NOTES:

• The google_sql_user resource now supports password_wo write-only arguments
• The google_bigquery_data_transfer_config resource now supports secret_access_key_wo write-only arguments
• The google_secret_version resource now supports secret_data_wo write-only arguments

IMPROVEMENTS:

• sql: added password_wo and password_wo_version fields to google_sql_user resource (#21616)
• bigquerydatatransfer: added secret_access_key_wo and secret_access_key_wo_version fields to google_bigquery_data_transfer_config resource (#21617)
• secretmanager: added secret_data_wo and secret_data_wo_version fields to google_secret_version resource (#21618)

NOTES:

• provider: The Terraform Provider for Google Cloud's regular release date will move from Monday to Tuesday in early March. The 2025/03/10 release will be made on 2025/03/11.

DEPRECATIONS:

• datacatalog: deprecated google_data_catalog_tag_template. Use google_dataplex_aspect_type instead. For steps to transition your Data Catalog users, workloads, and content to Dataplex Catalog, see https://cloud.google.com/dataplex/docs/transition-to-dataplex-catalog. (#9347)
• datacatalog: deprecated google_data_catalog_entry_group. Use google_dataplex_entry_group instead. For steps to transition your Data Catalog users, workloads, and content to Dataplex Catalog, see https://cloud.google.com/dataplex/docs/transition-to-dataplex-catalog. (#9349)

FEATURES:

• New Data Source: google_alloydb_cluster (#21496)
• New Data Source: google_project_ancestry (#21413)
• New Resource: google_gemini_data_sharing_with_google_setting_binding (#21479)
• New Resource: google_gemini_logging_setting_binding (#21429)
• New Resource: google_gemini_logging_setting (#21404)
• New Resource: google_spanner_instance_partition (#21475)

IMPROVEMENTS:

• backupdr: promoted google_backup_dr_management_server, google_backup_dr_backup_plan_association, and google_backup_dr_backup_plan resources to GA
• compute: added import_subnet_routes_with_public_ip and export_subnet_routes_with_public_ip fields to google_compute_network_peering_routes_config resource (#21405)
• developerconnect: added bitbucket_cloud_config and bitbucket_data_center_config fields to google_developer_connect_connection resource (#21433)
• gemini: promoted google_gemini_release_channel_setting resource to GA (#21481)
• iam: added extra_attributes_oauth2_client field to google_iam_workforce_pool_provider resource (#21430)
• iambeta: promoted google_iam_workload_identity_pool and google_iam_workload_identity_pool_provider data sources to GA (#21408)
• redis: added kms_key field to google_redis_cluster resource (#21428)
• tpuv2: added network_config field to google_tpu_v2_queued_resource resource (#21426)

BUG FIXES:

• apigee: fixed error when deleting google_apigee_organization (#21473)
• bigtable: fixed a bug where sometimes updating an instance's cluster list could result in an error if there was an existing cluster with autoscaling enabled (#21503)
• chronicle: fixed bug setting enabled on creation in google_chronicle_rule_deployment (#21460)

NOTES:

• provider: The Terraform Provider for Google Cloud's regular release date will move from Monday to Tuesday in early March. The 2025/03/10 release will be made on 2025/03/11.

FEATURES:

• New Data Source: google_alloydb_instance (#21383)
• New Resource: google_firebase_data_connect_service (#21368)
• New Resource: google_gemini_data_sharing_with_google_setting (#21393)
• New Resource: google_gemini_gemini_gcp_enablement_setting (#21357)
• New Resource: google_gemini_logging_setting_binding (#21354)
• New Resource: google_gemini_release_channel_setting (#21387
• New Resource: google_gemini_release_channel_setting_binding (#21387
• New Resource: google_netapp_volume_quota_rule (#21283)

IMPROVEMENTS:

• accesscontextmanager: added etag to access context manager directional policy resources google_access_context_manager_service_perimeter_dry_run_egress_policy, google_access_context_manager_service_perimeter_dry_run_ingress_policy, google_access_context_manager_service_perimeter_egress_policy and google_access_context_manager_service_perimeter_ingress_policy to prevent overriding changes (#21366)
• accesscontextmanager: added title field to policy blocks under google_access_context_manager_service_perimeter and variants (#21302)
• artifactregistry: set pageSize to 1000 to speedup google_artifact_registry_docker_image data source queries (#21360)
• compute: added labels field to google_compute_ha_vpn_gateway resource (#21385)
• compute: added validation for disk names in google_compute_disk (#21335)
• container: added new fields container_log_max_size, container_log_max_files, image_gc_low_threshold_percent, image_gc_high_threshold_percent, image_minimum_gc_age, image_maximum_gc_age, and allowed_unsafe_sysctls to node_kubelet_config block in google_container_cluster resource. (#21319)
• monitoring: added condition_sql field to google_monitoring_alert_policy resource (#21277)
• networkservices: added location field to google_network_services_mesh resource (#21337)
• securitycenter: added type, expiry_time field to google_scc_mute_config resource (#21318)

BUG FIXES:

• chronicle: fixed creation issues when optional fields were missing for google_chronicle_rule_deployment resource (#21389)
• databasemigrationservice: fixed error details type on google_database_migration_service_migration_job (#21279)
• networkservices: fixed a bug with google_network_services_authz_extension.wire_format sending an invalid default value by removing the Terraform default and letting the API set the default. (#21280)

NOTES:

• provider: The Terraform Provider for Google Cloud's regular release date will move from Monday to Tuesday in early March. The 2025/03/10 release will be made on 2025/03/11.
• compute: google_compute_firewall_policy now uses MMv1 engine instead of DCL. (#21235)

FEATURES:

• New Data Source: google_beyondcorp_application_iam_policy (#21199)
• New Data Source: google_parameter_manager_parameter_version_render (#21104)
• New Resource: google_beyondcorp_application (#21199)
• New Resource: google_beyondcorp_application_iam_binding (#21199)
• New Resource: google_beyondcorp_application_iam_member (#21199)
• New Resource: google_beyondcorp_application_iam_policy (#21199)
• New Resource: google_bigquery_analytics_hub_listing_subscription (#21189)
• New Resource: google_colab_notebook_execution (#21100)
• New Resource: google_colab_schedule (#21233)

IMPROVEMENTS:

• accesscontextmanager: added resource to sources in egress_from under resources google_access_context_manager_service_perimeter, google_access_context_manager_service_perimeters, google_access_context_manager_service_perimeter_egress_policy, google_access_context_manager_service_perimeter_dry_run_egress_policy (#21190)
• cloudrunv2: added base_image_uri and build_info to google_cloud_run_v2_service (#21236)
• colab: added auto_upgrade field to google_colab_runtime (#21214)
• colab: added software_config.post_startup_script_config field to google_colab_runtime_template (#21200)
• colab: added desired_state field to google_colab_runtime, making it startable/stoppable. (#21207)
• compute: added ip_collection field to google_compute_forwarding_rule resource (#21188)
• compute: added mode and allocatable_prefix_length fields to google_compute_public_delegated_prefix resource (#21216)
• compute: allow parallelization of google_compute_per_instance_config and google_compute_region_per_instance_config deletions by not locking on the parent resource, but including instance name. (#21095)
• container: added auto_monitoring_config field and subfields to the google_container_cluster resource (#21229)
• filestore: added initial_replication field for peer instance configuration and effective_replication output for replication configuration output to google_filestore_instance (#21194)
• memorystore: added CLUSTER_DISABLED to mode field in google_memorystore_instance (#21092)
• networkservices: added compression_mode and allowed_methods fields to google_network_services_edge_cache_service resource (#21195)
• privateca: added user_defined_access_urls and subfields to google_privateca_certificate_authority resource to add support for custom CDP AIA URLs (#21220)
• workbench: added enable_third_party_identity field to google_workbench_instance resource (#21265)

BUG FIXES:

• appengine: added a mitigation for an upcoming default change to standard_scheduler_settings.max_instances for new google_app_engine_standard_app_version resources. If the field is not specified in configuration, diffs will now be ignored. (#21257)
• bigquery: added diff suppression for legacy values in renewal_plan field in google_bigquery_capacity_commitment resource (#21103)
• compute: fixed google_compute_(region_)resize_request requiring region/zone to be specified in all cases. They can now be pulled from the provider. (#21264)
• container: reverted locking behavior in google_container_node_pool that caused regression of operation apply time spike started in v6.15 (#21102)
• gemini: fixed a bug where the force_destroy field in resource gemini_code_repository_index did not work properly (#21212)
• workbench: fixed a bug with google_workbench_instance metadata removal not working as expected (#21204)

NOTES:

• 5.45.2 contains no changes from 5.45.1. This release is being made to ensure that the version numbers of the google and google-beta provider releases remain aligned, as google-beta's 5.45.2 release contains a beta-only change.

DEPRECATIONS:

• beyondcorp: deprecated location on google_beyondcorp_security_gateway. The only valid value is global, which is now also the default value. The field will be removed in a future major release. (#21006)

FEATURES:

• New Data Source: google_parameter_manager_parameter_version (#21055)
• New Data Source: google_parameter_manager_parameters (#21043)
• New Data Source: google_parameter_manager_regional_parameter_version (#21073)
• New Resource: google_beyondcorp_security_gateway_iam_binding (#21078)
• New Resource: google_beyondcorp_security_gateway_iam_member (#21078)
• New Resource: google_beyondcorp_security_gateway_iam_policy (#21078)

IMPROVEMENTS:

• accesscontextmanager: added etag to google_access_context_manager_service_perimeter_dry_run_resource to prevent overriding list of resources (#21005)
• compute: allowed parallelization of google_compute_(region_)per_instance_config by not locking on the parent resource, but including instance name. (#21001)
• compute: added network_profile field to google_compute_network resource. (#21027)
• compute: added zero_advertised_route_priority field to google_compute_router_peer (#21024)
• container: added max_run_duration to node_config in google_container_cluster and google_container_node_pool (#21071)
• dataproc: added encryption_config to google_dataproc_workflow_template (#21077)
• gkehub2: added support for fleet_default_member_config.config_management.config_sync.metrics_gcp_service_account_email field to google_gke_hub_feature resource (#21042)
• iam: added prefix and regex fields to google_service_accounts data source (#21020)
• pubsub: added ingestion_data_source_settings.aws_msk and ingestion_data_source_settings.confluent_cloud fields to google_pubsub_topic resource (#20999)
• spanner: added encryption_config field to google_spanner_backup_schedule (#21067)
• workflows: added tags and workflow_tags fields to google_workflows_workflow resource (#21053)

BUG FIXES:

• alloydb: marked google_alloydb_user.password as sensitive (#21014)
• beyondcorp: corrected location to always be global in google_beyondcorp_security_gateway (#21006)
• cloudquotas: removed validation for parent in google_cloud_quotas_quota_adjuster_settings (#21054)
• compute: made google_compute_router_peer.advertised_route_priority use server-side default if unset. To set the value to 0 you must also set zero_advertised_route_priority = true. (#21024)
• container: fixed a diff caused by server-side set values for node_config.resource_labels (#21082)
• container: marked cluster_autoscaling.resource_limits.maximum as required, as requests would fail if it was not set (#21051)
• firestore: fixed error preventing deletion of wildcard google_firestore_field resources (#21034)
• netapp: fixed an issue where a diff on zone would be found if it was unspecified in google_netapp_storage_pool (#21060)
• networksecurity: fixed sporadic-diff in google_network_security_security_profile (#21070)
• spanner: fixed bug with google_spanner_instance.force_destroy not setting billing_project value correctly (#21023)
• storage: fixed an issue where plans with a dependency on the content field in the google_storage_bucket_object_content data source could erroneously fail (#21074)

BUG FIXES:

• container: fixed a diff caused by server-side set values for node_config.resource_labels (#21082)

NOTES:

• 5.45.1 is a backport release, responding to a new GKE label being applied that can cause unwanted diffs in node pools. The changes in this release will be available in 6.18.1 and users upgrading to 6.X should upgrade to that version or higher.

BUG FIXES:

• container: fixed a diff caused by server-side set values for node_config.resource_labels (#21082)

FEATURES:

• New Data Source: google_compute_instance_template_iam_policy (#20954)
• New Data Source: google_kms_key_handles (#20985)
• New Data Source: google_organizations (#20965)
• New Data Source: google_parameter_manager_parameter (#20953)
• New Data Source: google_parameter_manager_regional_parameters (#20958)
• New Resource: google_apihub_api_hub_instance (#20948)
• New Resource: google_chronicle_retrohunt (#20962)
• New Resource: google_colab_runtime (#20940)
• New Resource: google_colab_runtime_template_iam_binding (#20963)
• New Resource: google_colab_runtime_template_iam_member (#20963)
• New Resource: google_colab_runtime_template_iam_policy (#20963)
• New Resource: google_compute_instance_template_iam_binding (#20954)
• New Resource: google_compute_instance_template_iam_member (#20954)
• New Resource: google_compute_instance_template_iam_policy (#20954)
• New Resource: google_gemini_code_repository_index (GA) (#20941)
• New Resource: google_gemini_repository_group (GA) (#20941)
• New Resource: google_gemini_repository_group_iam_member (GA) (#20941)
• New Resource: google_gemini_repository_group_iam_binding (GA) (#20941)
• New Resource: google_gemini_repository_group_iam_policy (GA) (#20941)
• New Resource: google_parameter_manager_parameter_version (#20992)
• New Resource: google_redis_cluster_user_created_connections (#20977)

IMPROVEMENTS:

• alloydb: added support for skip_await_major_version_upgrade field in google_alloydb_cluster resource, allowing for major_version to be updated (#20923)
• apigee: added properties field to google_apigee_environment resource (#20932)
• bug: added support for setting custom_learned_route_priority to 0 in 'google_compute_router_peer' by adding the zero_custom_learned_route_priority field (#20952)
• cloudrunv2: added build_config to google_cloud_run_v2_service (#20979)
• compute: added pdp_scope field to google_compute_public_advertised_prefix resource (#20972)
• compute: adding labels field to google_compute_interconnect_attachment (#20971)
• compute: fixed a issue where custom_learned_route_priority was accidentally set to 0 during updates in 'google_compute_router_peer' (#20952)
• filestore: added support for tags field to google_filestore_instance resource (#20955)
• networksecurity: added custom_mirroring_profile and custom_intercept_profile fields to google_network_security_security_profile and google_network_security_security_profile_group resources (#20990)
• pubsub: added enforce_in_transit fields to google_pubsub_topic resource (#20926)
• pubsub: added ingestion_data_source_settings.azure_event_hubs field to google_pubsub_topic resource (#20922)
• redis: added psc_service_attachments field to google_redis_cluster resource, to enable use of the fine-grained resource google_redis_cluster_user_created_connections (#20977)

BUG FIXES:

• apigee: fixed properties field update on google_apigee_environment resource (#20987)
• artifactregistry: fixed perma-diff in google_artifact_registry_repository (#20989)
• compute: fixed failure when creating google_compute_global_forwarding_rule with labels targeting PSC endpoint (#20986)
• container: fixed additive_vpc_scope_dns_domain being ignored in Autopilot cluster definition (#20937)
• container: fixed propagation of node_pool_defaults.node_config_defaults.insecure_kubelet_readonly_port_enabled in node config. (#20936)
• iam: fixed missing result by adding pagination for data source google_service_accounts. (#20966)
• metastore: increased timeout on google_dataproc_metastore_service operations to 75m from 60m. This will expose server-returned reasons for operation failure instead of masking them with a Terraform timeout. (#20981)
• resourcemanager: added a slightly longer wait (two 10s checks bumped to 15s) for issues with billing associations in google_project. Default network deletion should succeed more often. (#20982)

FEATURES:

• New Resource: google_apigee_environment_addons_config (#20851)
• New Resource: google_chronicle_reference_list (beta) (#20895)
• New Resource: google_chronicle_rule_deployment (#20888)
• New Resource: google_chronicle_rule (#20868)
• New Resource: google_colab_runtime_template (#20898)
• New Resource: google_edgenetwork_interconnect_attachment (#20856)
• New Resource: google_parameter_manager_parameter (#20886)
• New Resource: google_parameter_manager_regional_parameter_version (#20914)
• New Resource: google_parameter_manager_regional_parameter (#20858)

IMPROVEMENTS:

• accesscontextmanager: added etag to google_access_context_manager_service_perimeter_resource to prevent overriding list of resources (#20910)
• compute: added BPS_100G enum value to bandwidth field of google_compute_interconnect_attachment. (#20884)
• compute: added support for IPV6_ONLY stack_type to google_compute_subnetwork, google_compute_instance, google_compute_instance_template and google_compute_region_instance_template. (#20850)
• compute: promoted bgp_best_path_selection_mode ,bgp_bps_always_compare_med and bgp_bps_inter_region_cost fields in google_compute_network from Beta to Ga (#20865)
• compute: promoted next_hop_origin ,next_hop_med and next_hop_inter_region_cost output fields in google_compute_route form Beta to GA (#20865)
• discoveryengine: added advanced_site_search_config field to google_discovery_engine_data_store resource (#20912)
• gemini: added force_destroy field to resource google_code_repository_index, enabling deletion of the resource even when it has dependent RepositoryGroups (#20881)
• networkservices: added in-place update support for ports field on google_network_services_gateway resource (#20908)
• sql: sql_source_representation_instance now uses string representation of databaseVersion (#20859)
• sql: added replication_cluster field to google_sql_database_instance resource (#20889)
• sql: added support of switchover for MySQL and PostgreSQL in google_sql_database_instance resource (#20889)
• workbench: changed container_image field of google_workbench_instance resource to modifiable. (#20894)

BUG FIXES:

• apigee: fixed error 404 for organization update requests. (#20854)
• artifactregistry: fixed artifact_registry_repository not accepting durations with 'm', 'h' or 'd' (#20902)
• networkservices: fixed bug where google_network_services_gateway could not be updated in place (#20908)
• storagetransfer: fixed a permadiff with transfer_spec.aws_s3_data_source.aws_access_key in google_storage_transfer_job (#20849)