Skip to content

Update terraform-gcp to v7 (major) #2223

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update terraform-gcp to v7 (major) #2223

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Sep 1, 2025
edited
Loading

This PR contains the following updates:

Package Type Update Change
google (source) required_provider major ~> 6.49.0 -> ~> 7.2.0
google (source) required_provider major ~> 6.5 -> ~> 7.0
google-beta (source) required_provider major ~> 6.49.0 -> ~> 7.2.0

Release Notes

hashicorp/terraform-provider-google (google)

v7.2.0

Compare Source

FEATURES:

  • New Data Source: google_artifact_registry_python_package (#​24267)
  • New Data Source: google_backup_dr_data_source_references (#​24268)
  • New Resource: google_discovery_engine_acl_config (#​24276)
  • New Resource: google_saas_runtime_unit_kind (#​24236)

IMPROVEMENTS:

  • chronicle: made the scope_info field in google_chronicle_reference_list configurable (#​24250)
  • compute: added header_action to path_matcher and default_service level on google_compute_region_url_map resource (#​24253)
  • container: added secret_manager_config.rotation_config field to google_container_cluster resource (#​24244)
  • container: added new fields memory_manager and topology_manager to google_container_cluster.node_config.kubelet_config and google_container_node_pool.node_config.kubelet_config (#​24277)
  • sql: added final_backup_description and final_backup_config fields to google_sql_database_instance resource (#​24273)
  • storage: added aws_s3_compatible_data_source to google_storage_transfer_job resource (#​24241)

BUG FIXES:

  • provider: fixed an issue with universe_domain where the provider tried to connect to "googleapis.com" for user email logging when universe_domain was set (#​24238)
  • container: fixed a faulty diff for arrays on user_managed_keys_config that caused faulty cluster updates to be triggered in google_container_cluster (#​24256)
  • osconfig: fixed a permadiff in google_osconfig_patch_deployment where patch_config.yum.minimal doesn't send false for empty values (#​24247)

v7.1.1

Compare Source

  • bigtable: fixed an error encountered when applying google_bigtable_table_iam_* resources after upgrading to 7.x and replacing instance with instance_name (#​24255)

v7.1.0

Compare Source

DEPRECATIONS:

  • container: deprecated enterprise_config field in google_container_cluster resource. GKE Enterprise features are now available without an Enterprise tier. (#​24210)
  • storage: removed deprecated status for field to detect_md5hash in google_storage_bucket_object resource (#​24147)

FEATURES:

  • New Data Source: google_iap_web_forwarding_rule_service_iam_policy (#​24178)
  • New Resource: google_iap_web_forwarding_rule_service_iam_binding (#​24178)
  • New Resource: google_iap_web_forwarding_rule_service_iam_member (#​24178)
  • New Resource: google_iap_web_forwarding_rule_service_iam_policy (#​24178)

IMPROVEMENTS:

  • artifactregistry: added registry_uri as attribute to google_artifact_registry_repository (#​24164)
  • backupdr: added 'supported_resource_types' field to google_backup_dr_backup_plan resource (#​24189)
  • backupdr: added create_time field to google_backup_dr_backup data source (#​24183)
  • cloudbuild: added worker_config.enable_nested_virtualization field to google_cloudbuild_worker_pool resource (#​24176)
  • cloudrunv2: added support for multi_region_settings field to google_cloud_run_v2_service resource (#​24149)
  • compute: add params.resource_manager_tags field to the google_compute_region_backend_service (#​24191)
  • compute: added public_delegated_sub_prefixs field to resource google_compute_public_delegated_prefix (#​24202)
  • compute: added update_strategy field to google_compute_network_peering resource (#​24180)
  • firestore: added unique field to google_firestore_index resource (#​24163)
  • netapp: added qos_type and available_throughput_mibps fields to google_netapp_storage_pool resource (#​24161)
  • netapp: added throughput_mibps field to google_netapp_volume resource (#​24161)
  • networkservices: allowed EXPLICIT_ROUTING_MODE for routing_mode on google_network_services_gateway resource (#​24151)
  • sql: added consumer_network_status, ip_address, and status fields to psc_auto_connections field on google_sql_database_instance resource (#​24201)
  • storagetransfer: added service_account field to google_storage_transfer_job resource (#​24193)
  • storagetransfer: added transfer_spec.aws_s3_data_source.credentials_secret to google_storage_transfer_job resource (#​24152)

BUG FIXES:

  • compute: fixed certain spurious diffs for google_compute_region_backend_service.backend.group (#​24157)
  • compute: fixed permadiff on google_compute_region_network_endpoint_group when no network is specified (#​24182)
  • memorystore: fixed permadiffs that cause destroy+recreate on new google_memorystore_instance when desired_psc_auto_connections is set (#​24212)
  • netapp: fixed a permadiff on total_iops in google_netapp_storage_pool resource (#​24207)
  • oracledatabase: fixed permadiffs on google_oracle_database_autonomous_database resource for the odb_network and odb_subnet fields (#​24184)

v7.0.1

Compare Source

BUG FIXES:

  • storage: fixed a conversion crash in google_storage_bucket state migration #​24186

v7.0.0

Compare Source

Terraform Google Provider 7.0.0 Upgrade Guide

BREAKING RESOURCE REMOVALS:

  • beyondcorp: removed google_beyondcorp_application, its associated IAM resources google_beyondcorp_application_iam_binding, google_beyondcorp_application_iam_member, and google_beyondcorp_application_iam_policy, and the google_beyondcorp_application_iam_policy datasource. Use google_beyondcorp_security_gateway_application instead. #​23999
  • notebooks: removed google_notebooks_location #​23607
  • tpu: removed google_tpu_node. Use google_tpu_v2_vm instead. #​23964

BREAKING FIELD REMOVALS:

  • cloudrunv2: removed template.containers.depends_on within resource google_cloud_run_v2_worker_pool #​23815
  • colab: removed post_startup_script_config field from from google_colab_runtime_template resource #​24026
  • compute: removed field enable_flow_logs from google_compute_subnetwork #​23704
  • gkehub: removed configmanagement.binauthz field in google_gke_hub_feature_membership #​24076
  • gkehub: removed description field in google_gke_hub_membership #​23587
  • memorystore: removed allow_fewer_zones_deployment field from google_memorystore_instance resource because it isn't user-configurable #​24079
  • redis: removed allow_fewer_zones_deployment field from google_redis_cluster resource because it isn't user-configurable #​24079
  • resourcemanager: removed non-functional project field from google_service_account_key datasource #​24000
  • vertexai: removed enable_secure_private_service_connect in google_vertex_ai_endpoint #​23843

BREAKING INCREASED VALIDATION:

  • cloudfunctions2: made event_type a required field for event_trigger in google_cloudfunctions2_function #​23918
  • networkservices: made load_balancing_scheme required in google_network_services_lb_traffic_extension #​23748
  • sql: made password_wo_version required when password_wo is set in google_sql_user #​24083
  • storage: added validation requiring the topic field to be in the form "projects//topics/" in google_storage_notification #​24135
  • storagetransfer: added path validation for GCS path source and sink in google_storage_transfer_job #​23493
  • vertexai: made metadata, and metadata.config required in google_vertex_ai_index. Resource creation would fail without these attributes already, so no change is necessary to existing configurations. #​23971

OTHER BREAKING CHANGES:

  • alloydb: added deletion_protection field with a default value of true to google_alloydb_cluster resource #​24024
  • apigee: changed certs_info field in google_apigee_keystores_aliases_key_cert_file to be output-only #​24135
  • apigee: migrated google_apigee_keystores_aliases_key_cert_file to the plugin framework #​24135
  • artifactregistry: removed the default values for public_repository fields in google_artifact_registry_repository. If your state is reliant on them, they will now need to be manually included in your configuration. #​23970
  • bigquery: removed the default value of view.use_legacy_sql in google_bigquery_table #​24065
  • bigtable: renamed instance to instance_name for bigtable_table_iam objects #​23399
  • billing: made budget_filter.credit types and budget_filter.subaccounts no longer optional+computed, only optional, in google_billing_budget resource #​24078
  • cloudfunctions2: changed service_config.service field in google_cloudfunctions2_function resource to be output-only #​23790
  • compute: subnetworks and instances fields in google_compute_packet_mirroring have been converted from arrays to sets #​24021
  • compute: advertised_ip_ranges field group in google_compute_router has been converted from a list to a set #​24030
  • compute: disk.type, disk.mode and disk.interface no longer use provider configured default values and instead will be set by the API in google_compute_instance_template and google_compute_region_instance_template resources #​24055
  • provider: fixed many import functions throughout the provider that erroneously matched a subset of the provided input, leading to unclear error messages when using terraform input with invalid resource IDs. #​24010
  • resourcemanager: changed disable_on_destroy default value to false in google_project_service #​23951
  • securesourcemanager: changed deletion_policy default value from DELETE to PREVENT #​23963
  • storage: retention_period field in google_storage_bucket has been converted from int to string data type #​23535
  • storage: migrated google_storage_notification to the plugin framework #​24135

FEATURES:

  • New Data Source: google_artifact_registry_npm_package (#​24072)
  • New Data Source: google_certificate_manager_dns_authorization (#​24009)
  • New Resource: google_iap_web_region_forwarding_rule_service_iam_binding (#​24041)
  • New Resource: google_iap_web_region_forwarding_rule_service_iam_member (#​24041)
  • New Resource: google_iap_web_region_forwarding_rule_service_iam_policy (#​24041)
  • New Resource: google_saas_runtime_saas (#​24028)

IMPROVEMENTS:

  • cloudbuild: added developer_connect_event_config field to google_cloudbuild_trigger resource (#​24043)
  • cloudtasks: added desired_state field to google_cloud_tasks_queue resource (#​24053)
  • cloudrunv2: added max_instance_count field to google_cloud_run_v2_service resource. (#​24031)
  • compute: added params.resourceManagerTags field to the google_compute_backend_service (#​24062)
  • compute: added params.resource_manager_tags field to google_compute_backend_bucket (#​24068)
  • compute: added short_name field to google_compute_organization_security_policy resource (#​24059)
  • container: added cluster_autoscaling.default_compute_class_enabled field to google_container_cluster resource (#​24023)
  • dialogflowcx: added enableMultiLanguageTraining, locked, answerFeedbackSettings, personalizationSettings, clientCertificateSettings, startPlaybook, satisfiesPzs, and satisfiesPzi to google_dialogflow_cx_agent resource. (#​24007)
  • lustre: increased google_lustre_instance resource create timeout to 120m from 20m (#​24056)
  • oracledatabase: enabled default_from_api flag for ODB Network related fields in google_oracle_database_cloud_vm_cluster resource (#​24045)
  • sql: added feature to restore google_sql_database_instance using backupdr_backup (#​24066)
  • ssm: made ca_pool argument optional for private instances that use Google-managed trusted certificates.tosecure_source_manager` resource (#​24039)

BUG FIXES:

  • container: fixed issue where a failed creation on google_container_node_pool would result in an unrecoverable tainted state (#​24077)
  • gkeonprem: set default_from_api in image field in google_vmware_node_pool (#​24022)
  • workbench: made install-monitoring-agent metadata key settable for google_workbench_instance (#​24080)
hashicorp/terraform-provider-google-beta (google-beta)

v7.2.0

Compare Source

FEATURES:

  • New Data Source: google_artifact_registry_python_package (#​10671)
  • New Data Source: google_backup_dr_data_source_references (#​10672)
  • New Resource: google_discovery_engine_acl_config (#​10680)
  • New Resource: google_saas_runtime_unit_kind (#​10652)

IMPROVEMENTS:

  • chronicle: made the scope_info field in google_chronicle_reference_list configurable (#​10663)
  • compute: added header_action to path_matcher and default_service level on google_compute_region_url_map resource (#​10665)
  • container: added secret_manager_config.rotation_config field to google_container_cluster resource (#​10659)
  • container: added new fields memory_manager and topology_manager to google_container_cluster.node_config.kubelet_config and google_container_node_pool.node_config.kubelet_config (#​10681)
  • healthcare: added consent_config field to google_healthcare_fhir_store resource (#​10666)
    New Resource: google_network_management_organization_vpc_flow_logs_config (#​10660)
  • sql: added final_backup_description and final_backup_config fields to google_sql_database_instance resource (#​10678)
  • storage: added aws_s3_compatible_data_source to google_storage_transfer_job resource (#​10656)

BUG FIXES:

  • provider: fixed an issue with universe_domain where the provider tried to connect to "googleapis.com" for user email logging when universe_domain was set (#​10654)
  • container: fixed a faulty diff for arrays on user_managed_keys_config that caused faulty cluster updates to be triggered in google_container_cluster (#​10668)
  • osconfig: fixed permadiff in google_osconfig_patch_deployment where patch_config.yum.minimal doesn't send false for empty values (#​10661)

v7.1.1

Compare Source

  • bigtable: fixed an error encountered when applying google_bigtable_table_iam_* resources after upgrading to 7.x and replacing instance with instance_name (#​10667)

v7.1.0

Compare Source

DEPRECATIONS:

  • container: deprecated enterprise_config field in google_container_cluster resource. GKE Enterprise features are now available without an Enterprise tier. (#​10646)
  • storage: removed deprecated status for field to detect_md5hash in google_storage_bucket_object resource (#​10605)

FEATURES:

  • New Data Source: google_iap_web_forwarding_rule_service_iam_policy (#​10621)
  • New Resource: google_iap_web_forwarding_rule_service_iam_binding (#​10621)
  • New Resource: google_iap_web_forwarding_rule_service_iam_member (#​10621)
  • New Resource: google_iap_web_forwarding_rule_service_iam_policy (#​10621)

IMPROVEMENTS:

  • artifactregistry: added registry_uri as attribute to google_artifact_registry_repository (#​10618)
  • backupdr: added create_time field to google_backup_dr_backup data source (#​10626)
  • cloudbuild: added worker_config.enable_nested_virtualization field to google_cloudbuild_worker_pool resource (#​10619)
  • cloudrunv2: added support for multi_region_settings field to google_cloud_run_v2_service resource (#​10607)
  • compute: add params.resource_manager_tags field to the google_compute_region_backend_service (#​10634)
  • compute: added public_delegated_sub_prefixs field to resource google_compute_public_delegated_prefix (#​10638)
  • compute: added update_strategy field to google_compute_network_peering resource (#​10623)
  • firestore: added unique field to google_firestore_index resource (#​10617)
  • netapp: added qos_type and available_throughput_mibps fields to google_netapp_storage_pool resource (#​10615)
  • netapp: added throughput_mibps field to google_netapp_volume resource (#​10615)
  • networkservices: allowed EXPLICIT_ROUTING_MODE for routing_mode on google_network_services_gateway resource (#​10608)
  • sql: added consumer_network_status, ip_address, and status fields to psc_auto_connections field on google_sql_database_instance resource (#​10637)
  • storagetransfer: added service_account field to google_storage_transfer_job resource (#​10635)
  • storagetransfer: added transfer_spec.aws_s3_data_source.credentials_secret to google_storage_transfer_job resource (#​10609)

BUG FIXES:

  • compute: fixed certain spurious diffs for google_compute_region_backend_service.backend.group (#​10611)
  • compute: fixed permadiff on google_compute_region_network_endpoint_group when no network is specified (#​10625)
  • memorystore: fixed permadiffs that cause destroy+recreate on new google_memorystore_instance when desired_psc_auto_connections is set (#​10648)
  • netapp: fixed a permadiff on total_iops in google_netapp_storage_pool resource (#​10643)
  • oracledatabase: fixed permadiffs on google_oracle_database_autonomous_database resource for the odb_network and odb_subnet fields (#​10627)

v7.0.1

Compare Source

BUG FIXES:

  • storage: fixed a conversion crash in google_storage_bucket state migration #​10629

v7.0.0

Compare Source

Terraform Google Provider 7.0.0 Upgrade Guide

BREAKING RESOURCE REMOVALS:

  • beyondcorp: removed google_beyondcorp_application, its associated IAM resources google_beyondcorp_application_iam_binding, google_beyondcorp_application_iam_member, and google_beyondcorp_application_iam_policy, and the google_beyondcorp_application_iam_policy datasource. Use google_beyondcorp_security_gateway_application instead. #​10536
  • notebooks: removed google_notebooks_location #​10350
  • tpu: removedgoogle_tpu_node. Use google_tpu_v2_vm instead. #​10516

BREAKING FIELD REMOVALS:

  • cloudrunv2: removed template.containers.depends_on within resource google_cloud_run_v2_worker_pool #​10444
  • colab: removed post_startup_script_config field from from google_colab_runtime_template resource #​10555
  • compute: removed field enable_flow_logs from google_compute_subnetwork #​10398
  • gkehub: removed configmanagement.binauthz field in google_gke_hub_feature_membership #​10585
  • gkehub: removed description field in google_gke_hub_membership #​10344
  • memorystore: removed allow_fewer_zones_deployment field from google_memorystore_instance resource because it isn't user-configurable #​10588
  • redis: removed allow_fewer_zones_deployment field from google_redis_cluster resource because it isn't user-configurable #​10588
  • resourcemanager: removed non-functional project field from google_service_account_key datasource #​10537

BREAKING INCREASED VALIDATION:

  • cloudfunctions2: made event_type a required field for event_trigger in google_cloudfunctions2_function #​10501
  • networkservices: made load_balancing_scheme required in google_network_services_lb_traffic_extension #​10419
  • sql: made password_wo_version required when password_wo is set in google_sql_user #​10591
  • storage: added validation requiring the topic field to be in the form "projects//topics/" in google_storage_notification #​10602
  • storagetransfer: added path validation for GCS path source and sink in google_storage_transfer_job #​10297
  • vertexai: made metadata, and metadata.config required in google_vertex_ai_index. Resource creation would fail without these attributes already, so no change is necessary to existing configurations. #​10520

OTHER BREAKING CHANGES:

  • provider: fixed many import functions throughout the provider that erroneously matched a subset of the provided input, leading to unclear error messages when using terraform input with invalid resource IDs. #​10545
  • alloydb: added deletion_protection field with a default value of true to google_alloydb_cluster resource #​10553
  • apigee: changed certs_info field in google_apigee_keystores_aliases_key_cert_file to be output-only #​10602
  • apigee: migrated google_apigee_keystores_aliases_key_cert_file to the plugin framework #​10602
  • artifactregistry: removed the default values for public_repository fields in google_artifact_registry_repository. If your state is reliant on them, they will now need to be manually included in your configuration. #​10519
  • bigquery: removed the default value of view.use_legacy_sql in google_bigquery_table #​10578
  • bigtable: renamed instance to instance_name for bigtable_table_iam objects #​10248
  • billing: made budget_filter.credit types and budget_filter.subaccounts no longer optional+computed, only optional, in google_billing_budget resource #​10587
  • cloudfunctions2: changed service_config.service field in google_cloudfunctions2_function resource to be output-only #​10432
  • compute: subnetworks and instances fields in google_compute_packet_mirroring have been converted from arrays to sets #​10550
  • compute: advertised_ip_ranges field group in google_compute_router has been converted from a list to a set #​10557
  • compute: disk.type, disk.mode and disk.interface no longer use provider configured default values and instead will be set by the API in google_compute_instance_template and google_compute_region_instance_template resources #​10569
  • gkehub: updated beta api endpoint from v1beta1 to v1beta #​10344
  • resourcemanager: changed disable_on_destroy default value to false in google_project_service #​10508
  • securesourcemanager: changed deletion_policy default value from DELETE to PREVENT #​10515
  • storage: changed retention_period to string data type in resource google_storage_bucket #​10311
  • storage: migrated google_storage_notification to the plugin framework #​10602

FEATURES:

  • New Data Source: google_artifact_registry_npm_package (#​10582)
  • New Data Source: google_certificate_manager_dns_authorization (#​10544)
  • New Resource: google_iap_web_region_forwarding_rule_service_iam_binding (#​10561)
  • New Resource: google_iap_web_region_forwarding_rule_service_iam_member (#​10561)
  • New Resource: google_iap_web_region_forwarding_rule_service_iam_policy (#​10561)
  • New Resource: google_saas_runtime_saas (#​10556)

IMPROVEMENTS:

  • bigquery: added support for "connection_properties" for bigquery to google_bigquery_job (beta) (#​10554)
  • cloudbuild: added developer_connect_event_config field to google_cloudbuild_trigger resource (#​10563)
  • cloudtasks: added desired_state field to google_cloud_tasks_queue resource (#​10567)
  • cloudrunv2: added max_instance_count field to google_cloud_run_v2_service resource. (#​10558)
  • compute: added params.resourceManagerTags field to the google_compute_backend_service (#​10575)
  • compute: added params.resource_manager_tags field to google_compute_backend_bucket (#​10581)
  • compute: added short_name field to google_compute_organization_security_policy resource (#​10572)
  • container: added cluster_autoscaling.default_compute_class_enabled field to google_container_cluster resource (#​10552)
  • dialogflowcx: added enableMultiLanguageTraining, locked, answerFeedbackSettings, personalizationSettings, clientCertificateSettings, startPlaybook, satisfiesPzs, and satisfiesPzi to google_dialogflow_cx_agent resource. (#​10543)
  • lustre: increased google_lustre_instance resource create timeout to 120m from 20m (#​10570)
  • oracledatabase: enabled default_from_api flag for ODB Network related fields in google_oracle_database_cloud_vm_cluster resource (#​10564)
  • sql: added feature to restore google_sql_database_instance using backupdr_backup (#​10579)
  • ssm: made ca_pool argument optional for private instances that use Google-managed trusted certificates.tosecure_source_manager` resource (#​10559)

BUG FIXES:

  • container: fixed issue where a failed creation on google_container_node_pool would result in an unrecoverable tainted state (#​10586)
  • gkeonprem: set default_from_api in image field in google_vmware_node_pool (#​10551)
  • workbench: made install-monitoring-agent metadata key settable for google_workbench_instance (#​10589)

Configuration

📅 Schedule: Branch creation - On day 1 and 15 of the month ( * * 1,15 * * ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot requested a review from commjoen as a code owner September 1, 2025 20:36
@renovate renovate bot added dependencies Pull requests that update a dependency file renovate labels Sep 1, 2025
@renovate renovate bot requested a review from bendehaan as a code owner September 1, 2025 20:36
@renovate renovate bot added dependencies Pull requests that update a dependency file renovate labels Sep 1, 2025
@renovate renovate bot force-pushed the renovate/major-terraform-gcp branch 10 times, most recently from a7a6136 to 836a953 Compare September 4, 2025 21:11
@renovate renovate bot force-pushed the renovate/major-terraform-gcp branch from 836a953 to c30e3f1 Compare September 9, 2025 20:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@commjoen commjoen Awaiting requested review from commjoen commjoen is a code owner

@bendehaan bendehaan Awaiting requested review from bendehaan bendehaan is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file renovate
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants