CHANGELOG.md

1.8.0 (Unreleased)

1.7.0 (April 03, 2019)

FEATURES:

• New Resource: Adds a "Flexible Generic Secret" resource so it can be used to consume Vault APIs that don't yet have a resource (#244).
• New Resource: Adds a token resource (#337).
• New Resource: Adds a GCP secret roleset resource (#312).
• New Resource: Adds a vault_identity_group_policies resource (#321).

IMPROVEMENTS:

• For the LDAP auth method, adds support for the use_token_groups field (#367).
• Adds the ability to set max_retries on the Vault client (#355).
• For the Github auth method, adds support for the accessor field (#350).
• For the generic secrets resource, adds support for a data field (#330).
• For the JWT auth backend, adds support for a groups_claim_delimiter_pattern on roles (#296).
• For the JWT auth backend, adds a role_type field (#317).
• For the JWT auth backend, adds a jwt_supported_algs field (#345).

BUG FIXES:

• Fixes TTL parsing on PKI certificate creation (#314).
• Fixes ability to update the data field on database secrets engine connections (#340).
• Unmarks policy_document and policy_arns from being in conflict with each other (#344).

1.6.0 (March 06, 2019)

FEATURES:

• Adds compatibility with Vault 1.0 (#292).
• New Resource: Supports the SSH secrets engine role endpoint (#285, #303, and #331).
• New Data Source: Adds a vault_policy_document data source (#283).
• New Resource: Adds a namespace resource (#338).

IMPROVEMENTS:

• Adds a guide for how to contribute in the least iterations possible.
• For the TLS Certificates auth method, adds support for the following role fields: allowed_common_names, allowed_dns_sans, allowed_email_sans, allowed_uri_sans, and allowed_organization_units (#282).
• For the GCP auth method, adds support for the following role fields: add_group_aliases, max_jwt_exp, and allow_gce_inference (#308 and #318).
• For the Kubernetes auth method, adds support for bound_cidrs (#305).
• For vault_identity_group, fixes issue with policies not being updated properly (#301).
• For the AWS secret engine, updates to the current role fields (#323).

BUG FIXES:

• Marks the token_reviewer_jwt sensitive (#282).
• Fixes an issue where boolean parameters were not set when the value was false in the AWS role resource (#302).
• Guards for a nil CA chain in resource_pki_secret_backend_cert (#310).

1.5.0 (January 30, 2019)

FEATURES:

• Adds support for namespaces (#262)
• Adds support for EGP and RGP, a.k.a. Sentinel (#264)
• New Resource: Supports the PKI secrets backend (#158)
• New Resource: Supports identity entities and entity aliases (#247 and #287)
• New Resource: Supports Github auth backend (#255)
• New Resource: Supports Azure auth backend (#275)
• New Resource: Supports JWT auth backend (#272)

BUG FIXES:

• Fixes a panic related to max_connection_lifetime parameters in the database secrets backends (#250)
• Fixes issue where the role_name on token_auth_backend_role would not be updated (#279)
• Fixes wrong response data from gcp_auth_backend_role (#243)

1.4.1 (December 14, 2018)

BUG FIXES:

• Fixes an issue with database resources where db statements were overwritten when not provided (#260)

1.4.0 (December 11, 2018)

FEATURES:

• New Resource: vault_gcp_auth_backend (#198)
• New Resource: vault_identity_group (#220)
• New Resource: vault_identity_group_alias (#220)

IMPROVEMENTS:

• Makes gcp_secret_backend credentials optional (#239)
• Adds more configuration parameters for auth_backend (#245)

BUG FIXES:

• Fixes issue with vault_database_secret_backend_connection always updating the connection URL (#217)

1.3.1 (November 06, 2018)

BUG FIXES:

• Solves issue where the incorrect KV store was selected for older Vault versions as described in #229.

