layout | page_title | sidebar_current | description |
---|---|---|---|
google |
Terraform Google Provider Version 2 Upgrade Guide |
docs-google-provider-version-2-upgrade |
Terraform Google Provider Version 2 Upgrade Guide |
Version 2.0.0 of the Google provider for Terraform is a major release and includes some changes that you will need to consider when upgrading. This guide is intended to help with that process and focuses only on changes from version 1.19.1 to version 2.0.0.
Most of the changes outlined in this guide have been previously marked as deprecated in the Terraform plan/apply output throughout previous provider releases, up to and including 1.19.1. These changes, such as deprecation notices, can always be found in the Terraform Google Provider CHANGELOG.
Upgrade topics:
- Provider Version Configuration
google-beta
provider- Open in Cloud Shell
- Data Sources
- Resource:
google_bigquery_dataset
- Resource:
google_bigtable_instance
- Resource:
google_binary_authorizaton_attestor
- Resource:
google_binary_authorizaton_policy
- Resource:
google_cloudfunctions_function
- Resource:
google_compute_backend_service
- Resource:
google_compute_disk
- Resource:
google_compute_global_forwarding_rule
- Resource:
google_compute_image
- Resource:
google_compute_instance
- Resource:
google_compute_instance_from_template
- Resource:
google_compute_instance_group_manager
- Resource:
google_compute_project_metadata
- Resource:
google_compute_region_instance_group_manager
- Resource:
google_compute_subnetwork_iam_*
- Resource:
google_compute_target_pool
- Resource:
google_compute_url_map
- Resource:
google_container_analysis_note
- Resource:
google_container_cluster
- Resource:
google_container_node_pool
- Resource:
google_dataproc_cluster
- Resource:
google_endpoints_service
- Resource:
google_filestore_instance
- Resource:
google_organization_custom_role
- Resource:
google_project
- Resource:
google_project_iam_policy
- Resource:
google_service_account
- Resource:
google_sql_database_instance
- Resource:
google_storage_default_object_acl
- Resource:
google_storage_object_acl
!> WARNING: This topic is placeholder documentation until version 2.0.0 is released later this year.
-> Before upgrading to version 2.0.0, it is recommended to upgrade to the most recent version of the provider (1.19.1) and ensure that your environment successfully runs terraform plan
without unexpected changes or deprecation notices.
It is recommended to use version constraints when configuring Terraform providers. If you are following that recommendation, update the version constraints in your Terraform configuration and run terraform init
to download the new version.
For example, given this previous configuration:
provider "google" {
# ... other configuration ...
version = "~> 1.19.0"
}
An updated configuration:
provider "google" {
# ... other configuration ...
version = "~> 2.0.0"
}
The google-beta
provider is now necessary to be able to configure resources with beta features.
This new provider enables full import support of beta features and gives users who
wish to use only the most stable APIs and features more confidence that they are doing so
by continuing to use the google
provider.
Beta GCP Features have no deprecation policy and no SLA, but are otherwise considered to be feature-complete with only minor outstanding issues after their Alpha period. Beta is when GCP features are publicly announced, and is when they generally become publicly available. For more information see the official documentation on GCP launch stages.
Because the API for beta features can change before their GA launch, there may be breaking changes
in the google-beta
provider in minor release versions. These changes will be announced in the
Terraform google-beta
Provider CHANGELOG.
To have resources at different API versions, set up provider blocks for each version:
provider "google" {
credentials = "${file("account.json")}"
project = "my-project-id"
region = "us-central1"
}
provider "google-beta" {
credentials = "${file("account.json")}"
project = "my-project-id"
region = "us-central1"
}
In each resource, state which provider that resource should be used with:
resource "google_compute_instance" "ga-instance" {
provider = "google"
# ...
}
resource "google_compute_instance" "beta-instance" {
provider = "google-beta"
# ...
}
See Provider Versions
for more details on how to use google-beta
.
2.0.0 is the first release including Open in Cloud Shell. Examples in the documentation for Magic Modules resources now have Open in Cloud Shell links in their documentation that open them in an interactive editor and shell - all without leaving the browser. See the blog post announcing the feature for more details.
See the Resource
sections in this document for properties that may have been removed.
The order of entries in access
no longer matters. Any configurations that
interpolate based on an item at a specific index will need to be updated, as items
may have been reordered.
Example previous configuration:
resource "google_bigtable_instance" "instance" {
name = "tf-instance"
cluster_id = "tf-instance-cluster"
zone = "us-central1-b"
num_nodes = 3
storage_type = "HDD"
}
Example updated configuration:
resource "google_bigtable_instance" "instance" {
name = "tf-instance"
cluster {
cluster_id = "tf-instance-cluster"
zone = "us-central1-b"
num_nodes = 3
storage_type = "HDD"
}
}
cluster.zone
is now required, even if the provider block has a zone set.
Use the google-beta
provider to use these resources.
Use the google-beta
provider to use these resources.
Use the event_trigger
block instead.
Example updated configuration:
resource "google_cloudfunctions_function" "function" {
name = "example-function"
available_memory_mb = 128
source_archive_bucket = "${google_storage_bucket.bucket.name}"
source_archive_object = "${google_storage_bucket_object.archive.name}"
timeout = 61
entry_point = "helloGCS"
event_trigger {
event_type = "providers/cloud.storage/eventTypes/object.change"
resource = "${google_storage_bucket.bucket.name}"
failure_policy {
retry = true
}
}
}
resource "google_storage_bucket" "bucket" {
name = "example-bucket"
}
resource "google_storage_bucket_object" "archive" {
name = "index.zip"
bucket = "${google_storage_bucket.bucket.name}"
source = "path/to/source.zip"
}
See the documentation at
google_cloudfunctions_function
for more details.
Use the google-beta
provider to set this field.
Use the disk_encryption_key
block instead:
data "google_compute_image" "my_image" {
family = "debian-9"
project = "debian-cloud"
}
resource "google_compute_disk" "foobar" {
name = "example-disk"
image = "${data.google_compute_image.my_image.self_link}"
size = 50
type = "pd-ssd"
zone = "us-central1-a"
disk_encryption_key {
raw_key = "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0="
}
}
Use the google-beta
provider to set this field.
Use the standard timeouts block instead.
Use the standard timeouts block instead.
Terraform will remove values not explicitly set in this field. Any metadata
values
that were added outside of Terraform should be added to the config.
Use network_interface
instead.
Use network_interface.*.network_ip
instead.
Terraform will remove values not explicitly set in this field. Any metadata
values
that were added outside of Terraform should be added to the config.
Use the google-beta
provider to use these fields.
rolling_update_policy
has been renamed to update_policy
in google-beta
.
Terraform will remove values not explicitly set in this field. Any metadata
values
that were added outside of Terraform should be added to the config.
Use the google-beta
provider to use these fields.
rolling_update_policy
has been renamed to update_policy
in google-beta
.
With rolling_update_policy
removed, update_strategy
has no effect anymore.
Remove it from your config at your convenience.
Use the google-beta
provider to use these resources.
The order of entries in instances
no longer matters. Any configurations that
interpolate based on an item at a specific index will need to be updated, as items
may have been reordered.
Terraform will remove values not explicitly set in these fields. Any host_rule
, path_matcher
, or test
values that were added outside of Terraform should be added to the config.
Use the google-beta
provider to use these resources.
enable_binary_authorization
, enable_tpu
, pod_security_policy_config
, private_cluster
, and master_ipv4_cidr_block
, node_config.taints
, node_config.workload_metadata_config
have been removed from the GA provider
Use the google-beta
provider to set these fields.
max_pods_per_node
, node_config.taints
, node_config.workload_metadata_config
have been removed from the GA provider
Use the google-beta
provider to set these fields.
Use the name
field along with the random
provider instead.
Sample config:
variable "machine_type" {}
resource "google_container_cluster" "example" {
name = "example-cluster"
zone = "us-central1-a"
initial_node_count = 1
remove_default_node_pool = true
}
resource "random_id" "np" {
byte_length = 11
prefix = "example-np-"
keepers = {
machine_type = "${var.machine_type}"
}
}
resource "google_container_node_pool" "example" {
name = "${random_id.np.dec}"
zone = "us-central1-a"
cluster = "${google_container_cluster.example.name}"
node_count = 1
node_config {
machine_type = "${var.machine_type}"
}
lifecycle {
create_before_destroy = true
}
}
The keepers
parameter in random_id
takes a map of values that cause the random id to be regenerated.
By tying it to attributes that might change, it makes sure the random id changes too.
To make sure the node pool keeps its old name, figure out what the suffix was by running terraform show
:
google_container_node_pool.example:
...
name = example-np-20180329213336514500000001
Determine the base64 encoding of that value by running this script.
Then, import that suffix as the value of random_id
:
terraform import random_id.np example-np-,ELFZ1rbrAThoeQE
For more details, see terraform-provider-google#1054.
Use protoc_output_base64
instead.
Example previous configuration:
resource "google_endpoints_service" "grpc_service" {
service_name = "api-name.endpoints.project-id.cloud.goog"
grpc_config = "${file("service_spec.yml")}"
protoc_output = "${file("compiled_descriptor_file.pb")}"
Example updated configuration:
resource "google_endpoints_service" "grpc_service" {
service_name = "api-name.endpoints.project-id.cloud.goog"
grpc_config = "${file("service_spec.yml")}"
protoc_output_base64 = "${base64encode(file("compiled_descriptor_file.pb"))}"
}
Autogenerated buckets are shared by all clusters in the same region, so deleting
this bucket could adversely harm other dataproc clusters. If you need a bucket
that can be deleted, please create a new one and set the staging_bucket
field.
The order of entries in tags
no longer matters. Any configurations that
interpolate based on an item at a specific index will need to be updated, as items
may have been reordered.
Use the google-beta
provider to use these resources.
Use terraform destroy
, or remove the resource from your config instead.
Use the
google_app_engine_application
resource instead.
To avoid errors trying to recreate the resource, import it into your state first by running:
terraform import google_app_engine_application.app your-project-id
Terraform will remove values not explicitly set in this field. Any policy_data
values that were added outside of Terraform should be added to the config.
Remove these fields from your config. Ensure that policy_data
contains all
policy values that exist on the project.
This resource is very dangerous. Consider using google_project_iam_binding
or
google_project_iam_member
instead.
Use one of the other service account IAM resources instead.
Terraform will remove values not explicitly set in this field. Any settings values that were added outside of Terraform should be added to the config.
Terraform will remove values not explicitly set in this field. Any role_entity
values that were added outside of Terraform should be added to the config.
Terraform will remove values not explicitly set in this field. Any role_entity
values that were added outside of Terraform should be added to the config.
For fine-grained management, use google_storage_object_access_control
.