Canonical reference for changes, improvements, and bugfixes for the Boundary Terraform provider.
- Introduces support for specifying a worker filter in dynamic host catalogs (PR)
- With Boundary 0.15, a deprecation notice was put under the
grant_scope_id
field, and a newgrant_scope_ids
field was introduced to replace it. With Boundary v0.17.1 and Boundary API v0.0.52,grant_scope_id
support was entirely removed.grant_scope_id
support has now been removed from this TF provider.
- Add support for a target alias as a resource (PR)
-
Support the multi-value
grant_scope_ids
field in the role provider (PR) -
Support Boundary Storage Policies (PR)
- Allow dynamic credentials when configuring storage buckets (PR)
- Add support to configure valid_principals with Vault SSH Certificate Credential Library (PR)
- Add support for OIDC prompts. Using prompts, the Relying Party (RP) can customize the authentication and authorization flow to suit their specific needs and improve the user experience. OIDC Authentication request server. (PR)
- Add boundary_auth_method data source (PR)
- Add boundary_group data source (PR)
- Add boundary_account data source (PR)
- Add boundary_user data source (PR)
- Fix boundary_worker overwriting worker generated auth token during (PR)
- Add support for Scope datasource (PR)
- LDAP: Add support for maximum_page_size and dereference_aliases (PR)
- Add support for a storage bucket as a resource (PR)
- Add option to enable session recording on a target resource (PR)
- Update docs for host set plugin filters examples (PR)
- Deprecate
password_auth_method_login_name
&password_auth_method_password
for Terraform Provider.password_auth_method_login_name
&password_auth_method_password
fields have been set to deprecated with a recommendation to useauth_method_login_name
&auth_method_password
fields instead. (PR) - Deprecate type field for
boundary_account_password
(PR) - Deprecate type field for
boundary_account_ldap
(PR)
- Fix default auth method with recovery kms (PR)
- Add support for using default auth method if no auth method ID is provided for provider (PR)
- Fix typo in Managed Group resource page (PR)
- Force new resource on credential_type change (PR)
- Add support for credential store vault worker filters (PR)
- Allow users to set OIDC maxAge value to 0 to require immediate reauth (PR)
- Add support for worker egress and ingress filters (PR)
- Add support for vault ssh certificate credential libraries (PR)
- Add support for targets with address configurations (PR)
- Add support for a workers as a resource (PR).
- Add support for setting mapping overrides for vault credential libraries (PR).
- Improve error message when authenticating to boundary (PR).
- Set state before returning an error when creating a resource (PR)
- The plugin cleanup function is being called before the entire Terraform workflow is complete. (Issue), (PR).
- Add support for JSON credentials (PR).
- Add support for setting the plugin execution directory from the config (PR).
- Fix panic resulting from expired Vault credential store tokens (Issue, PR).
- Remove
application_credential_source_ids
of thetarget
resource which was deprecated in 1.0.12 (PR). - Remove
default_role
from therole
resource, this schema was never supported and was included mistakenly (Issue, PR).
- Add support for SSH targets (PR).
- Deprecate
application_credential_source_ids
of thetarget
resource (PR).
- Add support for SSH private key credentials (PR).
- Add support for credential type in Vault libraries (PR).
- Adds support for static credential stores (PR).
- Adds support for username password credentials (PR).
-
The bug fix released in 1.0.8 to resolve the
plugin is nil
error only worked for Linux AMD64. This was due to a build issue where the plugin binaries were only built for Linux AMD64. Other platforms would receive an error similar to:Error: error reading wrappers from "recovery_kms_hcl": Error configuring kms: error fetching kms plugin rpc client: fork/exec boundary-plugin-kms-awskms.gz: exec format error
-
After moving to go-kms-wrapping V2, the Boundary Terraform Provider did not load all KMS plugins resulting in an error when trying to create a wrapper for any type other than 'aead':
Error: error reading wrappers from "recovery_kms_hcl": Error configuring kms: plugin is nil
- Undoes an erroneous deprecation of the
login_name
andpassword
fields inresource_account_password
andresource_account
. Deprecatesresource_account
that was replaced withresource_account_password
(PR).
- Removes fields
host_set_ids
andapplication_credential_library_ids
of thetarget
resource, which were deprecated in 1.0.5 (PR).
- Deprecate fields
host_set_ids
andapplication_credential_library_ids
of thetarget
resource. See boundary 0.5.0 changelog for more detail on the deprecation. (PR).
- Adds managed groups resource (PR).
- Adds credential library resource for Vault (PR).
- Adds credential store resource for Vault (PR 1), (PR 2).
- Adds claim scopes attribute to OIDC auth method (PR).
- Adds account claim maps attribute to OIDC auth method (PR).
- Make OIDC account attribute for subject ForceNew (Issue), (PR).
- Update static type attribute for host catalog resource (Issue), (PR).
- Deprecates fields on
resource_auth_method
that will be replaced in the future with genericattributes
attribute.
- Adds worker filter to target resource (PR).
We are bumping the version of the Boundary Terraform provider to v1.0.0 and will release new versions of the provider at its own cadence instead of keeping it in lockstep with Boundary.
- During
terraform apply
, do not update existing user account passwords when the password field is updated in the tf file. (Issue), (PR).
Update provider to handle new domain errors (PR).
Initial release!