v0.2.0

Modules affected

• vault-cluster [BACKWARDS INCOMPATIBLE]
• vault-lb-fr [BACKWARDS INCOMPATIBLE]

Description

All the modules are now terraform 0.12.0 compatible. Note that this means the modules are no longer compatible with terraform 0.11 and under. Starting this release, you must use terraform 0.12.0 or greater to use this module.

All the module variables have been updated to use concrete types based on the new type system introduced in terraform 0.12.0. You can learn more about the types in the official documentation.

Note that as part of this, we switched to using null to indicate unset values when passing them through to resources. If you were previously using a 0 value ("" for strings and 0 for numbers), review the module variables.tf file to double check if the 0 value has been converted to a null.

Related links

• #44

v0.1.3

Modules affected

• vault-cluster
• run-vault
• install-vault

Description

• Allows vault-cluster to use a different project id for the base compute image
• Fixes intermittent dependency errors related to bucket policies
• vault-cluster now can optionally create its own service account to operate the cluster
• Adds examples on authenticating to Vault using GCP with both the iam and gce methods
• Adds example on auto-unsealing a vault cluster
• run-vault now supports enabling auto-unsealing and setting the necessary KMS key for it
• Fixes bug where Vault wouldn't initialize when using an external service account due to missing bucket permissions
• install-vault now supports installing vault and consul from an arbitrary URL, which allows installing Vault and Consul enterprise

Related links

#33 #34 #36 #37

v0.1.2

Modules affected

vault-cluster, run-vault

Description

The vault-cluster module now

• Allows specifying to which project vault-cluster will be deployed, by adding a project variable for each vault instance as well as a project variable for the network and firewall rules.
• Uses Regional Managed Instance Group instead of Zonal Managed Instance Group. This way, Vault nodes are spread across multiple Zones instead of being co-located in a single Zone, which means High Availability.

The run-vault module now

• Enables the Vault UI by default

Additionally the private cluster example now creates a subnetwork with internal access to the Google API so Consul can fetch information about the cluster nodes without internet access, and this repository now has tests! 🎉

Related links

#24, #25, #31

v0.1.1

#21: Add a new variable, subnetwork_name to the vault-cluster module to allow the use of non-default subnets, or subnets with custom names.

v0.1.0

#17, #19: Add support for Vault 0.10.x. This includes fixes for the helper script and an update to run-vault which now generates a config file that is compatible with Vault 0.10.x.

We also included a fix that will address warnings seen in certain output values of the vault-cluster module.

Special thanks to @madmod for contributing to this release!

v0.0.4

• #7: This module is now compatible with Terraform 0.11.x
• #15: Renamed Terraform resource with spelling typo.
• 9861a97: Update examples to use release v0.0.3 of https://github.com/hashicorp/terraform-google-consul

v0.0.3

• #4: Fix broken links. Update to the latest Consul and Vault versions.

v0.0.2

• ENHANCEMENT: Allow for custom service account email and scopes (#3)
• BUGFIX: Fixed various tags that should have been a list (#2)

Special thanks to @madmod for these updates!

v0.0.1

Initial release!