v4.1.0

IMPROVEMENTS:

• cloudrun: Added support for secrets to GA provider. (#10519)
• compute: Added bfd to google_compute_router_peer (#10487)
• container: added gcfs_config to node_config of google_container_node_pool resource (#10499)
• container: promoted confidential_nodes field in google_container_cluster to GA (#10531)
• provider: added retries for the resourceNotReady error returned when attempting to add resources to a recently-modified subnetwork (#10498)
• pubsub: added message_retention_duration field to google_pubsub_topic (#10501)

BUG FIXES:

• apigee: fixed a bug where multiple google_apigee_instance_attachment could not be used on the same google_apigee_instance (#10520)
• bigquery: fixed a bug following import where schema is empty on google_bigquery_table (#10521)
• billingbudget: fixed unable to provide labels on google_billing_budget (#10490)
• compute: allowed source_disk to accept full image path on google_compute_snapshot (#10516)
• compute: fixed a bug in google_compute_firewall that would cause changes in source_ranges to not correctly be applied (#10515)
• logging: fixed a bug with updating description on google_logging_project_sink, google_logging_folder_sink and google_logging_organization_sink (#10493)

v4.0.0

NOTES:

• compute: Google Compute Engine resources will now call the endpoint appropriate to the provider version rather than the beta endpoint by default (#10429)
• container: Google Kubernetes Engine resources will now call the endpoint appropriate to the provider version rather than the beta endpoint by default (#10430)

BREAKING CHANGES:

• appengine: marked google_app_engine_standard_app_version entrypoint as required (#10425)
• compute: removed the ability to specify the trace-append or trace-ro as scopes in google_compute_instance, use trace instead (#10377)
• compute: changed advanced_machine_features on google_compute_instance_template to track changes when the block is undefined in a user's config (#10427)
• compute: changed source_ranges in google_compute_firewall_rule to track changes when it is not set in a config file (#10439)
• compute: changed the import / drift detection behaviours for metadata_startup_script, metadata.startup-script in google_compute_instance. Now, metadata.startup-script will be set by default, and metadata_startup_script will only be set if present. (#10392)
• compute: removed source_disk_link field from google_compute_snapshot (#10424)
• compute: removed the enable_display field from google_compute_instance_template (#10410)
• compute: removed the update_policy.min_ready_sec field from google_compute_instance_group_manager, google_compute_region_instance_group_manager (#10410)
• container: instance_group_urls has been removed in favor of node_pool.managed_instance_group_urls (#10442)
• container: changed default for enable_shielded_nodes to true for google_container_cluster (#10403)
• container: changed master_auth.client_certificate_config to required (#10441)
• container: removed master_auth.username and master_auth.password from google_container_cluster (#10441)
• container: removed workload_metadata_configuration.node_metadata in favor of workload_metadata_configuration.mode in google_container_cluster (#10400)
• container: removed the pod_security_policy_config field from google_container_cluster (#10410)
• container: removed the workload_identity_config.0.identity_namespace field from google_container_cluster, use workload_identity_config.0.workload_pool instead (#10410)
• project: removed ability to specify bigquery-json.googleapis.com, the provider will no longer convert it as the upstream API migration is finished. Use bigquery.googleapis.com instead. (#10370)
• provider: changed credentials, access_token precedence so that credentials values in configuration take precedence over access_token values assigned through environment variables (#10393)
• provider: removed redundant default scopes. The provider's default scopes when authenticating with credentials are now exclusively "https://www.googleapis.com/auth/cloud-platform" and "https://www.googleapis.com/auth/userinfo.email". (#10374)
• pubsub: removed path field from google_pubsub_subscription (#10424)
• resourcemanager: made google_project remove org_id and folder_id from state when they are removed from config (#10373)
• resourcemanager: added conflict between org_id, folder_id at plan time in google_project (#10373)
• resourcemanager: changed the project field to Required in all google_project_iam_* resources (#10394)
• runtimeconfig: removed the Runtime Configurator service from the google (GA) provider including google_runtimeconfig_config, google_runtimeconfig_variable, google_runtimeconfig_config_iam_policy, google_runtimeconfig_config_iam_binding, google_runtimeconfig_config_iam_member, data.google_runtimeconfig_config. They are only available in the google-beta provider, as the underlying service is in beta. (#10410)
• sql: added drift detection to the following google_sql_database_instance fields: activation_policy (defaults ALWAYS), availability_type (defaults ZONAL), disk_type (defaults PD_SSD), encryption_key_name (#10412)
• sql: changed the database_version field to Required in google_sql_database_instance resource (#10398)
• sql: removed the following google_sql_database_instance fields: authorized_gae_applications, crash_safe_replication, replication_type (#10412)
• storage: removed bucket_policy_only from google_storage_bucket (#10397)
• storage: changed the location field to required in google_storage_bucket (#10399)

VALIDATION CHANGES:

• bigquery: at least one of statement_timeout_ms, statement_byte_budget, or key_result_statement is required on google_bigquery_job.query.script_options. (#10371)
• bigquery: exactly one of query, load, copy or extract is required on google_bigquery_job (#10371)
• bigquery: exactly one of source_table or source_model is required on google_bigquery_job.extract (#10371)
• cloudbuild: exactly one of branch_name, commit_sha or tag_name is required on google_cloudbuild_trigger.build.source.repo_source (#10371)
• compute: at least one of fixed_delay or percentage is required on google_compute_url_map.default_route_action.fault_injection_policy.delay (#10371)
• compute: at least one of fixed or percent is required on google_compute_autoscaler.autoscaling_policy.scale_down_control.max_scaled_down_replicas (#10371)
• compute: at least one of fixed or percent is required on google_compute_autoscaler.autoscaling_policy.scale_in_control.max_scaled_in_replicas (#10371)
• compute: at least one of fixed or percent is required on google_compute_region_autoscaler.autoscaling_policy.scale_down_control.max_scaled_down_replicas (#10371)
• compute: at least one of fixed or percent is required on google_compute_region_autoscaler.autoscaling_policy.scale_in_control.max_scaled_in_replicas (#10371)
• compute: at least one of max_scaled_down_replicas or time_window_sec is required on google_compute_autoscaler.autoscaling_policy.scale_down_control (#10371)
• compute: at least one of max_scaled_down_replicas or time_window_sec is required on google_compute_region_autoscaler.autoscaling_policy.scale_down_control (#10371)
• compute: at least one of max_scaled_in_replicas or time_window_sec is required on google_compute_autoscaler.autoscaling_policy.scale_in_control.0. (#10371)
• compute: at least one of max_scaled_in_replicas or time_window_sec is required on google_compute_region_autoscaler.autoscaling_policy.scale_in_control.0. (#10371)
• compute: required one of source_tags, source_ranges or source_service_accounts on INGRESS google_compute_firewall resources (#10369)
• dlp: at least one of start_time or end_time is required on google_data_loss_prevention_trigger.inspect_job.storage_config.timespan_config (#10371)
• dlp: exactly one...

v3.90.1

DEPRECATIONS:

• container: fixed an overly-broad deprecation on master_auth, constraining it to master_auth.username and master_auth.password

v3.90.0

DEPRECATIONS:

• container: deprecated workload_identity_config.0.identity_namespace and it will be removed in a future major release as it has been deprecated in the API. Use workload_identity_config.0.workload_pool instead. Switching your configuration from one value to the other will trigger a diff at plan time, and a spurious update. (#10327)
• container: deprecated the following google_container_cluster fields: instance_group_urls and master_auth (#10356)

IMPROVEMENTS:

• container: added node_config.0.guest_accelerator.0.gpu_partition_size field to google_container_node_pool (#10339)
• container: added workload_identity_config.0.workload_pool to google_container_cluster (#10327)
• container_cluster: Updated monitoring_config to accept WORKLOAD (#10321)
• provider: Added links to nested types documentation for manually generated pages (#10333)

BUG FIXES:

• cloudrun: fixed a permadiff on the field template.spec.containers.ports.name of the google_cloud_run_service resource (#10340)
• composer: removed config.node_config.zone requirement on google_composer_environment (#10353)
• compute: fixed permadiff for failover_policy on google_compute_region_backend_service (#10316)
• compute: fixed to make description updatable without recreation on google_compute_instance_group_manager (#10329)
• container: fixed a permadiff on google_container_node_pool.workload_metadata_config.mode (#10313)
• iam: fixed request batching bug where failed requests would show unnecessary backslash escaping to the user. (#10303)
• securitycenter: fixed bug where google_scc_notification_config.streaming_config.filter was not updating. (#10315)

v3.89.0

DEPRECATIONS:

• compute: deprecated the enable_display field in google_compute_instance_template in the google (GA) provider. It will only be available in the google-beta provider in a future release, as the underlying feature is in beta. (#10281)

BUG FIXES:

• compute: fixed bug where google_compute_router_peer could not set an advertised route priority of 0, causing permadiff. (#10292)
• container: fixed a crash on monitoring_config of google_container_cluster (#10290)
• iam: fixed request batching bug where failed requests would show unnecessary backslash escaping to the user. (#10303)
• storage: fixed a bug to better handle eventual consistency among google_storage_bucket resources. (#10287)

v3.88.0

NOTES:

• reorganized documentation to group all Compute Engine and Monitoring (Stackdriver) resources together. (#10205)

DEPRECATIONS:

• container: deprecated workload_metadata_configuration.node_metadata in favor of workload_metadata_configuration.mode in google_container_cluster (#10238)
• dataproc: deprecated the google_dataproc_workflow_template.version field, as it wasn't actually useful. The field is used during updates, but updates aren't currently possible with the resource. (#10183)
• runtimeconfig: deprecated the Runtime Configurator service in the google (GA) provider including google_runtimeconfig_config, google_runtimeconfig_variable, google_runtimeconfig_config_iam_policy, google_runtimeconfig_config_iam_binding, google_runtimeconfig_config_iam_member, data.google_runtimeconfig_config. They will only be available in the google-beta provider in a future release, as the underlying service is in beta. (#10232)
  BREAKING CHANGES:
• gke_hub: made the config_membership field in google_gke_hub_feature required, disallowing invalid configurations (#10199)
• gke_hub: made the configmanagement, feature, location, membership fields in google_gke_hub_feature_membership required, disallowing invalid configurations (#10199)

FEATURES:

• New Data Source: google_service_networking_peered_dns_domain (#10229)
• New Data Source: google_sourcerepo_repository (#10203)
• New Data Source: google_storage_bucket (#10190)
• New Resource: google_pubsub_lite_reservation (#10263)
• New Resource: google_service_networking_peered_dns_domain (#10229)

IMPROVEMENTS:

• composer: added support for composer v2 fields workloads_config and cloud_composer_network_ipv4_cidr_block to composer_environment (10269)
• compute: added external IPv6 support on google_compute_subnetwork and google_compute_instance.network_interfaces (#10189)
• container: added support for workload_metadata_configuration.mode in google_container_cluster (#10238)
• eventarc: added support for uid output field, cloud_function destination to google_eventarc_trigger (#10199)
• gke_hub: added support for gcp_service_account_email when configuring Git sync in google_gke_hub_feature_membership (#10199)
• gke_hub: added support for resource_state, state outputs to google_gke_hub_feature (#10199)
• pubsub: Added support for references to google_pubsub_lite_reservation to google_pubsub_lite_topic. (#10263)

BUG FIXES:

• monitoring: fixed typo in google_monitoring_uptime_check_config where NOT_MATCHES_REGEX could not be specified. (#10249)

v3.87.0

3.87.0 (October 04, 2021)

DEPRECATIONS:

• dataproc: deprecated the google_dataproc_workflow_template.version field, as it wasn't actually useful. The field is used during updates, but updates aren't currently possible with the resource. (#10183)

FEATURES:

• New Resource: google_org_policy_policy (#10111)

IMPROVEMENTS:

• cloudbuild: added field service_account to google_cloudbuild_trigger (#10159)
• composer: added field scheduler_count to google_composer_environment (#10158)
• compute: Disabled recreation of GCE instances when updating resource_policies property (#10173)
• container: added support for logging_config and monitoring_config to google_container_cluster (#10125)
• kms: added support for import_only to google_kms_crypto_key (#10157)
• networkservices: boosted the default timeout for google_network_services_edge_cache_origin from 30m to 60m (#10182)

BUG FIXES:

• container: fixed an issue where a node pool created with error (eg. GKE_STOCKOUT) would not be captured in state (#10137)
• filestore: Allowed updating reserved_ip_range on google_filestore_instance via recreation of the instance (#10146)
• serviceusage: enabled the service api to retry on failed operation calls in anticipation of transient errors that occur when first enabling the service. (#10171)

v3.86.0

IMPROVEMENTS:

• healthcare: promoted google_healthcare_hl7_v2_store.parseConfig.version to GA (#10099)

BUG FIXES:

• dns: fixed an issue in google_dns_record_set where rrdatas could not be updated (#10089)
• dns: fixed an issue in google_dns_record_set where creating the resource would result in an 409 error (#10089)
• platform: fixed a bug in wrongly writing to state when creation failed on google_organization_policy (#10082)

v3.85.0

IMPROVEMENTS:

• bigtable: enabled support for user_project_override in google_bigtable_instance and google_bigtable_table (#10060)
• compute: added iap fields to google_compute_region_backend_service (#10038)
• compute: allowed passing an IP address to the nextHopIlb field of google_compute_route resource (#10048)
• iam: added disabled field to google_service_account resource (#10033)
• provider: added links to nested types documentation within a resource (#10063)
• storage: added field path to google_storage_transfer_job (#10047)

BUG FIXES:

• appengine: fixed bug where deployment.container.image would update to an old version even if in ignore_changes (#10058)
• bigquery: fixed a bug where destination_encryption_config.kms_key_name stored the version rather than the key name. (#10068)
• redis: extended the default timeouts on google_redis_instance (#10037)
• serviceusage: fixed an issue in google_project_service where users could not reenable services that were disabled outside of Terraform. (#10045)

v3.84.0

FEATURES:

• New Data Source: google_secret_manager_secret (#9983)

IMPROVEMENTS:

• compute: added update support to google_compute_service_attachment (#9982)

BUG FIXES:

• container: fixed a bug in failing to remove maintenance_exclusion on google_container_cluster (#10025)
• compute: fixed an issue in google_compute_router_nat where removing log_config resulted in a perma-diff (#9950)
• compute: fixed advanced_machine_features error messages in google_compute_instance (#10023)
• eventarc: fixed bug where resources deleted outside of Terraform would cause errors (#9997)
• functions: fixed an error message on google_cloudfunctions_function (#10011)
• logging: fixed the data type for bucket_options.linear_buckets.width on google_logging_metric (#9985)
• osconfig: fixed import on google_os_config_guest_policies (#10019)
• storage: fixed an undetected change on days_since_noncurrent_time of google_storage_bucket (#10024)