argoproj/argo-helm
### [`v5.17.4`](https://togithub.com/argoproj/argo-helm/releases/tag/argo-cd-5.17.4)
[Compare Source](https://togithub.com/argoproj/argo-helm/compare/argo-cd-5.17.2...argo-cd-5.17.4)
A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.
### [`v5.17.2`](https://togithub.com/argoproj/argo-helm/releases/tag/argo-cd-5.17.2)
[Compare Source](https://togithub.com/argoproj/argo-helm/compare/argo-cd-5.17.1...argo-cd-5.17.2)
A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.
### [`v5.17.1`](https://togithub.com/argoproj/argo-helm/releases/tag/argo-cd-5.17.1)
[Compare Source](https://togithub.com/argoproj/argo-helm/compare/argo-cd-5.17.0...argo-cd-5.17.1)
A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.
### [`v5.17.0`](https://togithub.com/argoproj/argo-helm/releases/tag/argo-cd-5.17.0)
[Compare Source](https://togithub.com/argoproj/argo-helm/compare/argo-cd-5.16.15...argo-cd-5.17.0)
A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.
### [`v5.16.15`](https://togithub.com/argoproj/argo-helm/releases/tag/argo-cd-5.16.15)
[Compare Source](https://togithub.com/argoproj/argo-helm/compare/argo-cd-5.16.14...argo-cd-5.16.15)
A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.
### [`v5.16.14`](https://togithub.com/argoproj/argo-helm/releases/tag/argo-cd-5.16.14)
[Compare Source](https://togithub.com/argoproj/argo-helm/compare/argo-cd-5.16.13...argo-cd-5.16.14)
A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.
### [`v5.16.13`](https://togithub.com/argoproj/argo-helm/releases/tag/argo-cd-5.16.13)
[Compare Source](https://togithub.com/argoproj/argo-helm/compare/argo-cd-5.16.12...argo-cd-5.16.13)
A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.
### [`v5.16.12`](https://togithub.com/argoproj/argo-helm/releases/tag/argo-cd-5.16.12)
[Compare Source](https://togithub.com/argoproj/argo-helm/compare/argo-cd-5.16.11...argo-cd-5.16.12)
A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.
### [`v5.16.11`](https://togithub.com/argoproj/argo-helm/releases/tag/argo-cd-5.16.11)
[Compare Source](https://togithub.com/argoproj/argo-helm/compare/argo-cd-5.16.10...argo-cd-5.16.11)
A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.
### [`v5.16.10`](https://togithub.com/argoproj/argo-helm/releases/tag/argo-cd-5.16.10)
[Compare Source](https://togithub.com/argoproj/argo-helm/compare/argo-cd-5.16.9...argo-cd-5.16.10)
A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.
### [`v5.16.9`](https://togithub.com/argoproj/argo-helm/releases/tag/argo-cd-5.16.9)
[Compare Source](https://togithub.com/argoproj/argo-helm/compare/argo-cd-5.16.8...argo-cd-5.16.9)
A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.
### [`v5.16.8`](https://togithub.com/argoproj/argo-helm/releases/tag/argo-cd-5.16.8)
[Compare Source](https://togithub.com/argoproj/argo-helm/compare/argo-cd-5.16.7...argo-cd-5.16.8)
A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.
### [`v5.16.7`](https://togithub.com/argoproj/argo-helm/releases/tag/argo-cd-5.16.7)
[Compare Source](https://togithub.com/argoproj/argo-helm/compare/argo-cd-5.16.6...argo-cd-5.16.7)
A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.
hashicorp/terraform-provider-aws
### [`v4.50.0`](https://togithub.com/hashicorp/terraform-provider-aws/blob/HEAD/CHANGELOG.md#4500-January-13-2023)
[Compare Source](https://togithub.com/hashicorp/terraform-provider-aws/compare/v4.49.0...v4.50.0)
FEATURES:
- **New Data Source:** `aws_lbs` ([#27161](https://togithub.com/hashicorp/terraform-provider-aws/issues/27161))
- **New Resource:** `aws_sesv2_configuration_set_event_destination` ([#27565](https://togithub.com/hashicorp/terraform-provider-aws/issues/27565))
ENHANCEMENTS:
- data-source/aws_lb_target_group: Support querying by `tags` ([#27261](https://togithub.com/hashicorp/terraform-provider-aws/issues/27261))
- resource/aws_redshiftdata_statement: Add `workgroup_name` argument ([#28751](https://togithub.com/hashicorp/terraform-provider-aws/issues/28751))
- resource/aws_service_discovery_service: Add `type` argument ([#28778](https://togithub.com/hashicorp/terraform-provider-aws/issues/28778))
BUG FIXES:
- resource/aws_acmpca_policy: Improve refresh to avoid unnecessary diffs in `policy` ([#28788](https://togithub.com/hashicorp/terraform-provider-aws/issues/28788))
- resource/aws_api_gateway_rest_api: Improve refresh to avoid unnecessary diffs in `policy` ([#28789](https://togithub.com/hashicorp/terraform-provider-aws/issues/28789))
- resource/aws_api_gateway_rest_api_policy: Improve refresh to avoid unnecessary diffs in `policy` ([#28789](https://togithub.com/hashicorp/terraform-provider-aws/issues/28789))
- resource/aws_apprunner_service: `observability_configuration_arn` is optional ([#28620](https://togithub.com/hashicorp/terraform-provider-aws/issues/28620))
- resource/aws_apprunner_vpc_connector: Fix `default_tags` not handled correctly ([#28736](https://togithub.com/hashicorp/terraform-provider-aws/issues/28736))
- resource/aws_appstream_stack: Fix panic on user_settings update ([#28766](https://togithub.com/hashicorp/terraform-provider-aws/issues/28766))
- resource/aws_appstream_stack: Prevent unnecessary replacements on update ([#28766](https://togithub.com/hashicorp/terraform-provider-aws/issues/28766))
- resource/aws_backup_vault_policy: Improve refresh to avoid unnecessary diffs in `policy` ([#28791](https://togithub.com/hashicorp/terraform-provider-aws/issues/28791))
- resource/aws_cloudsearch_domain_service_access_policy: Improve refresh to avoid unnecessary diffs in `access_policy` ([#28792](https://togithub.com/hashicorp/terraform-provider-aws/issues/28792))
- resource/aws_cloudwatch_event_bus_policy: Improve refresh to avoid unnecessary diffs in `policy` ([#28802](https://togithub.com/hashicorp/terraform-provider-aws/issues/28802))
- resource/aws_codeartifact_domain_permissions_policy: Improve refresh to avoid unnecessary diffs in `policy_document` ([#28794](https://togithub.com/hashicorp/terraform-provider-aws/issues/28794))
- resource/aws_codeartifact_repository_permissions_policy: Improve refresh to avoid unnecessary diffs in `policy_document` ([#28794](https://togithub.com/hashicorp/terraform-provider-aws/issues/28794))
- resource/aws_codebuild_resource_policy: Improve refresh to avoid unnecessary diffs in `policy` ([#28796](https://togithub.com/hashicorp/terraform-provider-aws/issues/28796))
- resource/aws_dms_replication_subnet_group: Fix error ("Provider produced inconsistent result") when an error is encountered during creation ([#28748](https://togithub.com/hashicorp/terraform-provider-aws/issues/28748))
- resource/aws_dms_replication_task: Allow updates to `aws_dms_replication_task` even when `migration_type` and `table_mappings` have not changed ([#28047](https://togithub.com/hashicorp/terraform-provider-aws/issues/28047))
- resource/aws_dms_replication_task: Fix error with `cdc_path` when used with `aws_dms_s3_endpoint` ([#28704](https://togithub.com/hashicorp/terraform-provider-aws/issues/28704))
- resource/aws_dms_s3\_endpoint: Fix error with `cdc_path` when used with `aws_dms_replication_task` ([#28704](https://togithub.com/hashicorp/terraform-provider-aws/issues/28704))
- resource/aws_ecr_registry_policy: Improve refresh to avoid unnecessary diffs in `policy` ([#28799](https://togithub.com/hashicorp/terraform-provider-aws/issues/28799))
- resource/aws_ecr_repository_policy: Improve refresh to avoid unnecessary diffs in `policy` ([#28799](https://togithub.com/hashicorp/terraform-provider-aws/issues/28799))
- resource/aws_ecrpublic_repository_policy: Improve refresh to avoid unnecessary diffs in `policy` ([#28799](https://togithub.com/hashicorp/terraform-provider-aws/issues/28799))
- resource/aws_efs_file_system_policy: Improve refresh to avoid unnecessary diffs in `policy` ([#28800](https://togithub.com/hashicorp/terraform-provider-aws/issues/28800))
- resource/aws_elasticsearch_domain: Improve refresh to avoid unnecessary diffs in `access_policies` ([#28801](https://togithub.com/hashicorp/terraform-provider-aws/issues/28801))
- resource/aws_elasticsearch_domain_policy: Improve refresh to avoid unnecessary diffs in `access_policies` ([#28801](https://togithub.com/hashicorp/terraform-provider-aws/issues/28801))
- resource/aws_glacier_vault: Improve refresh to avoid unnecessary diffs in `access_policy` ([#28804](https://togithub.com/hashicorp/terraform-provider-aws/issues/28804))
- resource/aws_glacier_vault_lock: Improve refresh to avoid unnecessary diffs in `policy` ([#28804](https://togithub.com/hashicorp/terraform-provider-aws/issues/28804))
- resource/aws_glue_resource_policy: Improve refresh to avoid unnecessary diffs in `policy` ([#28807](https://togithub.com/hashicorp/terraform-provider-aws/issues/28807))
- resource/aws_iam_group_policy: Fixed issue that could result in "inconsistent final plan" errors ([#28868](https://togithub.com/hashicorp/terraform-provider-aws/issues/28868))
- resource/aws_iam_group_policy: Improve refresh to avoid unnecessary diffs in `policy` ([#28777](https://togithub.com/hashicorp/terraform-provider-aws/issues/28777))
- resource/aws_iam_group_policy: Improve refresh to avoid unnecessary diffs in `policy` ([#28836](https://togithub.com/hashicorp/terraform-provider-aws/issues/28836))
- resource/aws_iam_policy: Improve refresh to avoid unnecessary diffs in `policy` ([#28777](https://togithub.com/hashicorp/terraform-provider-aws/issues/28777))
- resource/aws_iam_policy: Improve refresh to avoid unnecessary diffs in `policy`, `tags` ([#28836](https://togithub.com/hashicorp/terraform-provider-aws/issues/28836))
- resource/aws_iam_role: Fixed issue that could result in "inconsistent final plan" errors ([#28868](https://togithub.com/hashicorp/terraform-provider-aws/issues/28868))
- resource/aws_iam_role: Improve refresh to avoid unnecessary diffs in `assume_role_policy` and `inline_policy` `policy` ([#28777](https://togithub.com/hashicorp/terraform-provider-aws/issues/28777))
- resource/aws_iam_role: Improve refresh to avoid unnecessary diffs in `inline_policy.*.policy`, `tags` ([#28836](https://togithub.com/hashicorp/terraform-provider-aws/issues/28836))
- resource/aws_iam_role_policy: Fixed issue that could result in "inconsistent final plan" errors ([#28868](https://togithub.com/hashicorp/terraform-provider-aws/issues/28868))
- resource/aws_iam_role_policy: Improve refresh to avoid unnecessary diffs in `policy` ([#28777](https://togithub.com/hashicorp/terraform-provider-aws/issues/28777))
- resource/aws_iam_role_policy: Improve refresh to avoid unnecessary diffs in `policy` ([#28836](https://togithub.com/hashicorp/terraform-provider-aws/issues/28836))
- resource/aws_iam_user_policy: Fixed issue that could result in "inconsistent final plan" errors ([#28868](https://togithub.com/hashicorp/terraform-provider-aws/issues/28868))
- resource/aws_iam_user_policy: Improve refresh to avoid unnecessary diffs in `policy` ([#28777](https://togithub.com/hashicorp/terraform-provider-aws/issues/28777))
- resource/aws_iam_user_policy: Improve refresh to avoid unnecessary diffs in `policy` ([#28836](https://togithub.com/hashicorp/terraform-provider-aws/issues/28836))
- resource/aws_iot_policy: Improve refresh to avoid unnecessary diffs in `policy` ([#28838](https://togithub.com/hashicorp/terraform-provider-aws/issues/28838))
- resource/aws_kms_external_key: Improve refresh to avoid unnecessary diffs in `policy` ([#28853](https://togithub.com/hashicorp/terraform-provider-aws/issues/28853))
- resource/aws_kms_key: Improve refresh to avoid unnecessary diffs in `policy` ([#28853](https://togithub.com/hashicorp/terraform-provider-aws/issues/28853))
- resource/aws_lb_target_group: Change `protocol_version` to [ForceNew](https://developer.hashicorp.com/terraform/plugin/sdkv2/schemas/schema-behaviors#forcenew) ([#17845](https://togithub.com/hashicorp/terraform-provider-aws/issues/17845))
- resource/aws_lb_target_group: When creating a new target group, return an error if there is an existing target group with the same name. Use [`terraform import`](https://developer.hashicorp.com/terraform/cli/commands/import) for existing target groups ([#26977](https://togithub.com/hashicorp/terraform-provider-aws/issues/26977))
- resource/aws_mq_configuration: Improve refresh to avoid unnecessary diffs in `data` ([#28837](https://togithub.com/hashicorp/terraform-provider-aws/issues/28837))
- resource/aws_s3\_access_point: Improve refresh to avoid unnecessary diffs in `policy` ([#28866](https://togithub.com/hashicorp/terraform-provider-aws/issues/28866))
- resource/aws_s3\_bucket: Improve refresh to avoid unnecessary diffs in `policy` ([#28855](https://togithub.com/hashicorp/terraform-provider-aws/issues/28855))
- resource/aws_s3\_bucket_policy: Improve refresh to avoid unnecessary diffs in `policy` ([#28855](https://togithub.com/hashicorp/terraform-provider-aws/issues/28855))
- resource/aws_s3control_access_point_policy: Improve refresh to avoid unnecessary diffs in `policy` ([#28866](https://togithub.com/hashicorp/terraform-provider-aws/issues/28866))
- resource/aws_s3control_bucket_policy: Improve refresh to avoid unnecessary diffs in `policy` ([#28866](https://togithub.com/hashicorp/terraform-provider-aws/issues/28866))
- resource/aws_s3control_multi_region_access_point_policy: Improve refresh to avoid unnecessary diffs in `details` `policy` ([#28866](https://togithub.com/hashicorp/terraform-provider-aws/issues/28866))
- resource/aws_s3control_object_lambda_access_point_policy: Improve refresh to avoid unnecessary diffs in `policy` ([#28866](https://togithub.com/hashicorp/terraform-provider-aws/issues/28866))
- resource/aws_sagemaker_model_package_group_policy: Improve refresh to avoid unnecessary diffs in `resource_policy` ([#28865](https://togithub.com/hashicorp/terraform-provider-aws/issues/28865))
- resource/aws_schemas_registry_policy: Improve refresh to avoid unnecessary diffs in `policy` ([#28864](https://togithub.com/hashicorp/terraform-provider-aws/issues/28864))
- resource/aws_secretsmanager_secret: Improve refresh to avoid unnecessary diffs in `policy` ([#28863](https://togithub.com/hashicorp/terraform-provider-aws/issues/28863))
- resource/aws_secretsmanager_secret_policy: Improve refresh to avoid unnecessary diffs in `policy` ([#28863](https://togithub.com/hashicorp/terraform-provider-aws/issues/28863))
- resource/aws_ses_identity_policy: Improve refresh to avoid unnecessary diffs in `policy` ([#28861](https://togithub.com/hashicorp/terraform-provider-aws/issues/28861))
- resource/aws_sns_topic: Improve refresh to avoid unnecessary diffs in `policy` ([#28860](https://togithub.com/hashicorp/terraform-provider-aws/issues/28860))
- resource/aws_sns_topic_policy: Improve refresh to avoid unnecessary diffs in `policy` ([#28860](https://togithub.com/hashicorp/terraform-provider-aws/issues/28860))
- resource/aws_sqs_queue: Improve refresh to avoid unnecessary diffs in `policy` ([#28840](https://togithub.com/hashicorp/terraform-provider-aws/issues/28840))
- resource/aws_sqs_queue_policy: Improve refresh to avoid unnecessary diffs in `policy` ([#28840](https://togithub.com/hashicorp/terraform-provider-aws/issues/28840))
- resource/aws_transfer_access: Improve refresh to avoid unnecessary diffs in `policy` ([#28859](https://togithub.com/hashicorp/terraform-provider-aws/issues/28859))
- resource/aws_transfer_user: Improve refresh to avoid unnecessary diffs in `policy` ([#28859](https://togithub.com/hashicorp/terraform-provider-aws/issues/28859))
- resource/aws_vpc_endpoint: Improve refresh to avoid unnecessary diffs in `policy` ([#28798](https://togithub.com/hashicorp/terraform-provider-aws/issues/28798))
- resource/aws_vpc_endpoint_policy: Improve refresh to avoid unnecessary diffs in `policy` ([#28798](https://togithub.com/hashicorp/terraform-provider-aws/issues/28798))
### [`v4.49.0`](https://togithub.com/hashicorp/terraform-provider-aws/blob/HEAD/CHANGELOG.md#4490-January-5-2023)
[Compare Source](https://togithub.com/hashicorp/terraform-provider-aws/compare/v4.48.0...v4.49.0)
NOTES:
- resource/aws_dms_endpoint: For `s3_settings` `cdc_min_file_size`, AWS changed the multiplier to kilobytes instead of megabytes. In other words, prior to the change, a value of `32` represented 32 MiB. After the change, a value of `32` represents 32 KB. Change your configuration accordingly. ([#28578](https://togithub.com/hashicorp/terraform-provider-aws/issues/28578))
- resource/aws_fsx_ontap_storage_virtual_machine: The `subtype` attribute is no longer deprecated ([#28567](https://togithub.com/hashicorp/terraform-provider-aws/issues/28567))
FEATURES:
- **New Data Source:** `aws_s3control_multi_region_access_point` ([#28373](https://togithub.com/hashicorp/terraform-provider-aws/issues/28373))
- **New Resource:** `aws_appsync_type` ([#28437](https://togithub.com/hashicorp/terraform-provider-aws/issues/28437))
- **New Resource:** `aws_auditmanager_assessment` ([#28643](https://togithub.com/hashicorp/terraform-provider-aws/issues/28643))
- **New Resource:** `aws_auditmanager_assessment_report` ([#28663](https://togithub.com/hashicorp/terraform-provider-aws/issues/28663))
- **New Resource:** `aws_ec2_instance_state` ([#28639](https://togithub.com/hashicorp/terraform-provider-aws/issues/28639))
- **New Resource:** `aws_lightsail_bucket` ([#28585](https://togithub.com/hashicorp/terraform-provider-aws/issues/28585))
- **New Resource:** `aws_ssoadmin_instance_access_control_attributes` ([#23317](https://togithub.com/hashicorp/terraform-provider-aws/issues/23317))
ENHANCEMENTS:
- data-source/aws_autoscaling_group: Add `desired_capacity_type` attribute ([#28658](https://togithub.com/hashicorp/terraform-provider-aws/issues/28658))
- data-source/aws_kms_secrets: Add `encryption_algorithm` and `key_id` arguments in support of [asymmetric keys](https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) ([#21054](https://togithub.com/hashicorp/terraform-provider-aws/issues/21054))
- resource/aws_appflow_connector_profile: Add support for `connector_type` CustomConnector. Add `cluster_identifier`, `database_name`, and `data_api_role_arn` attributes for `redshift` `connection_profile_properties` ([#26766](https://togithub.com/hashicorp/terraform-provider-aws/issues/26766))
- resource/aws_appsync_resolver: Add `runtime` and `code` arguments ([#28436](https://togithub.com/hashicorp/terraform-provider-aws/issues/28436))
- resource/aws_appsync_resolver: Add plan time validation for `caching_config.ttl` ([#28436](https://togithub.com/hashicorp/terraform-provider-aws/issues/28436))
- resource/aws_athena_workgroup: Add `configuration.execution_role` argument ([#28420](https://togithub.com/hashicorp/terraform-provider-aws/issues/28420))
- resource/aws_autoscaling_group: Add `desired_capacity_type` argument ([#28658](https://togithub.com/hashicorp/terraform-provider-aws/issues/28658))
- resource/aws_dms_endpoint: Change `s3_settings` `cdc_min_file_size` default to 32000 in order to align with AWS's change from megabytes to kilobytes for this setting ([#28578](https://togithub.com/hashicorp/terraform-provider-aws/issues/28578))
- resource/aws_ecs_service: Add `alarms` argument ([#28521](https://togithub.com/hashicorp/terraform-provider-aws/issues/28521))
- resource/aws_lightsail_instance: Add `add_on` configuration block. ([#28602](https://togithub.com/hashicorp/terraform-provider-aws/issues/28602))
- resource/aws_lightsail_instance_public_ports: Add `cidr_list_aliases` argument ([#28376](https://togithub.com/hashicorp/terraform-provider-aws/issues/28376))
- resource/aws_s3\_access_point: Add `bucket_account_id` argument ([#28564](https://togithub.com/hashicorp/terraform-provider-aws/issues/28564))
- resource/aws_s3control_storage_lens_configuration: Add `advanced_cost_optimization_metrics`, `advanced_data_protection_metrics`, and `detailed_status_code_metrics` arguments to the `storage_lens_configuration.account_level` and `storage_lens_configuration.account_level.bucket_level` configuration blocks ([#28564](https://togithub.com/hashicorp/terraform-provider-aws/issues/28564))
- resource/aws_wafv2\_rule_group: Add `rule.action.captcha` argument ([#28435](https://togithub.com/hashicorp/terraform-provider-aws/issues/28435))
- resource/aws_wafv2\_web_acl: Add `rule.action.challenge` argument ([#28305](https://togithub.com/hashicorp/terraform-provider-aws/issues/28305))
- resource/aws_wafv2\_web_acl: Add support for ManagedRuleGroupConfig ([#28594](https://togithub.com/hashicorp/terraform-provider-aws/issues/28594))
BUG FIXES:
- data-source/aws_cloudwatch_log_group: Restore use of `ListTagsLogGroup` API ([#28492](https://togithub.com/hashicorp/terraform-provider-aws/issues/28492))
- resource/aws_cloudwatch_log_group: Restore use of `ListTagsLogGroup`, `TagLogGroup` and `UntagLogGroup` APIs ([#28492](https://togithub.com/hashicorp/terraform-provider-aws/issues/28492))
- resource/aws_dms_endpoint: Add s3 setting `ignore_header_rows` and deprecate misspelled `ignore_headers_row`. ([#28579](https://togithub.com/hashicorp/terraform-provider-aws/issues/28579))
- resource/aws_elasticache_user_group_association: Retry on `InvalidUserGroupState` errors to handle concurrent updates ([#28689](https://togithub.com/hashicorp/terraform-provider-aws/issues/28689))
- resource/aws_lambda_function_url: Fix removal of `cors` configuration block ([#28439](https://togithub.com/hashicorp/terraform-provider-aws/issues/28439))
- resource/aws_lightsail_database: The `availability_zone` attribute is now optional/computed to support HA `bundle_id`s ([#28590](https://togithub.com/hashicorp/terraform-provider-aws/issues/28590))
- resource/aws_lightsail_disk_attachment: Resolves a panic when an attachment fails and attempts to display the error returned by AWS. ([#28593](https://togithub.com/hashicorp/terraform-provider-aws/issues/28593))
### [`v4.48.0`](https://togithub.com/hashicorp/terraform-provider-aws/blob/HEAD/CHANGELOG.md#4480-December-19-2022)
[Compare Source](https://togithub.com/hashicorp/terraform-provider-aws/compare/v4.47.0...v4.48.0)
FEATURES:
- **New Resource:** `aws_dx_macsec_key_association` ([#26274](https://togithub.com/hashicorp/terraform-provider-aws/issues/26274))
ENHANCEMENTS:
- resource/aws_dx_connection: Add `encryption_mode` and `request_macsec` arguments and `macsec_capable` and `port_encryption_status` attributes in support of [MACsec](https://docs.aws.amazon.com/directconnect/latest/UserGuide/MACsec.html) ([#26274](https://togithub.com/hashicorp/terraform-provider-aws/issues/26274))
- resource/aws_dx_connection: Add `skip_destroy` argument ([#26274](https://togithub.com/hashicorp/terraform-provider-aws/issues/26274))
- resource/aws_eks_node_group: Add support for `WINDOWS_CORE_2019_x86_64`, `WINDOWS_FULL_2019_x86_64`, `WINDOWS_CORE_2022_x86_64`, and `WINDOWS_FULL_2022_x86_64` `ami_type` values ([#28445](https://togithub.com/hashicorp/terraform-provider-aws/issues/28445))
- resource/aws_networkfirewall_rule_group: Add `reference_sets` configuration block ([#28335](https://togithub.com/hashicorp/terraform-provider-aws/issues/28335))
- resource/aws_networkmanager_vpc_attachment: Add `options.appliance_mode_support` argument ([#28450](https://togithub.com/hashicorp/terraform-provider-aws/issues/28450))
BUG FIXES:
- resource/aws_networkfirewall_rule_group: Change `rule_group.rules_source.stateful_rule` from `TypeSet` to `TypeList` to preserve rule order ([#27102](https://togithub.com/hashicorp/terraform-provider-aws/issues/27102))
cert-manager/cert-manager
### [`v1.11.0`](https://togithub.com/cert-manager/cert-manager/releases/tag/v1.11.0)
[Compare Source](https://togithub.com/cert-manager/cert-manager/compare/v1.10.2...v1.11.0)
cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.
`v1.11.0` includes a drastic reduction in cert-manager's runtime memory usage, a slew of improvements to AKS integrations and various other tweaks, fixes and improvements, all towards cert-manager's goal of being the best way to handle certificates in modern Cloud Native applications.
#### Community
Thanks again to all open-source contributors with commits in this release, including:
- [@cmcga1125](https://togithub.com/cmcga1125)
- [@karlschriek](https://togithub.com/karlschriek)
- [@lvyanru8200](https://togithub.com/lvyanru8200)
- [@mmontes11](https://togithub.com/mmontes11)
- [@pinkfloydx33](https://togithub.com/pinkfloydx33)
- [@sathyanarays](https://togithub.com/sathyanarays)
- [@weisdd](https://togithub.com/weisdd)
- [@yann-soubeyrand](https://togithub.com/yann-soubeyrand)
- [@joycebrum](https://togithub.com/joycebrum)
- [@Git-Jiro](https://togithub.com/Git-Jiro)
- [@thib-mary](https://togithub.com/thib-mary)
- [@yk](https://togithub.com/yk)
- [@RomanenkoDenys](https://togithub.com/RomanenkoDenys)
- [@lucacome](https://togithub.com/lucacome)
- [@yanggangtony](https://togithub.com/yanggangtony)
Thanks also to the following cert-manager maintainers for their contributions during this release:
- [@wallrj](https://togithub.com/wallrj)
- [@irbekrm](https://togithub.com/irbekrm)
- [@maelvls](https://togithub.com/maelvls)
- [@SgtCoDFish](https://togithub.com/SgtCoDFish)
- [@inteon](https://togithub.com/inteon)
- [@jakexks](https://togithub.com/jakexks)
- [@JoshVanL](https://togithub.com/JoshVanL)
Thanks also to the [CNCF](https://www.cncf.io/), which provides resources and support, and to the AWS open source team for being good community members and for their maintenance of the [PrivateCA Issuer](https://togithub.com/cert-manager/aws-privateca-issuer).
In addition, massive thanks to [Jetstack](https://www.jetstack.io/) (by [Venafi](https://www.venafi.com/)) for contributing developer time and resources towards the continued maintenance of cert-manager projects.
#### Changes since cert-manager `v1.10`
For an overview of new features, see the [v1.11 release notes](https://cert-manager.io/docs/release-notes/release-notes-1.11/)!
##### Feature
- Helm: allow configuring the image used by ACME HTTP-01 solver ([#5554](https://togithub.com/cert-manager/cert-manager/issues/5554), [@yann-soubeyrand](https://togithub.com/yann-soubeyrand))
- Add the `--max-concurrent-challenges` controller flag to the helm chart ([#5638](https://togithub.com/cert-manager/cert-manager/issues/5638), [@lvyanru8200](https://togithub.com/lvyanru8200))
- Adds the ability to specify a custom CA bundle in Issuers when connecting to an ACME server ([#5644](https://togithub.com/cert-manager/cert-manager/issues/5644), [@SgtCoDFish](https://togithub.com/SgtCoDFish))
- Enable testing against Kubernetes 1.26 and test with Kubernetes 1.26 by default ([#5646](https://togithub.com/cert-manager/cert-manager/issues/5646), [@SgtCoDFish](https://togithub.com/SgtCoDFish))
- Experimental make targets for pushing images to an OCI registry using `ko` and redeploying cert-manager to the cluster referenced by your current KUBECONFIG context. ([#5655](https://togithub.com/cert-manager/cert-manager/issues/5655), [@wallrj](https://togithub.com/wallrj))
- Add ability to run acmesolver pods as root if desired. The default is still to run as non-root. ([#5546](https://togithub.com/cert-manager/cert-manager/issues/5546), [@cmcga1125](https://togithub.com/cmcga1125))
- Add support for DC and UID in `LiteralSubject` field, all mandatory OIDs are now supported for LDAP certificates (rfc4514). ([#5587](https://togithub.com/cert-manager/cert-manager/issues/5587), [@SpectralHiss](https://togithub.com/SpectralHiss))
- Add support for Workload Identity to AzureDNS resolver ([#5570](https://togithub.com/cert-manager/cert-manager/issues/5570), [@weisdd](https://togithub.com/weisdd))
- Breaking: updates the gateway API integration to use the more stable v1beta1 API version. Any users of the cert-manager `ExperimentalGatewayAPISupport` alpha feature must ensure that `v1beta` of Gateway API is installed in cluster. ([#5583](https://togithub.com/cert-manager/cert-manager/issues/5583), [@lvyanru8200](https://togithub.com/lvyanru8200))
- Certificate secrets get refreshed if the keystore format change ([#5597](https://togithub.com/cert-manager/cert-manager/issues/5597), [@sathyanarays](https://togithub.com/sathyanarays))
- Introducing UseCertificateRequestBasicConstraints feature flag to enable Basic Constraints in the Certificate Signing Request ([#5552](https://togithub.com/cert-manager/cert-manager/issues/5552), [@sathyanarays](https://togithub.com/sathyanarays))
- Return error when Gateway has a cross-namespace secret ref ([#5613](https://togithub.com/cert-manager/cert-manager/issues/5613), [@mmontes11](https://togithub.com/mmontes11))
- Signers fire an event on CertificateRequests which have not been approved yet. Used for informational purposes so users understand why a request is not progressing. ([#5535](https://togithub.com/cert-manager/cert-manager/issues/5535), [@JoshVanL](https://togithub.com/JoshVanL))
##### Bug or Regression
- Don't log errors relating to self-signed issuer checks for external issuers ([#5681](https://togithub.com/cert-manager/cert-manager/issues/5681), [@SgtCoDFish](https://togithub.com/SgtCoDFish))
- Fixed a bug in AzureDNS resolver that led to early reconciliations in misconfigured Workload Identity-enabled setups (when Federated Identity Credential is not linked with a controller's k8s service account) ([#5663](https://togithub.com/cert-manager/cert-manager/issues/5663), [@weisdd](https://togithub.com/weisdd))
- Use manually specified temporary directory template when verifying CRDs ([#5680](https://togithub.com/cert-manager/cert-manager/issues/5680), [@SgtCoDFish](https://togithub.com/SgtCoDFish))
- `vcert` was upgraded to `v4.23.0`, fixing two bugs in cert-manager. The first bug was preventing the Venafi issuer from renewing certificates when using TPP has been fixed. You should no longer see your certificates getting stuck with `WebSDK CertRequest Module Requested Certificate` or `This certificate cannot be processed while it is in an error state. Fix any errors, and then click Retry.`. The second bug that was fixed prevented the use of `algorithm: Ed25519` in Certificate resources with VaaS. ([#5674](https://togithub.com/cert-manager/cert-manager/issues/5674), [@maelvls](https://togithub.com/maelvls))
- Upgrade `golang/x/net` to fix CVE-2022-41717 ([#5632](https://togithub.com/cert-manager/cert-manager/issues/5632), [@SgtCoDFish](https://togithub.com/SgtCoDFish))
- Bug fix: When using feature gates with the helm chart, enable feature gate flags on webhook as well as controller ([#5584](https://togithub.com/cert-manager/cert-manager/issues/5584), [@lvyanru8200](https://togithub.com/lvyanru8200))
- Fix `golang.org/x/text` vulnerability ([#5562](https://togithub.com/cert-manager/cert-manager/issues/5562), [@SgtCoDFish](https://togithub.com/SgtCoDFish))
- Fixes a bug that caused the Vault issuer to omit the Vault namespace in requests to the Vault API. ([#5591](https://togithub.com/cert-manager/cert-manager/issues/5591), [@wallrj](https://togithub.com/wallrj))
- The Venafi Issuer now supports TLS 1.2 renegotiation, so that it can connect to TPP servers where the vedauth API endpoints are configured to *accept* client certificates. (Note: This does not mean that the Venafi Issuer supports client certificate authentication). ([#5568](https://togithub.com/cert-manager/cert-manager/issues/5568), [@wallrj](https://togithub.com/wallrj))
- Upgrade to go 1.19.4 to fix CVE-2022-41717 ([#5619](https://togithub.com/cert-manager/cert-manager/issues/5619), [@SgtCoDFish](https://togithub.com/SgtCoDFish))
- Upgrade to latest go minor release ([#5559](https://togithub.com/cert-manager/cert-manager/issues/5559), [@SgtCoDFish](https://togithub.com/SgtCoDFish))
- Ensure `extraArgs` in Helm takes precedence over the new acmesolver image options ([#5702](https://togithub.com/cert-manager/cert-manager/issues/5702), [@SgtCoDFish](https://togithub.com/SgtCoDFish))
- Fix cainjector's --namespace flag. Users who want to prevent cainjector from reading all Secrets and Certificates in all namespaces (i.e to prevent excessive memory consumption) can now scope it to a single namespace using the --namespace flag. A cainjector that is only used as part of cert-manager installation only needs access to the cert-manager installation namespace. ([#5694](https://togithub.com/cert-manager/cert-manager/issues/5694), [@irbekrm](https://togithub.com/irbekrm))
- Fixes a bug where cert-manager controller was caching all Secrets twice ([#5691](https://togithub.com/cert-manager/cert-manager/issues/5691), [@irbekrm](https://togithub.com/irbekrm))
##### Other
- `certificate.spec.secretName` Secrets will now be labelled with the `controller.cert-manager.io/fao` label ([#5703](https://togithub.com/cert-manager/cert-manager/issues/5703), [@irbekrm](https://togithub.com/irbekrm))
- Upgrade to go 1.19.5 ([#5714](https://togithub.com/cert-manager/cert-manager/issues/5714), [@yanggangtony](https://togithub.com/yanggangtony))
### [`v1.10.2`](https://togithub.com/cert-manager/cert-manager/releases/tag/v1.10.2)
[Compare Source](https://togithub.com/cert-manager/cert-manager/compare/v1.10.1...v1.10.2)
cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.
