TL;DR
google_backupdr_restore_workload.name field is deprecated and will be removed in a future major release, with backups now identified by parameters like location and backup vault ID.google_network_security_mirroring_endpoint, google_network_security_mirroring_endpoint_group, and google_backup_dr_restore_workload.google_compute_region_backend_service resource now includes a network_pass_through_lb_traffic_policy field.network_interface.network_attachment has been added to google_compute_instance_template and google_compute_region_instance_template.google_public_ca_external_account_key resource has a new mac_key field, replacing the deprecated b64url_mac_key.Editor's Note:
We recognize this release as part of the ongoing evolution of the Google Cloud platform, with a significant number of new features and deprecations. As developers, it's essential to stay informed about these changes to leverage the latest capabilities while avoiding potential pitfalls. One practical tip for those affected by the top change is to review your backup configurations to ensure they are compatible with the upcoming removal of the google_backupdr_restore_workload.name field.
What Changed
#### Breaking
#### Deprecation
google_backupdr_restore_workload.name field is deprecated and will be removed in a future major release, with backups now identified by parameters like location and backup vault ID.google_public_ca_external_account_key.b64url_mac_key field is deprecated in favor of mac_key.#### Behavior
ssl_certificates and certificate_map in google_compute_target_ssl_proxy.google_firebase_ai_logic_config.generative_language_config.api_key_wo where the value set wouldn't be sent to the API.google_container_cluster when toggling default_compute_class_enabled with Autopilot enabled has been corrected.b64url_mac_key field in google_public_ca_external_account_key sometimes being empty has been fixed.#### Feature
google_network_security_mirroring_endpoint, google_network_security_mirroring_endpoint_group, and google_backup_dr_restore_workload.network_pass_through_lb_traffic_policy field to google_compute_region_backend_service.network_interface.network_attachment added to google_compute_instance_template and google_compute_region_instance_template.RDMA_FALCON_POLICY and ULL_POLICY values to policy_type field in google_compute_region_network_firewall_policy and google_compute_region_network_firewall_policy_with_rules.network_interface.vlan to google_compute_instance_template and google_compute_instance, enabling dynamic NIC.knowledge_graph_config field to google_discovery_engine_search_engine.google_firestore_database: firestore_data_access_mode, mongodb_compatible_data_acess_mode, and realtime_updates_mode.deletion_policy virtual field to google_firestore_index.google_monitoring_notification_channel.sensitive_labels.google_network_connectivity_gateway_advertised_route.poll_interval field has been added to the provider.mac_key to google_public_ca_external_account_key.readiness_probe field to google_cloud_run_v2_service.developer_connect_source to spec.source_code_spec in google_vertex_ai_reasoning_engine.Who's Impacted
If you are using the google_backupdr_restore_workload resource, you will need to update your configurations to reflect the deprecation of the name field. If you are relying on the b64url_mac_key field in google_public_ca_external_account_key, you should migrate to using the mac_key field instead. If you are working with google_compute_target_ssl_proxy, you can now set both ssl_certificates and certificate_map without issues. If you are using google_container_cluster with Autopilot enabled, you will benefit from the corrected behavior when toggling default_compute_class_enabled. If you are utilizing google_firebase_ai_logic_config, the fix to the api_key_wo bug will ensure your configurations are sent correctly to the API.
Action Checklist
google_backupdr_restore_workload.name.b64url_mac_key to mac_key in google_public_ca_external_account_key.google_compute_target_ssl_proxy configurations to utilize both ssl_certificates and certificate_map if necessary.google_container_cluster configurations with Autopilot enabled and default_compute_class_enabled toggled.google_firebase_ai_logic_config is sending api_key_wo values correctly to the API.google_network_security_mirroring_endpoint, google_network_security_mirroring_endpoint_group, and google_backup_dr_restore_workload.network_pass_through_lb_traffic_policy field in google_compute_region_backend_service.network_interface.network_attachment in google_compute_instance_template and google_compute_region_instance_template.RDMA_FALCON_POLICY and ULL_POLICY values to policy_type field where applicable.network_interface.vlan in google_compute_instance_template and google_compute_instance.knowledge_graph_config in google_discovery_engine_search_engine.firestore_data_access_mode, mongodb_compatible_data_acess_mode, and realtime_updates_mode in google_firestore_database.deletion_policy virtual field in google_firestore_index.google_monitoring_notification_channel.sensitive_labels.google_network_connectivity_gateway_advertised_route resources as needed.poll_interval field in the provider if necessary.mac_key in google_public_ca_external_account_key.readiness_probe in google_cloud_run_v2_service.developer_connect_source in spec.source_code_spec of google_vertex_ai_reasoning_engine.Verification
This update brief is based on information from the following sources:
Last verified at 2026-02-18T13:46:53.766027+00:00.