v1.9.0

What's Changed

• Fix state bug by @gene-redpanda in #340
• ci: add release on tag by @gene-redpanda in #341

Full Changelog: v1.8.0...v1.9.0

Bug fixes

• Topic CRUD resilience: retry transient broker errors across create/read/update/delete, instead of failing on flaky connections. (619acd1)
• Cluster plan drift on private link toggle: toggling private link no longer produces spurious plan diffs. (4816780)
• Plan modifiers migrated from UseStateForUnknown → UseNonNullStateForUnknown across kafka_api, http_proxy, schema_registry (and their nested mtls, sasl, url, all_urls.* endpoints). Resolves a framework bug (terraform-plugin-framework#1211).
• Added (*Cluster).ModifyPlan to mark endpoint and private_link.status objects Unknown when private-link config changes (terraform-plugin-framework#1211).

CI / build

• Terraform pinned and installed explicitly for all TF_ACC tests: works around hc-install shipping an expired HashiCorp PGP key that was breaking tfplugindocs and every TF_ACC test
  starting 2026-04-20. (05c768c, 024dd6b, 69b1473, f035aa5, 3d20676)
• Added byovpc pipeline label and removed the redundant network test step. (9908d74)

v1.8.0

What's Changed

• feat: support RedpandaRole principal in ACL resources by @sago2k8 in #328
• Topic and Connection issue fixes by @gene-redpanda in #336

New Contributors

• @rpdevmp made their first contribution in #331
• @ivotron made their first contribution in #330

Full Changelog: v1.7.3...v1.8.0

v1.7.3

What's Changed

• fix: correct level optional by @gene-redpanda in #327

Full Changelog: v1.7.2...v1.7.3

v1.7.2

What's Changed

• fix: remove unnecessary required state by @gene-redpanda in #326

Full Changelog: v1.7.1...v1.7.2

v1.7.1

What's Changed

• fix: cluster datasource issues by @gene-redpanda in #323
• Add retries to byoc apply by @frenchfrywpepper in #324
• fix: missing connect fields by @gene-redpanda in #325

Full Changelog: v1.7.0...v1.7.1

v1.7.0

New Functionality

• BYOC AWS credentials — New provider-level attributes aws_access_key_id, aws_secret_access_key, and aws_session_token allow passing AWS credentials directly for BYOC cluster

New Fields

redpanda_cluster

• current_redpanda_version / desired_redpanda_version (computed) — Expose running and target Redpanda versions.
• nat_gateways (computed) — NAT gateway IP addresses.
• api_gateway_access (optional+computed) — Control PRIVATE/PUBLIC API gateway access.
• cloud_storage (optional+computed) — Tiered storage configuration (aws/gcp/azure sub-blocks + skip_destroy).
• kafka_api.sasl, kafka_api.all_seed_brokers (computed) — SASL status and all seed broker endpoint variants.
• http_proxy.sasl, http_proxy.all_urls (computed) — SASL status and all HTTP proxy endpoint variants.
• schema_registry.all_urls (computed) — All schema registry endpoint variants.
• aws_private_link.supported_regions (computed) — Supported PrivateLink regions.

redpanda_network (resource + datasource)

• state (computed), zones (computed)

redpanda_pipeline

• status.error (computed) — Error message when pipeline is in error state.

redpanda_role

• delete_acls (optional, default false) — Optionally delete ACLs bound to a role on deletion.

redpanda_serverless_cluster

• tags (optional) — Tags on cloud resources.
• state (computed), planned_deletion (computed) — Cluster lifecycle info.

redpanda_topic

• replica_assignments (optional, forces replace) — Manual partition-to-broker replica placement.

Bug Fixes

• Write only passwords were silently null. Fixed to correctly deliver passwords to the API
• cidr_block values on redpanda_network no longer cause validation errors during terraform plan
• Tag updates are now in-place instead of destroying and recreating the cluster

v1.6.0

What's Changed

New Features

• Add new resource: serverless_private_link by @frenchfrywpepper in #305
• Add support for networking configuration on serverless clusters by @frenchfrywpepper in #310
• Write-only password support for user, schema, and schema_registry_acl resources by @gene-redpanda in #303
• Add service_account support to pipeline resource by @gene-redpanda in #303
• Add all URL outputs for serverless clusters (kafka_api_url, schema_registry_url, etc.) by @frenchfrywpepper in #310

Bug Fixes & Improvements

• Generate model from schema (includes numerous bug fixes for ACL, pipeline, topic resources) by @gene-redpanda in #309
• Mark provider credentials as sensitive by @gene-redpanda in #303
• Clean up BYOC temp files after execution by @gene-redpanda in #309
• Add global graceful handling of removal checks by @gene-redpanda in #309
• Add password validator with minimum length enforcement by @gene-redpanda in #303

Internal/CI

• Update generated mocks to use go.uber.org/mock by @frenchfrywpepper in #306
• Modify tasks to install tools to .build by @frenchfrywpepper in #307
• Remove if/else logic looking for serverless by @frenchfrywpepper in #304
• Fail CI if documentation is out of date by @frenchfrywpepper in #308

Documentation

• Update role.md by @paulohtb6 in #312

Breaking Changes / Deprecations

• Deprecated: The cluster_api_url field on redpanda_serverless_cluster resource is now deprecated. Use the new specific URL outputs instead: kafka_api_url, schema_registry_url, etc. (#310)

New Contributors

• @paulohtb6 made their first contribution in #312

Full Changelog: v1.5.0...v1.6.0

v1.5.0

What's Changed

• Add Redpanda Pipeline Support by @gene-redpanda in #301
• Support setting redpanda_node_count on cluster creation and update. by @tscolari in #302

Full Changelog: v1.4.2...v1.5.0

v1.4.2

What's Changed

• Allow ThroughputTier to be updated without cluster deletion by @tscolari in #300

New Contributors

• @tscolari made their first contribution in #300

Full Changelog: v1.4.1...v1.4.2

v1.4.1

What's Changed

• Fix FindTopicByName pagination handling by @antmordel in #298

Full Changelog: v1.4.0...v1.4.1