v5.38.0

FEATURES:

• New Data Source: google_gke_hub_membership_binding (#7696)
• New Data Source: google_site_verification_token (#7704)
• New Resource: google_scc_project_notification_config (#7698)

IMPROVEMENTS:

• cloudkms: added key_access_justifications_policy field to google_kms_crypto_key resource (#7693)
• compute: made the google_compute_resource_policy resource updatable in-place (#7692)
• vertexai: added project_number field to google_vertex_ai_feature_online_store_featureview resource (#7680)

BUG FIXES:

• cloudfunctions2: fixed permadiffs on service_config.environment_variables field in google_cloudfunctions2_function resource (#7684)
• networksecurity: fixed permadiffs on purpose field in google_network_security_address_group resource (#7687)

v5.37.0

FEATURES:

• New Data Source: google_kms_crypto_keys (#7656)
• New Data Source: google_kms_key_rings (#7662)
• New Resource: google_scc_v2_organization_notification_config (#7649)
• New Resource: google_secure_source_manager_repository (#7634)
• New Resource: google_storage_managed_folder_iam (#7620)
• New Resource: google_storage_managed_folder (#7620)

IMPROVEMENTS:

• certificatemanager: added allowlisted_certificates field to google_certificate_manager_trust_config resource (#7643)
• compute: added source_regions field to google_compute_healthcheck resource (#7647)
• dataplex: added sql_assertion field to google_dataplex_datascan resource (#7623)
• gkehub: added fleet_default_member_config.configmanagement.config_sync.enabled field to google_gke_hub_feature resource (#7639)
• netapp: added zone and replica_zone field to google_netapp_storage_pool resource (#7660)
• networksecurity: added purpose field to google_network_security_address_group resource (#7677)
• vertexai: added project_number field to google_vertex_ai_feature_online_store_featureview resource (#7680)
• workstations: added host.gce_instance.vm_tags field to google_workstations_workstation_config resource (#7644)

BUG FIXES:

• compute: fixed a bug preventing the creation of google_compute_autoscaler and google_compute_region_autoscaler resources if both autoscaling_policy.max_replicas and autoscaling_policy.min_replicas were configured as zero. (#7658)
• resourcemanager: mitigated eventual consistency issues by adding a 10s wait after google_service_account_key resource creation (#7629)
• vertexai: fixed issue where updating "metadata" field could fail in google_vertex_ai_index resource (#7675)

v5.36.0

FEATURES:

• New Resource: google_storage_managed_folder_iam (#7620)
• New Resource: google_storage_managed_folder (#7620)

IMPROVEMENTS:

• bigtable: added ignore_warnings field to google_bigtable_gc_policy resource (#7571)
• cloudfunctions2: added build_config.automatic_update_policy and build_config.on_deploy_update_policy to google_cloudfunctions2_function resource (#7608)
• compute: added tls_early_data field to google_compute_target_https_proxy resource (#7588)
• compute: added custom_error_response_policy and default_custom_error_response_policy fields to google_compute_url_map resource (#7587)
• datafusion: added connection_type and private_service_connect_config fields to google_data_fusion_instance resource (#7598)
• firebasehosting: added support for google_firebase_hosting_site resource to be used for an existing site without using import (#7594)
• healthcare: added encryption_spec field to google_healthcare_dataset resource (#7601)
• monitoring: added links field to google_monitoring_alert_policy resource (#7616)
• vertexai: added update support for big_query.entity_id_columns field on google_vertex_ai_feature_group resource (#7572)

BUG FIXES:

• accesscontextmanager: fixed perma-diff caused by ordering of service_perimeters in google_access_context_manager_service_perimeters resource (#7595)
• compute: fixed a crash in google_compute_reservation resource when share_settings field has changes (#7577)
• compute: fixed issue in google_compute_instance resource where service_account is not set when specifying service_account.email and no service_account.scopes (#7596)
• gkehub2: fixed google_gke_hub_feature resource to allow fleet_default_member_config field to be unset (#7568)
• identityplatform: fixed perma-diff on google_identity_platform_config resource when sms_region_config is not set (#7607)
• logging: fixed perma-diff on index_configs in google_logging_organization_bucket_config resource (#7579)

v5.35.0

FEATURES:

• New Data Source: google_artifact_registry_docker_image (#7544)
• New Data Source: google_composer_user_workloads_config_map (#7519)
• New Resource: google_service_networking_vpc_service_controls (#7545)

IMPROVEMENTS:

