnectivity: added linked_producer_vpc_network field to google_network_connectivity_spoke resource (#8376)
• secretmanager: added is_secret_data_base64 field to google_secret_manager_secret_version and google_secret_manager_secret_version_access datasources (#8394)
• secretmanager: added is_secret_data_base64 field to google_secret_manager_regional_secret_version and google_secret_manager_regional_secret_version_access datasources (#8394)
• spanner: added kms_key_names to encryption_config in google_spanner_database (#8403)
• workstations: added max_usable_workstations field to google_workstations_workstation_config resource (#8421)
• workstations: added field allowed_ports to google_workstations_workstation_config (#8402)

BUG FIXES:

• bigquery: fixed a regression that caused google_bigquery_dataset_iam_* resources to attempt to set deleted IAM members, thereby triggering an API error (#8408)
• compute: fixed an issue in google_compute_backend_service and google_compute_region_backend_service to allow sending false for iap.enabled (#8369)
• container: node_config.linux_node_config, node_config.workload_metadata_config and node_config.kubelet_config will now successfully send empty messages to the API when terraform plan indicates they are being removed, rather than null, which caused an error. The sole reliable case is node_config.linux_node_config when the block is removed, where there will still be a permadiff, but the update request that's triggered will no longer error and other changes displayed in the plan should go through. (#8400)