* Add Multi-Region support to cloud-run-v2 module
* Support context expansion for multi_region_settings regions
* Fix multi_region_regions formatting line length
* Add net-lb-proxy-int-cross-region module and tests
* Add context support example and tests
* Update copyright to 2026 and support instance group backends
* docs: correct Instance Groups support note in README
* Support per-replica tier override in modules/cloudsql-instance
Replicas previously ignored any caller-provided tier and silently
inherited the primary's tier. Add an optional `tier` field to the
`replicas` map and use `coalesce(each.value.tier, var.tier)` in the
replica resource so per-replica overrides take effect while
preserving the inherit-from-primary default.
* Update README
---------
Co-authored-by: Julio Castillo <jccb@google.com>
* Bump provider version
* Fix inventories
* Ignore certificates in inventories
* Add header to cloud run recipe
* Optimize file copy for example-based tests
* Remove local references
* Add ephemeral_storage_local_ssd_config support to modules/gke-nodepool
Adds ephemeral_storage_local_ssd_count to node_config variable and the
corresponding dynamic ephemeral_storage_local_ssd_config block in the
node pool resource, enabling use of local SSDs as ephemeral storage.
* feat(gke-nodepool): add flex_start support to node_config
Add `flex_start` as an optional bool to the `node_config` variable type
and wire it through to the `google_container_node_pool` resource's
node_config block. This enables DWS (Dynamic Workload Scheduler)
flex-start mode for node pools, used for on-demand capacity access
without requiring ProvisioningRequest objects (e.g. spot TPU pools).
* feat(gke-nodepool): add flex_start support to node_config
Add `flex_start` as an optional bool to the `node_config` variable type
and wire it through to the `google_container_node_pool` resource's
node_config block. This enables DWS (Dynamic Workload Scheduler)
flex-start mode for node pools, which allows the Cluster Autoscaler to
request capacity on-demand without requiring ProvisioningRequest objects
(unlike queued_provisioning). Typical use case is spot TPU node pools.
* feat(gke-nodepool): add advanced_machine_features support to node_config
Add `advanced_machine_features` as an optional object to the `node_config`
variable type and wire it through to the `google_container_node_pool`
resource via a dynamic block. This allows callers to configure
`threads_per_core` (e.g. set to 1 to disable hyperthreading) and
`enable_nested_virtualization` for node pools that require fine-grained
CPU threading control or nested hypervisor support.
GKE auto-sets `advanced_machine_features` (threads_per_core=1) on
ct6e/TPU machine types; exposing this field also lets consumers add it to
ignore_changes in their own lifecycle blocks to avoid forced replacements.
* feat(gke-nodepool): add containerd_config support to node_config
Add `containerd_config` as an optional object to the `node_config` variable
and wire it through to the `google_container_node_pool` resource via a
dynamic block. This allows callers to configure private registry mirrors or
custom containerd registry hosts per node pool — useful for air-gapped
environments and internal registry proxies.
The `registry_hosts` list maps each upstream server to one or more mirror
hosts, with optional `capabilities`, `override_path`, and `dial_timeout`
fields (all defaulting to sensible values).
* refactor(gke-nodepool): use maps for containerd_config registry_hosts and hosts
Convert registry_hosts and hosts from lists to maps so that the registry
server and host URLs serve as stable keys, avoiding index-shifting issues
with for_each. Add default values for capabilities, override_path, and
dial_timeout. Update README example and test inventory accordingly.
* Remove default values from containerd_config hosts fields
Leave capabilities, override_path, and dial_timeout without defaults
so the provider/API picks them rather than the module imposing values.
* Refine containerd_config variable interface
- Simplify header to optional(map(list(string)))
- Flatten ca, client cert/key to strings with descriptive names
- Derive private_registry_access_config enabled from ca domain config list
- Simplify writable_cgroups to optional(bool)
- Flatten gcp_secret_manager_certificate_config to string
- Remove redundant defaults where try() handles null in main.tf
- Fix long lines in main.tf to stay within 79-char limit
- Update copyright year to 2026 in inventory files
* fix(gke-nodepool): run terraform fmt to fix attribute alignment in containerd_config
* docs(gke-nodepool): regenerate README with updated variable line numbers
* fix(gke-nodepool): use coalesce instead of try for null header map in for_each
* tests(gke-nodepool): update containerd-config inventory to match actual plan output
---------
Co-authored-by: Julio Castillo <jccb@google.com>
Add `advanced_machine_features` as an optional object to the `node_config`
variable type and wire it through to the `google_container_node_pool`
resource via a dynamic block. This allows callers to configure
`threads_per_core` (e.g. set to 1 to disable hyperthreading) and
`enable_nested_virtualization` for node pools that require fine-grained
CPU threading control or nested hypervisor support.
GKE auto-sets `advanced_machine_features` (threads_per_core=1) on
ct6e/TPU machine types; exposing this field also lets consumers add it to
ignore_changes in their own lifecycle blocks to avoid forced replacements.
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
Add `flex_start` as an optional bool to the `node_config` variable type
and wire it through to the `google_container_node_pool` resource's
node_config block. This enables DWS (Dynamic Workload Scheduler)
flex-start mode for node pools, which allows the Cluster Autoscaler to
request capacity on-demand without requiring ProvisioningRequest objects
(unlike queued_provisioning). Typical use case is spot TPU node pools.
Co-authored-by: Julio Castillo <jccb@google.com>
* dp rewrite stage 0, projects
* remove plan files
* generalize handling of basepath for projects in project-factory module
* central-0 ---> core-0
* add schemas, validate YAMLs, tags
* aspect types
* data catalog policy tag factory
* add support for data catalog taxonomy to project factory
* complete retrofit of old stage configuration, except networking
* shared vpc networking
* networking
* data platform as pf dataset
* docs
* test
* remove legacy dp stage, fix tests and links
* boilerplate
* tfdoc
* fix unrelated tfdoc
* schemas
* fix errors
* schema
* duplicate schemas
* yamllint
* Fix module naming convention for aspect-types
* Fix factories_config in vpcs.tf for net-vpc-factory compatibility
* Update schema documentation based on schema changes
* Fix false rename conflict in .config.yaml files
* Sync schemas and update documentation
* Fix path expansion for aspect-types and revert projects_input to master
* Restore path expansion for org_policies in projects-iam call
* Fix trailing newlines in schema duplicates to satisfy duplicate-diff
* Fix path expansion for data_catalog_taxonomy in taxonomies.tf
* Update inventory for data-platform test and clean up debug prints
* Add full values to data-platform inventory
* Align Stage 2 VPC Factory integration with Stage 0 and fix tests
TAG=agy
* Fix project factory context resolution and data platform datasets
- Update tag context keys in project factory to use file key without 'projects/' prefix.
- Fix tag reference in product-0.yaml.
- Fix shared_vpc_service_config in shared-0.yaml by moving service account to network_users.
- Set parent for domain-0 folder to data-platform.
- Mock net-dev-0 project ID in tests.
- Update inventories.
TAG=agy
CONV=4b37fa5b-bf59-4604-9e8f-b55353d967a0
* Fix project-level tag keys context resolution in project factory
* Fix commented out tag reference in domain-0 .config.yaml
* Fix merge() calls with empty arguments in project-factory and data-catalog-policy-tag
* Update Data Platform dataset README with prerequisites and customization guide
* Add Table of Contents to Data Platform dataset README
* docs: update Data Platform README with project templates tip
* Document data platform output files and linking sequence in README
* Update data platform README with VPC-SC and delegated IAM details
* Refactor data platform dataset and align stage defaults
* Update test inventory and variables for data platform with new prefix
Adds ephemeral_storage_local_ssd_count to node_config variable and the
corresponding dynamic ephemeral_storage_local_ssd_config block in the
node pool resource, enabling use of local SSDs as ephemeral storage.
* Update Cloud Run v2 GPU examples in README
Remove launch_stage = "BETA" from examples as it now defaults to GA in the provider. This fixes E2E test failures where the API returns GA. Reference: https://github.com/hashicorp/terraform-provider-google/pull/17029
TAG=agy
* Fix KMS and Compute VM E2E test failures
Update README examples to avoid conflicts and unsupported modes, and update corresponding inventories.
TAG=agy
* Add instruction to run a single specific example test in GEMINI.md
TAG=agy
Adds support for enhanced query insights on cloud sql instances by adding enhanced_query_insights_enabled to the insights_config block. This allows enabling deeper visibility into query performance.
Closes#3890
TAG=agy
CONV=41331d43-c782-48a4-b0e7-bc8ad14866e9
Adds support for `advanced_datapath_observability_config` to the `gke-cluster-autopilot` module, matching the standard cluster module implementation.
Closes#3936
TAG=agy
CONV=9d4485ab-0fae-4f3d-a6e1-bbb6320d7c46
Add `common_repository` support to `maven`, `npm`, and `python` remote repository configurations in the `artifact-registry` module. This replaces the deprecated `custom_repository` feature which is now discouraged by the provider.
Existing README example `registry-mirror` has been updated to use `common_repository`. A legacy test case `legacy_custom_repo` has been added to the bottom of `README.md` to ensure backward compatibility for `custom_repository` continues to work.
TAG=agy
CONV=ffe77e65-ccef-4701-95e6-4ba2d2446f1b
* fix(modules): allow disabling logging and configuring optional fields in LB backend services
Replaced 'log_sample_rate' (number) with 'log_config' (object) in all Load Balancer Backend Service modules. This allows explicitly disabling logging ('enable = false') and configuring advanced options like 'optional_mode' and 'optional_fields', resolving infinite plan drift and the inability to disable logging.
Affected modules:
- net-lb-app-ext-regional
- net-lb-app-ext
- net-lb-app-int-cross-region
- net-lb-app-int
- net-lb-ext
- net-lb-int
- net-lb-proxy-int
Added test cases and updated documentation.
Fixes#3914
* style: format variables files with terraform fmt
* docs: add critical linting rule for AI agents to GEMINI.md
Introduce support for regional health checks in the net-lb-app-int module while maintaining backward compatibility.
Added optional is_regional flag to health_check_configs (defaulting to false). When true, it creates google_compute_region_health_check instead of google_compute_health_check.
Updated backend services and outputs to merge both global and regional health check IDs. Added a new test case to verify regional health check functionality.
TAG=agy
CONV=6aff620c-e5a5-44eb-afe0-459cff820daa
* module project-factory: include project in conditional_var context for org policies
* module project-factory: include project and folders in conditional_var context for org policies
- Move project org policies (explicit and factory) to projects-iam invocation.
- Move folder org policies (explicit and factory) to folder-X-iam invocations (levels 1-4).
- Inject folder_ids into projects-iam condition_vars and pass resolved folders.
- Update and regenerate test inventories (example.yaml, simple.yaml, hardened.yaml).
TAG=agy
CONV=e0f45850-ab01-4600-a2b6-4de62465c204
---------
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
* Draft terraform_naming_convention
* Two fast/stages fixes for terraform_naming_convention
* Disable terraform_naming_convention for resources for now
* module fixes for terraform_naming_convention
* tfdoc
* Remove "moved" from recipe and needs-fixing
* Fix moved for spoke_ra
* fix tests
* Use default (snake_case) for resources
* factory.terraform_data.project-preconditions
* First-pass migration of resources + tests
* Fix tests/modules/organization
* Require snake_case for variables; Add annotations for _testing
* permit _fast_debug variable
* Fix net_vpc_factory and net_vpc_firewall tests
* tfdoc addons and recipe
* Fix more tests
* Fix some net-global -> net_global tests
---------
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
