megachangelog
Feature0.29.0

Tailscale Terraform Provider v0.29.0

This release adds support for managing Tailscale Services via the tailscale_service resource and data source. It introduces new authentication features including OIDC identity token support from runtime environments and the ability to read credentials from disk. The provider has migrated to the Terraform plugin framework and tightened validation for the audience argument in federated identity configuration.

v0.29.0 of the Tailscale Terraform Provider has been released with the following changes:

  • New: Use the tailscale_service resource and tailscale_service data source to manage Tailscale Services.
  • New: Set identity_token_environment_variable_name in the provider to specify the environment variable to read an identity token from. This is useful for platforms like HCP Cloud that have well-known environment variable names for the identity token.
  • New: Obtain an OIDC identity token from the runtime environment by setting audience in the provider. This is useful for runtimes like GitHub Actions, AWS via EC2 IMDSv2 or ECS, or GCP via Metadata Server.
  • New: Read credential related provider argument values from disk by supplying paths prefixed with file:.
  • Changed: The provider has migrated from Terraform Plugin SDKv2 to the Terraform plugin framework.
  • Changed: The tailscale_federated_identity resource no longer accepts an empty string ("") for the audience argument, to match the server-side validation for it. Omit the audience argument or set it to null to let Tailscale generate the audience (recommended), or set it to a non-empty string to specify it yourself.
terraformprovideroidcauthenticationinfrastructure

Source: original entry ↗