Skip to content

feat(deps): Update Terraform google to v7 #100

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat(deps): Update Terraform google to v7 #100

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Aug 28, 2025
edited
Loading

This PR contains the following updates:

Package Type Update Change Pending
google (source) required_provider major >= 3.53, < 7 -> >= 3.53, < 8 7.7.0

Release Notes

hashicorp/terraform-provider-google (google)

v7.6.0

Compare Source

DEPRECATIONS:

  • networksecurity: deprecated ignore_case, exact, prefix, suffix and contains fields in http_rules.from.not_sources.principals and http_rules.from.sources.principals blocks in google_network_security_authz_policy resource. Use the equivalent fields in http_rules.from.not_sources.principals.principal or http_rules.from.sources.principals.principal instead. (#​24543)

BREAKING CHANGES:

  • container: node_config blocks that had set kubelet_config without explicitly setting cpu_cfs_quota implicitly set cfu_cfs_quota to false when unset. From this version onwards, an unset cpu_cfs_quota will instead match the API default of true true. Resources that are recreated will receive the new value; old resources are unaffected, and may change values by explicitly setting the intended one. (#​24569)
  • storageinsights: removed activity_data_retention_period_days field from google_storage_insights_dataset_config resource due to a delayed launch. It will be readded when the feature launches. (#​24570)

FEATURES:

  • New Resource: google_kms_folder_kaj_policy_config (#​24513)
  • New Resource: google_vertex_ai_cache_config (#​24541)
  • New Resource: google_vertex_ai_reasoning_engine (#​24512)

IMPROVEMENTS:

  • backupdr: added data_source and rules_config_info fields to google_backup_dr_backup_plan_associations datasource (#​24517)
  • beyondcorp: added external, proxy_protocol, and schema fields to google_beyondcorp_security_gateway_application resource (#​24542)
  • beyondcorp: changed endpoint_matchers field to not be required anymore in the google_beyondcorp_security_gateway_application resource (#​24542)
  • cloudrunv2: added default_uri_disabled field to google_cloud_run_v2_service resource (#​24556)
  • compute: added shared_secret_wo and shared_secret_wo_version fields to google_compute_vpn_tunnel resource, enabling write-only management of the shared secret. (#​24491)
  • dlp: added SENSITIVITY_UNKNOWN as possible enum value for actions.tag_resources.tag_conditions.sensitivity_score.score in google_data_loss_prevention_discovery_config resource (#​24564)
  • dlp: added actions.save_findings.output_config.storage_path field to google_data_loss_prevention_job_trigger resource (#​24558)
  • filestore: added file_shares.nfs_export_options.network and networks.psc_config.endpoint_project fields to google_filestore_instance resource (#​24567)
  • lustre: increased creation timeout from 20min to 40min for google_lustre_instance resource (#​24559)
  • netapp: added hybrid_replication_user_commands field with subfield commands to google_netapp_volume_replication resource (#​24554)
  • netapp: added replication_schedule, hybrid_replication_type, large_volume_constituent_count fields to hybrid_replication_parameters field in google_netapp_volume resource (#​24554)
  • networksecurity: added ip_blocks field to google_network_security_authz_policy resource (#​24543)
  • secretmanager: added ephemeral support for google_secret_manager_secret_version resource (#​24566)
  • sql: added source_instance_deletion_time field to google_sql_database_instance_latest_recovery_time data source (#​24576)
  • sql: added source_instance_deletion_time field to google_sql_database_instance resource (#​24576)
  • storagetransfer: added user_project_override and billing_project fields to google_storage_transfer_job resource (#​24504)

BUG FIXES:

  • container: fixed the default for node_config.kubelet_config.cpu_cfs_quota on google_container_cluster, google_container_node_pool, google_container_cluster.node_pool to align with the API. Terraform will now send a true value when the field is unset on creation, and preserve any previously set value when unset. Explicitly set values will work as defined in configuration. (#​24569)

v7.5.0

Compare Source

BREAKING CHANGES:

  • netapp: changed peer_ip_addresses field type from String to Array in google_netapp_volume resource, as it was unusable otherwise (#​24428)

FEATURES:

  • New Data Source: google_artifact_registry_maven_artifacts (#​24487)
  • New Data Source: google_artifact_registry_npm_packages (#​24486)
  • New Resource: google_apigee_api_deployment (#​24469)
  • New Resource: google_discovery_engine_data_connector (#​24472)
  • New Resource: google_managed_kafka_connect_cluster (#​24443)
  • New Resource: google_managed_kafka_connector (#​24443)
  • New Resource: google_kms_organization_kaj_policy_config (#​24471)
  • New Resource: google_saas_runtime_rollout_kind (#​24447)

IMPROVEMENTS:

  • cloudrunv2: added mount_options in gcsfuse volumes for google_cloud_run_v2_service, google_cloud_run_v2_job, and google_cloud_run_v2_workerpool resources. (#​24413)
  • cloudrunv2: added startup_probe and liveness_probe to google_cloud_run_v2_worker_pool resource (#​24418)
  • compute: added bandwidth_allocation field to google_compute_wire_group resource (#​24460)
  • compute: added shared_secret_wo and shared_secret_wo_version fields for google_compute_vpn_tunnel resource, enabling write-only management of the shared secret. (#​24491)
  • dialogflow: added new_recognition_result_notification_config field to google_dialogflow_conversation_profile resource (#​24468)
  • discoveryengine: added features field to google_discovery_engine_search_engine resource (#​24445)
  • dlp: added other_cloud_target and other_cloud_starting_location to google_data_loss_prevention_discovery_config (#​24463)
  • gkebackup: added backup_config.selected_namespace_labels field to google_gke_backup_backup_plan resource (#​24427)
  • looker: added gemini_enabled field to google_looker_instance resource (#​24461)
  • netapp: added hot_tier_bypass_mode_enabled and hot_tier_size_used_gib fields to google_netapp_volume (#​24454)
  • netapp: added hot_tier_size_gib, enable_hot_tier_auto_resize, cold_tier_size_used_gib and hot_tier_size_used_gib fields to google_netapp_storage_pool (#​24454)
  • oracledatabase: added gcp_oracle_zone field to google_oracle_database_odb_network resource (#​24456)
  • privilegedaccessmanager: added approval_workflow.steps.id field to google_privileged_access_manager_entitlement resource (#​24419)
  • pubsub: added support for tags field to google_pubsub_topic and google_pubsub_subscription resources (#​24442)
  • sql: added point_in_time_restore_context field to google_sql_database_instance (#​24489)
  • storage: added force_destroy field to google_storage_insights_report_config resource (#​24462)
  • storageinsights: added activity_data_retention_period_days field to google_storage_insights_dataset_config resource (#​24459)
  • vertexai: added endpoint_config.private_service_connect_config block to google_vertex_ai_endpoint_with_model_garden_deployment resource (#​24425)
  • vertexai: added encryption_spec.kms_key_name field to google_vertex_ai_index_endpoint resource (#​24490)
  • vertexai: added encryption_spec.kms_key_name field to google_vertex_ai_index resource (#​24441)

BUG FIXES:

  • apihub: fixed a permadiff on config_template in google_apihub_plugin resource (#​24429)
  • storage: fixed a panic caused by empty cors blocks google_storage_bucket resource (#​24476)

v7.4.0

Compare Source

DEPRECATIONS:

FEATURES:

  • New Data Source: google_artifact_registry_maven_artifact (#​24358)
  • New Data Source: google_compute_interconnect_location (#​24377)
  • New Resource: google_network_services_wasm_plugin (#​24406)
  • New Resource: google_resource_manager_capability (#​24404)

IMPROVEMENTS:

  • cloudrunv2: added mount_options in gcsfuse volumes for google_cloud_run_v2_service, google_cloud_run_v2_job, and google_cloud_run_v2_workerpool resources. (#​24413)
  • compute: added cipher_suite field to google_compute_vpn_tunnel resource. (#​24378)
  • container: added auto_ipam_config to google_container_cluster resource. (#​24396)
  • storage: added support for timeouts to google_storage_bucket_iam_binding, google_storage_bucket_iam_member, google_storage_bucket_iam_policy resources (#​24376)

BUG FIXES:

  • bigtable: fixed node_scaling_factor forcing new instance on google_bigtable_instance when adding new cluster (#​24410)
  • cloudscheduler: fixed a type assertion panic in google_cloud_scheduler_job when processing HTTP headers with nil or unexpected data types (#​24360)
  • compute: fixed the Network field cannot be modified issue in google_compute_region_backend_service. Now updating the network field will force the resource to be recreated. (#​24398)
  • netapp: fixed incorrect default value handling in google_netapp_volume for export_policy.rules attributes has_root_access and squash_mode. When not specified, these fields will now take on the API default value with no diff. (#​24395)
  • netapp: updated google_netapp_storage_pool to source the default value for the qos_type field from the API. If not specified in the configuration, qos_type will now default to the value provided by the NetApp Volumes API. (#​24394)
  • sql: fixed the permadiffs on disk_size when disk_autoresize is enabled in google_sql_database_instance (#​24399)
  • workbench: added retry for unable to queue the operation 409 errors in google_workbench_instance resource. (#​24392)

v7.3.0

Compare Source

FEATURES:

  • New Data Source: google_backup_dr_data_source_reference (#​24346)
  • New Resource: google_bigquery_datapolicyv2_data_policy (#​24313)
  • New Resource: google_saas_runtime_release (#​24289)
  • New Resource: google_secure_source_manager_hook (#​24345)

IMPROVEMENTS:

  • cloudrun: added sub_path field to google_cloud_run_service resource. (#​24341)
  • cloudrunv2: added sub_path field to google_cloud_run_v2_service google_cloud_run_v2_job and google_cloud_run_v2_worker_pool resource. (#​24341)
  • compute: added labels and label_fingerprint fields to google_compute_security_policy resource (#​24322)
  • compute: labels under initialize_params are now updatable on google_compute_instance (#​24349)
  • container: added new fields memory_manager and topology_manager to node_kubelet_config block (#​24277)
  • datastream: added destination_config.bigquery_destination_config.source_hierarchy_datasets.project_id field to google_datastream_stream resource (#​24340)
  • discoveryengine: added app_type field to google_discovery_engine_search_engine resource (#​24320)
  • gkeonprem: added proxy field to google_gkeonprem_vmware_admin_cluster resource (#​24338)
  • healthcare: added validation_config to google_healthcare_fhir_store resource (#​24336)
  • iamworkforcepool: added extended_attributes field to workforce_pool_provider resource (#​24308)
  • netapp: added export_policy.rules.squash_mode field to google_netapp_volume resource. (#​24350)
  • privateca: added encryption_spec field to google_privateca_ca_pool resource (#​24328)
  • run: added connector to vpc_access on google_cloud_run_v2_worker_pool resource (#​24337)
  • tags: added the DATA_GOVERNANCE value to google_tags_tag_key.purpose (#​24307)

BUG FIXES:

  • bigquery: updated the schema change detection for google_bigquery_table to take into account presence of row access policy (#​24284)
  • compute: fixed allow_global_access to correctly be immutable for google_compute_forwarding_rule resources with load balancing scheme of INTERNAL_MANAGED (#​24312)
  • compute: fixed a crash in google_compute_security_policy due to a changed API response for empty match.0.expr_options blocks (#​24353)
  • dialogflow: added support for non-global endpoints for google_dialogflow_conversation_profile (#​24351)
  • publicca: use RawURLEncoding instead of URLEncoding for unpadded base64 encoding (#​24283)
  • secretmanager: fixed a panic in google_secret_manager_secret_version in a secret_manager (#​24326)
  • workbench: fixed issue that resource creation with computed labels field fails in google_workbench_instance resource (#​24311)
  • workbench: made report-notebook-metrics metadata key settable for google_workbench_instance (#​24310)

v7.2.0

Compare Source

FEATURES:

  • New Data Source: google_artifact_registry_python_package (#​24267)
  • New Data Source: google_backup_dr_data_source_references (#​24268)
  • New Resource: google_discovery_engine_acl_config (#​24276)
  • New Resource: google_saas_runtime_unit_kind (#​24236)

IMPROVEMENTS:

  • chronicle: made the scope_info field in google_chronicle_reference_list configurable (#​24250)
  • compute: added header_action to path_matcher and default_service level on google_compute_region_url_map resource (#​24253)
  • container: added secret_manager_config.rotation_config field to google_container_cluster resource (#​24244)
  • container: added new fields memory_manager and topology_manager to google_container_cluster.node_config.kubelet_config and google_container_node_pool.node_config.kubelet_config (#​24277)
  • sql: added final_backup_description and final_backup_config fields to google_sql_database_instance resource (#​24273)
  • storage: added aws_s3_compatible_data_source to google_storage_transfer_job resource (#​24241)

BUG FIXES:

  • provider: fixed an issue with universe_domain where the provider tried to connect to "googleapis.com" for user email logging when universe_domain was set (#​24238)
  • container: fixed a faulty diff for arrays on user_managed_keys_config that caused faulty cluster updates to be triggered in google_container_cluster (#​24256)
  • osconfig: fixed a permadiff in google_osconfig_patch_deployment where patch_config.yum.minimal doesn't send false for empty values (#​24247)

v7.1.1

Compare Source

BUG FIXES:

  • bigtable: fixed an error encountered when applying google_bigtable_table_iam_* resources after upgrading to 7.x and replacing instance with instance_name (#​24255)

v7.1.0

Compare Source

DEPRECATIONS:

  • container: deprecated enterprise_config field in google_container_cluster resource. GKE Enterprise features are now available without an Enterprise tier. (#​24210)
  • storage: removed deprecated status for field to detect_md5hash in google_storage_bucket_object resource (#​24147)

