v5.23.0

NOTES:

• provider: introduced support for provider-defined functions. This feature is in Terraform v1.8.0+. (#17694)

DEPRECATIONS:

• kms: deprecated attestation.external_protection_level_options in favor of external_protection_level_options in google_kms_crypto_key_version (#17704)

FEATURES:

• New Data Source: google_apphub_application (#17679)
• New Resource: google_cloud_quotas_quota_preference (#17637)
• New Resource: google_vertex_ai_deployment_resource_pool (#17707)
• New Resource: google_integrations_client (#17640)

IMPROVEMENTS:

• bigquery: added dataGovernanceType to google_bigquery_routine resource (#17689)
• bigquery: added support for external_data_configuration.json_extension to google_bigquery_table (#17663)
• compute: added cloud_router_ipv6_address, customer_router_ipv6_address fields to google_compute_interconnect_attachment resource (#17692)
• compute: added generated_id field to google_compute_region_backend_service resource (#17639)
• integrations: added deletion support for google_integrations_client resource (#17678)
• kms: added crypto_key_backend field to google_kms_crypto_key resource (#17704)
• metastore: added scheduled_backup field to google_dataproc_metastore_service resource (#17673)
• provider: added provider-defined function name_from_id for retrieving the short-form name of a resource from its self link or id (#17694)
• provider: added provider-defined function project_from_id for retrieving the project id from a resource's self link or id (#17694)
• provider: added provider-defined function region_from_zone for deriving a region from a zone's name (#17694)
• provider: added provider-defined functions location_from_id, region_from_id, and zone_from_id for retrieving the location/region/zone names from a resource's self link or id (#17694)

BUG FIXES:

• cloudrunv2: fixed Terraform state inconsistency when resource google_cloud_run_v2_job creation fails (#17711)
• cloudrunv2: fixed Terraform state inconsistency when resource google_cloud_run_v2_service creation fails (#17711)
• container: fixed google_container_cluster permadiff when master_ipv4_cidr_block is set for a private flexible cluster (#17687)
• dataflow: fixed an issue where the provider would crash when enableStreamingEngine is set as a parameter value in google_dataflow_flex_template_job (#17712)
• kms: added top-level external_protection_level_options field in google_kms_crypto_key_version resource (#17704)

v5.22.0

BREAKING CHANGES:

• networksecurity: added required field billing_project_id to google_network_security_firewall_endpoint resource. Any configuration without billing_project_id specified will cause resource creation fail (beta) (#17630)

FEATURES:

• New Data Source: google_cloud_quotas_quota_info (#17564)
• New Data Source: google_cloud_quotas_quota_infos (#17617)
• New Resource: google_access_context_manager_service_perimeter_dry_run_resource (#17614)

IMPROVEMENTS:

• accesscontextmanager: supported managing service perimeter dry run resources outside the perimeter via new resource google_access_context_manager_service_perimeter_dry_run_resource (#17614)
• cloudrunv2: added plan-time validation to restrict number of ports to 1 in google_cloud_run_v2_service (#17594)
• composer: added field count to validate number of DAG processors in google_composer_environment (#17625)
• compute: added enumeration value SEV_LIVE_MIGRATABLE_V2 for the guest_os_features of google_compute_disk (#17629)
• compute: added status.all_instances_config.revision field to google_compute_instance_group_manager and google_compute_region_instance_group_manager (#17595)
• compute: added field path_template_match to resource google_compute_region_url_map (#17571)
• compute: added field path_template_rewrite to resource google_compute_region_url_map (#17571)
• pubsub: added ingestion_data_source_settings field to google_pubsub_topic resource (#17604)
• storage: added 'soft_delete_policy' to 'google_storage_bucket' resource (#17624)

BUG FIXES:

• accesscontextmanager: fixed an issue with access_context_manager_service_perimeter_ingress_policy and access_context_manager_service_perimeter_egress_policy where updates could not be applied after initial creation. Any updates applied to these resources will now involve their recreation. To ensure that new policies are added before old ones are removed, add a lifecycle block with create_before_destroy = true to your resource configuration alongside other updates. (#17596)
• firebase: made the google_firebase_android_app resource's package_name field required and immutable. This prevents API errors encountered by users who attempted to update or leave that field unset in their configurations. (#17585)
• spanner: removed validation function for the field version_retention_period in the resource google_spanner_database and directly returned error from backend (#17621)

v5.21.0

FEATURES:

• New Data Source: google_apphub_discovered_service (#17548)
• New Data Source: google_apphub_discovered_workload (#17553)
• New Data Source: google_cloud_quotas_quota_info (#17564)
• New Resource: google_apphub_workload (#17561)
• New Resource: google_firebase_app_check_device_check_config (#17517)
• New Resource: google_iap_tunnel_dest_group (#17533)
• New Resource: google_kms_ekm_connection (#17512)
• New Resource: google_apphub_application (#17499)
• New Resource: google_apphub_service (#17562)
• New Resource: google_apphub_service_project_attachment (#17536)
• New Resource: google_network_security_firewall_endpoint_association (#17540)

IMPROVEMENTS:

• cloudrunv2: added support for scaling.min_instance_count in google_cloud_run_v2_service. (#17501)
• compute: added metric.single_instance_assignment and metric.filter to google_compute_region_autoscaler (#17519)
• container: added queued_provisioning to google_container_node_pool (#17549)
• gkeonprem: allowed vcenter_network to be set in google_gkeonprem_vmware_cluster, previously it was output-only (#17505)
• workstations: added support for ephemeral_directories in google_workstations_workstation_config (#17515)

BUG FIXES:

• compute: allowed sending empty values for SERVERLESS in google_compute_region_network_endpoint_group resource (#17500)
• notebooks: fixed an issue where default tags would cause a diff recreating google_notebooks_instance resources (#17559)
• storage: fixed an issue where two or more lifecycle rules with different values of no_age field always generates change in google_storage_bucket resource. (#17513)

v5.20.0

FEATURES:

• New Resource: google_clouddeploy_custom_target_type_iam_* (#17445)

IMPROVEMENTS:

• certificatemanager: added type field to google_certificate_manager_dns_authorization resource (#17459)
• compute: added the network_url attribute to the consumer_accept_list-block of the google_compute_service_attachment resource (#17492)
• gkehub: added support for policycontroller.policy_controller_hub_config.policy_content.bundles and
  policycontroller.policy_controller_hub_config.deployment_configs fields to google_gke_hub_feature_membership (#17483)

BUG FIXES:

• artifactregistry: fixed permadiff when google_artifact_repository.docker_config field is unset (#17484)
• bigquery: corrected plan-time validation on google_bigquery_dataset.dataset_id (#17449)
• kms: fixed issue where google_kms_crypto_key_version.attestation.cert_chains properties were incorrectly set to type string (#17486)

v5.19.0

FEATURES:

• New Resource: google_clouddeploy_automation(#17427)
• New Resource: google_clouddeploy_target_iam_* (#17368)

IMPROVEMENTS:

• bigquery: added remote_function_options field to google_bigquery_routine resource (#17382)
• certificatemanager: added location field to google_certificate_manager_dns_authorization resource (#17358)
• composer: added validations for composer 2/3 only fields in google_composer_environment (#17361)
• compute: added certificate_manager_certificates field to google_compute_region_target_https_proxy resource (#17365)
• compute: promoted all_instances_config field in resources google_compute_instance_group_manager and google_compute_region_instance_group_manager to GA (#17414)
• container: promoted enable_confidential_storage from node_config in google_container_cluster and google_container_node_pool to GA (#17367)
• gkehub2: added namespace_labels field to google_gke_hub_scope resource (#17421)

BUG FIXES:

• resourcemanager: added a retry to deleting the default network when auto_create_network is false in google_project (#17419)

v5.18.0

BREAKING CHANGES:

• securityposture: marked policy_sets and policy_sets.policies required in google_securityposture_posture. API validation already enforced this, so no resources could be provisioned without these (#17303)

FEATURES:

• New Data Source: google_compute_forwarding_rules (#17342)
• New Resource: google_firebase_app_check_app_attest_config (#17279)
• New Resource: google_firebase_app_check_play_integrity_config (#17279)
• New Resource: google_firebase_app_check_recaptcha_enterprise_config (#17327)
• New Resource: google_firebase_app_check_recaptcha_v3_config (#17327)
• New Resource: google_migration_center_preference_set (#17291)
• New Resource: google_netapp_volume_replication (#17348)

IMPROVEMENTS:

• cloudfunctions: added output-only version_id field on google_cloudfunctions_function (#17273)
• composer: supported patch versions of airflow on google_composer_environment (#17345)
• compute: supported updating network_interface.stack_type field on google_compute_instance resource. (#17295)
• container: added node_config.resource_manager_tags field to google_container_cluster resource (#17346)
• container: added node_config.resource_manager_tags field to google_container_node_pool resource (#17346)
• container: added output-only fields membership_id and membership_location under fleet in google_container_cluster resource (#17305)
• looker: added custom_domain field to google_looker_instance resource (#17301)
• netapp: added field restore_parameters and output-only fields state, state_details and create_time to google_netapp_volume resource (#17293)
• workbench: added container_image field to google_workbench_instance resource (#17326)
• workbench: added shielded_instance_config field to google_workbench_instance resource (#17306)

BUG FIXES:

• bigquery: allowed users to set permissions for principal/principalSets (iamMember) in google_bigquery_dataset_iam_member. (#17292)
• cloudfunctions2: fixed an issue where not specifying event_config.trigger_region in google_cloudfunctions2_function resulted in a permanent diff. The field now pulls a default value from the API when unset. (#17328)
• compute: fixed issue where changes only in stateful_(internal|external)_ip would not trigger an update for google_compute_(region_)instance_group_manager (#17297)
• compute: fixed perma-diff on min_ports_per_vm in google_compute_router_nat when the field is unset by making the field default to the API-set value (#17337)
• dataflow: fixed crash in google_dataflox_job to return an error instead if a job's Environment field is nil when reading job information (#17344)
• notebooks: changed tag field to default to the API's value if not specified in google_notebooks_instance (#17323)

v5.17.0

NOTES:

• cloudbuildv2: changed underlying actuation engine for google_cloudbuildv2_connection, there should be no user-facing impact (#17222)

DEPRECATIONS:

• container: deprecated support for relay_mode field in google_container_cluster.monitoring_config.advanced_datapath_observability_config in favor of enable_relay field, relay_mode field will be removed in a future major release (#17262)

FEATURES:

• New Resource: google_firebase_app_check_debug_token (#17242)
• New Resource: google_clouddeploy_custom_target_type (#17254)

IMPROVEMENTS:

• cloudasset: allowed overriding the billing project for the google_cloud_asset_resources_search_all datasource
• clouddeploy: added support for canary_revision_tags, prior_revision_tags, stable_revision_tags, and stable_cutback_duration to google_clouddeploy_delivery_pipeline
• cloudfunctions: expose version_id on google_cloudfunctions_function (#17273)
• compute: promoted user_ip_request_headers field on google_compute_security_policy resource to GA (#17271)
• container: added support for enable_relay field to google_container_cluster.monitoring_config.advanced_datapath_observability_config (#17262)
• eventarc: added support for http_endpoint.uri and network_config.network_attachment to google_eventarc_trigger (#17237)
• healthcare: added reject_duplicate_message field to google_healthcare_hl7_v2_store resource (#17267)
• identityplatform: added client, permissions, monitoring and mfa fields to google_identity_platform_config (#17225)
• notebooks: added desired_state field to google_notebooks_instance (#17268)
• vertexai: added feature_registry_source field to google_vertex_ai_feature_online_store_featureview resource (#17264)
• workbench: added desired_state field to google_workbench_instance resource (#17270)

BUG FIXES:

• compute: made resource_manager_tags updatable on google_compute_instance_template and google_compute_region_instance_template (#17256)
• notebooks: prevented recreation of google_notebooks_instance when kms_key or service_account_scopes are changed server-side (#17232)

v5.16.0

FEATURES:

• New Resource: google_clouddeploy_delivery_pipeline_iam_* (#17180)
• New Resource: google_compute_instance_group_membership (#17188)
• New Resource: google_discovery_engine_search_engine (#17146)
• New Resource: google_firebase_app_check_service_config (#17155)

IMPROVEMENTS:

• bigquery: promoted table_replication_info field on resource_bigquery_table resource to GA (#17181)
• networksecurity: removed unused custom code from google_network_security_address_group (#17183)
• provider: added an optional provider level label goog-terraform-provisioned to identify resources that were created by Terraform when viewing/editing these resources in other tools. (#17170)

v5.15.0

FEATURES:

• New Data Source: google_compute_machine_types (#17107)
• New Resource: google_blockchain_nodes (#17096)
• New Resource: google_compute_region_network_endpoint (#17137)
• New Resource: google_discovery_engine_chat_engine (#17145)
• New Resource: google_discovery_engine_search_engine (#17146)
• New Resource: google_netapp_volume_snapshot (#17138)

IMPROVEMENTS:

• compute: added INTERNET_IP_PORT and INTERNET_FQDN_PORT options for the google_compute_region_network_endpoint_group resource. (#17137)
• compute: added creation_timestamp to google_compute_instance_group_manager and google_compute_region_instance_group_manager. (#17110)
• compute: added disk_id attribute to google_compute_disk resource (#17112)
• compute: added stack_type attribute for google_compute_interconnect_attachment resource. (#17139)
• compute: updated the google_compute_security_policy resource's json_parsing field to accept the value STANDARD_WITH_GRAPHQL (#17097)
• memcache: added reserved_ip_range_id field to google_memcache_instance resource (#17101)
• netapp: added deletion_policy field to google_netapp_volume resource (#17111)

BUG FIXES:

• alloydb: fixed an issue where database_flags in secondary google_alloydb_instance resources would cause a diff, as they are copied from the primary (#17128)
• filestore: made google_filestore_instance.source_backup field configurable (#17099)
• vmwareengine: fixed a bug to prevent recreation of existing google_vmwareengine_private_cloud resources when upgrading provider version from <5.10.0 (#17135

v5.14.0

FEATURES:

• New Resource: google_discovery_engine_data_store (#17084)
• New Resource: google_securityposture_posture_deployment (#17085)
• New Resource: google_securityposture_posture (#17079)

IMPROVEMENTS:

• artifactregistry: promoted cleanup_policies and cleanup_policy_dry_run fields to GA for google_artifactregistry_repository resource (#17074)
• composer: added data_retention_config field to google_composer_environment resource (#17050)
• logging: updated the google_logging_project_bucket_config resource to be created using the asynchronous create method (#17067)
• pubsub: added use_table_schema field to google_pubsub_subscription resource (#17054)
• workflows: added call_log_level field to google_workflows_workflow resource (#17051)

BUG FIXES:

• cloudfunctions2: fixed permadiff when build_config.docker_repository field is not specified on google_cloudfunctions2_function resource (#17072)
• compute: fixed error when iap field is unset for google_compute_region_backend_service resource (#17071)
• eventarc: fixed error when setting destination.cloud_function field on google_eventarc_trigger resource by making it output-only (#17052)