Update Terraform tls to v4

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
tls (source)	required_provider	major	3.1.0 -> 4.0.5

---

Release Notes

hashicorp/terraform-provider-tls (tls)

v4.0.5

Compare Source

NOTES:

• This release introduces no functional changes. It does however include dependency updates which address upstream CVEs. (#​432)

v4.0.4

Compare Source

BUG FIXES:

• resource/tls_locally_signed_cert: Ensure terraform refresh updates state when cert is ready for renewal (#​278).
• resource/tls_self_signed_cert: Ensure terraform refresh updates state when cert is ready for renewal (#​278).

v4.0.3

Compare Source

BUG FIXES:

• resource/tls_locally_signed_cert: Prevented Config Read Error with Terraform version 1.3.0 and later
• resource/tls_self_signed_cert: Prevented Config Read Error with Terraform version 1.3.0 and later

v4.0.2

Compare Source

BUG FIXES:

• resource/tls_cert_request: Fix regexp in attribute plan modifier to correctly match PEM (#​255).
• resource/tls_locally_signed_cert: Fix regexp in attribute plan modifier to correctly match PEM (#​255).
• resource/tls_self_signed_cert: Fix regexp in attribute plan modifier to correctly match PEM (#​255).

v4.0.1

Compare Source

BUG FIXES:

• data-source/tls_certificate: Prevented empty list of object error with certificates attribute (#​244).

v4.0.0

Compare Source

NOTES:

• Provider has been re-written using the new terraform-plugin-framework (#​215).

• resource/tls_cert_request: private_key_pem attribute is now stored in the state as-is; first apply may result in an update-in-place (#​87, #​215).

• resource/tls_self_signed_cert: private_key_pem attribute is now stored in the state as-is; first apply may result in an update-in-place (#​87, #​215).

• resource/tls_locally_signed_cert: cert_request_pem, ca_private_key_pem and ca_cert_pem attributes are now stored in the state as-is; first apply may result in an update-in-place (#​87, #​215).

• resource/tls_private_key: private_key_pem_pkcs8, private_key_openssh and public_key_fingerprint_sha256 attributes are now retro-fitted, depending on version being updated; first apply may result in an update-in-place (#​210, #​225)).

ENHANCEMENTS:

• resource/tls_private_key: New attribute private_key_pem_pkcs8 (PKCS#8) (#​210, #​225)).

BREAKING CHANGES:

• resource/tls_cert_request: Attribute key_algorithm is now read-only, as it's inferred from private_key_pem (#​174, #​215).

• resource/tls_self_signed_cert: Attribute private_key_pem is stored (and returned) as-is (in accordance with guidelines) (#​87, #​215).

• resource/tls_self_signed_cert: Attribute key_algorithm is now read-only, as it's inferred from private_key_pem (#​174, #​215).

• resource/tls_self_signed_cert: Setting an unsupported value in allowed_uses attribute, will now return an error instead of just a warning (#​185, #​215).

• resource/tls_self_signed_cert: Attribute private_key_pem is stored (and returned) as-is (in accordance with guidelines) (#​87, #​215).

• resource/tls_locally_signed_cert: Attribute ca_key_algorithm is now read-only, as it's inferred from ca_private_key_pem (#​174, #​215).

• resource/tls_locally_signed_cert: Setting an unsupported value in allowed_uses attribute, will now return an error instead of just a warning (#​185, #​215).

• resource/tls_locally_signed_cert: Attributes cert_request_pem, ca_private_key_pem, ca_cert_pem are stored (and returned) as-is (in accordance with guidelines) (#​87, #​215).

• provider: Default value for proxy.from_env is now true, and relies upon httpproxy.FromEnvironment (#​224).

v3.4.0

Compare Source

NEW FEATURES:

• data-source/tls_certificate: New attribute content that can be used in alternative to url, to provide the certificate in PEM format (#​189).

• data-source/tls_certificate: Objects in the certificates chain attribute expose a new attribute cert_pem (PEM format) (#​208).

• resource/tls_self_signed_cert: New attribute set_authority_key_id to make the generated certificate include an authority key identifier (#​212).

ENHANCEMENTS:

• resource/tls_locally_signed_cert: If CA provided via ca_cert_pem is not an actual CA, a warning will be raised, but the certificate will still be created (#​209).

NOTES:

• data-source/tls_certificate: The id attribute has changed to the hashing of all certificates information in the chain. The first apply of this updated data source may show this difference (#​189).

BUG FIXES:

• data-source/tls_certificate: Prevent plan differences with the id attribute (#​79, #​189).

• resource/tls_cert_request: Allow for absent or empty subject block (#​209).

• resource/tls_self_signed_cert: Allow for absent or empty subject block (#​209).

v3.3.0

Compare Source

NEW FEATURES:

• provider: Added (opt-in) HTTP proxy configuration (#​179).

• data-source/tls_certificate: Support for tls:// scheme in url argument. When used, the provider will fetch certificates via a direct Secure Socket (i.e. ignores proxy) (#​179).

ENHANCEMENTS:

• data-source/tls_certificate: When proxy is configured on provider, certificates fetched via url with scheme https:// will go through the specified HTTP proxy (#​179).

• resource/tls_locally_signed_cert: Validate allowed_uses contains documented values, but raise warning instead of error when it does not (#​184).

v3.2.1

Compare Source

BUG FIXES:

• resource/tls_locally_signed_cert: Fix issue preventing the generation of subject key identifier for private keys using ED25519 (#​182).

• resource/tls_self_signed_cert: Fix issue preventing the generation of subject key identifier for private keys using ED25519 (#​182).

v3.2.0

Compare Source

NEW FEATURES:

• resource/tls_private_key: Added support for ED25519 key algorithm (#​151).

• data-source/tls_public_key: Added support for ED25519 key algorithm (#​160).

• resource/tls_cert_request: Added support for ED25519 key algorithm (#​173).

• resource/tls_self_signed_cert: Added support for ED25519 key algorithm (#​173).

• resource/tls_locally_signed_cert: Added support for ED25519 key algorithm (#​173).

ENHANCEMENTS:

• resource/tls_private_key: New attributes private_key_openssh (OpenSSH PEM format) and public_key_fingerprint_sha256 (#​151).

• data-source/tls_public_key: Can now be configured by passing a private key either via private_key_pem or private_key_openssh (#​160).

• resource/tls_locally_signed_cert: Validate validity_period_hours and early_renewal_hours are greater or equal then zero (#​169).

• resource/tls_locally_signed_cert: Validate allowed_uses contains documented values, instead of silently ignoring unknowns (#​169).

• resource/tls_locally_signed_cert: ca_key_algorithm is now optional and deprecated, as it's now inferred from ca_private_key_pem. It will be read-only in the next major release (#​173).

• resource/tls_self_signed_cert: Validate validity_period_hours and early_renewal_hours are greater or equal then zero (#​169).

• resource/tls_self_signed_cert: Validate allowed_uses contains documented values, instead of silently ignoring unknowns (#​169).

• resource/tls_self_signed_cert: key_algorithm is now optional and deprecated, as it's now inferred from private_key_pem. It will be read-only in the next major release (#​173).

• resource/tls_cert_request: key_algorithm is now optional and deprecated, as it's now inferred from private_key_pem. It will be read-only in the next major release (#​173).

NOTES:

• Upgraded to Golang 1.17 (#​156)
• Adopted golangci-lint as part of CI (#​155)
• Acceptance tests now run against all minor versions of Terraform >= 0.12 (#​153)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.