v1.10.2 is primarily a performance enhancement release which might reduce memory consumption by up to 50% in some cases thanks to some brilliant work by [@irbekrm](https://togithub.com/irbekrm)! :tada:
It also patches several vulnerabilities reported by scanners and updates the base images used for cert-manager containers. In addition, it removes a potentially confusing log line which had been introduced in v1.10.0 which implied that an error had occurred when using external issuers even though there'd been no error.
##### Changes since `v1.10.1`
##### Feature
- Enable support for Kubernetes 1.26 in tests ([#5647](https://togithub.com/cert-manager/cert-manager/issues/5647), [@SgtCoDFish](https://togithub.com/SgtCoDFish))
##### Bug or Regression
- Fixes a bug where the cert-manager controller was caching all Secrets twice ([#5704](https://togithub.com/cert-manager/cert-manager/issues/5704), [@irbekrm](https://togithub.com/irbekrm))
- Bump helm version to fix CVE-2022-23525 ([#5676](https://togithub.com/cert-manager/cert-manager/issues/5676), [@SgtCoDFish](https://togithub.com/SgtCoDFish))
- Don't log errors relating to selfsigned issuer checks for external issuers ([#5687](https://togithub.com/cert-manager/cert-manager/issues/5687), [@SgtCoDFish](https://togithub.com/SgtCoDFish))
- Fix `golang.org/x/text` vulnerability ([#5592](https://togithub.com/cert-manager/cert-manager/issues/5592), [@SgtCoDfish](https://togithub.com/SgtCoDfish))
- Upgrade golang/x/net to fix CVE-2022-41717 ([#5635](https://togithub.com/cert-manager/cert-manager/issues/5635), [@SgtCoDFish](https://togithub.com/SgtCoDFish))
- Upgrade to go 1.19.4 to fix CVE-2022-41717 ([#5620](https://togithub.com/cert-manager/cert-manager/issues/5620), [@SgtCoDfish](https://togithub.com/SgtCoDfish))
- Use manually specified tmpdir template when verifying CRDs ([#5682](https://togithub.com/cert-manager/cert-manager/issues/5682), [@SgtCoDFish](https://togithub.com/SgtCoDFish))
##### Other (Cleanup or Flake)
- Bump distroless base images to latest versions ([#5677](https://togithub.com/cert-manager/cert-manager/issues/5677), [@SgtCoDFish](https://togithub.com/SgtCoDFish))
external-secrets/external-secrets
### [`v0.7.2`](https://togithub.com/external-secrets/external-secrets/releases/tag/v0.7.2)
[Compare Source](https://togithub.com/external-secrets/external-secrets/compare/v0.7.1...v0.7.2)
Image: `ghcr.io/external-secrets/external-secrets:v0.7.2`
Image: `ghcr.io/external-secrets/external-secrets:v0.7.2-ubi`
Image: `ghcr.io/external-secrets/external-secrets:v0.7.2-ubi-boringssl`
#### Changes
- :sparkles: Implements Deletion policy for Hashicorp vault. ([#1879](https://togithub.com/external-secrets/external-secrets/issues/1879))
- :sparkles: AWS Role Chaining ([#1855](https://togithub.com/external-secrets/external-secrets/issues/1855))
- :sparkles: feat: referent auth for gcp ([#1887](https://togithub.com/external-secrets/external-secrets/issues/1887))
- :sparkles: aws secretsmanager/parameterstore referent auth ([#1884](https://togithub.com/external-secrets/external-secrets/issues/1884))
- :sparkles: Adds Keyvault PushSecret ([#1883](https://togithub.com/external-secrets/external-secrets/issues/1883))
- :sparkles: implement azure referent auth ([#1886](https://togithub.com/external-secrets/external-secrets/issues/1886))
- :bug: Fixes vault PushSecret logic ([#1866](https://togithub.com/external-secrets/external-secrets/issues/1866))
- :bug: fix: explicitly use new kubectl gcp auth ([#1904](https://togithub.com/external-secrets/external-secrets/issues/1904))
- :bug: GCP: prevent goroutine leak on workload identity reconciliation ([#1902](https://togithub.com/external-secrets/external-secrets/issues/1902))
- :books: Fixing links and adding stability support for 0.7.x ([#1863](https://togithub.com/external-secrets/external-secrets/issues/1863))
- :books: fix: typo ([#1894](https://togithub.com/external-secrets/external-secrets/issues/1894))
- :books: Update 1password-automation.md ([#1895](https://togithub.com/external-secrets/external-secrets/issues/1895))
- :books: New blog post added to Docs ([#1909](https://togithub.com/external-secrets/external-secrets/issues/1909))
- :broom: Several bumps
### [`v0.7.1`](https://togithub.com/external-secrets/external-secrets/releases/tag/v0.7.1)
[Compare Source](https://togithub.com/external-secrets/external-secrets/compare/v0.7.0...v0.7.1)
Image: `ghcr.io/external-secrets/external-secrets:v0.7.1`
Image: `ghcr.io/external-secrets/external-secrets:v0.7.1-ubi`
Image: `ghcr.io/external-secrets/external-secrets:v0.7.1-ubi-boringssl`
#### Changes
- :bug: fixing docs release ([#1799](https://togithub.com/external-secrets/external-secrets/issues/1799))
- 🧹chore:bump 0.7.0 ([#1800](https://togithub.com/external-secrets/external-secrets/issues/1800))
- 🧹chore(deps): bump actions/setup-python from 4.3.0 to 4.3.1 ([#1802](https://togithub.com/external-secrets/external-secrets/issues/1802))
- 🧹chore(deps): bump golang from 1.19.3-alpine to 1.19.4-alpine ([#1801](https://togithub.com/external-secrets/external-secrets/issues/1801))
- :broom: chore: bumps ([#1807](https://togithub.com/external-secrets/external-secrets/issues/1807))
- Add flag to set CRD names in cert controller ([#1811](https://togithub.com/external-secrets/external-secrets/issues/1811))
- \[FEATURE] Customizable encoding of logging timestamp ([#1808](https://togithub.com/external-secrets/external-secrets/issues/1808))
- Add note on required Service Account roles. ([#1814](https://togithub.com/external-secrets/external-secrets/issues/1814))
- fix: add status checks permission ([#1813](https://togithub.com/external-secrets/external-secrets/issues/1813))
- fix: replace bad URLs ([#1815](https://togithub.com/external-secrets/external-secrets/issues/1815))
- Add license scan report and status ([#1818](https://togithub.com/external-secrets/external-secrets/issues/1818))
- Fix typo ([#1826](https://togithub.com/external-secrets/external-secrets/issues/1826))
- feat: add fossa check ([#1819](https://togithub.com/external-secrets/external-secrets/issues/1819))
- chore: bumps ([#1852](https://togithub.com/external-secrets/external-secrets/issues/1852))
- :sparkles: Templates from string ([#1748](https://togithub.com/external-secrets/external-secrets/issues/1748))
- chore: bump golang-jwt ([#1858](https://togithub.com/external-secrets/external-secrets/issues/1858))
- feat: add ability to set automount to false ([#1859](https://togithub.com/external-secrets/external-secrets/issues/1859))
- :bug: gitlab: Fallback to wildcard variables and use pagination (bugfix) ([#1838](https://togithub.com/external-secrets/external-secrets/issues/1838))
- :bug: Use the right metrics annotations for the webhook service ([#1841](https://togithub.com/external-secrets/external-secrets/issues/1841))
- :broom: chore(deps): Bump github.com/aws/aws-sdk-go from 1.44.171 to 1.44.172 ([#1857](https://togithub.com/external-secrets/external-secrets/issues/1857))
Configuration
📅 Schedule: Branch creation - "before 3am on Monday" in timezone Europe/Berlin, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
[ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
5.16.6
->5.17.4
4.47.0
->4.50.0
v1.10.1
->v1.11.0
0.7.0
->0.7.2
4.4.0
->4.4.2
Release Notes
argoproj/argo-helm
### [`v5.17.4`](https://togithub.com/argoproj/argo-helm/releases/tag/argo-cd-5.17.4) [Compare Source](https://togithub.com/argoproj/argo-helm/compare/argo-cd-5.17.2...argo-cd-5.17.4) A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. ### [`v5.17.2`](https://togithub.com/argoproj/argo-helm/releases/tag/argo-cd-5.17.2) [Compare Source](https://togithub.com/argoproj/argo-helm/compare/argo-cd-5.17.1...argo-cd-5.17.2) A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. ### [`v5.17.1`](https://togithub.com/argoproj/argo-helm/releases/tag/argo-cd-5.17.1) [Compare Source](https://togithub.com/argoproj/argo-helm/compare/argo-cd-5.17.0...argo-cd-5.17.1) A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. ### [`v5.17.0`](https://togithub.com/argoproj/argo-helm/releases/tag/argo-cd-5.17.0) [Compare Source](https://togithub.com/argoproj/argo-helm/compare/argo-cd-5.16.15...argo-cd-5.17.0) A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. ### [`v5.16.15`](https://togithub.com/argoproj/argo-helm/releases/tag/argo-cd-5.16.15) [Compare Source](https://togithub.com/argoproj/argo-helm/compare/argo-cd-5.16.14...argo-cd-5.16.15) A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. ### [`v5.16.14`](https://togithub.com/argoproj/argo-helm/releases/tag/argo-cd-5.16.14) [Compare Source](https://togithub.com/argoproj/argo-helm/compare/argo-cd-5.16.13...argo-cd-5.16.14) A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. ### [`v5.16.13`](https://togithub.com/argoproj/argo-helm/releases/tag/argo-cd-5.16.13) [Compare Source](https://togithub.com/argoproj/argo-helm/compare/argo-cd-5.16.12...argo-cd-5.16.13) A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. ### [`v5.16.12`](https://togithub.com/argoproj/argo-helm/releases/tag/argo-cd-5.16.12) [Compare Source](https://togithub.com/argoproj/argo-helm/compare/argo-cd-5.16.11...argo-cd-5.16.12) A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. ### [`v5.16.11`](https://togithub.com/argoproj/argo-helm/releases/tag/argo-cd-5.16.11) [Compare Source](https://togithub.com/argoproj/argo-helm/compare/argo-cd-5.16.10...argo-cd-5.16.11) A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. ### [`v5.16.10`](https://togithub.com/argoproj/argo-helm/releases/tag/argo-cd-5.16.10) [Compare Source](https://togithub.com/argoproj/argo-helm/compare/argo-cd-5.16.9...argo-cd-5.16.10) A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. ### [`v5.16.9`](https://togithub.com/argoproj/argo-helm/releases/tag/argo-cd-5.16.9) [Compare Source](https://togithub.com/argoproj/argo-helm/compare/argo-cd-5.16.8...argo-cd-5.16.9) A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. ### [`v5.16.8`](https://togithub.com/argoproj/argo-helm/releases/tag/argo-cd-5.16.8) [Compare Source](https://togithub.com/argoproj/argo-helm/compare/argo-cd-5.16.7...argo-cd-5.16.8) A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. ### [`v5.16.7`](https://togithub.com/argoproj/argo-helm/releases/tag/argo-cd-5.16.7) [Compare Source](https://togithub.com/argoproj/argo-helm/compare/argo-cd-5.16.6...argo-cd-5.16.7) A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.hashicorp/terraform-provider-aws
### [`v4.50.0`](https://togithub.com/hashicorp/terraform-provider-aws/blob/HEAD/CHANGELOG.md#4500-January-13-2023) [Compare Source](https://togithub.com/hashicorp/terraform-provider-aws/compare/v4.49.0...v4.50.0) FEATURES: - **New Data Source:** `aws_lbs` ([#27161](https://togithub.com/hashicorp/terraform-provider-aws/issues/27161)) - **New Resource:** `aws_sesv2_configuration_set_event_destination` ([#27565](https://togithub.com/hashicorp/terraform-provider-aws/issues/27565)) ENHANCEMENTS: - data-source/aws_lb_target_group: Support querying by `tags` ([#27261](https://togithub.com/hashicorp/terraform-provider-aws/issues/27261)) - resource/aws_redshiftdata_statement: Add `workgroup_name` argument ([#28751](https://togithub.com/hashicorp/terraform-provider-aws/issues/28751)) - resource/aws_service_discovery_service: Add `type` argument ([#28778](https://togithub.com/hashicorp/terraform-provider-aws/issues/28778)) BUG FIXES: - resource/aws_acmpca_policy: Improve refresh to avoid unnecessary diffs in `policy` ([#28788](https://togithub.com/hashicorp/terraform-provider-aws/issues/28788)) - resource/aws_api_gateway_rest_api: Improve refresh to avoid unnecessary diffs in `policy` ([#28789](https://togithub.com/hashicorp/terraform-provider-aws/issues/28789)) - resource/aws_api_gateway_rest_api_policy: Improve refresh to avoid unnecessary diffs in `policy` ([#28789](https://togithub.com/hashicorp/terraform-provider-aws/issues/28789)) - resource/aws_apprunner_service: `observability_configuration_arn` is optional ([#28620](https://togithub.com/hashicorp/terraform-provider-aws/issues/28620)) - resource/aws_apprunner_vpc_connector: Fix `default_tags` not handled correctly ([#28736](https://togithub.com/hashicorp/terraform-provider-aws/issues/28736)) - resource/aws_appstream_stack: Fix panic on user_settings update ([#28766](https://togithub.com/hashicorp/terraform-provider-aws/issues/28766)) - resource/aws_appstream_stack: Prevent unnecessary replacements on update ([#28766](https://togithub.com/hashicorp/terraform-provider-aws/issues/28766)) - resource/aws_backup_vault_policy: Improve refresh to avoid unnecessary diffs in `policy` ([#28791](https://togithub.com/hashicorp/terraform-provider-aws/issues/28791)) - resource/aws_cloudsearch_domain_service_access_policy: Improve refresh to avoid unnecessary diffs in `access_policy` ([#28792](https://togithub.com/hashicorp/terraform-provider-aws/issues/28792)) - resource/aws_cloudwatch_event_bus_policy: Improve refresh to avoid unnecessary diffs in `policy` ([#28802](https://togithub.com/hashicorp/terraform-provider-aws/issues/28802)) - resource/aws_codeartifact_domain_permissions_policy: Improve refresh to avoid unnecessary diffs in `policy_document` ([#28794](https://togithub.com/hashicorp/terraform-provider-aws/issues/28794)) - resource/aws_codeartifact_repository_permissions_policy: Improve refresh to avoid unnecessary diffs in `policy_document` ([#28794](https://togithub.com/hashicorp/terraform-provider-aws/issues/28794)) - resource/aws_codebuild_resource_policy: Improve refresh to avoid unnecessary diffs in `policy` ([#28796](https://togithub.com/hashicorp/terraform-provider-aws/issues/28796)) - resource/aws_dms_replication_subnet_group: Fix error ("Provider produced inconsistent result") when an error is encountered during creation ([#28748](https://togithub.com/hashicorp/terraform-provider-aws/issues/28748)) - resource/aws_dms_replication_task: Allow updates to `aws_dms_replication_task` even when `migration_type` and `table_mappings` have not changed ([#28047](https://togithub.com/hashicorp/terraform-provider-aws/issues/28047)) - resource/aws_dms_replication_task: Fix error with `cdc_path` when used with `aws_dms_s3_endpoint` ([#28704](https://togithub.com/hashicorp/terraform-provider-aws/issues/28704)) - resource/aws_dms_s3\_endpoint: Fix error with `cdc_path` when used with `aws_dms_replication_task` ([#28704](https://togithub.com/hashicorp/terraform-provider-aws/issues/28704)) - resource/aws_ecr_registry_policy: Improve refresh to avoid unnecessary diffs in `policy` ([#28799](https://togithub.com/hashicorp/terraform-provider-aws/issues/28799)) - resource/aws_ecr_repository_policy: Improve refresh to avoid unnecessary diffs in `policy` ([#28799](https://togithub.com/hashicorp/terraform-provider-aws/issues/28799)) - resource/aws_ecrpublic_repository_policy: Improve refresh to avoid unnecessary diffs in `policy` ([#28799](https://togithub.com/hashicorp/terraform-provider-aws/issues/28799)) - resource/aws_efs_file_system_policy: Improve refresh to avoid unnecessary diffs in `policy` ([#28800](https://togithub.com/hashicorp/terraform-provider-aws/issues/28800)) - resource/aws_elasticsearch_domain: Improve refresh to avoid unnecessary diffs in `access_policies` ([#28801](https://togithub.com/hashicorp/terraform-provider-aws/issues/28801)) - resource/aws_elasticsearch_domain_policy: Improve refresh to avoid unnecessary diffs in `access_policies` ([#28801](https://togithub.com/hashicorp/terraform-provider-aws/issues/28801)) - resource/aws_glacier_vault: Improve refresh to avoid unnecessary diffs in `access_policy` ([#28804](https://togithub.com/hashicorp/terraform-provider-aws/issues/28804)) - resource/aws_glacier_vault_lock: Improve refresh to avoid unnecessary diffs in `policy` ([#28804](https://togithub.com/hashicorp/terraform-provider-aws/issues/28804)) - resource/aws_glue_resource_policy: Improve refresh to avoid unnecessary diffs in `policy` ([#28807](https://togithub.com/hashicorp/terraform-provider-aws/issues/28807)) - resource/aws_iam_group_policy: Fixed issue that could result in "inconsistent final plan" errors ([#28868](https://togithub.com/hashicorp/terraform-provider-aws/issues/28868)) - resource/aws_iam_group_policy: Improve refresh to avoid unnecessary diffs in `policy` ([#28777](https://togithub.com/hashicorp/terraform-provider-aws/issues/28777)) - resource/aws_iam_group_policy: Improve refresh to avoid unnecessary diffs in `policy` ([#28836](https://togithub.com/hashicorp/terraform-provider-aws/issues/28836)) - resource/aws_iam_policy: Improve refresh to avoid unnecessary diffs in `policy` ([#28777](https://togithub.com/hashicorp/terraform-provider-aws/issues/28777)) - resource/aws_iam_policy: Improve refresh to avoid unnecessary diffs in `policy`, `tags` ([#28836](https://togithub.com/hashicorp/terraform-provider-aws/issues/28836)) - resource/aws_iam_role: Fixed issue that could result in "inconsistent final plan" errors ([#28868](https://togithub.com/hashicorp/terraform-provider-aws/issues/28868)) - resource/aws_iam_role: Improve refresh to avoid unnecessary diffs in `assume_role_policy` and `inline_policy` `policy` ([#28777](https://togithub.com/hashicorp/terraform-provider-aws/issues/28777)) - resource/aws_iam_role: Improve refresh to avoid unnecessary diffs in `inline_policy.*.policy`, `tags` ([#28836](https://togithub.com/hashicorp/terraform-provider-aws/issues/28836)) - resource/aws_iam_role_policy: Fixed issue that could result in "inconsistent final plan" errors ([#28868](https://togithub.com/hashicorp/terraform-provider-aws/issues/28868)) - resource/aws_iam_role_policy: Improve refresh to avoid unnecessary diffs in `policy` ([#28777](https://togithub.com/hashicorp/terraform-provider-aws/issues/28777)) - resource/aws_iam_role_policy: Improve refresh to avoid unnecessary diffs in `policy` ([#28836](https://togithub.com/hashicorp/terraform-provider-aws/issues/28836)) - resource/aws_iam_user_policy: Fixed issue that could result in "inconsistent final plan" errors ([#28868](https://togithub.com/hashicorp/terraform-provider-aws/issues/28868)) - resource/aws_iam_user_policy: Improve refresh to avoid unnecessary diffs in `policy` ([#28777](https://togithub.com/hashicorp/terraform-provider-aws/issues/28777)) - resource/aws_iam_user_policy: Improve refresh to avoid unnecessary diffs in `policy` ([#28836](https://togithub.com/hashicorp/terraform-provider-aws/issues/28836)) - resource/aws_iot_policy: Improve refresh to avoid unnecessary diffs in `policy` ([#28838](https://togithub.com/hashicorp/terraform-provider-aws/issues/28838)) - resource/aws_kms_external_key: Improve refresh to avoid unnecessary diffs in `policy` ([#28853](https://togithub.com/hashicorp/terraform-provider-aws/issues/28853)) - resource/aws_kms_key: Improve refresh to avoid unnecessary diffs in `policy` ([#28853](https://togithub.com/hashicorp/terraform-provider-aws/issues/28853)) - resource/aws_lb_target_group: Change `protocol_version` to [ForceNew](https://developer.hashicorp.com/terraform/plugin/sdkv2/schemas/schema-behaviors#forcenew) ([#17845](https://togithub.com/hashicorp/terraform-provider-aws/issues/17845)) - resource/aws_lb_target_group: When creating a new target group, return an error if there is an existing target group with the same name. Use [`terraform import`](https://developer.hashicorp.com/terraform/cli/commands/import) for existing target groups ([#26977](https://togithub.com/hashicorp/terraform-provider-aws/issues/26977)) - resource/aws_mq_configuration: Improve refresh to avoid unnecessary diffs in `data` ([#28837](https://togithub.com/hashicorp/terraform-provider-aws/issues/28837)) - resource/aws_s3\_access_point: Improve refresh to avoid unnecessary diffs in `policy` ([#28866](https://togithub.com/hashicorp/terraform-provider-aws/issues/28866)) - resource/aws_s3\_bucket: Improve refresh to avoid unnecessary diffs in `policy` ([#28855](https://togithub.com/hashicorp/terraform-provider-aws/issues/28855)) - resource/aws_s3\_bucket_policy: Improve refresh to avoid unnecessary diffs in `policy` ([#28855](https://togithub.com/hashicorp/terraform-provider-aws/issues/28855)) - resource/aws_s3control_access_point_policy: Improve refresh to avoid unnecessary diffs in `policy` ([#28866](https://togithub.com/hashicorp/terraform-provider-aws/issues/28866)) - resource/aws_s3control_bucket_policy: Improve refresh to avoid unnecessary diffs in `policy` ([#28866](https://togithub.com/hashicorp/terraform-provider-aws/issues/28866)) - resource/aws_s3control_multi_region_access_point_policy: Improve refresh to avoid unnecessary diffs in `details` `policy` ([#28866](https://togithub.com/hashicorp/terraform-provider-aws/issues/28866)) - resource/aws_s3control_object_lambda_access_point_policy: Improve refresh to avoid unnecessary diffs in `policy` ([#28866](https://togithub.com/hashicorp/terraform-provider-aws/issues/28866)) - resource/aws_sagemaker_model_package_group_policy: Improve refresh to avoid unnecessary diffs in `resource_policy` ([#28865](https://togithub.com/hashicorp/terraform-provider-aws/issues/28865)) - resource/aws_schemas_registry_policy: Improve refresh to avoid unnecessary diffs in `policy` ([#28864](https://togithub.com/hashicorp/terraform-provider-aws/issues/28864)) - resource/aws_secretsmanager_secret: Improve refresh to avoid unnecessary diffs in `policy` ([#28863](https://togithub.com/hashicorp/terraform-provider-aws/issues/28863)) - resource/aws_secretsmanager_secret_policy: Improve refresh to avoid unnecessary diffs in `policy` ([#28863](https://togithub.com/hashicorp/terraform-provider-aws/issues/28863)) - resource/aws_ses_identity_policy: Improve refresh to avoid unnecessary diffs in `policy` ([#28861](https://togithub.com/hashicorp/terraform-provider-aws/issues/28861)) - resource/aws_sns_topic: Improve refresh to avoid unnecessary diffs in `policy` ([#28860](https://togithub.com/hashicorp/terraform-provider-aws/issues/28860)) - resource/aws_sns_topic_policy: Improve refresh to avoid unnecessary diffs in `policy` ([#28860](https://togithub.com/hashicorp/terraform-provider-aws/issues/28860)) - resource/aws_sqs_queue: Improve refresh to avoid unnecessary diffs in `policy` ([#28840](https://togithub.com/hashicorp/terraform-provider-aws/issues/28840)) - resource/aws_sqs_queue_policy: Improve refresh to avoid unnecessary diffs in `policy` ([#28840](https://togithub.com/hashicorp/terraform-provider-aws/issues/28840)) - resource/aws_transfer_access: Improve refresh to avoid unnecessary diffs in `policy` ([#28859](https://togithub.com/hashicorp/terraform-provider-aws/issues/28859)) - resource/aws_transfer_user: Improve refresh to avoid unnecessary diffs in `policy` ([#28859](https://togithub.com/hashicorp/terraform-provider-aws/issues/28859)) - resource/aws_vpc_endpoint: Improve refresh to avoid unnecessary diffs in `policy` ([#28798](https://togithub.com/hashicorp/terraform-provider-aws/issues/28798)) - resource/aws_vpc_endpoint_policy: Improve refresh to avoid unnecessary diffs in `policy` ([#28798](https://togithub.com/hashicorp/terraform-provider-aws/issues/28798)) ### [`v4.49.0`](https://togithub.com/hashicorp/terraform-provider-aws/blob/HEAD/CHANGELOG.md#4490-January-5-2023) [Compare Source](https://togithub.com/hashicorp/terraform-provider-aws/compare/v4.48.0...v4.49.0) NOTES: - resource/aws_dms_endpoint: For `s3_settings` `cdc_min_file_size`, AWS changed the multiplier to kilobytes instead of megabytes. In other words, prior to the change, a value of `32` represented 32 MiB. After the change, a value of `32` represents 32 KB. Change your configuration accordingly. ([#28578](https://togithub.com/hashicorp/terraform-provider-aws/issues/28578)) - resource/aws_fsx_ontap_storage_virtual_machine: The `subtype` attribute is no longer deprecated ([#28567](https://togithub.com/hashicorp/terraform-provider-aws/issues/28567)) FEATURES: - **New Data Source:** `aws_s3control_multi_region_access_point` ([#28373](https://togithub.com/hashicorp/terraform-provider-aws/issues/28373)) - **New Resource:** `aws_appsync_type` ([#28437](https://togithub.com/hashicorp/terraform-provider-aws/issues/28437)) - **New Resource:** `aws_auditmanager_assessment` ([#28643](https://togithub.com/hashicorp/terraform-provider-aws/issues/28643)) - **New Resource:** `aws_auditmanager_assessment_report` ([#28663](https://togithub.com/hashicorp/terraform-provider-aws/issues/28663)) - **New Resource:** `aws_ec2_instance_state` ([#28639](https://togithub.com/hashicorp/terraform-provider-aws/issues/28639)) - **New Resource:** `aws_lightsail_bucket` ([#28585](https://togithub.com/hashicorp/terraform-provider-aws/issues/28585)) - **New Resource:** `aws_ssoadmin_instance_access_control_attributes` ([#23317](https://togithub.com/hashicorp/terraform-provider-aws/issues/23317)) ENHANCEMENTS: - data-source/aws_autoscaling_group: Add `desired_capacity_type` attribute ([#28658](https://togithub.com/hashicorp/terraform-provider-aws/issues/28658)) - data-source/aws_kms_secrets: Add `encryption_algorithm` and `key_id` arguments in support of [asymmetric keys](https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) ([#21054](https://togithub.com/hashicorp/terraform-provider-aws/issues/21054)) - resource/aws_appflow_connector_profile: Add support for `connector_type` CustomConnector. Add `cluster_identifier`, `database_name`, and `data_api_role_arn` attributes for `redshift` `connection_profile_properties` ([#26766](https://togithub.com/hashicorp/terraform-provider-aws/issues/26766)) - resource/aws_appsync_resolver: Add `runtime` and `code` arguments ([#28436](https://togithub.com/hashicorp/terraform-provider-aws/issues/28436)) - resource/aws_appsync_resolver: Add plan time validation for `caching_config.ttl` ([#28436](https://togithub.com/hashicorp/terraform-provider-aws/issues/28436)) - resource/aws_athena_workgroup: Add `configuration.execution_role` argument ([#28420](https://togithub.com/hashicorp/terraform-provider-aws/issues/28420)) - resource/aws_autoscaling_group: Add `desired_capacity_type` argument ([#28658](https://togithub.com/hashicorp/terraform-provider-aws/issues/28658)) - resource/aws_dms_endpoint: Change `s3_settings` `cdc_min_file_size` default to 32000 in order to align with AWS's change from megabytes to kilobytes for this setting ([#28578](https://togithub.com/hashicorp/terraform-provider-aws/issues/28578)) - resource/aws_ecs_service: Add `alarms` argument ([#28521](https://togithub.com/hashicorp/terraform-provider-aws/issues/28521)) - resource/aws_lightsail_instance: Add `add_on` configuration block. ([#28602](https://togithub.com/hashicorp/terraform-provider-aws/issues/28602)) - resource/aws_lightsail_instance_public_ports: Add `cidr_list_aliases` argument ([#28376](https://togithub.com/hashicorp/terraform-provider-aws/issues/28376)) - resource/aws_s3\_access_point: Add `bucket_account_id` argument ([#28564](https://togithub.com/hashicorp/terraform-provider-aws/issues/28564)) - resource/aws_s3control_storage_lens_configuration: Add `advanced_cost_optimization_metrics`, `advanced_data_protection_metrics`, and `detailed_status_code_metrics` arguments to the `storage_lens_configuration.account_level` and `storage_lens_configuration.account_level.bucket_level` configuration blocks ([#28564](https://togithub.com/hashicorp/terraform-provider-aws/issues/28564)) - resource/aws_wafv2\_rule_group: Add `rule.action.captcha` argument ([#28435](https://togithub.com/hashicorp/terraform-provider-aws/issues/28435)) - resource/aws_wafv2\_web_acl: Add `rule.action.challenge` argument ([#28305](https://togithub.com/hashicorp/terraform-provider-aws/issues/28305)) - resource/aws_wafv2\_web_acl: Add support for ManagedRuleGroupConfig ([#28594](https://togithub.com/hashicorp/terraform-provider-aws/issues/28594)) BUG FIXES: - data-source/aws_cloudwatch_log_group: Restore use of `ListTagsLogGroup` API ([#28492](https://togithub.com/hashicorp/terraform-provider-aws/issues/28492)) - resource/aws_cloudwatch_log_group: Restore use of `ListTagsLogGroup`, `TagLogGroup` and `UntagLogGroup` APIs ([#28492](https://togithub.com/hashicorp/terraform-provider-aws/issues/28492)) - resource/aws_dms_endpoint: Add s3 setting `ignore_header_rows` and deprecate misspelled `ignore_headers_row`. ([#28579](https://togithub.com/hashicorp/terraform-provider-aws/issues/28579)) - resource/aws_elasticache_user_group_association: Retry on `InvalidUserGroupState` errors to handle concurrent updates ([#28689](https://togithub.com/hashicorp/terraform-provider-aws/issues/28689)) - resource/aws_lambda_function_url: Fix removal