v0.5.2

This release updates go mod dependencies to fix the following CVEs:

• CVE-2025-47907
• CVE-2025-4674
• CVE-2025-22868

What's Changed

• [release-0.5]: Update go.mod dependencies [SECURITY] by @turkenf in #76

Full Changelog: v0.5.1...v0.5.2

v0.4.6

This release updates go mod dependencies to fix the following CVEs:

• CVE-2025-47907
• CVE-2025-4674
• CVE-2025-22868

What's Changed

• [release-0.4]: Update go.mod dependencies [SECURITY] by @turkenf in #77

Full Changelog: v0.4.5...v0.4.6

v1.0.0

Release v1.0.0

Caution

This release introduces breaking changes and significant internal upgrades. Please review the release notes thoroughly, make the necessary changes to your manifests, and test thoroughly before upgrading.

Before using any Crossplane v2 capabilities in the provider, we encourage you to familiarize yourself with the changes in v2.

This release introduces:

• Compatibility with Crossplane v2
• Support for Crossplane v2 namespace-scoped Managed Resources (MRs) alongside existing cluster-scoped MRs.
• Upgrade to crossplane-runtime v2.0.0.
• Upgrade to Upjet v2.0.0.
• Upgrade of the underlying Terraform provider to v6.39.0
• Removal of External Secret Store support.

Please review the breaking changes carefully before upgrading.

Namespace-scope MR Support (Crossplane v2-only)

• New namespace-scoped MR APIs are available under the gcp-beta.m.crossplane.io API group.
• All new APIs are at version v1beta1.
• ProviderConfig
  • ProviderConfig.gcp-beta.m.crossplane.io is now namespace-scoped.
  • A new cluster-scoped ClusterProviderConfig.gcp-beta.m.crossplane.io resource was added; new MRs can reference either ProviderConfig or ClusterProviderConfig via spec.providerConfigRef.kind.
  • spec.providerConfigRef defaults to ClusterProviderConfig with name default when omitted.
• spec.writeConnectionSecretToRef and sensitive parameter refs (e.g., spec.forProvider.fooSecretRef) in namespace-scoped MRs are now local secret references (if no namespace is specified, it defaults to the MR's namespace).
• Cross-resource references are now namespace-scoped by default, however, cross-namespace references are allowed.
• This provider will serve both the new namespace-scoped and cluster-scoped APIs.

Note

Cluster-scoped MRs do NOT implement the above changes and continue operating as before.

Removed Features

• External Secret Store support has been removed from all MRs (spec.publishConnectionDetailsTo is no longer available) as the feature has been removed in Crossplane v2.

Note

The removed feature is the External Secret Store, which allowed storing connection details outside the cluster (e.g., in Vault). Connection secrets for managed resources remain available for storing connection details in Kubernetes Secrets.

Other Notable Changes

• SafeStart capability has been added (Crossplane v2-only): Controllers start once their CRD is installed.
• Repository structure changes:
  • apis, controllers, and examples now have scoped subdirectories: cluster and namespaced.
  • Resource configurations are also scoped; updates must be applied to both where relevant.
  • Examples for namespace-scoped MRs are included.

Backward Compatibility Notes

• This provider can be installed in Crossplane v1.x environments:
  • Both cluster-scoped and namespace-scoped CRDs will be installed; namespace-scoped CRDs cannot be composed in v1.x.
  • SafeStart will be disabled.
• When upgrading from v1.x providers, review all breaking resource API changes noted above. The package itself is Crossplane v1.x compatible, but there can be resources that have API changes that need adjustment in your control plane.

Upgrade Guide

1. Review all affected resources listed under Breaking API Changes.
2. Update manifests to reflect renamed/removed properties.
3. For Crossplane v2.x users:
   • Ensure secret and reference configurations align with the new namespace-scoped MR behavior.
   • Decide whether to use ProviderConfig or ClusterProviderConfig.
4. Remove any spec.publishConnectionDetailsTo usage.
5. Validate repository structure changes if maintaining custom resource configurations.

What's Changed

• Update module github.com/cloudflare/circl to v1.6.1 [SECURITY] by @renovate[bot] in #54
• [main] Update go.mod dependencies [SECURITY] by @turkenf in #57
• add basic plumbing for provider startup checks. by @jastang in #62
• Update module golang.org/x/oauth2 to v0.27.0 [SECURITY] by @renovate[bot] in #63
• add license annotation to package metadata template. by @jastang in #64
• crossplane v2: generate namespaced MRs by @erhancagirici in #66
• Update actions/cache digest to 0400d5f by @renovate[bot] in #67
• Update all non-major github action by @renovate[bot] in #37
• Update dependency ubuntu to v24 by @renovate[bot] in #59
• Update alpine Docker tag to v3.22.1 by @renovate[bot] in #60
• Update go version to 1.24.6 [Security] by @turkenf in #74

New Contributors

• @jastang made their first contribution in #62
• @erhancagirici made their first contribution in #66

Full Changelog: v0.5.1...v1.0.0

v1.0.1

This release contains no source code changes from the previous release, v1.0.0.

It is functionally equivalent to v1.0.0, with added compatibility for open-source Crossplane in addition to Upbound Crossplane.

v0.4.5

What's Changed

• [release-0.4] Update go.mod dependencies [SECURITY] by @turkenf in #55
• [Backport release-0.4] Use different parameters name for auth and config group overrides by @turkenf in #58

Full Changelog: v0.4.4...v0.4.5

v0.5.1

What's Changed

• [release-0.5] Update go.mod dependencies [SECURITY] by @turkenf in #56

Full Changelog: v0.5.0...v0.5.1

v0.5.0

The v0.5.0 release introduces new resources, security fixes, and dependency updates.

Support for New Resources

• RegionSecurityPolicy.compute.gcp-beta.upbound.io/v1beta1
• RegionBackendService.compute.gcp-beta.upbound.io/v1beta1
• HealthCheck.compute.gcp-beta.upbound.io/v1beta1

What's Changed

• Update module github.com/golang/glog to v1.2.4 [SECURITY] by @turkenf in #14
• Update go version to 1.23.5 [SECURITY] by @turkenf in #16
• Update go version to 1.23.6 [SECURITY] by @turkenf in #18
• Prevent external contributors from triggering workflows via PR comments by @turkenf in #20
• Bump the go_modules group across 1 directory with 2 updates by @dependabot in #13
• [main] Update go.mod dependencies [SECURITY] by @turkenf in #35
• [main] Update go.mod dependencies [SECURITY] by @turkenf in #45
• Add google_compute_region_security_policy resource by @sergenyalcin in #47
• Add regionol backend service and health check resource to compute service by @turkenf in #48
• Update alpine Docker tag to v3.22.0 by @renovate in #40
• Use different parameters name for auth and config group overrides by @turkenf in #49

New Contributors

• @dependabot made their first contribution in #13
• @sergenyalcin made their first contribution in #47
• @renovate made their first contribution in #40

Full Changelog: v0.4.4...v0.5.0

v0.4.2

This release includes updates to the go.mod file to address security vulnerabilities.

What's Changed

• [Backport release-0.4] Update go version to 1.23.6 [SECURITY] by @github-actions in #19

Full Changelog: v0.4.1...v0.4.2

v0.4.1

This release includes updates to the go.mod file to address security vulnerabilities.

What's Changed

• [Backport release-0.4] Update module github.com/golang/glog to v1.2.4 [SECURITY] by @github-actions in #15
• [Backport release-0.4] Update go version to 1.23.5 [SECURITY] by @github-actions in #17

New Contributors

• @github-actions made their first contribution in #15

Full Changelog: v0.4.0...v0.4.1

v0.4.0

This release includes vulnerability fixes, improved documentation, and pipeline enhancements.

What's Changed

• Set the repo's official provider requirements by @turkenf in #11

Full Changelog: v0.3.0...v0.4.0