deps: Update Terraform google to v7.23.0

[renovate-bot]

This PR contains the following updates:

Package	Type	Update	Change
google (source)	required_provider	minor	7.16.0 → 7.23.0

---

Release Notes

hashicorp/terraform-provider-google (google)

v7.23.0

Compare Source

DEPRECATIONS:

• notebooks: google_notebooks_environment is deprecated and will be removed in a future major release. Use google_workbench_instance instead (#​26288)
• provider: google_*_iam_* resources and datasources will now show deprecation messages when their parent resource has been deprecated (#​26288)

FEATURES:

• New Data Source: google_oracle_database_odb_network (#​26290)
• New Data Source: google_oracle_database_odb_subnet (#​26290)
• New Resource: google_vector_search_collection (ga) (#​26353)

IMPROVEMENTS:

• alloydb: added dataplex_config field to google_alloydb_cluster resource (#​26304)
• biglake: added primary_location to google_biglake_iceberg_catalog resource (#​26307)
• compute: added params field to google_compute_external_vpn_gateway resource (ga) (#​26348)
• compute: added params field to google_compute_ha_vpn_gateway resource (ga) (#​26348)
• compute: added params field to google_compute_vpn_gateway resource (ga) (#​26348)
• compute: added params field to google_compute_vpn_tunnel resource (ga) (#​26348)
• compute: added storage_pool support to google_compute_instance_template and google_compute_region_instance_template disks (#​26347)
• container: added control_plane_disk_encryption_key_versions field to user_managed_keys_config in google_container_cluster resource (#​26289)
• dataproc: added cluster_type to google_dataproc_cluster resource (#​26350)
• dlp: added actions.publish_to_scc, actions.publish_to_chronicle, actions.export_data.sample_findings_table and targets.big_query_target.filter.table_reference.project_id fields to google_data_loss_prevention_discovery_config resource (#​26281)
• gkebackup: added protected_namespace_count field to google_gke_backup_backup_plan resource (#​26283)
• netapp: added mode field to google_netapp_storage_pool resource (#​26319)
• osconfig: added patch_config.skip_unpatchable_vms field to google_os_config_patch_deployment resource (#​26282)
• pubsub: added text_config field to google_pubsub_subscription resource (#​26329)

BUG FIXES:

• tags: fixed iam read-after-write consistency issue with conditions in google_tags_tag_key_iam_member resource (#​26330)

v7.22.0

Compare Source

DEPRECATIONS:

• dataplex: deprecated google_dataplex_data_asset. Use google_dataplex_data_product_data_asset instead. (#​26256)

FEATURES:

• New Resource: google_compute_organization_security_policy_rule (#​26202)
• New Resource: google_hypercomputecluster_cluster (#​26180)

IMPROVEMENTS:

• compute: initialize_params.size is now updatable in-place in the google_compute_instance resource (#​26195)
• compute: added dest_network_context, src_network_context and src_networks fields to google_compute_firewall_policy_rule resource (#​26227)
• compute: added dest_network_context, src_network_context and src_networks fields to google_compute_network_firewall_policy_rule resource (#​26227)
• compute: added dest_network_context, src_network_context and src_networks fields to google_compute_region_network_firewall_policy_rule resource (#​26227)
• container: promoted sandbox_config field in google_container_cluster and google_container_node_pool resources to GA (#​26247)
• developerconnect: added http_config field to google_developer_connect_connection resource (#​26232)
• filestore: added source_backupdr_backup field to google_filestore_instance resource (#​26238)
• gkehub2: added field spec.workloadidentity to resource google_gke_hub_feature (#​26259)
• iam: added AZURE_AD_GROUPS_DISPLAY_NAME enum value to extra_attributes_oauth2_client.attribute-type field in google_iam_workforce_pool_provider resource (#​26226)
• kms: added a KMS AutokeyConfig-specific 10s post-create/post-update (#​26236)
• networksecurity: added url_filtering_profile field to google_network_security_security_profile_group resource (#​26266)
• networksecurity: added url_filtering_profile field to google_network_security_security_profile resource (#​26266)
• networkservices: added support for use of multiple ports for google_network_services_gateway resources of type SECURE_WEB_GATEWAY (#​26265)
• sql: added auto_upgrade_enabled field to google_sql_database_instance resource. (#​26205)
• sql: added data_api_access field to google_sql_database_instance resource (#​26217)
• sql: added enhanced_query_insights_enabled field to google_sql_database_instance resource (#​26244)

BUG FIXES:

• datastream: fixed permadiff where google_datastream_connection_profile.salesforce_profile.oauth2_client_credentials.client_id is not read properly from the API (#​26201)
• servicenetworking: added retry when creating google_service_networking_connection if it looks like the service account permissions haven't yet propagated (#​26220)

v7.21.0

Compare Source

v7.20.0

Compare Source

FEATURES:

• New Data Source: google_access_context_manager_supported_service (#​26092)
• New Data Source: google_access_context_manager_supported_services (#​26092)
• New Data Source: google_backup_dr_data_sources (#​26080)
• New Data Source: google_kms_secret_asymmetric (#​26096)
• New Data Source: google_storage_bucket_object_contents (#​26054)
• New Resource: google_biglake_iceberg_namespace (#​26076)
• New Resource: google_compute_rollout_plan (#​26093)
• New Resource: google_oracle_database_exadb_vm_cluster (#​26021)
• New Resource: google_vector_search_collection (#​26098)

IMPROVEMENTS:

• alloydb: added write-only support for initial_user.password_wo to google_alloydb_cluster (#​26074)
• ces: added mcp_toolset field to google_ces_toolset resource (#​26025)
• compute: added allow_subnet_cidr_routes_overlap field to google_compute_subnetwork resource (#​26019)
• compute: added write-only support for private_key to google_compute_region_ssl_certificate resource (#​26072)
• compute: added write-only support for private_key to google_compute_ssl_certificate resource (#​26072)
• compute: added enable field to google_compute_packet_mirroring resource (#​26064)
• compute: added params field to google_compute_external_vpn_gateway resource (#​26089)
• compute: added params field to google_compute_ha_vpn_gateway resource (#​26089)
• compute: added params field to google_compute_interconnect_attachment resource (#​26042)
• compute: added params field to google_compute_vpn_gateway resource (#​26089)
• compute: added params field to google_compute_vpn_tunnel resource (#​26089)
• compute: added slice_controller_config field to google_container_cluster resource (#​26023)
• container: added additional_ip_ranges_config.status to google_container_cluster resource (#​26061)
• dataproc: added instance_flexibility_policy to master_config and worker_config in google_dataproc_cluster resource (#​26058)
• developerconnect: added target_projects field to google_developer_connect_insights_config resource (#​26073)
• filestore: added replica_action to google_filestore_instance resource (#​26082)
• networksecurity: added policy_profile, http_rules.0.to.0.operations.0.mcp to google_network_security_authz_policy resource (#​26090)
• networkservices: added ull_multicast_domain field to google_network_services_multicast_domain resource (#​26071)
• networkservices: relaxed load_balancing_scheme validation to support non-Backend Service targets in google_network_services_authz_extension (#​26090)
• spanner: added support for user_project_override in google_spanner_database_iam and google_spanner_instance_iam resources (#​26052)
• vmwareengine: added datastore_mount_config field to google_vmwareengine_cluster resource (#​26083)

BUG FIXES:

• bigquery: fixed permadiff with the collation field in google_bigquery_table.schema when it inherits the value from google_bigquery_dataset.default_collation (#​26065)
• bigqueryanalyticshub: fixed update failure for replica_locations in google_bigquery_analytics_hub_listing (#​26046)
• iam: fixed an issue where iam resources not retry on error 409 concurrent policy changes (#​26095)
• publicca: fixed mac_key fields not being properly set in google_public_ca_external_account_key (#​26099)

v7.19.0

Compare Source

DEPRECATIONS:

• backupdr: google_backupdr_restore_workload.name is deprecated and will be removed in a future major release. The backup is identified by the parameters (location, backup_vault_id, data_source_id, backup_id). (#​25986)
• publicca: google_public_ca_external_account_key.b64url_mac_key is deprecated and will be removed in a future major release. Use mac_key instead. (#​25964)

FEATURES:

• New Resource: google_network_security_mirroring_endpoint (#​25988)
• New Resource: google_network_security_mirroring_endpoint_group (#​25988)
• New Resource: google_backup_dr_restore_workload (#​26013)

IMPROVEMENTS:

• compute: added network_pass_through_lb_traffic_policy field to google_compute_region_backend_service resource (#​25994)
• compute: added RDMA_FALCON_POLICY and ULL_POLICY values to policy_type field in google_compute_region_network_firewall_policy, google_compute_region_network_firewall_policy_with_rules (#​25985)
• compute: added support for network_interface.network_attachment to google_compute_instance_template (#​25995)
• compute: added support for network_interface.network_attachment to google_compute_region_instance_template (#​25995)
• compute: added support for network_interface.vlan to google_compute_instance_template, enabling dynamic NIC (#​25995)
• compute: added support for network_interface.vlan to google_compute_instance, enabling dynamic NIC. Creating and deleting from an existing instance is not yet supported. (#​25995)
• compute: added support for network_interface.vlan to google_compute_region_instance_template, enabling dynamic NIC (#​25995)
• discoveryengine: added knowledge_graph_config field to google_discovery_engine_search_engine resource (#​25980)
• firestore: added firestore_data_access_mode, mongodb_compatible_data_acess_mode, and realtime_updates_mode fields to the google_firestore_database resource (#​26000)
• firestore: added deletion_policy virtual field to google_firestore_index resource (#​25984)
• monitoring: added write-only variants (auth_token_wo + auth_token_wo_version, password_wo + password_wo_version, service_key_wo + service_key_wo_version) for google_monitoring_notification_channel.sensitive_labels (#​25983)
• networkconnectivity: added support for update operation on google_network_connectivity_gateway_advertised_route resource (#​25945)
• provider: added a configurable poll_interval field to the provider for rare cases where it is being used in latency-sensitive situations. This can be set to a custom duration to change operation polling intervals. The default is unchanged, at 10s. (#​26008)
• publicca: added mac_key to google_public_ca_external_account_key (#​25964)
• run: added readiness_probe field to google_cloud_run_v2_service resource (#​26003)
• vertexai: added support for developer_connect_source to spec.source_code_spec in google_vertex_ai_reasoning_engine (#​26011)

BUG FIXES:

• compute: fixed issue where it wasn't possible to set both ssl_certificates and certificate_map in google_compute_target_ssl_proxy (#​26012)
• container: fixed an issue when toggling default_compute_class_enabled in google_container_cluster with Autopilot enabled (#​25966)
• firebaseailogic: fixed bug in google_firebase_ai_logic_config.generative_language_config.api_key_wo where the value set wouldn't be sent to the API. (#​25983)
• publicca: fixed b64url_mac_key sometimes being empty in google_public_ca_external_account_key (#​25964)

v7.18.0

Compare Source

BREAKING CHANGES:

• alloydb: removed the incorrect top-level field last_successful_backup_consistency_time from google_backup_dr_backup_plan_association. No value has been present in this output-only field. (#​25928)

FEATURES:

• New Resource: google_dataplex_data_asset (#​25922)
• New Resource: google_logging_saved_query (#​25921)

IMPROVEMENTS:

• alloydb: added restore_backupdr_backup_source, restore_backupdr_pitr_source, and backupdr_backup_source to google_alloydb_cluster (#​25928)
• alloydb: added rules_config_info.last_successful_backup_consistency_time to google_backup_dr_backup_plan_association (#​25928)
• compute: updated target_service field to support update-in-place in google_compute_service_attachment resource (#​25924)
• datafusion: added patch_revision field to google_data_fusion_instance resource (#​25923)
• firestore: added skip_wait field to google_firestore_index resource, skipping the wait for index creation (#​25934)
• gkeonprem: added skip_validations field to google_gkeonprem_vmware_cluster resource (#​25917)
• sql: added database_role field and iam_email field to google_sql_user resource to support managing Cloud SQL users with database roles. (#​25926)

BUG FIXES:

• cloudbuild: fixed google_cloudbuild_trigger to allow creation without source configuration for manual triggers (#​25925)
• cloudrunv2: fix permadiff on scaling.scaling_mode in google_cloud_run_v2_worker_pool (#​25927)
• compute: resolved issues where show_nat_ips and nat_ips in google_compute_service_attachment were causing test failures due to an underlying API problem. These fields are now temporarily non-functional and will be ignored. (#​25908)
• container: fixed a bug in google_container_node_pool that prevented creation when blue_green_settings was specified (#​25916)
• container: fixed perma-diff in google_container_cluster when setting resource_limits with disabled node autoprovisioning (#​25929)

v7.17.0

Compare Source

BREAKING CHANGES:

• networkconnectivity: changed services in google_network_connectivity_multicloud_data_transfer_config from TypeList to TypeSet. The order of or value of interpolations referencing the field may change. (#​25767)

FEATURES:

• New Resource: google_dataplex_data_product (#​25844)
• New Resource: google_dialogflow_cx_tool_version (#​25809)
• New Resource: google_firebase_ai_logic_config (#​25846)
• New Resource: google_firebase_ai_logic_prompt_template (#​25862)
• New Resource: google_firebase_ai_logic_prompt_template_lock (#​25877)
• New Resource: google_saas_runtime_unit_operation (#​25760)
• New Resource: google_vmwareengine_datastore (#​25845)
• New Data Source: google_vmwareengine_datastore (#​25845)

IMPROVEMENTS:

• backupdr: added support for restore compute instance and disk (#​25723)
• bigquery: added source_column_match field to csv_options in google_bigquery_table resource (#​25868)
• compute: added FIPS_202205 enum to PROFILE field in SSL_POLICY and REGION_SSL_POLICY resources, and added TLS_1_3 enum to MIN_TLS_VERSION field in SSL_POLICY and REGION_SSL_POLICY resources. (#​25777)
• compute: added attachments field to google_compute_interconnect_attachment_group.logicalStructure.regions.metros.facilities.zones and deprecated attachment field (#​25842)
• compute: added enable_enhanced_ipv4_allocation field to google_compute_public_delegated_prefix resource (#​25732)
• compute: added ip_collection field to google_compute_address resource (#​25732)
• compute: added source_instant_snapshot field to google_compute_snapshot resource (#​25780)
• compute: added support for "IF_L2_FORWARDING" as a value for the availableFeatures field of the google_compute_interconnect resource (#​25751)
• compute: added support for "IF_L2_FORWARDING" as a value for the requestedFeatures field of the google_compute_interconnect resource (#​25751)
• compute: added support for "L2_DEDICATED" as a value for the type field of the google_compute_interconnect_attachment resource. (#​25751)
• compute: added support for igmp_query field in google_compute_instance, google_compute_instance_template, and related instance resources. (#​25752)
• compute: added support for the l2Forwarding field to google_compute_interconnect_attachment (#​25751)
• compute: promoted request_body_inspection_size to GA in google_compute_security_policy resource (ga) (#​25775)
• container: added accelerator_network_config field to node_pool resource (#​25856)
• container: added managed_opentelemetry_config to google_container_cluster resource (#​25861)
• container: added node_drain_config field to google_container_node_pool resources (#​25791)
• container: improved google_container_cluster reconciliation time by caching node pools and instance group managers after a list call instead of getting each one seperately. (#​25784)
• datastream: added backfill_all.spanner_excluded_objects and source_config.spanner_source_config fields to google_datastream_stream (#​25804)
• datastream: added spanner_profile field to google_datastream_connection_profile (#​25804)
• dialogflowcx: added serviceAccountAuthConfig field to google_dialogflow_cx_webhook resource (#​25781)
• oracledatabase: added peerAutonomousDatabases, disasterRecoverySupportedLocations, sourceConfig fields to Autonomous database resource. (#​25859)
• tags: added allowed_values_regex field to google_tags_tag_key resource (#​25869)
• tags: added support for dynamic tag keys in google_tags_tag_binding and google_tags_location_tag_binding resources (#​25874)
• vertex_ai: added deployment_spec.psc_interface_config to google_vertex_ai_reasoning_engine (#​25765)

BUG FIXES:

• bigquery: fixed permadiff with the collation field in google_bigquery_table.schema (#​25762)
• cloudasset: fixed bug in google_cloud_asset_folder_feed where folder_id was always empty (#​25798)
• cloudbuild: fixed permadiff on google_cloudbuild_trigger.pubsub_config.service_account_email (#​25792)
• compute: fix crash when specifying an empty instance_flexibility_policy block on the google_compute_region_instance_group_manager resource (#​25731)
• compute: fixed a permadiff that could occur when using mixed short and long form IPv6 addresses in the source_ranges field of google_compute_firewall (#​25867)
• iambeta: fixed a permadiff that could occur in the jwks_json field for google_iam_workload_identity_pool_provider resource (#​25847)
• netapp: fixed export_policy update bug with squash_mode in netapp volume (#​25776)
• networkconnectivity: fixed a diff on services in google_network_connectivity_multicloud_data_transfer_config reordering elements (#​25767)
• sql: fixed an issue where transient server errors caused false failures for SQL operations that eventually completed successfully (#​25735)
• workbench: made enable-jupyterlab4 metadata key settable for google_workbench_instance (#​25769)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.