chore(deps): update terraform vault to v4
This MR contains the following updates:
Package | Type | Update | Change |
---|---|---|---|
vault (source) | required_provider | major |
3.20.0 -> 4.4.0
|
⚠ ️ WarningSome dependencies could not be looked up. Check the Dependency Dashboard for more information.
Release Notes
hashicorp/terraform-provider-vault (vault)
v4.4.0
FEATURES:
- Update
vault_aws_secret_backend_role
to support settingsession_tags
andexternal_id
(#2290)
BUGS:
- fix
vault_ssh_secret_backend_ca
where a schema change forced the resource to be replaced (#2308) - fix a bug where a read on non-existent auth or secret mount resulted in an error that prevented the provider from completing successfully (#2289)
v4.3.0
FEATURES:
- Add support for
iam_tags
invault_aws_secret_backend_role
(#2231). - Add support for
inheritable
onvault_quota_rate_limit
andvault_quota_lease_count
. Requires Vault 1.15+.: (#2133). - Add support for new WIF fields in
vault_gcp_secret_backend
. Requires Vault 1.17+. Available only for Vault Enterprise (#2249). - Add support for new WIF fields in
vault_azure_secret_backend
. Requires Vault 1.17+. Available only for Vault Enterprise (#2250) - Add support for new WIF fields in
vault_aws_auth_backend_client
. Requires Vault 1.17+. Available only for Vault Enterprise (#2243). - Add support for new WIF fields in
vault_gcp_auth_backend
(#2256) - Add support for new WIF fields in
vault_azure_auth_backend_config
. Requires Vault 1.17+. Available only for Vault Enterprise (#2254). - Add new data source and resource
vault_pki_secret_backend_config_est
. Requires Vault 1.16+. Available only for Vault Enterprise (#2246) - Support missing token parameters on
vault_okta_auth_backend
resource: (#2210) - Add support for
max_retries
invault_aws_auth_backend_client
: (#2270) - Add new resources
vault_plugin
andvault_plugin_pinned_version
: (#2159) - Add
key_type
andkey_bits
tovault_ssh_secret_backend_ca
: (#1454)
IMPROVEMENTS:
- return a useful error when delete fails for the
vault_jwt_auth_backend_role
resource: (#2232) - Remove dependency on
github.com/hashicorp/vault
package: (#2251) - Add missing
custom_tags
andsecret_name_template
fields tovault_secrets_sync_azure_destination
resource (#2247)
v4.2.0
FEATURES:
- Add
granularity
to Secrets Sync destination resources. Requires Vault 1.16+ Enterprise. (#2202) - Add support for
allowed_kubernetes_namespace_selector
invault_kubernetes_secret_backend_role
(#2180). - Add new data source
vault_namespace
. Requires Vault Enterprise: (#2208). - Add new data source
vault_namespaces
. Requires Vault Enterprise: (#2212).
IMPROVEMENTS:
- Enable Secrets Sync Association resource to track sync status across all subkeys of a secret. Requires Vault 1.16+ Enterprise. (#2202)
BUGS:
- fix
vault_approle_auth_backend_role_secret_id
regression to handle 404 errors (#2204) - fix
vault_kv_secret
andvault_kv_secret_v2
failure to update secret data modified outside terraform (#2207) - fix
vault_kv_secret_v2
failing on imported resource when data_json should be ignored (#2207)
v4.1.0
CHANGES TO VAULT POLICY REQUIREMENTS:
-
Important: This release requires read policies to be set at the path level for mount metadata.
The v4.0.0 release required read permissions at
sys/auth/:path
which was a sudo endpoint. The v4.1.0 release changed that to instead require permissions at thesys/mounts/auth/:path
level and sudo is no longer required. Please refer to the details in the Terraform Vault Provider 4.0.0 Upgrade Guide.
FEATURES:
- Add new resource
vault_config_ui_custom_message
. Requires Vault 1.16+ Enterprise: (#2154).
IMPROVEMENTS:
- do not require sudo permissions for auth read operations (#2198)
BUGS:
- fix
vault_azure_access_credentials
to default to Azure Public Cloud (#2190)
v4.0.0
Important: This release requires read policies to be set at the path level for mount metadata.
For example, instead of permissions at sys/auth
you must set permissions at
the sys/auth/:path
level. Please refer to the details in the
Terraform Vault Provider 4.0.0 Upgrade Guide.
FEATURES:
- Add support for PKI Secrets Engine cluster configuration with the
vault_pki_secret_backend_config_cluster
resource. Requires Vault 1.13+ (#1949). - Add support to
enable_templating
invault_pki_secret_backend_config_urls
(#2147). - Add support for
skip_import_rotation
andskip_static_role_import_rotation
inldap_secret_backend_static_role
andldap_secret_backend
respectively. Requires Vault 1.16+ (#2128). - Improve logging to track full API exchanges between the provider and Vault (#2139)
- Add new
vault_plugin
andvault_plugin_pinned_version
resources for managing external plugins (#2159)
IMPROVEMENTS:
- Improve performance of READ operations across many resources: (#2145), (#2152)
- Add the metadata
version
in returned values forvault_kv_secret_v2
data source: (#2095) - Add new secret sync destination fields: (#2150)
BUGS:
- Handle graceful destruction of resources when approle is deleted out-of-band (#2142).
- Ensure errors are returned on read operations for
vault_ldap_secret_backend_static_role
,vault_ldap_secret_backend_library_set
, andvault_ldap_secret_backend_static_role
(#2156). - Ensure proper use of issuer endpoints for root sign intermediate resource: (#2160)
- Fix issuer data overwrites on updates: (#2186)
v3.25.0
FEATURES:
- Add destination and association resources to support Secrets Sync. Requires Vault 1.16+ (#2098).
- Add support for configuration of plugin WIF to the AWS Secret Backend. Requires Vault 1.16+ (#2138).
- Add support for Oracle database plugin configuration options
split_statements
anddisconnect_sessions
: (#2085)
IMPROVEMENTS:
- Add an API client lock to the
vault_identity_group_alias
resource: (#2140)
v3.24.0
FEATURES:
- Add support for
ext_key_usage_oids
invault_pki_secret_backend_role
(#2108) - Adds support to
vault_gcp_auth_backend
for common backend tune parameters (#1997). - Adds support to
vault_azure_secret_backend_role
forsign_in_audience
andtags
. Requires Vault 1.16+. (#2101).
BUGS:
- fix
vault_kv_secret_v2
drift when "data" is in secret name/path (#2104) - fix
vault_database_secret_backend_connection
: allow mysql_rds,mysql_aurora,mysql_legacy options of vault_database_secret_backend_connection terraform resource to allow specifying tls_ca and tls_certificate_key (#2106) - Fix ignored
description
updates foraws_secret_backend
resource (#2057)
IMPROVEMENTS:
- Updated dependencies (#2129):
-
cloud.google.com/go/iam
v1.1.2 -> v1.1.5 -
github.com/Azure/azure-sdk-for-go/sdk/azcore
v1.8.0 -> v1.9.1 -
github.com/Azure/azure-sdk-for-go/sdk/azidentity
v1.4.0 -> v1.5.0 -
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources
v1.1.1 -> v1.2.0 -
github.com/aws/aws-sdk-go
v1.45.24 -> v1.49.22 -
github.com/google/uuid
v1.3.1 -> v1.5.0 -
github.com/hashicorp/go-hclog
v1.5.0 -> v1.6.2 -
github.com/hashicorp/go-retryablehttp
v0.7.4 -> v0.7.5 -
github.com/hashicorp/go-secure-stdlib/parseutil
v0.1.7 -> v0.1.8 -
github.com/hashicorp/terraform-plugin-sdk/v2
v2.29.0 -> v2.31.0 -
github.com/hashicorp/vault-plugin-auth-jwt
v0.17.0 -> v0.18.0 -
github.com/hashicorp/vault/sdk
v0.10.0 -> v0.10.2 -
golang.org/x/crypto
v0.14.0 -> v0.18.0 -
golang.org/x/net
v0.15.0 -> v0.20.0 -
golang.org/x/oauth2
v0.12.0 -> v0.16.0 -
google.golang.org/api
v0.144.0 -> v0.156.0 -
google.golang.org/genproto
v0.0.0-20231002182017-d307bd883b97 -> v0.0.0-20240116215550-a9fa1716bcac -
k8s.io/utils
v0.0.0-20230726121419-3b25d923346b -> v0.0.0-20240102154912-e7106e64919e
-
v3.23.0
FEATURES:
- Add support for lazily authenticating to Vault: (#2049)
BUGS:
- Fix
vault_identity_group
loses externally managed policies on updates whenexternal_policies = true
(#2084) - Fix regression in
vault_azure_access_credentials
where we returned prematurely on 401 responses:(#2086)
v3.22.0
FEATURES:
- Add support for configuring SAML Auth resources (#2053)
- Add support for
custom_metadata
onvault_namespace
: (#2033) - Add support for
OCSP*
role fields for the cert auth resource: (#2056) - Add field
set_namespace_from_token
to Provider configuration (#2070) - Support authenticating to the root namespace from within an auth_login*: (#2066)
BUGS:
- Fix panic when reading
client_secret
from a public oidc client (#2048) - Fix API request missing
roles
field formongodbatlas_secret_role
resource (#2047) - Fix bug when updating
vault_azure_secret_backend_role
: (#2063) - Fix audience string ordering for
auth_login_gcp
causing GCE auth to fail (#2064)
IMPROVEMENTS:
- Updated dependencies: (#2038)
-
github.com/aws/aws-sdk-go
v1.44.106 -> v1.45.24
-
- Updated dependencies: (#2050)
-
github.com/Azure/azure-sdk-for-go/sdk/azcore
v0.22.0 -> v1.8.0 -
github.com/Azure/azure-sdk-for-go/sdk/azidentity
v0.13.2 -> v1.4.0 -
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources
v0.3.1 -> v1.1.1 -
github.com/Azure/go-autorest/autorest
v0.11.29 removed
-
v3.21.0
FEATURES:
- Add GCP CloudSQL support to Postgres, MySQL DB engines: (#2012)
- Add support for DB Adv TTL Mgmt: (#2011)
- Add support for setting
not_before_duration
argument onvault_ssh_secret_backend_role
: (#2019) - Add support for
hmac
key type and key_size tovault_transit_secret_backend_key
: (#2034) - Add support for roles to both rate limit and lease count quotas: (#1994)
- Add
allowed_email_sans
field to write and update functions ofvault_cert_auth_backend_role
: (#1140) - Add support for
local
parameter in aws secret engine: (#2013)
BUGS:
- Fix duplicate timestamp and incorrect level messages: (#2031)
- Fix panic when setting
key_usage
to an array of empty string and enable it to unset the key usage constraints: (#2036) - Add state migrator for
external_member_group_ids
in Identity Group (#2043) - Fix drift detection for the kv-v2 secrets resource when
disable_read
is enabled: (#2039) - Add state migrator in secrets/auth backends for
disable_remount
parameter (#2037) - Fix failure when
auth_login
is specified and vault token is picked up from the runtime/execution environment: (#2029) - Remove logging of password key: (#2044)
IMPROVEMENTS:
- Oracle DB engine enablement on HCP Vault: (#2006)
- Ensure sensitive values are masked in
vault_approle_auth_backend_login
plan output (#2008) - Updated dependencies: (#2038)
-
cloud.google.com/go/compute
v1.10.0 removed -
cloud.google.com/go/compute/metadata
v0.2.3 added -
cloud.google.com/go/iam
v0.3.0 -> v1.1.2 -
github.com/Azure/go-autorest/autorest
v0.11.24 -> v0.11.29 -
github.com/cenkalti/backoff/v4
v4.1.2 -> v4.2.1 -
github.com/coreos/pkg
v0.0.0-20180928190104-399ea9e2e55f -> v0.0.0-20230601102743-20bbbf26f4d8 -
github.com/denisenkom/go-mssqldb
v0.12.0 -> v0.12.3 -
github.com/go-sql-driver/mysql
v1.6.0 -> v1.7.1 -
github.com/google/uuid
v1.3.0 -> v1.3.1 -
github.com/gosimple/slug
v1.11.0 -> v1.13.1 -
github.com/hashicorp/go-cty
v1.4.1-0.20200414143053-d3edf31b6320 -> v1.4.1-0.20200723130312-85980079f637 -
github.com/hashicorp/go-retryablehttp
v0.7.1 -> v0.7.4 -
github.com/hashicorp/terraform-plugin-sdk/v2
v2.16.0 -> v2.29.0 -
github.com/hashicorp/vault-plugin-auth-jwt
v0.13.2-0.20221012184020-28cc68ee722b -> v0.17.0 -
github.com/hashicorp/vault-plugin-auth-kerberos
v0.8.0 -> v0.10.1 -
github.com/hashicorp/vault-plugin-auth-oci
v0.13.0-pre -> v0.14.2 -
github.com/hashicorp/vault/api
v1.9.3-0.20230628215639-3ca33976762c -> v1.10.0 -
github.com/hashicorp/vault/sdk
v0.6.0 -> v0.10.0 -
github.com/jcmturner/gokrb5/v8
v8.4.2 -> v8.4.4 -
golang.org/x/crypto
v0.6.0 -> v0.14.0 -
golang.org/x/net
v0.7.0 -> v0.15.0 -
golang.org/x/oauth2
v0.0.0-20221006150949-b44042a4b9c1 -> v0.12.0 -
google.golang.org/api
v0.98.0 -> v0.144.0 -
google.golang.org/genproto
v0.0.0-20221010155953-15ba04fc1c0e -> v0.0.0-20231002182017-d307bd883b97 -
k8s.io/utils
v0.0.0-20220210201930-3a6ce19ff2f9 -> v0.0.0-20230726121419-3b25d923346b
-
v3.20.1
IMPROVEMENTS:
- Update dependencies (#1958)
- github.com/hashicorp/go-secure-stdlib/awsutil
v0.1.6
->v0.2.3
- github.com/hashicorp/go-secure-stdlib/awsutil
- Add
local
variable toaws_secret_backend
resource, in order to mark the mount as non - replicated
BUGS:
- Update k8s-auth config to support unsetting the K8s CA Cert: (#2005)
Configuration
-
If you want to rebase/retry this MR, check this box
This MR has been generated by Renovate Bot.