From 7fec0b69a082aaeec72fee0612766aa42f6b1b4d Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Thu, 18 Apr 2024 07:52:35 +0200 Subject: Merging upstream version 9.4.0+dfsg. Signed-off-by: Daniel Baumann --- .../community/hashi_vault/CHANGELOG.md | 828 +++++++++++++++++++++ 1 file changed, 828 insertions(+) create mode 100644 ansible_collections/community/hashi_vault/CHANGELOG.md (limited to 'ansible_collections/community/hashi_vault/CHANGELOG.md') diff --git a/ansible_collections/community/hashi_vault/CHANGELOG.md b/ansible_collections/community/hashi_vault/CHANGELOG.md new file mode 100644 index 000000000..87ac6d4e0 --- /dev/null +++ b/ansible_collections/community/hashi_vault/CHANGELOG.md @@ -0,0 +1,828 @@ +# community\.hashi\_vault Release Notes + +**Topics** + +- v6\.2\.0 + - Release Summary + - Minor Changes + - New Modules +- v6\.1\.0 + - Release Summary + - Major Changes +- v6\.0\.0 + - Release Summary + - Breaking Changes / Porting Guide + - Removed Features \(previously deprecated\) +- v5\.0\.1 + - Release Summary + - Bugfixes +- v5\.0\.0 + - Release Summary + - Breaking Changes / Porting Guide +- v4\.2\.1 + - Release Summary +- v4\.2\.0 + - Release Summary + - Deprecated Features + - Bugfixes + - New Modules +- v4\.1\.0 + - Release Summary + - Deprecated Features + - New Plugins + - Lookup + - New Modules +- v4\.0\.0 + - Release Summary + - Minor Changes + - Breaking Changes / Porting Guide +- v3\.4\.0 + - Release Summary + - Minor Changes + - Bugfixes + - New Modules +- v3\.3\.1 + - Release Summary +- v3\.3\.0 + - Release Summary + - Minor Changes +- v3\.2\.0 + - Release Summary + - Minor Changes + - Bugfixes +- v3\.1\.0 + - Release Summary + - Deprecated Features + - Bugfixes +- v3\.0\.0 + - Release Summary + - Deprecated Features + - Removed Features \(previously deprecated\) +- v2\.5\.0 + - Release Summary + - Minor Changes + - Deprecated Features + - New Plugins + - Lookup + - New Modules +- v2\.4\.0 + - Release Summary + - New Plugins + - Lookup + - New Modules +- v2\.3\.0 + - Release Summary + - New Plugins + - Lookup + - New Modules +- v2\.2\.0 + - Release Summary + - Minor Changes + - New Plugins + - Filter + - Lookup + - New Modules +- v2\.1\.0 + - Release Summary + - Deprecated Features + - Removed Features \(previously deprecated\) +- v2\.0\.0 + - Release Summary + - Breaking Changes / Porting Guide + - Removed Features \(previously deprecated\) +- v1\.5\.0 + - Release Summary + - Minor Changes +- v1\.4\.1 + - Release Summary + - Bugfixes +- v1\.4\.0 + - Release Summary + - Minor Changes + - Deprecated Features + - Bugfixes + - New Plugins + - Lookup + - New Modules +- v1\.3\.2 + - Release Summary + - Minor Changes + - Deprecated Features +- v1\.3\.1 + - Release Summary +- v1\.3\.0 + - Release Summary + - Minor Changes +- v1\.2\.0 + - Release Summary + - Minor Changes + - Deprecated Features +- v1\.1\.3 + - Release Summary + - Bugfixes +- v1\.1\.2 + - Release Summary +- v1\.1\.1 + - Release Summary + - Bugfixes +- v1\.1\.0 + - Release Summary + - Minor Changes +- v1\.0\.0 + - Release Summary + - Breaking Changes / Porting Guide +- v0\.2\.0 + - Release Summary + - Minor Changes + - Deprecated Features + - Bugfixes +- v0\.1\.0 + - Release Summary + + +## v6\.2\.0 + + +### Release Summary + +This release contains a dozen\+ new modules for working with Vault\'s database secrets engine and some new vars entries for specifying public and private keys in cert auth\. + + +### Minor Changes + +* cert auth \- add option to set the cert\_auth\_public\_key and cert\_auth\_private\_key parameters using the variables ansible\_hashi\_vault\_cert\_auth\_public\_key and ansible\_hashi\_vault\_cert\_auth\_private\_key \([https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/428](https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/428)\)\. + + +### New Modules + +* vault\_database\_connection\_configure \- Configures the database engine +* vault\_database\_connection\_delete \- Delete a Database Connection +* vault\_database\_connection\_read \- Returns the configuration settings for a O\(connection\_name\) +* vault\_database\_connection\_reset \- Closes a O\(connection\_name\) and its underlying plugin and restarts it with the configuration stored +* vault\_database\_connections\_list \- Returns a list of available connections +* vault\_database\_role\_create \- Creates or updates a \(dynamic\) role definition +* vault\_database\_role\_delete \- Delete a role definition +* vault\_database\_role\_read \- Queries a dynamic role definition +* vault\_database\_roles\_list \- Returns a list of available \(dynamic\) roles +* vault\_database\_rotate\_root\_credentials \- Rotates the root credentials stored for the database connection\. This user must have permissions to update its own password\. +* vault\_database\_static\_role\_create \- Create or update a static role +* vault\_database\_static\_role\_get\_credentials \- Returns the current credentials based on the named static role +* vault\_database\_static\_role\_read \- Queries a static role definition +* vault\_database\_static\_role\_rotate\_credentials \- Trigger the credential rotation for a static role +* vault\_database\_static\_roles\_list \- Returns a list of available static roles + + +## v6\.1\.0 + + +### Release Summary + +This release addresses some breaking changes in core that were backported\. + + +### Major Changes + +* requirements \- the requests package which is required by hvac now has a more restrictive range for this collection in certain use cases due to breaking security changes in ansible\-core that were backported \([https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/416](https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/416)\)\. + + +## v6\.0\.0 + + +### Release Summary + +This major version of the collection has no functional changes from the previous version\, however the minimum versions of hvac and ansible\-core have been raised\. While the collection may still work with those earlier versions\, future changes will not test against them\. + + +### Breaking Changes / Porting Guide + +* The minimum required version of hvac is now 1\.2\.1 \([https\://docs\.ansible\.com/ansible/devel/collections/community/hashi\_vault/docsite/user\_guide\.html\#hvac\-version\-specifics](https\://docs\.ansible\.com/ansible/devel/collections/community/hashi\_vault/docsite/user\_guide\.html\#hvac\-version\-specifics)\)\. + + +### Removed Features \(previously deprecated\) + +* The minimum supported version of ansible\-core is now 2\.14\, support for 2\.13 has been dropped \([https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/403](https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/403)\)\. + + +## v5\.0\.1 + + +### Release Summary + +This release fixes a bug in vault\_write ahead of the collection\'s next major release\. + + +### Bugfixes + +* vault\_write \- the vault\_write lookup and module were not able to write data containing keys named path or wrap\_ttl due to a bug in the hvac library\. These plugins have now been updated to take advantage of fixes in hvac\>\=1\.2 to address this \([https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/389](https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/389)\)\. + + +## v5\.0\.0 + + +### Release Summary + +This version makes some relatively minor but technically breaking changes\. Support for ansible\-core versions 2\.11 and 2\.12 have been dropped\, and there is now a minimum supported version of hvac which will be updated over time\. A warning in the hashi\_vault lookup on duplicate option specifications in the term string has been changed to a fatal error\. + + +### Breaking Changes / Porting Guide + +* Support for ansible\-core 2\.11 and 2\.12 has been removed \([https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/340](https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/340)\)\. +* The minimum version of hvac for community\.hashi\_vault is now 1\.1\.0 \([https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/324](https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/324)\)\. +* hashi\_vault lookup \- duplicate option entries in the term string now raises an exception instead of a warning \([https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/356](https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/356)\)\. + + +## v4\.2\.1 + + +### Release Summary + +This patch version updates the documentation for the vault\_kv2\_write module\. There are no functional changes\. + + +## v4\.2\.0 + + +### Release Summary + +This release contains a new module for KVv2 writes\, and a new warning for duplicated term string options in the hashi\_vault lookup\. + + +### Deprecated Features + +* hashi\_vault lookup \- in v5\.0\.0 duplicate term string options will raise an exception instead of showing a warning \([https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/356](https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/356)\)\. + + +### Bugfixes + +* hashi\_vault lookup \- a term string with duplicate options would silently use the last value\. The lookup now shows a warning on option duplication \([https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/349](https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/349)\)\. + + +### New Modules + +* vault\_kv2\_write \- Perform a write operation against a KVv2 secret in HashiCorp Vault + + +## v4\.1\.0 + + +### Release Summary + +This release brings new generic vault\_list plugins from a new contributor\! +There are also some deprecation notices for the next major version\, and some updates to documentation attributes\. + + +### Deprecated Features + +* ansible\-core \- support for ansible\-core versions 2\.11 and 2\.12 will be dropped in collection version 5\.0\.0\, making 2\.13 the minimum supported version of ansible\-core \([https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/340](https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/340)\)\. +* hvac \- the minimum version of hvac to be supported in collection version 5\.0\.0 will be at least 1\.0\.2\; this minimum may be raised before 5\.0\.0 is released\, so please subscribe to the linked issue and look out for new notices in the changelog \([https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/324](https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/324)\)\. + + +### New Plugins + + +#### Lookup + +* vault\_list \- Perform a list operation against HashiCorp Vault + + +### New Modules + +* vault\_list \- Perform a list operation against HashiCorp Vault + + +## v4\.0\.0 + + +### Release Summary + +The next major version of the collection includes previously announced breaking changes to some default values\, and improvements to module documentation with attributes that describe the use of action groups and check mode support\. + + +### Minor Changes + +* modules \- all modules now document their action group and support for check mode in their attributes documentation \([https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/197](https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/197)\)\. + + +### Breaking Changes / Porting Guide + +* auth \- the default value for token\_validate has changed from true to false\, as previously announced \([https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/248](https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/248)\)\. +* vault\_kv2\_get lookup \- as previously announced\, the default value for engine\_mount\_point in the vault\_kv2\_get lookup has changed from kv to secret \([https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/279](https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/279)\)\. + + +## v3\.4\.0 + + +### Release Summary + +This release includes a new module\, fixes \(another\) requests header issue\, and updates some inaccurate documentation\. +This is the last planned release before v4\.0\.0\. + + +### Minor Changes + +* vault\_pki\_generate\_certificate \- the documentation has been updated to match the argspec for the default values of options alt\_names\, ip\_sans\, other\_sans\, and uri\_sans \([https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/318](https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/318)\)\. + + +### Bugfixes + +* connection options \- the namespace connection option will be forced into a string to ensure cmpatibility with recent requests versions \([https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/309](https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/309)\)\. + + +### New Modules + +* vault\_kv2\_delete \- Delete one or more versions of a secret from HashiCorp Vault\'s KV version 2 secret store + + +## v3\.3\.1 + + +### Release Summary + +No functional changes in this release\, this provides updated filter documentation for the public docsite\. + + +## v3\.3\.0 + + +### Release Summary + +With the release of hvac version 1\.0\.0\, we needed to update vault\_token\_create\'s support for orphan tokens\. +The collection\'s changelog is now viewable in the Ansible documentation site\. + + +### Minor Changes + +* vault\_token\_create \- creation or orphan tokens uses hvac\'s new v1 method for creating orphans\, or falls back to the v0 method if needed \([https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/301](https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/301)\)\. + + +## v3\.2\.0 + + +### Release Summary + +This release brings support for the azure auth method\, adds 412 to the default list of HTTP status codes to be retried\, and fixes a bug that causes failures in token auth with requests\>\=2\.28\.0\. + + +### Minor Changes + +* community\.hashi\_vault collection \- add support for azure auth method\, for Azure service principal\, managed identity\, or plain JWT access token \([https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/293](https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/293)\)\. +* community\.hashi\_vault retries \- [HTTP status code 412](https\://www\.vaultproject\.io/api\-docs\#412) has been added to the default list of codes to be retried\, for the new [Server Side Consistent Token feature](https\://www\.vaultproject\.io/docs/faq/ssct\#q\-is\-there\-anything\-else\-i\-need\-to\-consider\-to\-achieve\-consistency\-besides\-upgrading\-to\-vault\-1\-10) in Vault Enterprise \([https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/290](https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/290)\)\. + + +### Bugfixes + +* community\.hashi\_vault plugins \- tokens will be cast to a string type before being sent to hvac to prevent errors in requests when values are AnsibleUnsafe \([https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/289](https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/289)\)\. +* modules \- fix a \"variable used before assignment\" that cannot be reached but causes sanity test failures \([https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/296](https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/296)\)\. + + +## v3\.1\.0 + + +### Release Summary + +A default value that was set incorrectly will be corrected in 4\.0\.0\. +A deprecation warning will be shown until then if the value is not specified explicitly\. +This version also includes some fixes and improvements to the licensing in the collection\, which does not affect any functionality\. + + +### Deprecated Features + +* vault\_kv2\_get lookup \- the engine\_mount\_point option in the vault\_kv2\_get lookup only will change its default from kv to secret in community\.hashi\_vault version 4\.0\.0 \([https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/279](https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/279)\)\. + + +### Bugfixes + +* Add SPDX license headers to individual files \([https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/282](https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/282)\)\. +* Add missing BSD\-2\-Clause\.txt file for BSD licensed content \([https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/275](https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/275)\)\. +* Use the correct GPL license for plugin\_utils \([https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/276](https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/276)\)\. + + +## v3\.0\.0 + + +### Release Summary + +Version 3\.0\.0 of community\.hashi\_vault drops support for Ansible 2\.9 and ansible\-base 2\.10\. +Several deprecated features have been removed\. See the changelog for the full list\. + + +### Deprecated Features + +* token\_validate options \- the shared auth option token\_validate will change its default from true to false in community\.hashi\_vault version 4\.0\.0\. The vault\_login lookup and module will keep the default value of true \([https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/248](https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/248)\)\. + + +### Removed Features \(previously deprecated\) + +* aws\_iam auth \- the deprecated alias aws\_iam\_login for the aws\_iam value of the auth\_method option has been removed \([https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/194](https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/194)\)\. +* community\.hashi\_vault collection \- support for Ansible 2\.9 and ansible\-base 2\.10 has been removed \([https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/189](https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/189)\)\. +* hashi\_vault lookup \- the deprecated \[lookup\_hashi\_vault\] INI config section has been removed in favor of the collection\-wide \[hashi\_vault\_collection\] section \([https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/179](https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/179)\)\. + + +## v2\.5\.0 + + +### Release Summary + +This release finally contains dedicated KV plugins and modules\, and an exciting new lookup to help use plugin values in module calls\. +With that\, we also have a guide in the collection docsite for migrating away from the hashi\_vault lookup toward dedicated content\. +We are also announcing that the token\_validate option will change its default value in version 4\.0\.0\. +This is the last planned release before 3\.0\.0\. See the porting guide for breaking changes and removed features in the next version\. + + +### Minor Changes + +* vault\_login module \& lookup \- no friendly error message was given when hvac was missing \([https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/257](https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/257)\)\. +* vault\_pki\_certificate \- add vault\_pki\_certificate to the community\.hashi\_vault\.vault action group \([https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/251](https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/251)\)\. +* vault\_read module \& lookup \- no friendly error message was given when hvac was missing \([https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/257](https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/257)\)\. +* vault\_token\_create \- add vault\_token\_create to the community\.hashi\_vault\.vault action group \([https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/251](https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/251)\)\. +* vault\_token\_create module \& lookup \- no friendly error message was given when hvac was missing \([https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/257](https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/257)\)\. +* vault\_write \- add vault\_write to the community\.hashi\_vault\.vault action group \([https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/251](https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/251)\)\. + + +### Deprecated Features + +* token\_validate options \- the shared auth option token\_validate will change its default from True to False in community\.hashi\_vault version 4\.0\.0\. The vault\_login lookup and module will keep the default value of True \([https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/248](https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/248)\)\. + + +### New Plugins + + +#### Lookup + +* vault\_ansible\_settings \- Returns plugin settings \(options\) +* vault\_kv1\_get \- Get a secret from HashiCorp Vault\'s KV version 1 secret store +* vault\_kv2\_get \- Get a secret from HashiCorp Vault\'s KV version 2 secret store + + +### New Modules + +* vault\_kv1\_get \- Get a secret from HashiCorp Vault\'s KV version 1 secret store +* vault\_kv2\_get \- Get a secret from HashiCorp Vault\'s KV version 2 secret store + + +## v2\.4\.0 + + +### Release Summary + +Our first content for writing to Vault is now live\. + + +### New Plugins + + +#### Lookup + +* vault\_write \- Perform a write operation against HashiCorp Vault + + +### New Modules + +* vault\_write \- Perform a write operation against HashiCorp Vault + + +## v2\.3\.0 + + +### Release Summary + +This release contains new plugins and modules for creating tokens and for generating certificates with Vault\'s PKI secrets engine\. + + +### New Plugins + + +#### Lookup + +* vault\_token\_create \- Create a HashiCorp Vault token + + +### New Modules + +* vault\_pki\_generate\_certificate \- Generates a new set of credentials \(private key and certificate\) using HashiCorp Vault PKI +* vault\_token\_create \- Create a HashiCorp Vault token + + +## v2\.2\.0 + + +### Release Summary + +This release contains a new lookup/module combo for logging in to Vault\, and includes our first filter plugin\. + + +### Minor Changes + +* The Filter guide has been added to the collection\'s docsite\. + + +### New Plugins + + +#### Filter + +* vault\_login\_token \- Extracts the client token from a Vault login response + + +#### Lookup + +* vault\_login \- Perform a login operation against HashiCorp Vault + + +### New Modules + +* vault\_login \- Perform a login operation against HashiCorp Vault + + +## v2\.1\.0 + + +### Release Summary + +The most important change in this release is renaming the aws\_iam\_login auth method to aws\_iam and deprecating the old name\. This release also announces the deprecation of Ansible 2\.9 and ansible\-base 2\.10 support in 3\.0\.0\. + + +### Deprecated Features + +* Support for Ansible 2\.9 and ansible\-base 2\.10 is deprecated\, and will be removed in the next major release \(community\.hashi\_vault 3\.0\.0\) next spring \([https\://github\.com/ansible\-community/community\-topics/issues/50](https\://github\.com/ansible\-community/community\-topics/issues/50)\, [https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/189](https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/189)\)\. +* aws\_iam\_login auth method \- the aws\_iam\_login method has been renamed to aws\_iam\. The old name will be removed in collection version 3\.0\.0\. Until then both names will work\, and a warning will be displayed when using the old name \([https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/193](https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/193)\)\. + + +### Removed Features \(previously deprecated\) + +* the \"legacy\" integration test setup has been removed\; this does not affect end users and is only relevant to contributors \([https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/191](https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/191)\)\. + + +## v2\.0\.0 + + +### Release Summary + +Version 2\.0\.0 of the collection drops support for Python 2 \& Python 3\.5\, making Python 3\.6 the minimum supported version\. +Some deprecated features and settings have been removed as well\. + + +### Breaking Changes / Porting Guide + +* connection options \- there is no longer a default value for the url option \(the Vault address\)\, so a value must be supplied \([https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/83](https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/83)\)\. + + +### Removed Features \(previously deprecated\) + +* drop support for Python 2 and Python 3\.5 \([https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/81](https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/81)\)\. +* support for the following deprecated environment variables has been removed\: VAULT\_AUTH\_METHOD\, VAULT\_TOKEN\_PATH\, VAULT\_TOKEN\_FILE\, VAULT\_ROLE\_ID\, VAULT\_SECRET\_ID \([https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/173](https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/173)\)\. + + +## v1\.5\.0 + + +### Release Summary + +This release includes a new action group for use with module\_defaults\, and additional ways of specifying the mount\_point option for plugins\. +This will be the last 1\.x release\. + + +### Minor Changes + +* add the community\.hashi\_vault\.vault action group \([https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/172](https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/172)\)\. +* auth methods \- Add support for configuring the mount\_point auth method option in plugins via the ANSIBLE\_HASHI\_VAULT\_MOUNT\_POINT environment variable\, ansible\_hashi\_vault\_mount\_point ansible variable\, or mount\_point INI section \([https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/171](https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/171)\)\. + + +## v1\.4\.1 + + +### Release Summary + +This release contains a bugfix for aws\_iam\_login authentication\. + + +### Bugfixes + +* aws\_iam\_login auth method \- fix incorrect use of boto3/botocore that prevented proper loading of AWS IAM role credentials \([https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/167](https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/167)\)\. + + +## v1\.4\.0 + + +### Release Summary + +This release includes bugfixes\, a new auth method \(cert\)\, and the first new content since the collection\'s formation\, the vault\_read module and lookup plugin\. +We\'re also announcing the deprecation of the \[lookup\_hashi\_vault\] INI section \(which will continue working up until its removal only for the hashi\_vault lookup\)\, to be replaced by the \[hashi\_vault\_collection\] section that will apply to all plugins in the collection\. + + +### Minor Changes + +* community\.hashi\_vault collection \- add cert auth method \([https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/159](https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/159)\)\. + + +### Deprecated Features + +* lookup hashi\_vault \- the \[lookup\_hashi\_vault\] section in the ansible\.cfg file is deprecated and will be removed in collection version 3\.0\.0\. Instead\, the section \[hashi\_vault\_collection\] can be used\, which will apply to all plugins in the collection going forward \([https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/144](https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/144)\)\. + + +### Bugfixes + +* aws\_iam\_login auth \- the aws\_security\_token option was not used\, causing assumed role credentials to fail \([https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/160](https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/160)\)\. +* hashi\_vault collection \- a fallback import supporting the retries option for urllib3 via requests\.packages\.urllib3 was not correctly formed \([https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/116](https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/116)\)\. +* hashi\_vault collection \- unhandled exception with token auth when token\_file exists but is a directory \([https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/152](https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/152)\)\. + + +### New Plugins + + +#### Lookup + +* vault\_read \- Perform a read operation against HashiCorp Vault + + +### New Modules + +* vault\_read \- Perform a read operation against HashiCorp Vault + + +## v1\.3\.2 + + +### Release Summary + +This release adds requirements detection support for Ansible Execution Environments\. It also updates and adds new guides in our [collection docsite](https\://docs\.ansible\.com/ansible/devel/collections/community/hashi\_vault)\. +This release also announces the dropping of Python 3\.5 support in version 2\.0\.0 of the collection\, alongside the previous announcement dropping Python 2\.x in 2\.0\.0\. + + +### Minor Changes + +* hashi\_vault collection \- add execution\-environment\.yml and a python requirements file to better support ansible\-builder \([https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/105](https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/105)\)\. + + +### Deprecated Features + +* hashi\_vault collection \- support for Python 3\.5 will be dropped in version 2\.0\.0 of community\.hashi\_vault \([https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/81](https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/81)\)\. + + +## v1\.3\.1 + + +### Release Summary + +This release fixes an error in the documentation\. No functionality is changed so it\'s not necessary to upgrade from 1\.3\.0\. + + +## v1\.3\.0 + + +### Release Summary + +This release adds two connection\-based options for controlling timeouts and retrying failed Vault requests\. + + +### Minor Changes + +* hashi\_vault lookup \- add retries and retry\_action to enable built\-in retry on failure \([https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/71](https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/71)\)\. +* hashi\_vault lookup \- add timeout option to control connection timeouts \([https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/100](https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/100)\)\. + + +## v1\.2\.0 + + +### Release Summary + +This release brings several new ways of accessing options\, like using Ansible vars\, and addng new environment variables and INI config entries\. +A special none auth type is also added\, for working with certain Vault Agent configurations\. +This release also announces the deprecation of Python 2 support in version 2\.0\.0 of the collection\. + + +### Minor Changes + +* hashi\_vault lookup \- add ANSIBLE\_HASHI\_VAULT\_CA\_CERT env var \(with VAULT\_CACERT low\-precedence fallback\) for ca\_cert option \([https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/97](https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/97)\)\. +* hashi\_vault lookup \- add ANSIBLE\_HASHI\_VAULT\_PASSWORD env var and ansible\_hashi\_vault\_password ansible var for password option \([https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/96](https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/96)\)\. +* hashi\_vault lookup \- add ANSIBLE\_HASHI\_VAULT\_USERNAME env var and ansible\_hashi\_vault\_username ansible var for username option \([https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/96](https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/96)\)\. +* hashi\_vault lookup \- add ansible\_hashi\_vault\_auth\_method Ansible vars entry to the proxies option \([https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/86](https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/86)\)\. +* hashi\_vault lookup \- add ansible\_hashi\_vault\_ca\_cert ansible var for ca\_cert option \([https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/97](https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/97)\)\. +* hashi\_vault lookup \- add ansible\_hashi\_vault\_namespace Ansible vars entry to the namespace option \([https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/86](https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/86)\)\. +* hashi\_vault lookup \- add ansible\_hashi\_vault\_proxies Ansible vars entry to the proxies option \([https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/86](https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/86)\)\. +* hashi\_vault lookup \- add ansible\_hashi\_vault\_role\_id Ansible vars entry to the proxies option \([https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/86](https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/86)\)\. +* hashi\_vault lookup \- add ansible\_hashi\_vault\_secret\_id Ansible vars entry to the proxies option \([https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/86](https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/86)\)\. +* hashi\_vault lookup \- add ansible\_hashi\_vault\_token\_file Ansible vars entry to the token\_file option \([https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/95](https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/95)\)\. +* hashi\_vault lookup \- add ansible\_hashi\_vault\_token\_path Ansible vars entry to the token\_path option \([https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/95](https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/95)\)\. +* hashi\_vault lookup \- add ansible\_hashi\_vault\_token\_validate Ansible vars entry to the proxies option \([https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/86](https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/86)\)\. +* hashi\_vault lookup \- add ansible\_hashi\_vault\_token Ansible vars entry to the proxies option \([https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/86](https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/86)\)\. +* hashi\_vault lookup \- add ansible\_hashi\_vault\_url and ansible\_hashi\_vault\_addr Ansible vars entries to the url option \([https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/86](https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/86)\)\. +* hashi\_vault lookup \- add ansible\_hashi\_vault\_validate\_certs Ansible vars entry to the validate\_certs option \([https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/95](https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/95)\)\. +* hashi\_vault lookup \- add ca\_cert INI config file key ca\_cert option \([https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/97](https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/97)\)\. +* hashi\_vault lookup \- add none auth type which allows for passive auth via a Vault agent \([https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/80](https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/80)\)\. + + +### Deprecated Features + +* hashi\_vault collection \- support for Python 2 will be dropped in version 2\.0\.0 of community\.hashi\_vault \([https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/81](https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/81)\)\. + + +## v1\.1\.3 + + +### Release Summary + +This release fixes a bug with userpass authentication and hvac versions 0\.9\.6 and higher\. + + +### Bugfixes + +* hashi\_vault \- userpass authentication did not work with hvac 0\.9\.6 or higher \([https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/68](https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/68)\)\. + + +## v1\.1\.2 + + +### Release Summary + +This release contains the same functionality as 1\.1\.1\. The only change is to mark some code as internal to the collection\. If you are already using 1\.1\.1 as an end user you do not need to update\. + + +## v1\.1\.1 + + +### Release Summary + +This bugfix release restores the use of the VAULT\_ADDR environment variable for setting the url option\. +See the PR linked from the changelog entry for details and workarounds if you cannot upgrade\. + + +### Bugfixes + +* hashi\_vault \- restore use of VAULT\_ADDR environment variable as a low preference env var \([https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/61](https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/61)\)\. + + +## v1\.1\.0 + + +### Release Summary + +This release contains a new proxies option for the hashi\_vault lookup\. + + +### Minor Changes + +* hashi\_vault \- add proxies option \([https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/50](https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/50)\)\. + + +## v1\.0\.0 + + +### Release Summary + +Our first major release contains a single breaking change that will affect only a small subset of users\. No functionality is removed\. See the details in the changelog to determine if you\'re affected and if so how to transition to remediate\. + + +### Breaking Changes / Porting Guide + +* hashi\_vault \- the VAULT\_ADDR environment variable is now checked last for the url parameter\. For details on which use cases are impacted\, see \([https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/8](https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/8)\)\. + + +## v0\.2\.0 + + +### Release Summary + +Several backwards\-compatible bugfixes and enhancements in this release\. +Some environment variables are deprecated and have standardized replacements\. + + +### Minor Changes + +* Add optional aws\_iam\_server\_id parameter as the value for X\-Vault\-AWS\-IAM\-Server\-ID header \([https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/27](https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/27)\)\. +* hashi\_vault \- ANSIBLE\_HASHI\_VAULT\_ADDR environment variable added for option url \([https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/8](https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/8)\)\. +* hashi\_vault \- ANSIBLE\_HASHI\_VAULT\_AUTH\_METHOD environment variable added for option auth\_method \([https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/17](https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/17)\)\. +* hashi\_vault \- ANSIBLE\_HASHI\_VAULT\_ROLE\_ID environment variable added for option role\_id \([https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/20](https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/20)\)\. +* hashi\_vault \- ANSIBLE\_HASHI\_VAULT\_SECRET\_ID environment variable added for option secret\_id \([https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/20](https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/20)\)\. +* hashi\_vault \- ANSIBLE\_HASHI\_VAULT\_TOKEN\_FILE environment variable added for option token\_file \([https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/15](https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/15)\)\. +* hashi\_vault \- ANSIBLE\_HASHI\_VAULT\_TOKEN\_PATH environment variable added for option token\_path \([https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/15](https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/15)\)\. +* hashi\_vault \- namespace parameter can be specified in INI or via env vars ANSIBLE\_HASHI\_VAULT\_NAMESPACE \(new\) and VAULT\_NAMESPACE \(lower preference\) \([https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/14](https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/14)\)\. +* hashi\_vault \- token parameter can now be specified via ANSIBLE\_HASHI\_VAULT\_TOKEN as well as via VAULT\_TOKEN \(the latter with lower preference\) \([https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/16](https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/16)\)\. +* hashi\_vault \- add token\_validate option to control token validation \([https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/24](https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/24)\)\. +* hashi\_vault \- uses new AppRole method in hvac 0\.10\.6 with fallback to deprecated method with warning \([https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/33](https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/33)\)\. + + +### Deprecated Features + +* hashi\_vault \- VAULT\_ADDR environment variable for option url will have its precedence lowered in 1\.0\.0\; use ANSIBLE\_HASHI\_VAULT\_ADDR to intentionally override a config value \([https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/8](https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/8)\)\. +* hashi\_vault \- VAULT\_AUTH\_METHOD environment variable for option auth\_method will be removed in 2\.0\.0\, use ANSIBLE\_HASHI\_VAULT\_AUTH\_METHOD instead \([https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/17](https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/17)\)\. +* hashi\_vault \- VAULT\_ROLE\_ID environment variable for option role\_id will be removed in 2\.0\.0\, use ANSIBLE\_HASHI\_VAULT\_ROLE\_ID instead \([https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/20](https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/20)\)\. +* hashi\_vault \- VAULT\_SECRET\_ID environment variable for option secret\_id will be removed in 2\.0\.0\, use ANSIBLE\_HASHI\_VAULT\_SECRET\_ID instead \([https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/20](https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/20)\)\. +* hashi\_vault \- VAULT\_TOKEN\_FILE environment variable for option token\_file will be removed in 2\.0\.0\, use ANSIBLE\_HASHI\_VAULT\_TOKEN\_FILE instead \([https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/15](https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/15)\)\. +* hashi\_vault \- VAULT\_TOKEN\_PATH environment variable for option token\_path will be removed in 2\.0\.0\, use ANSIBLE\_HASHI\_VAULT\_TOKEN\_PATH instead \([https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/15](https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/15)\)\. + + +### Bugfixes + +* hashi\_vault \- mount\_point parameter did not work with aws\_iam\_login auth method \([https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/7](https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/7)\) +* hashi\_vault \- fallback logic for handling deprecated style of auth in hvac was not implemented correctly \([https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/33](https\://github\.com/ansible\-collections/community\.hashi\_vault/pull/33)\)\. +* hashi\_vault \- parameter mount\_point does not work with JWT auth \([https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/29](https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/29)\)\. +* hashi\_vault \- tokens without lookup\-self ability can\'t be used because of validation \([https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/18](https\://github\.com/ansible\-collections/community\.hashi\_vault/issues/18)\)\. + + +## v0\.1\.0 + + +### Release Summary + +Our first release matches the hashi\_vault lookup functionality provided by community\.general version 1\.3\.0\. -- cgit v1.2.3