v3.1.1

[3.1.1] - 2023-08-23

Security

• Upgrade Ruby base image version to 3.3-rc-slim
  cyberark/conjur-puppet#259
• Upgrade PDK and Ruby base image version to 3.2.2
  cyberark/conjur-puppet#256
• Upgrade PDK and Ruby base image version
  cyberark/conjur-puppet#253

v3.1.0

v3.1.0 - 2020-10-08

Added

• Module now fully supports the use of cert_file parameter, which accepts the path to the PEM-encoded
  x509 CA certificate chain for Conjur. Users can supply the module with certificate path in cert_file OR
  with certificate contents in ssl_certificate.
  cyberark/conjur-puppet#105

Changed

• Conjur server errors now have better descriptions.
  cyberark/conjur-puppet#241
• If authn_api_key is not wrapped in Sensitive class, we now raise a descriptive
  error as to why we cannot proceed.
  cyberark/conjur-puppet#232
• Warnings are now logged whenever this module attempts to use a non-HTTPS endpoint.
  cyberark/conjur-puppet#144

v3.0.0

v3.0.0 - 2020-09-17

Added

• Secrets are now retrieved by the Puppet agent, instead of the server, using Puppet's
  deferred function feature.
  This aligns with Puppet's documented best practices.
  cyberark/conjur-puppet#13
• Module now follows Puppet development best practices and uses
  PDK for linting, unit tests, and publishing.
  cyberark/conjur-puppet#64

Changed

• conjur::secret now must be used as a Deferred function. Method signature has
  changed as well, including providing of optional parameters as a Hash.
  cyberark/conjur-puppet#13
  cyberark/conjur-puppet#184
• When Conjur configuration cannot be resolved on the agent, we now log a warning
  that this is potentially a result of misconfiguration.
  cyberark/conjur-puppet#125
• This module now logs a warning if no certificates are parsed from the provided certificate
  string.
  cyberark/conjur-puppet#115

Fixed

• Account names with special characters that require encoding (eg. +, , etc) are
  now properly escaped when variables are fetched from Conjur / DAP within the
  conjur::secret function.
  cyberark/conjur-puppet#170

Removed

• Support for using the Conjur Puppet module with Conjur Enterprise v4.
  cyberark/conjur-puppet#66
• Support for using this module with Puppet v5.
  cyberark/conjur-puppet#104
• Support for using host factory tokens, conjur class, cert_file parameter, and using
  server-side conjur class to pre-populate on-agent info.
  cyberark/conjur-puppet#104

v3.0.0-rc3

v3.0.0-rc3 - 2020-09-11

Fixed

• Release artifact excludes files that may be inadvertently added to the archive during builds. cyberark/conjur-puppet#213

---

This release also includes the following changes since v2.0.6 version:

Added

• Secrets are now retrieved by the Puppet agent, instead of the server, using Puppet's deferred function feature. This aligns with Puppet's documented best practices. cyberark/conjur-puppet#13
• Module now follows Puppet development best practices and uses PDK for linting, unit tests, and publishing. cyberark/conjur-puppet#64

Changed

• conjur::secret now must be used as a Deferred function. Method signature has changed as well, including providing of optional parameters as a Hash. cyberark/conjur-puppet#13 cyberark/conjur-puppet#184
• When Conjur configuration cannot be resolved on the agent, we now log a warning that this is potentially a result of misconfiguration. cyberark/conjur-puppet#125
• This module now logs a warning if no certificates are parsed from the provided certificate string. cyberark/conjur-puppet#115

Fixed

• Account names with special characters that require encoding (eg. +, , etc) are now properly escaped when variables are fetched from Conjur / DAP within the conjur::secret function. cyberark/conjur-puppet#170

Removed

• Support for using the Conjur Puppet module with Conjur Enterprise v4. cyberark/conjur-puppet#66
• Support for using this module with Puppet v5. cyberark/conjur-puppet#104
• Support for using host factory tokens, conjur class, cert_file parameter, and using server-side conjur class to pre-populate on-agent info. cyberark/conjur-puppet#104

v3.0.0-rc1

v3.0.0-rc1 - 2020-08-25

Added

• Support for using Deferred secrets fetching via conjur::secret.
  cyberark/conjur-puppet#13.
• Support for PDK-based testing and releasing.
  cyberark/conjur-puppet#64.

Changed

• conjur::secret now must be used as a Deferred function. Method signature has
  changed as well. cyberark/conjur-puppet#13.
• conjur::secret Optional parameters now use a Hash instead of positional parameters.
  cyberark/conjur-puppet#184.

Removed

• Support for using the Conjur Puppet module with Conjur Enterprise v4 is removed
  cyberark/conjur-puppet#66.
• Support for using this module with Puppet v5.
  cyberark/conjur-puppet#104.
• Support for using host factory tokens, conjur class, cert_file parameter, and using
  server-side conjur class to pre-populate on-agent info.
  cyberark/conjur-puppet#104.

v2.0.6

v2.0.6 - 2020-08-10

Deprecated

• Support for using the Conjur Puppet module with Puppet v5 is now deprecated. Support will be removed in the next major release. cyberark/conjur-puppet#180
• Support for configuring this module to exchange host factory tokens for Conjur host identities and API keys is now deprecated. You may still configure your systems to create a host using host factory, however, as long as you provide this module with the Conjur host identity and API key.
  cyberark/conjur-puppet#180

v2.0.5

v2.0.5 - 2020-07-28

Added

• Preliminary support for Puppet 6 with Linux agents, now including Ubuntu 18.04
  and 20.04, Debian 9 and 10, and Alpine 3.9.
  Epic cyberark/conjur-puppet#20

Deprecated

• Support for using the Conjur Puppet module with Conjur Enterprise v4 is now
  deprecated. Support will be removed in the next major release. The conjurize
  method of providing the Conjur Puppet module with its Conjur identity will
  also no longer be supported as of the next version.
• Support for using the Conjur Puppet module with Windows Server 2008
  or Debian 7 agents, since both
  operating systems have now reached end of life.

v2.0.4

Change log

Added

• Preliminary support for Puppet 6 with Windows agents (Server 2012 R2,
  Server 2016, Server 2019).
  Epic cyberark/conjur-puppet#20
• Support for using cert_file in the conjur class or CertFile in Windows
  Registry on Windows as an alternative to using the existing ssl_certificate
  parameter.
  cyberark/conjur-puppet#113

Changed

• Updated README to clarify configuration instructions.
  cyberark/conjur-puppet#128,
  PR cyberark/conjur-puppet#111,
  cyberark/conjur-puppet#98,
  cyberark/conjur-puppet#97,
  PR cyberark/conjur-puppet#108

Fixed

• Module no longer returns internal server errors when decrypting tokens
  when used with Puppet 6.
  cyberark/conjur-puppet#91
• Module no longer relies on Puppet 6-incompatible methods for retrieving
  Puppet CA chains.
  cyberark/conjur-puppet#44
• Module no longer reports "identity not found" on subsequent runs for nodes
  running with HFT-created identities, and is updated with improved logging
  for Windows-based configuration and credential fetching.
  cyberark/conjur-puppet#47
• Module no longer fails on the first run when using Conjur Host Factory tokens
  with Hiera.
  cyberark/conjur-puppet#112

v2.0.3

v2.0.3 - 2020-05-10

Changed

• We now encode the variable id before retrieving it from Conjur v5.
  Spaces are encoded into "%20" and slashes into "%2F"
  (cyberark/conjur-puppet#72)

v2.0.2

Change log

• Update support contact info in README