of `cors` configuration block ([#28439](https://togithub.com/hashicorp/terraform-provider-aws/issues/28439)) - resource/aws_lightsail_database: The `availability_zone` attribute is now optional/computed to support HA `bundle_id`s ([#28590](https://togithub.com/hashicorp/terraform-provider-aws/issues/28590)) - resource/aws_lightsail_disk_attachment: Resolves a panic when an attachment fails and attempts to display the error returned by AWS. ([#28593](https://togithub.com/hashicorp/terraform-provider-aws/issues/28593)) ### [`v4.48.0`](https://togithub.com/hashicorp/terraform-provider-aws/blob/HEAD/CHANGELOG.md#4480-December-19-2022) [Compare Source](https://togithub.com/hashicorp/terraform-provider-aws/compare/v4.47.0...v4.48.0) FEATURES: - **New Resource:** `aws_dx_macsec_key_association` ([#26274](https://togithub.com/hashicorp/terraform-provider-aws/issues/26274)) ENHANCEMENTS: - resource/aws_dx_connection: Add `encryption_mode` and `request_macsec` arguments and `macsec_capable` and `port_encryption_status` attributes in support of [MACsec](https://docs.aws.amazon.com/directconnect/latest/UserGuide/MACsec.html) ([#26274](https://togithub.com/hashicorp/terraform-provider-aws/issues/26274)) - resource/aws_dx_connection: Add `skip_destroy` argument ([#26274](https://togithub.com/hashicorp/terraform-provider-aws/issues/26274)) - resource/aws_eks_node_group: Add support for `WINDOWS_CORE_2019_x86_64`, `WINDOWS_FULL_2019_x86_64`, `WINDOWS_CORE_2022_x86_64`, and `WINDOWS_FULL_2022_x86_64` `ami_type` values ([#28445](https://togithub.com/hashicorp/terraform-provider-aws/issues/28445)) - resource/aws_networkfirewall_rule_group: Add `reference_sets` configuration block ([#28335](https://togithub.com/hashicorp/terraform-provider-aws/issues/28335)) - resource/aws_networkmanager_vpc_attachment: Add `options.appliance_mode_support` argument ([#28450](https://togithub.com/hashicorp/terraform-provider-aws/issues/28450)) BUG FIXES: - resource/aws_networkfirewall_rule_group: Change `rule_group.rules_source.stateful_rule` from `TypeSet` to `TypeList` to preserve rule order ([#27102](https://togithub.com/hashicorp/terraform-provider-aws/issues/27102))cert-manager/cert-manager
### [`v1.11.0`](https://togithub.com/cert-manager/cert-manager/releases/tag/v1.11.0) [Compare Source](https://togithub.com/cert-manager/cert-manager/compare/v1.10.2...v1.11.0) cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters. `v1.11.0` includes a drastic reduction in cert-manager's runtime memory usage, a slew of improvements to AKS integrations and various other tweaks, fixes and improvements, all towards cert-manager's goal of being the best way to handle certificates in modern Cloud Native applications. #### Community Thanks again to all open-source contributors with commits in this release, including: - [@cmcga1125](https://togithub.com/cmcga1125) - [@karlschriek](https://togithub.com/karlschriek) - [@lvyanru8200](https://togithub.com/lvyanru8200) - [@mmontes11](https://togithub.com/mmontes11) - [@pinkfloydx33](https://togithub.com/pinkfloydx33) - [@sathyanarays](https://togithub.com/sathyanarays) - [@weisdd](https://togithub.com/weisdd) - [@yann-soubeyrand](https://togithub.com/yann-soubeyrand) - [@joycebrum](https://togithub.com/joycebrum) - [@Git-Jiro](https://togithub.com/Git-Jiro) - [@thib-mary](https://togithub.com/thib-mary) - [@yk](https://togithub.com/yk) - [@RomanenkoDenys](https://togithub.com/RomanenkoDenys) - [@lucacome](https://togithub.com/lucacome) - [@yanggangtony](https://togithub.com/yanggangtony) Thanks also to the following cert-manager maintainers for their contributions during this release: - [@wallrj](https://togithub.com/wallrj) - [@irbekrm](https://togithub.com/irbekrm) - [@maelvls](https://togithub.com/maelvls) - [@SgtCoDFish](https://togithub.com/SgtCoDFish) - [@inteon](https://togithub.com/inteon) - [@jakexks](https://togithub.com/jakexks) - [@JoshVanL](https://togithub.com/JoshVanL) Thanks also to the [CNCF](https://www.cncf.io/), which provides resources and support, and to the AWS open source team for being good community members and for their maintenance of the [PrivateCA Issuer](https://togithub.com/cert-manager/aws-privateca-issuer). In addition, massive thanks to [Jetstack](https://www.jetstack.io/) (by [Venafi](https://www.venafi.com/)) for contributing developer time and resources towards the continued maintenance of cert-manager projects. #### Changes since cert-manager `v1.10` For an overview of new features, see the [v1.11 release notes](https://cert-manager.io/docs/release-notes/release-notes-1.11/)! ##### Feature - Helm: allow configuring the image used by ACME HTTP-01 solver ([#5554](https://togithub.com/cert-manager/cert-manager/issues/5554), [@yann-soubeyrand](https://togithub.com/yann-soubeyrand)) - Add the `--max-concurrent-challenges` controller flag to the helm chart ([#5638](https://togithub.com/cert-manager/cert-manager/issues/5638), [@lvyanru8200](https://togithub.com/lvyanru8200)) - Adds the ability to specify a custom CA bundle in Issuers when connecting to an ACME server ([#5644](https://togithub.com/cert-manager/cert-manager/issues/5644), [@SgtCoDFish](https://togithub.com/SgtCoDFish)) - Enable testing against Kubernetes 1.26 and test with Kubernetes 1.26 by default ([#5646](https://togithub.com/cert-manager/cert-manager/issues/5646), [@SgtCoDFish](https://togithub.com/SgtCoDFish)) - Experimental make targets for pushing images to an OCI registry using `ko` and redeploying cert-manager to the cluster referenced by your current KUBECONFIG context. ([#5655](https://togithub.com/cert-manager/cert-manager/issues/5655), [@wallrj](https://togithub.com/wallrj)) - Add ability to run acmesolver pods as root if desired. The default is still to run as non-root. ([#5546](https://togithub.com/cert-manager/cert-manager/issues/5546), [@cmcga1125](https://togithub.com/cmcga1125)) - Add support for DC and UID in `LiteralSubject` field, all mandatory OIDs are now supported for LDAP certificates (rfc4514). ([#5587](https://togithub.com/cert-manager/cert-manager/issues/5587), [@SpectralHiss](https://togithub.com/SpectralHiss)) - Add support for Workload Identity to AzureDNS resolver ([#5570](https://togithub.com/cert-manager/cert-manager/issues/5570), [@weisdd](https://togithub.com/weisdd)) - Breaking: updates the gateway API integration to use the more stable v1beta1 API version. Any users of the cert-manager `ExperimentalGatewayAPISupport` alpha feature must ensure that `v1beta` of Gateway API is installed in cluster. ([#5583](https://togithub.com/cert-manager/cert-manager/issues/5583), [@lvyanru8200](https://togithub.com/lvyanru8200)) - Certificate secrets get refreshed if the keystore format change ([#5597](https://togithub.com/cert-manager/cert-manager/issues/5597), [@sathyanarays](https://togithub.com/sathyanarays)) - Introducing UseCertificateRequestBasicConstraints feature flag to enable Basic Constraints in the Certificate Signing Request ([#5552](https://togithub.com/cert-manager/cert-manager/issues/5552), [@sathyanarays](https://togithub.com/sathyanarays)) - Return error when Gateway has a cross-namespace secret ref ([#5613](https://togithub.com/cert-manager/cert-manager/issues/5613), [@mmontes11](https://togithub.com/mmontes11)) - Signers fire an event on CertificateRequests which have not been approved yet. Used for informational purposes so users understand why a request is not progressing. ([#5535](https://togithub.com/cert-manager/cert-manager/issues/5535), [@JoshVanL](https://togithub.com/JoshVanL)) ##### Bug or Regression - Don't log errors relating to self-signed issuer checks for external issuers ([#5681](https://togithub.com/cert-manager/cert-manager/issues/5681), [@SgtCoDFish](https://togithub.com/SgtCoDFish)) - Fixed a bug in AzureDNS resolver that led to early reconciliations in misconfigured Workload Identity-enabled setups (when Federated Identity Credential is not linked with a controller's k8s service account) ([#5663](https://togithub.com/cert-manager/cert-manager/issues/5663), [@weisdd](https://togithub.com/weisdd)) - Use manually specified temporary directory template when verifying CRDs ([#5680](https://togithub.com/cert-manager/cert-manager/issues/5680), [@SgtCoDFish](https://togithub.com/SgtCoDFish)) - `vcert` was upgraded to `v4.23.0`, fixing two bugs in cert-manager. The first bug was preventing the Venafi issuer from renewing certificates when using TPP has been fixed. You should no longer see your certificates getting stuck with `WebSDK CertRequest Module Requested Certificate` or `This certificate cannot be processed while it is in an error state. Fix any errors, and then click Retry.`. The second bug that was fixed prevented the use of `algorithm: Ed25519` in Certificate resources with VaaS. ([#5674](https://togithub.com/cert-manager/cert-manager/issues/5674), [@maelvls](https://togithub.com/maelvls)) - Upgrade `golang/x/net` to fix CVE-2022-41717 ([#5632](https://togithub.com/cert-manager/cert-manager/issues/5632), [@SgtCoDFish](https://togithub.com/SgtCoDFish)) - Bug fix: When using feature gates with the helm chart, enable feature gate flags on webhook as well as controller ([#5584](https://togithub.com/cert-manager/cert-manager/issues/5584), [@lvyanru8200](https://togithub.com/lvyanru8200)) - Fix `golang.org/x/text` vulnerability ([#5562](https://togithub.com/cert-manager/cert-manager/issues/5562), [@SgtCoDFish](https://togithub.com/SgtCoDFish)) - Fixes a bug that caused the Vault issuer to omit the Vault namespace in requests to the Vault API. ([#5591](https://togithub.com/cert-manager/cert-manager/issues/5591), [@wallrj](https://togithub.com/wallrj)) - The Venafi Issuer now supports TLS 1.2 renegotiation, so that it can connect to TPP servers where the vedauth API endpoints are configured to *accept* client certificates. (Note: This does not mean that the Venafi Issuer supports client certificate authentication). ([#5568](https://togithub.com/cert-manager/cert-manager/issues/5568), [@wallrj](https://togithub.com/wallrj)) - Upgrade to go 1.19.4 to fix CVE-2022-41717 ([#5619](https://togithub.com/cert-manager/cert-manager/issues/5619), [@SgtCoDFish](https://togithub.com/SgtCoDFish)) - Upgrade to latest go minor release ([#5559](https://togithub.com/cert-manager/cert-manager/issues/5559), [@SgtCoDFish](https://togithub.com/SgtCoDFish)) - Ensure `extraArgs` in Helm takes precedence over the new acmesolver image options ([#5702](https://togithub.com/cert-manager/cert-manager/issues/5702), [@SgtCoDFish](https://togithub.com/SgtCoDFish)) - Fix cainjector's --namespace flag. Users who want to prevent cainjector from reading all Secrets and Certificates in all namespaces (i.e to prevent excessive memory consumption) can now scope it to a single namespace using the --namespace flag. A cainjector that is only used as part of cert-manager installation only needs access to the cert-manager installation namespace. ([#5694](https://togithub.com/cert-manager/cert-manager/issues/5694), [@irbekrm](https://togithub.com/irbekrm)) - Fixes a bug where cert-manager controller was caching all Secrets twice ([#5691](https://togithub.com/cert-manager/cert-manager/issues/5691), [@irbekrm](https://togithub.com/irbekrm)) ##### Other - `certificate.spec.secretName` Secrets will now be labelled with the `controller.cert-manager.io/fao` label ([#5703](https://togithub.com/cert-manager/cert-manager/issues/5703), [@irbekrm](https://togithub.com/irbekrm)) - Upgrade to go 1.19.5 ([#5714](https://togithub.com/cert-manager/cert-manager/issues/5714), [@yanggangtony](https://togithub.com/yanggangtony)) ### [`v1.10.2`](https://togithub.com/cert-manager/cert-manager/releases/tag/v1.10.2) [Compare Source](https://togithub.com/cert-manager/cert-manager/compare/v1.10.1...v1.10.2) cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters. v1.10.2 is primarily a performance enhancement release which might reduce memory consumption by up to 50% in some cases thanks to some brilliant work by [@irbekrm](https://togithub.com/irbekrm)! :tada: It also patches several vulnerabilities reported by scanners and updates the base images used for cert-manager containers. In addition, it removes a potentially confusing log line which had been introduced in v1.10.0 which implied that an error had occurred when using external issuers even though there'd been no error. ##### Changes since `v1.10.1` ##### Feature - Enable support for Kubernetes 1.26 in tests ([#5647](https://togithub.com/cert-manager/cert-manager/issues/5647), [@SgtCoDFish](https://togithub.com/SgtCoDFish)) ##### Bug or Regression - Fixes a bug where the cert-manager controller was caching all Secrets twice ([#5704](https://togithub.com/cert-manager/cert-manager/issues/5704), [@irbekrm](https://togithub.com/irbekrm)) - Bump helm version to fix CVE-2022-23525 ([#5676](https://togithub.com/cert-manager/cert-manager/issues/5676), [@SgtCoDFish](https://togithub.com/SgtCoDFish)) - Don't log errors relating to selfsigned issuer checks for external issuers ([#5687](https://togithub.com/cert-manager/cert-manager/issues/5687), [@SgtCoDFish](https://togithub.com/SgtCoDFish)) - Fix `golang.org/x/text` vulnerability ([#5592](https://togithub.com/cert-manager/cert-manager/issues/5592), [@SgtCoDfish](https://togithub.com/SgtCoDfish)) - Upgrade golang/x/net to fix CVE-2022-41717 ([#5635](https://togithub.com/cert-manager/cert-manager/issues/5635), [@SgtCoDFish](https://togithub.com/SgtCoDFish)) - Upgrade to go 1.19.4 to fix CVE-2022-41717 ([#5620](https://togithub.com/cert-manager/cert-manager/issues/5620), [@SgtCoDfish](https://togithub.com/SgtCoDfish)) - Use manually specified tmpdir template when verifying CRDs ([#5682](https://togithub.com/cert-manager/cert-manager/issues/5682), [@SgtCoDFish](https://togithub.com/SgtCoDFish)) ##### Other (Cleanup or Flake) - Bump distroless base images to latest versions ([#5677](https://togithub.com/cert-manager/cert-manager/issues/5677), [@SgtCoDFish](https://togithub.com/SgtCoDFish))external-secrets/external-secrets
### [`v0.7.2`](https://togithub.com/external-secrets/external-secrets/releases/tag/v0.7.2) [Compare Source](https://togithub.com/external-secrets/external-secrets/compare/v0.7.1...v0.7.2) Image: `ghcr.io/external-secrets/external-secrets:v0.7.2` Image: `ghcr.io/external-secrets/external-secrets:v0.7.2-ubi` Image: `ghcr.io/external-secrets/external-secrets:v0.7.2-ubi-boringssl` #### Changes - :sparkles: Implements Deletion policy for Hashicorp vault. ([#1879](https://togithub.com/external-secrets/external-secrets/issues/1879)) - :sparkles: AWS Role Chaining ([#1855](https://togithub.com/external-secrets/external-secrets/issues/1855)) - :sparkles: feat: referent auth for gcp ([#1887](https://togithub.com/external-secrets/external-secrets/issues/1887)) - :sparkles: aws secretsmanager/parameterstore referent auth ([#1884](https://togithub.com/external-secrets/external-secrets/issues/1884)) - :sparkles: Adds Keyvault PushSecret ([#1883](https://togithub.com/external-secrets/external-secrets/issues/1883)) - :sparkles: implement azure referent auth ([#1886](https://togithub.com/external-secrets/external-secrets/issues/1886)) - :bug: Fixes vault PushSecret logic ([#1866](https://togithub.com/external-secrets/external-secrets/issues/1866)) - :bug: fix: explicitly use new kubectl gcp auth ([#1904](https://togithub.com/external-secrets/external-secrets/issues/1904)) - :bug: GCP: prevent goroutine leak on workload identity reconciliation ([#1902](https://togithub.com/external-secrets/external-secrets/issues/1902)) - :books: Fixing links and adding stability support for 0.7.x ([#1863](https://togithub.com/external-secrets/external-secrets/issues/1863)) - :books: fix: typo ([#1894](https://togithub.com/external-secrets/external-secrets/issues/1894)) - :books: Update 1password-automation.md ([#1895](https://togithub.com/external-secrets/external-secrets/issues/1895)) - :books: New blog post added to Docs ([#1909](https://togithub.com/external-secrets/external-secrets/issues/1909)) - :broom: Several bumps ### [`v0.7.1`](https://togithub.com/external-secrets/external-secrets/releases/tag/v0.7.1) [Compare Source](https://togithub.com/external-secrets/external-secrets/compare/v0.7.0...v0.7.1) Image: `ghcr.io/external-secrets/external-secrets:v0.7.1` Image: `ghcr.io/external-secrets/external-secrets:v0.7.1-ubi` Image: `ghcr.io/external-secrets/external-secrets:v0.7.1-ubi-boringssl` #### Changes - :bug: fixing docs release ([#1799](https://togithub.com/external-secrets/external-secrets/issues/1799)) - 🧹chore:bump 0.7.0 ([#1800](https://togithub.com/external-secrets/external-secrets/issues/1800)) - 🧹chore(deps): bump actions/setup-python from 4.3.0 to 4.3.1 ([#1802](https://togithub.com/external-secrets/external-secrets/issues/1802)) - 🧹chore(deps): bump golang from 1.19.3-alpine to 1.19.4-alpine ([#1801](https://togithub.com/external-secrets/external-secrets/issues/1801)) - :broom: chore: bumps ([#1807](https://togithub.com/external-secrets/external-secrets/issues/1807)) - Add flag to set CRD names in cert controller ([#1811](https://togithub.com/external-secrets/external-secrets/issues/1811)) - \[FEATURE] Customizable encoding of logging timestamp ([#1808](https://togithub.com/external-secrets/external-secrets/issues/1808)) - Add note on required Service Account roles. ([#1814](https://togithub.com/external-secrets/external-secrets/issues/1814)) - fix: add status checks permission ([#1813](https://togithub.com/external-secrets/external-secrets/issues/1813)) - fix: replace bad URLs ([#1815](https://togithub.com/external-secrets/external-secrets/issues/1815)) - Add license scan report and status ([#1818](https://togithub.com/external-secrets/external-secrets/issues/1818)) - Fix typo ([#1826](https://togithub.com/external-secrets/external-secrets/issues/1826)) - feat: add fossa check ([#1819](https://togithub.com/external-secrets/external-secrets/issues/1819)) - chore: bumps ([#1852](https://togithub.com/external-secrets/external-secrets/issues/1852)) - :sparkles: Templates from string ([#1748](https://togithub.com/external-secrets/external-secrets/issues/1748)) - chore: bump golang-jwt ([#1858](https://togithub.com/external-secrets/external-secrets/issues/1858)) - feat: add ability to set automount to false ([#1859](https://togithub.com/external-secrets/external-secrets/issues/1859)) - :bug: gitlab: Fallback to wildcard variables and use pagination (bugfix) ([#1838](https://togithub.com/external-secrets/external-secrets/issues/1838)) - :bug: Use the right metrics annotations for the webhook service ([#1841](https://togithub.com/external-secrets/external-secrets/issues/1841)) - :broom: chore(deps): Bump github.com/aws/aws-sdk-go from 1.44.171 to 1.44.172 ([#1857](https://togithub.com/external-secrets/external-secrets/issues/1857))Configuration
📅 Schedule: Branch creation - "before 3am on Monday" in timezone Europe/Berlin, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR has been generated by Mend Renovate. View repository job log here.