v5.13.0

NOTES:

• cloudbuildv2: changed underlying actuation engine for google_cloudbuildv2_repository, there should be no user-facing impact (#16969)
• provider: added support for in-place update for labels and terraform_labels fields in immutable resources (#17016)

FEATURES:

• New Resource: google_netapp_backup_policy (#16962)
• New Resource: google_netapp_volume (#16990)
• New Resource: google_network_security_address_group_iam_* (#17013)
• New Resource: google_vertex_ai_feature_group_feature (#17015)

IMPROVEMENTS:

• alloydb: allowed database_version as an input on google_alloydb_cluster resource (#16967)
• bigquery: added spark_options field to google_bigquery_routine resource (#17028)
• cloudrunv2: added nfs and gcs fields to google_cloud_run_v2_service.template.volumes (#16972)
• cloudrunv2: added tcp_socket field to google_cloud_run_v2.template.containers.liveness_probe (#16972)
• compute: added enable_confidential_compute field to google_compute_instance.boot_disk.initialize_params (#16968)
• compute: added enable_confidential_compute field to google_compute_disk resource (#16968)
• gkehub2: added clusterupgrade field to google_gke_hub_feature resource (#16951)
• notebooks: allowed machine_type and accelerator_config to be updatable on google_notebooks_runtime resource (#16993)

BUG FIXES:

• compute: fixed the bug that max_ttl is sent in API calls even it is removed from configuration when changing cache_mode to FORCE_CACHE_ALL in google_compute_backend_bucket resource (#16976)
• networkservices: fixed a perma-diff on addresses field in google_network_services_gateway resource (#17035)
• provider: fixed universe_domain behavior to correctly throw an error when explicitly configured universe_domain values did not match credentials assumed to be in the default universe (#17014)
• spanner: fixed error when adding autoscaling_config to an existing google_spanner_instance resource (#17033)

v5.12.0

FEATURES:

• New Data Source: google_dns_managed_zones (#16949)
• New Data Source: google_filestore_instance (#16931)
• New Data Source: google_vmwareengine_external_access_rule (#16912)
• New Resource: google_clouddomains_registration (#16947)
• New Resource: google_netapp_kmsconfig (#16945)
• New Resource: google_vertex_ai_feature_online_store_featureview (#16930)
• New Resource: google_vmwareengine_external_access_rule (#16912)

IMPROVEMENTS:

• compute: added md5_authentication_key field to google_compute_router_peer resource (#16923)
• compute: added in-place update support to params.resource_manager_tags field in google_compute_instance resource (#16942)
• compute: added in-place update support to description field in google_compute_instance resource (#16900)
• gkehub: added policycontroller field to google_gke_hub_feature_membership resource (#16916)
• gkehub2: added clusterupgrade field to google_gke_hub_feature resource (#16951)
• gkeonprem: added in-place update support to vsphere_config field and added host_groups field in google_gkeonprem_vmware_node_pool resource (#16896)
• iam: added create_ignore_already_exists field to google_service_account resource. If ignore_create_already_exists is set to true, resource creation would succeed when response error is 409 ALREADY_EXISTS. (#16927)
• servicenetworking: added field deletion_policy to google_service_networking_connection (#16944)
• sql: set replica_configuration, ca_cert, and server_ca_cert fields to be sensitive in google_sql_instance and google_sql_ssl_cert resources (#16932)

BUG FIXES:

• bigquery: fixed perma-diff of encryption_configuration when API returns an empty object on google_bigquery_table resource (#16926)
• compute: fixed an issue where the provider would wait_for_instances if set before deleting on google_compute_instance_group_manager and google_compute_region_instance_group_manager resources (#16943)
• compute: fixed perma-diff that reordered stateful_external_ip and stateful_internal_ip blocks on google_compute_instance_group_manager and google_compute_region_instance_group_manager resources (#16910)
• datapipeline: fixed perma-diff of scheduler_service_account_email when it's not explicitly specified in google_data_pipeline_pipeline resource (#16917)
• edgecontainer: fixed resource import on google_edgecontainer_vpn_connection resource (#16948)
• servicemanagement: fixed an issue where an inconsistent plan would be created when certain fields such as openapi_config, grpc_config, and protoc_output_base64, had computed values in google_endpoints_service resource (#16946)
• storage: fixed an issue where retry timeout wasn't being utilized when creating google_storage_bucket resource (#16902)

v5.11.0

NOTES:

• compute: changed underlying actuation engine for google_network_firewall_policy and google_region_network_firewall_policy, there should be no user-facing impact (#16837)

DEPRECATIONS:

• gkehub2: deprecated field configmanagement.config_sync.oci.version in google_gke_hub_feature resource (#16818)

FEATURES:

• New Data Source: google_compute_reservation (#16860)
• New Resource: google_integration_connectors_endpoint_attachment (#16822)
• New Resource: google_logging_folder_settings (#16800)
• New Resource: google_logging_organization_settings (#16800)
• New Resource: google_netapp_active_directory (#16844)
• New Resource: google_vertex_ai_feature_online_store (#16840)
• New Resource: google_vertex_ai_feature_group (#16842)
• New Resource: google_netapp_backup_vault (#16876)

IMPROVEMENTS:

• bigqueryanalyticshub: added restricted_export_config field to google_bigquery_analytics_hub_listing resource (#16850)
• composer: added support for composer_internal_ipv4_cidr_block field to google_composer_environment (#16815)
• compute: added provisioned_iopsand provisioned_throughput fields under boot_disk.initialize_params to google_compute_instance resource (#16871)
• compute: added resource_manager_tags and disk.resource_manager_tags for google_compute_instance_template (#16889)
• compute: added resource_manager_tags and disk.resource_manager_tags for google_compute_region_instance_template (#16889)
• dataproc: added auxiliary_node_groups field to google_dataproc_cluster resource (#16798)
• edgecontainer: increased default timeout on google_edgecontainer_cluster, google_edgecontainer_node_pool to 480m from 60m (#16886)
• gkehub2: added field version under configmanagement in google_gke_hub_feature resource (#16818)
• kms: added output-only field primary to google_kms_crypto_key (#16845)
• metastore: added endpoint_protocol, metadata_integration, and auxiliary_versions to google_dataproc_metastore_service (#16823)
• sql: added support for IAM GROUP authentication in the type field of google_sql_user (#16853)
• storagetransfer: made name field settable on google_storage_transfer_job (#16838)

BUG FIXES:

• container: added check that node_version and min_master_version are the same on create of google_container_cluster, when running terraform plan (#16817)
• container: fixed a bug where disabling PDCSI addon gce_persistent_disk_csi_driver_config during creation will result in permadiff in google_container_cluster resource (#16794)
• container: fixed an issue in which migrating from the deprecated Binauthz enablement bool to the new evaluation mode enum inadvertently caused two cluster update events, instead of none. (#16851)
• containerattached: fixed crash when updating a cluster to remove admin_users or admin_groups in google_container_attached_cluster (#16852)
• dialogflowcx: fixed a permadiff in the git_integration_settings field of google_diagflow_cx_agent (#16803)
• monitoring: fixed the index out of range crash in dashboard_json for the resource google_monitoring_dashboard (#16792)

v5.10.0

FEATURES:

• New Data Source: google_compute_region_disk (#16732)
• New Data Source: google_vmwareengine_external_address (#16698)
• New Data Source: google_vmwareengine_subnet (#16700)
• New Data Source: google_vmwareengine_vcenter_credentials (#16709)
• New Resource: google_vmwareengine_cluster (#16757)
• New Resource: google_vmwareengine_external_address (#16698)
• New Resource: google_vmwareengine_subnet (#16700)
• New Resource: google_workbench_instance (#16773)
• New Resource: google_workbench_instance_iam_* (#16773)

IMPROVEMENTS:

• compute: added numeric_id field to google_compute_network resource (#16712)
• compute: added remove_instance_on_destroy option to google_compute_per_instance_config resource (#16729)
• compute: added remove_instance_on_destroy option to google_compute_region_per_instance_config resource (#16729)
• container: added network_performance_config field to google_container_node_pool resource to support GKE tier 1 networking (#16688)
• container: added support for in-place update for machine_type/disk_type/disk_size_gb in google_container_node_pool resource (#16724)
• containerazure: added config.labels to google_container_azure_node_pool (#16754)
• dataform: added display_name, labels and npmrc_environment_variables_secret_version fields to google_dataform_repository resource (#16733)
• monitoring: added severity field to google_monitoring_alert_policy resource (#16775)
• notebooks: added support for labels to google_notebooks_runtime (#16783)
• recaptchaenterprise: added waf_settings to google_recaptcha_enterprise_key (#16754)
• securesourcemanager: added host_config, state_note, kms_key, and private_config fields to google_secure_source_manager_instance resource (#16731)
• spanner: added autoscaling_config.max_nodes and autoscaling_config.min_nodes to google_spanner_instance (#16786)
• storage: added rpo field to google_storage_bucket resource (#16756)
• vmwareengine: added type field to google_vmwareengine_private_cloud resource (#16781)
• workloadidentity: added saml block to google_iam_workload_identity_pool_provider resource (#16710)

BUG FIXES:

• logging: fixed an issue where value change of unique_writer_identity on google_logging_project_sink does not trigger diff on dependent's usages of writer_identity (#16776)

v5.9.0

FEATURES:

• New Data Source: google_logging_folder_settings (#16658)
• New Data Source: google_logging_organization_settings (#16658)
• New Data Source: google_logging_project_settings (#16658)
• New Data Source: google_vmwareengine_network_policy (#16639)
• New Data Source: google_vmwareengine_nsx_credentials (#16669)
• New Resource: google_scc_event_threat_detection_custom_module (#16649)
• New Resource: google_secure_source_manager_instance (#16637)
• New Resource: google_vmwareengine_network_policy (#16639)

IMPROVEMENTS:

• bigqueryconnection: added spark support to google_bigquery_connection resource (#16677)
• cloudidentity: added expiry_detail field to google_cloud_identity_group_membership resource (#16643)
• container: added autoscaling_profile field in the cluster_autoscaling block in google_container_cluster resource (#16653)
• gkehub: added default_cluster_config field to google_gke_hub_fleet resource (#16630)
• gkehub: added binary_authorization_config field to google_gke_hub_fleet resource (#16674)
• sql: added support for in-place updates to the edition field in google_sql_database_instance resource (#16629)

BUG FIXES:

• artifactregistry: fixed permadiff due to unsorted virtual_repository_config array in google_artifact_registry_repository (#16646)
• container: made dns_config field updatable on google_container_cluster resource (#16652)
• dlp: added conflicting field validation in the storage_config.timespan_config block in data_loss_prevention_job_trigger resource (#16628)
• dlp: updated the storage_config.timespan_config.timestamp_field field in data_loss_prevention_job_trigger to be optional (#16628)
• firestore: added retries during creation of google_firestore_index resources to address retryable 409 code API errors ("Please retry, underlying data changed", and "Aborted due to cross-transaction contention") (#16618, #16670)
• storage: fixed unexpected lifecycle_rule conditions being added for google_storage_bucket (#16683)

v5.8.0

FEATURES:

• New Data Source: google_vmwareengine_network_peering (#16616)
• New Resource: google_migration_center_group (#16549)
• New Resource: google_netapp_storage_pool (#16573)
• New Resource: google_vmwareengine_network (ga) (#16583)
• New Resource: google_vmwareengine_network_peering (#16616)

IMPROVEMENTS:

• artifactregistry: added remote_repository_config.upstream_credentials field to google_artifact_registry_repository resource (#16562)
• cloudbuild: added fields build.artifacts.maven_artifacts, build.artifacts.npm_packages , and build.artifacts.python_packages to resource google_cloudbuild_trigger (#16543)
• cloudrunv2: promoted field depends_on in google_cloud_run_v2_service to GA (#16577)
• composer: added database_config.zone field in google_composer_environment (#16551)
• compute: added field service_directory_registrations to resource google_compute_global_forwarding_rule (#16581)
• firestore: added virtual field deletion_policy to google_firestore_database (#16576)
• firestore: enabled database deletion upon destroy for google_firestore_database (#16576)
• gkehub2: added policycontroller field to fleet_default_member_config in google_gke_hub_feature (#16542)
• iam: added allowed_services, disable_programmatic_signin fields to google_iam_workforce_pool resource (#16580)
• vmwareengine: added STANDARD type support to google_vmwareengine_network resource (#16583)
• vmwareengine: promoted google_vmwareengine_private_cloud resource to GA (#16613)

BUG FIXES:

