NOTES:
- compute: Google Compute Engine resources will now call the endpoint appropriate to the provider version rather than the beta endpoint by default (#3787)
- container: Google Kubernetes Engine resources will now call the endpoint appropriate to the provider version rather than the beta endpoint by default (#3788)
BREAKING CHANGES:
- appengine: marked
google_app_engine_standard_app_version
entrypoint
as required (#3784) - compute: removed the ability to specify the
trace-append
ortrace-ro
as scopes ingoogle_compute_instance
, usetrace
instead (#3759) - compute: changed
advanced_machine_features
ongoogle_compute_instance_template
to track changes when the block is undefined in a user's config (#3786) - compute: changed
source_ranges
ingoogle_compute_firewall_rule
to track changes when it is not set in a config file (#3791) - compute: changed the import / drift detection behaviours for
metadata_startup_script
,metadata.startup-script
ingoogle_compute_instance
. Now,metadata.startup-script
will be set by default, andmetadata_startup_script
will only be set if present. (#3765) - compute: removed
source_disk_link
field fromgoogle_compute_snapshot
(#3783) - container:
instance_group_urls
has been removed in favor ofnode_pool.instance_group_urls
(#3796) - container: changed default for
enable_shielded_nodes
to true forgoogle_container_cluster
(#3773) - container: made
master_auth.client_certificate_config
required (#3794) - container: removed
master_auth.username
andmaster_auth.password
fromgoogle_container_cluster
(#3794) - container: removed
workload_metadata_configuration.node_metadata
in favor ofworkload_metadata_configuration.mode
ingoogle_container_cluster
(#3772) - container: removed the
workload_identity_config.0.identity_namespace
field fromgoogle_container_cluster
, useworkload_identity_config.0.workload_pool
instead (#3776) - kms: removed
self_link
field fromgoogle_kms_crypto_key
andgoogle_kms_key_ring
(#3783) - project: removed ability to specify
bigquery-json.googleapis.com
, the provider will no longer convert it as the upstream API migration is finished. Usebigquery.googleapis.com
instead. (#3751) - provider: changed
credentials
,access_token
precedence so thatcredentials
values in configuration take precedence overaccess_token
values assigned through environment variables (#3766) - provider: removed redundant default scopes. The provider's default scopes when authenticating with credentials are now exclusively "https://www.googleapis.com/auth/cloud-platform" and "https://www.googleapis.com/auth/userinfo.email". (#3756)
- pubsub: removed
path
fromgoogle_pubsub_subscription
(#3777) - pubsub: removed
path
field fromgoogle_pubsub_subscription
(#3783) - resourcemanager: made
google_project
removeorg_id
andfolder_id
from state when they are removed from config (#3754) - resourcemanager: changed the
project
field toRequired
in allgoogle_project_iam_*
resources (#3767) - sql: added drift detection to the following
google_sql_database_instance
fields:activation_policy
(defaultsALWAYS
),availability_type
(defaultsZONAL
),disk_type
(defaultsPD_SSD
),encryption_key_name
(#3778) - sql: changed the
database_version
field toRequired
ingoogle_sql_database_instance
resource (#3770) - sql: removed the following
google_sql_database_instance
fields:authorized_gae_applications
,crash_safe_replication
,replication_type
(#3778) - storage: removed
bucket_policy_only
fromgoogle_storage_bucket
(#3769) - storage: changed the
location
field to required ingoogle_storage_bucket
(#3771)
VALIDATION CHANGES:
- bigquery: at least one of
statement_timeout_ms
,statement_byte_budget
, orkey_result_statement
is required ongoogle_bigquery_job.query.script_options.
(#3752) - bigquery: exactly one of
query
,load
,copy
orextract
is required ongoogle_bigquery_job
(#3752) - bigquery: exactly one of
source_table
orsource_model
is required ongoogle_bigquery_job.extract
(#3752) - cloudbuild: exactly one of
branch_name
,commit_sha
ortag_name
is required ongoogle_cloudbuild_trigger.build.source.repo_source
(#3752) - compute: at least one of
fixed_delay
orpercentage
is required ongoogle_compute_url_map.default_route_action.fault_injection_policy.delay
(#3752) - compute: at least one of
fixed
orpercent
is required ongoogle_compute_autoscaler.autoscaling_policy.scale_down_control.max_scaled_down_replicas
(#3752) - compute: at least one of
fixed
orpercent
is required ongoogle_compute_autoscaler.autoscaling_policy.scale_in_control.max_scaled_in_replicas
(#3752) - compute: at least one of
fixed
orpercent
is required ongoogle_compute_region_autoscaler.autoscaling_policy.scale_down_control.max_scaled_down_replicas
(#3752) - compute: at least one of
fixed
orpercent
is required ongoogle_compute_region_autoscaler.autoscaling_policy.scale_in_control.max_scaled_in_replicas
(#3752) - compute: at least one of
max_scaled_down_replicas
ortime_window_sec
is required ongoogle_compute_autoscaler.autoscaling_policy.scale_down_control
(#3752) - compute: at least one of
max_scaled_down_replicas
ortime_window_sec
is required ongoogle_compute_region_autoscaler.autoscaling_policy.scale_down_control
(#3752) - compute: at least one of
max_scaled_in_replicas
ortime_window_sec
is required ongoogle_compute_autoscaler.autoscaling_policy.scale_in_control.0.
(#3752) - compute: at least one of
max_scaled_in_replicas
ortime_window_sec
is required ongoogle_compute_region_autoscaler.autoscaling_policy.scale_in_control.0.
(#3752) - compute: required one of
source_tags
,source_ranges
orsource_service_accounts
on INGRESSgoogle_compute_firewall
resources (#3750) - dlp: at least one of
start_time
orend_time
is required ongoogle_data_loss_prevention_trigger.inspect_job.storage_config.timespan_config
(#3752) - dlp: exactly one of
url
orregex_file_set
is required ongoogle_data_loss_prevention_trigger.inspect_job.storage_config.cloud_storage_options.file_set
(#3752) - resourcemanager: added conflict between
org_id
,folder_id
at plan time ingoogle_project
(#3754) - osconfig: at least one of
linux_exec_step_config
orwindows_exec_step_config
is required ongoogle_os_config_patch_deployment.patch_config.post_step
(#3752) - osconfig: at least one of
linux_exec_step_config
orwindows_exec_step_config
is required ongoogle_os_config_patch_deployment.patch_config.pre_step
(#3752) - osconfig: at least one of
reboot_config
,apt
,yum
,goo
zypper
,windows_update
,pre_step
orpre_step
is required ongoogle_os_config_patch_deployment.patch_config
(#3752) - osconfig: at least one of
security
,minimal
,excludes
orexclusive_packages
is required ongoogle_os_config_patch_deployment.patch_config.yum
(#3752) - osconfig: at least one of
type
,excludes
orexclusive_packages
is required ongoogle_os_config_patch_deployment.patch_config.apt
(#3752) - osconfig: at least one of
with_optional
,with_update
,categories
,severities
,excludes
orexclusive_patches
is required ongoogle_os_config_patch_deployment.patch_config.zypper
(#3752) - osconfig: exactly one of
classifications
,excludes
orexclusive_patches
is required ongoogle_os_config_patch_deployment.inspect_job.patch_config.windows_update
(#3752) - spanner: at least one of
num_nodes
orprocessing_units
is required ongoogle_spanner_instance
(#3752)
IMPROVEMENTS:
- container: added
managed_instance_group_urls
togoogle_container_node_pool
to replaceinstance_group_urls
ongoogle_container_cluster
(#3815) - kms: added support for EKM to
google_kms_crypto_key.protection_level
(#3763) - project: added support for
billing_project
ongoogle_project_service
(#3768) - spanner: increased the default timeout on
google_spanner_instance
operations from 4 minutes to 20 minutes, significantly reducing the likelihood that resources will time out (#3789)
BUG FIXES:
- bigquery: fixed a bug of cannot add required fields to an existing schema on
google_bigquery_table
(#3781) - compute: fixed a bug in updating multiple
ttl
fields ongoogle_compute_backend_bucket
(#3757) - compute: fixed a perma-diff on
subnetwork
when it is optional ongoogle_compute_network_endpoint_group
(#3780) - compute: fixed perma-diff bug on
log_config.enable
of bothgoogle_compute_backend_service
andgoogle_compute_region_backend_service
(#3760) - compute: fixed the
google_compute_instance_group_manager.update_policy.0.min_ready_sec
field so that updating it to0
works (#3810) - compute: fixed the
google_compute_region_instance_group_manager.update_policy.0.min_ready_sec
field so that updating it to0
works (#3810) - spanner: fixed the schema for
data.google_spanner_instance
so that non-configurable fields are considered outputs (#3804)