NOTES:
- This release introduces no functional changes. It does however include dependency updates which address upstream CVEs. (#432)
BUG FIXES:
- resource/tls_locally_signed_cert: Ensure
terraform refresh
updates state when cert is ready for renewal (#278). - resource/tls_self_signed_cert: Ensure
terraform refresh
updates state when cert is ready for renewal (#278).
BUG FIXES:
- resource/tls_locally_signed_cert: Prevented
Config Read Error
with Terraform version 1.3.0 and later - resource/tls_self_signed_cert: Prevented
Config Read Error
with Terraform version 1.3.0 and later
BUG FIXES:
- resource/tls_cert_request: Fix regexp in attribute plan modifier to correctly match PEM (#255).
- resource/tls_locally_signed_cert: Fix regexp in attribute plan modifier to correctly match PEM (#255).
- resource/tls_self_signed_cert: Fix regexp in attribute plan modifier to correctly match PEM (#255).
BUG FIXES:
- data-source/tls_certificate: Prevented
empty list of object
error withcertificates
attribute (#244).
NOTES:
-
Provider has been re-written using the new
terraform-plugin-framework
(#215). -
resource/tls_cert_request:
private_key_pem
attribute is now stored in the state as-is; first apply may result in an update-in-place (#87, #215). -
resource/tls_self_signed_cert:
private_key_pem
attribute is now stored in the state as-is; first apply may result in an update-in-place (#87, #215). -
resource/tls_locally_signed_cert:
cert_request_pem
,ca_private_key_pem
andca_cert_pem
attributes are now stored in the state as-is; first apply may result in an update-in-place (#87, #215). -
resource/tls_private_key:
private_key_pem_pkcs8
,private_key_openssh
andpublic_key_fingerprint_sha256
attributes are now retro-fitted, depending on version being updated; first apply may result in an update-in-place (#210, #225)).
ENHANCEMENTS:
BREAKING CHANGES:
-
resource/tls_cert_request: Attribute
key_algorithm
is now read-only, as it's inferred fromprivate_key_pem
(#174, #215). -
resource/tls_self_signed_cert: Attribute
private_key_pem
is stored (and returned) as-is (in accordance with guidelines) (#87, #215). -
resource/tls_self_signed_cert: Attribute
key_algorithm
is now read-only, as it's inferred fromprivate_key_pem
(#174, #215). -
resource/tls_self_signed_cert: Setting an unsupported value in
allowed_uses
attribute, will now return an error instead of just a warning (#185, #215). -
resource/tls_self_signed_cert: Attribute
private_key_pem
is stored (and returned) as-is (in accordance with guidelines) (#87, #215). -
resource/tls_locally_signed_cert: Attribute
ca_key_algorithm
is now read-only, as it's inferred fromca_private_key_pem
(#174, #215). -
resource/tls_locally_signed_cert: Setting an unsupported value in
allowed_uses
attribute, will now return an error instead of just a warning (#185, #215). -
resource/tls_locally_signed_cert: Attributes
cert_request_pem
,ca_private_key_pem
,ca_cert_pem
are stored (and returned) as-is (in accordance with guidelines) (#87, #215). -
provider: Default value for
proxy.from_env
is nowtrue
, and relies uponhttpproxy.FromEnvironment
(#224).
NEW FEATURES:
-
data-source/tls_certificate: New attribute
content
that can be used in alternative tourl
, to provide the certificate in PEM format (#189). -
data-source/tls_certificate: Objects in the
certificates
chain attribute expose a new attributecert_pem
(PEM format) (#208). -
resource/tls_self_signed_cert: New attribute
set_authority_key_id
to make the generated certificate include an authority key identifier (#212).
ENHANCEMENTS:
- resource/tls_locally_signed_cert: If CA provided via
ca_cert_pem
is not an actual CA, a warning will be raised, but the certificate will still be created (#209).
NOTES:
- data-source/tls_certificate: The
id
attribute has changed to the hashing of all certificates information in the chain. The first apply of this updated data source may show this difference (#189).
BUG FIXES:
-
data-source/tls_certificate: Prevent plan differences with the
id
attribute (#79, #189). -
resource/tls_cert_request: Allow for absent or empty
subject
block (#209). -
resource/tls_self_signed_cert: Allow for absent or empty
subject
block (#209).
NEW FEATURES:
-
provider: Added (opt-in) HTTP
proxy
configuration (#179). -
data-source/tls_certificate: Support for
tls://
scheme inurl
argument. When used, the provider will fetch certificates via a direct Secure Socket (i.e. ignores proxy) (#179).
ENHANCEMENTS:
-
data-source/tls_certificate: When
proxy
is configured on provider, certificates fetched viaurl
with schemehttps://
will go through the specified HTTP proxy (#179). -
resource/tls_locally_signed_cert: Validate
allowed_uses
contains documented values, but raise warning instead of error when it does not (#184).
BUG FIXES:
-
resource/tls_locally_signed_cert: Fix issue preventing the generation of subject key identifier for private keys using ED25519 (#182).
-
resource/tls_self_signed_cert: Fix issue preventing the generation of subject key identifier for private keys using ED25519 (#182).
NEW FEATURES:
-
resource/tls_private_key: Added support for ED25519 key algorithm (#151).
-
data-source/tls_public_key: Added support for ED25519 key algorithm (#160).
-
resource/tls_cert_request: Added support for ED25519 key algorithm (#173).
-
resource/tls_self_signed_cert: Added support for ED25519 key algorithm (#173).
-
resource/tls_locally_signed_cert: Added support for ED25519 key algorithm (#173).
ENHANCEMENTS:
-
resource/tls_private_key: New attributes
private_key_openssh
(OpenSSH PEM format) andpublic_key_fingerprint_sha256
(#151). -
data-source/tls_public_key: Can now be configured by passing a private key either via
private_key_pem
orprivate_key_openssh
(#160). -
resource/tls_locally_signed_cert: Validate
validity_period_hours
andearly_renewal_hours
are greater or equal then zero (#169). -
resource/tls_locally_signed_cert: Validate
allowed_uses
contains documented values, instead of silently ignoring unknowns (#169). -
resource/tls_locally_signed_cert:
ca_key_algorithm
is now optional and deprecated, as it's now inferred fromca_private_key_pem
. It will be read-only in the next major release (#173). -
resource/tls_self_signed_cert: Validate
validity_period_hours
andearly_renewal_hours
are greater or equal then zero (#169). -
resource/tls_self_signed_cert: Validate
allowed_uses
contains documented values, instead of silently ignoring unknowns (#169). -
resource/tls_self_signed_cert:
key_algorithm
is now optional and deprecated, as it's now inferred fromprivate_key_pem
. It will be read-only in the next major release (#173). -
resource/tls_cert_request:
key_algorithm
is now optional and deprecated, as it's now inferred fromprivate_key_pem
. It will be read-only in the next major release (#173).
NOTES:
- Upgraded to Golang 1.17 (#156)
- Adopted
golangci-lint
as part of CI (#155) - Acceptance tests now run against all minor versions of Terraform >= 0.12 (#153)
Binary releases of this provider now include the darwin-arm64 platform. This version contains no further changes.
Binary releases of this provider will now include the linux-arm64 platform.
BREAKING CHANGES:
- Upgrade to version 2 of the Terraform Plugin SDK, which drops support for Terraform 0.11. This provider will continue to work as expected for users of Terraform 0.11, which will not download the new version. (#83)
NEW FEATURES:
- Add
tls_certificate
data source (#62)
NOTES:
- The provider has switched to the standalone TF SDK, there should be no noticeable impact on compatibility. (#54)
ENHANCEMENTS:
- Certificate renewal is now handled as a "replace" action in the plan, rather than by behaving as if the expired certificate had been deleted. Although the effective behavior remains unchanged, renewal will now appear as a
-/+
action in the plan, rather than just as a+
. (#34) - Certificates can now have URIs as subject alternative names. (#50)
- Certificates can now optionally have the Subject Key ID field populated. (#31)
BUG FIXES:
- More of the private key arguments are now marked as "sensitive" so that Terraform will know to hide their values when showing plans and state in response to various commands. (#48)
- In
tls_public_key
, don't panic if the PEM isn't valid PEM syntax at all. (#40)
- This release includes an upgraded Terraform SDK, for the sake of aligning versions of the SDK amongst released providers, as we lead up to Core v0.12. This should have no noticeable impact on the provider.
IMPROVEMENTS:
- The provider is now compatible with Terraform v0.12, while retaining compatibility with prior versions.
FEATURES:
tls_private_key
(both datasource and resource) include MD5 public key fingerprints as read-only attributes.
BUG FIXES:
tls_cert_request
andtls_self_signed_cert
: changes tosubject
now correctly force the recreation of the resource, instead of returning an error (#18)
FEATURES:
- New Data Source:
tls_public_key
(#11)
BUG FIXES:
tls_cert_request
andtls_self_signed_cert
no longer cause a crash whensubject
isn't specified. (#7)tls_cert_request
andtls_self_signed_cert
no longer generate empty-string values for various subject fields when they are not set in configuration. (#10)
- No changes from 0.1.0; just adjusting to the new version numbering scheme.
NOTES:
- Same functionality as that of Terraform 0.9.8. Repacked as part of Provider Splitout