FEATURES:

  • New Data Source: google_iap_web_forwarding_rule_service_iam_policy (#​24178)
  • New Resource: google_iap_web_forwarding_rule_service_iam_binding (#​24178)
  • New Resource: google_iap_web_forwarding_rule_service_iam_member (#​24178)
  • New Resource: google_iap_web_forwarding_rule_service_iam_policy (#​24178)

IMPROVEMENTS:

  • artifactregistry: added registry_uri as attribute to google_artifact_registry_repository (#​24164)
  • backupdr: added 'supported_resource_types' field to google_backup_dr_backup_plan resource (#​24189)
  • backupdr: added create_time field to google_backup_dr_backup data source (#​24183)
  • cloudbuild: added worker_config.enable_nested_virtualization field to google_cloudbuild_worker_pool resource (#​24176)
  • cloudrunv2: added support for multi_region_settings field to google_cloud_run_v2_service resource (#​24149)
  • compute: add params.resource_manager_tags field to the google_compute_region_backend_service (#​24191)
  • compute: added public_delegated_sub_prefixs field to resource google_compute_public_delegated_prefix (#​24202)
  • compute: added update_strategy field to google_compute_network_peering resource (#​24180)
  • firestore: added unique field to google_firestore_index resource (#​24163)
  • netapp: added qos_type and available_throughput_mibps fields to google_netapp_storage_pool resource (#​24161)
  • netapp: added throughput_mibps field to google_netapp_volume resource (#​24161)
  • networkservices: allowed EXPLICIT_ROUTING_MODE for routing_mode on google_network_services_gateway resource (#​24151)
  • sql: added consumer_network_status, ip_address, and status fields to psc_auto_connections field on google_sql_database_instance resource (#​24201)
  • storagetransfer: added service_account field to google_storage_transfer_job resource (#​24193)
  • storagetransfer: added transfer_spec.aws_s3_data_source.credentials_secret to google_storage_transfer_job resource (#​24152)

BUG FIXES:

  • compute: fixed certain spurious diffs for google_compute_region_backend_service.backend.group (#​24157)
  • compute: fixed permadiff on google_compute_region_network_endpoint_group when no network is specified (#​24182)
  • memorystore: fixed permadiffs that cause destroy+recreate on new google_memorystore_instance when desired_psc_auto_connections is set (#​24212)
  • netapp: fixed a permadiff on total_iops in google_netapp_storage_pool resource (#​24207)
  • oracledatabase: fixed permadiffs on google_oracle_database_autonomous_database resource for the odb_network and odb_subnet fields (#​24184)

v7.0.1

Compare Source

BUG FIXES:

  • storage: fixed a conversion crash in google_storage_bucket state migration #​24186

v7.0.0

Compare Source

Terraform Google Provider 7.0.0 Upgrade Guide

BREAKING RESOURCE REMOVALS:

  • beyondcorp: removed google_beyondcorp_application, its associated IAM resources google_beyondcorp_application_iam_binding, google_beyondcorp_application_iam_member, and google_beyondcorp_application_iam_policy, and the google_beyondcorp_application_iam_policy datasource. Use google_beyondcorp_security_gateway_application instead. #​23999
  • notebooks: removed google_notebooks_location #​23607
  • tpu: removed google_tpu_node. Use google_tpu_v2_vm instead. #​23964

BREAKING FIELD REMOVALS:

  • cloudrunv2: removed template.containers.depends_on within resource google_cloud_run_v2_worker_pool #​23815
  • colab: removed post_startup_script_config field from from google_colab_runtime_template resource #​24026
  • compute: removed field enable_flow_logs from google_compute_subnetwork #​23704
  • gkehub: removed configmanagement.binauthz field in google_gke_hub_feature_membership #​24076
  • gkehub: removed description field in google_gke_hub_membership #​23587
  • memorystore: removed allow_fewer_zones_deployment field from google_memorystore_instance resource because it isn't user-configurable #​24079
  • redis: removed allow_fewer_zones_deployment field from google_redis_cluster resource because it isn't user-configurable #​24079
  • resourcemanager: removed non-functional project field from google_service_account_key datasource #​24000
  • vertexai: removed enable_secure_private_service_connect in google_vertex_ai_endpoint #​23843

BREAKING INCREASED VALIDATION:

