Releases: Venafi/terraform-provider-venafi
Releases · Venafi/terraform-provider-venafi
v0.21.0: Support for Cloud Provisioning in Venafi Control Plane
What's New
- Adds new resource cloud_keystore_installation, which allows provisioning a certificate from Venafi inventory to a pre-configured Cloud Keystore (ACM, AKV, GCM).
- Adds new data source cloud_provider to retrieve the ID of an existing Cloud Provider from Venafi Control Plane.
- Adds new data source cloud_keystore to retrieve the ID of an existing Cloud Keystore from Venafi Control Plane.
What's Changed
- Removes the requirement of key_password for service-generated certificates in venafi_certificate resource.
- Removes the requirement of key_password for certificate imports (import only supports service-generated certificates).
- Updates logic of expiration_window attribute. Now, when certificate expiration is within the expiration window, the certificate will be renewed in the same terraform run the issue is reported.
v0.20.0: Changed attribute name idp_jwt to external_jwt
What's Changed
- Changed provider attribute name
idp_jwttoexternal_jwt. This attribute is required for authentication using service-account in Venafi Control Plane
v0.19.0: Support for VCP service account authentication
What's Changed
- Added two new attributes for VCP service account authentication:
token_url: the url to request the VCP access tokenidp_jwt: the JWT from the identity provider associated to the service account that requests the token
Every time the terraform plan runs, a new VCP access token will be requested.
v0.18.0: Support to retire certificate in Venafi Platform
What's Changed
- Now when an infrastructure is decommissioned, the associated certificate will be automatically retired from the Venafi Platform (TLSPDC and TLSPC).
- Added the
skip_retirementprovider configuration option to disable the certificate retirement functionality.
v0.17.2: Prepare provider for use with venafi-token provider
What's Changed
Updates necessary for using this provider along with the new venafi-token provider
v0.17.1: Changes to support terraform-provider-venati-token
What's Changed
Removes an error thrown during provider configuration. Instead the error is thrown at resource creation. This work is necessary to allow the venafi-token provider to successfully manage the tokens of this provider.
v0.17.0: Support for client certificate authentication
What's Changed
- Feat: Added docs section for usage with EMEA accounts
- Upgraded plugin to use golang v1.21
- Added support for PFX client certificate authentication by adding two new attributes:
p12_cert_filenameandp12_cert_password - Added ability to customize client id through a new attribute
client_id. - Added default
client_idvalue:hashicorp-terraform-by-venafi
Exposes nickname attribute for Venafi certificate resource, includes bug fix
- Exposes
nicknameattribute for Venafi'scertificateresource in order to have the ability to override TPP's certificate object name - Fixes a bug that were would let bad certificate key-pair be store into Terraform's state during creation of the
certificateresource.
Exposing the nickname will allow you to handle some special scenarios. Example usage:
resource "venafi_certificate" "tls_server_tpp" {
provider = venafi.tpp
count = 3 # create 3 certificates with same hostname
nickname = "${local.asset_name} - ${count.index}"
common_name = local.asset_name
san_dns = [
local.asset_name
]
algorithm = "RSA"
rsa_bits = "2048"
}
Upgraded plugin to SDKv2
- Upgraded project for SDKv2
- Added
tflogtool for logging as part of new SDK version
⚠️ As part of upgrading the SDK we dropped support for Terraform version 0.11.0 and below
Fixed a bug in backward compatibility with PKCS#1 keys
- Fixed a bug in backward compatibility with
PKCS#1keys during Terraform plan refresh.