bug: backwards incompatible TLS provider restriction

[matelang]

Description

After the v5 release, a TLS provider restriction has been introduced to the codebase, namely TLS provoder version ~> 3.1.
See: https://github.com/Azure/terraform-azurerm-aks/blob/5.0.0/versions.tf

Please note that there is TLS provider version 4.x already available for a while now, and there are users of this AKS module who are potentially already using AKS module v4 (even in production) with the newer TLS provider (v4). Since there is a restriction in Terraform, that the older TLS provider (v3) is not able to manage the resource managed by the newer TLS provider (v4) the Terraform workspaces in this situation are unable to run to completion (failing at initialization).

The AKS module's version 4 did not have any restrictions on the TLS provider version:
https://github.com/Azure/terraform-azurerm-aks/blob/4.16.0/versions.tf

Even if it is best practice to have version constraints, I recommend also including v4 TLS provider as an option, since there is not much change in the key resource being managed by the provider code.

Thanks.

[lonegunmanb]

@matelang Thanks for opening this issue! You're right, the restriction should be >= instead of ~>. I'll do some tests, once we're sure that v5 can work with tls 4.0 we'll release a fix version. Thanks for pointing out this issue.

[matelang]

Thanks @lonegunmanb for the ⚡ fix!

[davidkarlsen]

Could 5.1.0 be released please - so that we can get this fix?

[matelang]

@davidkarlsen in the meantime you can import the module using an https provider source instead of terraform registry:

  #    source  = "Azure/aks/azurerm"
  #    version = "5.x.y"
  # Change back after a version greater than 5.0.0 has been released
  source = "git::https://github.com/Azure/terraform-azurerm-aks.git?ref=master"