NOTES:
- compute: Google Compute Engine resources will now call the endpoint appropriate to the provider version rather than the beta endpoint by default (#10429)
- container: Google Kubernetes Engine resources will now call the endpoint appropriate to the provider version rather than the beta endpoint by default (#10430)
BREAKING CHANGES:
- appengine: marked
google_app_engine_standard_app_version
entrypoint
as required (#10425) - compute: removed the ability to specify the
trace-append
ortrace-ro
as scopes ingoogle_compute_instance
, usetrace
instead (#10377) - compute: changed
advanced_machine_features
ongoogle_compute_instance_template
to track changes when the block is undefined in a user's config (#10427) - compute: changed
source_ranges
ingoogle_compute_firewall_rule
to track changes when it is not set in a config file (#10439) - compute: changed the import / drift detection behaviours for
metadata_startup_script
,metadata.startup-script
ingoogle_compute_instance
. Now,metadata.startup-script
will be set by default, andmetadata_startup_script
will only be set if present. (#10392) - compute: removed
source_disk_link
field fromgoogle_compute_snapshot
(#10424) - compute: removed the
enable_display
field fromgoogle_compute_instance_template
(#10410) - compute: removed the
update_policy.min_ready_sec
field fromgoogle_compute_instance_group_manager
,google_compute_region_instance_group_manager
(#10410) - container:
instance_group_urls
has been removed in favor ofnode_pool.managed_instance_group_urls
(#10442) - container: changed default for
enable_shielded_nodes
to true forgoogle_container_cluster
(#10403) - container: changed
master_auth.client_certificate_config
to required (#10441) - container: removed
master_auth.username
andmaster_auth.password
fromgoogle_container_cluster
(#10441) - container: removed
workload_metadata_configuration.node_metadata
in favor ofworkload_metadata_configuration.mode
ingoogle_container_cluster
(#10400) - container: removed the
pod_security_policy_config
field fromgoogle_container_cluster
(#10410) - container: removed the
workload_identity_config.0.identity_namespace
field fromgoogle_container_cluster
, useworkload_identity_config.0.workload_pool
instead (#10410) - project: removed ability to specify
bigquery-json.googleapis.com
, the provider will no longer convert it as the upstream API migration is finished. Usebigquery.googleapis.com
instead. (#10370) - provider: changed
credentials
,access_token
precedence so thatcredentials
values in configuration take precedence overaccess_token
values assigned through environment variables (#10393) - provider: removed redundant default scopes. The provider's default scopes when authenticating with credentials are now exclusively "https://www.googleapis.com/auth/cloud-platform" and "https://www.googleapis.com/auth/userinfo.email". (#10374)
- pubsub: removed
path
field fromgoogle_pubsub_subscription
(#10424) - resourcemanager: made
google_project
removeorg_id
andfolder_id
from state when they are removed from config (#10373) - resourcemanager: added conflict between
org_id
,folder_id
at plan time ingoogle_project
(#10373) - resourcemanager: changed the
project
field toRequired
in allgoogle_project_iam_*
resources (#10394) - runtimeconfig: removed the Runtime Configurator service from the
google
(GA) provider includinggoogle_runtimeconfig_config
,google_runtimeconfig_variable
,google_runtimeconfig_config_iam_policy
,google_runtimeconfig_config_iam_binding
,google_runtimeconfig_config_iam_member
,data.google_runtimeconfig_config
. They are only available in thegoogle-beta
provider, as the underlying service is in beta. (#10410) - sql: added drift detection to the following
google_sql_database_instance
fields:activation_policy
(defaultsALWAYS
),availability_type
(defaultsZONAL
),disk_type
(defaultsPD_SSD
),encryption_key_name
(#10412) - sql: changed the
database_version
field toRequired
ingoogle_sql_database_instance
resource (#10398) - sql: removed the following
google_sql_database_instance
fields:authorized_gae_applications
,crash_safe_replication
,replication_type
(#10412) - storage: removed
bucket_policy_only
fromgoogle_storage_bucket
(#10397) - storage: changed the
location
field to required ingoogle_storage_bucket
(#10399)
VALIDATION CHANGES:
- bigquery: at least one of
statement_timeout_ms
,statement_byte_budget
, orkey_result_statement
is required ongoogle_bigquery_job.query.script_options.
(#10371) - bigquery: exactly one of
query
,load
,copy
orextract
is required ongoogle_bigquery_job
(#10371) - bigquery: exactly one of
source_table
orsource_model
is required ongoogle_bigquery_job.extract
(#10371) - cloudbuild: exactly one of
branch_name
,commit_sha
ortag_name
is required ongoogle_cloudbuild_trigger.build.source.repo_source
(#10371) - compute: at least one of
fixed_delay
orpercentage
is required ongoogle_compute_url_map.default_route_action.fault_injection_policy.delay
(#10371) - compute: at least one of
fixed
orpercent
is required ongoogle_compute_autoscaler.autoscaling_policy.scale_down_control.max_scaled_down_replicas
(#10371) - compute: at least one of
fixed
orpercent
is required ongoogle_compute_autoscaler.autoscaling_policy.scale_in_control.max_scaled_in_replicas
(#10371) - compute: at least one of
fixed
orpercent
is required ongoogle_compute_region_autoscaler.autoscaling_policy.scale_down_control.max_scaled_down_replicas
(#10371) - compute: at least one of
fixed
orpercent
is required ongoogle_compute_region_autoscaler.autoscaling_policy.scale_in_control.max_scaled_in_replicas
(#10371) - compute: at least one of
max_scaled_down_replicas
ortime_window_sec
is required ongoogle_compute_autoscaler.autoscaling_policy.scale_down_control
(#10371) - compute: at least one of
max_scaled_down_replicas
ortime_window_sec
is required ongoogle_compute_region_autoscaler.autoscaling_policy.scale_down_control
(#10371) - compute: at least one of
max_scaled_in_replicas
ortime_window_sec
is required ongoogle_compute_autoscaler.autoscaling_policy.scale_in_control.0.
(#10371) - compute: at least one of
max_scaled_in_replicas
ortime_window_sec
is required ongoogle_compute_region_autoscaler.autoscaling_policy.scale_in_control.0.
(#10371) - compute: required one of
source_tags
,source_ranges
orsource_service_accounts
on INGRESSgoogle_compute_firewall
resources (#10369) - dlp: at least one of
start_time
orend_time
is required ongoogle_data_loss_prevention_trigger.inspect_job.storage_config.timespan_config
(#10371) - dlp: exactly one of
url
orregex_file_set
is required ongoogle_data_loss_prevention_trigger.inspect_job.storage_config.cloud_storage_options.file_set
(#10371) - kms: removed
self_link
field fromgoogle_kms_crypto_key
andgoogle_kms_key_ring
(#10424) - osconfig: at least one of
linux_exec_step_config
orwindows_exec_step_config
is required ongoogle_os_config_patch_deployment.patch_config.post_step
(#10371) - osconfig: at least one of
linux_exec_step_config
orwindows_exec_step_config
is required ongoogle_os_config_patch_deployment.patch_config.pre_step
(#10371) - osconfig: at least one of
reboot_config
,apt
,yum
,goo
zypper
,windows_update
,pre_step
orpre_step
is required ongoogle_os_config_patch_deployment.patch_config
(#10371) - osconfig: at least one of
security
,minimal
,excludes
orexclusive_packages
is required ongoogle_os_config_patch_deployment.patch_config.yum
(#10371) - osconfig: at least one of
type
,excludes
orexclusive_packages
is required ongoogle_os_config_patch_deployment.patch_config.apt
(#10371) - osconfig: at least one of
with_optional
,with_update
,categories
,severities
,excludes
orexclusive_patches
is required ongoogle_os_config_patch_deployment.patch_config.zypper
(#10371) - osconfig: exactly one of
classifications
,excludes
orexclusive_patches
is required ongoogle_os_config_patch_deployment.inspect_job.patch_config.windows_update
(#10371) - spanner: at least one of
num_nodes
orprocessing_units
is required ongoogle_spanner_instance
(#10371)
IMPROVEMENTS:
- compute: added
encrypted_interconnect_router
togoogle_compute_router
(#10454) - container: added
managed_instance_group_urls
togoogle_container_node_pool
to replaceinstance_group_urls
ongoogle_container_cluster
(#10467) - kms: added support for EKM to
google_kms_crypto_key.protection_level
(#10391) - project: added support for
billing_project
ongoogle_project_service
(#10395) - spanner: increased the default timeout on
google_spanner_instance
operations from 4 minutes to 20 minutes, significantly reducing the likelihood that resources will time out (#10437)
BUG FIXES:
- bigquery: fixed a bug of cannot add required fields to an existing schema on
google_bigquery_table
(#10421) - compute: fixed a bug in updating multiple
ttl
fields ongoogle_compute_backend_bucket
(#10375) - compute: fixed a permadiff on
subnetwork
when it is optional ongoogle_compute_network_endpoint_group
(#10420) - compute: fixed perma-diff bug on
log_config.enable
of bothgoogle_compute_backend_service
andgoogle_compute_region_backend_service
(#10378) - compute: fixed the
google_compute_instance_group_manager.update_policy.0.min_ready_sec
field so that updating it to0
works (#10457) - compute: fixed the
google_compute_region_instance_group_manager.update_policy.0.min_ready_sec
field so that updating it to0
works (#10457) - spanner: fixed the schema for
data.google_spanner_instance
so that non-configurable fields are considered outputs (#10450)