v5.43.0

DEPRECATIONS:

• storage: deprecated lifecycle_rule.condition.no_age field in google_storage_bucket. Use the new lifecycle_rule.condition.send_age_if_zero field instead. (#7994)

FEATURES:

• New Resource: google_kms_ekm_connection_iam_binding (#7969)
• New Resource: google_kms_ekm_connection_iam_member (#7969)
• New Resource: google_kms_ekm_connection_iam_policy (#7969)
• New Resource: google_scc_v2_organization_scc_big_query_exports (#8002)

IMPROVEMENTS:

• compute: exposed service side id as new output field forwarding_rule_id on resource google_compute_forwarding_rule (#7972)
• container: added EXTENDED as a valid option for release_channel field in google_container_cluster resource (#7973)
• logging: changed enable_analytics parsing to "no preference" in analytics if omitted, instead of explicitly disabling analytics in google_logging_project_bucket_config. (#7964)
• networkservices: added idle_timeout field to the google_network_services_tcp_route resource (#7996)
• pusbub: added validation to filter field in resource google_pubsub_subscription (#7968)
• resourcemanager: added default_labels field to google_client_config data source (#7992)
• vmwareengine: added PC undelete support in google_vmwareengine_private_cloud (#8005)

BUG FIXES:

• alloydb: fixed a permadiff on psc_instance_config in google_alloydb_instance resource (#7975)
• compute: fixed a malformed URL that affected updating the server_tls_policy property on google_compute_target_https_proxy resources (#7988)
• compute: fixed force diff replacement logic for network_ip on resource google_compute_instance (#7971)

v5.42.0

DEPRECATIONS:

• compute: setting google_compute_subnetwork.secondary_ip_range = [] to explicitly set a list of empty objects is deprecated and will produce an error in the upcoming major release. Use send_secondary_ip_range_if_empty while removing secondary_ip_range from config instead. (#7961)

FEATURES:

• New Data Source: google_artifact_registry_locations (#7922)
• New Data Source: google_cloud_identity_transitive_group_memberships (#7917)
• New Resource: google_discovery_engine_schema (#7963)
• New Resource: google_scc_folder_notification_config (#7928)
• New Resource: google_scc_v2_folder_notification_config (#7927)
• New Resource: google_vertex_ai_index_endpoint_deployed_index (#7931)

IMPROVEMENTS:

• clouddeploy: added serial_pipeline.stages.strategy.canary.runtime_config.kubernetes.gateway_service_mesh.pod_selector_label and serial_pipeline.stages.strategy.canary.runtime_config.kubernetes.service_networking.pod_selector_label fields to google_clouddeploy_delivery_pipeline resource (#7945)
• compute: added TDX instance option to confidential_instance_type instance in google_compute_instance (#7913)
• compute: added send_secondary_ip_range_if_empty to google_compute_subnetwork (#7961)
• discoveryengine: added skip_default_schema_creation field to google_data_store resource (#7900)
• dns: changed load_balancer_type field from required to optional in google_dns_record_set (#7925)
• parallelstore: added file_stripe_level, directory_stripe_level fields to google_parallelstore_instance resource (#7942)
• servicenetworking: added update_on_creation_fail field to google_service_networking_connection resource. When it is set to true, enforce an update of the reserved peering ranges on the existing service networking connection in case of a new connection creation failure. (#7915)
• sql: added server_ca_mode field to google_sql_database_instance resource (#7886)

BUG FIXES:

• bigquery: made google_bigquery_dataset_iam_member non-authoritative. To remove a bigquery dataset iam member, use an authoritative resource like google_bigquery_dataset_iam_policy (#7960)
• cloudfunctions2: fixed a "Provider produced inconsistent final plan" bug affecting the service_config.environment_variables field in google_cloudfunctions2_function resource (#7905)
• cloudfunctions2: fixed a permadiff on storage_source.generation in google_cloudfunctions2_function resource (#7912)
• compute: fixed issue where sub-resources managed by google_compute_forwarding_rule prevented resource deletion (#7958)
• logging: changed google_logging_project_bucket_config.enable_analytics behavior to set "no preference" in analytics if omitted, instead of explicitly disabling analytics. (#19126)
• workbench: fixed a bug with google_workbench_instance metadata drifting when using custom containers. (#7959)

v5.41.0

DEPRECATIONS:

• resourcemanager: deprecated skip_delete field in the google_project resource. Use deletion_policy instead. (#7817)

FEATURES:

• New Data Source: google_scc_v2_organization_source_iam_policy (#7888)
• New Resource: google_access_context_manager_service_perimeter_dry_run_egress_policy (#7882)
• New Resource: google_access_context_manager_service_perimeter_dry_run_ingress_policy (#7882)
• New Resource: google_scc_v2_folder_mute_config (#7846)
• New Resource: google_scc_v2_project_mute_config (#7881)
• New Resource: google_scc_v2_project_notification_config (#7892)
• New Resource: google_scc_v2_organization_source (#7888)
• New Resource: google_scc_v2_organization_source_iam_binding (#7888)
• New Resource: google_scc_v2_organization_source_iam_member (#7888)
• New Resource: google_scc_v2_organization_source_iam_policy (#7888)

IMPROVEMENTS:

• clouddeploy: added gke.proxy_url field to google_clouddeploy_target (#7899)
• cloudrunv2: added field binary_authorization.policy to resource google_cloud_run_v2_job and resource google_cloud_run_v2_service to support named binary authorization policy. (#7883)
• compute: added update-in-place support for the google_compute_target_https_proxy.server_tls_policy field (#7884)
• compute: added update-in-place support for the google_compute_region_target_https_proxy.server_tls_policy field (#7891)
• container: added auto_provisioning_locations field to google_container_cluster (#7849)
• dataform: added kms_key_name field to google_dataform_repository resource (#7855)
• discoveryengine: added skip_default_schema_creation field to google_discovery_engine_data_store resource (#7900)
• gkehub: added configmanagement.management and configmanagement.config_sync.enabled fields to google_gkehub_feature_membership (#7899)
• gkehub: added management field to google_gke_hub_feature.fleet_default_member_config.configmanagement (#7862)
• resourcemanager: added deletion_policy field to the google_project resource. Setting deletion_policy to PREVENT will protect the project against any destroy actions caused by a terraform apply or terraform destroy. Setting deletion_policy to ABANDON allows the resource to be abandoned rather than deleted and it behaves the same with skip_delete = true. Default value is DELETE. skip_delete = true takes precedence over deletion_policy = "DELETE".
• storage: added force_destroy field to google_storage_managed_folder resource (#7867)
• storage: added generation field to google_storage_bucket_object resource (#7866)

BUG FIXES:

• compute: fixed google_compute_instance.alias_ip_range update behavior to avoid temporarily deleting unchanged alias IP ranges (#7898)
• compute: fixed the bug that creation of PSC forwarding rules fails in google_compute_forwarding_rule resource when provider default labels are set (#7873)
• sql: fixed a perma-diff in settings.insights_config in google_sql_database_instance (#7861)

v5.40.0

NOTES:

• resourcemanager: This release included a deprecation of skip_delete in google_project without the future field (deletion_policy) being available. This will be corrected in a future 5.X release prior to the release of 6.0.0 where the deletion_policy field will be made available.

DEPRECATIONS:

• resourcemanager: deprecated skip_delete field in the google_project resource. Instead use the new field deletion_policy in the next major release (#7817)

IMPROVEMENTS:

• bigquery: added support for value DELTA_LAKE to source_format in google_bigquery_table resource (#7841)
• compute: added access_mode field to google_compute_disk resource (#7813)
• compute: added stack_type, and gateway_ip_version fields to google_compute_router resource (#7801)
• container: added field ray_operator_config for resource_container_cluster (#7795)
• monitoring: updated goal field to accept a max threshold of up to 0.9999 in google_monitoring_slo resource (#7807)
• networkconnectivity: added export_psc field to google_network_connectivity_hub resource (#7816)
• sql: added enable_dataplex_integration field to google_sql_database_instance resource (#7810)

BUG FIXES:

• bigquery: fixed a permadiff when handling "assets" in params in the google_bigquery_data_transfer_config resource (#7833)
• bigquery: fixed an issue preventing certain keys in params from being assigned values in google_bigquery_data_transfer_config (#7828)
• compute: fixed perma-diff in google_compute_router (#7818)
• container: fixed perma-diff on node_config.guest_accelerator.gpu_driver_installation_config field in GKE 1.30+ in google_container_node_pool resource (#7799)
• sql: fixed a perma-diff in settings.insights_config in google_sql_database_instance (#7861)

v5.39.1

BUG FIXES:

• datastream: fixed a breaking change in 5.39.0 google_datastream_stream that made one of destination_config.0.bigquery_destination_config.0.merge or destination_config.0.bigquery_destination_config.0.append_only required (#7835)

v5.39.0

NOTES:

• networkconnectivity: migrated google_network_connectivity_hub from DCL to MMv1 (#7724)
• networkconnectivity: migrated google_network_connectivity_spoke from DCL to MMv1 (#7762)

DEPRECATIONS:

• bigquery: deprecated allow_resource_tags_on_deletion in google_bigquery_table. (#7782)
• bigqueryreservation: deprecated multi_region_auxiliary on google_bigquery_reservation. (#7778)
• datastore: deprecated the resource google_datastore_index. Use the google_firestore_index resource instead. (#7764)

FEATURES:

• New Resource: google_apigee_environment_keyvaluemaps_entries (#7717)
• New Resource: google_apigee_environment_keyvaluemaps (#7717)
• New Resource: google_compute_resize_request (#7725)
• New Resource: google_compute_router_route_policy (#7748)
• New Resource: google_scc_v2_organization_mute_config (#7744)

IMPROVEMENTS:

• alloydb: added observability_config field to google_alloydb_instance resource (#7737)
• bigquery: added resource_tags field to google_bigquery_table resource (#7735)
• bigtable: added data_boost_isolation_read_only and data_boost_isolation_read_only.compute_billing_owner fields to google_bigtable_app_profile resource (#7789)
• cloudfunctions: added build_service_account field to google_cloudfunctions_function resource (#7713)
• compute: added aws_v4_authentication field to google_compute_backend_service resource (#7775)
• compute: added custom_learned_ip_ranges and custom_learned_route_priority fields to google_compute_router_peer resource (#7727)
• compute: added export_policies and import_policies fields to google_compute_router_peer resource (#7748)
• compute: added shared_secret field to google_compute_public_advertised_prefix resource (#7767)
• compute: added storage_pool under boot_disk.initialize_params to google_compute_instance resource (#7787)
• compute: changed target_service field on the google_compute_service_attachment resource to accept a ForwardingRule or Gateway URL. (#7736)
• container: added field ray_operator_config for google_container_cluster (#7795)
• datastream: added merge and append_only fields to google_datastream_stream resource (#7726)
• dlp: added cloud_storage_target field to google_data_loss_prevention_discovery_config resource (#7734)
• resourcemanager: added check_if_service_has_usage_on_destroy field to google_project_service resource (#7745)
• resourcemanager: added the member property to google_project_service_identity (#7708)
• vmwareengine: added deletion_delay_hours field to google_vmwareengine_private_cloud resource (#7710)
• vmwareengine: supported type change from TIME_LIMITED to STANDARD for multi-node google_vmwareengine_private_cloud resource (#7710)
• workbench: added access_configs to google_workbench_instance resource (#7732)

BUG FIXES:

• compute: fixed perma-diff for interconnect_type being DEDICATED in google_compute_interconnect resource (#7750)
• dialogflowcx: fixed intermittent issues with retrieving resource state soon after creating google_dialogflow_cx_security_settings resources (#7772)
• firestore: fixed missing import of field for google_firestore_field. (#7757)
• firestore: fixed bug where fields database, collection, document_id, and field could not be updated on google_firestore_document and google_firestore_field resources. (#7791)
• netapp: made the smb_settings field on the google_netapp_volume resource default to the value returned from the API. This solves permadiffs when the field is unset. (#7770)
• networksecurity: added recreate functionality on update for client_validation_mode and client_validation_trust_config in google_network_security_server_tls_policy (#7756)

v5.38.0

FEATURES:

• New Data Source: google_gke_hub_membership_binding (#7696)
• New Data Source: google_site_verification_token (#7704)
• New Resource: google_scc_project_notification_config (#7698)

IMPROVEMENTS:

• cloudkms: added key_access_justifications_policy field to google_kms_crypto_key resource (#7693)
• compute: made the google_compute_resource_policy resource updatable in-place (#7692)
• vertexai: added project_number field to google_vertex_ai_feature_online_store_featureview resource (#7680)

BUG FIXES:

• cloudfunctions2: fixed permadiffs on service_config.environment_variables field in google_cloudfunctions2_function resource (#7684)
• networksecurity: fixed permadiffs on purpose field in google_network_security_address_group resource (#7687)

v5.37.0

FEATURES:

• New Data Source: google_kms_crypto_keys (#7656)
• New Data Source: google_kms_key_rings (#7662)
• New Resource: google_scc_v2_organization_notification_config (#7649)
• New Resource: google_secure_source_manager_repository (#7634)
• New Resource: google_storage_managed_folder_iam (#7620)
• New Resource: google_storage_managed_folder (#7620)

IMPROVEMENTS:

• certificatemanager: added allowlisted_certificates field to google_certificate_manager_trust_config resource (#7643)
• compute: added source_regions field to google_compute_healthcheck resource (#7647)
• dataplex: added sql_assertion field to google_dataplex_datascan resource (#7623)
• gkehub: added fleet_default_member_config.configmanagement.config_sync.enabled field to google_gke_hub_feature resource (#7639)
• netapp: added zone and replica_zone field to google_netapp_storage_pool resource (#7660)
• networksecurity: added purpose field to google_network_security_address_group resource (#7677)
• vertexai: added project_number field to google_vertex_ai_feature_online_store_featureview resource (#7680)
• workstations: added host.gce_instance.vm_tags field to google_workstations_workstation_config resource (#7644)

BUG FIXES:

• compute: fixed a bug preventing the creation of google_compute_autoscaler and google_compute_region_autoscaler resources if both autoscaling_policy.max_replicas and autoscaling_policy.min_replicas were configured as zero. (#7658)
• resourcemanager: mitigated eventual consistency issues by adding a 10s wait after google_service_account_key resource creation (#7629)
• vertexai: fixed issue where updating "metadata" field could fail in google_vertex_ai_index resource (#7675)

v5.36.0

FEATURES:

• New Resource: google_storage_managed_folder_iam (#7620)
• New Resource: google_storage_managed_folder (#7620)

IMPROVEMENTS:

• bigtable: added ignore_warnings field to google_bigtable_gc_policy resource (#7571)
• cloudfunctions2: added build_config.automatic_update_policy and build_config.on_deploy_update_policy to google_cloudfunctions2_function resource (#7608)
• compute: added tls_early_data field to google_compute_target_https_proxy resource (#7588)
• compute: added custom_error_response_policy and default_custom_error_response_policy fields to google_compute_url_map resource (#7587)
• datafusion: added connection_type and private_service_connect_config fields to google_data_fusion_instance resource (#7598)
• firebasehosting: added support for google_firebase_hosting_site resource to be used for an existing site without using import (#7594)
• healthcare: added encryption_spec field to google_healthcare_dataset resource (#7601)
• monitoring: added links field to google_monitoring_alert_policy resource (#7616)
• vertexai: added update support for big_query.entity_id_columns field on google_vertex_ai_feature_group resource (#7572)

BUG FIXES:

• accesscontextmanager: fixed perma-diff caused by ordering of service_perimeters in google_access_context_manager_service_perimeters resource (#7595)
• compute: fixed a crash in google_compute_reservation resource when share_settings field has changes (#7577)
• compute: fixed issue in google_compute_instance resource where service_account is not set when specifying service_account.email and no service_account.scopes (#7596)
• gkehub2: fixed google_gke_hub_feature resource to allow fleet_default_member_config field to be unset (#7568)
• identityplatform: fixed perma-diff on google_identity_platform_config resource when sms_region_config is not set (#7607)
• logging: fixed perma-diff on index_configs in google_logging_organization_bucket_config resource (#7579)

v5.35.0

FEATURES:

• New Data Source: google_artifact_registry_docker_image (#7544)
• New Data Source: google_composer_user_workloads_config_map (#7519)
• New Resource: google_service_networking_vpc_service_controls (#7545)

IMPROVEMENTS:

• bigquery: added resource_tags field to google_bigquery_dataset resource (#7549)
• billingbudget: added enable_project_level_recipients field to google_billing_budget resource (#7539)
• cloudrunv2: added fields start_execution_token and run_execution_token to resource google_cloud_run_v2_job (#7525)
• compute: added action_token_site_keys and session_token_site_keys fields to google_compute_security_policy and google_compute_security_policy_rule resources (#7520)
• dataprocmetastore: added autoscaling_config field to google_dataproc_metastore_service resource (#7528)
• gkehub2: added ENTERPRISE option to security_posture_config field on google_gke_hub_fleet resource (#7541)
• pubsub: added bigquery_config.service_account_email field to google_pubsub_subscription resource (#7543)
• redis: added maintenance_version field to google_redis_instance (#7527)
• storage: changed update behavior in google_storage_bucket_object to no longer delete to avoid object deletion on content update (#7564)
• sql: added support for more MySQL values in type field of google_sql_user resource (#7548)
• sql: increased timeouts on google_sql_database_instance to 90m to account for longer-running actions such as creation through cloning (#7553)
• workbench: added update support to gce_setup.boot_disk and gce_setup.data_disks fields in google_workbench_instance resource (#7566)

BUG FIXES:

• compute: updated google_compute_instance to force reboot if min_node_cpus is updated (#7524)
• compute: fixed description field in google_compute_firewall to support empty/null values on update (#7563)
• compute: fixed perma-diff on google_compute_disk for Ubuntu amd64 canonical LTS images (#7522)
• storage: fixed lowercased custom_placement_config values in google_storage_bucket causing perma-destroy (#7551)
• workbench: fixed issue where instance was not starting after an update in google_workbench_instance resource (#7557)
• workbench: fixed perma-diff caused by empty accelerator_configs in google_workbench_instance resource (#7557)