chore(deps): update terraform minor and patch dependencies

[renovate-a-roo]

Pinning Terraform dependencies prevents unexpected changes being inherited from the common terraform-modules repo.

The common terraform-modules will be updated separately in a weekly PR.

This PR contains the following updates:

Package	Type	Update	Change
aws (source)	required_provider	minor	6.33.0 -> 6.34.0
helm (source)	required_provider	minor	2.13.0 -> 2.17.0
kubernetes (source)	required_provider	minor	2.29.0 -> 2.38.0

---

Release Notes

hashicorp/terraform-provider-aws (aws)

v6.34.0

Compare Source

FEATURES:

• New List Resource: aws_ec2_secondary_network (#​46552)
• New List Resource: aws_ec2_secondary_subnet (#​46552)
• New List Resource: aws_ecr_task_definition (#​46628)
• New List Resource: aws_elb (#​46639)
• New List Resource: aws_s3_bucket_lifecycle_configuration (#​46531)
• New Resource: aws_networkmanager_prefix_list_association (#​46566)

ENHANCEMENTS:

• data-source/aws_grafana_workspace: Add kms_key_id attribute (#​46584)
• data-source/aws_memorydb_cluster: Add network_type and ip_discovery attributes (#​46636)
• resource/aws_athena_workgroup: Add configuration.query_results_s3_access_grants_configuration argument (#​46376)
• resource/aws_bedrockagentcore_api_key_credential_provider: Add tagging support (#​46591)
• resource/aws_bedrockagentcore_gateway_target: Add metadata_configuration block for HTTP header and query parameter propagation (#​45808)
• resource/aws_bedrockagentcore_oauth2_credential_provider: Add tagging support (#​46590)
• resource/aws_cloudwatch_event_connection: Add auth_parameters.connectivity_parameters argument (#​41561)
• resource/aws_ecs_service: Add service_connect_configuration.access_log_configuration argument (#​45820)
• resource/aws_ecs_service: Add resource identity support (#​46644)
• resource/aws_eip_domain_name: Add import support (#​46582)
• resource/aws_grafana_workspace: Add kms_key_id argument (#​46584)
• resource/aws_instance: Allow cpu_options.core_count, cpu_options.nested_virtualization, and cpu_options.threads_per_core to be updated in-place (#​46568)
• resource/aws_lb_target_group_attachment: Add import support (#​46646)
• resource/aws_lb_target_group_attachment: Add resource identity (#​46646)
• resource/aws_memorydb_cluster: Add network_type and ip_discovery arguments (#​46636)
• resource/aws_opensearch_domain: Add jwt_options attribute (#​46439)
• resource/aws_wafv2_web_acl_rule_group_association: Add support for managed_rule_group_configs within managed_rule_group and root-level visibility_config block for CloudWatch metrics configuration (#​44426)

BUG FIXES:

• data-source/aws_dms_endpoint: Add missing mongodb_settings.use_update_lookup attribute to fix "invalid address to set" error (#​46616)
• data-source/aws_iam_policy_document: Fix crash when statement.principals.identifiers contains a non-string value (#​46226)
• list-resource/aws_s3_object: Includes parent bucket in display name. (#​46596)
• resource/aws_autoscaling_group: Fix couldn't find resource (21 retries) errors updating load_balancers, target_group_arns, and traffic_source (#​46622)
• resource/aws_bedrockagentcore_gateway_target: Add credential_provider_configuration.oauth.default_return_url and credential_provider_configuration.oauth.grant_type arguments (#​46127)
• resource/aws_bedrockagentcore_gateway_target: Retry IAM eventual consistency errors on Create (#​46127)
• resource/aws_billing_view: Fix "inconsistent result after apply" errors caused by ordering of data_filter_expression.dimensions.values (#​46462)
• resource/aws_s3tables_table_bucket: Change encryption_configuration to Optional and Computed, fixing unexpected new value: .encryption_configuration: was null, but now cty.ObjectVal(map[string]cty.Value{"kms_key_arn":cty.NullVal(cty.String),"sse_algorithm":cty.StringVal("AES256")}) errors (#​46150)
• resource/aws_subnet: Fixed IPv6 CIDR block validation and assignment to IPAM-provisioned subnets. (#​46556)
• resource/aws_vpc_endpoint: Fix InvalidParameter: DnsOptions PrivateDnsOnlyForInboundResolverEndpoint is applicable only to Interface VPC Endpoints errors when creating S3Tables VPC endpoints (#​46102)

hashicorp/terraform-provider-helm (helm)

v2.17.0

Compare Source

ENHANCEMENT:

• resource/helm_release: the dry-run option is now set to server to execute any chart lookups against the server during the plan stage. [GH-1335]

BUG FIXES:

• resource/helm_release: fix an issue where postrender.args is not parsed correctly. [GH-1534]

v2.16.1

Compare Source

BUG FIXES:

• helm_release: Fix nil pointer deref panic on destroy when helm release is not found [GH-1501]

v2.16.0

Compare Source

BUG FIXES:

• helm_release: On destroy, do not error when release is not found [GH-1487]
• resource/helm_release: Fix: only recompute metadata when the version in the metadata changes [GH-1458]

v2.15.0

Compare Source

ENHANCEMENT:

• resource/helm_release: add upgrade_install boolean attribute to enable idempotent release installation, addressing components of GH-425 [GH-1247]

v2.14.1

Compare Source

DEPENDENCIES:

• Bump golang.org/x/crypto from v0.23.0 to v0.25.0 [GH-1399]
• Bump k8s.io/api from v0.30.0 to v0.30.3 [GH-1436]
• Bump k8s.io/apimachinery from v0.30.0 to v0.30.3 [GH-1436]
• Bump k8s.io/client-go from v0.30.0 to v0.30.3 [GH-1436]
• Bump helm.sh/helm/v3 from v3.13.2 to v3.15.3 [GH-1422]

v2.14.0

Compare Source

ENHANCEMENT:

• Add support for Terraform's experimental deferred actions [GH-1377]
• helm_release: add new attributes metadata.last_deployed, metadata.first_deployed, metadata.notes [GH-1380]

v2.13.2

Compare Source

DEPENDENCIES:

• Bump github.com/docker/docker from 24.0.7 to 24.0.9
• Bump golang.org/x/net from 0.21.0 to 0.23.0
• Bundle license file with TF provider release artifacts

v2.13.1

Compare Source

HOTFIX:

• helm_release: Fix regression causing errors at plan time.

hashicorp/terraform-provider-kubernetes (kubernetes)

v2.38.0

Compare Source

ENHANCEMENTS:

• Add ResourceIdentity support to kubernetes_manifest [GH-2737]
• Add sub_path_expr to volume mount options pod spec [GH-2622]
• Add support for ResourceIdentity to SDKv2 resources [GH-2751]

BUG FIXES:

• Fixed goroutine-safety in the CRD and metadata cache, resulting in far fewer provider metadata requests. [GH-2699]
• data_source/kubernetes_pod_v1: fix an issue when the provider cuts out toleration under pod spec(spec.toleration) if it uses a well-known taint. [GH-2380]
• data_source/kubernetes_pod: fix an issue when the provider cuts out toleration under pod spec(spec.toleration) if it uses a well-known taint. [GH-2380]
• resource/kubernetes_cron_job: fix an issue when the provider cuts out toleration under pod spec template(*.template.spec.toleration`) if it uses a well-known taint. That could lead to a perpetual diff behavior. [GH-2380]
• resource/kubernetes_cron_job_v1: fix an issue when the provider cuts out toleration under pod spec template(*.template.spec.toleration`) if it uses a well-known taint. That could lead to a perpetual diff behavior. [GH-2380]
• resource/kubernetes_daemon_set_v1: fix an issue when the provider cuts out toleration under pod spec template(*.template.spec.toleration`) if it uses a well-known taint. That could lead to a perpetual diff behavior. [GH-2380]
• resource/kubernetes_daemonset: fix an issue when the provider cuts out toleration under pod spec template(*.template.spec.toleration`) if it uses a well-known taint. That could lead to a perpetual diff behavior. [GH-2380]
• resource/kubernetes_deployment: fix an issue when the provider cuts out toleration under pod spec template(*.template.spec.toleration`) if it uses a well-known taint. That could lead to a perpetual diff behavior. [GH-2380]
• resource/kubernetes_deployment_v1: fix an issue when the provider cuts out toleration under pod spec template(*.template.spec.toleration`) if it uses a well-known taint. That could lead to a perpetual diff behavior. [GH-2380]
• resource/kubernetes_job: fix an issue when the provider cuts out toleration under pod spec template(*.template.spec.toleration`) if it uses a well-known taint. That could lead to a perpetual diff behavior. [GH-2380]
• resource/kubernetes_job_v1: fix an issue when the provider cuts out toleration under pod spec template(*.template.spec.toleration`) if it uses a well-known taint. That could lead to a perpetual diff behavior. [GH-2380]
• resource/kubernetes_replication_controller_v1: fix an issue when the provider cuts out toleration under pod spec template(*.template.spec.toleration) if it uses a well-known taint. That could lead to a perpetual diff behavior. [GH-2380]
• resource/kubernetes_replication_controller: fix an issue when the provider cuts out toleration under pod spec template(*.template.spec.toleration) if it uses a well-known taint. That could lead to a perpetual diff behavior. [GH-2380]
• resource/kubernetes_stateful_set: fix an issue when the provider cuts out toleration under pod spec template(*.template.spec.toleration`) if it uses a well-known taint. That could lead to a perpetual diff behavior. [GH-2380]
• resource/kubernetes_stateful_set_v1: fix an issue when the provider cuts out toleration under pod spec template(*.template.spec.toleration`) if it uses a well-known taint. That could lead to a perpetual diff behavior. [GH-2380]

NOTES:

• We have updated the logic of resources that use the Pod specification template, such as kubernetes_deployment_v1, kubernetes_stateful_set_v1, etc, and now the provider will keep all tolerations(spec.toleration) returned by Kubernetes. The same is applicable for the data sources kubernetes_pod_v1 and kubernetes_pod. The behavior of resources kubernetes_pod_v1 and kubernetes_pod remains unchanged, i.e. the provider will keep removing tolerations with well-known taints since they might be attached to the object by Kubernetes controller and could lead to a perpetual diff. [GH-2380]

v2.37.1

Compare Source

BUG FIXES:

• Fixes issue #​2732 where the provider would fail when used with Terraform >= v1.12.1 due to missing GetResourceIdentitySchemas implementation. [GH-2732]

v2.37.0

Compare Source

ENHANCEMENTS:

• kubernetes_config_map_v1: Add support for ResourceIdentity [GH-2721]

v2.36.0

Compare Source

ENHANCEMENTS:

• resource/kubernetes_secret_v1: Add support for write only attributes for data_wo and binary_data_wo. [GH-2692]

v2.35.1

Compare Source

BUG FIXES:

• resource/kubernetes_job_v1: revert the changes introduced in v2.34.0, where ttl_seconds_after_finished was set to 0. [GH-2650]
• resource/kubernetes_daemon_set_v1: fix issue where fields spec.strategy.rolling_update.max_surge and spec.strategy.rolling_update.max_unavailable were not being validated correctly. [GH-2653]

v2.35.0

Compare Source

FEATURES:

• resources_kubernetes_daemon_set_v1 : Added max_surge argument for to rolling_update block. [GH-2630]

v2.34.0

Compare Source

ENHANCEMENTS:

• Added conditions attribute to kubernetes_nodes data source, which will provide detailed node health and status information [GH-2612]
• Adding the kubernetes_secret_v1_data resource to the kubernetes provider. This resource will allow users to manage kubernetes secrets [GH-2604]
• Properly handle Kubernetes Jobs with ttl_seconds_after_finished = 0 to prevent unnecessary recreation. [GH-2596]

FEATURES:

• New ephemeral resource: kubernetes_certificate_signing_request_v1 [GH-2628]
• New ephemeral resource: kubernetes_token_request_v1 [GH-2628]

v2.33.0

Compare Source

ENHANCEMENTS:

• Add backoff_per_limit_index and max_failed_indexes fields in structure_job.go [GH-2421]
• Added support for namespace_selector field in PodAffinityTerm to enhance pod affinity and anti-affinity rules, allowing selection of namespaces based on label selectors. [GH-2577]
• kubernetes_manifest - handling "404 Not Found" errors during the deletion of Kubernetes resources, particularly in cases where the resource may have already been deleted by an operator managing the CRD before Terraform attempts to delete it. [GH-2592]
• schema_container.go: Add VolumeDevices [GH-2573]

v2.32.0

Compare Source

FEATURES:

• New data source: kubernetes_server_version [GH-2306]

ENHANCEMENTS:

• resource/kubernetes_certificate_signing_request_v1: Add argument spec.expiration_seconds [GH-2559]
• resource/kubernetes_persistent_volume_v1: support ReadWriteOncePod access mode for PVs [GH-2488]

v2.31.0

Compare Source

ENHANCEMENTS:

• Add support for Terraform's experimental deferred actions [GH-2510]

v2.30.0

Compare Source

BUG FIXES:

• data_source/kubernetes_resources: fix an issue where the provider exit with an error when the data source kubernetes_resources receives multiple Kubernetes objects containing tuples with different numbers of elements. [GH-2372]
• kubernetes_manifest: fix issue preventing KUBE_PROXY_URL environment variable from being used in client configuration (#​1733) [GH-2485]
• resource/kubernetes_node_taint: Fix the error check for nonexistant nodes so that terraform does not fail if there is a taint in the state file for a node that has been deleted. [GH-2402]

DOCS:

• Migrate legacy structure to new tfplugindocs template structure [GH-2470]

---

Configuration

📅 Schedule: Branch creation - At 12:00 AM through 04:59 AM and 10:00 PM through 11:59 PM, Monday through Friday ( * 0-4,22-23 * * 1-5 ), Only on Sunday and Saturday ( * * * * 0,6 ) in timezone Europe/London, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.