• compute: fixed a permadiff caused by issues with ipv6 diff suppression in google_compute_forwarding_rule and google_compute_global_forwarding_rule (#16550)
• firestore: fixed an issue where google_firestore_database could be deleted when delete_protection_state was DELETE_PROTECTION_ENABLED (#16576)
• firestore: made resource creation retry for 409 errors with the text "Aborted due to cross-transaction contention" in google_firestore_index (#16618)

v5.7.0

DEPRECATIONS:

• gkehub: deprecated config_management.binauthz in google_gke_hub_feature_membership (#16536)

IMPROVEMENTS:

• bigtable: added standard_isolation and standard_isolation.priority fields to google_bigtable_app_profile resource (#16485)
• cloudrunv2: promoted custom_audiences field to GA on google_cloud_run_v2_service resource (#16510)
• compute: promoted labels field to GA on google_compute_vpn_tunnel resource (#16508)
• containerattached: added proxy_config field to google_container_attached_cluster resource (#16524)
• gkehub: added membership_location field to google_gke_hub_feature_membership resource (#16536)
• logging: made the change to aqcuire and update the google_logging_project_sink resource that already exists at the desired location. These logging buckets cannot be removed so deleting this resource will remove the bucket config from your terraform state but will leave the logging bucket unchanged. (#16513)
• memcache: added MEMCACHE_1_6_15 as a possible value for memcache_version in google_memcache_instance resource (#16531)
• monitoring: added error message to delete Alert Policies first on 400 response when deleting google_monitoring_uptime_check_config resource (#16535)
• spanner: added autoscaling_config field to google_spanner_instance resource (#16473)
• workflows: promoted user_env_vars field to GA on google_workflows_workflow resource (#16477)

BUG FIXES:

• compute: changed external_ipv6_prefix field to not be output only in google_compute_subnetwork resource (#16480)
• compute: fixed issue where google_compute_attached_disk would produce an error for certain zone configs (#16484)
• edgecontainer: fixed update method of google_edgecontainer_cluster resource (#16490)
• provider: fixed an issue where universe domains would not overwrite API endpoints (#16521)
• resourcemanager: made data_source_google_project_service no longer return an error when the service is not enabled (#16525)
• sql: ssl_mode field is not stored in terraform state if it has never been used in google_sql_database_instance resource (#16486)

NOTES:

• dataproc: backfilled terraform_labels field for resource google_dataproc_workflow_template, so resource recreation won't happen during provider upgrade from 4.x to 5.7 (#16517)
• • provider: backfilled terraform_labels field for some immutable resources, so resource recreation won't happen during provider upgrade from 4.X to 5.7 (#16518)

v5.6.0

FEATURES:

• New Resource: google_integration_connectors_connection (#16468)

IMPROVEMENTS:

• assuredworkloads: added enable_sovereign_controls, partner, partner_permissions, violation_notifications_enabled, and several other output-only fields to google_assured_workloads_workloads (#16433)
• composer: added storage_config to google_composer_environment (#16455)
• container: added fleet field to google_container_cluster resource (#16466)
• containeraws: added admin_groups to google_container_aws_cluster (#16433)
• containerazure: added admin_groups to google_container_azure_cluster (#16433)
• dataproc: added support for instance_flexibility_policy in google_dataproc_cluster (#16417)
• dialogflowcx: added is_default_start_flow field to google_dialogflow_cx_flow resource to allow management of default flow resources via Terraform (#16441)
• dialogflowcx: added is_default_welcome_intent and is_default_negative_intent fields to google_dialogflow_cx_intent resource to allow management of default intent resources via Terraform (#16441)
• gkehub: added fleet_default_member_config field to google_gke_hub_feature resource (#16457)
• gkehub: added metrics_gcp_service_account_email to google_gke_hub_feature_membership (#16433)
• logging: added index_configs field to logging_bucket_config resource (#16437)
• logging: added index_configs field to logging_project_bucket_config resource (#16437)
• monitoring: added pings_count, user_labels, and custom_content_type fields to google_monitoring_uptime_check_config resource (#16420)
• spanner: added autoscaling_config field to google_spanner_instance (#16473)
• sql: added ssl_mode field to google_sql_database_instance resource (#16394)
• vertexai: added private_service_connect_config to google_vertex_ai_index_endpoint (#16471)
• workstations: added domain_config field to resource google_workstations_workstation_cluster (beta) (#16464)

BUG FIXES:

• assuredworkloads: made the violation_notifications_enabled field on the google_assured_workloads_workload resource default to values returned from the API when unset in a users configuration (#16465)
• provider: made terraform_labels immutable in immutable resources to not block the upgrade. This will create a Terraform plan that recreates the resource on 4.X -> 5.6.0 upgrade for affected resources. A mitigation to backfill the values during the upgrade is planned, and will release resource-by-resource. (#16469)

v5.5.0

FEATURES:

• New Data Source: google_bigquery_dataset (#16368)

IMPROVEMENTS:

• alloydb: added SECONDARY as an option for instance_type field in google_alloydb_instance resource, to support creation of secondary instance inside a secondary cluster. (#16398)
• alloydb: added deletion_policy field to google_alloydb_cluster resource, to allow force-destroying instances along with their cluster. This is necessary to delete secondary instances, which cannot be deleted otherwise. (#16398)
• alloydb: added support to promote google_alloydb_cluster resources from secondary to primary (#16413)
• alloydb: increased default timeout on google_alloydb_instance to 120m from 40m (#16398)
• dataproc: added instance_flexibility_policy field ro google_dataproc_cluster resource (#16417)
• monitoring: added subject field to google_monitoring_alert_policy resource (#16414)
• storage: added enable_object_retention field to google_storage_bucket resource (#16412)
• storage: added retention field to google_storage_bucket_object resource (#16412)

BUG FIXES:

• firestore: fixed an issue with creation of multiple google_firestore_field resources (#16372)

v5.4.0

DEPRECATIONS:

• bigquery: deprecated cloud_spanner.use_serverless_analytics on google_bigquery_connection. Use cloud_spanner.use_data_boost instead. (#16310)

NOTES:

• provider: added universe_domain attribute as a provider attribute (#16323)

BREAKING CHANGES:

• cloudrunv2: marked location field as required in resource google_cloud_run_v2_job. Any configuration without location specified will cause resource creation fail (#16311)
• cloudrunv2: marked location field as required in resource google_cloud_run_v2_service. Any configuration without location specified will cause resource creation fail (#16311)

FEATURES:

• New Data Source: google_cloud_identity_group_lookup (#16296)
• New Resource: google_network_connectivity_policy_based_route (#16326)
• New Resource: google_pubsub_schema_iam_* (#16301)

IMPROVEMENTS:

• accesscontextmanager: added support for specifying vpc_network_sources to google_access_context_manager_access_levels, google_access_context_manager_access_level, and google_access_context_manager_access_level_condition (#16327)
• apigee: added support for type in google_apigee_environment (#16349)
• bigquery: added cloud_spanner.database_role, cloud_spanner.use_data_boost, and cloud_spanner.max_parallelism fields to google_bigquery_connection (#16310)
• bigquery: added support for iam_member to google_bigquery_dataset.access (#16322)
• container: promoted field identity_service_config in google_container_cluster to GA (#16305)
• container: added update support for google_container_node_pool.node_config.taint (#16306)
• containerattached: added admin_groups field to google_container_attached_cluster resource (#16307)
• dialogflowcx: added advanced_settings field to google_dialogflow_cx_flow resource (#16315)
• dialogflowcx: added advanced_settings fields to google_dialogflow_cx_page resource (#16315)
• dialogflowcx: added advanced_settings, text_to_speech_settings, git_integration_settings fields to google_dialogflow_cx_agent resource (#16315)

BUG FIXES:

• bigquery: fixed a bug when updating a google_bigquery_dataset that contained an iamMember access rule added out of band with Terraform (#16322)
• bigqueryreservation: fixed bug of incorrect resource recreation when capacity_commitment_id is unspecified in resource google_bigquery_capacity_commitment (#16320)
• cloudrunv2: made annotations field on the google_cloud_run_v2_job data source include all annotations present on the resource in GCP (#16300)
• cloudrunv2: made annotations field on the google_cloud_run_v2_service data source include all annotations present on the resource in GCP (#16300)
• cloudrunv2: made labels and terraform labels fields on the google_cloud_run_v2_job data source include all annotations present on the resource in GCP (#16300)
• cloudrunv2: made labels and terraform labels fields on the google_cloud_run_v2_service data source include all annotations present on the resource in GCP (#16300)
• edgecontainer: fixed an issue where the update endpoint for google_edgecontainer_cluster was incorrect. (#16347)
• redis: allow replica_count to be set to zero in the google_redis_cluster resource (#16302)