v4.0.5

NOTES:

• This release introduces no functional changes. It does however include dependency updates which address upstream CVEs. (#432)

v4.0.4

BUG FIXES:

• resource/tls_locally_signed_cert: Ensure terraform refresh updates state when cert is ready for renewal (#278).
• resource/tls_self_signed_cert: Ensure terraform refresh updates state when cert is ready for renewal (#278).

v4.0.3

BUG FIXES:

• resource/tls_locally_signed_cert: Prevented Config Read Error with Terraform version 1.3.0 and later
• resource/tls_self_signed_cert: Prevented Config Read Error with Terraform version 1.3.0 and later

v4.0.2

BUG FIXES:

• resource/tls_cert_request: Fix regexp in attribute plan modifier to correctly match PEM (#255).
• resource/tls_locally_signed_cert: Fix regexp in attribute plan modifier to correctly match PEM (#255).
• resource/tls_self_signed_cert: Fix regexp in attribute plan modifier to correctly match PEM (#255).

v4.0.1

BUG FIXES:

• data-source/tls_certificate: Prevented empty list of object error with certificates attribute (#244).

v4.0.0

NOTES:

• Provider has been re-written using the new terraform-plugin-framework (#215).

• resource/tls_cert_request: private_key_pem attribute is now stored in the state as-is; first apply may result in an update-in-place (#87, #215).

• resource/tls_self_signed_cert: private_key_pem attribute is now stored in the state as-is; first apply may result in an update-in-place (#87, #215).

• resource/tls_locally_signed_cert: cert_request_pem, ca_private_key_pem and ca_cert_pem attributes are now stored in the state as-is; first apply may result in an update-in-place (#87, #215).

• resource/tls_private_key: private_key_pem_pkcs8, private_key_openssh and public_key_fingerprint_sha256 attributes are now retro-fitted, depending on version being updated; first apply may result in an update-in-place (#210, #225)).

ENHANCEMENTS:

• resource/tls_private_key: New attribute private_key_pem_pkcs8 (PKCS#8) (#210, #225)).

BREAKING CHANGES:

• resource/tls_cert_request: Attribute key_algorithm is now read-only, as it's inferred from private_key_pem (#174, #215).

• resource/tls_self_signed_cert: Attribute private_key_pem is stored (and returned) as-is (in accordance with guidelines) (#87, #215).

• resource/tls_self_signed_cert: Attribute key_algorithm is now read-only, as it's inferred from private_key_pem (#174, #215).

• resource/tls_self_signed_cert: Setting an unsupported value in allowed_uses attribute, will now return an error instead of just a warning (#185, #215).

• resource/tls_self_signed_cert: Attribute private_key_pem is stored (and returned) as-is (in accordance with guidelines) (#87, #215).

• resource/tls_locally_signed_cert: Attribute ca_key_algorithm is now read-only, as it's inferred from ca_private_key_pem (#174, #215).

• resource/tls_locally_signed_cert: Setting an unsupported value in allowed_uses attribute, will now return an error instead of just a warning (#185, #215).

• resource/tls_locally_signed_cert: Attributes cert_request_pem, ca_private_key_pem, ca_cert_pem are stored (and returned) as-is (in accordance with guidelines) (#87, #215).

• provider: Default value for proxy.from_env is now true, and relies upon httpproxy.FromEnvironment (#224).

v3.4.0

NEW FEATURES:

• data-source/tls_certificate: New attribute content that can be used in alternative to url, to provide the certificate in PEM format (#189).

• data-source/tls_certificate: Objects in the certificates chain attribute expose a new attribute cert_pem (PEM format) (#208).

• resource/tls_self_signed_cert: New attribute set_authority_key_id to make the generated certificate include an authority key identifier (#212).

ENHANCEMENTS:

• resource/tls_locally_signed_cert: If CA provided via ca_cert_pem is not an actual CA, a warning will be raised, but the certificate will still be created (#209).

NOTES:

• data-source/tls_certificate: The id attribute has changed to the hashing of all certificates information in the chain. The first apply of this updated data source may show this difference (#189).

BUG FIXES:

• data-source/tls_certificate: Prevent plan differences with the id attribute (#79, #189).

• resource/tls_cert_request: Allow for absent or empty subject block (#209).

• resource/tls_self_signed_cert: Allow for absent or empty subject block (#209).

v3.3.0

NEW FEATURES:

• provider: Added (opt-in) HTTP proxy configuration (#179).

• data-source/tls_certificate: Support for tls:// scheme in url argument. When used, the provider will fetch certificates via a direct Secure Socket (i.e. ignores proxy) (#179).

ENHANCEMENTS:

• data-source/tls_certificate: When proxy is configured on provider, certificates fetched via url with scheme https:// will go through the specified HTTP proxy (#179).

• resource/tls_locally_signed_cert: Validate allowed_uses contains documented values, but raise warning instead of error when it does not (#184).

v3.2.1

BUG FIXES:

• resource/tls_locally_signed_cert: Fix issue preventing the generation of subject key identifier for private keys using ED25519 (#182)

• resource/tls_self_signed_cert: Fix issue preventing the generation of subject key identifier for private keys using ED25519 (#182)

v3.2.0

NEW FEATURES:

• resource/tls_private_key: Added support for ED25519 key algorithm (#151).

• data-source/tls_public_key: Added support for ED25519 key algorithm (#160).

• resource/tls_cert_request: Added support for ED25519 key algorithm (#173).

• resource/tls_self_signed_cert: Added support for ED25519 key algorithm (#173).

• resource/tls_locally_signed_cert: Added support for ED25519 key algorithm (#173).

ENHANCEMENTS:

• resource/tls_private_key: New attributes private_key_openssh (OpenSSH PEM format) and public_key_fingerprint_sha256 (#151).

• data-source/tls_public_key: Can now be configured by passing a private key either via private_key_pem or private_key_openssh (#160).

• resource/tls_locally_signed_cert: Validate that validity_period_hours and early_renewal_hours are greater or equal then zero (#169).

• resource/tls_locally_signed_cert: Validate that allowed_uses contains documented values, instead of silently ignoring unknowns (#169).

• resource/tls_locally_signed_cert: ca_key_algorithm is now optional and deprecated, as it's now inferred from ca_private_key_pem. It will be read-only in the next major release (#173).

• resource/tls_self_signed_cert: Validate that validity_period_hours and early_renewal_hours are greater or equal then zero (#169).

• resource/tls_self_signed_cert: Validate that allowed_uses contains documented values, instead of silently ignoring unknowns (#169).

• resource/tls_self_signed_cert: key_algorithm is now optional and deprecated, as it's now inferred from private_key_pem. It will be read-only in the next major release (#173).

• resource/tls_cert_request: key_algorithm is now optional and deprecated, as it's now inferred from private_key_pem. It will be read-only in the next major release (#173).

NOTES:

• Upgraded to Golang 1.17 (#156)
• Adopted golangci-lint as part of CI (#155)
• Acceptance tests now run against all minor versions of Terraform >= 0.12 (#153)