chore(deps): update bump-dependencies

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
github.com/libops/terraform-cloudrun-v2	module	minor	0.3.3 → 0.5.0
google (source)	required_provider	minor	7.10.0 → 7.14.1
hashicorp/vault		patch	1.21.0 → 1.21.1

---

Release Notes

libops/terraform-cloudrun-v2 (github.com/libops/terraform-cloudrun-v2)

v0.5.0

Compare Source

v0.4.0

Compare Source

v0.3.4

Compare Source

hashicorp/terraform-provider-google (google)

v7.14.1

Compare Source

BUG FIXES:

• provider: fixed an issue where error type 409 and 412 were not being correctly retried. This commonly shows up in IAM resources, but can appear in other resources as well (#​25596)
• servicedirectory: fixed an issue where google_service_directory_endpoint or google_service_directory_service without metadata specified would have other fields removed on update (#​25588)

v7.14.0

Compare Source

DEPRECATIONS:

• managedkafka: added deprecation warning for google_managed_kafka_connect_cluster additional_subnets field (#​25487)

FEATURES:

• New Data Source: google_artifact_registry_versions (#​25512)
• New Data Source: google_cloud_identity_policies (#​25513)
• New Data Source: google_compute_region_security_policy (#​25488)
• New Data Source: google_compute_storage_pool (#​25485)
• New Resource: google_compute_cross_site_network (#​25479)
• New Resource: google_compute_wire_group (#​25479)
• New Resource: google_network_services_multicast_group_consumer_activation (#​25515)
• New Resource: google_network_services_multicast_group_producer_activation (#​25472)

IMPROVEMENTS:

• alloydb: added connection_pool_config, connection_pool_config.enabled and connection_pool_config.flags in google_alloydb_instance resource (#​25484)
• colab: added software_config.post_startup_script_config field to google_colab_runtime_template (#​25509)
• compute: added new field instance_flexibility_policy.instance_selection.min_cpu_platform & instance_flexibility_policy.instance_selection.disks to google_compute_region_instance_group_manager (#​25444)
• dataplex: removed the need for import in google_dataplex_entry when using first party source systems (#​25507)
• dataproc: added auto_stop_time and idle_stop_ttl to google_dataproc_cluster resource (#​25456)
• eventarc: added retry_policy field to google_eventarc_trigger resource (#​25467)
• networksecurity: enabled in-place update for custom_mirroring_profile.mirroring_deployment_groups on google_network_security_security_profile (#​25508)
• spanner: added autoscaling_config.autoscaling_targets.total_cpu_utilization_percent field to google_spanner_instance resource (#​25495)
• sql: added changes to ignore changes in backup configuration's fields like enabled, binary_log_enabled, start_time, point_in_time_recovery_enabled, transaction_log_retention_days and backup_retention_settings.retained_backups in google_sql_database_instance if the instance is managed by Google Cloud Backup and Disaster (DR) Recovery Service. (#​25516)

BUG FIXES:

• compute: fixed google_compute_network in-place update to enable enable_ula_internal_ipv6. (#​25468)
• iam: fixed error 409 concurrency policy changes by correctly detecting the error type. (#​25473)
• sql: fixed an issue where the computed psc_service_attachment_link attribute was not being exported properly in google_sql_database_instance resource and datasources (#​25510)

v7.13.0

Compare Source

NOTES:

• alloydb: reverted requiring initial_user.password as required on create for new google_alloydb_cluster resources, instead initial_user.password or initial_user.user must be set if initial_user is specified for google_alloydb_cluster resources (#​25366)
• privateca: modified encryption_spec field from google_privateca_ca_pool resource to be mutable and allow cmek key rotation (#​25267)

DEPRECATIONS:

• cloudquotas: deprecated effective_container and effective_enablement fields in the google_cloud_quotas_quota_adjuster_settings resource (#​25443)
• dlp: deprecated publish_findings_to_cloud_data_catalog field in google_data_loss_prevention_job_trigger resource. Use publish_findings_to_dataplex_catalog field instead. (#​25250)
• networkservices: removed google_service_binding resource due to service binding support being disabled (#​25367)

FEATURES:

• New Resource: google_ces_app_version (#​25297)
• New Resource: google_compute_organization_security_policy (#​25322)
• New Resource: google_dialogflow_generator (#​25340)
• New Resource: google_dialogflow_version (#​25179)
• New Resource: google_discovery_engine_widget_config (#​25378)
• New Resource: google_iam_workforce_pool_provider_scim_token (#​25270)
• New Resource: google_network_services_lb_edge_extension (#​25299)
• New Resource: google_network_services_multicast_consumer_association (#​25321)
• New Resource: google_network_services_multicast_group_range_activation (#​25386)
• New Resource: google_network_services_multicast_group_range (#​25353)
• New Resource: google_network_services_multicast_producer_association (#​25291)

IMPROVEMENTS:

• alloydb: added password_wo and password_wo_version fields to google_alloydb_user resource (#​25266)
• apphub: added identity field to google_apphub_service and google_apphub_workload resources (#​25363)
• backupdr: added encryption_config field to google_backup_dr_backup_vault resource (#​25221)
• ces: added client_function.parameters.max_items, client_function.parameters.min_items, client_function.parameters.maximum, client_function.parameters.minimum, client_function.parameters.title, client_function.response.max_items, client_function.response.min_items, client_function.response.maximum, client_function.response.minimum, and client_function.response.title fields to google_ces_tool resource (#​25309)
• ces: added entry_agent field to google_ces_example resource (#​25182)
• ces: added google_search_tool.context_urls, google_search_tool.preferred_domains, and open_api_tool.api_authentication.bearer_token_config fields to google_ces_tool resource (#​25309)
• ces: added message.chunk.tool_response and message.chunk.tool_call fields to google_ces_example resource (#​25182)
• ces: added pinned and variable_declarations.schema.title fields to google_ces_app resource (#​25233)
• cloudsecuritycompliance: added cloud_control_details.parameters.parameter_value.oneof_value fields to google_cloud_security_compliance_framework_deployment resource (#​25382)
• cloudsecuritycompliance: added cloud_control_details.parameters.parameter_value.oneof_value fields to google_cloud_security_compliance_framework resource (#​25382)
• cloudsecuritycompliance: added parameter_spec.default_value.oneof_value and validation.allowed_values.values.oneof_value fields to google_cloud_security_compliance_cloud_control resource (#​25441)
• cloudsecuritycompliance: added sub_parameters field to google_cloud_security_compliance_cloud_control resource (#​25441)
• colab: added custom_environment_spec field to google_colab_notebook_execution resource (#​25379)
• compute: added network_pass_through_lb_traffic_policy field to google_compute_region_backend_service resource. (#​25223)
• compute: added params field to google_compute_interconnect resource (#​25350)
• compute: added show_nat_ips and nat_ips fields to google_compute_service_attachment (#​25296)
• compute: added snapshot_type field to google_compute_snapshot resource (#​25348)
• compute: added new field instance_flexibility_policy.instance_selection.min_cpu_platform & instance_flexibility_policy.instance_selection.disks to google_compute_region_instance_group_manager (#​25444)
• container: added autoscaled_rollout_policy field to google_container_node_pool resource (beta) (#​25362)
• container: added node_kernel_module_loading.policy field to google_container_node_pool and google_container_cluster resources (#​25383)
• filestore: added support for updating directory_services fields in place in google_filestore_instance (#​25315)
• iamworkforcepool: added claim_mapping, purge_time, and service_agent fields to google_iam_workforce_pool_provider_scim_tenant resource (#​25270)
• looker: added controlled_egress_enabled and controlled_egress_config fields to google_looker_instance resource (#​25214)
• lustre: added kms_key field to google_lustre_instance resource (#​25261)
• modelarmor: added google_mcp_server_floor_setting field to google_model_armor_floorsetting resource (#​25313)
• monitoring: fixes an issue with google_monitoring_alert_policy where it ignores the resource project during Import (#​25287)
• netapp: added public docs link for google_netapp_host_group resource (#​25368)
• netapp: added 'nfsv4' to custom update export_policy object in google_netapp_volume resource (#​25442)
• oracledatabase: added properties.cpu_core_count, properties.secret_id, and properties.vault_id fields to google_oracle_database_autonomous resource (#​25264)
• oracledatabase: added properties.time_zone.version field to google_oracle_database_cloud_vm_cluster resource (#​25264)
• servicedirectory: promoted google_service_directory_namespace, google_service_directory_service, and google_service_directory_endpoint to GA (#​25177)
• servicedirectory: replaced metadata KeyValuePair with annotations KeyValueAnnotations in google_service_directory_service, and google_service_directory_endpoint resources (#​25177)
• sql: added write-only argument for root_password in google_sql_database_instance resource (#​25252)
• storage: added contexts for resource google_storage_bucket_object (#​25346)
• vertex_ai: added resourceLimits, minInstances, maxInstances, containerConcurrency and sourceCodeSpec fields to google_vertex_ai_reasoning_engine resource (#​25349)

BUG FIXES:

• bigquery: fixed the permadiff when email field values contain non-lower-case characters in access in google_bigquery_dataset (#​25317)
• bigquery: fixed the permadiff when table schema is unchanged for a google_bigquery_table with row access policies (#​25256)
• cloudrunv2: fixed permadiff if scaling field is unset on resource google_cloud_run_v2_service (#​25310)
• compute: fixed an issue where the bgp_always_compare_med field could not be unset in in google_compute_network. It can now be unset by configuring the new field delete_bgp_always_compare_med to a value of true. (#​25288)
• compute: fixed crashes when no network_endpoints block specified in google_compute_network_endpoints resource or no network endpoints exist (#​25220)
• compute: fixed the terms field in google_compute_router_route_policy to be updatable without forcing resource recreation (#​25289)
• container: fixed a perpetual diff in google_container_cluster resource when enable_l4_ilb_subsetting is enabled by the GKE control plane and not explicitly set in the configuration (#​25323)
• dialogflowcx: fixed update_mask in google_dialogflow_cx_playbook where a granular update mask is required. (#​25254)
• discoveryengine: fixed a permadiff on advanced_site_search_config in google_discovery_engine_data_store resource (#​25387)
• iamworkforcepool: fixed bug in google_iam_workforce_pool_provider_scim_token where base_uri wasn't set correctly from the API (#​25270)
• logging: fixed an issue with google_logging_*_sink.include_children fields not being updatable to true (#​25247)
• memorystore: fixed an issue where a permadiff on desired_auto_created_endpoints caused the google_memorystore_instance resource to recreated. (#​25278)
• spanner: prevented recreation when kms_key_name and kms_key_names are same for google_spanner_database (#​25215)

v7.12.0

Compare Source

DEPRECATIONS:

• backupdr: deprecated required_type in google_backup_dr_backup_plan_associations and google_backup_dr_data_source_references. Both resources no longer have functionality, and will be removed in the next major release. (#​25107)

FEATURES:

• New Resource: google_ces_agent (#​25106)
• New Resource: google_ces_guardrail (#​25112)
• New Resource: google_ces_tool (#​25113)
• New Resource: google_cloud_security_compliance_cloud_control (#​25137)
• New Resource: google_cloud_security_compliance_framework_deployment (#​25138)
• New Resource: google_cloud_security_compliance_framework (#​25111)
• New Resource: google_discovery_engine_serving_config (#​25105)
• New Resource: google_oracle_database_exascale_db_storage_vault (#​25129)

IMPROVEMENTS:

• apphub: added functional_type, registration_type, and extended_metadata fields to google_apphub_service and google_apphub_workload resources (#​25145)
• ces: added bearer_token_config field to google_ces_toolset resource (#​25119)
• ces: added client_certificate_settings field to google_ces_app resource (#​25117)
• compute: added block_names field to google_compute_reservation resource (#​25121)
• compute: added sub_block_names field to google_compute_reservation_block data source (#​25121)
• compute: added tls_settings field to google_compute_regional_backend_service resource (#​25068)
• container: added end_time_behavior field to google_container_cluster resource (#​25120)
• container: added writable_cgroups field to node_config.defaults.containerd_config in google_container_cluster resource (#​25140)
• dataplex: added catalog_publishing_enabled field to data_profile_spec in google_dataplex_datascan resource (#​25143)
• dns: added forwarding_config.target_name_servers.ipv6_address argument to google_dns_managed_zone resource (#​25131)
• gkeonprem: added advanced_networking, multiple_network_interfaces_config and bgp_lb_config fields to google_gkeonprem_bare_metal_cluster resource (#​25136)
• managedkafka: added broker_capacity_config field to google_managed_kafka_cluster resource (#​25074)
• networksecurity: added endpoint_settings.jumbo_frames_enabled field to google_network_security_firewall_endpoint resource (#​25073)
• run: added readiness_probe field to cloud_run_service resource (#​25114)

BUG FIXES:

• backupdr: updated google_backup_dr_backup_plan_associations and google_backup_dr_data_source_references to use LIST APIs, and require the correct List permissions (#​25107)
• provider: an issue preventing X.509 certificates from being used for authentication when supplied as Application Default Credentials as been resolved (#​25144)

v7.11.0

Compare Source

DEPRECATIONS:

• pubsublite: google_pubsub_lite_reservation will be turned down effective March 18, 2026. Use google_pubsub_reservation instead. (#​25058)
• pubsublite: google_pubsub_lite_subscription will be turned down effective March 18, 2026. Use google_pubsub_subscription instead. (#​25058)
• pubsublite: google_pubsub_lite_topic will be turned down effective March 18, 2026. Use google_pubsub_topic instead. (#​25058)

BREAKING CHANGES:

• netapp: made google_netapp_volume.export_policy.rules.squash_mode not preserve values returned by the API. Without this change, unsetting squash_mode in the provider can cause an API error. (#​25059)

FEATURES:

• New Data Source: google_artifact_registry_python_packages (#​25053)
• New Data Source: google_cloud_identity_policy (#​24946)
• New Data Source: google_compute_reservation_block (#​25034)
• New Data Source: google_compute_reservation_sub_block (#​25034)
• New Resource: google_ces_deployment (#​24945)
• New Resource: google_ces_example (#​25056)
• New Resource: google_discovery_engine_user_store (#​25054)

IMPROVEMENTS:

• bigquery: added external_data_configuration.decimal_target_types to google_bigquery_table (#​24936)
• compute: added internal_ipv6_prefix field to the google_compute_subnetwork resource (#​25037)
• compute: added ipv6_access_type field and INTERNAL_IPV6_SUBNETWORK_CREATION as a supported value for the mode field in google_compute_public_delegated_prefix resource (#​24940)
• compute: added ipv6_access_type field to google_compute_public_advertised_prefix resource (#​24911)
• dataplex: added data_documentation_spec field to google_dataplex_datascan resource to support the DATA_DOCUMENTATION scan type (#​25044)
• dataproc: added resource_manager_tags to google_dataproc_cluster resource (#​25057)
• lustre: added placement_policy field to google_lustre_instance resource (#​25042)
• netapp: added cache_parameters field to google_netapp_volume resource (#​24909)
• secretmanager: added project and short name support for secret on google_secret_manager_secret_version (#​25045)
• secretmanager: added project and short name support for secret on ephemeral google_secret_manager_secret_version (#​25045)

BUG FIXES:

• alloydb: fixed issue with creation when initial_user.password was set to a computed value in google_alloydb_cluster (#​25036)
• bigquery: fixed extraneous diffs in google_bigquery_table.external_data_configuration.schema (#​24936)
• compute: fixed a breaking change in google_compute_instance introduced in 7.9.0 where a destroy-diff is prompted for instances with preset GPUs (#​25021)
• container: added KUBE_DNS as an accepted value for cluster_dns field on google_container_cluster (#​24953)
• netapp: fixed bug where unsetting export_policy.rules.squash_mode on google_netapp_volume can cause an API error (#​25059)
• pubsub: fixed bug where google_pubsub_subscription could only be updated if bigquery_config was modified (#​24952)
• sql: fixed bug where final_backup_description in google_sql_database_instance resource wasn't set on the final backup on delete (#​25055)
• storage: fixed bug where certain changes to google_storage_bucket_acl.role_entity were ignored (#​24949)
• workstations: fixed bug in google_workstations_workstation where setting source_workstation caused a permadiff that forced recreation (#​24941)
• vmwareengine: made deletion of google_vmwareengine_private_cloud wait until the deletion completes (#​25040)

---

Configuration

📅 Schedule: Branch creation - Between 12:00 PM and 12:59 PM, only on Wednesday ( * 12 * * 3 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.