Skip to content

chore(deps): Update Terraform Providers to >= 6.52.0#175

Open
red-hat-konflux[bot] wants to merge 2 commits into
mainfrom
konflux/mintmaker/main/tf-providers
Open

chore(deps): Update Terraform Providers to >= 6.52.0#175
red-hat-konflux[bot] wants to merge 2 commits into
mainfrom
konflux/mintmaker/main/tf-providers

Conversation

@red-hat-konflux

@red-hat-konflux red-hat-konflux Bot commented Jun 27, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Type Update Change
aws (source) required_provider minor >= 6.51.0>= 6.52.0

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.


Release Notes

hashicorp/terraform-provider-aws (aws)

v6.52.0

Compare Source

NOTES:

  • resource/aws_lakeformation_permissions: Grants on aws_glue_catalog_table views (table_type = "VIRTUAL_VIEW") are now preserved when the view's view_definition is updated, as the underlying table is updated in place rather than recreated (#​48532)
  • resource/aws_serverlessapplicationrepository_cloudformation_stack: Existing affected resources whose state still contains **** for NoEcho parameters or is missing default-matching parameters keys require a one-time manual reconciliation after upgrading. To recover: (1) add lifecycle { ignore_changes = [parameters] } temporarily, (2) pull state with terraform state pull, (3) correct the affected parameters values and increment serial, (4) push state back with terraform state push, (5) remove the ignore_changes block, and (6) confirm with terraform plan. For non-sensitive parameters you can instead temporarily set the parameter to a non-default value, apply, revert, and apply again (#​46748)
  • resource/aws_serverlessapplicationrepository_cloudformation_stack: NoEcho parameter values are now persisted in Terraform state in plaintext rather than as ****. This is consistent with how Terraform stores other sensitive inputs (for example, aws_db_instance.password). Ensure your state backend is appropriately secured (#​46748)

FEATURES:

  • New Data Source: aws_s3_bucket_notification (#​31512)
  • New List Resource: aws_appautoscaling_target (#​48449)
  • New List Resource: aws_bedrockagentcore_registry (#​48314)
  • New List Resource: aws_dynamodb_table_item (#​48520)
  • New Resource: aws_bedrockagentcore_registry (#​48314)

ENHANCEMENTS:

  • data-source/aws_eks_cluster: Add control_plane_egress_mode attribute to vpc_config block (#​48497)
  • provider: Generated names are now created using a cryptographically strong random generator instead of a timestamp and counter, so values are more uniformly distributed over the lowercase hexadecimal digit characters (#​47995)
  • resource/aws_appautoscaling_target: Add resource identity support (#​48449)
  • resource/aws_cloudwatch_log_account_policy: Add Resource Identity support (#​48502)
  • resource/aws_cloudwatch_log_anomaly_detector: Add Resource Identity support (#​48502)
  • resource/aws_cloudwatch_log_data_protection_policy: Add Resource Identity support (#​48502)
  • resource/aws_cloudwatch_log_delivery: Add Resource Identity support (#​48502)
  • resource/aws_cloudwatch_log_delivery_destination: Add Resource Identity support (#​48502)
  • resource/aws_cloudwatch_log_delivery_destination_policy: Add Resource Identity support (#​48502)
  • resource/aws_cloudwatch_log_delivery_source: Add Resource Identity support (#​48502)
  • resource/aws_cloudwatch_log_destination: Add Resource Identity support (#​48502)
  • resource/aws_cloudwatch_log_destination_policy: Add Resource Identity support (#​48502)
  • resource/aws_cloudwatch_log_index_policy: Add Resource Identity support (#​48502)
  • resource/aws_cloudwatch_log_resource_policy: Add Resource Identity support (#​48502)
  • resource/aws_cloudwatch_log_stream: Add Resource Identity support (#​48502)
  • resource/aws_cloudwatch_query_definition: Add Resource Identity support (#​48502)
  • resource/aws_cloudwatch_query_definition: Add arn attribute (#​48502)
  • resource/aws_default_network_acl: Prevents error on creation when tag-based authorization in use. (#​44798)
  • resource/aws_dynamodb_table_item: Add Resource Identity support (#​48520)
  • resource/aws_dynamodb_table_item: Add import support (#​48520)
  • resource/aws_eks_cluster: Add control_plane_egress_mode argument to vpc_config block (#​48497)
  • resource/aws_mq_broker: Known endpoints in instances.0.endpoints are now returned in a deterministic order based on protocol prefix and port, including the new https://...:16001 Prometheus metrics endpoint introduced in RabbitMQ 4.2 and later; any unrecognized endpoint types are appended afterward in API order (#​47777)
  • resource/aws_serverlessapplicationrepository_cloudformation_stack: Change capabilities from Required to Optional/Computed. Applications without required capabilities can now omit the argument and the value applied by AWS will be tracked in state (#​46748)

