399 lines
21 KiB
YAML
399 lines
21 KiB
YAML
ancestor: null
|
|
releases:
|
|
0.1.0:
|
|
changes:
|
|
release_summary: 'Our first release matches the ``hashi_vault`` lookup functionality
|
|
provided by ``community.general`` version ``1.3.0``.
|
|
|
|
'
|
|
fragments:
|
|
- 0.1.0.yml
|
|
release_date: '2020-12-02'
|
|
0.2.0:
|
|
changes:
|
|
bugfixes:
|
|
- hashi_vault - ``mount_point`` parameter did not work with ``aws_iam_login``
|
|
auth method (https://github.com/ansible-collections/community.hashi_vault/issues/7)
|
|
- hashi_vault - fallback logic for handling deprecated style of auth in hvac
|
|
was not implemented correctly (https://github.com/ansible-collections/community.hashi_vault/pull/33).
|
|
- hashi_vault - parameter ``mount_point`` does not work with JWT auth (https://github.com/ansible-collections/community.hashi_vault/issues/29).
|
|
- hashi_vault - tokens without ``lookup-self`` ability can't be used because
|
|
of validation (https://github.com/ansible-collections/community.hashi_vault/issues/18).
|
|
deprecated_features:
|
|
- hashi_vault - ``VAULT_ADDR`` environment variable for option ``url`` will
|
|
have its precedence lowered in 1.0.0; use ``ANSIBLE_HASHI_VAULT_ADDR`` to
|
|
intentionally override a config value (https://github.com/ansible-collections/community.hashi_vault/issues/8).
|
|
- hashi_vault - ``VAULT_AUTH_METHOD`` environment variable for option ``auth_method``
|
|
will be removed in 2.0.0, use ``ANSIBLE_HASHI_VAULT_AUTH_METHOD`` instead
|
|
(https://github.com/ansible-collections/community.hashi_vault/issues/17).
|
|
- hashi_vault - ``VAULT_ROLE_ID`` environment variable for option ``role_id``
|
|
will be removed in 2.0.0, use ``ANSIBLE_HASHI_VAULT_ROLE_ID`` instead (https://github.com/ansible-collections/community.hashi_vault/issues/20).
|
|
- hashi_vault - ``VAULT_SECRET_ID`` environment variable for option ``secret_id``
|
|
will be removed in 2.0.0, use ``ANSIBLE_HASHI_VAULT_SECRET_ID`` instead (https://github.com/ansible-collections/community.hashi_vault/issues/20).
|
|
- hashi_vault - ``VAULT_TOKEN_FILE`` environment variable for option ``token_file``
|
|
will be removed in 2.0.0, use ``ANSIBLE_HASHI_VAULT_TOKEN_FILE`` instead (https://github.com/ansible-collections/community.hashi_vault/issues/15).
|
|
- hashi_vault - ``VAULT_TOKEN_PATH`` environment variable for option ``token_path``
|
|
will be removed in 2.0.0, use ``ANSIBLE_HASHI_VAULT_TOKEN_PATH`` instead (https://github.com/ansible-collections/community.hashi_vault/issues/15).
|
|
minor_changes:
|
|
- Add optional ``aws_iam_server_id`` parameter as the value for ``X-Vault-AWS-IAM-Server-ID``
|
|
header (https://github.com/ansible-collections/community.hashi_vault/pull/27).
|
|
- hashi_vault - ``ANSIBLE_HASHI_VAULT_ADDR`` environment variable added for
|
|
option ``url`` (https://github.com/ansible-collections/community.hashi_vault/issues/8).
|
|
- hashi_vault - ``ANSIBLE_HASHI_VAULT_AUTH_METHOD`` environment variable added
|
|
for option ``auth_method`` (https://github.com/ansible-collections/community.hashi_vault/issues/17).
|
|
- hashi_vault - ``ANSIBLE_HASHI_VAULT_ROLE_ID`` environment variable added for
|
|
option ``role_id`` (https://github.com/ansible-collections/community.hashi_vault/issues/20).
|
|
- hashi_vault - ``ANSIBLE_HASHI_VAULT_SECRET_ID`` environment variable added
|
|
for option ``secret_id`` (https://github.com/ansible-collections/community.hashi_vault/issues/20).
|
|
- hashi_vault - ``ANSIBLE_HASHI_VAULT_TOKEN_FILE`` environment variable added
|
|
for option ``token_file`` (https://github.com/ansible-collections/community.hashi_vault/issues/15).
|
|
- hashi_vault - ``ANSIBLE_HASHI_VAULT_TOKEN_PATH`` environment variable added
|
|
for option ``token_path`` (https://github.com/ansible-collections/community.hashi_vault/issues/15).
|
|
- hashi_vault - ``namespace`` parameter can be specified in INI or via env vars
|
|
``ANSIBLE_HASHI_VAULT_NAMESPACE`` (new) and ``VAULT_NAMESPACE`` (lower preference) (https://github.com/ansible-collections/community.hashi_vault/issues/14).
|
|
- hashi_vault - ``token`` parameter can now be specified via ``ANSIBLE_HASHI_VAULT_TOKEN``
|
|
as well as via ``VAULT_TOKEN`` (the latter with lower preference) (https://github.com/ansible-collections/community.hashi_vault/issues/16).
|
|
- hashi_vault - add ``token_validate`` option to control token validation (https://github.com/ansible-collections/community.hashi_vault/pull/24).
|
|
- hashi_vault - uses new AppRole method in hvac 0.10.6 with fallback to deprecated
|
|
method with warning (https://github.com/ansible-collections/community.hashi_vault/pull/33).
|
|
release_summary: 'Several backwards-compatible bugfixes and enhancements in
|
|
this release.
|
|
|
|
Some environment variables are deprecated and have standardized replacements.'
|
|
fragments:
|
|
- 0.2.0.yml
|
|
- 22-hashi_vault-aws_iam_login-mount_point.yml
|
|
- 24-hashi_vault-token_validation.yml
|
|
- 25-non-breaking-env-parameter-changes.yml
|
|
- 27-add-hashi_vault-header_value-param.yml
|
|
- 31-jwt-mount_point.yml
|
|
- 33-approle-deprecation.yml
|
|
- 35-env-var-deprecations.yml
|
|
release_date: '2020-12-24'
|
|
1.0.0:
|
|
changes:
|
|
breaking_changes:
|
|
- hashi_vault - the ``VAULT_ADDR`` environment variable is now checked last
|
|
for the ``url`` parameter. For details on which use cases are impacted, see
|
|
(https://github.com/ansible-collections/community.hashi_vault/issues/8).
|
|
release_summary: Our first major release contains a single breaking change that
|
|
will affect only a small subset of users. No functionality is removed. See
|
|
the details in the changelog to determine if you're affected and if so how
|
|
to transition to remediate.
|
|
fragments:
|
|
- 1.0.0.yml
|
|
- 41-lower-url-env-precedence.yml
|
|
release_date: '2020-12-30'
|
|
1.1.0:
|
|
changes:
|
|
minor_changes:
|
|
- hashi_vault - add ``proxies`` option (https://github.com/ansible-collections/community.hashi_vault/pull/50).
|
|
release_summary: This release contains a new ``proxies`` option for the ``hashi_vault``
|
|
lookup.
|
|
fragments:
|
|
- 1.1.0.yml
|
|
- 50-add-proxies-option.yml
|
|
release_date: '2021-02-08'
|
|
1.1.1:
|
|
changes:
|
|
bugfixes:
|
|
- hashi_vault - restore use of ``VAULT_ADDR`` environment variable as a low
|
|
preference env var (https://github.com/ansible-collections/community.hashi_vault/pull/61).
|
|
release_summary: 'This bugfix release restores the use of the ``VAULT_ADDR``
|
|
environment variable for setting the ``url`` option.
|
|
|
|
See the PR linked from the changelog entry for details and workarounds if
|
|
you cannot upgrade.'
|
|
fragments:
|
|
- 1.1.1.yml
|
|
- 41-fix-vault-addr.yml
|
|
release_date: '2021-02-24'
|
|
1.1.2:
|
|
changes:
|
|
release_summary: This release contains the same functionality as 1.1.1. The
|
|
only change is to mark some code as internal to the collection. If you are
|
|
already using 1.1.1 as an end user you do not need to update.
|
|
fragments:
|
|
- 1.1.2.yml
|
|
release_date: '2021-03-02'
|
|
1.1.3:
|
|
changes:
|
|
bugfixes:
|
|
- hashi_vault - userpass authentication did not work with hvac 0.9.6 or higher
|
|
(https://github.com/ansible-collections/community.hashi_vault/pull/68).
|
|
release_summary: This release fixes a bug with ``userpass`` authentication and
|
|
``hvac`` versions 0.9.6 and higher.
|
|
fragments:
|
|
- 1.1.3.yml
|
|
- 68-fix-userpass-auth.yml
|
|
release_date: '2021-03-19'
|
|
1.2.0:
|
|
changes:
|
|
deprecated_features:
|
|
- hashi_vault collection - support for Python 2 will be dropped in version ``2.0.0``
|
|
of ``community.hashi_vault`` (https://github.com/ansible-collections/community.hashi_vault/issues/81).
|
|
minor_changes:
|
|
- hashi_vault lookup - add ``ANSIBLE_HASHI_VAULT_CA_CERT`` env var (with ``VAULT_CACERT``
|
|
low-precedence fallback) for ``ca_cert`` option (https://github.com/ansible-collections/community.hashi_vault/pull/97).
|
|
- hashi_vault lookup - add ``ANSIBLE_HASHI_VAULT_PASSWORD`` env var and ``ansible_hashi_vault_password``
|
|
ansible var for ``password`` option (https://github.com/ansible-collections/community.hashi_vault/pull/96).
|
|
- hashi_vault lookup - add ``ANSIBLE_HASHI_VAULT_USERNAME`` env var and ``ansible_hashi_vault_username``
|
|
ansible var for ``username`` option (https://github.com/ansible-collections/community.hashi_vault/pull/96).
|
|
- hashi_vault lookup - add ``ansible_hashi_vault_auth_method`` Ansible vars
|
|
entry to the ``proxies`` option (https://github.com/ansible-collections/community.hashi_vault/pull/86).
|
|
- hashi_vault lookup - add ``ansible_hashi_vault_ca_cert`` ansible var for ``ca_cert``
|
|
option (https://github.com/ansible-collections/community.hashi_vault/pull/97).
|
|
- hashi_vault lookup - add ``ansible_hashi_vault_namespace`` Ansible vars entry
|
|
to the ``namespace`` option (https://github.com/ansible-collections/community.hashi_vault/pull/86).
|
|
- hashi_vault lookup - add ``ansible_hashi_vault_proxies`` Ansible vars entry
|
|
to the ``proxies`` option (https://github.com/ansible-collections/community.hashi_vault/pull/86).
|
|
- hashi_vault lookup - add ``ansible_hashi_vault_role_id`` Ansible vars entry
|
|
to the ``proxies`` option (https://github.com/ansible-collections/community.hashi_vault/pull/86).
|
|
- hashi_vault lookup - add ``ansible_hashi_vault_secret_id`` Ansible vars entry
|
|
to the ``proxies`` option (https://github.com/ansible-collections/community.hashi_vault/pull/86).
|
|
- hashi_vault lookup - add ``ansible_hashi_vault_token_file`` Ansible vars entry
|
|
to the ``token_file`` option (https://github.com/ansible-collections/community.hashi_vault/pull/95).
|
|
- hashi_vault lookup - add ``ansible_hashi_vault_token_path`` Ansible vars entry
|
|
to the ``token_path`` option (https://github.com/ansible-collections/community.hashi_vault/pull/95).
|
|
- hashi_vault lookup - add ``ansible_hashi_vault_token_validate`` Ansible vars
|
|
entry to the ``proxies`` option (https://github.com/ansible-collections/community.hashi_vault/pull/86).
|
|
- hashi_vault lookup - add ``ansible_hashi_vault_token`` Ansible vars entry
|
|
to the ``proxies`` option (https://github.com/ansible-collections/community.hashi_vault/pull/86).
|
|
- hashi_vault lookup - add ``ansible_hashi_vault_url`` and ``ansible_hashi_vault_addr``
|
|
Ansible vars entries to the ``url`` option (https://github.com/ansible-collections/community.hashi_vault/pull/86).
|
|
- hashi_vault lookup - add ``ansible_hashi_vault_validate_certs`` Ansible vars
|
|
entry to the ``validate_certs`` option (https://github.com/ansible-collections/community.hashi_vault/pull/95).
|
|
- hashi_vault lookup - add ``ca_cert`` INI config file key ``ca_cert`` option
|
|
(https://github.com/ansible-collections/community.hashi_vault/pull/97).
|
|
- hashi_vault lookup - add ``none`` auth type which allows for passive auth
|
|
via a Vault agent (https://github.com/ansible-collections/community.hashi_vault/pull/80).
|
|
release_summary: 'This release brings several new ways of accessing options,
|
|
like using Ansible vars, and addng new environment variables and INI config
|
|
entries.
|
|
|
|
A special ``none`` auth type is also added, for working with certain Vault
|
|
Agent configurations.
|
|
|
|
This release also announces the deprecation of Python 2 support in version
|
|
``2.0.0`` of the collection.'
|
|
fragments:
|
|
- 1.2.0.yml
|
|
- 80-add-none-auth-type.yml
|
|
- 81-deprecating-python2.yml
|
|
- 86-add-vars-options.yml
|
|
- 95-more-vars-options.yml
|
|
- 96-userpass-vars-env.yml
|
|
- 97-ca_cert-env-and-vars.yml
|
|
release_date: '2021-06-19'
|
|
1.3.0:
|
|
changes:
|
|
minor_changes:
|
|
- hashi_vault lookup - add ``retries`` and ``retry_action`` to enable built-in
|
|
retry on failure (https://github.com/ansible-collections/community.hashi_vault/pull/71).
|
|
- hashi_vault lookup - add ``timeout`` option to control connection timeouts
|
|
(https://github.com/ansible-collections/community.hashi_vault/pull/100).
|
|
release_summary: This release adds two connection-based options for controlling
|
|
timeouts and retrying failed Vault requests.
|
|
fragments:
|
|
- 1.3.0.yml
|
|
- 100-add-timeout-option.yml
|
|
- 71-add-retries.yml
|
|
release_date: '2021-06-28'
|
|
1.3.1:
|
|
changes:
|
|
release_summary: This release fixes an error in the documentation. No functionality
|
|
is changed so it's not necessary to upgrade from ``1.3.0``.
|
|
fragments:
|
|
- 1.3.1.yml
|
|
release_date: '2021-06-30'
|
|
1.3.2:
|
|
changes:
|
|
deprecated_features:
|
|
- hashi_vault collection - support for Python 3.5 will be dropped in version
|
|
``2.0.0`` of ``community.hashi_vault`` (https://github.com/ansible-collections/community.hashi_vault/issues/81).
|
|
minor_changes:
|
|
- hashi_vault collection - add ``execution-environment.yml`` and a python requirements
|
|
file to better support ``ansible-builder`` (https://github.com/ansible-collections/community.hashi_vault/pull/105).
|
|
release_summary: 'This release adds requirements detection support for Ansible
|
|
Execution Environments. It also updates and adds new guides in our `collection
|
|
docsite <https://docs.ansible.com/ansible/devel/collections/community/hashi_vault>`_.
|
|
|
|
This release also announces the dropping of Python 3.5 support in version
|
|
``2.0.0`` of the collection, alongside the previous announcement dropping
|
|
Python 2.x in ``2.0.0``.'
|
|
fragments:
|
|
- 1.3.2.yml
|
|
- 105-support-ansible-builder.yml
|
|
- 107-deprecating-python-35.yml
|
|
release_date: '2021-07-20'
|
|
1.4.0:
|
|
changes:
|
|
bugfixes:
|
|
- aws_iam_login auth - the ``aws_security_token`` option was not used, causing
|
|
assumed role credentials to fail (https://github.com/ansible-collections/community.hashi_vault/issues/160).
|
|
- hashi_vault collection - a fallback import supporting the ``retries`` option
|
|
for ``urllib3`` via ``requests.packages.urllib3`` was not correctly formed
|
|
(https://github.com/ansible-collections/community.hashi_vault/issues/116).
|
|
- hashi_vault collection - unhandled exception with ``token`` auth when ``token_file``
|
|
exists but is a directory (https://github.com/ansible-collections/community.hashi_vault/issues/152).
|
|
deprecated_features:
|
|
- lookup hashi_vault - the ``[lookup_hashi_vault]`` section in the ``ansible.cfg``
|
|
file is deprecated and will be removed in collection version ``3.0.0``. Instead,
|
|
the section ``[hashi_vault_collection]`` can be used, which will apply to
|
|
all plugins in the collection going forward (https://github.com/ansible-collections/community.hashi_vault/pull/144).
|
|
minor_changes:
|
|
- community.hashi_vault collection - add cert auth method (https://github.com/ansible-collections/community.hashi_vault/pull/159).
|
|
release_summary: 'This release includes bugfixes, a new auth method (``cert``),
|
|
and the first new content since the collection''s formation, the ``vault_read``
|
|
module and lookup plugin.
|
|
|
|
We''re also announcing the deprecation of the ``[lookup_hashi_vault]`` INI
|
|
section (which will continue working up until its removal only for the ``hashi_vault``
|
|
lookup), to be replaced by the ``[hashi_vault_collection]`` section that will
|
|
apply to all plugins in the collection.'
|
|
fragments:
|
|
- 1.4.0.yml
|
|
- 113-retry-fallback.yml
|
|
- 144-deprecate-lookup-ini.yml
|
|
- 154-token_file must be a file.yml
|
|
- 159-add-cert-auth.yml
|
|
- 161-aws-sts-token.yml
|
|
modules:
|
|
- description: Perform a read operation against HashiCorp Vault
|
|
name: vault_read
|
|
namespace: ''
|
|
plugins:
|
|
lookup:
|
|
- description: Perform a read operation against HashiCorp Vault
|
|
name: vault_read
|
|
namespace: null
|
|
release_date: '2021-10-25'
|
|
1.4.1:
|
|
changes:
|
|
bugfixes:
|
|
- aws_iam_login auth method - fix incorrect use of ``boto3``/``botocore`` that
|
|
prevented proper loading of AWS IAM role credentials (https://github.com/ansible-collections/community.hashi_vault/issues/167).
|
|
release_summary: This release contains a bugfix for ``aws_iam_login`` authentication.
|
|
fragments:
|
|
- 1.4.1.yml
|
|
- 168-aws_auth-boto-bug.yml
|
|
release_date: '2021-10-28'
|
|
1.5.0:
|
|
changes:
|
|
minor_changes:
|
|
- add the ``community.hashi_vault.vault`` action group (https://github.com/ansible-collections/community.hashi_vault/pull/172).
|
|
- auth methods - Add support for configuring the ``mount_point`` auth method
|
|
option in plugins via the ``ANSIBLE_HASHI_VAULT_MOUNT_POINT`` environment
|
|
variable, ``ansible_hashi_vault_mount_point`` ansible variable, or ``mount_point``
|
|
INI section (https://github.com/ansible-collections/community.hashi_vault/pull/171).
|
|
release_summary: 'This release includes a new action group for use with ``module_defaults``,
|
|
and additional ways of specifying the ``mount_point`` option for plugins.
|
|
|
|
This will be the last ``1.x`` release.'
|
|
fragments:
|
|
- 1.5.0.yml
|
|
- 172-action_group.yml
|
|
- pr-171-envvar-for-mount-point.yaml
|
|
release_date: '2021-11-05'
|
|
2.0.0:
|
|
changes:
|
|
breaking_changes:
|
|
- connection options - there is no longer a default value for the ``url`` option
|
|
(the Vault address), so a value must be supplied (https://github.com/ansible-collections/community.hashi_vault/issues/83).
|
|
release_summary: 'Version 2.0.0 of the collection drops support for Python 2
|
|
& Python 3.5, making Python 3.6 the minimum supported version.
|
|
|
|
Some deprecated features and settings have been removed as well.'
|
|
removed_features:
|
|
- drop support for Python 2 and Python 3.5 (https://github.com/ansible-collections/community.hashi_vault/issues/81).
|
|
- 'support for the following deprecated environment variables has been removed:
|
|
``VAULT_AUTH_METHOD``, ``VAULT_TOKEN_PATH``, ``VAULT_TOKEN_FILE``, ``VAULT_ROLE_ID``,
|
|
``VAULT_SECRET_ID`` (https://github.com/ansible-collections/community.hashi_vault/pull/173).'
|
|
fragments:
|
|
- 173-deprecated-env-vars.yml
|
|
- 176-url-is-required.yml
|
|
- 177-drop-py2-3.5.yml
|
|
- 2.0.0.yml
|
|
release_date: '2021-11-06'
|
|
2.1.0:
|
|
changes:
|
|
deprecated_features:
|
|
- Support for Ansible 2.9 and ansible-base 2.10 is deprecated, and will be removed
|
|
in the next major release (community.hashi_vault 3.0.0) next spring (https://github.com/ansible-community/community-topics/issues/50,
|
|
https://github.com/ansible-collections/community.hashi_vault/issues/189).
|
|
- aws_iam_login auth method - the ``aws_iam_login`` method has been renamed
|
|
to ``aws_iam``. The old name will be removed in collection version ``3.0.0``.
|
|
Until then both names will work, and a warning will be displayed when using
|
|
the old name (https://github.com/ansible-collections/community.hashi_vault/pull/193).
|
|
release_summary: The most important change in this release is renaming the ``aws_iam_login``
|
|
auth method to ``aws_iam`` and deprecating the old name. This release also
|
|
announces the deprecation of Ansible 2.9 and ansible-base 2.10 support in
|
|
3.0.0.
|
|
removed_features:
|
|
- the "legacy" integration test setup has been removed; this does not affect
|
|
end users and is only relevant to contributors (https://github.com/ansible-collections/community.hashi_vault/pull/191).
|
|
fragments:
|
|
- 190-deprecate-ansible-2.9-2.10.yml
|
|
- 191-remove-legacy-integration.yml
|
|
- 193-rename-aws-iam-auth.yml
|
|
- 2.1.0.yml
|
|
release_date: '2021-12-03'
|
|
2.2.0:
|
|
changes:
|
|
minor_changes:
|
|
- The Filter guide has been added to the collection's docsite.
|
|
release_summary: This release contains a new lookup/module combo for logging
|
|
in to Vault, and includes our first filter plugin.
|
|
fragments:
|
|
- 199-vault_login-vault_login_token.yml
|
|
- 2.2.0.yml
|
|
modules:
|
|
- description: Perform a login operation against HashiCorp Vault
|
|
name: vault_login
|
|
namespace: ''
|
|
plugins:
|
|
filter:
|
|
- description: Extracts the client token from a Vault login response
|
|
name: vault_login_token
|
|
namespace: null
|
|
lookup:
|
|
- description: Perform a login operation against HashiCorp Vault
|
|
name: vault_login
|
|
namespace: null
|
|
release_date: '2022-01-05'
|
|
2.3.0:
|
|
changes:
|
|
release_summary: This release contains new plugins and modules for creating
|
|
tokens and for generating certificates with Vault's PKI secrets engine.
|
|
fragments:
|
|
- 2.3.0.yml
|
|
modules:
|
|
- description: Generates a new set of credentials (private key and certificate)
|
|
using HashiCorp Vault PKI
|
|
name: vault_pki_generate_certificate
|
|
namespace: ''
|
|
- description: Create a HashiCorp Vault token
|
|
name: vault_token_create
|
|
namespace: ''
|
|
plugins:
|
|
lookup:
|
|
- description: Create a HashiCorp Vault token
|
|
name: vault_token_create
|
|
namespace: null
|
|
release_date: '2022-02-15'
|
|
2.4.0:
|
|
changes:
|
|
release_summary: Our first content for writing to Vault is now live.
|
|
fragments:
|
|
- 2.4.0.yml
|
|
modules:
|
|
- description: Perform a write operation against HashiCorp Vault
|
|
name: vault_write
|
|
namespace: ''
|
|
plugins:
|
|
lookup:
|
|
- description: Perform a write operation against HashiCorp Vault
|
|
name: vault_write
|
|
namespace: null
|
|
release_date: '2022-03-31'
|