v5.27.0

FEATURES:

• New Data Source: google_storage_bucket_objects (#7270)
• New Resource: google_composer_user_workloads_secret (#7257)
• New Resource: google_compute_security_policy_rule (#7282)
• New Resource: google_data_loss_prevention_discovery_config (#7252)
• New Resource: google_integrations_auth_config (#7268)
• New Resource: google_network_connectivity_internal_range (#7265)

IMPROVEMENTS:

• alloydb: added network_config field to google_alloydb_instance resource (#7271)
• alloydb: added public_ip_address field to google_alloydb_instance resource (#7271)
• apigee: added forward_proxy_uri field to google_apigee_environment resource (#7260)
• bigquerydatapolicy: added data_masking_policy.routine field to google_bigquery_data_policy resource (#7250)
• compute: added server_tls_policy field to google_compute_region_target_https_proxy resource (#7280)
• filestore: added protocol field to google_filestore_instance resource to support NFSv3 and NFSv4.1 (#7254)
• firebasehosting: added config.rewrites.path field to google_firebase_hosting_version resource (#7258)
• logging: added intercept_children field to google_logging_organization_sink and google_logging_folder_sink resources (#7279)
• monitoring: added service_agent_authentication field to google_monitoring_uptime_check_config resource (#7276)
• privateca: added subject_key_id field to google_privateca_certificate and google_privateca_certificate_authority resources (#7273)
• secretmanager: added version_destroy_ttl field to google_secret_manager_secret resource (#7253)

BUG FIXES:

• appengine: added suppression for a diff in google_app_engine_standard_app_version.automatic_scaling when the block is unset in configuration (#7262)
• sql: fixed issues with updating the enable_google_ml_integration field in google_sql_database_instance resource (#7249)

v5.26.0

FEATURES:

• New Resource: google_project_iam_member_remove (#7242)

IMPROVEMENTS:

• apigee: added support for api_consumer_data_location, api_consumer_data_encryption_key_name, and control_plane_encryption_key_name in google_apigee_organization (#7245)
• artifactregistry: added remote_repository_config.<facade>_repository.custom_repository.uri field to google_artifact_registry_repository resource. (#7230)
• bigquery: added resource_tags field to google_bigquery_table resource (#7247)
• billing: added ownership_scope field to google_billing_budget resource (#7239)
• cloudfunctions2: added build_config.service_account field to google_cloudfunctions2_function resource (#7231)
• composer: fixed validation on google_composer_environment resource so it will identify a disallowed upgrade to Composer 3 before attempting to provide feedback that's specific to using Composer 3 (#7213)
• compute: added params.resource_manager_tags field to resource_compute_instance_group_manager and resource_compute_region_instance_group_manager that enables to create these resources with tags (beta) (#7226)
• resourcemanager: added the field api_method to datasource google_active_folder so you can use either SEARCH or LIST to find your folder (#7248)
• storage: added labels validation to google_storage_bucket resource (#7212)
• workstations: added output-only field control_plane_ip to google_workstations_workstation_cluster resource (beta) (#7240)

BUG FIXES:

• apigee: fixed permadiff in ordering of google_apigee_organization.properties.property. (#7234)
• cloudrun: fixed the bug that computed metadata.0.labels and metadata.0.annotations fields don't appear in terraform plan when creating resource google_cloud_run_service and google_cloud_run_domain_mapping (#7217)
• dns: fixed bug where some methods of authentication didn't work when using dns data sources (#7233)
• iam: fixed a bug that prevented setting create_ignore_already_exists on existing resources in google_service_account. (#7236)
• sql: fixed issues with updating the enable_google_ml_integration field in google_sql_database_instance resource (#7249)
• storage: added validation to name field in google_storage_bucket resource (#7237)
• vmwareengine: fixed stretched cluster creation in google_vmwareengine_private_cloud (#7246)

v5.25.0

FEATURES:

• New Data Source: google_tags_tag_keys (#7196)
• New Data Source: google_tags_tag_values (#7196)
• New Resource: google_parallelstore_instance (#7209)

IMPROVEMENTS:

• bigquery: added in-place schema column drop support for google_bigquery_table resource (#7193)
• compute: added endpoint_types field to google_compute_router_nat resource (#7190)
• compute: added enable_ipv4, ipv4_nexthop_address and peer_ipv4_nexthop_address fields to google_compute_router_peer resource (#7207)
• compute: added identifier_range field to google_compute_router resource (#7207)
• compute: added ip_version field to google_compute_router_interface resource (#7207)
• compute: increased timeouts from 8 minutes to 20 minutes for google_compute_security_policy resource (#7204)
• container: added stateful_ha_config field to google_container_cluster resource (#7206)
• firestore: added vector_config field to google_firestore_index resource (#7180)
• gkebackup: added backup_schedule.rpo_config field to google_gke_backup_backup_plan resource (#7211)
• networksecurity: added disabled field to google_network_security_firewall_endpoint_association resource (#7184)
• sql: added enable_google_ml_integration field to google_sql_database_instance resource (#7208)
• storage: added labels validation to google_storage_bucket resource (#7212)
• vmwareengine: added preferred_zone and secondary_zone fields to google_vmwareengine_private_cloud resource (#7210)

BUG FIXES:

• networksecurity: fixed an issue where google_network_security_firewall_endpoint_association resource could not be created due to a bad parameter (#7184)
• privateca: fixed permission issue by specifying signer certs chain when activating a sub-CA across regions for google_privateca_certificate_authority resource (#7197)

v5.24.0

IMPROVEMENTS:

• cloudrunv2: added template.volumes.nfs field to google_cloud_run_v2_job resource (#7169)
• container: added enable_cilium_clusterwide_network_policy field to google_container_cluster resource (#7171)
• container: added node_pool_auto_config.resource_manager_tags field to google_container_cluster resource (#7162)
• gkeonprem: added disable_bundled_ingress field to google_gkeonprem_vmware_cluster resource (#7163)
• redis: added node_type and precise_size_gb fields to google_redis_cluster (#7174)
• storage: added project_number attribute to google_storage_bucket resource and data source (#7164)
• storage: added ability to provide project argument to google_storage_bucket data source. This will not impact reading the resource's data, instead this helps users avoid calls to the Compute API within the data source. (#7164)

BUG FIXES:

• appengine: fixed a crash in google_app_engine_flexible_app_version due to the deployment field not being returned by the API (#7175)
• bigquery: fixed a crash when google_bigquery_table had a primary_key.columns entry set to "" (#7166)
• compute: fixed update scenarios on google_compute_region_target_https_proxy and google_compute_target_https_proxy resources. (#7170)
• dataflow: fixed an issue where the provider would crash when enable_streaming_engine is set as a parameter value in google_dataflow_flex_template_job (#7160)

v5.23.0

NOTES:

• provider: introduced support for provider-defined functions. This feature is in Terraform v1.8.0+. (#7153)

DEPRECATIONS:

• kms: deprecated attestation.external_protection_level_options in favor of external_protection_level_options in google_kms_crypto_key_version (#7155)

FEATURES:

• New Data Source: google_apphub_application (#7143)
• New Resource: google_cloud_quotas_quota_preference (#7126)
• New Resource: google_vertex_ai_deployment_resource_pool (#7158)
• New Resource: google_integrations_client (#7129)

IMPROVEMENTS:

• bigquery: added dataGovernanceType to google_bigquery_routine resource (#7149)
• bigquery: added support for external_data_configuration.json_extension to google_bigquery_table (#7138)
• compute: added cloud_router_ipv6_address, customer_router_ipv6_address fields to google_compute_interconnect_attachment resource (#7151)
• compute: added generated_id field to google_compute_region_backend_service resource (#7128)
• integrations: added deletion support for google_integrations_client resource (#7142)
• kms: added crypto_key_backend field to google_kms_crypto_key resource (#7155)
• metastore: added scheduled_backup field to google_dataproc_metastore_service resource (#7140)
• provider: added provider-defined function name_from_id for retrieving the short-form name of a resource from its self link or id (#7153)
• provider: added provider-defined function project_from_id for retrieving the project id from a resource's self link or id (#7153)
• provider: added provider-defined function region_from_zone for deriving a region from a zone's name (#7153)
• provider: added provider-defined functions location_from_id, region_from_id, and zone_from_id for retrieving the location/region/zone names from a resource's self link or id (#7153)

BUG FIXES:

• cloudrunv2: fixed Terraform state inconsistency when resource google_cloud_run_v2_job creation fails (#7159)
• cloudrunv2: fixed Terraform state inconsistency when resource google_cloud_run_v2_service creation fails (#7159)
• container: fixed google_container_cluster permadiff when master_ipv4_cidr_block is set for a private flexible cluster (#7147)
• dataflow: fixed an issue where the provider would crash when enableStreamingEngine is set as a parameter value in google_dataflow_flex_template_job (#7160)
• kms: added top-level external_protection_level_options field in google_kms_crypto_key_version resource (#7155)

v5.22.0

BREAKING CHANGES:

• networksecurity: added required field billing_project_id to google_network_security_firewall_endpoint resource. Any configuration without billing_project_id specified will cause resource creation fail (beta) (#7124)

FEATURES:

• New Data Source: google_cloud_quotas_quota_info (#7092)
• New Data Source: google_cloud_quotas_quota_infos (#7116)
• New Resource: google_access_context_manager_service_perimeter_dry_run_resource (#7115)

IMPROVEMENTS:

• accesscontextmanager: supported managing service perimeter dry run resources outside the perimeter via new resource google_access_context_manager_service_perimeter_dry_run_resource (#7115)
• cloudrunv2: added plan-time validation to restrict number of ports to 1 in google_cloud_run_v2_service (#7103)
• cloudrunv2: supported mounting Cloud Storage buckets using GCSFuse in google_cloud_run_v2_job (#7102)
• composer: added field count to validate number of DAG processors in google_composer_environment (#7120)
• compute: added enumeration value SEV_LIVE_MIGRATABLE_V2 for the guest_os_features of google_compute_disk (#7123)
• compute: added status.all_instances_config.revision field to google_compute_instance_group_manager and google_compute_region_instance_group_manager (#7104)
• compute: added field path_template_match to resource google_compute_region_url_map (#7094)
• compute: added field path_template_rewrite to resource google_compute_region_url_map (#7094)
• pubsub: added ingestion_data_source_settings field to google_pubsub_topic resource (#7111)
• storage: added 'soft_delete_policy' to 'google_storage_bucket' resource (#7119)
• workstations: added host.gceInstance.boostConfig to google_workstations_workstation_config (#7122)

BUG FIXES:

• accesscontextmanager: fixed an issue with access_context_manager_service_perimeter_ingress_policy and access_context_manager_service_perimeter_egress_policy where updates could not be applied after initial creation. Any updates applied to these resources will now involve their recreation. To ensure that new policies are added before old ones are removed, add a lifecycle block with create_before_destroy = true to your resource configuration alongside other updates. (#7105)
• firebase: made the google_firebase_android_app resource's package_name field required and immutable. This prevents API errors encountered by users who attempted to update or leave that field unset in their configurations. (#7100)
• spanner: removed validation function for the field version_retention_period in the resource google_spanner_database and directly returned error from backend (#7117)

v5.21.0

FEATURES:

• New Data Source: google_apphub_discovered_service (#7080)
• New Data Source: google_apphub_discovered_workload (#7083)
• New Data Source: google_cloud_quotas_quota_info (#7092)
• New Resource: google_apphub_workload (#7088)
• New Resource: google_firebase_app_check_device_check_config (#7062)
• New Resource: google_iap_tunnel_dest_group (#7072)
• New Resource: google_kms_ekm_connection (#7059)
• New Resource: google_apphub_application (#7051)
• New Resource: google_apphub_service (#7090)
• New Resource: google_apphub_service_project_attachment (#7073)
• New Resource: google_network_security_firewall_endpoint_association (#7075)

IMPROVEMENTS:

• cloudrunv2: added support for scaling.min_instance_count in google_cloud_run_v2_service. (#7053)
• firestore: added cmek_config field to google_firestore_database resource (#7054)
• gkeonprem: allowed vcenter_network to be set in google_gkeonprem_vmware_cluster, previously it was output-only (#7055)
• storagetransferservice: added field transfer_spec.azure_blob_storage_data_source.credentials_secret to google_storage_transfer_job (#7091)
• workstations: added support for ephemeral_directories in google_workstations_workstation_config (#7061)

BUG FIXES:

• compute: allowed sending empty values for SERVERLESS in google_compute_region_network_endpoint_group resource (#7052)
• notebooks: fixed an issue where default tags would cause a diff recreating google_notebooks_instance resources (#7086)
• storage: fixed an issue where two or more lifecycle rules with different values of no_age field always generates change in google_storage_bucket resource. (#7060)

v5.20.0

FEATURES:

• New Resource: google_clouddeploy_custom_target_type_iam_* (#7029)

IMPROVEMENTS:

• certificatemanager: added type field to google_certificate_manager_dns_authorization resource (#7036)
• compute: added the network_url attribute to the consumer_accept_list-block of the google_compute_service_attachment resource (#7047)
• gkehub: added support for policycontroller.policy_controller_hub_config.policy_content.bundles and
  policycontroller.policy_controller_hub_config.deployment_configs fields to google_gke_hub_feature_membership (#7043)

BUG FIXES:

• artifactregistry: fixed permadiff when google_artifact_repository.docker_config field is unset (#7044)
• bigquery: corrected plan-time validation on google_bigquery_dataset.dataset_id (#7032)
• kms: fixed issue where google_kms_crypto_key_version.attestation.cert_chains properties were incorrectly set to type string (#7045)

v5.19.0

FEATURES:

• New Resource: google_clouddeploy_target_iam_* (#7012)

IMPROVEMENTS:

• bigquery: added remote_function_options field to google_bigquery_routine resource (#7015)
• certificatemanager: added location field to google_certificate_manager_dns_authorization resource (#7006)
• composer: added composer_network_attachment and modified network/subnetwork to support composer 3 in google_composer_environment (#7023)
• composer: added validations for composer 2/3 only fields in google_composer_environment (#7008)
• compute: added certificate_manager_certificates field to google_compute_region_target_https_proxy resource (#7010)
• gkehub2: added namespace_labels field to google_gke_hub_scope resource (#7022)

BUG FIXES:

• resourcemanager: added a retry to deleting the default network when auto_create_network is false in google_project (#7021)

v5.18.0

BREAKING CHANGES:

• securityposture: marked policy_sets and policy_sets.policies required in google_securityposture_posture. API validation already enforced this, so no resources could be provisioned without these (#6981)

FEATURES:

• New Data Source: google_compute_forwarding_rules (#6997)
• New Resource: google_firebase_app_check_app_attest_config (#6971)
• New Resource: google_firebase_app_check_play_integrity_config (#6971)
• New Resource: google_firebase_app_check_recaptcha_enterprise_config (#6989)
• New Resource: google_firebase_app_check_recaptcha_v3_config (#6989)
• New Resource: google_migration_center_preference_set (#6974)
• New Resource: google_netapp_volume_replication (#7002)

IMPROVEMENTS:

• cloudfunctions: added output-only version_id field on google_cloudfunctions_function (#6968)
• composer: supported patch versions of airflow on google_composer_environment (#7000)
• compute: supported updating network_interface.stack_type field on google_compute_instance resource. (#6977)
• container: added node_config.resource_manager_tags field to google_container_cluster resource (#7001)
• container: added node_config.resource_manager_tags field to google_container_node_pool resource (#7001)
• container: added output-only fields membership_id and membership_location under fleet in google_container_cluster resource (#6983)
• looker: added custom_domain field to google_looker_instance resource (#6979)
• netapp: added field restore_parameters and output-only fields state, state_details and create_time to google_netapp_volume resource (#6976)
• workbench: added container_image field to google_workbench_instance resource (#6988)
• workbench: added shielded_instance_config field to google_workbench_instance resource (#6984)

BUG FIXES:

• bigquery: allowed users to set permissions for principal/principalSets (iamMember) in google_bigquery_dataset_iam_member. (#6975)
• cloudfunctions2: fixed an issue where not specifying event_config.trigger_region in google_cloudfunctions2_function resulted in a permanent diff. The field now pulls a default value from the API when unset. (#6991)
• compute: fixed perma-diff on min_ports_per_vm in google_compute_router_nat when the field is unset by making the field default to the API-set value (#6993)
• dataflow: fixed crash in google_dataflox_job to return an error instead if a job's Environment field is nil when reading job information (#6999)
• notebooks: changed tag field to default to the API's value if not specified in google_notebooks_instance (#6986)