BUG FIXES:

  • provider: Fix AWS API errors such as EC2's IdempotentParameterMismatch by generating client-supplied idempotency tokens using a cryptographically strong random generator and extended alphabet (#​47995)
  • provider: Restore HTTP request and response body content in TF_LOG=DEBUG output for resources, data sources, and list resources. Redaction continues to apply to ephemeral resources and actions (#​48463)
  • resource/aws_cloudwatch_log_delivery: Add mutex lock around create, update, and delete operations to prevent ConflictException errors (#​48158)
  • resource/aws_cloudwatch_log_delivery: Fix Provided delivery configuration is invalid for the destination type errors when s3_delivery_configuration is unchanged (#​46123)
  • resource/aws_elasticache_global_replication_group: Fix persistent automatic_failover_enabled diff by reading the value from the primary member (#​47647)
  • resource/aws_elasticache_replication_group: Fix persistent automatic_failover_enabled diff on member replication groups of an aws_elasticache_global_replication_group (#​47647)
  • resource/aws_elasticache_reserved_cache_node: Fix Provider returned invalid result object after apply and subsequent too many results warning that silently removed the resource from state when id was not set in configuration (#​48462)
  • resource/aws_elasticache_serverless_cache: Fix InvalidParameterCombination: Serverless Cache modifications only support modifying one field per request error when changing multiple attributes in a single apply (#​47918)
  • resource/aws_elasticache_user: Fix user_id producing inconsistent final plan when using mixed-case values (#​47705)
  • resource/aws_elasticache_user_group: Fix user_group_id producing inconsistent final plan when using mixed-case values (#​47705)
  • resource/aws_glue_catalog_table: Allow in-place update of a VIRTUAL_VIEW table's view_definition by passing ViewUpdateAction to the Glue UpdateTable API (#​48532)
  • resource/aws_serverlessapplicationrepository_cloudformation_stack: Fix change set: unexpected state 'FAILED', wanted target 'CREATE_COMPLETE'. last error: No updates are to be performed errors on subsequent applies. Previously, parameters whose value matched the application's default were pruned from state, and NoEcho parameter values were stored as ****, both of which produced false drift (#​46748)

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

To execute skipped test pipelines write comment /ok-to-test.


Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

Summary by CodeRabbit

  • Chores
    • Updated the required AWS provider version to >= 6.52.0.
    • Aligned the generated documentation to reflect the new provider version requirement.

Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
@openshift-ci

openshift-ci Bot commented Jun 27, 2026

Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: red-hat-konflux[bot]
Once this PR has been reviewed and has the lgtm label, please assign amandahla for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci

openshift-ci Bot commented Jun 27, 2026

Copy link
Copy Markdown

Hi @red-hat-konflux[bot]. Thanks for your PR.

I'm waiting for a terraform-redhat member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@coderabbitai

coderabbitai Bot commented Jun 27, 2026

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: dec2aa7c-eac9-4750-9773-1abdb0a3cc3b

📥 Commits

Reviewing files that changed from the base of the PR and between de80e87 and 22dd5f9.

📒 Files selected for processing (2)
  • README.md
  • versions.tf

Walkthrough

The minimum AWS Terraform provider version constraint is bumped from >= 6.51.0 to >= 6.52.0 in versions.tf, with the autogenerated README.md Requirements and Providers tables updated accordingly.

Changes

AWS Provider Version Bump

Layer / File(s) Summary
AWS provider version constraint and docs update
versions.tf, README.md
required_providers.aws minimum version updated from >= 6.51.0 to >= 6.52.0; README Requirements and Providers tables regenerated to reflect the new constraint.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

Suggested labels

approved, lgtm

Suggested reviewers

  • BraeTroutman
  • amandahla
🚥 Pre-merge checks | ✅ 5 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Description check ⚠️ Warning The description is a Renovate release-note dump and omits the required template sections for issue context, testing, related links, and change type. Rewrite the PR description using the template sections and add the problem, why, what changed, validation steps, related issues, and change type.
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly states the Terraform AWS provider bump to 6.52.0 and matches the main change.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Pr Checklist Claims Vs Evidence (Generic) ✅ Passed No checked checklist items appear in the PR body; the only checkbox is unchecked, so there are no claims to verify.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch konflux/mintmaker/main/tf-providers

Comment @coderabbitai help to get the list of available commands.

Signed-off-by: terraform-redhat-bot <126015336+red-hat-[bot]@users.noreply.github.com>
@openshift-ci

openshift-ci Bot commented Jun 27, 2026

Copy link
Copy Markdown

@red-hat-konflux[bot]: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/rosa-hcp-public 22dd5f9 link true /test rosa-hcp-public

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@red-hat-konflux

Copy link
Copy Markdown
Contributor Author

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants