v6.25.0

NOTES:

• eventarc: google_eventarc_channel now uses MMv1 engine instead of DCL. (#21728)
• workbench: increased create timeout for google_workbench_instance to 40mins. (#21700)

FEATURES:

• New Data Source: google_compute_region_ssl_policy (#21633)
• New Resource: google_eventarc_google_api_source (#21732)
• New Resource: google_iam_oauth_client_credential (#21731)
• New Resource: google_iam_oauth_client (#21660)
• New Resource: network_services_endpoint_policy (#21676)
• New Resource: network_services_grpc_route (#21676)
• New Resource: network_services_http_route (#21676)
• New Resource: network_services_mesh (#21676)
• New Resource: network_services_service_binding (#21676)
• New Resource: network_services_tcp_route (#21676)
• New Resource: network_services_tls_route (#21676)

IMPROVEMENTS:

• alloydb: added psc_instance_config.psc_interface_configs field to google_alloydb_instance resource (#21701)
• compute: added create_snapshot_before_destroy to google_compute_disk and google_compute_region_disk to enable creating a snapshot before disk deletion (#21636)
• compute: added ip_collection and ipv6_gce_endpoint fields to google_compute_subnetwork resource (#21730)
• compute: added log_config.optional_mode and log_config.optional_fields fields to google_compute_region_backend_service resource (#21722)
• compute: added rsa_encrypted_key to google_compute_region_disk (#21636)
• compute: added scheduling.termination_time field to google_compute_instance, google_compute_instance_from_machine_image, google_compute_instance_from_template, google_compute_instance_template, and google_compute_region_instance_template resources (#21717)
• compute: added update support for 'purpose' field in google_compute_subnetwork resource (#21729)
• compute: added update support for firewall_policy in google_compute_firewall_policy_association resource. It is recommended to only perform this operation in combination with a protective lifecycle tag such as "create_before_destroy" or "prevent_destroy" on your previous firewall_policy resource in order to prevent situations where a target attachment has no associated policy. (#21735)
• container: added "JOBSET" as a supported value for enable_components in google_container_cluster resource (#21657)
• firebasedataconnect: added deletion_policy field to google_firebase_data_connect_service resource (#21736)
• networksecurity: added description field to google_network_security_intercept_deployment, google_network_security_intercept_deployment_group, google_network_security_intercept_endpoint_group resources (#21711)
• networksecurity: added description field to google_network_security_mirroring_deployment, google_network_security_mirroring_deployment_group, google_network_security_mirroring_endpoint_group resources (#21714)
• tpuv2: added spot field to google_tpu_v2_vm resource (#21716)
• workstations: added tags field to google_workstations_workstation_cluster resource (#21635)

BUG FIXES:

• backupdr: added missing SUNDAY option to days_of_week field in google_backup_dr_backup_plan resource (#21640)
• compute: fixed network_interface.internal_ipv6_prefix_length not being set or read in Terraform state in google_compute_instance resource (#21638)
• compute: fixed bug in google_compute_router_nat where max_ports_per_vm couldn't be unset once set. (#21721)
• container: fixed perma-diff in google_container_cluster when cluster_dns_scope is unspecified (#21637)
• networksecurity: added wait time on google_network_security_gateway_security_policy_rule resource when creating and deleting to prevent race conditions (#21643)

v6.24.0

NOTES:

• gemini: removed unsupported value GEMINI_CLOUD_ASSIST for field product in google_gemini_logging_setting_binding resource (#21630)
• iam: added member value to the error message when member validation fails for google_project_iam_* (#21586)

DEPRECATIONS:

• datacatalog: deprecated google_data_catalog_entry and google_data_catalog_tag resources. For steps to transition your Data Catalog users, workloads, and content to Dataplex Catalog, see https://cloud.google.com/dataplex/docs/transition-to-dataplex-catalog. (#21541)
• notebooks: deprecated non-functional google_notebooks_location resource (#21517)

FEATURES:

• New Data Source: google_memorystore_instance (#21579)
• New Resource: google_apihub_host_project_registration (#21607)
• New Resource: google_compute_instant_snapshot (#21598)
• New Resource: google_eventarc_message_bus (#21611)
• New Resource: google_gemini_data_sharing_with_google_setting_binding (GA) (#21629)
• New Resource: google_gemini_gcp_enablement_setting_binding (GA) (#21587)
• New Resource: google_gemini_gemini_gcp_enablement_setting_binding (#21540)
• New Resource: google_storage_anywhere_cache (#21537)

IMPROVEMENTS:

• alloydb: added ability to upgrade major version in google_alloydb_cluster with database_version (#21582)
• compute: added creation_timestamp, next_hop_peering, warnings.code, warnings.message, warnings.data.key, warnings.data.value, next_hop_hub, route_type, as_paths.path_segment_type, as_paths.as_lists and route_status fields to google_compute_route resource (#21534)
• compute: added max_stream_duration field to google_compute_url_map resource (#21535)
• compute: added network_interface.network_attachment field to google_compute_instance resource (ga) (#21606)
• compute: added network_interface.network_attachment to google_compute_instance data source (ga) (#21606)
• compute: added fields architecture, source_instant_snapshot, source_storage_object, resource_manager_tags to google_compute_disk. (#21598)
• container: added enum value UPGRADE_INFO_EVENT for GKE notification filter in google_container_cluster resource (#21609)
• iam: added AZURE_AD_GROUPS_ID field to google_iam_workforce_pool_provider.extra_attributes_oauth2_client.attributes_type resource (#21624)
• networkconnectivity: added policy_mode field to google_network_connectivity_hub resource (#21589)
• networkservices: added location field to google_network_services_grpc_route resource (#21621)
• storagetransfer: added logging_config field to google_storage_transfer_job resource (#21523)

BUG FIXES:

• bigquery: updated the max_staleness field in google_bigquery_table to be a computed field (#21596)
• chronicle: fixed an error during resource creation with certain run_frequency configurations in google_chronicle_rule_deployment (#21610)
• discoveryengine: fixed bug preventing creation of google_discovery_engine_target_site resources (#21628)
• eventarc: fixed an issue where google_eventarc_trigger creation failed due to the region could not be parsed from the trigger's name (#21528)
• publicca: encode b64_mac_key in base64url, not in base64 (#21612)
• storage: fixed a 412 error returned on some google_storage_bucket_iam_policy deletions (#21626)

v6.23.0

NOTES:

• The google_sql_user resource now supports password_wo write-only arguments
• The google_bigquery_data_transfer_config resource now supports secret_access_key_wo write-only arguments
• The google_secret_version resource now supports secret_data_wo write-only arguments

IMPROVEMENTS:

• sql: added password_wo and password_wo_version fields to google_sql_user resource (#21616)
• bigquerydatatransfer: added secret_access_key_wo and secret_access_key_wo_version fields to google_bigquery_data_transfer_config resource (#21617)
• secretmanager: added secret_data_wo and secret_data_wo_version fields to google_secret_version resource (#21618)

v6.22.0

NOTES:

• provider: The Terraform Provider for Google Cloud's regular release date will move from Monday to Tuesday in early March. The 2025/03/10 release will be made on 2025/03/11.

DEPRECATIONS:

• datacatalog: deprecated google_data_catalog_tag_template. Use google_dataplex_aspect_type instead. For steps to transition your Data Catalog users, workloads, and content to Dataplex Catalog, see https://cloud.google.com/dataplex/docs/transition-to-dataplex-catalog. (#9347)
• datacatalog: deprecated google_data_catalog_entry_group. Use google_dataplex_entry_group instead. For steps to transition your Data Catalog users, workloads, and content to Dataplex Catalog, see https://cloud.google.com/dataplex/docs/transition-to-dataplex-catalog. (#9349)

FEATURES:

• New Data Source: google_alloydb_cluster (#21496)
• New Data Source: google_project_ancestry (#21413)
• New Resource: google_gemini_data_sharing_with_google_setting_binding (#21479)
• New Resource: google_gemini_logging_setting_binding (#21429)
• New Resource: google_gemini_logging_setting (#21404)
• New Resource: google_spanner_instance_partition (#21475)

IMPROVEMENTS:

• backupdr: promoted google_backup_dr_management_server, google_backup_dr_backup_plan_association, and google_backup_dr_backup_plan resources to GA
• compute: added import_subnet_routes_with_public_ip and export_subnet_routes_with_public_ip fields to google_compute_network_peering_routes_config resource (#21405)
• developerconnect: added bitbucket_cloud_config and bitbucket_data_center_config fields to google_developer_connect_connection resource (#21433)
• gemini: promoted google_gemini_release_channel_setting resource to GA (#21481)
• iam: added extra_attributes_oauth2_client field to google_iam_workforce_pool_provider resource (#21430)
• iambeta: promoted google_iam_workload_identity_pool and google_iam_workload_identity_pool_provider data sources to GA (#21408)
• redis: added kms_key field to google_redis_cluster resource (#21428)
• tpuv2: added network_config field to google_tpu_v2_queued_resource resource (#21426)

BUG FIXES:

• apigee: fixed error when deleting google_apigee_organization (#21473)
• bigtable: fixed a bug where sometimes updating an instance's cluster list could result in an error if there was an existing cluster with autoscaling enabled (#21503)
• chronicle: fixed bug setting enabled on creation in google_chronicle_rule_deployment (#21460)

v6.21.0

NOTES:

• provider: The Terraform Provider for Google Cloud's regular release date will move from Monday to Tuesday in early March. The 2025/03/10 release will be made on 2025/03/11.

FEATURES:

• New Data Source: google_alloydb_instance (#21383)
• New Resource: google_firebase_data_connect_service (#21368)
• New Resource: google_gemini_data_sharing_with_google_setting (#21393)
• New Resource: google_gemini_gemini_gcp_enablement_setting (#21357)
• New Resource: google_gemini_logging_setting_binding (#21354)
• New Resource: google_gemini_release_channel_setting (#21387
• New Resource: google_gemini_release_channel_setting_binding (#21387
• New Resource: google_netapp_volume_quota_rule (#21283)

IMPROVEMENTS:

• accesscontextmanager: added etag to access context manager directional policy resources google_access_context_manager_service_perimeter_dry_run_egress_policy, google_access_context_manager_service_perimeter_dry_run_ingress_policy, google_access_context_manager_service_perimeter_egress_policy and google_access_context_manager_service_perimeter_ingress_policy to prevent overriding changes (#21366)
• accesscontextmanager: added title field to policy blocks under google_access_context_manager_service_perimeter and variants (#21302)
• artifactregistry: set pageSize to 1000 to speedup google_artifact_registry_docker_image data source queries (#21360)
• compute: added labels field to google_compute_ha_vpn_gateway resource (#21385)
• compute: added validation for disk names in google_compute_disk (#21335)
• container: added new fields container_log_max_size, container_log_max_files, image_gc_low_threshold_percent, image_gc_high_threshold_percent, image_minimum_gc_age, image_maximum_gc_age, and allowed_unsafe_sysctls to node_kubelet_config block in google_container_cluster resource. (#21319)
• monitoring: added condition_sql field to google_monitoring_alert_policy resource (#21277)
• networkservices: added location field to google_network_services_mesh resource (#21337)
• securitycenter: added type, expiry_time field to google_scc_mute_config resource (#21318)

BUG FIXES:

• chronicle: fixed creation issues when optional fields were missing for google_chronicle_rule_deployment resource (#21389)
• databasemigrationservice: fixed error details type on google_database_migration_service_migration_job (#21279)
• networkservices: fixed a bug with google_network_services_authz_extension.wire_format sending an invalid default value by removing the Terraform default and letting the API set the default. (#21280)

v6.20.0

NOTES:

• provider: The Terraform Provider for Google Cloud's regular release date will move from Monday to Tuesday in early March. The 2025/03/10 release will be made on 2025/03/11.
• compute: google_compute_firewall_policy now uses MMv1 engine instead of DCL. (#21235)

FEATURES:

• New Data Source: google_beyondcorp_application_iam_policy (#21199)
• New Data Source: google_parameter_manager_parameter_version_render (#21104)
• New Resource: google_beyondcorp_application (#21199)
• New Resource: google_beyondcorp_application_iam_binding (#21199)
• New Resource: google_beyondcorp_application_iam_member (#21199)
• New Resource: google_beyondcorp_application_iam_policy (#21199)
• New Resource: google_bigquery_analytics_hub_listing_subscription (#21189)
• New Resource: google_colab_notebook_execution (#21100)
• New Resource: google_colab_schedule (#21233)

IMPROVEMENTS:

• accesscontextmanager: added resource to sources in egress_from under resources google_access_context_manager_service_perimeter, google_access_context_manager_service_perimeters, google_access_context_manager_service_perimeter_egress_policy, google_access_context_manager_service_perimeter_dry_run_egress_policy (#21190)
• cloudrunv2: added base_image_uri and build_info to google_cloud_run_v2_service (#21236)
• colab: added auto_upgrade field to google_colab_runtime (#21214)
• colab: added software_config.post_startup_script_config field to google_colab_runtime_template (#21200)
• colab: added desired_state field to google_colab_runtime, making it startable/stoppable. (#21207)
• compute: added ip_collection field to google_compute_forwarding_rule resource (#21188)
• compute: added mode and allocatable_prefix_length fields to google_compute_public_delegated_prefix resource (#21216)
• compute: allow parallelization of google_compute_per_instance_config and google_compute_region_per_instance_config deletions by not locking on the parent resource, but including instance name. (#21095)
• container: added auto_monitoring_config field and subfields to the google_container_cluster resource (#21229)
• filestore: added initial_replication field for peer instance configuration and effective_replication output for replication configuration output to google_filestore_instance (#21194)
• memorystore: added CLUSTER_DISABLED to mode field in google_memorystore_instance (#21092)
• networkservices: added compression_mode and allowed_methods fields to google_network_services_edge_cache_service resource (#21195)
• privateca: added user_defined_access_urls and subfields to google_privateca_certificate_authority resource to add support for custom CDP AIA URLs (#21220)
• workbench: added enable_third_party_identity field to google_workbench_instance resource (#21265)

BUG FIXES:

• appengine: added a mitigation for an upcoming default change to standard_scheduler_settings.max_instances for new google_app_engine_standard_app_version resources. If the field is not specified in configuration, diffs will now be ignored. (#21257)
• bigquery: added diff suppression for legacy values in renewal_plan field in google_bigquery_capacity_commitment resource (#21103)
• compute: fixed google_compute_(region_)resize_request requiring region/zone to be specified in all cases. They can now be pulled from the provider. (#21264)
• container: reverted locking behavior in google_container_node_pool that caused regression of operation apply time spike started in v6.15 (#21102)
• gemini: fixed a bug where the force_destroy field in resource gemini_code_repository_index did not work properly (#21212)
• workbench: fixed a bug with google_workbench_instance metadata removal not working as expected (#21204)

v5.45.2

NOTES:

• 5.45.2 contains no changes from 5.45.1. This release is being made to ensure that the version numbers of the google and google-beta provider releases remain aligned, as google-beta's 5.45.2 release contains a beta-only change.

v6.19.0

DEPRECATIONS:

• beyondcorp: deprecated location on google_beyondcorp_security_gateway. The only valid value is global, which is now also the default value. The field will be removed in a future major release. (#21006)

FEATURES:

• New Data Source: google_parameter_manager_parameter_version (#21055)
• New Data Source: google_parameter_manager_parameters (#21043)
• New Data Source: google_parameter_manager_regional_parameter_version (#21073)
• New Resource: google_beyondcorp_security_gateway_iam_binding (#21078)
• New Resource: google_beyondcorp_security_gateway_iam_member (#21078)
• New Resource: google_beyondcorp_security_gateway_iam_policy (#21078)

IMPROVEMENTS:

• accesscontextmanager: added etag to google_access_context_manager_service_perimeter_dry_run_resource to prevent overriding list of resources (#21005)
• compute: allowed parallelization of google_compute_(region_)per_instance_config by not locking on the parent resource, but including instance name. (#21001)
• compute: added network_profile field to google_compute_network resource. (#21027)
• compute: added zero_advertised_route_priority field to google_compute_router_peer (#21024)
• container: added max_run_duration to node_config in google_container_cluster and google_container_node_pool (#21071)
• dataproc: added encryption_config to google_dataproc_workflow_template (#21077)
• gkehub2: added support for fleet_default_member_config.config_management.config_sync.metrics_gcp_service_account_email field to google_gke_hub_feature resource (#21042)
• iam: added prefix and regex fields to google_service_accounts data source (#21020)
• pubsub: added ingestion_data_source_settings.aws_msk and ingestion_data_source_settings.confluent_cloud fields to google_pubsub_topic resource (#20999)
• spanner: added encryption_config field to google_spanner_backup_schedule (#21067)
• workflows: added tags and workflow_tags fields to google_workflows_workflow resource (#21053)

BUG FIXES:

• alloydb: marked google_alloydb_user.password as sensitive (#21014)
• beyondcorp: corrected location to always be global in google_beyondcorp_security_gateway (#21006)
• cloudquotas: removed validation for parent in google_cloud_quotas_quota_adjuster_settings (#21054)
• compute: made google_compute_router_peer.advertised_route_priority use server-side default if unset. To set the value to 0 you must also set zero_advertised_route_priority = true. (#21024)
• container: fixed a diff caused by server-side set values for node_config.resource_labels (#21082)
• container: marked cluster_autoscaling.resource_limits.maximum as required, as requests would fail if it was not set (#21051)
• firestore: fixed error preventing deletion of wildcard google_firestore_field resources (#21034)
• netapp: fixed an issue where a diff on zone would be found if it was unspecified in google_netapp_storage_pool (#21060)
• networksecurity: fixed sporadic-diff in google_network_security_security_profile (#21070)
• spanner: fixed bug with google_spanner_instance.force_destroy not setting billing_project value correctly (#21023)
• storage: fixed an issue where plans with a dependency on the content field in the google_storage_bucket_object_content data source could erroneously fail (#21074)

v6.18.1

BUG FIXES:

• container: fixed a diff caused by server-side set values for node_config.resource_labels (#21082)

v5.45.1

NOTES:

• 5.45.1 is a backport release, responding to a new GKE label being applied that can cause unwanted diffs in node pools. The changes in this release will be available in 6.18.1 and users upgrading to 6.X should upgrade to that version or higher.

BUG FIXES:

• container: fixed a diff caused by server-side set values for node_config.resource_labels (#21082)