Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency hashicorp/terraform-provider-vault to v4 #254

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update dependency hashicorp/terraform-provider-vault to v4 #254

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Mar 13, 2024
edited
Loading

This PR contains the following updates:

Package Update Change
hashicorp/terraform-provider-vault major 3.22.0 -> 4.4.0

Release Notes

hashicorp/terraform-provider-vault (hashicorp/terraform-provider-vault)

v4.4.0

Compare Source

FEATURES:

  • Update vault_aws_secret_backend_role to support setting session_tags and external_id (#​2290)

BUGS:

  • fix vault_ssh_secret_backend_ca where a schema change forced the resource to be replaced (#​2308)
  • fix a bug where a read on non-existent auth or secret mount resulted in an error that prevented the provider from completing successfully (#​2289)

v4.3.0

Compare Source

FEATURES:

  • Add support for iam_tags in vault_aws_secret_backend_role (#​2231).
  • Add support for inheritable on vault_quota_rate_limit and vault_quota_lease_count. Requires Vault 1.15+.: (#​2133).
  • Add support for new WIF fields in vault_gcp_secret_backend. Requires Vault 1.17+. Available only for Vault Enterprise (#​2249).
  • Add support for new WIF fields in vault_azure_secret_backend. Requires Vault 1.17+. Available only for Vault Enterprise (#​2250)
  • Add support for new WIF fields in vault_aws_auth_backend_client. Requires Vault 1.17+. Available only for Vault Enterprise (#​2243).
  • Add support for new WIF fields in vault_gcp_auth_backend (#​2256)
  • Add support for new WIF fields in vault_azure_auth_backend_config. Requires Vault 1.17+. Available only for Vault Enterprise (#​2254).
  • Add new data source and resource vault_pki_secret_backend_config_est. Requires Vault 1.16+. Available only for Vault Enterprise (#​2246)
  • Support missing token parameters on vault_okta_auth_backend resource: (#​2210)
  • Add support for max_retries in vault_aws_auth_backend_client: (#​2270)
  • Add new resources vault_plugin and vault_plugin_pinned_version: (#​2159)
  • Add key_type and key_bits to vault_ssh_secret_backend_ca: (#​1454)

IMPROVEMENTS:

  • return a useful error when delete fails for the vault_jwt_auth_backend_role resource: (#​2232)
  • Remove dependency on github.com/hashicorp/vault package: (#​2251)
  • Add missing custom_tags and secret_name_template fields to vault_secrets_sync_azure_destination resource (#​2247)

v4.2.0

Compare Source

FEATURES:

  • Add granularity to Secrets Sync destination resources. Requires Vault 1.16+ Enterprise. (#​2202)
  • Add support for allowed_kubernetes_namespace_selector in vault_kubernetes_secret_backend_role (#​2180).
  • Add new data source vault_namespace. Requires Vault Enterprise: (#​2208).
  • Add new data source vault_namespaces. Requires Vault Enterprise: (#​2212).

IMPROVEMENTS:

  • Enable Secrets Sync Association resource to track sync status across all subkeys of a secret. Requires Vault 1.16+ Enterprise. (#​2202)

BUGS:

  • fix vault_approle_auth_backend_role_secret_id regression to handle 404 errors (#​2204)
  • fix vault_kv_secret and vault_kv_secret_v2 failure to update secret data modified outside terraform (#​2207)
  • fix vault_kv_secret_v2 failing on imported resource when data_json should be ignored (#​2207)

v4.1.0

Compare Source

CHANGES TO VAULT POLICY REQUIREMENTS:

  • Important: This release requires read policies to be set at the path level for mount metadata.
    The v4.0.0 release required read permissions at sys/auth/:path which was a
    sudo endpoint. The v4.1.0 release changed that to instead require permissions
    at the sys/mounts/auth/:path level and sudo is no longer required. Please
    refer to the details in the Terraform Vault Provider 4.0.0 Upgrade Guide.

FEATURES:

  • Add new resource vault_config_ui_custom_message. Requires Vault 1.16+ Enterprise: (#​2154).

IMPROVEMENTS:

  • do not require sudo permissions for auth read operations (#​2198)

BUGS:

  • fix vault_azure_access_credentials to default to Azure Public Cloud (#​2190)

v4.0.0

Compare Source

Important: This release requires read policies to be set at the path level for mount metadata.
For example, instead of permissions at sys/auth you must set permissions at
the sys/auth/:path level. Please refer to the details in the
Terraform Vault Provider 4.0.0 Upgrade Guide.

FEATURES:

  • Add support for PKI Secrets Engine cluster configuration with the vault_pki_secret_backend_config_cluster resource. Requires Vault 1.13+ (#​1949).
  • Add support to enable_templating in vault_pki_secret_backend_config_urls (#​2147).
  • Add support for skip_import_rotation and skip_static_role_import_rotation in ldap_secret_backend_static_role and ldap_secret_backend respectively. Requires Vault 1.16+ (#​2128).
  • Improve logging to track full API exchanges between the provider and Vault (#​2139)
  • Add new vault_plugin and vault_plugin_pinned_version resources for managing external plugins (#​2159)

IMPROVEMENTS:

  • Improve performance of READ operations across many resources: (#​2145), (#​2152)
  • Add the metadata version in returned values for vault_kv_secret_v2 data source: (#​2095)
  • Add new secret sync destination fields: (#​2150)

BUGS:

  • Handle graceful destruction of resources when approle is deleted out-of-band (#​2142).
  • Ensure errors are returned on read operations for vault_ldap_secret_backend_static_role, vault_ldap_secret_backend_library_set, and vault_ldap_secret_backend_static_role (#​2156).
  • Ensure proper use of issuer endpoints for root sign intermediate resource: (#​2160)
  • Fix issuer data overwrites on updates: (#​2186)

v3.25.0

Compare Source

FEATURES:

  • Add destination and association resources to support Secrets Sync. Requires Vault 1.16+ (#​2098).
  • Add support for configuration of plugin WIF to the AWS Secret Backend. Requires Vault 1.16+ (#​2138).
  • Add support for Oracle database plugin configuration options split_statements and disconnect_sessions: (#​2085)

IMPROVEMENTS:

  • Add an API client lock to the vault_identity_group_alias resource: (#​2140)

v3.24.0

Compare Source

FEATURES:

  • Add support for ext_key_usage_oids in vault_pki_secret_backend_role (#​2108)
  • Adds support to vault_gcp_auth_backend for common backend tune parameters (#​1997).
  • Adds support to vault_azure_secret_backend_role for sign_in_audience and tags. Requires Vault 1.16+. (#​2101).

BUGS:

  • fix vault_kv_secret_v2 drift when "data" is in secret name/path (#​2104)
  • fix vault_database_secret_backend_connection: allow mysql_rds,mysql_aurora,mysql_legacy options of vault_database_secret_backend_connection terraform resource to allow specifying tls_ca and tls_certificate_key (#​2106)
  • Fix ignored description updates for aws_secret_backend resource (#​2057)

IMPROVEMENTS:

  • Updated dependencies (#​2129):
    • cloud.google.com/go/iam v1.1.2 -> v1.1.5
    • github.com/Azure/azure-sdk-for-go/sdk/azcore v1.8.0 -> v1.9.1
    • github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0 -> v1.5.0
    • github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.1.1 -> v1.2.0
    • github.com/aws/aws-sdk-go v1.45.24 -> v1.49.22
    • github.com/google/uuid v1.3.1 -> v1.5.0
    • github.com/hashicorp/go-hclog v1.5.0 -> v1.6.2
    • github.com/hashicorp/go-retryablehttp v0.7.4 -> v0.7.5
    • github.com/hashicorp/go-secure-stdlib/parseutil v0.1.7 -> v0.1.8
    • github.com/hashicorp/terraform-plugin-sdk/v2 v2.29.0 -> v2.31.0
    • github.com/hashicorp/vault-plugin-auth-jwt v0.17.0 -> v0.18.0
    • github.com/hashicorp/vault/sdk v0.10.0 -> v0.10.2
    • golang.org/x/crypto v0.14.0 -> v0.18.0
    • golang.org/x/net v0.15.0 -> v0.20.0
    • golang.org/x/oauth2 v0.12.0 -> v0.16.0
    • google.golang.org/api v0.144.0 -> v0.156.0
    • google.golang.org/genproto v0.0.0-20231002182017-d307bd883b97 -> v0.0.0-20240116215550-a9fa1716bcac
    • k8s.io/utils v0.0.0-20230726121419-3b25d923346b -> v0.0.0-20240102154912-e7106e64919e

v3.23.0

Compare Source

FEATURES:

  • Add support for lazily authenticating to Vault: (#​2049)

BUGS:

  • Fix vault_identity_group loses externally managed policies on updates when external_policies = true (#​2084)
  • Fix regression in vault_azure_access_credentials where we returned prematurely on 401 responses:(#​2086)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot force-pushed the renovate/hashicorp-terraform-provider-vault-4.x branch from c2f4d10 to 2567cb1 Compare March 20, 2024 20:09
@renovate renovate bot force-pushed the renovate/hashicorp-terraform-provider-vault-4.x branch from 2567cb1 to 1a4076c Compare March 27, 2024 22:16
@renovate renovate bot force-pushed the renovate/hashicorp-terraform-provider-vault-4.x branch from 1a4076c to 0dbf594 Compare June 17, 2024 22:04
@renovate renovate bot force-pushed the renovate/hashicorp-terraform-provider-vault-4.x branch from 0dbf594 to f7d0c86 Compare August 7, 2024 18:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants