Skip to content

feat(terraform): update hashicorp/vault ( 5.0.0 → 5.6.0 ) #198

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
techtales-bot wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat(terraform): update hashicorp/vault ( 5.0.0 → 5.6.0 ) #198

techtales-bot wants to merge 1 commit into from

Conversation

@techtales-bot
Copy link
Contributor

@techtales-bot techtales-bot bot commented Jul 10, 2025
edited
Loading

This PR contains the following updates:

Package Type Update Change OpenSSF
vault (source) required_provider minor 5.0.05.6.0 OpenSSF Scorecard

Release Notes

hashicorp/terraform-provider-vault (vault)

v5.6.0

Compare Source

FEATURES:

  • Add support for self managed workflow for rootless static roles in Oracle Secret Engine: (#​2661)
  • Add AWS access creds ephemeral resource: (#​2659)
  • Add AWS static access credentials ephemeral resource.: (#​2657)
  • Add GCP ephemeral resources for OAuth2 access token and service account key: (#​2655)
  • Add Azure access credentials ephemeral resource: (#​2654)

IMPROVEMENTS:

  • Added fields related to namespace used to create a role in kubernetes auth method: (#​2644)

BUGS:

  • Fix LDAP auth tune block read failure caused by extra /tune segment in the API request path (#​2676)

v5.5.0

Compare Source

BEHAVIOR CHANGES: With v5.5.0, the default value for deny_null_bind in the vault_ldap_auth_backend resource has changed from false to true
to match with the Vault API defaults. Configurations that do not explicitly set deny_null_bind will now have it set to true upon upgrade, and
customers should verify that this change aligns with their intended LDAP authentication behavior. Furthermore, Customers should also consider
upgrading to Vault Community Edition 1.21.1 and Vault Enterprise 1.21.1, 1.20.6, 1.19.12, and 1.16.28, which no longer allows Vault to perform
unauthenticated or null binds against the LDAP server.

SECURITY:

  • vault_ldap_auth_backend: Fix incorrect deny_null_bind default. Set deny_null_bind to true if not provided in configuration (#​2622) (CVE-13357,HCSEC-2025-33)

FEATURES:

  • Add support for alias_metadata field in auth resources (#​2547)
  • Add support for not_before_duration field in vault_pki_secret_backend_root_cert (#​2664)

IMPROVEMENTS:

  • Updated dependencies:
    • golang.org/x/crypto v0.41.0 -> v0.45.0
    • golang.org/x/net v0.43.0 -> v0.47.0
    • golang.org/x/mod v0.26.0 -> v0.29.0
    • golang.org/x/sync v0.16.0 -> v0.18.0
    • golang.org/x/sys v0.35.0 -> v0.38.0
    • golang.org/x/text v0.28.0 -> v0.31.0
    • golang.org/x/tools v0.35.0 -> v0.38.0

v5.4.0

Compare Source

BEHAVIOR CHANGES: Please refer to the upgrade topics
in the guide for details on all behavior changes.

FEATURES:

  • Add support for Azure Static Secrets: (#​2635)
  • Add support for write-only token argument in vault_terraform_cloud_secret_backend resource (#​2603)
  • New parameters for vault_terraform_cloud_secret_role to support multi-team tokens, by @​drewmullen (#​2498)
  • Add support for tune in vault_saml_auth_backend resource (#​2566)
  • Add support for tune in vault_ldap_auth_backend and vault_okta_auth_backend resources (#​2602)
  • Add support for allowed_sts_header_values parameter in vault_aws_auth_backend_client resource to specify additional headers allowed in STS requests
  • New parameters for vault_gcp_secret_backend to support ttl and max_ttl, by @​vijayavelsekar (#​2627)
  • Add support for request_timeout, dereference_aliases,enable_samaccountname_login and anonymous_group_search parameters in vault_ldap_auth_backend resource.(#​2634)
  • Add support for max_retries parameter in vault_aws_secret_backend resource. (#​2623)
  • Add support for iam_alias, iam_metadata, gce_alias and gce_metadata fields in vault_gcp_auth_backend resource (#​2636)
  • Add support for role_id field in vault_gcp_auth_backend_role resource (#​2636)
  • Add retry configuration fields (max_retries, retry_delay, max_retry_delay) to vault_azure_auth_backend_config resource for Azure API request resilience (#​2629)
  • Add new resources vault_spiffe_auth_backend_config and vault_spiffe_auth_backend_role (#​2620)
  • Add support for mfa_serial_number parameter in vault_aws_secret_backend_role resource. (#​2637)
  • Add support for persist_appparameters in vault_azure_secret_backend_role resource.
    (#​2642)

BUGS:

  • Fix pki config resources to allow unsetting of fields (to empty fields) (#​2558)
  • Fix tune auth mounts to allow unsetting of fields (setting fields to empty values) (#​2605)
  • Fix vault_pki_secret_backend_crl_config resource to allow disabling flags previously set to true (#​2615)
  • Fix the tune block issue where it always updates unless field values match Vault server defaults
    • vault_jwt_auth_backend resource (#​2560)
    • vault_github_auth_backend and vault_auth_backend resources (#​2565)
    • vault_saml_auth_backend resource (#​2566)
    • vault_gcp_auth_backend and vault_oci_auth_backend resources (#​2596)

v5.3.0

Compare Source

FEATURES:

  • Add support for password phrases via the credential_type field in the vault_ldap_secret_backend resource (#​2548)

IMPROVEMENTS:

  • build(deps): bump the gomod-backward-compatible group with 5 updates: GH-2583
  • Move to the standard CRT release workflow and tooling: GH-2582

BUGS:

  • Fix azure_secret_backend_role to prevent persistent diff for null value on max_ttl and explicit_max_ttl argument (#​2581)

v5.2.1

Compare Source

BUGS:

  • Fix a failure to initialize the provider due to incompatible dependencies (#​2575)
  • Fix auth_login_gcp field constraint on field credentials service_account
  • Fix auth_login_azure field constraint on field vmss_name tenant_id client_id scope
  • Fix auth_login_kerberos field constraint on fields username service realm krb5conf_path keytab_path disable_fast_negotiation remove_instance_name
  • Fix auth_login_userpass field constraint on field password_file
  • Fix auth_login field constraint on field use_root_namespace
  • Fix to allow Snowflake keypair auth with Vault 1.16+ (#​2575)

v5.2.0

Compare Source

FEATURES:

  • Add support for jwks_pairs in vault_jwt_auth_backend resource. Requires Vault 1.16+ (#​2523)
  • Add support for root_password_ttl in vault_azure_secret_backend resource. Requires Vault 1.15+ (#​2529)
  • Add support for managed key parameters in the SSH CA config endpoint (#​2480)
  • Add new resources vault_oci_auth_backend and vault_oci_auth_backend_role to manage OCI auth backend and roles. (#​1761)
  • Add support for log_level in vault_pki_secret_backend_config_scep resource. Requires Vault 1.20.1+ (#​2525)

IMPROVEMENTS:

  • Bump Go version to 1.24.6: (#​2550)
  • Ensure all resources that use custom mounts support all mount parameters. (#​2332)
  • Updated dependencies:
    • golang.org/x/oauth2 v0.24.0 -> v0.30.0
    • github.com/cloudflare/circl v1.3.7 -> v1.6.1
    • github.com/go-jose/go-jose/v3 v3.0.3 -> v3.0.4
    • github.com/go-jose/go-jose/v4 v4.0.4 -> v4.1.2
    • github.com/golang-jwt/jwt/v5 v5.2.2 -> v5.3.0
    • cloud.google.com/go/iam v1.2.2 -> v1.5.2
    • cloud.google.com/go/compute/metadata v0.6.0 -> v0.8.0
    • github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1 -> v1.18.2
    • github.com/aws/aws-sdk-go v1.55.6 -> v1.55.8
    • github.com/go-sql-driver/mysql v1.8.1 -> v1.9.3
    • github.com/hashicorp/consul/api v1.27.0 -> v1.32.1
    • github.com/hashicorp/terraform-plugin-framework v1.14.1 -> 1.15.1
    • github.com/hashicorp/terraform-plugin-framework-validators v0.17.0 -> v0.18.0
    • hashicorp/ghaction-terraform-provider-release v4.0.1 -> v5.0.0

BUGS:

  • Fix panic when reading the vault_gcp_secret_backend resource. (#​2549)
  • Fix regression where VAULT_NAMESPACE was not being honored, causing child namespaces to be created in the root namespace instead (#​2540)

v5.1.0

Compare Source

FEATURES:

  • Add support for key_usage to vault_pki_secret_backend_root_sign_intermediate (#​2421)

  • Add private_key_wo and private_key_wo_version fields to Snowflake DB secrets engine config (#​2508)

  • Add support for group_by and secondary_rate on resource vault_quota_rate_limit. Requires Vault Enterprise 1.20.0+ (#​2476)

  • Add support for Transit CMAC endpoint (#​2488)

  • Add new resource vault_scep_auth_backend_role to manage roles in a SCEP auth backend. #​2479.

  • Add new datasource and resource vault_pki_secret_backend_config_scep for PKI SCEP configuration. #​2487.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@techtales-atlantis
Copy link
Contributor

techtales-atlantis bot commented Jul 10, 2025

Ran Plan for dir: terraform/tyriis.dev workspace: default

Plan Failed: This project is currently locked by an unapplied plan from pull #185. To continue, delete the lock from #185 or apply that plan and merge the pull request.

Once the lock is released, comment atlantis plan here to re-plan.

@techtales-bot
Copy link
Contributor Author

techtales-bot bot commented Jul 10, 2025
edited
Loading

🦙 MegaLinter status: ✅ SUCCESS

Descriptor Linter Files Fixed Errors Warnings Elapsed time
✅ EDITORCONFIG editorconfig-checker 3 0 0 0.23s
✅ REPOSITORY gitleaks yes no no 0.5s
✅ TERRAFORM terraform-fmt 3 0 0 0.11s
✅ TERRAFORM tflint yes no no 0.67s

See detailed report in MegaLinter reports
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

MegaLinter is graciously provided by OX Security

@techtales-bot techtales-bot bot force-pushed the renovate/vault-5.x branch from 1d67d28 to 209ad68 Compare July 12, 2025 18:18
@techtales-atlantis
Copy link
Contributor

techtales-atlantis bot commented Jul 12, 2025

Ran Plan for dir: terraform/tyriis.dev workspace: default

Plan Failed: This project is currently locked by an unapplied plan from pull #185. To continue, delete the lock from #185 or apply that plan and merge the pull request.

Once the lock is released, comment atlantis plan here to re-plan.

@techtales-bot techtales-bot bot force-pushed the renovate/vault-5.x branch from 209ad68 to a06aa68 Compare July 16, 2025 06:22
@techtales-atlantis
Copy link
Contributor

techtales-atlantis bot commented Jul 16, 2025

Ran Plan for dir: terraform/tyriis.dev workspace: default

Plan Failed: This project is currently locked by an unapplied plan from pull #185. To continue, delete the lock from #185 or apply that plan and merge the pull request.

Once the lock is released, comment atlantis plan here to re-plan.

@techtales-bot techtales-bot bot force-pushed the renovate/vault-5.x branch from a06aa68 to 76c04c4 Compare July 20, 2025 18:19
@techtales-atlantis
Copy link
Contributor

techtales-atlantis bot commented Jul 20, 2025

Ran Plan for dir: terraform/tyriis.dev workspace: default

Plan Failed: This project is currently locked by an unapplied plan from pull #189. To continue, delete the lock from #189 or apply that plan and merge the pull request.

Once the lock is released, comment atlantis plan here to re-plan.

@techtales-bot techtales-bot bot force-pushed the renovate/vault-5.x branch from 76c04c4 to 8be85cf Compare July 21, 2025 01:16
@techtales-atlantis
Copy link
Contributor

techtales-atlantis bot commented Jul 21, 2025

Ran Plan for dir: terraform/tyriis.dev workspace: default

Plan Failed: This project is currently locked by an unapplied plan from pull #189. To continue, delete the lock from #189 or apply that plan and merge the pull request.

Once the lock is released, comment atlantis plan here to re-plan.

@techtales-bot techtales-bot bot force-pushed the renovate/vault-5.x branch from 8be85cf to d72caae Compare July 22, 2025 01:12
@techtales-atlantis
Copy link
Contributor

techtales-atlantis bot commented Jul 22, 2025

Ran Plan for dir: terraform/tyriis.dev workspace: default

Plan Failed: This project is currently locked by an unapplied plan from pull #189. To continue, delete the lock from #189 or apply that plan and merge the pull request.

Once the lock is released, comment atlantis plan here to re-plan.

@techtales-bot techtales-bot bot force-pushed the renovate/vault-5.x branch from d72caae to a8b37bc Compare July 24, 2025 06:23
@techtales-atlantis
Copy link
Contributor

techtales-atlantis bot commented Jul 24, 2025

Ran Plan for dir: terraform/tyriis.dev workspace: default

Plan Failed: This project is currently locked by an unapplied plan from pull #189. To continue, delete the lock from #189 or apply that plan and merge the pull request.

Once the lock is released, comment atlantis plan here to re-plan.

@techtales-bot techtales-bot bot force-pushed the renovate/vault-5.x branch from a8b37bc to be8711a Compare July 31, 2025 18:22
@techtales-atlantis
Copy link
Contributor

techtales-atlantis bot commented Jul 31, 2025

Ran Plan for dir: terraform/tyriis.dev workspace: default

Plan Failed: This project is currently locked by an unapplied plan from pull #189. To continue, delete the lock from #189 or apply that plan and merge the pull request.

Once the lock is released, comment atlantis plan here to re-plan.

@techtales-bot techtales-bot bot force-pushed the renovate/vault-5.x branch from be8711a to 3c433e3 Compare August 8, 2025 18:20
@techtales-atlantis
Copy link
Contributor

techtales-atlantis bot commented Aug 8, 2025

Ran Plan for dir: terraform/tyriis.dev workspace: default

Plan Failed: This project is currently locked by an unapplied plan from pull #189. To continue, delete the lock from #189 or apply that plan and merge the pull request.

Once the lock is released, comment atlantis plan here to re-plan.

@techtales-bot techtales-bot bot force-pushed the renovate/vault-5.x branch from 3c433e3 to 27815a3 Compare August 10, 2025 06:21
@techtales-atlantis
Copy link
Contributor

techtales-atlantis bot commented Aug 10, 2025

Ran Plan for dir: terraform/tyriis.dev workspace: default

Plan Failed: This project is currently locked by an unapplied plan from pull #189. To continue, delete the lock from #189 or apply that plan and merge the pull request.

Once the lock is released, comment atlantis plan here to re-plan.

@techtales-bot techtales-bot bot force-pushed the renovate/vault-5.x branch from 27815a3 to 97812f2 Compare August 11, 2025 18:22
@techtales-atlantis
Copy link
Contributor

techtales-atlantis bot commented Aug 11, 2025

Ran Plan for dir: terraform/tyriis.dev workspace: default

Plan Failed: This project is currently locked by an unapplied plan from pull #189. To continue, delete the lock from #189 or apply that plan and merge the pull request.

Once the lock is released, comment atlantis plan here to re-plan.

@techtales-bot techtales-bot bot force-pushed the renovate/vault-5.x branch from 97812f2 to 35be3d9 Compare August 19, 2025 01:07
@techtales-bot techtales-bot bot changed the title feat(terraform): update hashicorp/vault ( 5.0.0 → 5.1.0 ) feat(terraform): update hashicorp/vault ( 5.0.0 → 5.2.0 ) Aug 19, 2025
@techtales-atlantis
Copy link
Contributor

techtales-atlantis bot commented Nov 27, 2025

Ran Plan for dir: terraform/tyriis.dev workspace: default

Plan Failed: This project is currently locked by an unapplied plan from pull #189. To continue, delete the lock from #189 or apply that plan and merge the pull request.

Once the lock is released, comment atlantis plan here to re-plan.

@techtales-atlantis
Copy link
Contributor

techtales-atlantis bot commented Nov 28, 2025

Ran Plan for dir: terraform/tyriis.dev workspace: default

Plan Failed: This project is currently locked by an unapplied plan from pull #189. To continue, delete the lock from #189 or apply that plan and merge the pull request.

Once the lock is released, comment atlantis plan here to re-plan.

@techtales-atlantis
Copy link
Contributor

techtales-atlantis bot commented Nov 29, 2025

Ran Plan for dir: terraform/tyriis.dev workspace: default

Plan Failed: This project is currently locked by an unapplied plan from pull #189. To continue, delete the lock from #189 or apply that plan and merge the pull request.

Once the lock is released, comment atlantis plan here to re-plan.

@techtales-atlantis
Copy link
Contributor

techtales-atlantis bot commented Nov 30, 2025

Ran Plan for dir: terraform/tyriis.dev workspace: default

Plan Failed: This project is currently locked by an unapplied plan from pull #189. To continue, delete the lock from #189 or apply that plan and merge the pull request.

Once the lock is released, comment atlantis plan here to re-plan.

@techtales-bot techtales-bot bot force-pushed the renovate/vault-5.x branch from 86d9721 to 6d29536 Compare December 2, 2025 12:32
@techtales-atlantis
Copy link
Contributor

techtales-atlantis bot commented Dec 2, 2025

Ran Plan for dir: terraform/tyriis.dev workspace: default

Plan Failed: This project is currently locked by an unapplied plan from pull #189. To continue, delete the lock from #189 or apply that plan and merge the pull request.

Once the lock is released, comment atlantis plan here to re-plan.

@techtales-bot techtales-bot bot force-pushed the renovate/vault-5.x branch from 6d29536 to bcf26a6 Compare December 3, 2025 18:24
@techtales-atlantis
Copy link
Contributor

techtales-atlantis bot commented Dec 3, 2025

Ran Plan for dir: terraform/tyriis.dev workspace: default

Plan Failed: This project is currently locked by an unapplied plan from pull #189. To continue, delete the lock from #189 or apply that plan and merge the pull request.

Once the lock is released, comment atlantis plan here to re-plan.

@techtales-bot techtales-bot bot force-pushed the renovate/vault-5.x branch from bcf26a6 to 0d65995 Compare December 4, 2025 01:08
@techtales-atlantis
Copy link
Contributor

techtales-atlantis bot commented Dec 4, 2025

Ran Plan for dir: terraform/tyriis.dev workspace: default

Plan Failed: This project is currently locked by an unapplied plan from pull #189. To continue, delete the lock from #189 or apply that plan and merge the pull request.

Once the lock is released, comment atlantis plan here to re-plan.

@techtales-bot techtales-bot bot force-pushed the renovate/vault-5.x branch from 0d65995 to 5be7bfa Compare December 5, 2025 01:08
@techtales-bot techtales-bot bot changed the title feat(terraform): update hashicorp/vault ( 5.0.0 → 5.5.0 ) feat(terraform): update hashicorp/vault ( 5.0.0 → 5.6.0 ) Dec 5, 2025
@techtales-atlantis
Copy link
Contributor

techtales-atlantis bot commented Dec 5, 2025

Ran Plan for dir: terraform/tyriis.dev workspace: default

Plan Failed: This project is currently locked by an unapplied plan from pull #189. To continue, delete the lock from #189 or apply that plan and merge the pull request.

Once the lock is released, comment atlantis plan here to re-plan.

@techtales-atlantis
Copy link
Contributor

techtales-atlantis bot commented Dec 10, 2025

Ran Plan for dir: terraform/tyriis.dev workspace: default

Plan Failed: This project is currently locked by an unapplied plan from pull #189. To continue, delete the lock from #189 or apply that plan and merge the pull request.

Once the lock is released, comment atlantis plan here to re-plan.

@techtales-atlantis
Copy link
Contributor

techtales-atlantis bot commented Dec 11, 2025

Ran Plan for dir: terraform/tyriis.dev workspace: default

Plan Failed: This project is currently locked by an unapplied plan from pull #189. To continue, delete the lock from #189 or apply that plan and merge the pull request.

Once the lock is released, comment atlantis plan here to re-plan.

@techtales-atlantis
Copy link
Contributor

techtales-atlantis bot commented Dec 13, 2025

Ran Plan for dir: terraform/tyriis.dev workspace: default

Plan Failed: This project is currently locked by an unapplied plan from pull #189. To continue, delete the lock from #189 or apply that plan and merge the pull request.

Once the lock is released, comment atlantis plan here to re-plan.

@techtales-atlantis
Copy link
Contributor

techtales-atlantis bot commented Dec 17, 2025

Ran Plan for dir: terraform/tyriis.dev workspace: default

Plan Error

running 'sh -c' '/home/atlantis/.atlantis/bin/terraform1.12.1 init -input=false -upgrade' in '/home/atlantis/.atlantis/repos/techtales-io/terraform-minio/198/default/terraform/tyriis.dev': exit status 1
Initializing the backend...
Upgrading modules...
- bucket_policies in ../../modules/minio/policy
- buckets in ../../modules/minio/bucket
- users in ../../modules/minio/user
- yaml in ../../modules/data/yaml-loader
╷
│ Error: Failed to get existing workspaces: Unable to list objects in S3 bucket "terraform" with prefix "env:/": operation error S3: ListObjectsV2, exceeded maximum number of attempts, 5, https response error StatusCode: 0, RequestID: , HostID: , request send failed, Get "https://s3.tyriis.dev/terraform?list-type=2&max-keys=1000&prefix=env%3A%2F": tls: failed to verify certificate: x509: certificate is valid for ingress.local, not s3.tyriis.dev
│ 
│ 
╵

@techtales-atlantis
Copy link
Contributor

techtales-atlantis bot commented Dec 17, 2025

Ran Plan for dir: terraform/tyriis.dev workspace: default

Plan Failed: This project is currently locked by an unapplied plan from pull #189. To continue, delete the lock from #189 or apply that plan and merge the pull request.

Once the lock is released, comment atlantis plan here to re-plan.

@techtales-bot
feat(terraform): update hashicorp/vault ( 5.0.0 → 5.6.0 )
b073d40 
| datasource         | package         | from  | to    |
| ------------------ | --------------- | ----- | ----- |
| terraform-provider | hashicorp/vault | 5.0.0 | 5.6.0 |
@techtales-atlantis
Copy link
Contributor

techtales-atlantis bot commented Dec 18, 2025

Ran Plan for dir: terraform/tyriis.dev workspace: default

Plan Failed: This project is currently locked by an unapplied plan from pull #189. To continue, delete the lock from #189 or apply that plan and merge the pull request.

Once the lock is released, comment atlantis plan here to re-plan.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

renovate/terraform renovate/terraform-provider type/minor

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant