Skip to content

chore(deps): Update Terraform Providers#157

Closed
red-hat-konflux[bot] wants to merge 2 commits into
mainfrom
konflux/mintmaker/main/tf-providers
Closed

chore(deps): Update Terraform Providers#157
red-hat-konflux[bot] wants to merge 2 commits into
mainfrom
konflux/mintmaker/main/tf-providers

Conversation

@red-hat-konflux

@red-hat-konflux red-hat-konflux Bot commented Jun 2, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Type Update Change
aws (source) required_provider minor >= 6.44.0>= 6.47.0
null (source) required_provider minor >= 3.2.4>= 3.3.0

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.


Release Notes

hashicorp/terraform-provider-aws (aws)

v6.47.0

Compare Source

FEATURES:

  • New List Resource: aws_bedrockagentcore_online_evaluation_config (#​47209)
  • New List Resource: aws_bedrockagentcore_policy_engine (#​47108)
  • New List Resource: aws_bedrockagentcore_resource_policy (#​46844)
  • New List Resource: aws_s3control_multi_region_access_point (#​48081)
  • New List Resource: aws_s3control_multi_region_access_point_routes (#​48081)
  • New Resource: aws_bedrockagentcore_online_evaluation_config (#​47209)
  • New Resource: aws_bedrockagentcore_policy_engine (#​47108)
  • New Resource: aws_bedrockagentcore_resource_policy (#​46844)
  • New Resource: aws_s3control_multi_region_access_point_routes (#​47994)

ENHANCEMENTS:

  • data-source/aws_arn: Deprecates id in favor of arn (#​48036)
  • data-source/aws_default_tags: Deprecates id (#​48036)
  • data-source/aws_ip_ranges: Deprecates id (#​48036)
  • data-source/aws_partition: Deprecates id in favor of partition (#​48036)
  • data-source/aws_region: Deprecates id in favor of region (#​48036)
  • data-source/aws_regions: Deprecates id (#​48036)
  • data-source/aws_route: Add odb_network_arn attribute (#​48027)
  • data-source/aws_route_table: Add routes.odb_network_arn attribute (#​48027)
  • data-source/aws_secretsmanager_secret_version: Deprecates arn in favor of secret_arn. (#​48011)
  • data-source/aws_secretsmanager_secret_versions: Deprecates arn in favor of secret_arn. (#​48033)
  • data-source/aws_secretsmanager_secret_versions: Deprecates name in favor of secret_name. (#​48033)
  • data-source/aws_service: Deprecates id in favor of reverse_dns_name (#​48036)
  • data-source/aws_transfer_server: Add ip_address_type attribute (#​48039)
  • resource/aws_acm_certificate: Add private_key_wo write-only argument and private_key_wo_version argument (#​44414)
  • resource/aws_arcregionswitch_plan: Add step.rds_promote_read_replica_config, step.rds_create_cross_region_read_replica_config, and report_configuration arguments (#​46965)
  • resource/aws_eks_cluster: Add CGNAT IP address ranges as valid private range (#​47988)
  • resource/aws_eks_cluster: Make remote_node_networks field in remote_network_config optional (#​47988)
  • resource/aws_eks_cluster: Remove conflict between outpost_config and remote_network_config (#​47988)
  • resource/aws_msk_replicator: Add support for log_delivery configuration block (#​48054)
  • resource/aws_quicksight_data_source: Add parameters.athena.role_arn argument to allow override an account-wide role for a specific Athena data source (#​44666)
  • resource/aws_route: Add odb_network_arn argument (#​48027)
  • resource/aws_route: Add plan-time validation of core_network_arn (#​48027)
  • resource/aws_route_table: Add route.odb_network_arn argument (#​48027)
  • resource/aws_route_table: Add plan-time validation of route.core_network_arn (#​48027)
  • resource/aws_s3control_multi_region_access_point: Add resource identity support (#​48081)
  • resource/aws_secretsmanager_secret_version: Deprecates arn in favor of secret_arn. (#​48011)
  • resource/aws_ssm_resource_data_sync: Add s3_destination.destination_data_sharing argument (#​21996)
  • resource/aws_transfer_server: Add ip_address_type argument (#​48039)

BUG FIXES:

  • data-source/aws_secretsmanager_secret_versions: Polulates versions.*.last_accessed_date. (#​48033)
  • provider: Fix lifecycle.ignore_changes for individual tags elements being bypassed when another tag in the same map is updated to an empty string, to avoid overwriting any out-of-band changes the lifecycle block was meant to preserve. (#​48008)
  • resource/aws_dynamodb_table: Ensure diffs are shown for GSI hash key type changes (#​47867)
  • resource/aws_eks_cluster: Change securityGroupIds logic in flattenVPCConfigResponse() for Outpost clusters (#​47988)
  • resource/aws_instance: Fix lifecycle.ignore_changes for individual tags elements being bypassed when another tag in the same map is updated to an empty string, to avoid overwriting any out-of-band changes the lifecycle block was meant to preserve. (#​48008)
  • resource/aws_lb: Fix Provider produced inconsistent final plan errors and force resource recreation for Network Load Balancers when no security groups were initially configured and updated security groups are unknown at plan-time (#​46695)
  • resource/aws_msk_replicator: Mark replication_info_list.consumer_group_replication.consumer_groups_to_exclude as Computed (#​48054)
  • resource/aws_msk_replicator: Mark replication_info_list.topic_replication.topics_to_exclude as Computed (#​48054)

v6.46.0

Compare Source

NOTES:

  • resource/aws_xray_resource_policy: Changes to policy_name now force resource recreation. Technically this is a breaking change but the resource did not function correctly previously; updating policy_name would leave an orphaned policy with the old name in AWS (#​47948)

FEATURES:

  • New List Resource: aws_bedrockagentcore_harness (#​47725)
  • New List Resource: aws_iam_access_key (#​47966)
  • New List Resource: aws_observabilityadmin_telemetry_rule_for_organization (#​47920)
  • New List Resource: aws_route53_vpc_association_authorization (#​47905)
  • New List Resource: aws_route53_zone_association (#​47950)
  • New List Resource: aws_securityhub_automation_rule_v2 (#​47677)
  • New Resource: aws_bedrockagentcore_harness (#​47725)
  • New Resource: aws_observabilityadmin_telemetry_rule_for_organization (#​47920)
  • New Resource: aws_securityhub_automation_rule_v2 (#​47677)
  • New Resource: aws_xray_indexing_rule (#​47975)
  • New Resource: aws_xray_trace_segment_destination (#​47961)

ENHANCEMENTS:

  • data-source/aws_ec2_local_gateway_virtual_interface: Add outpost_lag_id and local_gateway_virtual_interface_group_id attributes (#​47974)
  • data-source/aws_opensearch_domain: Add jwt_options block to fix "Invalid address to set" error (#​47874)
  • resource/aws_bedrockagent_agent: Increase maximum value of idle_session_ttl_in_seconds from 3600 to 5400 to match the AWS API limit (#​47890)
  • resource/aws_bedrockagentcore_agent_runtime: Add filesystem_configuration argument for mounting session storage, Amazon S3 Files access points, or Amazon EFS access points into the agent runtime (#​47810)
  • resource/aws_cloudfront_distribution: Add cache_tag_config configuration block (#​47872)
  • resource/aws_iam_access_key: Add resource identity support (#​47966)
  • resource/aws_route53_vpc_association_authorization: Add resource identity support (#​47905)
  • resource/aws_route53_zone_association: Add resource identity support (#​47950)
  • resource/aws_vpclattice_resource_gateway: Add resource_config_dns_resolution argument (#​47879)
  • resource/aws_xray_resource_policy: Add Resource Identity support (#​47948)
  • resource/aws_xray_sampling_rule: Add Resource Identity support (#​47948)

BUG FIXES:

  • resource/aws_s3_bucket: Defer to the corresponding dedicated standalone resource for each deprecated nested attribute (acceleration_status, acl, cors_rule, grant, lifecycle_rule, logging, object_lock_configuration, policy, replication_configuration, request_payer, server_side_encryption_configuration, versioning, website) when the attribute is not set in configuration, preventing similar fights between the bucket resource and its standalone counterparts (#​47962)
  • resource/aws_s3_bucket: Fix InvalidRequest: SourceSelectionCriteria cannot be empty errors on unrelated updates (e.g. tags) when replication is managed by the dedicated aws_s3_bucket_replication_configuration resource using replica_modifications (#​47962)
  • resource/aws_xray_resource_policy: Fix Provider returned invalid result object after apply errors on Update (#​47948)
  • resource/aws_xray_resource_policy: Mark policy_name as as ForceNew (#​47948)

v6.45.0

Compare Source

FEATURES:

  • New List Resource: aws_observabilityadmin_telemetry_rule (#​47857)
  • New List Resource: aws_securityhub_connector_v2 (#​47678)
  • New Resource: aws_observabilityadmin_telemetry_evaluation (#​47799)
  • New Resource: aws_observabilityadmin_telemetry_evaluation_for_organization (#​47808)
  • New Resource: aws_observabilityadmin_telemetry_rule (#​47857)
  • New Resource: aws_securityhub_aggregator_v2 (#​47651)
  • New Resource: aws_securityhub_connector_v2 (#​47678)

ENHANCEMENTS:

  • resource/aws_lambda_function: Add support for ruby4.0 as a runtime value (#​47841)
  • resource/aws_lambda_function: Support mounting Amazon S3 buckets as file systems with S3 Files (#​47838)
  • resource/aws_lambda_layer_version: Add support for ruby4.0 as a compatible_runtimes value (#​47841)
  • resource/aws_secretsmanager_secret_version: Allow switching from secret_string to secret_string_wo without re-creating the resource. (#​47815)
  • resource/aws_timestreaminfluxdb_db_instance: Add maintenance_schedule configuration block (#​47853)

BUG FIXES:

  • resource/aws_elasticache_cluster: Fixed by removing valkey as an engine option to keep an alignment with aws sdk CreateCacheCluster (#​45017)
  • resource/aws_elasticache_replication_group: Fix engine_version returning full patch version instead of minor version for Valkey engine (#​46109)
  • resource/aws_elasticache_replication_group: Fix engine, engine_version, and parameter_group_name changes being ignored after disassociating from a global replication group (#​46109)
  • resource/aws_grafana_workspace: Fix network_access_control regression causing ValidationException when only one of vpce_ids or prefix_list_ids is set (#​47646)
hashicorp/terraform-provider-null (null)

v3.3.0

Compare Source

ENHANCEMENTS:

  • Added linux/s390x build target for IBM Z platform support (#​494)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

To execute skipped test pipelines write comment /ok-to-test.


Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

Summary by CodeRabbit

  • Chores
    • Updated minimum required versions for Terraform providers: AWS provider to 6.47.0 and Null provider to 3.3.0.

Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
@openshift-ci

openshift-ci Bot commented Jun 2, 2026

Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: red-hat-konflux[bot]
Once this PR has been reviewed and has the lgtm label, please assign braetroutman for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci

openshift-ci Bot commented Jun 2, 2026

Copy link
Copy Markdown

Hi @red-hat-konflux[bot]. Thanks for your PR.

I'm waiting for a terraform-redhat member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@coderabbitai

coderabbitai Bot commented Jun 2, 2026

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: c0f2e1b8-b2b7-4a9d-8af8-491aa9edf42e

📥 Commits

Reviewing files that changed from the base of the PR and between 802ee75 and 2bca1a7.

📒 Files selected for processing (2)
  • README.md
  • versions.tf

Walkthrough

Provider version constraints for AWS and Null are bumped in versions.tf to require newer minimum versions, with auto-generated README documentation updated to maintain consistency across both Requirements and Providers tables.

Changes

Provider Version Constraints Update

Layer / File(s) Summary
Provider version constraint and documentation updates
versions.tf, README.md
The terraform.required_providers block increases AWS from >= 6.44.0 to >= 6.47.0 and Null from >= 3.2.4 to >= 3.3.0. The README's automated documentation tables for Requirements and Providers are synchronized to reflect these updated constraints.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~5 minutes

Possibly related PRs

Suggested labels

approved, lgtm

Suggested reviewers

  • davidleerh
  • BraeTroutman
🚥 Pre-merge checks | ✅ 4 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name Status Explanation Resolution
Description check ⚠️ Warning The description is missing critical sections from the template including PR Summary, Detailed Description, Related Issues, Type of Change, Previous/After Behavior, Testing steps, and Developer Verification Checklist. Add missing required sections from the PR description template, including explicit type classification, testing validation steps, and developer verification checklist completion.
Pr Checklist Claims Vs Evidence (Generic) ❓ Inconclusive Cannot access PR body with checklist items from git; this is stored in GitHub. Need actual PR #157 body to verify checked items. Review checked checklist items in actual PR body at GitHub PR #157.
✅ Passed checks (4 passed)
Check name Status Explanation
Title check ✅ Passed The title accurately summarizes the main change—updating Terraform provider version constraints for aws and null providers.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch konflux/mintmaker/main/tf-providers

Comment @coderabbitai help to get the list of available commands and usage tips.

Signed-off-by: terraform-redhat-bot <126015336+red-hat-[bot]@users.noreply.github.com>
@openshift-ci

openshift-ci Bot commented Jun 2, 2026

Copy link
Copy Markdown

@red-hat-konflux[bot]: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/rosa-hcp-public 2bca1a7 link true /test rosa-hcp-public
ci/prow/rosa-hcp-private 2bca1a7 link true /test rosa-hcp-private

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@red-hat-konflux

Copy link
Copy Markdown
Contributor Author

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

@amandahla

Copy link
Copy Markdown
Member

Same here, closing so Renovate can get new changes and open a new PR

@amandahla amandahla closed this Jun 9, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant