homelab icon indicating copy to clipboard operation
homelab copied to clipboard

Published 20 hours ago verified publisher icon gruberdev

Update Terraform vault to v4 - abandoned

Open renovate[bot] opened this issue 1 year ago • 2 comments

This PR contains the following updates:

Package Type Update Change
vault (source) required_provider major 3.25.0 -> 4.4.0

Release Notes

hashicorp/terraform-provider-vault (vault)

v4.4.0

Compare Source

FEATURES:

  • Update vault_aws_secret_backend_role to support setting session_tags and external_id (#​2290)

BUGS:

  • fix vault_ssh_secret_backend_ca where a schema change forced the resource to be replaced (#​2308)
  • fix a bug where a read on non-existent auth or secret mount resulted in an error that prevented the provider from completing successfully (#​2289)

v4.3.0

Compare Source

FEATURES:

  • Add support for iam_tags in vault_aws_secret_backend_role (#​2231).
  • Add support for inheritable on vault_quota_rate_limit and vault_quota_lease_count. Requires Vault 1.15+.: (#​2133).
  • Add support for new WIF fields in vault_gcp_secret_backend. Requires Vault 1.17+. Available only for Vault Enterprise (#​2249).
  • Add support for new WIF fields in vault_azure_secret_backend. Requires Vault 1.17+. Available only for Vault Enterprise (#​2250)
  • Add support for new WIF fields in vault_aws_auth_backend_client. Requires Vault 1.17+. Available only for Vault Enterprise (#​2243).
  • Add support for new WIF fields in vault_gcp_auth_backend (#​2256)
  • Add support for new WIF fields in vault_azure_auth_backend_config. Requires Vault 1.17+. Available only for Vault Enterprise (#​2254).
  • Add new data source and resource vault_pki_secret_backend_config_est. Requires Vault 1.16+. Available only for Vault Enterprise (#​2246)
  • Support missing token parameters on vault_okta_auth_backend resource: (#​2210)
  • Add support for max_retries in vault_aws_auth_backend_client: (#​2270)
  • Add new resources vault_plugin and vault_plugin_pinned_version: (#​2159)
  • Add key_type and key_bits to vault_ssh_secret_backend_ca: (#​1454)

IMPROVEMENTS:

  • return a useful error when delete fails for the vault_jwt_auth_backend_role resource: (#​2232)
  • Remove dependency on github.com/hashicorp/vault package: (#​2251)
  • Add missing custom_tags and secret_name_template fields to vault_secrets_sync_azure_destination resource (#​2247)

v4.2.0

Compare Source

FEATURES:

  • Add granularity to Secrets Sync destination resources. Requires Vault 1.16+ Enterprise. (#​2202)
  • Add support for allowed_kubernetes_namespace_selector in vault_kubernetes_secret_backend_role (#​2180).
  • Add new data source vault_namespace. Requires Vault Enterprise: (#​2208).
  • Add new data source vault_namespaces. Requires Vault Enterprise: (#​2212).

IMPROVEMENTS:

  • Enable Secrets Sync Association resource to track sync status across all subkeys of a secret. Requires Vault 1.16+ Enterprise. (#​2202)

BUGS:

  • fix vault_approle_auth_backend_role_secret_id regression to handle 404 errors (#​2204)
  • fix vault_kv_secret and vault_kv_secret_v2 failure to update secret data modified outside terraform (#​2207)
  • fix vault_kv_secret_v2 failing on imported resource when data_json should be ignored (#​2207)

v4.1.0

Compare Source

CHANGES TO VAULT POLICY REQUIREMENTS:

  • Important: This release requires read policies to be set at the path level for mount metadata. The v4.0.0 release required read permissions at sys/auth/:path which was a sudo endpoint. The v4.1.0 release changed that to instead require permissions at the sys/mounts/auth/:path level and sudo is no longer required. Please refer to the details in the Terraform Vault Provider 4.0.0 Upgrade Guide.

FEATURES:

  • Add new resource vault_config_ui_custom_message. Requires Vault 1.16+ Enterprise: (#​2154).

IMPROVEMENTS:

  • do not require sudo permissions for auth read operations (#​2198)

BUGS:

  • fix vault_azure_access_credentials to default to Azure Public Cloud (#​2190)

v4.0.0

Compare Source

Important: This release requires read policies to be set at the path level for mount metadata. For example, instead of permissions at sys/auth you must set permissions at the sys/auth/:path level. Please refer to the details in the Terraform Vault Provider 4.0.0 Upgrade Guide.

FEATURES:

  • Add support for PKI Secrets Engine cluster configuration with the vault_pki_secret_backend_config_cluster resource. Requires Vault 1.13+ (#​1949).
  • Add support to enable_templating in vault_pki_secret_backend_config_urls (#​2147).
  • Add support for skip_import_rotation and skip_static_role_import_rotation in ldap_secret_backend_static_role and ldap_secret_backend respectively. Requires Vault 1.16+ (#​2128).
  • Improve logging to track full API exchanges between the provider and Vault (#​2139)
  • Add new vault_plugin and vault_plugin_pinned_version resources for managing external plugins (#​2159)

IMPROVEMENTS:

  • Improve performance of READ operations across many resources: (#​2145), (#​2152)
  • Add the metadata version in returned values for vault_kv_secret_v2 data source: (#​2095)
  • Add new secret sync destination fields: (#​2150)

BUGS:

  • Handle graceful destruction of resources when approle is deleted out-of-band (#​2142).
  • Ensure errors are returned on read operations for vault_ldap_secret_backend_static_role, vault_ldap_secret_backend_library_set, and vault_ldap_secret_backend_static_role (#​2156).
  • Ensure proper use of issuer endpoints for root sign intermediate resource: (#​2160)
  • Fix issuer data overwrites on updates: (#​2186)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • [ ] If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

renovate[bot] avatar Sep 05 '24 11:09 renovate[bot]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

renovate[bot] avatar Sep 05 '24 17:09 renovate[bot]

Autoclosing Skipped

This PR has been flagged for autoclosing. However, it is being skipped due to the branch being already modified. Please close/delete it manually or report a bug if you think this is in error.

renovate[bot] avatar May 21 '25 22:05 renovate[bot]