diff --git a/products/accesscontextmanager/api.yaml b/products/accesscontextmanager/api.yaml index 51b84b5e480c..f763276b18bd 100644 --- a/products/accesscontextmanager/api.yaml +++ b/products/accesscontextmanager/api.yaml @@ -267,14 +267,15 @@ objects: Format: "major.minor.patch" such as "10.5.301", "9.2.1". - !ruby/object:Api::Type::Enum name: 'osType' + required: true description: | The operating system type of the device. values: - - :OS_UNSPECIFIED - - :DESKTOP_MAC - - :DESKTOP_WINDOWS - - :DESKTOP_LINUX - - :DESKTOP_CHROME_OS + - :OS_UNSPECIFIED + - :DESKTOP_MAC + - :DESKTOP_WINDOWS + - :DESKTOP_LINUX + - :DESKTOP_CHROME_OS - !ruby/object:Api::Resource name: 'ServicePerimeter' # This is an unusual API, so we need to use a few fields to map the methods diff --git a/products/appengine/api.yaml b/products/appengine/api.yaml index 6fec988cfe68..4f103a4a3781 100644 --- a/products/appengine/api.yaml +++ b/products/appengine/api.yaml @@ -332,16 +332,19 @@ objects: - :REDIRECT_HTTP_RESPONSE_CODE_307 - !ruby/object:Api::Type::NestedObject name: 'script' + # TODO (mbang): Exactly one of script, staticFiles, or apiEndpoint must be set description: | Executes a script to handle the requests that match this URL pattern. Only the auto value is supported for Node.js in the App Engine standard environment, for example "script:" "auto". properties: - !ruby/object:Api::Type::String name: 'scriptPath' + required: true description: | Path to the script from the application root directory. - !ruby/object:Api::Type::NestedObject name: 'staticFiles' + # TODO (mbang): Exactly one of script, staticFiles, or apiEndpoint must be set description: | Files served directly to the user for a given URL, such as images, CSS stylesheets, or JavaScript source files. Static file handlers describe which files in the application directory are static files, and which URLs serve them. properties: diff --git a/products/bigquery/api.yaml b/products/bigquery/api.yaml index e287a628f7eb..76a0d427aac5 100644 --- a/products/bigquery/api.yaml +++ b/products/bigquery/api.yaml @@ -52,6 +52,7 @@ objects: description: An email address of a Google Group to grant access to. - !ruby/object:Api::Type::String name: 'role' + required: true description: | Describes the rights granted to the user specified by the other member of the access object. Primitive, Predefined and custom diff --git a/products/bigtable/api.yaml b/products/bigtable/api.yaml index b5523a155a57..2d6420b49562 100644 --- a/products/bigtable/api.yaml +++ b/products/bigtable/api.yaml @@ -64,8 +64,9 @@ objects: Long form description of the use case for this app profile. - !ruby/object:Api::Type::Boolean name: 'multiClusterRoutingUseAny' - conflicts: - - singleClusterRouting + exactly_one_of: + - single_cluster_routing + - multi_cluster_routing_use_any description: | If true, read/write requests are routed to the nearest cluster in the instance, and will fail over to the nearest cluster that is available in the event of transient errors or delays. Clusters in a region are considered equidistant. Choosing this option sacrifices read-your-writes @@ -73,8 +74,9 @@ objects: input: true - !ruby/object:Api::Type::NestedObject name: 'singleClusterRouting' - conflicts: - - multiClusterRoutingUseAny + exactly_one_of: + - single_cluster_routing + - multi_cluster_routing_use_any description: | Use a single-cluster routing policy. input: true diff --git a/products/binaryauthorization/api.yaml b/products/binaryauthorization/api.yaml index acef119c7e20..f36d3ec143c3 100644 --- a/products/binaryauthorization/api.yaml +++ b/products/binaryauthorization/api.yaml @@ -96,6 +96,7 @@ objects: See the documentation on publicKey cases below for details. - !ruby/object:Api::Type::String name: asciiArmoredPgpPublicKey + # TODO (mbang): Exactly one of asciiArmoredPgpPublicKey or pkixPublicKey must be set description: | ASCII-armored representation of a PGP public key, as the entire output by the command @@ -108,6 +109,7 @@ objects: be overwritten by the API-calculated ID. - !ruby/object:Api::Type::NestedObject name: pkixPublicKey + # TODO (mbang): Exactly one of asciiArmoredPgpPublicKey or pkixPublicKey must be set description: | A raw PKIX SubjectPublicKeyInfo format public key. @@ -178,6 +180,7 @@ objects: properties: - !ruby/object:Api::Type::String name: namePattern + required: true description: | An image name pattern to whitelist, in the form `registry/path/to/image`. This supports a trailing * as a @@ -202,6 +205,7 @@ objects: properties: - !ruby/object:Api::Type::Enum name: evaluationMode + required: true description: How this admission rule will be evaluated. values: - :ALWAYS_ALLOW @@ -221,6 +225,7 @@ objects: item_type: Api::Type::String - !ruby/object:Api::Type::Enum name: enforcementMode + required: true description: | The action when a pod creation is denied by the admission rule. values: diff --git a/products/cloudbuild/api.yaml b/products/cloudbuild/api.yaml index b3b8a06cf0ea..838242d5f0e3 100644 --- a/products/cloudbuild/api.yaml +++ b/products/cloudbuild/api.yaml @@ -73,7 +73,8 @@ objects: Substitutions data for Build resource. - !ruby/object:Api::Type::String name: 'filename' - conflicts: + exactly_one_of: + - filename - build description: | Path, from the source root, to a file whose contents is used for the template. Either a filename or build template must be provided. @@ -219,6 +220,9 @@ objects: - github.0.push.0.tag - !ruby/object:Api::Type::NestedObject name: 'build' + exactly_one_of: + - filename + - build description: | Contents of the build template. Either a filename or build template must be provided. properties: diff --git a/products/cloudfunctions/api.yaml b/products/cloudfunctions/api.yaml index 5223ead029b5..30e58d0d8bb4 100644 --- a/products/cloudfunctions/api.yaml +++ b/products/cloudfunctions/api.yaml @@ -136,17 +136,30 @@ objects: description: | The Google Cloud Storage URL, starting with gs://, pointing to the zip archive which contains the function. + exactly_one_of: + - source_repository + - source_archive_url + - source_upload_url - !ruby/object:Api::Type::String name: 'sourceUploadUrl' description: | The Google Cloud Storage signed URL used for source uploading. + exactly_one_of: + - source_repository + - source_archive_url + - source_upload_url - !ruby/object:Api::Type::NestedObject name: 'sourceRepository' description: | The source repository where a function is hosted. + exactly_one_of: + - source_repository + - source_archive_url + - source_upload_url properties: - !ruby/object:Api::Type::String name: 'url' + required: true description: | The URL pointing to the hosted repository where the function is defined - !ruby/object:Api::Type::String diff --git a/products/cloudrun/api.yaml b/products/cloudrun/api.yaml index 7d2fb63c348d..7c536d37f3fc 100644 --- a/products/cloudrun/api.yaml +++ b/products/cloudrun/api.yaml @@ -272,7 +272,6 @@ objects: properties: - !ruby/object:Api::Type::NestedObject name: template - required: true description: |- template holds the latest specification for the Revision to be stamped out. The template references the container image, and may also diff --git a/products/cloudscheduler/api.yaml b/products/cloudscheduler/api.yaml index c8b75827259f..422b4e22f9bb 100644 --- a/products/cloudscheduler/api.yaml +++ b/products/cloudscheduler/api.yaml @@ -158,9 +158,10 @@ objects: If the job providers a Pub/Sub target the cron will publish a message to the provided topic input: true - conflicts: - - httpTarget - - appEngineHttpTarget + exactly_one_of: + - pubsub_target + - http_target + - app_engine_http_target properties: - !ruby/object:Api::Type::String name: topicName @@ -191,9 +192,10 @@ objects: If the job providers a App Engine HTTP target the cron will send a request to the service instance input: true - conflicts: - - pubsubTarget - - httpTarget + exactly_one_of: + - pubsub_target + - http_target + - app_engine_http_target properties: - !ruby/object:Api::Type::String name: httpMethod @@ -273,9 +275,10 @@ objects: If the job providers a http_target the cron will send a request to the targeted url input: true - conflicts: - - pubsubTarget - - appEngineHttpTarget + exactly_one_of: + - pubsub_target + - http_target + - app_engine_http_target properties: - !ruby/object:Api::Type::String name: uri diff --git a/products/compute/api.yaml b/products/compute/api.yaml index b7fa623dab2d..8bbde5a6c71b 100644 --- a/products/compute/api.yaml +++ b/products/compute/api.yaml @@ -4012,11 +4012,12 @@ objects: - :HTTP2 - !ruby/object:Api::Type::NestedObject name: 'httpHealthCheck' - conflicts: - - httpsHealthCheck - - http2HealthCheck - - tcpHealthCheck - - sslHealthCheck + exactly_one_of: + - http_health_check + - https_health_check + - http2_health_check + - tcp_health_check + - ssl_health_check properties: - !ruby/object:Api::Type::String name: 'host' @@ -4134,11 +4135,12 @@ objects: - :USE_SERVING_PORT - !ruby/object:Api::Type::NestedObject name: 'httpsHealthCheck' - conflicts: - - httpHealthCheck - - http2HealthCheck - - tcpHealthCheck - - sslHealthCheck + exactly_one_of: + - http_health_check + - https_health_check + - http2_health_check + - tcp_health_check + - ssl_health_check properties: - !ruby/object:Api::Type::String name: 'host' @@ -4256,11 +4258,12 @@ objects: - :USE_SERVING_PORT - !ruby/object:Api::Type::NestedObject name: 'tcpHealthCheck' - conflicts: - - httpHealthCheck - - http2HealthCheck - - httpsHealthCheck - - sslHealthCheck + exactly_one_of: + - http_health_check + - https_health_check + - http2_health_check + - tcp_health_check + - ssl_health_check properties: - !ruby/object:Api::Type::String name: 'request' @@ -4359,11 +4362,12 @@ objects: - :USE_SERVING_PORT - !ruby/object:Api::Type::NestedObject name: 'sslHealthCheck' - conflicts: - - httpHealthCheck - - http2HealthCheck - - httpsHealthCheck - - tcpHealthCheck + exactly_one_of: + - http_health_check + - https_health_check + - http2_health_check + - tcp_health_check + - ssl_health_check properties: - !ruby/object:Api::Type::String name: 'request' @@ -4462,11 +4466,12 @@ objects: - :USE_SERVING_PORT - !ruby/object:Api::Type::NestedObject name: 'http2HealthCheck' - conflicts: - - httpHealthCheck - - sslHealthCheck - - httpsHealthCheck - - tcpHealthCheck + exactly_one_of: + - http_health_check + - https_health_check + - http2_health_check + - tcp_health_check + - ssl_health_check properties: - !ruby/object:Api::Type::String name: 'host' @@ -8027,11 +8032,12 @@ objects: - :HTTP2 - !ruby/object:Api::Type::NestedObject name: 'httpHealthCheck' - conflicts: - - httpsHealthCheck - - http2HealthCheck - - tcpHealthCheck - - sslHealthCheck + exactly_one_of: + - http_health_check + - https_health_check + - http2_health_check + - tcp_health_check + - ssl_health_check properties: - !ruby/object:Api::Type::String name: 'host' @@ -8149,11 +8155,12 @@ objects: - :USE_SERVING_PORT - !ruby/object:Api::Type::NestedObject name: 'httpsHealthCheck' - conflicts: - - httpHealthCheck - - http2HealthCheck - - tcpHealthCheck - - sslHealthCheck + exactly_one_of: + - http_health_check + - https_health_check + - http2_health_check + - tcp_health_check + - ssl_health_check properties: - !ruby/object:Api::Type::String name: 'host' @@ -8271,11 +8278,12 @@ objects: - :USE_SERVING_PORT - !ruby/object:Api::Type::NestedObject name: 'tcpHealthCheck' - conflicts: - - httpHealthCheck - - http2HealthCheck - - httpsHealthCheck - - sslHealthCheck + exactly_one_of: + - http_health_check + - https_health_check + - http2_health_check + - tcp_health_check + - ssl_health_check properties: - !ruby/object:Api::Type::String name: 'request' @@ -8374,11 +8382,12 @@ objects: - :USE_SERVING_PORT - !ruby/object:Api::Type::NestedObject name: 'sslHealthCheck' - conflicts: - - httpHealthCheck - - http2HealthCheck - - httpsHealthCheck - - tcpHealthCheck + exactly_one_of: + - http_health_check + - https_health_check + - http2_health_check + - tcp_health_check + - ssl_health_check properties: - !ruby/object:Api::Type::String name: 'request' @@ -8477,11 +8486,12 @@ objects: - :USE_SERVING_PORT - !ruby/object:Api::Type::NestedObject name: 'http2HealthCheck' - conflicts: - - httpHealthCheck - - sslHealthCheck - - httpsHealthCheck - - tcpHealthCheck + exactly_one_of: + - http_health_check + - https_health_check + - http2_health_check + - tcp_health_check + - ssl_health_check properties: - !ruby/object:Api::Type::String name: 'host' diff --git a/products/dns/api.yaml b/products/dns/api.yaml index 6b2409e531fa..9635fd2e4ea3 100644 --- a/products/dns/api.yaml +++ b/products/dns/api.yaml @@ -329,6 +329,7 @@ objects: # are possible. - !ruby/object:Api::Type::String name: 'networkUrl' + required: true description: | The fully qualified URL of the VPC network to bind to. This should be formatted like diff --git a/products/firestore/api.yaml b/products/firestore/api.yaml index 17580d09dd90..960636bf52cd 100644 --- a/products/firestore/api.yaml +++ b/products/firestore/api.yaml @@ -95,6 +95,7 @@ objects: Name of the field. - !ruby/object:Api::Type::Enum name: 'order' + # TODO (mbang): Exactly one of order or arrayConfig must be set description: | Indicates that this field supports ordering by the specified order or comparing using =, <, <=, >, >=. Only one of `order` and `arrayConfig` can be specified. @@ -103,6 +104,7 @@ objects: - :DESCENDING - !ruby/object:Api::Type::Enum name: 'arrayConfig' + # TODO (mbang): Exactly one of order or arrayConfig must be set description: | Indicates that this field supports operations on arrayValues. Only one of `order` and `arrayConfig` can be specified. diff --git a/products/monitoring/api.yaml b/products/monitoring/api.yaml index bb5e84e87f1d..f8cf8460c9f6 100644 --- a/products/monitoring/api.yaml +++ b/products/monitoring/api.yaml @@ -951,11 +951,19 @@ objects: - !ruby/object:Api::Type::NestedObject name: httpCheck description: Contains information needed to make an HTTP or HTTPS check. - conflicts: - - tcpCheck + exactly_one_of: + - http_check + - tcp_check properties: - !ruby/object:Api::Type::NestedObject name: authInfo + at_least_one_of: + - http_check.0.auth_info + - http_check.0.port + - http_check.0.headers + - http_check.0.path + - http_check.0.use_ssl + - http_check.0.mask_headers description: The authentication information. Optional when creating an HTTP check; defaults to empty. properties: @@ -969,11 +977,25 @@ objects: description: The username to authenticate. - !ruby/object:Api::Type::Integer name: port + at_least_one_of: + - http_check.0.auth_info + - http_check.0.port + - http_check.0.headers + - http_check.0.path + - http_check.0.use_ssl + - http_check.0.mask_headers description: The port to the page to run the check against. Will be combined with host (specified within the MonitoredResource) and path to construct the full URL. Optional (defaults to 80 without SSL, or 443 with SSL). - !ruby/object:Api::Type::KeyValuePairs name: headers + at_least_one_of: + - http_check.0.auth_info + - http_check.0.port + - http_check.0.headers + - http_check.0.path + - http_check.0.use_ssl + - http_check.0.mask_headers description: The list of headers to send as part of the uptime check request. If two headers have the same key and different values, they should be entered as a single header, with the value being a comma-separated list of all the @@ -983,12 +1005,26 @@ objects: headers allowed is 100. - !ruby/object:Api::Type::String name: path + at_least_one_of: + - http_check.0.auth_info + - http_check.0.port + - http_check.0.headers + - http_check.0.path + - http_check.0.use_ssl + - http_check.0.mask_headers default_value: "/" description: The path to the page to run the check against. Will be combined with the host (specified within the MonitoredResource) and port to construct the full URL. Optional (defaults to "/"). - !ruby/object:Api::Type::Boolean name: useSsl + at_least_one_of: + - http_check.0.auth_info + - http_check.0.port + - http_check.0.headers + - http_check.0.path + - http_check.0.use_ssl + - http_check.0.mask_headers description: If true, use HTTPS instead of HTTP to run the check. - !ruby/object:Api::Type::Boolean name: validateSsl @@ -997,6 +1033,13 @@ objects: is set to uptime_url. If useSsl is false, setting validateSsl to true has no effect. - !ruby/object:Api::Type::Boolean name: maskHeaders + at_least_one_of: + - http_check.0.auth_info + - http_check.0.port + - http_check.0.headers + - http_check.0.path + - http_check.0.use_ssl + - http_check.0.mask_headers description: Boolean specifying whether to encrypt the header information. Encryption should be specified for any headers related to authentication that you do not wish to be seen when retrieving the configuration. The server will @@ -1005,8 +1048,9 @@ objects: - !ruby/object:Api::Type::NestedObject name: tcpCheck description: Contains information needed to make a TCP check. - conflicts: - - httpCheck + exactly_one_of: + - http_check + - tcp_check properties: - !ruby/object:Api::Type::Integer name: port diff --git a/third_party/terraform/website/docs/guides/version_3_upgrade.html.markdown b/third_party/terraform/website/docs/guides/version_3_upgrade.html.markdown index fb2063dabcbc..6cbca8a341b9 100644 --- a/third_party/terraform/website/docs/guides/version_3_upgrade.html.markdown +++ b/third_party/terraform/website/docs/guides/version_3_upgrade.html.markdown @@ -55,16 +55,18 @@ so Terraform knows to manage them. - [Provider](#provider) - [ID Format Changes](#id-format-changes) - [Data Source: `google_container_engine_versions`](#data-source-google_container_engine_versions) +- [Resource: `google_access_context_manager_access_level`](#resource-google_access_context_manager_access_level) - [Resource: `google_access_context_manager_service_perimeter`](#resource-google_access_context_manager_service_perimeter) - [Resource: `google_app_engine_application`](#resource-google_app_engine_application) - [Resource: `google_app_engine_domain_mapping`](#resource-google_app_engine_domain_mapping) - [Resource: `google_app_engine_standard_version`](#resource-google_app_engine_standard_version) -- [Resource: `google_bigtable_app_profile`](#resource-google_bigtable_app_profile) +- [Resource: `google_bigquery_dataset`](#resource-google_bigquery_dataset) - [Resource: `google_bigquery_table`](#resource-google_bigquery_table) +- [Resource: `google_bigtable_app_profile`](#resource-google_bigtable_app_profile) +- [Resource: `google_binary_authorization_policy`](#resource-google_binary_authorization_policy) - [Resource: `google_cloudbuild_trigger`](#resource-google_cloudbuild_trigger) - [Resource: `google_cloudfunctions_function`](#resource-google_cloudfunctions_function) - [Resource: `google_cloudiot_registry`](#resource-google_cloudiot_registry) -- [Resource: `google_cloudrun_service`](#resource-google_cloudrun_service) - [Resource: `google_cloudscheduler_job`](#resource-google_cloudscheduler_job) - [Resource: `google_composer_environment`](#resource-google_composer_environment) - [Resource: `google_compute_backend_bucket`](#resource-google_compute_backend_bucket) @@ -201,71 +203,20 @@ a resource. Users who depended on particular ID formats in previous versions may Use `location` instead. -## Resource: `google_app_engine_application` - -### `split_health_checks` is now required on block `google_app_engine_application.feature_settings` - -In an attempt to avoid allowing empty blocks in config files, `split_health_checks` is now -required on the `google_app_engine_application.feature_settings` block. - -## Resource: `google_cloudfunctions_function` - -### The `runtime` option `nodejs6` has been deprecated - -`nodejs6` has been deprecated and is no longer the default value for `runtime`. -`runtime` is now required. - -## Resource: `google_cloudiot_registry` - -### `event_notification_config` is now removed - -`event_notification_config` has been removed in favor of -`event_notification_configs` (plural). Please switch to using the plural field. - -### `public_key_certificate` is now required on block `google_cloudiot_registry.credentials` - -In an attempt to avoid allowing empty blocks in config files, `public_key_certificate` is now -required on the `google_cloudiot_registry.credentials` block. - -### Replace singular event notification config field with plural `event_notification_configs` - -Use the plural field `event_notification_configs` instead of -`event_notification_config`, which has now been removed. -Since the Cloud IoT API now accept multiple event notification configs for a -registry, the singular field no longer exists on the API resource and has been -removed from Terraform to prevent conflicts. - - -#### Old Config - -```hcl -resource "google_cloudiot_registry" "myregistry" { - name = "%s" - - event_notification_config { - pubsub_topic_name = "${google_pubsub_topic.event-topic.id}" - } -} - -``` +## Resource: `google_access_context_manager_access_level` -#### New Config +### `os_type` is now required on block `google_access_context_manager_access_level.basic.conditions.device_policy.os_constraints` -```hcl -resource "google_cloudiot_registry" "myregistry" { - name = "%s" +In an attempt to avoid allowing empty blocks in config files, `os_type` is now +required on the `basic.conditions.device_policy.os_constraints` block. - event_notification_configs { - pubsub_topic_name = "${google_pubsub_topic.event-topic.id}" - } -} -``` +## Resource: `google_access_context_manager_service_perimeter` -### `logging_service` and `monitoring_service` defaults changed +### At least one of `resources`, `access_levels`, or `restricted_services` is now required on +`google_accesscontextmanager_service_perimeter.status` -GKE Stackdriver Monitoring (the GKE-specific Stackdriver experience) is now -enabled at cluster creation by default, similar to the default in GKE `1.14` -through other tools. +In an attempt to avoid allowing empty blocks in config files, at least one of `resources`, `access_levels`, +or `restricted_services` is now required on the `status` block. ## Resource: `google_app_engine_application` @@ -274,14 +225,6 @@ through other tools. In an attempt to avoid allowing empty blocks in config files, `split_health_checks` is now required on the `feature_settings` block. -## Resource: `google_access_context_manager_service_perimeter` - -### At least one of `resources`, `access_levels`, or `restricted_services` is now required on -`google_accesscontextmanager_service_perimeter.status` - -In an attempt to avoid allowing empty blocks in config files, at least one of `resources`, `access_levels`, -or `restricted_services` is now required on the `status` block. - ## Resource: `google_app_engine_domain_mapping` ### `ssl_management_type` is now required on `google_app_engine_domain_mapping.ssl_settings` @@ -301,18 +244,23 @@ is now required on the `deployment` block. In an attempt to avoid allowing empty blocks in config files, `shell` is now required on the `entrypoint` block. +### `script_path` is now required on `google_app_engine_standard_app_version.handlers.script` + +In an attempt to avoid allowing empty blocks in config files, `script_path` is now +required on the `handlers.script` block. + ### `source_url` is now required on `google_app_engine_standard_app_version.deployment.files` and `google_app_engine_standard_app_version.deployment.zip` In an attempt to avoid allowing empty blocks in config files, `shell` is now required on the `deployment.files` and `deployment.zip` blocks. -## Resource: `google_bigtable_app_profile` +## Resource: `google_bigquery_dataset` -### `cluster_id` is now required on `google_bigtable_app_profile.single_cluster_routing` +### `role` is now required on `google_bigquery_dataset.access` -In an attempt to avoid allowing empty blocks in config files, `cluster_id` is now -required on the `single_cluster_routing` block. +In an attempt to avoid allowing empty blocks in config files, `role` is now +required on the `access` block. ## Resource: `google_bigquery_table` @@ -323,9 +271,39 @@ In an attempt to avoid allowing empty blocks in config files, at least one of `range` or `skip_leading_rows` is now required on the `external_data_configuration.google_sheets_options` block. +## Resource: `google_bigtable_app_profile` + +### Exactly one of `single_cluster_routing` or `multi_cluster_routing_use_any` is now required on +`google_bigtable_app_profile` + +In attempt to be more consistent with the API, exactly one of `single_cluster_routing` or +`multi_cluster_routing_use_any` is now required on `google_bigtable_app_profile`. + +### `cluster_id` is now required on `google_bigtable_app_profile.single_cluster_routing` + +In an attempt to avoid allowing empty blocks in config files, `cluster_id` is now +required on the `single_cluster_routing` block. + +## Resource: `google_binary_authorization_policy` + +### `name_pattern` is now required on `google_binary_authorization_policy.admission_whitelist_patterns` + +In an attempt to avoid allowing empty blocks in config files, `name_pattern` is now +required on the `admission_whitelist_patterns` block. + +### `evaluation_mode` and `enforcement_mode` are now required on `google_binary_authorization_policy.cluster_admission_rules` + +In an attempt to avoid allowing empty blocks in config files, `evaluation_mode` and `enforcement_mode` are now +required on the `cluster_admission_rules` block. + ## Resource: `google_cloudbuild_trigger` -### Exactly one of `branch_name`, `tag_name` or `commit_sha` on `google_cloudbuild_trigger.trigger_template` +### Exactly one of `filename` or `build` on `google_cloudbuild_trigger` + +In attempt to be more consistent with the API, exactly one of `filename` or `build` is now +required on `google_cloudbuild_trigger`. + +### Exactly one of `branch_name`, `tag_name` or `commit_sha` is now required on `google_cloudbuild_trigger.trigger_template` In an attempt to avoid allowing empty blocks in config files, exactly one of `branch_name`, `tag_name` or `commit_sha` is now required on the @@ -356,23 +334,6 @@ required on the `build.steps` block. In an attempt to avoid allowing empty blocks in config files, `name` and `path` are now required on the `build.volumes` block. -### `taint` field is now authoritative when set - -The `taint` field inside of `node_config` blocks on `google_container_cluster` -and `google_container_node_pool` will no longer ignore GPU-related values when -set. - -Previously, the field ignored upstream taints when unset and ignored unset GPU -taints when other taints were set. Now it will ignore upstream taints when set -and act authoritatively when set, requiring all taints (including Kubernetes and -GKE-managed ones) to be defined in config. - -Additionally, an empty taint can now be specified with `taint = []`. As a result -of this change, the JSON/state representation of the field has changed, -introducing an incompatibility for users who specify config in JSON instead of -HCL or who use `dynamic` blocks. See more details in the [Attributes as Blocks](https://www.terraform.io/docs/configuration/attr-as-blocks.html) -documentation. - ## Resource: `google_cloudfunctions_function` ### The `runtime` option `nodejs6` has been deprecated @@ -380,6 +341,16 @@ documentation. `nodejs6` has been deprecated and is no longer the default value for `runtime`. `runtime` is now required. +### Exactly one of `source_repository`, `source_archive_url` or `source_upload_url` is required +on `google_cloudfunctions_function` + +In attempt to be more consistent with the API, exactly one of `source_repository`, `source_archive_url` +or `source_upload_url` is now required on `google_cloudfunctions_function`. + +### `url` is now required on `google_cloudfunctions_function.source_repository` + +In an attempt to avoid allowing empty blocks in config files, `url` is now required on the `source_repository` block. + ## Resource: `google_cloudiot_registry` ### `event_notification_config` is now removed @@ -387,19 +358,52 @@ documentation. `event_notification_config` has been removed in favor of `event_notification_configs` (plural). Please switch to using the plural field. +### Replace singular event notification config field with plural `event_notification_configs` + +Use the plural field `event_notification_configs` instead of +`event_notification_config`, which has now been removed. +Since the Cloud IoT API now accept multiple event notification configs for a +registry, the singular field no longer exists on the API resource and has been +removed from Terraform to prevent conflicts. + + +#### Old Config + +```hcl +resource "google_cloudiot_registry" "myregistry" { + name = "%s" + + event_notification_config { + pubsub_topic_name = "${google_pubsub_topic.event-topic.id}" + } +} + +``` + +#### New Config + +```hcl +resource "google_cloudiot_registry" "myregistry" { + name = "%s" + + event_notification_configs { + pubsub_topic_name = "${google_pubsub_topic.event-topic.id}" + } +} +``` + ### `public_key_certificate` is now required on block `google_cloudiot_registry.credentials` In an attempt to avoid allowing empty blocks in config files, `public_key_certificate` is now required on the `credentials` block. -## Resource: `google_cloudrun_service` - -### `template` is now required on block `google_cloudrun_service.spec` +## Resource: `google_cloudscheduler_job` -In an attempt to avoid allowing empty blocks in config files, `template` is now -required on the `spec` block. +### Exactly one of `pubsub_target`, `http_target` or `app_engine_http_target` is required +on `google_cloudscheduler_job` -## Resource: `google_cloudscheduler_job` +In attempt to be more consistent with the API, exactly one of `pubsub_target`, `http_target` +or `app_engine_http_target` is now required on `google_cloudscheduler_job`. ### `service_account_email` is now required on `google_cloudscheduler_job.http_target.oauth_token` and `google_cloudscheduler_job.http_target.oidc_token`. @@ -410,10 +414,16 @@ required on the `http_target.oauth_token` and `http_target.oidc_token` blocks. ### At least one of `retry_count`, `max_retry_duration`, `min_backoff_duration`, `max_backoff_duration`, or `max_doublings` is now required on `google_cloud_scheduler_job.retry_config` -In an attempt to avoid allowing empty blocks in config files, at least one of`retry_count`, +In an attempt to avoid allowing empty blocks in config files, at least one of `retry_count`, `max_retry_duration`, `min_backoff_duration`, `max_backoff_duration`, or `max_doublings` is now required on the `retry_config` block. +### At least one of `service`, `version`, or `instance` is now required on +`google_cloud_scheduler_job.app_engine_http_target.app_engine_routing` + +In an attempt to avoid allowing empty blocks in config files, at least one of `service`, +`version`, or `instance` is now required on the `app_engine_http_target.app_engine_routing` block. + ## Resource: `google_composer_environment` ### At least one of `airflow_config_overrides`, `pypi_packages`, `env_variables`, `image_version`, @@ -548,6 +558,13 @@ See [`google_compute_forwarding_rule`][#resource-google_compute_forwarding_rule] ## Resource: `google_compute_health_check` +### Exactly one of `http_health_check`, `https_health_check`, `http2_health_check`, +`tcp_health_check` or `ssl_health_check` is required on `google_compute_health_check` + +In attempt to be more consistent with the API, exactly one of `http_health_check`, `https_health_check`, +`http2_health_check`, `tcp_health_check` or `ssl_health_check` is now required on the +`google_compute_health_check`. + ### At least one of `host`, `request_path`, `response`, `port`, `port_name`, `proxy_header`, or `port_specification` is now required on `google_compute_health_check.http_health_check`, `google_compute_health_check.https_health_check` and `google_compute_health_check.http2_health_check` @@ -734,6 +751,13 @@ is now required on the `log_config` block. ## Resource: `google_compute_region_health_check` +### Exactly one of `http_health_check`, `https_health_check`, `http2_health_check`, +`tcp_health_check` or `ssl_health_check` is required on `google_compute_health_check` + +In attempt to be more consistent with the API, exactly one of `http_health_check`, `https_health_check`, +`http2_health_check`, `tcp_health_check` or `ssl_health_check` is now required on the +`google_compute_region_health_check`. + ### At least one of `host`, `request_path`, `response`, `port`, `port_name`, `proxy_header`, or `port_specification` is now required on `google_compute_region_health_check.http_health_check`, `google_compute_region_health_check.https_health_check` and `google_compute_region_health_check.http2_health_check` @@ -774,11 +798,11 @@ In an attempt to avoid allowing empty blocks in config files, at least one of ## Resource: `google_compute_route` ### Exactly one of `next_hop_gateway`, `next_hop_instance`, `next_hop_ip`, -`next_hop_vpn_tunnel` or `next_hop_ilb` on `google_compute_route` +`next_hop_vpn_tunnel` or `next_hop_ilb` is required on `google_compute_route` In attempt to be more consistent with the API, exactly one of `next_hop_gateway`, `next_hop_instance`, `next_hop_ip`, `next_hop_vpn_tunnel` or `next_hop_ilb` is now required on the -`snapshot_schedule_policy.schedule` block. +`google_compute_route`. ## Resource: `google_compute_router` @@ -999,12 +1023,6 @@ resource "google_container_cluster" "primary" { } ``` -### `logging_service` and `monitoring_service` defaults changed - -GKE Stackdriver Monitoring (the GKE-specific Stackdriver experience) is now -enabled at cluster creation by default, similar to the default in GKE `1.14` -through other tools. - ### `taint` field is now authoritative when set The `taint` field inside of `node_config` blocks on `google_container_cluster` @@ -1028,10 +1046,10 @@ The `kubernetes_dashboard` addon is deprecated for clusters on GKE and will soon be removed. It is recommended to use alternative GCP Console dashboards. -### `channel` is now required on `google_container_cluster.relase_channel` +### `channel` is now required on `google_container_cluster.release_channel` In an attempt to avoid allowing empty blocks in config files, `channel` is now -required on the `relase_channel` block. +required on the `release_channel` block. ### `cidr_blocks` is now required on block `google_container_cluster.master_authorized_networks_config` @@ -1256,6 +1274,11 @@ required on the `private_visibility_config.networks` block. ## Resource: `google_dns_policy` +### `network_url` is now required on block `google_dns_policy.networks` + +In an attempt to avoid allowing empty blocks in config files, `network_url` is now +required on the `networks` block. + ### `target_name_servers` is now required on block `google_dns_policy.alternative_name_server_config` In an attempt to avoid allowing empty blocks in config files, `target_name_servers` is now @@ -1319,6 +1342,17 @@ is now required on the `documentation` block. ## Resource: `google_monitoring_uptime_check_config` +### Exactly one of `http_check` or `tcp_check` is now required on `google_monitoring_uptime_check_config` + +In attempt to be more consistent with the API, exactly one of `http_check` or `tcp_check` is now required +on `google_monitoring_uptime_check_config`. + +### At least one of `auth_info`, `port`, `headers`, `path`, `use_ssl`, or `mask_headers` is +now required on `google_monitoring_uptime_check_config.http_check` + +In an attempt to avoid allowing empty blocks in config files, at least one of `auth_info`, +`port`, `headers`, `path`, `use_ssl`, or `mask_headers` is now required on the `http_check` block. + ### At least one of `resource_type` or `group_id` is now required on `google_monitoring_uptime_check_config.resource_group` In an attempt to avoid allowing empty blocks in config files, at least one of `resource_type` or `group_id` @@ -1344,7 +1378,7 @@ required on the `http_check.auth_info` block. `google_organization_policy` In attempt to be more consistent with the API, exactly one of `list_policy`, `boolean_policy`, -or `restore_policy` is now required on `google_organization_policy` . +or `restore_policy` is now required on `google_organization_policy`. ### Exactly one of `all` or `values` is now required on `google_organization_policy.list_policy.allow` and `google_organization_policy.list_policy.deny`