development-dependency: bump hashicorp/google from 3.89.0 to 4.0.0 in /terraform

Bumps hashicorp/google from 3.89.0 to 4.0.0.

Release notes

Sourced from hashicorp/google's releases.

v4.0.0

NOTES:

• compute: Google Compute Engine resources will now call the endpoint appropriate to the provider version rather than the beta endpoint by default (#10429)
• container: Google Kubernetes Engine resources will now call the endpoint appropriate to the provider version rather than the beta endpoint by default (#10430)

BREAKING CHANGES:

• appengine: marked google_app_engine_standard_app_version entrypoint as required (#10425)
• compute: removed the ability to specify the trace-append or trace-ro as scopes in google_compute_instance, use trace instead (#10377)
• compute: changed advanced_machine_features on google_compute_instance_template to track changes when the block is undefined in a user's config (#10427)
• compute: changed source_ranges in google_compute_firewall_rule to track changes when it is not set in a config file (#10439)
• compute: changed the import / drift detection behaviours for metadata_startup_script, metadata.startup-script in google_compute_instance. Now, metadata.startup-script will be set by default, and metadata_startup_script will only be set if present. (#10392)
• compute: removed source_disk_link field from google_compute_snapshot (#10424)
• compute: removed the enable_display field from google_compute_instance_template (#10410)
• compute: removed the update_policy.min_ready_sec field from google_compute_instance_group_manager, google_compute_region_instance_group_manager (#10410)
• container: instance_group_urls has been removed in favor of node_pool.managed_instance_group_urls (#10442)
• container: changed default for enable_shielded_nodes to true for google_container_cluster (#10403)
• container: changed master_auth.client_certificate_config to required (#10441)
• container: removed master_auth.username and master_auth.password from google_container_cluster (#10441)
• container: removed workload_metadata_configuration.node_metadata in favor of workload_metadata_configuration.mode in google_container_cluster (#10400)
• container: removed the pod_security_policy_config field from google_container_cluster (#10410)
• container: removed the workload_identity_config.0.identity_namespace field from google_container_cluster, use workload_identity_config.0.workload_pool instead (#10410)
• project: removed ability to specify bigquery-json.googleapis.com, the provider will no longer convert it as the upstream API migration is finished. Use bigquery.googleapis.com instead. (#10370)
• provider: changed credentials, access_token precedence so that credentials values in configuration take precedence over access_token values assigned through environment variables (#10393)
• provider: removed redundant default scopes. The provider's default scopes when authenticating with credentials are now exclusively "https://www.googleapis.com/auth/cloud-platform" and "https://www.googleapis.com/auth/userinfo.email". (#10374)
• pubsub: removed path field from google_pubsub_subscription (#10424)
• resourcemanager: made google_project remove org_id and folder_id from state when they are removed from config (#10373)
• resourcemanager: added conflict between org_id, folder_id at plan time in google_project (#10373)
• resourcemanager: changed the project field to Required in all google_project_iam_* resources (#10394)
• runtimeconfig: removed the Runtime Configurator service from the google (GA) provider including google_runtimeconfig_config, google_runtimeconfig_variable, google_runtimeconfig_config_iam_policy, google_runtimeconfig_config_iam_binding, google_runtimeconfig_config_iam_member, data.google_runtimeconfig_config. They are only available in the google-beta provider, as the underlying service is in beta. (#10410)
• sql: added drift detection to the following google_sql_database_instance fields: activation_policy (defaults ALWAYS), availability_type (defaults ZONAL), disk_type (defaults PD_SSD), encryption_key_name (#10412)
• sql: changed the database_version field to Required in google_sql_database_instance resource (#10398)
• sql: removed the following google_sql_database_instance fields: authorized_gae_applications, crash_safe_replication, replication_type (#10412)
• storage: removed bucket_policy_only from google_storage_bucket (#10397)
• storage: changed the location field to required in google_storage_bucket (#10399)

VALIDATION CHANGES:

• bigquery: at least one of statement_timeout_ms, statement_byte_budget, or key_result_statement is required on google_bigquery_job.query.script_options. (#10371)
• bigquery: exactly one of query, load, copy or extract is required on google_bigquery_job (#10371)
• bigquery: exactly one of source_table or source_model is required on google_bigquery_job.extract (#10371)
• cloudbuild: exactly one of branch_name, commit_sha or tag_name is required on google_cloudbuild_trigger.build.source.repo_source (#10371)
• compute: at least one of fixed_delay or percentage is required on google_compute_url_map.default_route_action.fault_injection_policy.delay (#10371)
• compute: at least one of fixed or percent is required on google_compute_autoscaler.autoscaling_policy.scale_down_control.max_scaled_down_replicas (#10371)
• compute: at least one of fixed or percent is required on google_compute_autoscaler.autoscaling_policy.scale_in_control.max_scaled_in_replicas (#10371)
• compute: at least one of fixed or percent is required on google_compute_region_autoscaler.autoscaling_policy.scale_down_control.max_scaled_down_replicas (#10371)
• compute: at least one of fixed or percent is required on google_compute_region_autoscaler.autoscaling_policy.scale_in_control.max_scaled_in_replicas (#10371)
• compute: at least one of max_scaled_down_replicas or time_window_sec is required on google_compute_autoscaler.autoscaling_policy.scale_down_control (#10371)
• compute: at least one of max_scaled_down_replicas or time_window_sec is required on google_compute_region_autoscaler.autoscaling_policy.scale_down_control (#10371)
• compute: at least one of max_scaled_in_replicas or time_window_sec is required on google_compute_autoscaler.autoscaling_policy.scale_in_control.0. (#10371)
• compute: at least one of max_scaled_in_replicas or time_window_sec is required on google_compute_region_autoscaler.autoscaling_policy.scale_in_control.0. (#10371)
• compute: required one of source_tags, source_ranges or source_service_accounts on INGRESS google_compute_firewall resources (#10369)

... (truncated)

Changelog

Sourced from hashicorp/google's changelog.

4.0.0 (November 02, 2021)

NOTES:

• compute: Google Compute Engine resources will now call the endpoint appropriate to the provider version rather than the beta endpoint by default (#10429)
• container: Google Kubernetes Engine resources will now call the endpoint appropriate to the provider version rather than the beta endpoint by default (#10430)

BREAKING CHANGES:

• appengine: marked google_app_engine_standard_app_version entrypoint as required (#10425)
• compute: removed the ability to specify the trace-append or trace-ro as scopes in google_compute_instance, use trace instead (#10377)
• compute: changed advanced_machine_features on google_compute_instance_template to track changes when the block is undefined in a user's config (#10427)
• compute: changed source_ranges in google_compute_firewall_rule to track changes when it is not set in a config file (#10439)
• compute: changed the import / drift detection behaviours for metadata_startup_script, metadata.startup-script in google_compute_instance. Now, metadata.startup-script will be set by default, and metadata_startup_script will only be set if present. (#10392)
• compute: removed source_disk_link field from google_compute_snapshot (#10424)
• compute: removed the enable_display field from google_compute_instance_template (#10410)
• compute: removed the update_policy.min_ready_sec field from google_compute_instance_group_manager, google_compute_region_instance_group_manager (#10410)
• container: instance_group_urls has been removed in favor of node_pool.managed_instance_group_urls (#10442)
• container: changed default for enable_shielded_nodes to true for google_container_cluster (#10403)
• container: changed master_auth.client_certificate_config to required (#10441)
• container: removed master_auth.username and master_auth.password from google_container_cluster (#10441)
• container: removed workload_metadata_configuration.node_metadata in favor of workload_metadata_configuration.mode in google_container_cluster (#10400)
• container: removed the pod_security_policy_config field from google_container_cluster (#10410)
• container: removed the workload_identity_config.0.identity_namespace field from google_container_cluster, use workload_identity_config.0.workload_pool instead (#10410)
• project: removed ability to specify bigquery-json.googleapis.com, the provider will no longer convert it as the upstream API migration is finished. Use bigquery.googleapis.com instead. (#10370)
• provider: changed credentials, access_token precedence so that credentials values in configuration take precedence over access_token values assigned through environment variables (#10393)
• provider: removed redundant default scopes. The provider's default scopes when authenticating with credentials are now exclusively "https://www.googleapis.com/auth/cloud-platform" and "https://www.googleapis.com/auth/userinfo.email". (#10374)
• pubsub: removed path field from google_pubsub_subscription (#10424)
• resourcemanager: made google_project remove org_id and folder_id from state when they are removed from config (#10373)
• resourcemanager: added conflict between org_id, folder_id at plan time in google_project (#10373)
• resourcemanager: changed the project field to Required in all google_project_iam_* resources (#10394)
• runtimeconfig: removed the Runtime Configurator service from the google (GA) provider including google_runtimeconfig_config, google_runtimeconfig_variable, google_runtimeconfig_config_iam_policy, google_runtimeconfig_config_iam_binding, google_runtimeconfig_config_iam_member, data.google_runtimeconfig_config. They are only available in the google-beta provider, as the underlying service is in beta. (#10410)
• sql: added drift detection to the following google_sql_database_instance fields: activation_policy (defaults ALWAYS), availability_type (defaults ZONAL), disk_type (defaults PD_SSD), encryption_key_name (#10412)
• sql: changed the database_version field to Required in google_sql_database_instance resource (#10398)
• sql: removed the following google_sql_database_instance fields: authorized_gae_applications, crash_safe_replication, replication_type (#10412)
• storage: removed bucket_policy_only from google_storage_bucket (#10397)
• storage: changed the location field to required in google_storage_bucket (#10399)

VALIDATION CHANGES:

• bigquery: at least one of statement_timeout_ms, statement_byte_budget, or key_result_statement is required on google_bigquery_job.query.script_options. (#10371)
• bigquery: exactly one of query, load, copy or extract is required on google_bigquery_job (#10371)
• bigquery: exactly one of source_table or source_model is required on google_bigquery_job.extract (#10371)
• cloudbuild: exactly one of branch_name, commit_sha or tag_name is required on google_cloudbuild_trigger.build.source.repo_source (#10371)
• compute: at least one of fixed_delay or percentage is required on google_compute_url_map.default_route_action.fault_injection_policy.delay (#10371)
• compute: at least one of fixed or percent is required on google_compute_autoscaler.autoscaling_policy.scale_down_control.max_scaled_down_replicas (#10371)
• compute: at least one of fixed or percent is required on google_compute_autoscaler.autoscaling_policy.scale_in_control.max_scaled_in_replicas (#10371)
• compute: at least one of fixed or percent is required on google_compute_region_autoscaler.autoscaling_policy.scale_down_control.max_scaled_down_replicas (#10371)
• compute: at least one of fixed or percent is required on google_compute_region_autoscaler.autoscaling_policy.scale_in_control.max_scaled_in_replicas (#10371)
• compute: at least one of max_scaled_down_replicas or time_window_sec is required on google_compute_autoscaler.autoscaling_policy.scale_down_control (#10371)
• compute: at least one of max_scaled_down_replicas or time_window_sec is required on google_compute_region_autoscaler.autoscaling_policy.scale_down_control (#10371)
• compute: at least one of max_scaled_in_replicas or time_window_sec is required on google_compute_autoscaler.autoscaling_policy.scale_in_control.0. (#10371)
• compute: at least one of max_scaled_in_replicas or time_window_sec is required on google_compute_region_autoscaler.autoscaling_policy.scale_in_control.0. (#10371)

... (truncated)

Commits

• f004d2d v4.0.0
• 80bd329 Add changelog notes for 4.0.0 (#10468)
• c1b11a7 Add note on source_ranges tracking changes (#5412) (#10478)
• 2f23578 Misc upgrade guide changes (#5411) (#10477)
• 88b216b Minor amendments to the upgrade guide (#5409) (#10472)
• 4dd4de7 Add node_pool.managed_instance_group_urls to mirror old value of cluster.inst...
• 9546347 Restrict test to beta-only for beta-only field (#5406) (#10465)
• 393bdb9 Fix more uses of kms key self link (#5403) (#10460)
• c4f0e20 Add ignore state verify as this field can alternate between beta and v1 URLs ...
• 0dad0b1 Force-send min_ready_sec (#5402) (#10457)
• Additional commits viewable in compare view

---

Dependabot commands

You can trigger Dependabot actions by commenting on this MR

• @dependabot-bot rebase will rebase this MR
• @dependabot-bot recreate will recreate this MR rewriting all the manual changes and resolving conflicts