Skip to content

Update Terraform vault to v4 - abandoned #473

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 11 commits into
base: main
Choose a base branch
from
Open

Update Terraform vault to v4 - abandoned #473

wants to merge 11 commits into from

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Sep 5, 2024
edited
Loading

This PR contains the following updates:

Package Type Update Change
vault (source) required_provider major 3.25.0 -> 4.4.0

Release Notes

hashicorp/terraform-provider-vault (vault)

v4.4.0

Compare Source

FEATURES:

  • Update vault_aws_secret_backend_role to support setting session_tags and external_id (#​2290)

BUGS:

  • fix vault_ssh_secret_backend_ca where a schema change forced the resource to be replaced (#​2308)
  • fix a bug where a read on non-existent auth or secret mount resulted in an error that prevented the provider from completing successfully (#​2289)

v4.3.0

Compare Source

FEATURES:

  • Add support for iam_tags in vault_aws_secret_backend_role (#​2231).
  • Add support for inheritable on vault_quota_rate_limit and vault_quota_lease_count. Requires Vault 1.15+.: (#​2133).
  • Add support for new WIF fields in vault_gcp_secret_backend. Requires Vault 1.17+. Available only for Vault Enterprise (#​2249).
  • Add support for new WIF fields in vault_azure_secret_backend. Requires Vault 1.17+. Available only for Vault Enterprise (#​2250)
  • Add support for new WIF fields in vault_aws_auth_backend_client. Requires Vault 1.17+. Available only for Vault Enterprise (#​2243).
  • Add support for new WIF fields in vault_gcp_auth_backend (#​2256)
  • Add support for new WIF fields in vault_azure_auth_backend_config. Requires Vault 1.17+. Available only for Vault Enterprise (#​2254).
  • Add new data source and resource vault_pki_secret_backend_config_est. Requires Vault 1.16+. Available only for Vault Enterprise (#​2246)
  • Support missing token parameters on vault_okta_auth_backend resource: (#​2210)
  • Add support for max_retries in vault_aws_auth_backend_client: (#​2270)
  • Add new resources vault_plugin and vault_plugin_pinned_version: (#​2159)
  • Add key_type and key_bits to vault_ssh_secret_backend_ca: (#​1454)

IMPROVEMENTS:

  • return a useful error when delete fails for the vault_jwt_auth_backend_role resource: (#​2232)
  • Remove dependency on github.com/hashicorp/vault package: (#​2251)
  • Add missing custom_tags and secret_name_template fields to vault_secrets_sync_azure_destination resource (#​2247)

v4.2.0

Compare Source

FEATURES:

  • Add granularity to Secrets Sync destination resources. Requires Vault 1.16+ Enterprise. (#​2202)
  • Add support for allowed_kubernetes_namespace_selector in vault_kubernetes_secret_backend_role (#​2180).
  • Add new data source vault_namespace. Requires Vault Enterprise: (#​2208).
  • Add new data source vault_namespaces. Requires Vault Enterprise: (#​2212).

IMPROVEMENTS:

  • Enable Secrets Sync Association resource to track sync status across all subkeys of a secret. Requires Vault 1.16+ Enterprise. (#​2202)

BUGS:

  • fix vault_approle_auth_backend_role_secret_id regression to handle 404 errors (#​2204)
  • fix vault_kv_secret and vault_kv_secret_v2 failure to update secret data modified outside terraform (#​2207)
  • fix vault_kv_secret_v2 failing on imported resource when data_json should be ignored (#​2207)

v4.1.0

Compare Source

CHANGES TO VAULT POLICY REQUIREMENTS:

  • Important: This release requires read policies to be set at the path level for mount metadata.
    The v4.0.0 release required read permissions at sys/auth/:path which was a
    sudo endpoint. The v4.1.0 release changed that to instead require permissions
    at the sys/mounts/auth/:path level and sudo is no longer required. Please
    refer to the details in the Terraform Vault Provider 4.0.0 Upgrade Guide.

FEATURES:

  • Add new resource vault_config_ui_custom_message. Requires Vault 1.16+ Enterprise: (#​2154).

IMPROVEMENTS:

  • do not require sudo permissions for auth read operations (#​2198)

BUGS:

  • fix vault_azure_access_credentials to default to Azure Public Cloud (#​2190)

v4.0.0

Compare Source

Important: This release requires read policies to be set at the path level for mount metadata.
For example, instead of permissions at sys/auth you must set permissions at
the sys/auth/:path level. Please refer to the details in the
Terraform Vault Provider 4.0.0 Upgrade Guide.

FEATURES:

  • Add support for PKI Secrets Engine cluster configuration with the vault_pki_secret_backend_config_cluster resource. Requires Vault 1.13+ (#​1949).
  • Add support to enable_templating in vault_pki_secret_backend_config_urls (#​2147).
  • Add support for skip_import_rotation and skip_static_role_import_rotation in ldap_secret_backend_static_role and ldap_secret_backend respectively. Requires Vault 1.16+ (#​2128).
  • Improve logging to track full API exchanges between the provider and Vault (#​2139)
  • Add new vault_plugin and vault_plugin_pinned_version resources for managing external plugins (#​2159)

IMPROVEMENTS:

  • Improve performance of READ operations across many resources: (#​2145), (#​2152)
  • Add the metadata version in returned values for vault_kv_secret_v2 data source: (#​2095)
  • Add new secret sync destination fields: (#​2150)

BUGS:

  • Handle graceful destruction of resources when approle is deleted out-of-band (#​2142).
  • Ensure errors are returned on read operations for vault_ldap_secret_backend_static_role, vault_ldap_secret_backend_library_set, and vault_ldap_secret_backend_static_role (#​2156).
  • Ensure proper use of issuer endpoints for root sign intermediate resource: (#​2160)
  • Fix issuer data overwrites on updates: (#​2186)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate
Copy link
Contributor Author

renovate bot commented Sep 5, 2024

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

@renovate renovate bot changed the title Update Terraform vault to v4 Update Terraform vault to v4 - abandoned May 21, 2025
@renovate
Copy link
Contributor Author

renovate bot commented May 21, 2025

Autoclosing Skipped

This PR has been flagged for autoclosing. However, it is being skipped due to the branch being already modified. Please close/delete it manually or report a bug if you think this is in error.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant