DEPRECATIONS:

• resourcemanager: deprecated skip_delete field in the google_project resource. Instead use the new field deletion_policy in the next major release (#18867)

IMPROVEMENTS:

• bigquery: added support for value DELTA_LAKE to source_format in google_bigquery_table resource (#18915)
• compute: added access_mode field to google_compute_disk resource (#18857)
• compute: added stack_type, and gateway_ip_version fields to google_compute_router resource (#18839)
• container: added field ray_operator_config for resource_container_cluster (#18825)
• container: promoted additional_node_network_configs and additional_pod_network_configs fields to GA in the google_container_node_pool resource (#18842)
• container: promoted enable_multi_networking to GA in the google_container_cluster resource (#18842)
• monitoring: updated goal field to accept a max threshold of up to 0.9999 in google_monitoring_slo resource to 0.9999 (#18845)
• networkconnectivity: added export_psc field to google_network_connectivity_hub resource (#18866)
• sql: added enable_dataplex_integration field to google_sql_database_instance resource (#18852)

BUG FIXES:

• bigquery: fixed a permadiff when handling "assets" in params in the google_bigquery_data_transfer_config resource (#18898)
• bigquery: fixed an issue preventing certain keys in params from being assigned values in google_bigquery_data_transfer_config (#18888)
• compute: fixed perma-diff of advertised_ip_ranges field in google_compute_router resource (#18869)
• container: fixed perma-diff on node_config.guest_accelerator.gpu_driver_installation_config field in GKE 1.30+ in google_container_node_pool resource (#18835)
• sql: fixed a perma-diff in settings.insights_config in google_sql_database_instance (#18962)

BUG FIXES:

• datastream: fixed a breaking change in 5.39.0 google_datastream_stream that made one of destination_config.bigquery_destination_config.merge or destination_config.bigquery_destination_config.append_only required (#18903)

NOTES:

• networkconnectivity: migrated google_network_connectivity_hub from DCL to MMv1 (#18724)
• networkconnectivity: migrated google_network_connectivity_spoke from DCL to MMv1 (#18779)

DEPRECATIONS:

• bigquery: deprecated allow_resource_tags_on_deletion in google_bigquery_table. (#18811)
• bigqueryreservation: deprecated multi_region_auxiliary on google_bigquery_reservation. (#18803)
• datastore: deprecated the resource google_datastore_index. Use the google_firestore_index resource instead. (#18781)

FEATURES:

• New Resource: google_apigee_environment_keyvaluemaps_entries (#18707)
• New Resource: google_apigee_environment_keyvaluemaps (#18707)
• New Resource: google_compute_resize_request (#18725)
• New Resource: google_compute_router_route_policy (#18759)
• New Resource: google_scc_v2_organization_mute_config (#18752)

IMPROVEMENTS:

• alloydb: added observability_config field to google_alloydb_instance resource (#18743)
• bigquery: added resource_tags field to google_bigquery_dataset resource (ga) (#18711)
• bigquery: added resource_tags field to google_bigquery_table resource (#18741)
• bigtable: added data_boost_isolation_read_only and data_boost_isolation_read_only.compute_billing_owner fields to google_bigtable_app_profile resource (#18819)
• cloudfunctions: added build_service_account field to google_cloudfunctions_function resource (#18702)
• compute: added aws_v4_authentication fields to google_compute_backend_service resource (#18796)
• compute: added custom_learned_ip_ranges and custom_learned_route_priority fields to google_compute_router_peer resource (#18727)
• compute: added export_policies and import_policies fields to google_compute_router_peer resource (#18759)
• compute: added shared_secret field to google_compute_public_advertised_prefix resource (#18786)
• compute: added storage_pool under boot_disk.initialize_params to google_compute_instance resource (#18817)
• compute: changed target_service field on the google_compute_service_attachment resource to accept a ForwardingRule or Gateway URL. (#18742)
• container: added field ray_operator_config for google_container_cluster (#18825)
• datastream: added merge and append_only fields to google_datastream_stream resource (#18726)
• datastream: promoted source_config.sql_server_source_config and backfill_all.sql_server_excluded_objects fields in google_datastream_stream resource from beta to GA (#18732)
• datastream: promoted sql_server_profile field in google_datastream_connection_profile resource from beta to GA (#18732)
• dlp: added cloud_storage_target field to google_data_loss_prevention_discovery_config resource (#18740)
• resourcemanager: added check_if_service_has_usage_on_destroy field to google_project_service resource (#18753)
• resourcemanager: added the member property to google_project_service_identity (#18695)
• vmwareengine: added deletion_delay_hours field to google_vmwareengine_private_cloud resource (#18698)
• vmwareengine: supported type change from TIME_LIMITED to STANDARD for multi-node google_vmwareengine_private_cloud resource (#18698)
• workbench: added access_configs to google_workbench_instance resource (#18737)

BUG FIXES:

• compute: fixed perma-diff for interconnect_type being DEDICATED in google_compute_interconnect resource (#18761)
• dialogflowcx: fixed intermittent issues with retrieving resource state soon after creating google_dialogflow_cx_security_settings resources (#18792)
• firestore: fixed missing import of field for google_firestore_field. (#18771)
• firestore: fixed bug where fields database, collection, document_id, and field could not be updated on google_firestore_document and google_firestore_field resources. (#18821)
• netapp: made the smb_settings field on the google_netapp_volume resource default to the value returned from the API. This solves permadiffs when the field is unset. (#18790)
• networksecurity: added recreate functionality on update for client_validation_mode and client_validation_trust_config in google_network_security_server_tls_policy (#18769)

FEATURES:

• New Data Source: google_gke_hub_membership_binding (#18680)
• New Data Source: google_site_verification_token (#18688)
• New Resource: google_scc_project_notification_config (#18682)

IMPROVEMENTS:

• compute: promoted labels field on google_compute_global_address resource from beta to GA (#18646)
• compute: made the google_compute_resource_policy resource updatable in-place (#18673)
• privilegedaccessmanager: promoted google_privileged_access_manager_entitlement resource from beta to GA (#18686)
• vertexai: added project_number field to google_vertex_ai_feature_online_store_featureview resource (#18637)

BUG FIXES:

• cloudfunctions2: fixed permadiffs on service_config.environment_variables field in google_cloudfunctions2_function resource (#18651)

FEATURES:

• New Data Source: google_kms_crypto_keys (#18605)
• New Data Source: google_kms_key_rings (#18611)
• New Resource: google_scc_v2_organization_notification_config (#18594)
• New Resource: google_secure_source_manager_repository (#18576)
• New Resource: google_storage_managed_folder_iam (#18555)
• New Resource: google_storage_managed_folder (#18555)

IMPROVEMENTS:

• certificatemanager: added allowlisted_certificates field to google_certificate_manager_trust_config resource (#18587)
• compute: added max_run_duration and on_instance_stop_action fields to google_compute_instance, google_compute_instance_template, and google_compute_instance_from_machine_image resources (#18623)
• dataplex: added sql_assertion field to google_dataplex_datascan resource (#18559)
• gkehub: added fleet_default_member_config.configmanagement.config_sync.enabled field to google_gke_hub_feature resource (#18582)
• netapp: added zone and replica_zone field to google_netapp_storage_pool resource (#18609)
• vertexai: added project_number field to google_vertex_ai_feature_online_store_featureview resource (#18637)
• workstations: added host.gce_instance.vm_tags field to google_workstations_workstation_config resource (#18588)

BUG FIXES:

• compute: fixed a bug preventing the creation of google_compute_autoscaler and google_compute_region_autoscaler resources if both autoscaling_policy.max_replicas and autoscaling_policy.min_replicas were configured as zero. (#18607)
• resourcemanager: mitigated eventual consistency issues by adding a 10s wait after google_service_account_key resource creation (#18566)
• vertexai: fixed issue where updating "metadata" field could fail in google_vertex_ai_index resource (#18632)

FEATURES:

• New Resource: google_storage_managed_folder_iam (#18555)
• New Resource: google_storage_managed_folder (#18555)

IMPROVEMENTS:

• bigtable: added ignore_warnings field to google_bigtable_gc_policy resource (#18492)
• cloudfunctions2: added build_config.automatic_update_policy and build_config.on_deploy_update_policy fields to google_cloudfunctions2_function resource (#18540)
• compute: added confidential_instance_config.confidential_instance_type field to google_compute_instance, google_compute_instance_template, and google_compute_region_instance_template resources (#18554)
• compute: added custom_error_response_policy and default_custom_error_response_policy fields to google_compute_url_map resource (#18511)
• compute: added tls_early_data field to google_compute_target_https_proxy resource (#18512)
• compute: promoted google_compute_network_attachment resource from beta to GA (#18494)
• datafusion: added connection_type and private_service_connect_config fields to google_data_fusion_instance resource (#18525)
• healthcare: added encryption_spec field to google_healthcare_dataset resource (#18528)
• monitoring: added links field to google_monitoring_alert_policy resource (#18549)
• vertexai: added update support for big_query.entity_id_columns field on google_vertex_ai_feature_group resource (#18493)
• vertexai: promoted dedicated_serving_endpoint field on google_vertex_ai_feature_online_store resource from beta to GA (#18513)

BUG FIXES:

• accesscontextmanager: fixed perma-diff caused by ordering of service_perimeters in google_access_context_manager_service_perimeters resource (#18520)
• compute: fixed a crash in google_compute_reservation resource when share_settings field has changes (#18498)
• compute: fixed issue in google_compute_instance resource where service_account is not set when specifying service_account.email and no service_account.scopes (#18521)
• gkehub2: fixed google_gke_hub_feature resource to allow fleet_default_member_config field to be unset (#18487)
• identityplatform: fixed perma-diff on google_identity_platform_config resource when sms_region_config is not set (#18537)
• logging: fixed perma-diff on index_configs in google_logging_organization_bucket_config resource (#18501)

FEATURES:

• New Data Source: google_artifact_registry_docker_image (#18446)
• New Resource: google_service_networking_vpc_service_controls (#18448)

IMPROVEMENTS:

• billingbudget: added enable_project_level_recipients field to google_billing_budget resource (#18437)
• compute: added action_token_site_keys and session_token_site_keys fields to google_compute_security_policy and google_compute_security_policy_rule resources (#18414)
• gkehub2: added ENTERPRISE option to security_posture_config field on google_gke_hub_fleet resource (#18440)
• pubsub: added bigquery_config.service_account_email field to google_pubsub_subscription resource (#18444)
• redis: added maintenance_version field to google_redis_instance resource (#18424)
• storage: changed update behavior in google_storage_bucket_object to no longer delete to avoid object deletion on content update (#18479)
• sql: added support for more MySQL values in type field of google_sql_user resource (#18452)
• sql: increased timeouts on google_sql_database_instance to 90m to account for longer-running actions such as creation through cloning (#18458)
• workbench: added update support to gce_setup.boot_disk and gce_setup.data_disks fields in google_workbench_instance resource (#18482)

BUG FIXES:

• compute: updated google_compute_instance to force reboot if min_node_cpus is updated (#18420)
• compute: fixed description field in google_compute_firewall to support empty/null values on update (#18478)
• compute: fixed perma-diff on google_compute_disk for Ubuntu amd64 canonical LTS images (#18418)
• storage: fixed lowercased custom_placement_config values in google_storage_bucket causing perma-destroy (#18456)
• workbench: fixed issue where instance was not starting after an update in google_workbench_instance resource (#18464)
• workbench: fixed perma-diff caused by empty accelerator_configs in google_workbench_instance resource (#18464)

NOTES:

• compute: Updated field description of connection_draining_timeout_sec, balancing_mode and outlier_detection in google_compute_region_backend_service and google_compute_backend_service to inform that default values will be changed in 6.0.0 (#18399)

FEATURES:

• New Resource: google_netapp_backup (#18357)
• New Resource: google_network_services_service_lb_policies (#18326)
• New Resource: google_scc_management_folder_security_health_analytics_custom_module (#18360)
• New Resource: google_scc_management_organization_project_security_health_analytics_custom_module (#18369)
• New Resource: google_scc_management_organization_security_health_analytics_custom_module (#18374)

IMPROVEMENTS:

• alloydb: changed the resource google_alloydb_instance to be created directly with public IP enabled instead of creating the resource with public IP disabled and then enabling it (#18344)
• bigtable: added automated_backup_configuration field to google_bigtable_table resource (#18335)
• cloudbuildv2: added support for connecting to Bitbucket Data Center and Bitbucket Cloud with the bitbucket_data_center_config and bitbucket_cloud_config fields in google_cloudbuildv2_connection (#18375)
• compute: added update support to ssl_policy field in google_compute_region_target_https_proxy resource (#18361)
• compute: removed enum validation on guest_os_features.type in google_compute_disk to allow for new features to be used without provider update (#18331)
• compute: updated documentation of google_compute_target_https_proxy and google_compute_region_target_https_proxy (#18358)
• container: added support for security_posture_config.mode value "ENTERPRISE" in resource_container_cluster (#18334)
• discoveryengine: added document_processing_config field to google_discovery_engine_data_store resource (#18350)
• edgecontainer: added 'maintenance_exclusions' field to 'google_edgecontainer_cluster' resource (#18370)
• gkehub: added prevent_drift field to ConfigManagement fleet_default_member_config (#18330)
• netapp: added administrators field to google_netapp_active_directory resource (#18333)
• vertexai: promoted optimized field to GA for google_vertex_ai_feature_online_store resource (#18348)
• workbench: updated the metadata keys managed by the backend. (#18367)

BUG FIXES:

• compute: fixed an issue where google_compute_instance_group_manager with a pending operation was incorrectly removed due to the operation no longer being present in the backend (#18380)
• compute: fixed issue where users could not create google_compute_security_policy resources with layer_7_ddos_defense_config explicitly disabled (#18345)
• workbench: fixed a bug in the google_workbench_instance resource where specifying a network in some scenarios would cause instance creation to fail (#18404

NOTES:

• The 4.85.0 release backports configuration for the retention period for Cloud Storage soft delete (https://cloud.google.com/resources/storage/soft-delete-announce) so that customers who have not yet upgraded to 5.22.0+ are able to configure the retention period of objects in their buckets. By upgrading to this version and configuring or otherwise interacting with the google_storage_bucket.soft_delete_policy values, you will need to upgrade directly to 5.22.0+ from 4.85.0 when upgrading to 5.X in the future.

IMPROVEMENTS:

• storage: added soft_delete_policy to google_storage_bucket resource (#17624)

DEPRECATIONS:

• healthcare: deprecated notification_config in google_healthcare_fhir_store resource. Use notification_configs instead. (#18306)

FEATURES:

• New Data Source: google_compute_security_policy (#18316)
• New Resource: google_compute_project_cloud_armor_tier (#18319)
• New Resource: google_network_services_service_lb_policies (#18326)
• New Resource: google_scc_management_organization_event_threat_detection_custom_module (#18317)
• New Resource: google_spanner_instance_config (#18322)

IMPROVEMENTS:

• appengine: added flexible_runtime_settings field to google_app_engine_flexible_app_version resource (#18325)
• bigtable: added force_destroy field to google_bigtable_instance resource. This will force delete any backups present in the instance and allow the instance to be deleted. (#18291)
• clouddeploy: added execution_configs.verbose field to google_clouddeploy_target resource (#18292)
• compute: added storage_pool field to google_compute_disk resource (#18273)
• dlp: added secrets_discovery_target, cloud_sql_target.filter.database_resource_reference, and big_query_target.filter.table_reference fields to google_data_loss_prevention_discovery_config resource (#18324)
• gkebackup: added backup_schedule.backup_config.permissive_mode field to google_gke_backup_backup_plan resource (#18266)
• gkebackup: added restore_config.restore_order field to google_gke_backup_restore_plan resource (#18266)
• gkebackup: added restore_config.volume_data_restore_policy_bindings field to google_gke_backup_restore_plan resource (#18266)
• gkebackup: added new enum values MERGE_SKIP_ON_CONFLICT, MERGE_REPLACE_VOLUME_ON_CONFLICT and MERGE_REPLACE_ON_CONFLICT to field restore_config.namespaced_resource_restore_mode in google_gke_backup_restore_plan resource (#18266)
• healthcare: added notification_config.send_for_bulk_import field to google_healthcare_dicom_store resource (#18320)
• healthcare: added notification_configs field to google_healthcare_fhir_store resource (#18306)
• integrationconnectors: added endpoint_global_access field to google_integration_connectors_endpoint_attachment resource (#18293)
• netapp: added backup_config field to google_netapp_volume resource (#18286)
• redis: added zone_distribution_config field to google_redis_cluster resource (#18307)
• resourcemanager: added support for range_type = "default-domains-netblocks" in google_netblock_ip_ranges data source (#18290)
• secretmanager: added support for IAM conditions in google_secret_manager_secret_iam_* resources (#18294)
• workstations: added boot_disk_size_gb, enable_nested_virtualization, and pool_size to host.gce_instance.boost_configs in google_workstations_workstation_config resource (#18310)

BUG FIXES:

• container: fixed google_container_node_pool crash if node_config.secondary_boot_disks.mode is not set (#18323)
• dlp: removed required on inspect_config.limits.max_findings_per_info_type.info_type field to allow the use of default limit by not setting this field in google_data_loss_prevention_inspect_template resource (#18285)
• provider: fixed application default credential and access token authorization when universe_domain is set (#18272)