• bigquery: added resource_tags field to google_bigquery_dataset resource (#7549)
• billingbudget: added enable_project_level_recipients field to google_billing_budget resource (#7539)
• cloudrunv2: added fields start_execution_token and run_execution_token to resource google_cloud_run_v2_job (#7525)
• compute: added action_token_site_keys and session_token_site_keys fields to google_compute_security_policy and google_compute_security_policy_rule resources (#7520)
• dataprocmetastore: added autoscaling_config field to google_dataproc_metastore_service resource (#7528)
• gkehub2: added ENTERPRISE option to security_posture_config field on google_gke_hub_fleet resource (#7541)
• pubsub: added bigquery_config.service_account_email field to google_pubsub_subscription resource (#7543)
• redis: added maintenance_version field to google_redis_instance (#7527)
• storage: changed update behavior in google_storage_bucket_object to no longer delete to avoid object deletion on content update (#7564)
• sql: added support for more MySQL values in type field of google_sql_user resource (#7548)
• sql: increased timeouts on google_sql_database_instance to 90m to account for longer-running actions such as creation through cloning (#7553)
• workbench: added update support to gce_setup.boot_disk and gce_setup.data_disks fields in google_workbench_instance resource (#7566)

BUG FIXES:

• compute: updated google_compute_instance to force reboot if min_node_cpus is updated (#7524)
• compute: fixed description field in google_compute_firewall to support empty/null values on update (#7563)
• compute: fixed perma-diff on google_compute_disk for Ubuntu amd64 canonical LTS images (#7522)
• storage: fixed lowercased custom_placement_config values in google_storage_bucket causing perma-destroy (#7551)
• workbench: fixed issue where instance was not starting after an update in google_workbench_instance resource (#7557)
• workbench: fixed perma-diff caused by empty accelerator_configs in google_workbench_instance resource (#7557)

v5.34.0

NOTES:

• compute: Updated field description of connection_draining_timeout_sec, balancing_mode and outlier_detection in google_compute_region_backend_service and google_compute_backend_service to inform that default values will be changed in 6.0.0 (#7513)

DEPRECATIONS:

• vertexai: deprecated beta field embedding_management for google_vertex_ai_feature_online_store resource (#7473)

FEATURES:

• New Data Source: google_composer_user_workloads_config_map (beta) (#7519)
• New Data Source: google_composer_user_workloads_secret (beta) (#7474)
• New Resource: google_composer_user_workloads_config_map (beta) (#7497)
• New Resource: google_managed_kafka_cluster (beta) (#7477)
• New Resource: google_managed_kafka_topic (beta) (#7503)
• New Resource: google_netapp_backup (#7479)
• New Resource: google_network_services_service_lb_policies (#7463)
• New Resource: google_scc_management_folder_security_health_analytics_custom_module (#7483)
• New Resource: google_scc_management_organization_project_security_health_analytics_custom_module (#7489)
• New Resource: google_scc_management_organization_security_health_analytics_custom_module (#7493)

IMPROVEMENTS:

• alloydb: changed the resource google_alloydb_instance to be created directly with public IP enabled instead of creating the resource with public IP disabled and then enabling it (#7469)
• bigtable: added automated_backup_configuration field to google_bigtable_table resource (#7468)
• cloudbuildv2: added support for connecting to Bitbucket Data Center and Bitbucket Cloud with the bitbucket_data_center_config and bitbucket_cloud_config fields in google_cloudbuildv2_connection (#7494)
• compute: added support for Port Mapping NEG and endpoint. New NEG type is a regional type of GCE_VM_IP_PORTMAP that requires endpoints with instance, port and client_destination_port (beta) (#7471)
• compute: added update support to ssl_policy field in google_compute_region_target_https_proxy resource (#7484)
• compute: removed enum validation on guest_os_features.type in google_compute_disk to allow for new features to be used without provider update (#7465)
• compute: updated documentation of google_compute_target_https_proxy and google_compute_region_target_https_proxy (#7481)
• container: added support for security_posture_config.mode value "ENTERPRISE" in resource_container_cluster (#7467)
• discoveryengine: added document_processing_config field to google_discovery_engine_data_store resource (#7475)
• edgecontainer: added maintenance_exclusions field to google_edgecontainer_cluster resource (#7490)
• gkehub: added prevent_drift field to ConfigManagement fleet_default_member_config (#7464)
• netapp: added administrators field to google_netapp_active_directory resource (#7466)
• vertexai: promoted optimized field to GA for google_vertex_ai_feature_online_store resource (#7473)
• workbench: updated the metadata keys managed by the backend. (#7488)

BUG FIXES:

• compute: fixed an issue where google_compute_instance_group_manager with a pending operation was incorrectly removed due to the operation no longer being present in the backend (#7498)
• compute: fixed issue where users could not create google_compute_security_policy resources with layer_7_ddos_defense_config explicitly disabled (#7470)
• workbench: fixed a bug in the google_workbench_instance resource where specifying a network in some scenarios would cause instance creation to fail (#7518)

v4.85.0

NOTES:

• The 4.85.0 release backports configuration for the retention period for Cloud Storage soft delete (https://cloud.google.com/resources/storage/soft-delete-announce) so that customers who have not yet upgraded to 5.22.0+ are able to configure the retention period of objects in their buckets. By upgrading to this version and configuring or otherwise interacting with the google_storage_bucket.soft_delete_policy values, you will need to upgrade directly to 5.22.0+ from 4.85.0 when upgrading to 5.X in the future.

IMPROVEMENTS:

• storage: added soft_delete_policy to google_storage_bucket resource (#7119)

v5.33.0

DEPRECATIONS:

• healthcare: deprecated notification_config deprecated notification_config in google_healthcare_fhir_store resource. Use notification_configs instead. (#7450)

FEATURES:

• New Data Source: google_compute_security_policy (#7453)
• New Resource: google_compute_project_cloud_armor_tier (#7456)
• New Resource: google_network_services_service_lb_policies (#7463)
• New Resource: google_scc_management_organization_event_threat_detection_custom_module (#7454)
• New Resource: google_spanner_instance_config (#7459)

IMPROVEMENTS:

• appengine: added flexible_runtime_settings field to google_app_engine_flexible_app_version resource (#7462)
• bigtable: added force_destroy field to google_bigtable_instance resource. This will force delete any backups present in the instance and allow the instance to be deleted. (#7441)
• clouddeploy: added execution_configs.verbose field to google_clouddeploy_target resource (#7442)
• compute: added partner_metadata field to google_compute_instance_template resource (#7449)
• compute: added partner_metadata field to google_compute_instance resource (#7449)
• compute: added partner_metadata field to google_compute_regional_instance_template resource (#7449)
• compute: added standby_policy, target_suspended_size and target_stopped_size fields to google_compute_instance_group_manager and google_compute_region_instance_group_manager resources (#7436)
• compute: added storage_pool field to google_compute_disk resource (#7434)
• container: added secret_manager_config field to google_container_cluster resource (#7448)
• dlp: added secrets_discovery_target, cloud_sql_target.filter.database_resource_reference, and big_query_target.filter.table_reference fields to google_data_loss_prevention_discovery_config resource (#7461)
• gkebackup: added backup_schedule.backup_config.permissive_mode field to google_gke_backup_backup_plan resource (#7430)
• gkebackup: added restore_config.restore_order field to google_gke_backup_restore_plan resource (#7430)
• gkebackup: added restore_config.volume_data_restore_policy_bindings field to google_gke_backup_restore_plan resource (#7430)
• gkebackup: added new enum values MERGE_SKIP_ON_CONFLICT, MERGE_REPLACE_VOLUME_ON_CONFLICT and MERGE_REPLACE_ON_CONFLICT to field restore_config.namespaced_resource_restore_mode in google_gke_backup_restore_plan resource (#7430)
• healthcare: added notification_config.send_for_bulk_import field to google_healthcare_dicom_store (#7457)
• integrationconnectors: added endpoint_global_access field to google_integration_connectors_endpoint_attachment resource (#7443)
• netapp: added backup_config field to google_netapp_volume resource (#7439)
• redis: added zone_distribution_config field to google_redis_cluster resource (#7451)
• resourcemanager: added support for range_type = "default-domains-netblocks" in google_netblock_ip_ranges data source (#7440)
• secretmanager: added support for IAM conditions in google_secret_manager_secret_iam_* resources (#7444)
• workstations: added boot_disk_size_gb, enable_nested_virtualization, and pool_size to host.gce_instance.boost_configs in google_workstations_workstation_config resource (#7452)

BUG FIXES:

• container: fixed google_container_node_pool crash if node_config.secondary_boot_disks.mode is not set (#7460)
• dlp: removed required on inspect_config.limits.max_findings_per_info_type.info_type field to allow the use of default limit by not setting this field in google_data_loss_prevention_inspect_template resource (#7438)
• provider: fixed application default credential and access token authorization when universe_domain is set (#7433)

v5.32.0

NOTES:

• privateca: converted google_privateca_certificate_template to now use the MMv1 engine instead of DCL (#7409)

FEATURES:

• New Resource: google_dataplex_entry_type (#7412)
• New Resource: google_logging_log_view_iam_binding (#7420)
• New Resource: google_logging_log_view_iam_member (#7420)
• New Resource: google_logging_log_view_iam_policy (#7420)

IMPROVEMENTS:

• alloydb: added psc_config field to google_alloydb_cluster resource (#7429)
• alloydb: added psc_instance_config field to google_alloydb_instance resource (#7429)
• cloudrunv2: added default_uri_disabled field to google_cloud_run_v2_service resourceto (#7422)
• compute: added NONE to acceptable options for update_policy.minimal_action field in google_compute_instance_group_manager resource (#7417)
• sql: updated support for a new value week5 in field setting.maintenance_window.update_track in google_sql_database_instance resource (#7408)

BUG FIXES:

• cloudrunv2: added validation for timeout field to google_cloud_run_v2_job, google_cloud_run_v2_service resources (#7426)
• compute: fixed permadiff in ordering of advertised_ip_ranges.range field on google_compute_router resource (#7411)
• iam: added a 10 second sleep when creating google_service_account resource (#7427)
• storage: fixed google_storage_bucket.lifecycle_rule.condition block fields days_since_noncurrent_time and days_since_custom_time and num_newer_versions were not working for 0 value. (#7414)

v5.31.1

BUG FIXES:

• iam: added a 10 second sleep when creating a google_service_account to reduce eventual consistency errors. See hashicorp/terraform-provider-google#18024 for more details (#7427)

v5.31.0

FEATURES:

• New Data Source: google_compute_subnetworks (#7371)
• New Resource: google_dataplex_aspect_type (#7397)
• New Resource: google_dataplex_entry_group (#7389)
• New Resource: google_kms_autokey_config (#7385)
• New Resource: google_kms_key_handle (#7385)
• New Resource: google_network_services_lb_route_extension (#7394)

IMPROVEMENTS:

• appengine: added field instance_ip_mode to resource google_app_engine_flexible_app_version resource (beta) (#7377)
• bigquery: added external_data_configuration.bigtable_options to google_bigquery_table (#7387)
• cloudrun: added support for nfs to google_cloudrun_service (beta). (#7381)
• composer: added support for importing google_composer_user_workloads_secret via the "{{environment}}/{{name}}" format. (#7390)
• composer: improved timeouts for google_composer_user_workloads_secret. (#7390)
• compute: added TLS_JA3_FINGERPRINT and USER_IP options in field rate_limit_options.enforce_on_key to google_compute_security_policy resource (#7376)
• compute: added 'rateLimitOptions' field to 'google_compute_security_policy_rule' resource (#7376)
• compute: changed google_compute_region_ssl_policy's region field to optional and allow to be inferred from environment (#7384)
• compute: added on_instance_stop_action field to google_compute_instance, google_compute_instance_template, and google_compute_instance_from_machine_image resources (beta) (#7392)
• compute: added subnet_length field to google_compute_interconnect_attachment resource (#7388)
• container: added containerd_config field and subfields to google_container_cluster and google_container_node_pool resources, to allow those resources to access private image registries. (#7372)
• container: allowed both enable_autopilot and workload_identity_config to be set in google_container_cluster resource. (#7375)
• datastream: added create_without_validation field to google_datastream_connection_profile, google_datastream_private_connection and google_datastream_stream resources (#7382)
• network-security: added trust_config, min_tls_version, tls_feature_profile and custom_tls_features fields to google_network_security_tls_inspection_policy resource (#7368)
• networkservices: made field load_balancing_scheme immutable in resource google_network_services_lb_traffic_extension, as in-place updating is always failing (#7394)
• networkservices: made required fields extension_chains.extensions.authority and extension_chains.extensions.timeout optional in resource google_network_services_lb_traffic_extension (#7394)
• networkservices: removed unsupported load balancing scheme LOAD_BALANCING_SCHEME_UNSPECIFIED from the field load_balancing_scheme in resource google_network_services_lb_traffic_extension (#7394)
• pubsub: added cloud_storage_config.filename_datetime_format field to google_pubsub_subscription resource (#7386)
• tpu: added type of accelerator_config to google_tpu_v2_vm resource (#7369)

BUG FIXES:

• monitoring: fixed a permadiff with monitored_resource.labels property in the google_monitoring_uptime_check_config resource (#7380)
• storage: fixed a bug where field autoclass block is generating permadiff whenever the block is removed from the config in google_storage_bucket resource (#7395)
• storagetransfer: fixed a permadiff with transfer_spec.0.aws_s3_data_source.0.aws_access_key resource_storage_transfer_job (#7391)