1.3.0 (November 05, 2018)

FEATURES:

• New Resource: Supports KV V2 (#156)
• New Resource: vault_gcp_secret_backend (#212)
• New Resource: vault_aws_auth_backend_roletag_blacklist (#27)
• New Resources: vault_rabbitmq_secret_backend and vault_rabbitmq_secret_backend_role (#216)

IMPROVEMENTS:

• Adds bound_zones, bound_regions, bound_instance_groups, and bound_labels for GCP auth roles via #227
• Exports the LDAP auth backend accessor via #195
• Allows for templated database backends via #168

BUG FIXES:

• #222 ensures that booleans on AWS roles default to values matchiing Vault's defaults

1.2.0 (October 26, 2018)

FEATURES:

• New Resource: vault_jwt_auth_backend_role (#188)
• New Resources: vault_kubernetes_auth_backend_config and vault_kubernetes_auth_backend_role (#94)
• New Resource: vault_ssh_secret_backend_ca (#163)
• New Feature: Support for the Vault token helper (#136)

IMPROVEMENTS:

• Re-adds changes to vault_aws_auth_backend_role from #53
• Adds backwards compatibility for the above via #189
• Adds bound_ec2_instance_id to vault_aws_auth_backend_role (#135)
• Adds mysql_rds, mysql_aurora, and mysql_legacy to the MySQL backend via #87
• Makes audit device path optional via #180
• Adds the field accessor to resource_auth_backend and resource_mount via #150
• Marks bindpass as sensitive in the vault_ldap_auth_backend (#184)

BUG FIXES:

• Fixes inablity to destroy a secret ID after consumption (#97) via #148

1.1.4 (September 20, 2018)

BUG FIXES:

• Reverts breaking changes to vault_aws_auth_backend_role introduced by (#53)

1.1.3 (September 18, 2018)

FEATURES:

• New Resource: vault_consul_secret_backend (#59)
• New Resource: vault_cert_auth_backend_role (#123)
• New Resource: vault_gcp_auth_backend_role (#124)
• New Resource: vault_ldap_auth_backend (#126)
• New Resource: vault_ldap_auth_backend_user (#126)
• New Resource: vault_ldap_auth_backend_group (#126)

1.1.2 (September 14, 2018)

FEATURES:

• New Resource: vault_audit (#81)
• New Resource: vault_token_auth_backend_role (#80)

UPDATES:

• Update to vendoring Vault 0.11.1. Introduces some breaking changes for some back ends so update with care.

1.1.1 (July 23, 2018)

BUG FIXES:

• Fix panic in vault_approle_auth_backend_role when used with Vault 0.10 (#103)

1.1.0 (April 09, 2018)

FEATURES:

• New Resource: vault_okta_auth_backend (#8)
• New Resource: vault_okta_auth_backend_group (#8)
• New Resource: vault_okta_auth_backend_user (#8)
• New Resource: vault_approle_auth_backend_login (#34)
• New Resource: vault_approle_auth_backend_role_secret_id (#31)
• New Resource: vault_database_secret_backend_connection (#37)

BUG FIXES:

• Fix bug in policy_arn parameter of vault_aws_secret_backend_role (#49)
• Fix panic in vault_generic_secret when reading a missing secret (#55)
• Fix bug in vault_aws_secret_backend_role preventing use of nested paths (#79)
• Fix bug in vault_aws_auth_backend_role that failed to update the role name when it changed (#86)

1.0.0 (November 16, 2017)

BACKWARDS INCOMPATIBILITIES / NOTES:

• vault_auth_backend's ID has changed from the type to the path of the auth backend.  Interpolations referring to the .id of a vault_auth_backend should be updated to use its .type property. (#12)
• vault_generic_secret's allow_read field is deprecated; use disable_read instead. If disable_read is set to false or not set, the secret will be read. If disable_read is true and allow_read is false or not set, the secret will not be read. If disable_read is true and allow_read is true, the secret will be read. (#17)

FEATURES:

• New Data Source: aws_access_credentials (#20)
• New Resource: aws_auth_backend_cert (#21)
• New Resource: aws_auth_backend_client (#19)
• New Resource: aws_auth_backend_login (#28)
• New Resource: aws_auth_backend_role (#24)
• New Resource: aws_auth_backend_sts_role (#22)

IMPROVEMENTS:

• vault_auth_backends are now importable. (#12)
• vault_policys are now importable (#15)
• vault_mounts are now importable (#16)
• vault_generic_secrets are now importable (#17)

BUG FIXES:

0.1.0 (June 21, 2017)

NOTES:

• Same functionality as that of Terraform 0.9.8. Repacked as part of Provider Splitout