v5.32.0

OTES:

• privateca: converted google_privateca_certificate_template to now use the MMv1 engine instead of DCL (#7409)

FEATURES:

• New Resource: google_dataplex_entry_type (#7412)
• New Resource: google_logging_log_view_iam_member (#7420)

IMPROVEMENTS:

• alloydb: added psc_config field to google_alloydb_cluster resource (#7429)
• alloydb: added psc_instance_config field to google_alloydb_instance resource (#7429)
• cloudrunv2: added default_uri_disabled field to google_cloud_run_v2_service resourceto (#7422)
• compute: added NONE to acceptable options for update_policy.minimal_action field in google_compute_instance_group_manager resource (#7417)
• sql: updated support for a new value week5 in field setting.maintenance_window.update_track in google_sql_database_instance resource (#7408)

BUG FIXES:

• cloudrunv2: added validation for timeout field to google_cloud_run_v2_job, google_cloud_run_v2_service resources (#7426)
• compute: fixed permadiff in ordering of advertised_ip_ranges.range field on google_compute_router resource (#7411)
• iam: added a 10 second sleep when creating google_service_account resource (#7427)
• storage: fixed google_storage_bucket.lifecycle_rule.condition block fields days_since_noncurrent_time and days_since_custom_time and num_newer_versions were not working for 0 value. (#7414)

5.31.0 (May 28, 2024)

FEATURES:

• New Data Source: google_compute_subnetworks (#7371)
• New Resource: google_dataplex_aspect_type (#7397)
• New Resource: google_dataplex_entry_group (#7389)
• New Resource: google_kms_autokey_config (#7385)
• New Resource: google_kms_key_handle (#7385)
• New Resource: google_network_services_lb_route_extension (#7394)

IMPROVEMENTS:

• appengine: added field instance_ip_mode to resource google_app_engine_flexible_app_version resource (beta) (#7377)
• bigquery: added external_data_configuration.bigtable_options to google_bigquery_table (#7387)
• cloudrun: added support for nfs to google_cloudrun_service (beta). (#7381)
• composer: added support for importing google_composer_user_workloads_secret via the "{{environment}}/{{name}}" format. (#7390)
• composer: improved timeouts for google_composer_user_workloads_secret. (#7390)
• compute: added TLS_JA3_FINGERPRINT and USER_IP options in field rate_limit_options.enforce_on_key to google_compute_security_policy resource (#7376)
• compute: added 'rateLimitOptions' field to 'google_compute_security_policy_rule' resource (#7376)
• compute: changed google_compute_region_ssl_policy's region field to optional and allow to be inferred from environment (#7384)
• compute: added on_instance_stop_action field to google_compute_instance, google_compute_instance_template, and google_compute_instance_from_machine_image resources (beta) (#7392)
• compute: added subnet_length field to google_compute_interconnect_attachment resource (#7388)
• container: added containerd_config field and subfields to google_container_cluster and google_container_node_pool resources, to allow those resources to access private image registries. (#7372)
• container: allowed both enable_autopilot and workload_identity_config to be set in google_container_cluster resource. (#7375)
• datastream: added create_without_validation field to google_datastream_connection_profile, google_datastream_private_connection and google_datastream_stream resources (#7382)
• network-security: added trust_config, min_tls_version, tls_feature_profile and custom_tls_features fields to google_network_security_tls_inspection_policy resource (#7368)
• networkservices: made field load_balancing_scheme immutable in resource google_network_services_lb_traffic_extension, as in-place updating is always failing (#7394)
• networkservices: made required fields extension_chains.extensions.authority and extension_chains.extensions.timeout optional in resource google_network_services_lb_traffic_extension (#7394)
• networkservices: removed unsupported load balancing scheme LOAD_BALANCING_SCHEME_UNSPECIFIED from the field load_balancing_scheme in resource google_network_services_lb_traffic_extension (#7394)
• pubsub: added cloud_storage_config.filename_datetime_format field to google_pubsub_subscription resource (#7386)
• tpu: added type of accelerator_config to google_tpu_v2_vm resource (#7369)

BUG FIXES:

• monitoring: fixed a permadiff with monitored_resource.labels property in the google_monitoring_uptime_check_config resource (#7380)
• storage: fixed a bug where field autoclass block is generating permadiff whenever the block is removed from the config in google_storage_bucket resource (#7395)
• storagetransfer: fixed a permadiff with transfer_spec.0.aws_s3_data_source.0.aws_access_key resource_storage_transfer_job (#7391)

5.30.0 (May 20, 2024)

FEATURES:

• New Data Source: google_cloud_asset_resources_search_all (#7361)
• New Resource: google_compute_interconnect (#7338)
• New Resource: google_network_services_lb_traffic_extension (#7367)

IMPROVEMENTS:

• compute: added kms_key_name field to the google_bigquery_connection resource (#7335)
• compute: added match.expr.expression field to google_compute_region_security_policy_rule resource (#7330)
• compute: added auto_network_tier field to google_compute_router_nat resource (#7333)
• container: added KUBELET and CADVISOR options to monitoring_config.enable_components in google_container_cluster resource (#7351)
• dataproc: added local_ssd_interface to google_dataproc_cluster resource (#7366)
• datastream: added sql_server_profile to google_datastream_connection_profile resource (#7339)
• dlp: added cloud_sql_target field to google_data_loss_prevention_discovery_config resource (#7337)
• netapp: added FLEX value to field service_level in google_netapp_storage_pool resource (#7350)
• networksecurity: added trust_config, min_tls_version, tls_feature_profile and custom_tls_features fields to google_network_security_tls_inspection_policy resource (#7368)
• n...

v5.31.1

BUG FIXES:

• iam: added a 10 second sleep when creating a google_service_account to reduce eventual consistency errors. See hashicorp/terraform-provider-google#18024 for more details (#7427)

v5.31.0

FEATURES:

• New Data Source: google_compute_subnetworks (#7371)
• New Resource: google_dataplex_aspect_type (#7397)
• New Resource: google_dataplex_entry_group (#7389)
• New Resource: google_kms_autokey_config (#7385)
• New Resource: google_kms_key_handle (#7385)
• New Resource: google_network_services_lb_route_extension (#7394)

IMPROVEMENTS:

• appengine: added field instance_ip_mode to resource google_app_engine_flexible_app_version resource (beta) (#7377)
• bigquery: added external_data_configuration.bigtable_options to google_bigquery_table (#7387)
• cloudrun: added support for nfs to google_cloudrun_service (beta). (#7381)
• composer: added support for importing google_composer_user_workloads_secret via the "{{environment}}/{{name}}" format. (#7390)
• composer: improved timeouts for google_composer_user_workloads_secret. (#7390)
• compute: added TLS_JA3_FINGERPRINT and USER_IP options in field rate_limit_options.enforce_on_key to google_compute_security_policy resource (#7376)
• compute: added 'rateLimitOptions' field to 'google_compute_security_policy_rule' resource (#7376)
• compute: changed google_compute_region_ssl_policy's region field to optional and allow to be inferred from environment (#7384)
• compute: added on_instance_stop_action field to google_compute_instance, google_compute_instance_template, and google_compute_instance_from_machine_image resources (beta) (#7392)
• compute: added subnet_length field to google_compute_interconnect_attachment resource (#7388)
• container: added containerd_config field and subfields to google_container_cluster and google_container_node_pool resources, to allow those resources to access private image registries. (#7372)
• container: allowed both enable_autopilot and workload_identity_config to be set in google_container_cluster resource. (#7375)
• datastream: added create_without_validation field to google_datastream_connection_profile, google_datastream_private_connection and google_datastream_stream resources (#7382)
• network-security: added trust_config, min_tls_version, tls_feature_profile and custom_tls_features fields to google_network_security_tls_inspection_policy resource (#7368)
• networkservices: made field load_balancing_scheme immutable in resource google_network_services_lb_traffic_extension, as in-place updating is always failing (#7394)
• networkservices: made required fields extension_chains.extensions.authority and extension_chains.extensions.timeout optional in resource google_network_services_lb_traffic_extension (#7394)
• networkservices: removed unsupported load balancing scheme LOAD_BALANCING_SCHEME_UNSPECIFIED from the field load_balancing_scheme in resource google_network_services_lb_traffic_extension (#7394)
• pubsub: added cloud_storage_config.filename_datetime_format field to google_pubsub_subscription resource (#7386)
• tpu: added type of accelerator_config to google_tpu_v2_vm resource (#7369)

BUG FIXES:

• monitoring: fixed a permadiff with monitored_resource.labels property in the google_monitoring_uptime_check_config resource (#7380)
• storage: fixed a bug where field autoclass block is generating permadiff whenever the block is removed from the config in google_storage_bucket resource (#7395)
• storagetransfer: fixed a permadiff with transfer_spec.0.aws_s3_data_source.0.aws_access_key resource_storage_transfer_job (#7391)

v5.30.0

FEATURES:

• New Data Source: google_cloud_asset_resources_search_all (#7361)
• New Resource: google_compute_interconnect (#7338)
• New Resource: google_network_services_lb_traffic_extension (#7367)

IMPROVEMENTS:

• compute: added kms_key_name field to the google_bigquery_connection resource (#7335)
• compute: added match.expr.expression field to google_compute_region_security_policy_rule resource (#7330)
• compute: added auto_network_tier field to google_compute_router_nat resource (#7333)
• container: added KUBELET and CADVISOR options to monitoring_config.enable_components in google_container_cluster resource (#7351)
• dataproc: added local_ssd_interface to google_dataproc_cluster resource (#7366)
• datastream: added sql_server_profile to google_datastream_connection_profile resource (#7339)
• dlp: added cloud_sql_target field to google_data_loss_prevention_discovery_config resource (#7337)
• netapp: added FLEX value to field service_level in google_netapp_storage_pool resource (#7350)
• networksecurity: added trust_config, min_tls_version, tls_feature_profile and custom_tls_features fields to google_network_security_tls_inspection_policy resource (#7368)
• networkservices: supported in-place update for gateway_security_policy and certificate_urls fields in google_network_services_gateway resource (#7348)

BUG FIXES:

• compute: fixed a perma-diff on machine_type field in google_compute_instance resource (#7345)
• compute: fixed a perma-diff on type field in google_compute_disk resource (#7345)
• storage: fixed update issue for lifecycle_rule.condition.custom_time_before and lifecycle_rule.condition.noncurrent_time_before in google_storage_bucket resource (#7360)

v5.29.1

5.29.1 (May 14, 2024)

BREAKING CHANGES:

• compute: removed secondary_ip_range.reserved_internal_range field from google_compute_subnetwork (7363)

v5.29.0

BREAKING CHANGES:

• compute: added required reserved_internal_range subfield to reserved_internal_range in google_compute_subnetwork. This field can be set to null as an equivalent to leaving it unspecified.

NOTES:

• compute: added documentation for md5_authentication_key field in google_compute_router_peer resource. The field was introduced in v5.12.0, but documentation was unintentionally omitted at that time. (#7306)

FEATURES:

• New Resource: google_bigtable_authorized_view (#7310)
• New Resource: google_integration_connectors_managed_zone (#7320)
• New Resource: google_network_connectivity_regional_endpoint (#7313)

IMPROVEMENTS:

• clouddeploy: added custom_target field to google_clouddeploy_target resource (#7309)
• clouddeploy: added google_cloud_build_repo to custom_target_type resource (#7325)
• compute: added preconfigured_waf_config field to google_compute_region_security_policy_rule resource; (#7324)
• compute: added rate_limit_options field to 'google_compute_region_security_policy_rule' resource; (#7324)
• compute: added security_profile_group, tls_inspect to google_compute_firewall_policy_rule (#7309)
• compute: added security_profile_group, tls_inspect to google_compute_network_firewall_policy_rule (#7309)
• compute: added fields reserved_internal_range and secondary_ip_ranges.reserved_internal_range to google_compute_subnetwork resource (#7318)
• container: added dns_config.additive_vpc_scope_dns_domain field to google_container_cluster resource (#7321)
• container: added enable_nested_virtualization field to google_container_node_pool and google_container_cluster resource. (#7314)
• iam: added extra_attributes_oauth2_client field to google_iam_workforce_pool_provider resource (#7319)
• privateca: added maximum_lifetime field to google_privateca_certificate_template resource (#7309)

BUG FIXES:

• bigquery: added allow_resource_tags_on_deletion to google_bigquery_table to allow deletion of table when it still has associated resource tags (#7327)

v5.28.0

DEPRECATIONS:

• integrations: deprecated create_sample_workflows and provision_gmek fields in google_integrations_client. (#7285)

FEATURES:

• New Data Source: google_storage_buckets (#7291)
• New Resource: google_compute_security_policy_rule (#7282)
• New Resource: google_privileged_access_manager_entitlement (#7283)

IMPROVEMENTS:

• alloydb: added maintenance_update_policy field to google_alloydb_cluster resource (#7288)
• container: added node_config.secondary_boot_disks field to google_container_node_pool (#7292)
• integrations: added create_sample_integrations field to google_integrations_client, replacing deprecated field create_sample_workflows. (#7285)
• redis: added redis_configs field to google_redis_cluster resource (#7289)

BUG FIXES:

• dns: fixed bug where the deletion of google_dns_managed_zone resources was blocked by any associated SOA-type google_dns_record_set resources (#7305)
• storage: fixed an issue where google_storage_bucket_object and google_storage_bucket_objects data sources would ignore custom endpoints (#7287)

v5.27.0

FEATURES:

• New Data Source: google_storage_bucket_objects (#7270)
• New Resource: google_composer_user_workloads_secret (#7257)
• New Resource: google_compute_security_policy_rule (#7282)
• New Resource: google_data_loss_prevention_discovery_config (#7252)
• New Resource: google_integrations_auth_config (#7268)
• New Resource: google_network_connectivity_internal_range (#7265)

IMPROVEMENTS:

• alloydb: added network_config field to google_alloydb_instance resource (#7271)
• alloydb: added public_ip_address field to google_alloydb_instance resource (#7271)
• apigee: added forward_proxy_uri field to google_apigee_environment resource (#7260)
• bigquerydatapolicy: added data_masking_policy.routine field to google_bigquery_data_policy resource (#7250)
• compute: added server_tls_policy field to google_compute_region_target_https_proxy resource (#7280)
• filestore: added protocol field to google_filestore_instance resource to support NFSv3 and NFSv4.1 (#7254)
• firebasehosting: added config.rewrites.path field to google_firebase_hosting_version resource (#7258)
• logging: added intercept_children field to google_logging_organization_sink and google_logging_folder_sink resources (#7279)
• monitoring: added service_agent_authentication field to google_monitoring_uptime_check_config resource (#7276)
• privateca: added subject_key_id field to google_privateca_certificate and google_privateca_certificate_authority resources (#7273)
• secretmanager: added version_destroy_ttl field to google_secret_manager_secret resource (#7253)

BUG FIXES:

• appengine: added suppression for a diff in google_app_engine_standard_app_version.automatic_scaling when the block is unset in configuration (#7262)
• sql: fixed issues with updating the enable_google_ml_integration field in google_sql_database_instance resource (#7249)

v5.26.0

FEATURES:

• New Resource: google_project_iam_member_remove (#7242)

IMPROVEMENTS:

• apigee: added support for api_consumer_data_location, api_consumer_data_encryption_key_name, and control_plane_encryption_key_name in google_apigee_organization (#7245)
• artifactregistry: added remote_repository_config.<facade>_repository.custom_repository.uri field to google_artifact_registry_repository resource. (#7230)
• bigquery: added resource_tags field to google_bigquery_table resource (#7247)
• billing: added ownership_scope field to google_billing_budget resource (#7239)
• cloudfunctions2: added build_config.service_account field to google_cloudfunctions2_function resource (#7231)
• composer: fixed validation on google_composer_environment resource so it will identify a disallowed upgrade to Composer 3 before attempting to provide feedback that's specific to using Composer 3 (#7213)
• compute: added params.resource_manager_tags field to resource_compute_instance_group_manager and resource_compute_region_instance_group_manager that enables to create these resources with tags (beta) (#7226)
• resourcemanager: added the field api_method to datasource google_active_folder so you can use either SEARCH or LIST to find your folder (#7248)
• storage: added labels validation to google_storage_bucket resource (#7212)
• workstations: added output-only field control_plane_ip to google_workstations_workstation_cluster resource (beta) (#7240)

BUG FIXES:

• apigee: fixed permadiff in ordering of google_apigee_organization.properties.property. (#7234)
• cloudrun: fixed the bug that computed metadata.0.labels and metadata.0.annotations fields don't appear in terraform plan when creating resource google_cloud_run_service and google_cloud_run_domain_mapping (#7217)
• dns: fixed bug where some methods of authentication didn't work when using dns data sources (#7233)
• iam: fixed a bug that prevented setting create_ignore_already_exists on existing resources in google_service_account. (#7236)
• sql: fixed issues with updating the enable_google_ml_integration field in google_sql_database_instance resource (#7249)
• storage: added validation to name field in google_storage_bucket resource (#7237)
• vmwareengine: fixed stretched cluster creation in google_vmwareengine_private_cloud (#7246)

v5.25.0

FEATURES:

• New Data Source: google_tags_tag_keys (#7196)
• New Data Source: google_tags_tag_values (#7196)
• New Resource: google_parallelstore_instance (#7209)

IMPROVEMENTS:

• bigquery: added in-place schema column drop support for google_bigquery_table resource (#7193)
• compute: added endpoint_types field to google_compute_router_nat resource (#7190)
• compute: added enable_ipv4, ipv4_nexthop_address and peer_ipv4_nexthop_address fields to google_compute_router_peer resource (#7207)
• compute: added identifier_range field to google_compute_router resource (#7207)
• compute: added ip_version field to google_compute_router_interface resource (#7207)
• compute: increased timeouts from 8 minutes to 20 minutes for google_compute_security_policy resource (#7204)
• container: added stateful_ha_config field to google_container_cluster resource (#7206)
• firestore: added vector_config field to google_firestore_index resource (#7180)
• gkebackup: added backup_schedule.rpo_config field to google_gke_backup_backup_plan resource (#7211)
• networksecurity: added disabled field to google_network_security_firewall_endpoint_association resource (#7184)
• sql: added enable_google_ml_integration field to google_sql_database_instance resource (#7208)
• storage: added labels validation to google_storage_bucket resource (#7212)
• vmwareengine: added preferred_zone and secondary_zone fields to google_vmwareengine_private_cloud resource (#7210)

BUG FIXES:

• networksecurity: fixed an issue where google_network_security_firewall_endpoint_association resource could not be created due to a bad parameter (#7184)
• privateca: fixed permission issue by specifying signer certs chain when activating a sub-CA across regions for google_privateca_certificate_authority resource (#7197)