  • cloudfunctions2: made event_type a required field for event_trigger in google_cloudfunctions2_function #​23918
  • networkservices: made load_balancing_scheme required in google_network_services_lb_traffic_extension #​23748
  • sql: made password_wo_version required when password_wo is set in google_sql_user #​24083
  • storage: added validation requiring the topic field to be in the form "projects//topics/" in google_storage_notification #​24135
  • storagetransfer: added path validation for GCS path source and sink in google_storage_transfer_job #​23493
  • vertexai: made metadata, and metadata.config required in google_vertex_ai_index. Resource creation would fail without these attributes already, so no change is necessary to existing configurations. #​23971

OTHER BREAKING CHANGES:

  • alloydb: added deletion_protection field with a default value of true to google_alloydb_cluster resource #​24024
  • apigee: changed certs_info field in google_apigee_keystores_aliases_key_cert_file to be output-only #​24135
  • apigee: migrated google_apigee_keystores_aliases_key_cert_file to the plugin framework #​24135
  • artifactregistry: removed the default values for public_repository fields in google_artifact_registry_repository. If your state is reliant on them, they will now need to be manually included in your configuration. #​23970
  • bigquery: removed the default value of view.use_legacy_sql in google_bigquery_table #​24065
  • bigtable: renamed instance to instance_name for bigtable_table_iam objects #​23399
  • billing: made budget_filter.credit types and budget_filter.subaccounts no longer optional+computed, only optional, in google_billing_budget resource #​24078
  • cloudfunctions2: changed service_config.service field in google_cloudfunctions2_function resource to be output-only #​23790
  • compute: subnetworks and instances fields in google_compute_packet_mirroring have been converted from arrays to sets #​24021
  • compute: advertised_ip_ranges field group in google_compute_router has been converted from a list to a set #​24030
  • compute: disk.type, disk.mode and disk.interface no longer use provider configured default values and instead will be set by the API in google_compute_instance_template and google_compute_region_instance_template resources #​24055
  • provider: fixed many import functions throughout the provider that erroneously matched a subset of the provided input, leading to unclear error messages when using terraform input with invalid resource IDs. #​24010
  • resourcemanager: changed disable_on_destroy default value to false in google_project_service #​23951
  • securesourcemanager: changed deletion_policy default value from DELETE to PREVENT #​23963
  • storage: retention_period field in google_storage_bucket has been converted from int to string data type #​23535
  • storage: migrated google_storage_notification to the plugin framework #​24135

FEATURES:

  • New Data Source: google_artifact_registry_npm_package (#​24072)
  • New Data Source: google_certificate_manager_dns_authorization (#​24009)
  • New Resource: google_iap_web_region_forwarding_rule_service_iam_binding (#​24041)
  • New Resource: google_iap_web_region_forwarding_rule_service_iam_member (#​24041)
  • New Resource: google_iap_web_region_forwarding_rule_service_iam_policy (#​24041)
  • New Resource: google_saas_runtime_saas (#​24028)

IMPROVEMENTS:

  • cloudbuild: added developer_connect_event_config field to google_cloudbuild_trigger resource (#​24043)
  • cloudtasks: added desired_state field to google_cloud_tasks_queue resource (#​24053)
  • cloudrunv2: added max_instance_count field to google_cloud_run_v2_service resource. (#​24031)
  • compute: added params.resourceManagerTags field to the google_compute_backend_service (#​24062)
  • compute: added params.resource_manager_tags field to google_compute_backend_bucket (#​24068)
  • compute: added short_name field to google_compute_organization_security_policy resource (#​24059)
  • container: added cluster_autoscaling.default_compute_class_enabled field to google_container_cluster resource (#​24023)
  • dialogflowcx: added enableMultiLanguageTraining, locked, answerFeedbackSettings, personalizationSettings, clientCertificateSettings, startPlaybook, satisfiesPzs, and satisfiesPzi to google_dialogflow_cx_agent resource. (#​24007)
  • lustre: increased google_lustre_instance resource create timeout to 120m from 20m (#​24056)
  • oracledatabase: enabled default_from_api flag for ODB Network related fields in google_oracle_database_cloud_vm_cluster resource (#​24045)
  • sql: added feature to restore google_sql_database_instance using backupdr_backup (#​24066)
  • ssm: made ca_pool argument optional for private instances that use Google-managed trusted certificates.tosecure_source_manager` resource (#​24039)

BUG FIXES:

  • container: fixed issue where a failed creation on google_container_node_pool would result in an unrecoverable tainted state (#​24077)
  • gkeonprem: set default_from_api in image field in google_vmware_node_pool (#​24022)
  • workbench: made install-monitoring-agent metadata key settable for google_workbench_instance (#​24080)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot requested a review from a team as a code owner August 28, 2025 00:56
@dpebot
Copy link
Collaborator

dpebot commented Aug 28, 2025

/gcbrun

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@dpebot