Skip to content

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Aug 27, 2025

This PR contains the following updates:

Package Type Update Change Pending
google (source) required_provider major >= 3.50, < 7 -> >= 3.50, < 8 7.8.0
google-beta (source) required_provider major >= 3.50, < 7 -> >= 3.50, < 8 7.8.0

Release Notes

hashicorp/terraform-provider-google (google)

v7.7.0

Compare Source

BREAKING CHANGES:

  • discoveryengine: changed type of google_discovery_engine_data_connector.entities.params. Previously, it was a map of string keys to string values; now, it must be a JSON-encoded string containing an object. This change is being made in a minor release because the field wasn't usable as intended – specifically, all current valid uses require mapping strings to lists of strings. (#​24658)

FEATURES:

  • New Data Source: google_network_management_connectivity_tests (#​24635)
  • New Resource: google_apigee_developer_app (#​24625)
  • New Resource: google_discovery_engine_license_config (#​24619)
  • New Resource: google_iam_workforce_pool_provider_scim_tenant (#​24587)
  • New Resource: google_kms_project_kaj_policy_config (#​24622)
  • New Resource: google_saas_runtime_tenant (#​24608)

IMPROVEMENTS:

  • apigee: updated the scopes argument in google_apigee_api_product resource to be order-insensitive. (#​24625)
  • beyondcorp: added proxy_protocol_config and service_discovery fields to google_beyondcorp_security_gateway resource (#​24609)
  • cloudrunv2: added default_uri_disabled field to google_cloud_run_v2_service resource. (GA promotion) (#​24602)
  • cloudrunv2: added health_check_disabled field to google_cloud_run_v2_service resource. (#​24602)
  • compute: added params field to google_compute_router resource (GA) (#​24611)
  • discoveryengine: added connector_modes, sync_mode, incremental_refresh_interval, auto_run_disabled, and incremental_sync_disabled fields to google_discovery_engine_data_connector resource (#​24658)
  • discoveryengine: added kms_key_name field to google_discovery_engine_search_engine resource (#​24658)
  • dlp: added publish_to_dataplex_catalog field to discovery_config resource (#​24621)
  • gkeonprem: made it possible to set the on_prem_version field on google_gkeonprem_vmware_node_pool (previously output-only) (#​24614)
  • memcache: added deletion_protection field to memcache_instance to make deleting them require an explicit intent. memcache_instance resources now cannot be destroyed unless deletion_protection = false is set for the resource. (#​24613)
  • metastore: added tags field to google_dataproc_metastore_service and 'google_dataproc_metastore_federation' resources to allow setting tags for services and federation at creation time (#​24633)
  • networksecurity: added URL_FILTERING option to enum field type for google_network_security_security_profile resource (#​24583)
  • networksecurity: added url_filtering_profile field to google_network_security_security_profile_group resource (beta) (#​24583)
  • networksecurity: added url_filtering_profile field to google_network_security_security_profile resource (beta) (#​24583)
  • sql: added source_instance_deletion_time field to google_sql_database_instance_latest_recovery_time data source (#​24576)
  • sql: added source_instance_deletion_time field to google_sql_database_instance resource (#​24576)

BUG FIXES:

  • bigqueryanalyticshub: fixed google_bigquery_analytics_hub_listing_subscription import (#​24634)
  • discoveryengine: fixed bug where it wasn't possible to specify values for knowledgeBaseSysId or catalogSysId in google_discovery_engine_data_connector.entities.params. (#​24658)

v7.6.0

Compare Source

DEPRECATIONS:

  • networksecurity: deprecated ignore_case, exact, prefix, suffix and contains fields in http_rules.from.not_sources.principals and http_rules.from.sources.principals blocks in google_network_security_authz_policy resource. Use the equivalent fields in http_rules.from.not_sources.principals.principal or http_rules.from.sources.principals.principal instead. (#​24543)

BREAKING CHANGES:

  • container: node_config blocks that had set kubelet_config without explicitly setting cpu_cfs_quota implicitly set cfu_cfs_quota to false when unset. From this version onwards, an unset cpu_cfs_quota will instead match the API default of true true. Resources that are recreated will receive the new value; old resources are unaffected, and may change values by explicitly setting the intended one. (#​24569)
  • storageinsights: removed activity_data_retention_period_days field from google_storage_insights_dataset_config resource due to a delayed launch. It will be readded when the feature launches. (#​24570)

FEATURES:

  • New Resource: google_kms_folder_kaj_policy_config (#​24513)
  • New Resource: google_vertex_ai_cache_config (#​24541)
  • New Resource: google_vertex_ai_reasoning_engine (#​24512)

IMPROVEMENTS:

  • backupdr: added data_source and rules_config_info fields to google_backup_dr_backup_plan_associations datasource (#​24517)
  • beyondcorp: added external, proxy_protocol, and schema fields to google_beyondcorp_security_gateway_application resource (#​24542)
  • beyondcorp: changed endpoint_matchers field to not be required anymore in the google_beyondcorp_security_gateway_application resource (#​24542)
  • cloudrunv2: added default_uri_disabled field to google_cloud_run_v2_service resource (#​24556)
  • compute: added shared_secret_wo and shared_secret_wo_version fields to google_compute_vpn_tunnel resource, enabling write-only management of the shared secret. (#​24491)
  • dlp: added SENSITIVITY_UNKNOWN as possible enum value for actions.tag_resources.tag_conditions.sensitivity_score.score in google_data_loss_prevention_discovery_config resource (#​24564)
  • dlp: added actions.save_findings.output_config.storage_path field to google_data_loss_prevention_job_trigger resource (#​24558)
  • filestore: added file_shares.nfs_export_options.network and networks.psc_config.endpoint_project fields to google_filestore_instance resource (#​24567)
  • lustre: increased creation timeout from 20min to 40min for google_lustre_instance resource (#​24559)
  • netapp: added hybrid_replication_user_commands field with subfield commands to google_netapp_volume_replication resource (#​24554)
  • netapp: added replication_schedule, hybrid_replication_type, large_volume_constituent_count fields to hybrid_replication_parameters field in google_netapp_volume resource (#​24554)
  • networksecurity: added ip_blocks field to google_network_security_authz_policy resource (#​24543)
  • secretmanager: added ephemeral support for google_secret_manager_secret_version resource (#​24566)
  • sql: added source_instance_deletion_time field to google_sql_database_instance_latest_recovery_time data source (#​24576)
  • sql: added source_instance_deletion_time field to google_sql_database_instance resource (#​24576)
  • storagetransfer: added user_project_override and billing_project fields to google_storage_transfer_job resource (#​24504)

BUG FIXES:

  • container: fixed the default for node_config.kubelet_config.cpu_cfs_quota on google_container_cluster, google_container_node_pool, google_container_cluster.node_pool to align with the API. Terraform will now send a true value when the field is unset on creation, and preserve any previously set value when unset. Explicitly set values will work as defined in configuration. (#​24569)

v7.5.0

Compare Source

BREAKING CHANGES:

  • netapp: changed peer_ip_addresses field type from String to Array in google_netapp_volume resource, as it was unusable otherwise (#​24428)

FEATURES:

  • New Data Source: google_artifact_registry_maven_artifacts (#​24487)
  • New Data Source: google_artifact_registry_npm_packages (#​24486)
  • New Resource: google_apigee_api_deployment (#​24469)
  • New Resource: google_discovery_engine_data_connector (#​24472)
  • New Resource: google_managed_kafka_connect_cluster (#​24443)
  • New Resource: google_managed_kafka_connector (#​24443)
  • New Resource: google_kms_organization_kaj_policy_config (#​24471)
  • New Resource: google_saas_runtime_rollout_kind (#​24447)

IMPROVEMENTS:

  • cloudrunv2: added mount_options in gcsfuse volumes for google_cloud_run_v2_service, google_cloud_run_v2_job, and google_cloud_run_v2_workerpool resources. (#​24413)
  • cloudrunv2: added startup_probe and liveness_probe to google_cloud_run_v2_worker_pool resource (#​24418)
  • compute: added bandwidth_allocation field to google_compute_wire_group resource (#​24460)
  • compute: added shared_secret_wo and shared_secret_wo_version fields for google_compute_vpn_tunnel resource, enabling write-only management of the shared secret. (#​24491)
  • dialogflow: added new_recognition_result_notification_config field to google_dialogflow_conversation_profile resource (#​24468)
  • discoveryengine: added features field to google_discovery_engine_search_engine resource (#​24445)
  • dlp: added other_cloud_target and other_cloud_starting_location to google_data_loss_prevention_discovery_config (#​24463)
  • gkebackup: added backup_config.selected_namespace_labels field to google_gke_backup_backup_plan resource (#​24427)
  • looker: added gemini_enabled field to google_looker_instance resource (#​24461)
  • netapp: added hot_tier_bypass_mode_enabled and hot_tier_size_used_gib fields to google_netapp_volume (#​24454)
  • netapp: added hot_tier_size_gib, enable_hot_tier_auto_resize, cold_tier_size_used_gib and hot_tier_size_used_gib fields to google_netapp_storage_pool (#​24454)
  • oracledatabase: added gcp_oracle_zone field to google_oracle_database_odb_network resource (#​24456)
  • privilegedaccessmanager: added approval_workflow.steps.id field to google_privileged_access_manager_entitlement resource (#​24419)
  • pubsub: added support for tags field to google_pubsub_topic and google_pubsub_subscription resources (#​24442)
  • sql: added point_in_time_restore_context field to google_sql_database_instance (#​24489)
  • storage: added force_destroy field to google_storage_insights_report_config resource (#​24462)
  • storageinsights: added activity_data_retention_period_days field to google_storage_insights_dataset_config resource (#​24459)
  • vertexai: added endpoint_config.private_service_connect_config block to google_vertex_ai_endpoint_with_model_garden_deployment resource (#​24425)
  • vertexai: added encryption_spec.kms_key_name field to google_vertex_ai_index_endpoint resource (#​24490)
  • vertexai: added encryption_spec.kms_key_name field to google_vertex_ai_index resource (#​24441)

BUG FIXES:

  • apihub: fixed a permadiff on config_template in google_apihub_plugin resource (#​24429)
  • storage: fixed a panic caused by empty cors blocks google_storage_bucket resource (#​24476)

v7.4.0

Compare Source

DEPRECATIONS:

FEATURES:

  • New Data Source: google_artifact_registry_maven_artifact (#​24358)
  • New Data Source: google_compute_interconnect_location (#​24377)
  • New Resource: google_network_services_wasm_plugin (#​24406)
  • New Resource: google_resource_manager_capability (#​24404)

IMPROVEMENTS:

  • cloudrunv2: added mount_options in gcsfuse volumes for google_cloud_run_v2_service, google_cloud_run_v2_job, and google_cloud_run_v2_workerpool resources. (#​24413)
  • compute: added cipher_suite field to google_compute_vpn_tunnel resource. (#​24378)
  • container: added auto_ipam_config to google_container_cluster resource. (#​24396)
  • storage: added support for timeouts to google_storage_bucket_iam_binding, google_storage_bucket_iam_member, google_storage_bucket_iam_policy resources (#​24376)

BUG FIXES:

  • bigtable: fixed node_scaling_factor forcing new instance on google_bigtable_instance when adding new cluster (#​24410)
  • cloudscheduler: fixed a type assertion panic in google_cloud_scheduler_job when processing HTTP headers with nil or unexpected data types (#​24360)
  • compute: fixed the Network field cannot be modified issue in google_compute_region_backend_service. Now updating the network field will force the resource to be recreated. (#​24398)
  • netapp: fixed incorrect default value handling in google_netapp_volume for export_policy.rules attributes has_root_access and squash_mode. When not specified, these fields will now take on the API default value with no diff. (#​24395)
  • netapp: updated google_netapp_storage_pool to source the default value for the qos_type field from the API. If not specified in the configuration, qos_type will now default to the value provided by the NetApp Volumes API. (#​24394)
  • sql: fixed the permadiffs on disk_size when disk_autoresize is enabled in google_sql_database_instance (#​24399)
  • workbench: added retry for unable to queue the operation 409 errors in google_workbench_instance resource. (#​24392)

v7.3.0

Compare Source

FEATURES:

  • New Data Source: google_backup_dr_data_source_reference (#​24346)
  • New Resource: google_bigquery_datapolicyv2_data_policy (#​24313)
  • New Resource: google_saas_runtime_release (#​24289)
  • New Resource: google_secure_source_manager_hook (#​24345)

IMPROVEMENTS:

  • cloudrun: added sub_path field to google_cloud_run_service resource. (#​24341)
  • cloudrunv2: added sub_path field to google_cloud_run_v2_service google_cloud_run_v2_job and google_cloud_run_v2_worker_pool resource. (#​24341)
  • compute: added labels and label_fingerprint fields to google_compute_security_policy resource (#​24322)
  • compute: labels under initialize_params are now updatable on google_compute_instance (#​24349)
  • container: added new fields memory_manager and topology_manager to node_kubelet_config block (#​24277)
  • datastream: added destination_config.bigquery_destination_config.source_hierarchy_datasets.project_id field to google_datastream_stream resource (#​24340)
  • discoveryengine: added app_type field to google_discovery_engine_search_engine resource (#​24320)
  • gkeonprem: added proxy field to google_gkeonprem_vmware_admin_cluster resource (#​24338)
  • healthcare: added validation_config to google_healthcare_fhir_store resource (#​24336)
  • iamworkforcepool: added extended_attributes field to workforce_pool_provider resource (#​24308)
  • netapp: added export_policy.rules.squash_mode field to google_netapp_volume resource. (#​24350)
  • privateca: added encryption_spec field to google_privateca_ca_pool resource (#​24328)
  • run: added connector to vpc_access on google_cloud_run_v2_worker_pool resource (#​24337)
  • tags: added the DATA_GOVERNANCE value to google_tags_tag_key.purpose (#​24307)

BUG FIXES:

  • bigquery: updated the schema change detection for google_bigquery_table to take into account presence of row access policy (#​24284)
  • compute: fixed allow_global_access to correctly be immutable for google_compute_forwarding_rule resources with load balancing scheme of INTERNAL_MANAGED (#​24312)
  • compute: fixed a crash in google_compute_security_policy due to a changed API response for empty match.0.expr_options blocks (#​24353)
  • dialogflow: added support for non-global endpoints for google_dialogflow_conversation_profile (#​24351)
  • publicca: use RawURLEncoding instead of URLEncoding for unpadded base64 encoding (#​24283)
  • secretmanager: fixed a panic in google_secret_manager_secret_version in a secret_manager (#​24326)
  • workbench: fixed issue that resource creation with computed labels field fails in google_workbench_instance resource (#​24311)
  • workbench: made report-notebook-metrics metadata key settable for google_workbench_instance (#​24310)

v7.2.0

Compare Source

FEATURES:

  • New Data Source: google_artifact_registry_python_package (#​24267)
  • New Data Source: google_backup_dr_data_source_references (#​24268)
  • New Resource: google_discovery_engine_acl_config (#​24276)
  • New Resource: google_saas_runtime_unit_kind (#​24236)

IMPROVEMENTS:

  • chronicle: made the scope_info field in google_chronicle_reference_list configurable (#​24250)
  • compute: added header_action to path_matcher and default_service level on google_compute_region_url_map resource (#​24253)
  • container: added secret_manager_config.rotation_config field to google_container_cluster resource (#​24244)
  • container: added new fields memory_manager and topology_manager to google_container_cluster.node_config.kubelet_config and google_container_node_pool.node_config.kubelet_config (#​24277)
  • sql: added final_backup_description and final_backup_config fields to google_sql_database_instance resource (#​24273)
  • storage: added aws_s3_compatible_data_source to google_storage_transfer_job resource (#​24241)

BUG FIXES:

  • provider: fixed an issue with universe_domain where the provider tried to connect to "googleapis.com" for user email logging when universe_domain was set (#​24238)
  • container: fixed a faulty diff for arrays on user_managed_keys_config that caused faulty cluster updates to be triggered in google_container_cluster (#​24256)
  • osconfig: fixed a permadiff in google_osconfig_patch_deployment where patch_config.yum.minimal doesn't send false for empty values (#​24247)

v7.1.1

Compare Source

BUG FIXES:

  • bigtable: fixed an error encountered when applying google_bigtable_table_iam_* resources after upgrading to 7.x and replacing instance with instance_name (#​24255)

v7.1.0

Compare Source

DEPRECATIONS:

  • container: deprecated enterprise_config field in google_container_cluster resource. GKE Enterprise features are now available without an Enterprise tier. (#​24210)
  • storage: removed deprecated status for field to detect_md5hash in google_storage_bucket_object resource (#​24147)

FEATURES:

  • New Data Source: google_iap_web_forwarding_rule_service_iam_policy (#​24178)
  • New Resource: google_iap_web_forwarding_rule_service_iam_binding (#​24178)
  • New Resource: google_iap_web_forwarding_rule_service_iam_member (#​24178)
  • New Resource: google_iap_web_forwarding_rule_service_iam_policy (#​24178)

IMPROVEMENTS:

  • artifactregistry: added registry_uri as attribute to google_artifact_registry_repository (#​24164)
  • backupdr: added 'supported_resource_types' field to google_backup_dr_backup_plan resource (#​24189)
  • backupdr: added create_time field to google_backup_dr_backup data source (#​24183)
  • cloudbuild: added worker_config.enable_nested_virtualization field to google_cloudbuild_worker_pool resource (#​24176)
  • cloudrunv2: added support for multi_region_settings field to google_cloud_run_v2_service resource (#​24149)
  • compute: add params.resource_manager_tags field to the google_compute_region_backend_service (#​24191)
  • compute: added public_delegated_sub_prefixs field to resource google_compute_public_delegated_prefix (#​24202)
  • compute: added update_strategy field to google_compute_network_peering resource (#​24180)
  • firestore: added unique field to google_firestore_index resource (#​24163)
  • netapp: added qos_type and available_throughput_mibps fields to google_netapp_storage_pool resource (#​24161)
  • netapp: added throughput_mibps field to google_netapp_volume resource (#​24161)
  • networkservices: allowed EXPLICIT_ROUTING_MODE for routing_mode on google_network_services_gateway resource (#​24151)
  • sql: added consumer_network_status, ip_address, and status fields to psc_auto_connections field on google_sql_database_instance resource (#​24201)
  • storagetransfer: added service_account field to google_storage_transfer_job resource (#​24193)
  • storagetransfer: added transfer_spec.aws_s3_data_source.credentials_secret to google_storage_transfer_job resource (#​24152)

BUG FIXES:

  • compute: fixed certain spurious diffs for google_compute_region_backend_service.backend.group (#​24157)
  • compute: fixed permadiff on google_compute_region_network_endpoint_group when no network is specified (#​24182)
  • memorystore: fixed permadiffs that cause destroy+recreate on new google_memorystore_instance when desired_psc_auto_connections is set (#​24212)
  • netapp: fixed a permadiff on total_iops in google_netapp_storage_pool resource (#​24207)
  • oracledatabase: fixed permadiffs on google_oracle_database_autonomous_database resource for the odb_network and odb_subnet fields (#​24184)

v7.0.1

Compare Source

BUG FIXES:

  • storage: fixed a conversion crash in google_storage_bucket state migration #​24186

v7.0.0

Compare Source

Terraform Google Provider 7.0.0 Upgrade Guide

BREAKING RESOURCE REMOVALS:

  • beyondcorp: removed google_beyondcorp_application, its associated IAM resources google_beyondcorp_application_iam_binding, google_beyondcorp_application_iam_member, and google_beyondcorp_application_iam_policy, and the google_beyondcorp_application_iam_policy datasource. Use google_beyondcorp_security_gateway_application instead. #​23999
  • notebooks: removed google_notebooks_location #​23607
  • tpu: removed google_tpu_node. Use google_tpu_v2_vm instead. #​23964

BREAKING FIELD REMOVALS:

  • cloudrunv2: removed template.containers.depends_on within resource google_cloud_run_v2_worker_pool #​23815
  • colab: removed post_startup_script_config field from from google_colab_runtime_template resource #​24026
  • compute: removed field enable_flow_logs from google_compute_subnetwork #​23704
  • gkehub: removed configmanagement.binauthz field in google_gke_hub_feature_membership #​24076
  • gkehub: removed description field in google_gke_hub_membership #​23587
  • memorystore: removed allow_fewer_zones_deployment field from google_memorystore_instance resource because it isn't user-configurable #​24079
  • redis: removed allow_fewer_zones_deployment field from google_redis_cluster resource because it isn't user-configurable #​24079
  • resourcemanager: removed non-functional project field from google_service_account_key datasource #​24000
  • vertexai: removed enable_secure_private_service_connect in google_vertex_ai_endpoint #​23843

BREAKING INCREASED VALIDATION:

  • cloudfunctions2: made event_type a required field for event_trigger in google_cloudfunctions2_function #​23918
  • networkservices: made load_balancing_scheme required in google_network_services_lb_traffic_extension #​23748
  • sql: made password_wo_version required when password_wo is set in google_sql_user #​24083
  • storage: added validation requiring the topic field to be in the form "projects//topics/" in google_storage_notification #​24135
  • storagetransfer: added path validation for GCS path source and sink in google_storage_transfer_job #​23493
  • vertexai: made metadata, and metadata.config required in google_vertex_ai_index. Resource creation would fail without these attributes already, so no change is necessary to existing configurations. #​23971

OTHER BREAKING CHANGES:

  • alloydb: added deletion_protection field with a default value of true to google_alloydb_cluster resource #​24024
  • apigee: changed certs_info field in google_apigee_keystores_aliases_key_cert_file to be output-only #​24135
  • apigee: migrated google_apigee_keystores_aliases_key_cert_file to the plugin framework #​24135
  • artifactregistry: removed the default values for public_repository fields in google_artifact_registry_repository. If your state is reliant on them, they will now need to be manually included in your configuration. #​23970
  • bigquery: removed the default value of view.use_legacy_sql in google_bigquery_table #​24065
  • bigtable: renamed instance to instance_name for bigtable_table_iam objects #​23399
  • billing: made budget_filter.credit types and budget_filter.subaccounts no longer optional+computed, only optional, in google_billing_budget resource #​24078
  • cloudfunctions2: changed service_config.service field in google_cloudfunctions2_function resource to be output-only #​23790
  • compute: subnetworks and instances fields in google_compute_packet_mirroring have been converted from arrays to sets #​24021
  • compute: advertised_ip_ranges field group in google_compute_router has been converted from a list to a set #​24030
  • compute: disk.type, disk.mode and disk.interface no longer use provider configured default values and instead will be set by the API in google_compute_instance_template and google_compute_region_instance_template resources #​24055
  • provider: fixed many import functions throughout the provider that erroneously matched a subset of the provided input, leading to unclear error messages when using terraform input with invalid resource IDs. #​24010
  • resourcemanager: changed disable_on_destroy default value to false in google_project_service #​23951
  • securesourcemanager: changed deletion_policy default value from DELETE to PREVENT #​23963
  • storage: retention_period field in google_storage_bucket has been converted from int to string data type #​23535
  • storage: migrated google_storage_notification to the plugin framework #​24135

FEATURES:

  • New Data Source: google_artifact_registry_npm_package (#​24072)
  • New Data Source: google_certificate_manager_dns_authorization (#​24009)
  • New Resource: google_iap_web_region_forwarding_rule_service_iam_binding (#​24041)
  • New Resource: google_iap_web_region_forwarding_rule_service_iam_member (#​24041)
  • New Resource: google_iap_web_region_forwarding_rule_service_iam_policy (#​24041)
  • New Resource: google_saas_runtime_saas (#​24028)

IMPROVEMENTS:

  • cloudbuild: added developer_connect_event_config field to google_cloudbuild_trigger resource (#​24043)
  • cloudtasks: added desired_state field to google_cloud_tasks_queue resource (#​24053)
  • cloudrunv2: added max_instance_count field to google_cloud_run_v2_service resource. (#​24031)
  • compute: added params.resourceManagerTags field to the google_compute_backend_service (#​24062)
  • compute: added params.resource_manager_tags field to google_compute_backend_bucket (#​24068)
  • compute: added short_name field to google_compute_organization_security_policy resource (#​24059)
  • container: added cluster_autoscaling.default_compute_class_enabled field to google_container_cluster resource (#​24023)
  • dialogflowcx: added enableMultiLanguageTraining, locked, answerFeedbackSettings, personalizationSettings, clientCertificateSettings, startPlaybook, satisfiesPzs, and satisfiesPzi to google_dialogflow_cx_agent resource. (#​24007)
  • lustre: increased google_lustre_instance resource create timeout to 120m from 20m (#​24056)
  • oracledatabase: enabled default_from_api flag for ODB Network related fields in google_oracle_database_cloud_vm_cluster resource (#​24045)
  • sql: added feature to restore google_sql_database_instance using backupdr_backup (#​24066)
  • ssm: made ca_pool argument optional for private instances that use Google-managed trusted certificates.tosecure_source_manager` resource (#​24039)

BUG FIXES:

  • container: fixed issue where a failed creation on google_container_node_pool would result in an unrecoverable tainted state (#​24077)
  • gkeonprem: set default_from_api in image field in google_vmware_node_pool (#​24022)
  • workbench: made install-monitoring-agent metadata key settable for google_workbench_instance (#​24080)
hashicorp/terraform-provider-google-beta (google-beta)

v7.7.0

Compare Source

BREAKING CHANGES:

  • discoveryengine: changed type of google_discovery_engine_data_connector.entities.params. Previously, it was a map of string keys to string values; now, it must be a JSON-encoded string containing an object. This change is being made in a minor release because the field wasn't usable as intended – specifically, all current valid uses require mapping strings to lists of strings. (#​10863)

FEATURES:

  • New Data Source: google_network_management_connectivity_tests (#​10856)
  • New Resource: google_apigee_developer_app (#​10851)
  • New Resource: google_discovery_engine_license_config (#​10848)
  • New Resource: google_iam_workforce_pool_provider_scim_tenant (#​10834)
  • New Resource: google_kms_project_kaj_policy_config (#​10850)
  • New Resource: google_saas_runtime_tenant (#​10841)

IMPROVEMENTS:

  • apigee: updated the scopes argument in google_apigee_api_product resource to be order-insensitive. (#​10851)
  • beyondcorp: added proxy_protocol_config and service_discovery fields to google_beyondcorp_security_gateway resource (#​10842)
  • cloudrunv2: added health_check_disabled field to google_cloud_run_v2_service resource. (#​10839)
  • compute: added params field to google_compute_router resource (GA) (#​10844)
  • discoveryengine: added connector_modes, sync_mode, incremental_refresh_interval, auto_run_disabled, and incremental_sync_disabled fields to google_discovery_engine_data_connector resource (#​10863)
  • discoveryengine: added kms_key_name field to google_discovery_engine_search_engine resource (#​10863)
  • dlp: added publish_to_dataplex_catalog field to discovery_config resource (#​10849)
  • gkeonprem: made it possible to set the on_prem_version field on google_gkeonprem_vmware_node_pool (previously output-only) (#​10847)
  • memcache: added deletion_protection field to memcache_instance to make deleting them require an explicit intent. memcache_instance resources now cannot be destroyed unless deletion_protection = false is set for the resource. (#​10846)
  • metastore: added tags field to google_dataproc_metastore_service and 'google_dataproc_metastore_federation' resources to allow setting tags for services and federation at creation time (#​10854)
  • networksecurity: added URL_FILTERING option to enum field type for google_network_security_security_profile resource (#​10829)
  • networksecurity: added url_filtering_profile field to google_network_security_security_profile_group resource (#​10829)
  • networksecurity: added url_filtering_profile field to google_network_security_security_profile resource (#​10829)
  • sql: added source_instance_deletion_time field to google_sql_database_instance_latest_recovery_time data source (#​10827)
  • sql: added source_instance_deletion_time field to google_sql_database_instance resource (#​10827)

BUG FIXES:

  • bigqueryanalyticshub: fixed google_bigquery_analytics_hub_listing_subscription import (#​10855)
  • discoveryengine: fixed bug where it wasn't possible to specify values for knowledgeBaseSysId or catalogSysId in google_discovery_engine_data_connector.entities.params. (#​10863)

v7.6.0

Compare Source

DEPRECATIONS:

  • networksecurity: deprecated ignore_case, exact, prefix, suffix and contains fields in http_rules.from.not_sources.principals and http_rules.from.sources.principals blocks in google_network_security_authz_policy resource. Use the equivalent fields in http_rules.from.not_sources.principals.principal or http_rules.from.sources.principals.principal instead. (#​10809)

BREAKING CHANGES:

  • container: node_config blocks that had set kubelet_config without explicitly setting cpu_cfs_quota implicitly set cfu_cfs_quota to false when unset. From this version onwards, an unset cpu_cfs_quota will instead match the API default of true true. Resources that are recreated will receive the new value; old resources are unaffected, and may change values by explicitly setting the intended one. (#​10823)
  • storageinsights: removed activity_data_retention_period_days field from google_storage_insights_dataset_config resource due to a delayed launch. It will be readded when the feature launches. (#​10824)

FEATURES:

  • New Resource: google_kms_folder_kaj_policy_config (#​10798)
  • New Resource: google_vertex_ai_cache_config (#​10807)
  • New Resource: google_vertex_ai_reasoning_engine (#​10797)

IMPROVEMENTS:

  • backupdr: added data_source and rules_config_info fields to google_backup_dr_backup_plan_associations datasource (#​10802)
  • beyondcorp: added external, proxy_protocol, and schema fields to google_beyondcorp_security_gateway_application resource ([#&#8203

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the dependencies Pull requests that update a dependency file label Aug 27, 2025
@renovate renovate bot requested a review from a team as a code owner August 27, 2025 23:09
@dpebot
Copy link
Collaborator

dpebot commented Aug 27, 2025

/gcbrun

@renovate renovate bot force-pushed the renovate/major-terraform-google-provider branch from 5f924f3 to de2d2e8 Compare September 15, 2025 23:16
@dpebot
Copy link
Collaborator

dpebot commented Sep 15, 2025

/gcbrun

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant