Update Terraform google to v4.6.0

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
google (source)	required_provider	major	< 4.0.0 -> < 5.0.0
google (source)	required_provider	minor	4.5.0 -> 4.6.0
google (source)	required_provider	minor	4.0.0 -> 4.6.0

---

Release Notes

hashicorp/terraform-provider-google

v4.6.0

Compare Source

BREAKING CHANGES:

• pubsub: changed google_pubsub_schema so that modifiying fields will recreate the resource rather than causing Terraform to report it would attempt an invalid update (#​10768)

FEATURES:

• New Data Source: google_container_aws_versions (#​10754)
• New Data Source: google_container_azure_versions (#​10754)
• New Resource: google_apigee_nat_address (#​10789)
• New Resource: google_network_connectivity_hub (#​10812)
• New Resource: google_container_aws_cluster (#​10754)
• New Resource: google_container_aws_node_pool (#​10754)
• New Resource: google_container_azure_client (#​10754)
• New Resource: google_container_azure_cluster (#​10754)
• New Resource: google_container_azure_node_pool (#​10754)

IMPROVEMENTS:

• bigquery: added ability to create a table with both a schema and view simultaneously to google_bigquery_table (#​10819)
• cloud_composer: Added GA support for following fields: web_server_network_access_control, database_config, web_server_config, encryption_config. (#​10827)
• cloud_composer: Added support for Cloud Composer master authorized networks flag (#​10780)
• cloud_composer: Added support for Cloud Composer v2 in GA. (#​10795)
• container: promoted node_config.0.boot_disk_kms_key of google_container_node_pool to GA (#​10829)
• osconfig: Added daily os config patch deployments (#​10807)
• storage: added configurable read timeout to google_storage_bucket (#​10781)

BUG FIXES:

• billingbudget: fixed a bug where google_billing_budget.budget_filter.labels was not updating. (#​10767)
• compute: fixed scenario where region_instance_group_manager would not start update if wait_for_instances was set and initial status was not STABLE (#​10818)
• healthcare: Added back self_link functionality which was accidentally removed in 4.0.0 release. (#​10808)
• pubsub: fixed update failure when attempting to change non-updatable resource google_pubsub_schema (#​10768)
• storage: fixed a bug where google_storage_bucket.lifecycle_rule.condition.days_since_custom_time was not updating. (#​10778)
• vpcaccess: Added back self_link functionality which was accidentally removed in 4.0.0 release. (#​10808)

v4.5.0

Compare Source

FEATURES:

• New Data Source: google_container_aws_versions (#​10754)
• New Data Source: google_container_azure_versions (#​10754)
• New Resource: google_container_aws_cluster (#​10754)
• New Resource: google_container_aws_node_pool (#​10754)
• New Resource: google_container_azure_client (#​10754)
• New Resource: google_container_azure_cluster (#​10754)
• New Resource: google_container_azure_node_pool (#​10754)

IMPROVEMENTS:

• bigquery: added the return_table_type field to google_bigquery_routine (#​10743)
• cloudbuild: added support for available_secrets to google_cloudbuild_trigger (#​10714)
• cloudfunctions: added support for min_instances to google_cloudfunctions_function (#​10712)
• composer: added support for Private Service Connect by adding field cloud_composer_connection_subnetwork in google_composer_environment (#​10724)
• compute: fixed bug where google_compute_instance's can_ip_forward could not be updated without recreating or restarting the instance. (#​10741)
• compute: added field public_access_prevention to resource bucket (beta) (#​10740)
• compute: added support for regional external HTTP(S) load balancer (#​10738)
• privateca: added support for setting default values for basic constraints for google_privateca_certificate, google_privateca_certificate_authority, and google_privateca_ca_pool via the non_ca and zero_max_issuer_path_length fields (#​10702)
• provider: enabled gRPC requests and response logging (#​10721)

BUG FIXES:

• assuredworkloads: fixed a bug preventing google_assured_workloads_workload from being created in any region other than us-central1 (#​10749)

v4.4.0

Compare Source

DEPRECATIONS:

• filestore: deprecated zone on google_filestore_instance in favor of location to allow for regional instances (#​10662)

FEATURES:

• New Resource: google_os_config_os_policy_assignment (#​10676)
• New Resource: google_recaptcha_enterprise_key (#​10672)
• New Resource: google_spanner_instance_iam_policy (#​10695)
• New Resource: google_spanner_instance_iam_binding (#​10695)
• New Resource: google_spanner_instance_iam_member (#​10695)

IMPROVEMENTS:

• filestore: added support for ENTERPRISE value on google_filestore_instance tier (#​10662)
• privateca: added support for setting default values for basic constraints for google_privateca_certificate, google_privateca_certificate_authority, and google_privateca_ca_pool via the non_ca and zero_max_issuer_path_length fields (#​10702)
• sql: added field allocated_ip_range to resource google_sql_database_instance (#​10687)

BUG FIXES:

• compute: fixed incorrectly failing validation for INTERNAL_MANAGED google_compute_region_backend_service. (#​10664)
• compute: fixed scenario where instance_group_manager would not start update if wait_for_instances was set and initial status was not STABLE (#​10680)
• container: fixed the ROUTES value for the networking_mode field in google_container_cluster. A recent API change unintentionally changed the default to a VPC_NATIVE cluster, and removed the ability to create a ROUTES-based one. Provider versions prior to this one will default to VPC_NATIVE due to this change, and are unable to create ROUTES clusters. (#​10686)

v4.3.0

Compare Source

FEATURES:

• New Data Source: google_compute_router_status (#​10573)
• New Data Source: google_folders (#​10658)
• New Resource: google_notebooks_runtime (#​10627)
• New Resource: google_vertex_ai_metadata_store (#​10657)
• New Resource: google_cloudbuild_worker_pool (#​10617)

IMPROVEMENTS:

• apigee: Added IAM support for google_apigee_environment. (#​10608)
• apigee: Added supported values for 'peeringCidrRange' in google_apigee_instance. (#​10636)
• cloudbuild: added display_name and annotations to google_cloudbuild_worker_pool for compatibility with new GA. (#​10617)
• container: added node_group to node_config for container clusters and node pools to support sole tenancy (#​10646)
• redis: Added Multi read replica field replicaCount , nodes, readEndpoint, readEndpointPort, readReplicasMode in google_redis_instance (#​10607)

BUG FIXES:

• essentialcontacts: marked updating email in google_essential_contacts_contact as requiring recreation (#​10592)
• privateca: fixed crlAccessUrls in CertificateAuthority (#​10577)

v4.2.1

Compare Source

BUG FIXES:

• provider: reverted a requirement in v4.2.0 for Terraform 0.13 and above. This release should be compatible with Terraform 0.12.31

v4.2.0

Compare Source

FEATURES:

• New Data Source: google_compute_router_status (#​10573)

IMPROVEMENTS:

• compute: added support for queue_count to google_compute_instance.network_interface and google_compute_instance_template.network_interface (#​10571)

BUG FIXES:

• all: fixed an issue where some documentation for new resources was not showing up in the GA provider if it was beta-only. (#​10545)
• bigquery: fixed update failure when attempting to change non-updatable fields in google_bigquery_routine. (#​10546)
• compute: fixed a bug when cache_mode is set to FORCE_CACHE_ALL on google_compute_backend_bucket (#​10572)
• compute: fixed a perma-diff on google_compute_region_health_check when log_config.enable is set to false (#​10553)
• servicedirectory: added support for vpc network configuration in google_service_directory_endpoint. (#​10569)

v4.1.0

Compare Source

IMPROVEMENTS:

• cloudrun: Added support for secrets to GA provider. (#​10519)
• compute: Added bfd to google_compute_router_peer (#​10487)
• container: added gcfs_config to node_config of google_container_node_pool resource (#​10499)
• container: promoted confidential_nodes field in google_container_cluster to GA (#​10531)
• provider: added retries for the resourceNotReady error returned when attempting to add resources to a recently-modified subnetwork (#​10498)
• pubsub: added message_retention_duration field to google_pubsub_topic (#​10501)

BUG FIXES:

• apigee: fixed a bug where multiple google_apigee_instance_attachment could not be used on the same google_apigee_instance (#​10520)
• bigquery: fixed a bug following import where schema is empty on google_bigquery_table (#​10521)
• billingbudget: fixed unable to provide labels on google_billing_budget (#​10490)
• compute: allowed source_disk to accept full image path on google_compute_snapshot (#​10516)
• compute: fixed a bug in google_compute_firewall that would cause changes in source_ranges to not correctly be applied (#​10515)
• logging: fixed a bug with updating description on google_logging_project_sink, google_logging_folder_sink and google_logging_organization_sink (#​10493)

v4.0.0

Compare Source

NOTES:

• compute: Google Compute Engine resources will now call the endpoint appropriate to the provider version rather than the beta endpoint by default (#​10429)
• container: Google Kubernetes Engine resources will now call the endpoint appropriate to the provider version rather than the beta endpoint by default (#​10430)

BREAKING CHANGES:

• appengine: marked google_app_engine_standard_app_version entrypoint as required (#​10425)
• compute: removed the ability to specify the trace-append or trace-ro as scopes in google_compute_instance, use trace instead (#​10377)
• compute: changed advanced_machine_features on google_compute_instance_template to track changes when the block is undefined in a user's config (#​10427)
• compute: changed source_ranges in google_compute_firewall_rule to track changes when it is not set in a config file (#​10439)
• compute: changed the import / drift detection behaviours for metadata_startup_script, metadata.startup-script in google_compute_instance. Now, metadata.startup-script will be set by default, and metadata_startup_script will only be set if present. (#​10392)
• compute: removed source_disk_link field from google_compute_snapshot (#​10424)
• compute: removed the enable_display field from google_compute_instance_template (#​10410)
• compute: removed the update_policy.min_ready_sec field from google_compute_instance_group_manager, google_compute_region_instance_group_manager (#​10410)
• container: instance_group_urls has been removed in favor of node_pool.managed_instance_group_urls (#​10442)
• container: changed default for enable_shielded_nodes to true for google_container_cluster (#​10403)
• container: changed master_auth.client_certificate_config to required (#​10441)
• container: removed master_auth.username and master_auth.password from google_container_cluster (#​10441)
• container: removed workload_metadata_configuration.node_metadata in favor of workload_metadata_configuration.mode in google_container_cluster (#​10400)
• container: removed the pod_security_policy_config field from google_container_cluster (#​10410)
• container: removed the workload_identity_config.0.identity_namespace field from google_container_cluster, use workload_identity_config.0.workload_pool instead (#​10410)
• project: removed ability to specify bigquery-json.googleapis.com, the provider will no longer convert it as the upstream API migration is finished. Use bigquery.googleapis.com instead. (#​10370)
• provider: changed credentials, access_token precedence so that credentials values in configuration take precedence over access_token values assigned through environment variables (#​10393)
• provider: removed redundant default scopes. The provider's default scopes when authenticating with credentials are now exclusively "https://www.googleapis.com/auth/cloud-platform" and "https://www.googleapis.com/auth/userinfo.email". (#​10374)
• pubsub: removed path field from google_pubsub_subscription (#​10424)
• resourcemanager: made google_project remove org_id and folder_id from state when they are removed from config (#​10373)
• resourcemanager: added conflict between org_id, folder_id at plan time in google_project (#​10373)
• resourcemanager: changed the project field to Required in all google_project_iam_* resources (#​10394)
• runtimeconfig: removed the Runtime Configurator service from the google (GA) provider including google_runtimeconfig_config, google_runtimeconfig_variable, google_runtimeconfig_config_iam_policy, google_runtimeconfig_config_iam_binding, google_runtimeconfig_config_iam_member, data.google_runtimeconfig_config. They are only available in the google-beta provider, as the underlying service is in beta. (#​10410)
• sql: added drift detection to the following google_sql_database_instance fields: activation_policy (defaults ALWAYS), availability_type (defaults ZONAL), disk_type (defaults PD_SSD), encryption_key_name (#​10412)
• sql: changed the database_version field to Required in google_sql_database_instance resource (#​10398)
• sql: removed the following google_sql_database_instance fields: authorized_gae_applications, crash_safe_replication, replication_type (#​10412)
• storage: removed bucket_policy_only from google_storage_bucket (#​10397)
• storage: changed the location field to required in google_storage_bucket (#​10399)

VALIDATION CHANGES:

• bigquery: at least one of statement_timeout_ms, statement_byte_budget, or key_result_statement is required on google_bigquery_job.query.script_options. (#​10371)
• bigquery: exactly one of query, load, copy or extract is required on google_bigquery_job (#​10371)
• bigquery: exactly one of source_table or source_model is required on google_bigquery_job.extract (#​10371)
• cloudbuild: exactly one of branch_name, commit_sha or tag_name is required on google_cloudbuild_trigger.build.source.repo_source (#​10371)
• compute: at least one of fixed_delay or percentage is required on google_compute_url_map.default_route_action.fault_injection_policy.delay (#​10371)
• compute: at least one of fixed or percent is required on google_compute_autoscaler.autoscaling_policy.scale_down_control.max_scaled_down_replicas (#​10371)
• compute: at least one of fixed or percent is required on google_compute_autoscaler.autoscaling_policy.scale_in_control.max_scaled_in_replicas (#​10371)
• compute: at least one of fixed or percent is required on google_compute_region_autoscaler.autoscaling_policy.scale_down_control.max_scaled_down_replicas (#​10371)
• compute: at least one of fixed or percent is required on google_compute_region_autoscaler.autoscaling_policy.scale_in_control.max_scaled_in_replicas (#​10371)
• compute: at least one of max_scaled_down_replicas or time_window_sec is required on google_compute_autoscaler.autoscaling_policy.scale_down_control (#​10371)
• compute: at least one of max_scaled_down_replicas or time_window_sec is required on google_compute_region_autoscaler.autoscaling_policy.scale_down_control (#​10371)
• compute: at least one of max_scaled_in_replicas or time_window_sec is required on google_compute_autoscaler.autoscaling_policy.scale_in_control.0. (#​10371)
• compute: at least one of max_scaled_in_replicas or time_window_sec is required on google_compute_region_autoscaler.autoscaling_policy.scale_in_control.0. (#​10371)
• compute: required one of source_tags, source_ranges or source_service_accounts on INGRESS google_compute_firewall resources (#​10369)
• dlp: at least one of start_time or end_time is required on google_data_loss_prevention_trigger.inspect_job.storage_config.timespan_config (#​10371)
• dlp: exactly one of url or regex_file_set is required on google_data_loss_prevention_trigger.inspect_job.storage_config.cloud_storage_options.file_set (#​10371)
• kms: removed self_link field from google_kms_crypto_key and google_kms_key_ring (#​10424)
• osconfig: at least one of linux_exec_step_config or windows_exec_step_config is required on google_os_config_patch_deployment.patch_config.post_step (#​10371)
• osconfig: at least one of linux_exec_step_config or windows_exec_step_config is required on google_os_config_patch_deployment.patch_config.pre_step (#​10371)
• osconfig: at least one of reboot_config, apt, yum, goo zypper, windows_update, pre_step or pre_step is required on google_os_config_patch_deployment.patch_config (#​10371)
• osconfig: at least one of security, minimal, excludes or exclusive_packages is required on google_os_config_patch_deployment.patch_config.yum (#​10371)
• osconfig: at least one of type, excludes or exclusive_packages is required on google_os_config_patch_deployment.patch_config.apt (#​10371)
• osconfig: at least one of with_optional, with_update, categories, severities, excludes or exclusive_patches is required on google_os_config_patch_deployment.patch_config.zypper (#​10371)
• osconfig: exactly one of classifications, excludes or exclusive_patches is required on google_os_config_patch_deployment.inspect_job.patch_config.windows_update (#​10371)
• spanner: at least one of num_nodes or processing_units is required on google_spanner_instance (#​10371)

IMPROVEMENTS:

• compute: added encrypted_interconnect_router to google_compute_router (#​10454)
• container: added managed_instance_group_urls to google_container_node_pool to replace instance_group_urls on google_container_cluster (#​10467)
• kms: added support for EKM to google_kms_crypto_key.protection_level (#​10391)
• project: added support for billing_project on google_project_service (#​10395)
• spanner: increased the default timeout on google_spanner_instance operations from 4 minutes to 20 minutes, significantly reducing the likelihood that resources will time out (#​10437)

BUG FIXES:

• bigquery: fixed a bug of cannot add required fields to an existing schema on google_bigquery_table (#​10421)
• compute: fixed a bug in updating multiple ttl fields on google_compute_backend_bucket (#​10375)
• compute: fixed a permadiff on subnetwork when it is optional on google_compute_network_endpoint_group (#​10420)
• compute: fixed perma-diff bug on log_config.enable of both google_compute_backend_service and google_compute_region_backend_service (#​10378)
• compute: fixed the google_compute_instance_group_manager.update_policy.0.min_ready_sec field so that updating it to 0 works (#​10457)
• compute: fixed the google_compute_region_instance_group_manager.update_policy.0.min_ready_sec field so that updating it to 0 works (#​10457)
• spanner: fixed the schema for data.google_spanner_instance so that non-configurable fields are considered outputs (#​10450)

---

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, click this checkbox.

---

This PR has been generated by WhiteSource Renovate. View repository job log here.

[nlamirault]

Depends on : terraform-google-modules/terraform-google-kubernetes-engine#1071