v3.7.0

FEATURES:

• Support setting namespace by resource
  (#1305)
  (#1479)
• Add dedicated KV (v1/v2) secret engine resources, and data sources, supersedes vault_generic_secret
  (#1457)

IMPROVEMENTS:

• Update vault libs to v1.10.3
  (#1483)
• Drop debug log calls containing the full vault response
  (#1477)
• resource/token: Add metadata support
  (#1470)
• resource/vault_ldap_auth_backend: support LDAP username_as_alias attribute:
  (#1460)
• resource/vault_quota_rate_limit: Add support for interval and block_interval:
  (#1084)
• ci: Test against vault-enterprise 1.10.3-ent:
  (#1461)

BUGS:

• resource/auth_backend: validate path, disallowing leading/trailing /
  (#1471)
• resource/vault_jwt_auth_backend_role: fix bound_claims not being unset when empty
  (#1469)
• resource/cert_auth_backend: add the correct field name: allowed_organizational_units
  (#1496)

v3.6.0

IMPROVEMENTS:

• resource/pki_secret_backend_root_cert: Force new root CA resource creation on out-of-band changes.
  (#1428)
• resource/pki_secret_backend_intermediate_set_signed: Document complete usage example.
  (#1452)
• resource/pki_secret_backend_config_urls: Add support for importing PKI config URLs
  (#1451)
• vault/resource_pki_secret_backend*: Extend revocation support to other resources
  (#1446)
• vault/resource_pki_secret_backend*: Force new root CA/cert resource creation on out-of-band changes.
  (#1432)
• datasource/generic_secret: Improve documentation.
  (#1390)
• resource/ldap_auth_backend: Support setting userfilter.
  (#1378)
• resource/aws_auth_backend_role: Add role_id as a computed field.
  (#1377)
• Auth: Handle CIDR prefix being stripped for hosts in token_bound_cidrs
  (#1346)
• Add allowed_serial_numbers support
  (#1119)
• resource/pki_secret_backend_role: Allow key_type to be set to any.
  (#791)
• resource/aws_secret_backend_role: Add user_path and permissions_boundary_arn arguments.
  (#781)

BUGS:

• resource/pki_secret_backend_root_sign_intermediate: Ensure that the certificate_bundle, and ca_chain
  do not contain duplicate certificates.
  (#1428)
• resource/identity_entity_alias: Serialize create, update, and delete operations in order to prevent alias
  mismatches.
  (#1429)
• database_secret*: Ignore mongodb-atlas private_key on read from Vault.
  mismatches.
  (#1438)
• resource/auth_backend: Remove ForceNew behavior when updating description.
  (#1439)
• resource/identity_group_member_entity_ids: Properly handle nil member_entity_ids in response.
  (#1448)
• resource/pki_secret_backend_role: Fix TTL handling in PKI role.
  (#1447)
• resource/pki_secret_backend_role: key_usage value should be computed.
  (#1443)
• resource/vault_pki_secret_backend_{cert,sign}: Properly force a new resource whenever the cert is near expiry.
  (#1440)
• resource/identity_entity_alias: Remove read operation on entity alias update.
  (#1434)

v3.5.0

FEATURES:

• Add MFA support: new resources vault_mfa_okta, vault_mfa_totp, vault_mfa_pingid (#1395)
• New resource/database_secrets_mount: Configures any number of database secrets engines under
  a single, dedicated mount resource
  (#1400)

IMPROVEMENTS:

• data/vault_generic_secret: Add new field with_lease_start_time to vault_generic_secret datasource
  (#1414)
• resource/vault_ssh_secret_backend_role: support configuring multiple public SSH key lengths in vault-1.10+
  (#1300)
• resource/database_secret*: Add support for configuring TLS, and the username_template field for ElasticSearch.
  (#1413)
• resource/pki_secret_backend_cert: Add support for optionally revoking the certificate upon resource destruction.
  (#1411)
• provider: Add support for setting the tls_server_name to use as the SNI host when connecting via TLS.
  (#1145)
• docs: Add links to Learn Tutorials.
  (#1399)

BUGS:

• resource/identity_group: Fix issue where the group's member_entity_ids were being unset in error on update.
  (#1409)
• resource/transit_secret_backend_key: Add auto_rotate_period field which deprecates auto_rotate_interval.
  (#1402)

v3.4.1

3.4.1 (March 31, 2022)

BUGS:

• data/azure_access_credentials: Fix panic when tenant_id and subscription_id are specified together; add new environment override field
  (#1391).

IMPROVEMENTS:

• resource/rabbitmq_secret_backend: Add support for the password_policy and username_template fields
  (#1276)

v3.4.0

3.4.0 (March 24, 2022)

FEATURES:

• data/azure_access_credentials Add subscription_id and tenant_id fields to used during credential validation (#1384)
• Add OIDC Provider support: new resources vault_identity_oidc_scope, vault_identity_oidc_assignment, vault_identity_oidc_client
  , vault_identity_oidc_provider, vault_identity_oidc_public_keys, vault_identity_oidc_openid_config (#1363)

BUGS:

• data/azure_access_credentials: Fix credential validation (#1381).

IMPROVEMENTS:

• resource/database_secret_backend_connection: Add disable_escaping parameter support to Redshift, HanaDB, Postgres and MSSQL (#1321)
• resource/transit_secret_backend_key: Add auto_rotate_interval parameter support to Transit Key Backend (#1345)
• resource/consul_secret_backend_role: Add support for Consul role (#1366)
• resource/consul_secret_backend_role: Add support for Consul namespaces and partitions (#1367)
• resource/github_auth_backend: Add support for organization_id field (#1296)
• resource/approle_auth_backend_role_secret_id: Add with_wrapped_accessor to control how the resource ID is set (#1166)

v3.3.1

3.3.1 (February 25, 2022)

BUGS:

• resource/identity_group: Report an error upon duplicate resource creation failure. Document group name caveats. (#1352)
• resource/pki_secret_backend_root_sign_intermediate: Fix panic when reading ca_chain from Vault (#1357)
• resource/raft_snapshot_agent_config: Properly handle nil response on read (#1360)
• resource/identity_*: Ensure non-existent entities are handled properly (#1361)
• resource/dentity_group_member_entity_ids: Properly handle nil member_identity_ids on read (#1356)

v3.3.0

3.3.0 (February 17, 2022)

FEATURES:

• Add KMIP support: new resources vault_kmip_secret_backend, vault_kmip_secret_scope and vault_kmip_secret_role (#1339)

BUGS:

• resource/kubernetes_auth_backend_config: Ensure disable_iss_validation is honored in all cases (#1315)
• resource/database_secret_backend_connection: Add error handling for unrecognized plugins on read (#1325)
• resource/kubernetes_auth_backend_config: Prevent persistent diff for kubernetes_ca_cert when it is loaded by the backend (#1337)

IMPROVEMENTS:

• resource/token_auth_backend_role: Add allowed_policies_glob and disallowed_polices_glob (#1316)
• resource/database_secret_backend_connection: Add support for configuring the secret engine's plugin_name (#1320)
• resource/pki_secret_backend_root_sign_intermediate: Update schema for ca_chain from string to a list of
  issuing_ca and certificate, add new certificate_bundle attribute that provides the concatenation of the
  intermediate and issuing CA certificates (PEM encoded) (#1330)
• resource/azure_secret_backend: Add support for setting use_microsoft_graph_api (#1335)
• r/d/kubernetes_auth_backend_role: Add support for setting and getting alias_name_source (#1336)
• resource/database_secret_backend_connection: Add username and password fields to all DB Engines that support them (#1331)
• resource/token_auth_backend_role: Add support for setting allowed_entity_aliases (#1126)
• resource/ad_secret_backend: Restore deprecated formatter, and length fields. (#1341)
• resource/ldap_auth_backend: Add support for setting case_sensitive_names (#1176)

v3.2.1

3.2.1 (January 20, 2022)

BUGS:

• resource/rabbitmq_secret_backend_role: Add nil check when reading RabbitMQ role from Vault (#1312)

v3.2.0

3.2.0 (January 19, 2022)

BUGS:

• resource/aws_secret_backend_role: Ensure all updated fields are applied (#1277)

IMPROVEMENTS:

• resource/database_secret_backend_connection: Add support for configuring Redshift databases (#1279)
• resource/pki_secret_backend_intermediate_cert_request: Add support for the ed25519 key_type (#1278)
• resource/rabbitmq_secret_backend_role: Add support for vhost_topics (#1246)
• resource/vault_mount: Add support for audit_non_hmac_request_keys and audit_non_hmac_response_keys (#1297)
• resource/vault_aws_secret_backend: Add support for username_template (#1292)

v3.1.1

3.1.1 (December 22, 2021)

BUGS:

• Prevent new entity read failures when the VAULT_TOKEN environment variable is not set (#1270)