| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: terraform | Distribution: openSUSE:Factory:zSystems |
| Version: 1.5.5 | Vendor: openSUSE |
| Release: 1.1 | Build date: Wed Aug 23 16:26:30 2023 |
| Group: System/Management | Build host: s390zp29 |
| Size: 99820698 | Source RPM: terraform-1.5.5-1.1.src.rpm |
| Packager: https://bugs.opensuse.org | |
| Url: https://www.terraform.io/ | |
| Summary: Tool for building infrastructure safely and efficiently | |
Terraform is a tool for building, changing, and versioning infrastructure safely and efficiently. Terraform can manage existing and popular service providers as well as custom in-house solutions.
MPL-2.0
* Tue Aug 15 2023 Dirk Müller <dmueller@suse.com>
- update to 1.5.5:
* terraform init: Fix crash when using invalid configuration in
backend blocks. (#33628)
* Thu Jul 27 2023 Johannes Kastl <kastl@b1-systems.de>
- update to 1.5.4:
* BUG FIXES:
- `check` blocks: Fixes crash when nested data sources are
within configuration targeted by the terraform import
command.
([#33578](https://github.com/hashicorp/terraform/issues/33578))
- `check` blocks: Check blocks now operate in line with other
checkable objects by also executing during import operations.
([#33578](https://github.com/hashicorp/terraform/issues/33578))
* Thu Jul 13 2023 Johannes Kastl <kastl@b1-systems.de>
- update to 1.5.3:
* BUG FIXES:
- core: Terraform could fail to evaluate module outputs when
they are used in a provider configuration during a destroy
operation
([#33462](https://github.com/hashicorp/terraform/pull/33462))
- backend/consul: When failing to save state, `consul CAS
failed with transaction errors` no longer shows an error
instance memory address, but an actual error message.
([#33108](https://github.com/hashicorp/terraform/pull/33108))
- plan renderer: Fixes crash when rendering the plan if a
relevant attribute contains an integer index specified as a
string.
([#33475](https://github.com/hashicorp/terraform/issues/33475))
* Thu Jun 29 2023 Johannes Kastl <kastl@b1-systems.de>
- update to 1.5.2:
* BUG FIXES:
- configs: Multiple `import` blocks with the same `id` string
no longer result in a validation error
([#33434](https://github.com/hashicorp/terraform/issues/33434))
* Wed Jun 21 2023 Johannes Kastl <kastl@b1-systems.de>
- update to 1.5.1:
* BUG FIXES:
- core: plan validation would fail for providers using nested
set attributes with computed object attribute
([#33377](https://github.com/hashicorp/terraform/issues/33377))
* Mon Jun 12 2023 Johannes Kastl <kastl@b1-systems.de>
- update to 1.5.0:
* NEW FEATURES:
- `check` blocks for validating infrastructure: Module and
configuration authors can now write independent check blocks
within their configuration to validate assertions about their
infrastructure.
- `import` blocks for importing infrastructure: Root module
authors can now use the `import` block to declare their
intent that Terraform adopt an existing resource. Import is
now a configuration-driven, plannable action, and is
processed as part of a normal plan. Running `terraform plan`
will show a summary of the resources that Terraform has
planned to import, along with any other plan changes. The
existing `terraform import` CLI command has not been
modified. This is an early version of the `import` block
feature, for which we are actively seeking user feedback to
shape future development. The `import` block currently does
not support interpolation in the `id` field, which must be a
string.
- Generating configuration for imported resources: in
conjunction with the `import` block, this feature enables
easy templating of configuration when importing existing
resources into Terraform. A new flag
`-generate-config-out=PATH` is added to `terraform plan`.
When this flag is set, Terraform will generate HCL
configuration for any resource included in an `import` block
that does not already have associated configuration, and
write it to a new file at `PATH`. Before applying, review the
generated configuration and edit it as necessary.
- Adds a new `plantimestamp` function that returns the
timestamp at plan time. This is similar to the `timestamp`
function which returns the timestamp at apply time
([#32980](https://github.com/hashicorp/terraform/pull/32980)).
- Adds a new `strcontains` function that checks whether a
given string contains a given substring.
([#33069](https://github.com/hashicorp/terraform/issues/33069))
* UPGRADE NOTES:
- On Linux (and some other non-macOS Unix platforms we don't
officially support), Terraform will now notice the `trust-ad`
option in `/etc/resolv.conf` and, if set, will set the
"authentic data" option in outgoing DNS requests in order to
better match the behavior of the GNU libc resolver.
Terraform does not pay any attention to the corresponding
option in responses, but some DNSSEC-aware recursive
resolvers return different responses when the request option
isn't set. This should therefore avoid some potential
situations where a DNS request from Terraform might get a
different response than a similar request from other software
on your system.
* ENHANCEMENTS:
- Terraform CLI's local operations mode will now attempt to
persist state snapshots to the state storage backend
periodically during the apply step, thereby reducing the
window for lost data if the Terraform process is aborted
unexpectedly.
([#32680](https://github.com/hashicorp/terraform/issues/32680))
- If Terraform CLI receives SIGINT (or its equivalent on
non-Unix platforms) during the apply step then it will
immediately try to persist the latest state snapshot to the
state storage backend, with the assumption that a graceful
shutdown request often typically followed by a hard abort
some time later if the graceful shutdown doesn't complete
fast enough.
([#32680](https://github.com/hashicorp/terraform/issues/32680))
- `pg` backend: Now supports the `PG_CONN_STR`,
`PG_SCHEMA_NAME`, `PG_SKIP_SCHEMA_CREATION`,
`PG_SKIP_TABLE_CREATION` and `PG_SKIP_INDEX_CREATION`
environment variables.
([#33045](https://github.com/hashicorp/terraform/issues/33045))
* BUG FIXES:
- `terraform init`: Fixed crash with invalid blank module
name.
([#32781](https://github.com/hashicorp/terraform/issues/32781))
- `moved` blocks: Fixed a typo in the error message that
Terraform raises when you use `-target` to exclude an object
that has been moved.
([#33149](https://github.com/hashicorp/terraform/issues/33149))
* Wed Apr 26 2023 Johannes Kastl <kastl@b1-systems.de>
- update to 1.4.6:
* BUG FIXES
- Fix bug when rendering plans that include null strings.
([#33029](https://github.com/hashicorp/terraform/issues/33029))
- Fix bug when rendering plans that include unknown values in
maps.
([#33029](https://github.com/hashicorp/terraform/issues/33029))
- Fix bug where the plan would render twice when using older
versions of TFE as a backend.
([#33018](https://github.com/hashicorp/terraform/issues/33018))
- Fix bug where sensitive and unknown metadata was not being
propagated to dynamic types while rendering plans.
([#33057](https://github.com/hashicorp/terraform/issues/33057))
- Fix bug where sensitive metadata from the schema was not
being included in the `terraform show -json` output.
([#33059](https://github.com/hashicorp/terraform/issues/33059))
- Fix bug where computed attributes were not being rendered
with the `# forces replacement` suffix.
([#33065](https://github.com/hashicorp/terraform/issues/33065))
* Thu Apr 13 2023 Johannes Kastl <kastl@b1-systems.de>
- update to 1.4.5:
* Revert change from
[[#32892](https://github.com/hashicorp/terraform/issues/32892)]
due to an upstream crash.
* Fix planned destroy value which would cause `terraform_data` to
fail when being replaced with `create_before_destroy`
([#32988](https://github.com/hashicorp/terraform/issues/32988))
* Fri Mar 31 2023 Johannes Kastl <kastl@b1-systems.de>
- update to 1.4.4:
Due to an incident while migrating build systems for the 1.4.3
release where `CGO_ENABLED=0` was not set, we are rebuilding that
version as 1.4.4 with the flag set. No other changes have been
made between 1.4.3 and 1.4.4.
* Fri Mar 31 2023 Johannes Kastl <kastl@b1-systems.de>
- update to 1.4.3:
* Prevent sensitive values in non-root module outputs from
marking the entire output as sensitive [GH-32891]
* Fix the handling of planned data source objects when storing a
failed plan [GH-32876]
* Don't fail during plan generation when targeting prevents
resources with schema changes from performing a state upgrade
[GH-32900]
* Skip planned changes in sensitive marks when the changed
attribute is discarded by the provider [GH-32892]
* Thu Mar 16 2023 Johannes Kastl <kastl@b1-systems.de>
- update to 1.4.2:
* Fix bug in which certain uses of `setproduct` caused Terraform
to crash
([#32860](https://github.com/hashicorp/terraform/issues/32860))
* Fix bug in which some provider plans were not being calculated
correctly, leading to an "invalid plan" error
([#32860](https://github.com/hashicorp/terraform/issues/32860))
* Wed Mar 15 2023 Johannes Kastl <kastl@b1-systems.de>
- update to 1.4.1:
* Enables overriding modules that have the `depends_on`
attribute set, while still preventing the `depends_on`
attribute itself from being overridden.
([#32796](https://github.com/hashicorp/terraform/issues/32796))
* `terraform providers mirror`: when a dependency lock file is
present, mirror the resolved providers versions, not the latest
available based on configuration.
([#32749](https://github.com/hashicorp/terraform/issues/32749))
* Fixed module downloads from S3 URLs when using AWS IAM roles
for service accounts (IRSA).
([#32700](https://github.com/hashicorp/terraform/issues/32700))
* hcl: Fix a crash in Terraform when attempting to apply defaults
into an incompatible type.
([#32775](https://github.com/hashicorp/terraform/issues/32775))
* Prevent panic when creating a plan which errors before the
planning process has begun.
([#32818](https://github.com/hashicorp/terraform/issues/32818))
* Fix the plan renderer skipping the "no changes" messages when
there are no-op outputs within the plan.
([#32820](https://github.com/hashicorp/terraform/issues/32820))
* Prevent panic when rendering null nested primitive values in a
state output.
([#32840](https://github.com/hashicorp/terraform/issues/32840))
* Warn when an invalid path is specified in `TF_CLI_CONFIG_FILE`
([#32846](https://github.com/hashicorp/terraform/issues/32846))
* Wed Mar 15 2023 Johannes Kastl <kastl@b1-systems.de>
- do no longer store the tarball, create it at buildtime
* Wed Mar 08 2023 Johannes Kastl <kastl@b1-systems.de>
- update to 1.4.0:
Full changelog available at
https://github.com/hashicorp/terraform/releases/tag/v1.4.0
* Wed Feb 15 2023 Johannes Kastl <kastl@b1-systems.de>
- update to 1.3.9:
* Fix crash when planning to remove already-deposed resource instances.
([#32663](https://github.com/hashicorp/terraform/issues/32663))
* Fri Feb 10 2023 Johannes Kastl <kastl@b1-systems.de>
- update to 1.3.8:
* Fixed a rare bug causing inaccurate `before_sensitive` / `after_sensitive`
annotations in JSON plan output for deeply nested structures. This was
only observed in the wild on the rancher/rancher2 provider, and resulted
in glitched display in Terraform Cloud's structured plan log view.
([#32543](https://github.com/hashicorp/terraform/issues/32543))
* A variable only referenced by an output precondition error_message may be
missing during evaluation
([#32464](https://github.com/hashicorp/terraform/issues/32464))
* Removing a NestingSingle block from configuration results in an invalid
plan ([#32463](https://github.com/hashicorp/terraform/issues/32463))
* Null module outputs could be dropped, causing evaluation errors when
referring to those module attributes
([#32583](https://github.com/hashicorp/terraform/issues/32583))
* Fix terraform crash when applying defaults into a collection with dynamic
type constraint.
([#32454](https://github.com/hashicorp/terraform/issues/32454))
* Updated to newer github.com/mitchellh/cli version, in turn bringing in
updates for several indirect dependencies with known security issues.
([#32609](https://github.com/hashicorp/terraform/issues/32609))
* Fix case where the first plan to use a new remote state could be applied
twice, corrupting the state
([#32614](https://github.com/hashicorp/terraform/issues/32614))
* Wed Jan 04 2023 Johannes Kastl <kastl@b1-systems.de>
- update to 1.3.7:
* BUG FIXES:
- Fix exact version constraint parsing for modules using prerelease
versions ([#32377](https://github.com/hashicorp/terraform/issues/32377))
- Prevent panic when a provider returns a null block value during
refresh which is used as configuration via `ignore_changes`
([#32428](https://github.com/hashicorp/terraform/issues/32428))
* Thu Dec 01 2022 Johannes Kastl <kastl@b1-systems.de>
- update to 1.3.6:
* BUG FIXES:
- Terraform could crash if an orphaned resource instance was
deleted externally and had condition checks in the configuration
(#32246)
- Module output changes were being removed and re-added to the
stored plan, impacting performance with large numbers of outputs
(#32307)
* Fri Nov 18 2022 Johannes Kastl <kastl@b1-systems.de>
- update to 1.3.5:
* BUG FIXES:
- Prevent crash while serializing the plan for an empty destroy operation (#32207)
- Allow a destroy plan to refresh instances while taking into account that some may no longer exist (#32208)
- Fix Terraform creating objects that should not exist in variables that specify default attributes in optional objects. (#32178)
- Fix several Terraform crashes that are caused by HCL creating objects that should not exist in variables that specify default attributes in optional objects within collections. (#32178)
- Fix inconsistent behaviour in empty vs null collections. (#32178)
- Prevent file uploads from creating unneeded temporary files when the payload size is known (#32206)
- Nested attributes marked sensitive by schema no longer reveal sub-attributes in the plan diff (#32004)
- Nested attributes now more consistently display when they become unknown or null values in the plan diff (#32004)
- Sensitive values are now always displayed as (sensitive value) instead of sometimes as (sensitive) [GH32004]
* Mon Nov 14 2022 Jan Kohoutek <jkohoutek@suse.com>
- update to 1.3.4:
* BUG FIXES:
- Fix invalid refresh-only plan caused by data sources being deferred to apply (#32111)
- Optimize the handling of condition checks during apply to prevent performance regressions with large numbers of instances (#32123)
- Output preconditions should not be evaluated during destroy (#32051)
- Fix crash from console when outputs contain preconditions (#32051)
- Destroy with no state would still attempt to evaluate some values (#32051)
- Prevent unnecessary evaluation and planning of resources during the pre-destroy refresh (#32051)
- AzureRM Backend: support for generic OIDC authentication via the oidc_token and oidc_token_file_path properties (#31966)
- Input and Module Variables: Convert variable types before attempting to apply default values. (#32027)
- When installing remote module packages delivered in tar format, Terraform now limits the tar header block size to 1MiB to avoid unbounded memory usage for maliciously-crafted module packages. (#32135)
- Terraform will now reject excessively-complex regular expression patterns passed to the regex, regexall, and replace functions, to avoid unbounded memory usage for maliciously-crafted patterns. This change should not affect any reasonable patterns intended for practical use. (#32135)
* Wed Oct 19 2022 Johannes Kastl <kastl@b1-systems.de>
- update to 1.3.3:
* BUG FIXES:
- Fix error when removing a resource from configuration which has according to the provider has already been deleted. (#31850)
- Fix error when setting empty collections into variables with collections of nested objects with default values. (#32033)
* Fri Oct 07 2022 Johannes Kastl <kastl@b1-systems.de>
- update to 1.3.2:
* BUG FIXES:
- Fixed a crash caused by Terraform incorrectly re-registering output value preconditions during the apply phase (rather than just reusing the already-planned checks from the plan phase). (#31890)
- Prevent errors when the provider reports that a deposed instance no longer exists (#31902)
- Using ignore_changes = all could cause persistent diffs with legacy providers (#31914)
- Fix cycles when resource dependencies cross over between independent provider configurations (#31917)
- Improve handling of missing resource instances during import (#31878)
* Fri Sep 30 2022 Johannes Kastl <kastl@b1-systems.de>
- update to 1.3.1:
* BUG FIXES:
- Fixed a crash when using objects with optional attributes and default values in collections, most visible with nested modules. (#31847)
- Prevent cycles in some situations where a provider depends on resources in the configuration which are participating in planned changes. (#31857)
- Fixed an error when attempting to destroy a configuration where resources do not exist in the state. (#31858)
- Data sources which cannot be read during will no longer prevent the state from being serialized. (#31871)
- Fixed a crash which occured when a resource with a precondition and/or a postcondition appeared inside a module with two or more instances. (#31860)
* Sun Sep 25 2022 Johannes Kastl <kastl@b1-systems.de>
- update to 1.3.0:
* NEW FEATURES:
- Optional attributes for object type constraints: When declaring an input variable whose type constraint includes an object type, you can now declare individual attributes as optional, and specify a default value to use if the caller doesn't set it. For example:
- Added functions: startswith and endswith allow you to check whether a given string has a specified prefix or suffix. (#31220)
* UPGRADE NOTES:
- terraform show -json: Output changes now include more detail about the unknown-ness of the planned value. Previously, a planned output would be marked as either fully known or partially unknown, with the after_unknown field having value false or true respectively. Now outputs correctly expose the full structure of unknownness for complex values, allowing consumers of the JSON output format to determine which values in a collection are known only after apply.
- terraform import: The -allow-missing-config has been removed, and at least an empty configuration block must exist to import a resource.
- Consumers of the JSON output format expecting on the after_unknown field to be only false or true should be updated to support the change representation described in the documentation, and as was already used for resource changes. (#31235)
- AzureRM Backend: This release concludes the deprecation cycle started in Terraform v1.1 for the azurerm backend's support of "ADAL" authentication. This backend now supports only "MSAL" (Microsoft Graph) authentication.
- This follows from Microsoft's own deprecation of Azure AD Graph, and so you must follow the migration instructions presented in that Azure documentation to adopt Microsoft Graph and then change your backend configuration to use MSAL authentication before upgrading to Terraform v1.3.
- When making requests to HTTPS servers, Terraform will now reject invalid handshakes that have duplicate extensions, as required by RFC 5246 section 7.4.1.4 and RFC 8446 section 4.2. This may cause new errors when interacting with existing buggy or misconfigured TLS servers, but should not affect correct servers.
- This only applies to requests made directly by Terraform CLI, such as provider installation and remote state storage. Terraform providers are separate programs which decide their own policy for handling of TLS handshakes.
- The following backends, which were deprecated in v1.2.3, have now been removed: artifactory, etcd, etcdv3, manta, swift. The legacy backend name azure has also been removed, because the current Azure backend is named azurerm. (#31711)
* ENHANCEMENTS:
- config: Optional attributes for object type constraints, as described under new features above. (#31154)
- config: New built-in function timecmp allows determining the ordering relationship between two timestamps while taking potentially-different UTC offsets into account. (#31687)
- config: When reporting an error message related to a function call, Terraform will now include contextual information about the signature of the function that was being called, as an aid to understanding why the call might have failed. (#31299)
- config: When reporting an error or warning message that isn't caused by values being unknown or marked as sensitive, Terraform will no longer mention any values having those characteristics in the contextual information presented alongside the error. Terraform will still return this information for the small subset of error messages that are specifically about unknown values or sensitive values being invalid in certain contexts. (#31299)
- config: moved blocks can now describe resources moving to and from modules in separate module packages. (#31556)
- terraform fmt now accepts multiple target paths, allowing formatting of several individual files at once. (#31687)
- terraform init: provider installation errors now mention which host Terraform was downloading from (#31524)
- CLI: Terraform will report more explicitly when it is proposing to delete an object due to it having moved to a resource instance that is not currently declared in the configuration. (#31695)
- CLI: When showing the progress of a remote operation running in Terraform Cloud, Terraform CLI will include information about pre-plan run tasks (#31617)
- The AzureRM Backend now only supports MSAL (and Microsoft Graph) and no longer makes use of ADAL (and Azure Active Directory Graph) for authentication (#31070)
- The COS backend now supports global acceleration. (#31425)
- provider plugin protocol: The Terraform CLI now calls PlanResourceChange for compatible providers when destroying resource instances. (#31179)
- As an implementation detail of the Terraform Cloud integration, Terraform CLI will now capture and upload the JSON integration format for state along with any newly-recorded state snapshots, which then in turn allows Terraform Cloud to provide that information to API-based external integrations. (#31698)
* BUG FIXES:
- config: Terraform was not previously evaluating preconditions and postconditions during the apply phase for resource instances that didn't have any changes pending, which was incorrect because the outcome of a condition can potentially be affected by changes to other objects in the configuration. Terraform will now always check the conditions for every resource instance included in a plan during the apply phase, even for resource instances that have "no-op" changes. This means that some failures that would previously have been detected only by a subsequent run will now be detected during the same run that caused them, thereby giving the feedback at the appropriate time. (#31491)
- terraform show -json: Fixed missing markers for unknown values in the encoding of partially unknown tuples and sets. (#31236)
- terraform output CLI help documentation is now more consistent with web-based documentation. (#29354)
- terraform init: Error messages now handle the situation where the underlying HTTP client library does not indicate a hostname for a failed request. (#31542)
- terraform init: Don't panic if a child module contains a resource with a syntactically-invalid resource type name. (#31573)
- CLI: The representation of destroying already-null output values in a destroy plan will no longer report them as being deleted, which avoids reporting the deletion of an output value that was already absent. (#31471)
- terraform import: Better handling of resources or modules that use for_each, and situations where data resources are needed to complete the operation. (#31283)
* EXPERIMENTS:
- This release concludes the module_variable_optional_attrs experiment, which started in Terraform v0.14.0. The final design of the optional attributes feature is similar to the experimental form in the previous releases, but with two major differences:
- The optional function-like modifier for declaring an optional attribute now accepts an optional second argument for specifying a default value to use when the attribute isn't set by the caller. If not specified, the default value is a null value of the appropriate type as before.
- The built-in defaults function, previously used to meet the use-case of replacing null values with default values, will not graduate to stable and has been removed. Use the second argument of optional inline in your type constraint to declare default values instead.
- If you have any experimental modules that were participating in this experiment, you will need to remove the experiment opt-in and adopt the new syntax for declaring default values in order to migrate your existing module to the stablized version of this feature. If you are writing a shared module for others to use, we recommend declaring that your module requires Terraform v1.3.0 or later to give specific feedback when using the new feature on older Terraform versions, in place of the previous declaration to use the experimental form of this feature:
terraform {
required_version = ">= 1.3.0"
}
* Thu Sep 08 2022 Johannes Kastl <kastl@b1-systems.de>
- update to 1.2.9:
* ENHANCEMENTS:
- terraform init: add link to documentation when a checksum is missing from the lock file. (#31726)
* Wed Sep 07 2022 Johannes Kastl <kastl@b1-systems.de>
- update to 1.2.8:
* BUG FIXES:
- config: The flatten function will no longer panic if given a null value that has been explicitly converted to or implicitly inferred as having a list, set, or tuple type. Previously Terraform would panic in such a situation because it tried to "flatten" the contents of the null value into the result, which is impossible. (#31675)
- config: The tolist, toset, and tomap functions, and various automatic conversions that include similar logic, will no longer panic when asked to infer an element type that is convertable from both a tuple type and a list type whose element type is not yet known. (#31675)
* Wed Sep 07 2022 Johannes Kastl <kastl@b1-systems.de>
- update to 1.2.7:
* ENHANCEMENTS:
- config: Check for direct references to deprecated computed attributes. (#31576)
* BUG FIXES:
- config: Fix an crash if a submodule contains a resource whose implied provider local name contains invalid characters, by adding additional validation rules to turn it into a real error. (#31573)
- core: Fix some handling of provider schema attributes which use the newer "structural typing" mechanism introduced with protocol version 6, and therefore with the new Terraform Plugin Framework (#31532)
- command: Add missing output text for applyable refresh plans. (#31469)
* Wed Jul 27 2022 Johannes Kastl <kastl@b1-systems.de>
- update to 1.2.6:
* ENHANCEMENTS:
- Add a warning and guidance when terraform init fails to fully populate the .terraform.lock.hcl file. (#31399)
- Add a direct link to the relevant documentation when terraform init fails on missing checksums. (#31408)
* BUG FIXES:
- Fix panic on terraform show when state file is invalid or unavailable. (#31444)
- Fix terraform providers lock command failing on missing checksums. (#31389)
- Some combinations of move block operations would be executed in the wrong order (#31499)
- Don't attribute an error to the provider when a computed attribute is listed in ignore_changes (#31509)
* Sat Jul 16 2022 Johannes Kastl <kastl@b1-systems.de>
- update to 1.2.5:
* BUG FIXES:
- Report correct error message when a prerelease field is included in the required_version global constraint. (#31331)
- Fix case when extra blank lines were inserted into the plan for unchanged blocks. (#31330)
* Wed Jun 29 2022 Johannes Kastl <kastl@b1-systems.de>
- Update to 1.2.4:
* ENHANCEMENTS:
- Improved validation of required_providers to prevent single providers from being required with multiple names. (#31218)
- Improved plan performance by optimizing addrs.Module.String for allocations. (#31293)
* BUG FIXES:
- backend/http: Fixed bug where the HTTP backend would fail to retry acquiring the state lock and ignored the -lock-timeout flag. (#31256)
- Fix crash if a precondition or postcondition block omitted the required condition argument. (#31290)
* Wed Jun 22 2022 Johannes Kastl <kastl@b1-systems.de>
- Update to 1.2.3:
* UPGRADE NOTES:
The following remote state backends are now marked as deprecated, and are
planned to be removed in a future Terraform release. These backends have
been unmaintained since before Terraform v1.0, and may contain known bugs,
outdated packages, or security vulnerabilities.
- artifactory
- etcd
- etcdv3
- manta
- swift
* BUG FIXES:
- Missing check for error diagnostics in GetProviderSchema could result in panic (#31184)
- Module registries returning X-Terraform-Get locations with no URL would error with "no getter available for X-Terraform-Get source protocol" (#31237)
- Fix crash from concurrent operation on shared set of resource instance dependencies (#31246)
- backend/cos: tencentcloud-terraform-lock tag was not removed in all cases (#31223)
* Sun Jun 05 2022 kastl@b1-systems.de
- Update to version 1.2.2:
* ENHANCEMENTS:
- Invalid -var arguments with spaces between the name and value now have an improved error message (#30985)
* BUG FIXES:
- Terraform now hides invalid input values for sensitive root module variables when generating error diagnostics (#30552)
- Fixed crash on CLI autocomplete (#31160)
- The "Configuration contains unknown values" error message now includes attribute paths (#31111)
* Sat Jun 04 2022 Johannes Kastl <kastl@b1-systems.de>
- BuildRequire go1.17, like upstream does in go.mod
* Sat Jun 04 2022 kastl@b1-systems.de
- Update to version 1.2.1:
* BUG FIXES:
- SSH provisioner connections fail when using signed ed25519 keys (#31092)
- Crash with invalid module source (#31060)
- Incorrect "Module is incompatible with count, for_each, and depends_on" error when a provider is nested within a module along with a sub-module using count or for_each (#31091)
* Sat Jun 04 2022 kastl@b1-systems.de
- Update to version 1.2.0:
* UPGRADE NOTES:
- If you use the third-party credentials helper plugin terraform-credentials-env, you should disable it as part of upgrading to Terraform v1.2 because similar functionality is now built in to Terraform itself.
- The new behavior supports the same environment variable naming scheme but has a difference in priority order from the credentials helper: TF_TOKEN_... environment variables will now take priority over credentials blocks in CLI configuration and credentials stored automatically by terraform login, which is not true for credentials provided by any credentials helper plugin. If you see Terraform using different credentials after upgrading, check to make sure you do not specify credentials for the same host in multiple locations.
- If you use the credentials helper in conjunction with the hashicorp/tfe Terraform provider to manage Terraform Cloud or Terraform Enterprise objects with Terraform, you should also upgrade to version 0.31 of that provider, which added the corresponding built-in support for these environment variables.
- The official Linux packages for the v1.2 series now require Linux kernel version 2.6.32 or later.
- When making outgoing HTTPS or other TLS connections as a client, Terraform now requires the server to support TLS v1.2. TLS v1.0 and v1.1 are no longer supported. Any safely up-to-date server should support TLS 1.2, and mainstream web browsers have required it since 2020.
- When making outgoing HTTPS or other TLS connections as a client, Terraform will no longer accept CA certificates signed using the SHA-1 hash function. Publicly trusted Certificate Authorities have not issued SHA-1 certificates since 2015.
(Note: the changes to Terraform's requirements when interacting with TLS servers apply only to requests made by Terraform CLI itself, such as provider/module installation and state storage requests. Terraform provider plugins include their own TLS clients which may have different requirements, and may add new requirements in their own releases, independently of Terraform CLI changes.)
* NEW FEATURES:
- precondition and postcondition check blocks for resources, data sources, and module output values: module authors can now document assumptions and assertions about configuration and state values. If these conditions are not met, Terraform will report a custom error message to the user and halt further execution.
- replace_triggered_by is a new lifecycle argument for managed resources which triggers replacement of an object based on changes to an upstream dependency.
You can now specify credentials for Terraform-native services using an environment variable named as TF_TOKEN_ followed by an encoded version of the hostname. For example, Terraform will use variable TF_TOKEN_app_terraform_io as a bearer token for requests to "app.terraform.io", for the Terraform Cloud integration and private registry requests.
* ENHANCEMENTS:
- When showing a plan, Terraform CLI will now only show "Changes outside of Terraform" if they relate to resources and resource attributes that contributed to the changes Terraform is proposing to make. (#30486)
- Error messages for preconditions, postconditions, and custom variable validations are now evaluated as expressions, allowing interpolation of relevant values into the output. (#30613)
- When showing the progress of a remote operation running in Terraform Cloud, Terraform CLI will include information about post-plan run tasks. (#30141)
- Terraform will now show a slightly different note in the plan output if a data resource read is deferred to the apply step due to it depending on a managed resource that has changes pending. (#30971)
- The "Invalid for_each argument" error message for unknown maps/sets now includes an additional paragraph to try to help the user notice they can move apply-time values into the map values instead of the map keys, and thus avoid the problem without resorting to -target. (#30327)
- There are some small improvements to the error and warning messages Terraform will emit in the case of invalid provider configuration passing between modules. There are no changes to which situations will produce errors and warnings, but the messages now include additional information intended to clarify what problem Terraform is describing and how to address it. (#30639)
- The environment variables TF_CLOUD_ORGANIZATION and TF_CLOUD_HOSTNAME now serve as fallbacks for the arguments of the same name inside a cloud block configuring integration with Terraform Cloud.
- The environment variable TF_WORKSPACE will now additionally serve as an implicit configuration of a single selected workspace on Terraform Cloud if (and only if) the cloud block does not include an explicit workspaces configuration.
- The AzureRM Backend now defaults to using MSAL (and Microsoft Graph) rather than ADAL (and Azure Active Directory Graph) for authentication. (#30891)
- The AzureRM Backend now supports authenticating as a service principal using OpenID Connect. (#30936)
- When running on macOS, Terraform will now use platform APIs to validate certificates presented by TLS (HTTPS) servers. This may change exactly which root certificates Terraform will accept as valid. (#30768)
- Show remote host in error message for clarity when installation of provider fails (#30810)
- Terraform now prints a warning when adding an attribute to ignore_changes that is managed only by the provider. Specifying non-configurable attributes in ignore_changes has no effect because ignore_changes tells Terraform to ignore future changes made in the configuration. (#30517)
- terraform show -json now includes exact type information for output values. (#30945)
- The ssh provisioner connection now supports SSH over HTTP proxy. (#30274)
- The SSH client for provisioners now supports newer key algorithms, allowing it to connect to servers running more recent versions of OpenSSH. (#30962)
* BUG FIXES:
- Terraform now handles type constraints, nullability, and custom variable validation properly for root module variables. Previously there was an order of operations problem where the nullability and custom variable validation were checked too early, prior to dealing with the type constraints, and thus that logic could potentially "see" an incorrectly-typed value in spite of the type constraint, leading to incorrect errors. (#29959)
- When reporting a type mismatch between the true and false results of a conditional expression when both results are of the same structural type kind (object/tuple, or a collection thereof), Terraform will no longer return a confusing message like "the types are object and object, respectively", and will instead attempt to explain how the two structural types differ. (#30920)
- Applying the various type conversion functions like tostring, tonumber, etc to null will now return a null value of the intended type. For example, tostring(null) converts from a null value of an unknown type to a null value of string type. Terraform can often handle such conversions automatically when needed, but explicit annotations like this can help Terraform to understand author intent when inferring type conversions for complex-typed values. (#30879)
- Terraform now returns an error when cidrnetmask() is called with an IPv6 address, as it was previously documented to do. IPv6 standards do not preserve the "netmask" syntax sometimes used for IPv4 network configuration; use CIDR prefix syntax instead. (#30703)
- When performing advanced state management with the terraform state commands, Terraform now checks the required_version field in the configuration before proceeding. (#30511)
- When rendering a diff, Terraform now quotes the name of any object attribute whose string representation is not a valid identifier. (#30766)
- Terraform will now prioritize local terraform variables over remote terraform variables in operations such as import, plan, refresh and apply for workspaces in local execution mode. This behavior applies to both remote backend and the cloud integration configuration. (#29972)
- terraform show -json: JSON plan output now correctly maps aliased providers to their configurations, and includes the full provider source address alongside the short provider name. (#30138)
- The local token configuration in the cloud and remote backend now has higher priority than a token specified in a credentials block in the CLI configuration. (#30664)
- The cloud integration now gracefully exits when -input=false and an operation requires some user input.
- Terraform will now reliably detect an inteerruptiong (e.g. Ctrl+C) during planning for terraform apply -auto-approve. Previously there was a window of time where interruption would cancel the plan step but not prevent Terraform from proceeding to the apply step. (#30979)
- Terraform will no longer crash if a provider fails to return a schema. (#30987)
* Wed May 04 2022 Paolo Stivanin <info@paolostivanin.com>
- Update to 1.1.9:
* cli: Fix crash when using sensitive values in sets. (#30825)
* cli: Fix double-quoted map keys when rendering a diff. (#30855)
* core: Prevent errors when handling a data source with incompatible schema changes (#30830)
* cli: Fix missing identifying attributes (e.g. "id", "name") when displaying plan diffs with nested objects. (#30685)
* functions: Fix error when sum() function is called with a collection of string-encoded numbers, such as sum(["1", "2", "3"]). (#30684)
* When rendering a diff, Terraform now quotes the name of any object attribute whose string representation is not a valid identifier. (#30766)
* Terraform will no longer crash in the terraform apply phase if an error occurs during backend configuration. (#30780)
* terraform show -json: Improve performance for deeply-nested object values. The previous implementation was accidentally quadratic, which could result in very long execution time for generating JSON plans, and timeouts on Terraform Cloud and Terraform Enterprise. (#30561)
* cloud: Update go-slug for terraform.tfstate exclusion to prevent a user from getting an error
after migrating state to TFC.
* Wed Mar 30 2022 Dirk Müller <dmueller@suse.com>
- exclude arm32 bit builds as well
* Thu Feb 03 2022 Marcus Hann <marcus@hhra.uk>
- Update to 1.1.5
ENHANCEMENTS:
* backend/s3: Update AWS SDK to allow the use of the ap-southeast-3 region (#30363)
BUG FIXES:
* cli: Fix crash when using autocomplete with long commands, such as terraform workspace select (#30193)
* Fri Jan 21 2022 Marcus Hann <marcus@hhra.uk>
- Update to 1.1.4
BUG FIXES:
* config: Non-nullable variables with null inputs were not given default values when checking validation statements (#30330)
* config: Terraform will no longer incorrectly report "Cross-package move statement" when an external package has changed a resource from no count to using count, or vice-versa. (#30333)
* Sun Jan 09 2022 Marcus Hann <marcus@hhra.uk>
- Update to 1.1.3
BUG FIXES:
* terraform init: Will now remove from the dependency lock file entries for providers not used in the current configuration. Previously it would leave formerly-used providers behind in the lock file, leading to "missing or corrupted provider plugins" errors when other commands verified the consistency of the installed plugins against the locked plugins. (#30192)
* config: Fix panic when encountering an invalid provider block within a module (#30095)
* config: Fix cycle error when the index of a module containing move statements is changed (#30232)
* config: Fix inconsistent ordering with nested move operations (#30253)
* config: Fix moved block refactoring to include nested modules (#30233)
* functions: Redact sensitive values from function call error messages (#30067)
* terraform show: Disable plan state lineage checks, ensuring that we can show plan files which were generated against non-default state files (#30205)
* Wed Dec 29 2021 Marcus Hann <marcus@hhra.uk>
- Update to 1.1.2
If you are using Terraform CLI v1.1.0 or v1.1.1, please upgrade to this new version as soon as possible.
Terraform CLI v1.1.0 and v1.1.1 both have a bug where a failure to construct the apply-time graph can cause Terraform to incorrectly report success and save an empty state, effectively "forgetting" all existing infrastructure. Although configurations that already worked on previous releases should not encounter this problem, it's possible that incorrect future configuration changes would trigger this behavior during the apply step.
BUG FIXES:
* config: Fix panic when using -target in combination with moved blocks within modules (#30189)
* core: Fix condition which could lead to an empty state being written when there is a failure building the apply graph (#30199)
- From version 1.1.1
BUG FIXES:
* core: Fix crash with orphaned module instance due to changed count or for_each value (#30151)
* core: Fix regression where some expressions failed during validation when referencing resources expanded with count or for_each (#30171)
* Thu Dec 09 2021 Marcus Hann <marcus@hhra.uk>
- Update to 1.1.0
Terraform v1.1.0 is a new minor release, containing some new features and some bug fixes whose scope was too large for inclusion in a patch release.
NEW FEATURES:
* `moved` blocks for refactoring within modules: Module authors can now record in module source code whenever they've changed the address of a resource or resource instance, and then during planning Terraform will automatically migrate existing objects in the state to new addresses.
This therefore avoids the need for users of a shared module to manually run `terraform state mv` after upgrading to a version of the module, as long as the change is expressible as static configuration. However, `terraform state mv` will remain available for use in more complex migration situations that are not well-suited to declarative configuration.
* A new `cloud` block in the `terraform` settings block introduces a native Terraform Cloud integration for the [CLI-driven run workflow](https://www.terraform.io/docs/cloud/run/cli.html).
The Cloud integration includes several enhancements, including per-run variable support using the `-var` flag, the ability to map Terraform Cloud workspaces to the current configuration via [Workspace Tags](https://www.terraform.io/docs/cloud/api/workspaces.html#get-tags), and an improved user experience for Terraform Cloud and Enterprise users with actionable error messages and prompts.
* `terraform plan` and `terraform apply` both now include additional annotations for resource instances planned for deletion to explain why Terraform has proposed that action.
For example, if you change the `count` argument for a resource to a lower number then Terraform will now mention that as part of proposing to destroy any existing objects that exceed the new count.
UPGRADE NOTES:
This release is covered by the [Terraform v1.0 Compatibility Promises](https://www.terraform.io/docs/language/v1-compatibility-promises.html), but does include some changes permitted within those promises as described below.
* Terraform on macOS now requires macOS 10.13 High Sierra or later; Older macOS versions are no longer supported.
* The `terraform graph` command no longer supports `-type=validate` and `-type=eval` options. The validate graph is always the same as the plan graph anyway, and the "eval" graph was just an implementation detail of the `terraform console` command. The default behavior of creating a plan graph should be a reasonable replacement for both of the removed graph modes. (Please note that `terraform graph` is not covered by the Terraform v1.0 compatibility promises, because its behavior inherently exposes Terraform Core implementation details, so we recommend it only for interactive debugging tasks and not for use in automation.)
* `terraform apply` with a previously-saved plan file will now verify that the provider plugin packages used to create the plan fully match the ones used during apply, using the same checksum scheme that Terraform normally uses for the dependency lock file. Previously Terraform was checking consistency of plugins from a plan file using a legacy mechanism which covered only the main plugin executable, not any other files that might be distributed alongside in the plugin package.
This additional check should not affect typical plugins that conform to the expectation that a plugin package's contents are immutable once released, but may affect a hypothetical in-house plugin that intentionally modifies extra files in its package directory somehow between plan and apply. If you have such a plugin, you'll need to change its approach to store those files in some other location separate from the package directory. This is a minor compatibility break motivated by increasing the assurance that plugins have not been inadvertently or maliciously modified between plan and apply.
* `terraform state mv` will now error when legacy `-backup` or `-backup-out` options are used without the `-state` option on non-local backends. These options operate on a local state file only. Previously, these options were accepted but ignored silently when used with non-local backends.
* In the AzureRM backend, the new opt-in option `use_microsoft_graph` switches to using MSAL authentication tokens and Microsoft Graph rather than using ADAL tokens and Azure Active Directory Graph, which is now [deprecated by Microsoft](https://docs.microsoft.com/en-us/graph/migrate-azure-ad-graph-faq). The new mode will become the default in Terraform v1.2, so please plan to migrate to using this setting and test with your own Azure AD tenant prior to the Terraform v1.2 release.
ENHANCEMENTS:
* config: Terraform now checks the syntax of and normalizes module source addresses (the `source` argument in `module` blocks) during configuration decoding rather than only at module installation time. This is largely just an internal refactoring, but a visible benefit of this change is that the `terraform init` messages about module downloading will now show the canonical module package address Terraform is downloading from, after interpreting the special shorthands for common cases like GitHub URLs. ([#28854](https://github.com/hashicorp/terraform/issues/28854))
* config: Variables can now be declared as "nullable", which defines whether a variable can be null within a module. Setting `nullable = false` ensures that a variable value will never be `null`, and may instead take on the variable's default value if the caller sets it explicitly to `null`. ([#29832](https://github.com/hashicorp/terraform/issues/29832))
* `terraform plan` and `terraform apply`: When Terraform plans to destroy a resource instance due to it no longer being declared in the configuration, the proposed plan output will now include a note hinting at what situation prompted that proposal, so you can more easily see what configuration change might avoid the object being destroyed. ([#29637](https://github.com/hashicorp/terraform/pull/29637))
* `terraform plan` and `terraform apply`: Terraform will now report explicitly in the UI if it automatically moves a resource instance to a new address as a result of adding or removing the `count` argument from an existing resource. For example, if you previously had `resource "aws_subnet" "example"` _without_ `count`, you might have `aws_subnet.example` already bound to a remote object in your state. If you add `count = 1` to that resource then Terraform would previously silently rebind the object to `aws_subnet.example[0]` as part of planning, whereas now Terraform will mention that it did so explicitly in the plan description. ([#29605](https://github.com/hashicorp/terraform/issues/29605))
* `terraform workspace delete`: will now allow deleting a workspace whose state contains only data resource instances and output values, without running `terraform destroy` first. Previously the presence of data resources would require using `-force` to override the safety check guarding against accidentally forgetting about remote objects, but a data resource is not responsible for the management of its associated remote object(s) and so there's no reason to require explicit deletion. ([#29754](https://github.com/hashicorp/terraform/issues/29754))
* `terraform validate`: Terraform now uses precise type information for resources during config validation, allowing more problems to be caught that that step rather than only during the planning step. ([#29862](https://github.com/hashicorp/terraform/issues/29862))
* provisioner/remote-exec and provisioner/file: When using SSH agent authentication mode on Windows, Terraform can now detect and use [the Windows 10 built-in OpenSSH Client](https://devblogs.microsoft.com/powershell/using-the-openssh-beta-in-windows-10-fall-creators-update-and-windows-server-1709/)'s SSH Agent, when available, in addition to the existing support for the third-party solution [Pageant](https://documentation.help/PuTTY/pageant.html) that was already supported. ([#29747](https://github.com/hashicorp/terraform/issues/29747))
* cli: `terraform state mv` will now return an error for `-backup` or `-backup-out` options used without the `-state` option, unless the working directory is initialized to use the local backend. Previously Terraform would silently ignore those options, since they are applicable only to the local backend. ([#27908](https://github.com/hashicorp/terraform/issues/27908))
* `terraform console`: now has a new `type()` function, available only in the interactive console, for inspecting the exact type of a particular value as an aid to debugging. ([#28501](https://github.com/hashicorp/terraform/issues/28501))
BUG FIXES:
* config: `ignore_changes = all` now works in override files. ([#29849](https://github.com/hashicorp/terraform/issues/29849))
* config: Upgrading an unknown single value to a list using a splat expression now correctly returns an unknown value and type. Previously it would sometimes "overpromise" a particular return type, leading to an inconsistency error during the apply step. ([#30062](https://github.com/hashicorp/terraform/issues/30062))
* config: Terraform is now more precise in its detection of data resources that must be deferred to the apply step due to their `depends_on` arguments referring to not-yet-converged managed resources. ([#29682](https://github.com/hashicorp/terraform/issues/29682))
* config: `ignore_changes` can no longer cause a null map to be converted to an empty map, which would otherwise potentially cause surprising side-effects in provider logic. ([#29928](https://github.com/hashicorp/terraform/issues/29928))
* core: Provider configuration obtained from interactive prompts will now be merged properly with settings given in the configuration. Previously this merging was incorrect in some cases. ([#29000](https://github.com/hashicorp/terraform/issues/29000))
* `terraform plan`: Improved rendering of changes inside attributes that accept lists, sets, or maps of nested object types. ([#29827](https://github.com/hashicorp/terraform/issues/29827), [#29983](https://github.com/hashicorp/terraform/issues/29983), [#29986](https://github.com/terraform/issues/29986))
* `terraform apply`: Will no longer try to apply a stale plan that was generated against an originally-empty state. Previously this was an unintended exception to the rule that a plan can only be applied to the state snapshot it was generated against. ([#29755](https://github.com/hashicorp/terraform/issues/29755))
* `terraform show -json`: Attributes that are declared as using the legacy [Attributes as Blocks](https://www.terraform.io/docs/language/attr-as-blocks.html) behavior are now represented more faithfully in the JSON plan output. ([#29522](https://github.com/hashicorp/terraform/issues/29522))
* `terraform init`: Will now update the backend configuration hash value at a more approprimate time, to ensure properly restarting a backend migration process that failed on the first attempt. ([#29860](https://github.com/hashicorp/terraform/issues/29860))
* backend/oss: Flatten `assume_role` block arguments, so that they are more compatible with the `terraform_remote_state` data source. ([#29307](https://github.com/hashicorp/terraform/issues/29307))
* Wed Dec 08 2021 Marcus Hann <marcus@hhra.uk>
- Update to 1.0.11
ENHANCEMENTS:
* backend/oss: Added support for sts_endpoint (#29841)
BUG FIXES:
* config: Fixed a bug in which ignore_changes = all would not work in override files (#29849)
* config: Numbers are now compared for equality based on their protocol representation, eliminating unexpected changes due to small precision errors (#29864)
- from version 1.0.10
BUG FIXES:
* backend/oss: Fix panic when there's an error looking up OSS endpoints (#29784)
* backend/remote: Fix version check when migrating state (#29793)
* cli: Restore -lock and -lock-timeout flags for the init command, which were removed in 0.15.0 (#29773)
* cli: Fix bug where terraform init -input=false would hang waiting for user input to choose a workspace (#29805)
* Mon Oct 18 2021 Eike Waldt <waldt@b1-systems.de>
- Update to 1.0.9
BUG FIXES:
* core: Fix panic when planning new resources with nested object attributes (#29701)
* core: Do not refresh deposed instances when the provider is not configured during destroy (#29720)
* core: Prevent panic when encountering a missing change when destroying a resource (#29734)
* Mon Oct 18 2021 Eike Waldt <waldt@b1-systems.de>
- Update to 1.0.8
BUG FIXES:
* cli: Check `required_version` as early as possibly during `init` so that version incompatibility can be reported before errors about new syntax (#29665)
* core: Don't plan to remove orphaned resource instances in refresh-only plans (#29640)
- from version 1.0.7
BUG FIXES:
* core: Remove check for computed attributes which is no longer valid with optional structural attributes (#29563)
* core: Prevent object types with optional attributes from being instantiated as concrete values, which can lead to failures in type comparison (#29559)
* core: Empty containers in the configuration were not planned correctly when used with optional structural attributes (#29580)
- from version 1.0.6
ENHANCEMENTS:
* backend/s3: Improve SSO handling and add new endpoints in the AWS SDK (#29017)
BUG FIXES:
* cli: Suppress confirmation prompt when initializing with the `-force-copy` flag and migrating state between multiple workspaces. (#29438)
* cli: Update tencentcount dependency versions to fix errors when building from source (#29445)
* core: Fix panic while handling computed attributes within nested objects, and improve plan validation for unknown values (#29482)
- from version 1.0.5
BUG FIXES:
* json-output: Add an output change summary message as part of the `terraform plan -json` structured logs, bringing this format into parity with the human-readable UI. (#29312)
* core: Handle null nested single attribute values (#29411)
* cli: Fix crash when planning a diff between null and empty sets in nested attributes (#29398)
* cli: Fix crash when planning a new resource containing a set of nested object attributes (#29398)
* cli: Fix crash when displaying a resource diff where a possibly identifying attribute is sensitive (#29397)
* cli: Fix crash when a diff with unknown nested map attributes (#29410)
* config: Fix handling of dynamically types arguments in `formatlist`, ensuring the correct resulting type. (#29408)
* config: Floating point operations like `floor` and `ceil` can no longer mutate their arguments. (#29408)
- from version 1.0.4
BUG FIXES:
* backend/consul: Fix a bug where the state value may be too large for consul to accept (#28838)
* cli: Fixed a crashing bug with some edge-cases when reporting syntax errors that happen to be reported at the position of a newline. (#29048)
- from version 1.0.3
ENHANCEMENTS
* `terraform plan`: The JSON logs (`-json` option) will now include `resource_drift`, showing changes detected outside of Terraform during the refresh step. (#29072)
* core: The automatic provider installer will now accept providers that are recorded in their registry as using provider protocol version 6. (#29153)
* backend/etcdv3: New argument `max_request_bytes` allows larger requests and for the client, to match the server request limit. (#28078)
BUG FIXES:
* `terraform plan`: Will no longer panic when trying to render null maps. (#29207)
* backend/pg: Prevent the creation of multiple workspaces with the same name. (#29157)
* backend/oss: STS auth is now supported. (#29167)
* config: Dynamic blocks with unknown for_each values were not being validated. Ensure block attributes are valid even when the block is unknown (#29208)
* config: Unknown values in string templates could lose sensitivity, causing the planned change to be inaccurate (#29208)
* Thu Jul 08 2021 John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- Update to 1.0.2
BUG FIXES:
* `terraform show`: Fix crash when rendering JSON plan with sensitive values in state (#29049)
* config: The `floor` and `ceil` functions no longer lower the precision of arguments to what
would fit inside a 64-bit float, instead preserving precision in a similar way as most other
arithmetic functions. (#29110)
* config: The `flatten` function was incorrectly treating null values of an unknown type as if
they were unknown values. Now it will treat them the same as any other non-list/non-tuple value,
flattening them down into the result as-is. (#29110)
- from version 1.0.1
ENHANCEMENTS:
* `terraform show`: The JSON plan output now indicates which state values are sensitive. (#28889)
* cli: The macOS builds will now resolve hostnames using the system's DNS resolver, rather than the
Go library's (incomplete) emulation of it. In particular, this will allow for the more complex
resolver configurations often created by VPN clients on macOS, such as when a particular domain
must be resolved using different nameservers while VPN connection is active.
BUG FIXES:
* `terraform show`: Fix crash with deposed instances in json plan output. (#28922)
* `terraform show`: Fix an issue where the JSON configuration representation was missing
fully-unwrapped references. (#28884)
* `terraform show`: Fix JSON plan resource drift to remove unchanged resources. (#28975)
* core: Fix crash when provider modifies and unknown block during plan. (#28941)
* core: Diagnostic context was missing for some errors when validating blocks. (#28979)
* core: Fix crash when calling `setproduct` with unknown values. (#28984)
* backend/remote: Fix faulty Terraform Cloud version check when migrating state to the remote backend
with multiple local workspaces. (#28864)
- from version 1.0.0
Terraform v1.0 is an unusual release in that its primary focus is on stability, and it represents the
culmination of several years of work in previous major releases to make sure that the Terraform language
and internal architecture will be a suitable foundation for forthcoming additions that will remain
backward compatible.
Terraform v1.0.0 intentionally has no significant changes compared to Terraform v0.15.5. You can consider
the v1.0 series as a direct continuation of the v0.15 series; we do not intend to issue any further releases
in the v0.15 series, because all of the v1.0 releases will be only minor updates to address bugs.
For all future minor releases with major version 1, we intend to preserve backward compatibility as described
in detail in [the Terraform v1.0 Compatibility Promises](https://www.terraform.io/docs/language/v1-compatibility-
promises.html). The later Terraform v1.1.0 will, therefore, be the first minor release with new features that
we will implement with consideration of those promises.
- from version 0.15.5
BUG FIXES:
* `terraform plan` and `terraform apply`: Don't show "Objects have changed" notification
when the detected changes are only internal details related to legacy SDK quirks. (#28796)
* core: Prevent crash during planning when encountering a deposed instance that has been
removed from the configuration. (#28766)
* core: Fix crash when rendering changes to deposed instances outside of Terraform. (#28796)
* core: Restore a missing error when attempting to import a non-existent remote object. (#28808)
* core: Fix bug where Terraform failed to release the state lock when applying a stale
saved plan failed. (#28819)
- from version 0.15.4
NEW FEATURES:
* **Noting changes made outside of Terraform:** Terraform has always, by default, made a point
during the planning operation of reading the current state of remote objects in order to detect
any changes made outside of Terraform, to make sure the plan will take those into account.
Terraform will now report those detected changes as part of the plan result, in order to give
additional context about the planned changes. We've often heard that people find it confusing
when a plan includes a change that doesn't seem to be prompted by any recent change in the
_configuration_, and so this feature is aiming to provide the previously-missing explanation
for situations where Terraform is planning to undo a change.
It can also be useful just as general information when the change _won't_ be undone by Terraform:
if you've intentionally made a change outside of Terraform and mirrored that change in your
configuration then Terraform will now confirm that it noticed the change you made and took it
into account when planning.
By default this new output is for information only and doesn't change any behavior. If Terraform
detects a change you were _expecting_ then you don't need to take any additional action to respond
to it. However, we've also added a new planning mode `-refresh-only` which allows you to explicitly
plan and apply the action of writing those detected changes to the Terraform state, which serves
as a plannable replacement for `terraform refresh`. We don't have any plans to remove the long-standing
`terraform refresh` command, but we do recommend using `terraform apply -refresh-only` instead in most
cases, because it will provide an opportunity to review what Terraform detected before updating the
Terraform state.
UPGRADE NOTES:
* This release adds some new reserved reference prefixes to make them available for later work. These
are `resource.`, `template.`, `arg.`, and `lazy.`. We don't expect these additions to cause problems
for most existing configurations, but could cause a conflict if you are using a custom provider which
has a resource type named exactly "resource", "template", "arg", or "lazy". In that unlikely event,
you can escape references to resources of those types by adding a `resource.` prefix; for example,
if you have a `resource "template" "foo"` then you can change references to it from `template.foo`
to `resource.template.foo` in order to escape the new meaning.
ENHANCEMENTS:
* config: The various functions that compute hashs of files on disk, like `filesha256`, will now stream
the contents of the given file into the hash function in smaller chunks. Previously they would always
read the entire file into memory before hashing it, due to following a similar implementation strategy
as the `file` function. (#28681)
* config: Some new escaping syntax which is not yet useful but will be part of the backward-compatibility
story for certain future language editions. (#28709)
* core: Resource diagnostics are no longer lost on remote state storage failures (#28724)
* core: Diagnostics from provisioner failures are now shown in CLI output (#28753)
* `terraform init`: add a new `-migrate-state` flag instead of automatic state migration, to prevent failing
when old backend config is not usable (#28718)
* `terraform plan` and `terraform apply`: will now report any changes Terraform detects during the "refresh"
phase for each managed object, providing confirmation that Terraform has seen those changes and, where
appropriate, extra context to help understand the planned change actions that follow. (#28634)
* `terraform plan` and `terraform apply`: now have a new option `-refresh-only` to activate the "refresh only"
planning mode, which causes Terraform to ignore any changes suggested by the configuration but still detect
any changes made outside of Terraform since the latest `terraform apply`. (#28634)
* backend/gcs: Terraform Core now supports Workload Identity Federation. The federated JSON credentials must be
loaded through the `GOOGLE_APPLICATION_CREDENTIALS` environment variable. This is also available in the Google
Provider in versions newer than v3.61. (#28296)
* backend/remote: supports several new CLI options when running plans and applies with Terraform Cloud:
`-refresh=false`, `-replace`, and `-refresh-only`. (#28746)
BUG FIXES:
* core: Fix sensitivity handling with plan values, which could cause the sensitive marks to be lost during apply
leading to a perpetual diff (#28687)
* core: Fix crash when specifying SSH `bastion_port` in a resource `connection` block (#28665)
* core: Terraform will now upgrade and refresh (unless disabled) deposed objects during planning, in a similar
manner as for objects that have been removed from the configuration. "Deposed" is how Terraform represents
the situation where a `create_before_destroy` replacement failed to destroy the old object, in which case
Terraform needs to track both the new and old objects until the old object is successfully deleted. Refreshing
these during planning means that you can, if you wish, delete a "deposed" object manually outside of Terraform
and then have Terraform detect that you've done so. (#28634)
* config: Improve the sensitivity support for `lookup` and `length` functions, which were accidentally omitted
from the larger update in 0.15.1 (#28509)
* backend/gcs: Fixed a bug where service account impersonation didn't work if the original identity was another
service account (#28139)
- from version 0.15.3
ENHANCEMENTS:
* `terraform show`: Add data to the JSON plan output describing which changes caused a resource to be replaced
(#28608)
BUG FIXES:
* `terraform show`: Fix crash for JSON plan output of new resources with sensitive attributes in nested blocks
(#28624)
- from version 0.15.2
ENHANCEMENTS:
* `terraform plan` and `terraform apply`: Both now support a new planning option `-replace=...` which takes the
address of a resource instance already tracked in the state and forces Terraform to upgrade either an update or
no-op plan for that instance into a "replace" (either destroy-then-create or create-then-destroy depending on
configuration), to allow replacing a degraded object with a new object of the same configuration in a single
action and preview the effect of that before applying it.
* `terraform apply`: Now has a `-destroy` option for symmetry with `terraform plan -destroy`, which makes `terraform
destroy` effectively an alias for `terraform apply -destroy`. This change is only for consistency between `terraform
plan` and `terraform apply`; there are no current plans to deprecate `terraform destroy`. (#28489)
* core: Update HCL to allow better planning of dynamic blocks (#28424)
* core: Unmark values when planning data sources (#28539)
BUG FIXES:
* command/format: Fix various issues with nested-type attribute formatting (#28600)
* core: Fix JSON plan output to add sensitivity data for provider-specified sensitive attribute values (#28523)
* cli: Fix missing "forces replacement" UI for attribute changes which are marked as sensitive by the provider (#28583)
* cli: Fix crash when rendering diagnostic caused by missing trailing quote (#28598)
* config: Fix crash when calling `setproduct` with one or more empty collections (#28607)
- from version 0.15.1
ENHANCEMENTS:
* config: Various Terraform language functions now have more precise inference rules for propagating the "sensitive"
characteristic values.
The affected functions are `chunklist`, `concat`, `flatten`, `keys`, `length`, `lookup`, `merge`, `setproduct`,
`tolist`, `tomap`, `values`, and `zipmap`. The details are a little different for each of these but the general
idea is to, as far as possible, preserve the sensitive characteristic on individual element or attribute values
in result structures rather than always conservatively applying sensitivity to the whole result.
The primary benefit of these improvements is that you can now use these functions as part of constructing maps for
`for_each` in situations where the input collection is never sensitive but some of the elements/attributes inside
might be. (#28446)
* cli: Update the HashiCorp public key (#28505)
* cli: Diagnostic messages can now be annotated with resource and provider addresses. (#28275)
* cli: `terraform login` now has a new user experience for successful log-ins to Terraform Cloud and Terraform
Enterprise. (#28487)
* core: Minor graph performance optimizations. (#28329)
BUG FIXES:
* config: Fix validation error when passing providers from a non-default namespace into modules. (#28414)
* cli: Fix missing colors and extraneous resource summary for plan/apply with the remote backend. (#28409)
* cli: Diagnostics messages will only indicate that a referenced value is sensitive if that value is _directly_
sensitive, as opposed to being a complex-typed value that _contains_ a sensitive value. (#28442)
* core: Don't trigger data source reads from changes in sibling module instances. (#28267)
* core: Restore saved dependencies when a resource destroy operation fails. (#28317)
* core: Fix crash when setting sensitive attributes to a sensitive value. (#28383)
* core: Loosen output value sensitivity requirement for non-root modules. This means that modules which may
receive sensitive values as input variables no longer need to mark all related outputs as sensitive. The
requirement for root modules to specify the `sensitive` attribute for sensitive values remains, with an
extended diagnostic message to explain why. (#28472)
* provisioner: Fix panic with unexpected null values in provisioner configuration (#28457)
- from version 0.15.0
UPGRADE NOTES AND BREAKING CHANGES:
The following is a summary of each of the changes in this release that might require special consideration
when upgrading. Refer to [the Terraform v0.15 upgrade guide](https://www.terraform.io/upgrade-guides/0-15.html)
for more details and recommended upgrade steps.
* "Proxy configuration blocks" (provider blocks with only `alias` set) in shared modules are now replaced with a
more explicit `configuration_aliases` argument within the `required_providers` block. Some support for the old
syntax is retained for backward compatibility, but we've added explicit error messages for situations where
Terraform would previously silently misinterpret the purpose of an empty `provider` block. (#27739)
* The `list` and `map` functions, both of which were deprecated since Terraform v0.12, are now removed. You can
replace uses of these functions with `tolist([...])` and `tomap({...})` respectively. (#26818)
* Terraform now requires UTF-8 character encoding and virtual terminal support when running on Windows. This unifies
Terraform's terminal handling on Windows with that of other platforms, as per [Microsoft recommendations]
(https://docs.microsoft.com/en-us/windows/console/classic-vs-vt). Terraform previously required these terminal
features on all other platforms, and now requires them on Windows too.
UTF-8 and virtual terminal support were introduced across various Windows 10 updates, and so Terraform is no longer
officially supported on the original release of Windows 10 or on Windows 8 and earlier. However, there are currently
no technical measures to artificially _prevent_ Terraform from running on these obsolete Windows releases, and so you
_may_ still be able to use Terraform v0.15 on older Windows versions if you either disable formatting (using the
`-no-color`) option, or if you use a third-party terminal emulator package such as [ConEmu](https://conemu.github.io/),
[Cmder](https://cmder.net/), or [mintty](https://mintty.github.io/).
We strongly encourage planning to migrate to a newer version of Windows rather than relying on these workarounds for
the long term, because the Terraform team will test future releases only on up-to-date Windows 10 and can therefore
not guarantee ongoing support for older versions.
* Built-in vendor provisioners (chef, habitat, puppet, and salt-masterless) have been removed. (#26938)
* Interrupting execution will now cause terraform to exit with a non-zero exit status. (#26738)
* The trailing `[DIR]` argument to specify the working directory for various commands is no longer supported. Use the
global `-chdir` option instead. (#27664)
For example, instead of `terraform init infra`, write `terraform -chdir=infra init`.
* The `-lock` and `-lock-timeout` options are no longer available on `terraform init` (#27464)
* The `-verify-plugins=false` option is no longer available on `terraform init`. (Terraform now _always_ verifies plugins.)
(#27461)
* The `-get-plugins=false` option is no longer available on `terraform init`. (Terraform now _always_ installs plugins.)
(#27463)
* The `-force` option is no longer available on `terraform destroy`. Use `-auto-approve` instead (#27681)
* The `-var` and `-var-file` options are no longer available on `terraform validate`. These were deprecated and have had
no effect since Terraform v0.12. (#27906)
* `terraform version -json` output no longer includes the (previously-unpopulated) "revision" property (#27484)
* In the `gcs` backend the `path` config argument, which was deprecated since Terraform v0.11, is now removed. Use the
`prefix` argument instead. (#26841)
* The deprecated `ignore_changes = ["*"]` wildcard syntax is no longer supported. Use `ignore_changes = all` instead.
(#27834)
* Previously deprecated quoted variable type constraints are no longer supported. Follow the instructions in the error
message to update your type signatures to be more explicit. For example, use `map(string)` instead of `"map"`. (#27852)
* Terraform will no longer make use of the `HTTP_PROXY` environment variable to determine proxy settings for connecting
to HTTPS servers. You must always set `HTTPS_PROXY` if you intend to use a proxy to connect to an HTTPS server.
(Note: This affects only connections made directly from Terraform CLI. Terraform providers are separate programs that
make their own requests and may thus have different proxy configuration behaviors.)
* Provider-defined sensitive attributes will now be redacted throughout the plan output. You may now see values redacted
as `(sensitive)` that were previously visible, because sensitivity did not follow provider-defined sensitive attributes.
If you are transforming a value and wish to force it _not_ to be sensitive, such as if you are transforming a value in
such a way that removes the sensitive data, we recommend using the new `nonsensitive` function to hint Terraform that
the result is not sensitive.
* The `atlas` backend, which was deprecated since Terraform v0.12, is now removed. (#26651)
* We've upgraded the underlying TLS and certificate-related libraries that Terraform uses when making HTTPS requests to
remote systems. This includes the usual tweaks to preferences for different cryptographic algorithms during handshakes
and also some slightly-stricter checking of certificate syntax. These changes should not cause problems for correctly-
implemented HTTPS servers, but can sometimes cause unexpected behavior changes with servers or middleboxes that don't
comply fully with the relevant specifications.
ENHANCEMENTS:
* config: A `required_providers` entry can now contain `configuration_aliases` to declare additional configuration aliases
names without requirring a configuration block (#27739)
* config: Improved type inference for conditional expressions. (#28116)
* config: Provider-defined sensitive attributes will now be redacted throughout the plan output. (#28036)
* config: New function `one` for concisely converting a zero-or-one element list/set into a single value that might be `null`.
(#27454)
* config: New functions `sensitive` and `nonsensitive` allow module authors to explicitly override Terraform's default
infererence of value sensitivity for situations where it's too conservative or not conservative enough. (#27341)
* config: Terraform will now emit a warning if you declare a `backend` block in a non-root module. Terraform has always
ignored such declarations, but previously did so silently. This is a warning rather than an error only because it is
sometimes convenient to temporarily use a root module as if it were a child module in order to test or debug its behavior
separately from its main backend. (#26954)
* config: Removed warning about interpolation-only expressions being deprecated, because `terraform fmt` now automatically
fixes most cases that the warning would previously highlight. We still recommend using simpler expressions where possible,
but the deprecation warning had caused a common confusion in the community that the interpolation syntax is _always_
deprecated, rather than only in the interpolation-only case. (#27835)
* config: The family of error messages with the summary "Invalid for_each argument" will now include some additional context
about which external values contributed to the result, making it easier to find the root cause of the error. (#26747)
* config: Terraform now does text processing using the rules and tables defined for Unicode 13. Previous versions
were using Unicode 12 rules.
* `terraform init`: Will now make suggestions for possible providers on some registry failures, and generally remind of
`required_providers` on all registry failures. (#28014)
* `terraform init`: Provider installation will now only attempt to rewrite `.terraform.lock.hcl` if it would contain new
information. (#28230)
* `terraform init`: New `-lockfile=readonly` option, which suppresses writing changes to the dependency lock file. Any
installed provider packages must already be recorded in the lock file, or initialization will fail. Use this if you
are managing the lock file via a separate process and want to avoid adding new checksums for existing dependencies.
(#27630)
* `terraform show`: Improved performance when rendering large plans as JSON. (#27998)
* `terraform validate`: The JSON output now includes a code snippet object for each diagnostic. If present, this object
contains an excerpt of the source code which triggered the diagnostic, similar to what Terraform would include in
human-oriented diagnostic messages. (#28057)
* cli: Terraform now uses UTF-8 and full VT mode even when running on Windows. Previously Terraform was using the "classic"
Windows console API, which was far more limited in what formatting sequences it supported and which characters it could
render. (#27487)
* cli: Improved support for Windows console UI on Windows 10, including bold colors and underline for HCL diagnostics.
(#26588)
* cli: Diagnostic messages now have a vertical line along their left margin, which we hope will achieve a better visual
hierarchy for sighted users and thus make it easier to see where the errors and warnings start and end in relation to
other content that might be printed alongside. (#27343)
* cli: Typing an invalid top-level command, like `terraform destory` instead of `destroy`, will now print out a specific
error message about the command being invalid, rather than just printing out the usual help directory. (#26967)
* cli: Plugin crashes will now be reported with more detail, pointing out the plugin name and the method call along with
the stack trace (#26694)
* cli: Core and Provider logs can now be enabled separately for debugging, using `TF_LOG_CORE` and `TF_LOG_PROVIDER`
(#26685)
* backend/azurerm: Support for authenticating as AzureAD users/roles. (#28181)
* backend/pg: Now allows locking of each workspace separately, whereas before the locks were global across all workspaces.
(#26924)
BUG FIXES:
* config: Fix multiple upstream crashes with optional attributes and sensitive values. (#28116)
* config: Fix various panics in the experimental `defaults` function. (#27979)
* config: Fix crash with resources which have sensitive iterable attributes. (#28245)
* config: Fix crash when referencing resources with sensitive fields that may be unknown. (#28180)
* `terraform validate`: Validation now ignores providers that lack configuration, which is useful for validating modules
intended to be called from other modules which therefore don't include their own provider configurations. (#24896)
* `terraform fmt`: Fix `fmt` output when unwrapping redundant multi-line string interpolations (#28202)
* `terraform console`: expressions using `path` (`path.root`, `path.module`) now return the same result as they would
in a configuration (#27263)
* `terraform show`: Fix crash when rendering JSON plans containing iterable unknown values. (#28253)
* `terraform show`: fix issue with `child_modules` not properly displaying in certain circumstances. (#27352)
* `terraform state list`: fix bug where nested modules' resources were missing (#27268)
* `terraform state mv`: fix display names in errors and improve error when failing to target a whole resource (#27482)
* `terraform taint`: show resource name in -allow-missing warning (#27501)
* `terraform untaint`: show resource name in -allow-missing warning (#27502)
* cli: All commands will now exit with an error if unable to read input at an interactive prompt. For example, this
may happen when running in a non-interactive environment but without `-input=false`. Previously Terraform would
behave as if the user entered an empty string, which often led to confusing results. (#26509)
* cli: `TF_LOG` levels other than `trace` will now work reliably. (#26632)
* core: Fix crash when trying to create a destroy plan with `-refresh=false`. (#28272)
* core: Extend the Terraform plan file format to include information about sensitivity and required-replace. This
ensures that the output of `terraform show saved.tfplan` matches `terraform plan`, and sensitive values are
elided. (#28201)
* core: Ensure that stored dependencies are retained when a resource is removed entirely from the configuration,
and `create_before_destroy` ordering is preserved. (#28228)
* core: Resources removed from the configuration will now be destroyed before their dependencies are updated. (#28165)
* core: Refresh data sources while creating a destroy plan, in case their results are important for destroy operations.
(#27408)
* core: Fix missing deposed object IDs in apply logs (#27796)
* backend/azurerm: Fix nil pointer crashes with some state operations. (#28181)
* backend/azure: Fix interactions between state reading, state creating, and locking. (#26561)
EXPERIMENTS:
* `provider_sensitive_attrs`: This experiment has now concluded, and its functionality is now on by default. If
you were previously participating in this experiment then you can remove the experiment opt-in with no other
necessary configuration changes.
* There is now a `terraform test` command, which is currently an experimental feature serving as part of [the Module
Testing Experiment](https://www.terraform.io/docs/language/modules/testing-experiment.html).
- from version 0.14.11
ENHANCEMENTS:
* cli: Update the HashiCorp public key (#28503)
- Enable go_modules service in _service file
- Switch compression to gz in _service file
* Required for go_modules service to work
* Sat Apr 10 2021 Pau Garcia Quiles <pau.garcia@suse.com>
- Update to 0.14.10 :
ENHANCEMENTS:
* cli: Emit an "already installed" event when a provider is found already
installed (#27722)
* provisioner/remote-exec: Can now run in a mode that expects the remote
system to be running Windows and excuting commands using the Windows
command interpreter, rather than a Unix-style shell. Specify the
target_platform as "windows" in the connection block. (#26865)
ENHANCEMENTS:
* backend/s3: Add support for AWS Single-Sign On (SSO) cached credentials
(#27620)
* config: Terraform now does text processing using the rules and tables
defined for Unicode 13. Previous versions were using Unicode 12 rules
(#28034)
BUG FIXES:
* cli: Rerunning init will reuse installed providers rather than fetching
the provider again (#27582)
* config: Fix panic when applying a config using sensitive values in some
block sets (#27635)
* core: Fix "Invalid planned change" error when planning tainted resource
which no longer exists (#27563)
* core: Fix panic when refreshing data source which contains sensitive
values (#27567)
* core: Fix init with broken link in plugin_cache_dir (#27447)
* core: Prevent evaluation of removed data source instances during plan
(#27621)
* core: Don't plan changes for outputs that remain null (#27512)
* cli: Fix show -json not outputting the full module tree when some child
modules have no resources (#27352)
* cli: Fix excessively slow rendering of very large multi-line string
outputs (#27746)
* cli: Fix missing provider requirements in JSON plan when specified using
required_providers instead of provider config (#27697)
* config: Update HCL package to fix panics when indexing using sensitive
values (#28034)
* core: Fix error when using sensitive values in provisioner configuration
(#27819)
* core: Fix empty diags not getting associated with source (#28029)
* backend/remote: Fix non-functional -lock-timeout argument when using
the remote backend with local operations (#27845)
* backend/remote: Fix error when migrating existing state to a new
workspace on Terraform Cloud/Enterprise. (#28093)
* cli: Only rewrite provider locks file if its contents has changed. (#28230)
* Tue Jan 26 2021 Paolo Stivanin <info@paolostivanin.com>
- Update to 0.14.5 :
NEW FEATURES:
* terraform now supports marking input variables as sensitive, and
will propagate that sensitivity through expressions that derive
from sensitive input variables.
* terraform init will now generate a lock file in the configuration directory
which you can check in to your version control so that Terraform can make
the same version selections in future. (#26524)
* if you wish to retain the previous behavior of always taking
the newest version allowed by the version constraints on each install,
you can run terraform init -upgrade to see that behavior.
* terraform will now support reading and writing all compatible state files,
even from future versions of Terraform. This means that users of
Terraform 0.14.0 will be able to share state files with future Terraform
versions until a new state file format version is needed.
ENHANCEMENTS:
* config: Added sensitive argument for variable blocks, which supresses
output where that variable is used (#26183)
* config: Added alltrue and anytrue functions, which serve as a sort of
dynamic version of the && and || or operators, respectively.
These are intended to allow evaluating boolean conditions, such as in variable
validation blocks, across all of the items in a collection using for expressions.
* config: New functions textencodebase64 and textdecodebase64 for encoding text
in various character encodings other than UTF-8. (#25470)
* terraform plan and terraform apply: Added an experimental concise diff renderer.
By default, Terraform plans now hide most unchanged fields, only displaying
the most relevant changes and some identifying context. This experiment can be disabled
by setting a TF_X_CONCISE_DIFF environment variable to 0.
* config: ignore_changes can now apply to map keys that are not
listed in the configuration
* terraform console: Now has distinct rendering of lists, sets, and tuples,
and correctly renders objects with null attribute values. Multi-line strings
are rendered using the "heredoc" syntax. (#26189, #27054)
* terraform login: Added support for OAuth2 application scopes. (#26239)
* terraform fmt: Will now do some slightly more opinionated normalization behaviors,
using the documented idiomatic syntax. (#26390)
* terraform init's provider installation step will now abort promptly if Terraform
receives an interrupt signal. (#26405)
* cli: A new global command line option -chdir=..., placed before the selected subcommand,
instructs Terraform to switch to a different working directory before executing the subcommand.
This is similar to switching to a new directory with cd before running Terraform,
but it avoids changing the state of the calling shell. (#26087)
* cli: help text is been reorganized to emphasize the main commands and improve consistency
* cli: Ensure that provider requirements are met by the locked dependencies for every command.
This will help catch errors if the configuration has changed since
the last run of terraform init. (#26761)
* core: When sensitive values are used as part of provisioner configuration,
logging is disabled to ensure the values are not displayed to the UI (#26611)
* core: terraform plan no longer uses a separate refresh phase. Instead, all resources
are updated on-demand during planning (#26270)
* modules: Adds support for loading modules with S3 virtual hosted-style access (#26914)
* backend/consul: Split state into chunks when outgrowing the limit of the Consul KV store.
This allows storing state larger than the Consul 512KB limit. (#25856)
* backend/consul: Add force-unlock support to the Consul backend (#25837)
* backend/gcs: Add service account impersonation to GCS backend (#26837)
* On Unix-based operating systems other than MacOS, the SSL_CERT_DIR environment variable
can now be a colon-separated list of multiple certificate search paths. (#26357)
BUG FIXES:
* cli: Fix formatting of long integers in outputs and console (#27479)
* cli: Fix redundant check of remote workspace version for local operations (#27498)
* cli: Fix missing check of remote workspace version for state migration (#27556)
* cli: Fix world-writable permissions on dependency lock file (#27205)
* backend/remote: Disable remote Terraform workspace version check when the remote workspace
is in local operations mode ([#27407])
* core: Fix panic when using sensitive values as arguments to data sources ([#27335])
* core: Fix panic when using sensitive values as count arguments on validate ([#27410])
* core: Fix panic when passing sensitive values to module input variables which have
custom variable validation ([#27412])
* dependencies: Upgrade HCL to v2.8.2, fixing several bugs with sensitive values ([#27420])
* config: Fix anytrue and alltrue functions when called with values
which are not known until apply.
* config: Fix sum function when called with values which are not known until apply.
Also allows sum to cope with numbers too large to represent in float64,
along with correctly handling errors around infinite values. (#27249)
* config: Fixed panic when referencing sensitive values in resource count expressions
* config: Fix incorrect attributes in diagnostics when validating objects (#27010)
* core: Prevent unexpected updates during plan when multiple sensitive values are involved
* dependencies: Fix several small bugs related to the use of sensitive values
with expressions and functions.
* lang: Fix panic when calling coalescelist with a null argument (#26988)
* terraform apply: -refresh=false was skipped when running apply directly (#27233)
* terraform init: setting -get-plugins to false will now cause a warning, as this flag has been
a no-op since 0.13.0 and usage is better served through using provider_installation blocks
* terraform init and other commands which interact with the dependency lock file:
These will now generate a normal error message if the lock file is
incorrectly a directory, rather than crashing as before.
* Wed Oct 07 2020 John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- Update to 0.13.4 (bsc#1177421, jsc#ECO-2766, jsc#PM-2215)
UPGRADE NOTES:
* The built-in vendor (third-party) provisioners, which include `habitat`, `puppet`,
`chef`, and `salt-masterless` are now deprecated and will be removed in a future
version of Terraform.
* Deprecated interpolation-only expressions are detected in more contexts in addition
to resources and provider configurations. Module calls, data sources, outputs, and
locals are now also covered. Terraform also detects interpolation-only expressions
in complex values such as lists and objects. An expression like `"${foo}"` should
be rewritten as just `foo`. (#27272) (#26334)
BUG FIXES:
* command: Include schemas from required but unused providers in the output of `terraform
providers schema`. This allows development tools such as the Terraform language server
to offer autocompletion for the first resource for a given provider. (#26318)
* core: create_before_destroy status is now updated in the state during refresh (#26343)
* core: data sources using `depends_on`, either directly or through their modules, are
no longer are forced to wait until apply by other planned data source reads (#26375)
- from 0.13.3
BUG FIXES:
* build: fix crash with terraform binary on openBSD (#26250)
* core: prevent create_before_destroy cycles by not connecting module close nodes to
resource instance destroy nodes (#26186)
* core: fix error where plan action changes from CreateThenDelete to DeleteThenCreate (#26192)
* core: fix Cycle when create_before_destroy status wasn't checked from state (#26263)
* core: fix "inconsistent final plan" error when changing the number of referenced
resources to 0 (#26264)
* states/remote: fix `state push -force` to work for all backends (#26190)
- from 0.13.2
NEW FEATURES:
* **Network-based Mirrors for Provider Installation**: As an addition to the existing capability
of "mirroring" providers into the local filesystem, a network mirror allows publishing copies
of providers on an HTTP server and using that as an alternative source for provider packages,
for situations where directly accessing the origin registries is impossible or undesirable.
(#25999)
ENHANCEMENTS:
* backend/http: add support for configuration by environment variable. (#25439)
* command: Add support for provider redirects to `0.13upgrade`. If a provider in the Terraform
Registry has moved to a new namespace, the `0.13upgrade` subcommand now detects this and follows
the redirect where possible. (#26061)
* command: Improve `init` error diagnostics when encountering what appears to be an in-house
provider required by a pre-0.13 state file. Terraform will now display suggested `terraform state
replace-provider` commands which will fix this specific problem. (#26066)
BUG FIXES:
* command: Warn instead of error when the `output` subcommand with no arguments results in no outputs.
This aligns the UI to match the 0 exit code in this situation, which is notable but not necessarily
an error. (#26036)
* terraform: Fix crashing bug when reading data sources during plan with blocks backed by objects,
not collections (#26028)
* terraform: Fix bug where variables values were asked for twice on the command line and provider
input values were asked for but not saved (#26063)
- from 0.13.1
ENHANCEMENTS:
* config: `cidrsubnet` and `cidrhost` now support address extensions of more than 32 bits (#25517)
* cli: The directories that Terraform searches by default for provider plugins can now be symlinks
to directories elsewhere. (This applies only to the top-level directory, not to nested directories
inside it.) (#25692)
* backend/s3: simplified mock handling and assume role testing (#25903)
* backend/s3: support for appending data to the User-Agent request header with the TF_APPEND_USER_AGENT
environment variable (#25903)
BUG FIXES:
* config: Override files containing `module` blocks can now override the special `providers` argument. (#25496)
* cli: The state lock will now be unlocked consistently across both the local and remote backends in the
`terraform console` and `terraform import` commands. (#25454)
* cli: The `-target` option to `terraform plan` and `terraform apply` now correctly handles addresses
containing module instance indexes. (#25760)
* cli: `terraform state mv` can now move the last resource from a module without panicking. (#25523)
* cli: If the output of `terraform version` contains an outdated version notice, this is now printed
after the version number and not before. (#25811)
* command: Prevent creation of workspaces with invalid names via the `TF_WORKSPACE` environment variable,
and allow any existing invalid workspaces to be deleted. (#25262)
* command: Fix error when multiple `-no-color` flags are set on the command line. (#25847)
* command: Fix backend config override validation, allowing the use of `-backend-config` override files
with the enhanced remote backend. (#25960)
* core: State snapshots now use a consistent ordering for resources that have the same name across different
modules. Previously the ordering was undefined. (#25498)
* core: A `dynamic` block producing an unknown number of blocks will no longer incorrectly produce the error
"Provider produced inconsistent final plan" when the block type is backed by a set of objects. (#25662)
* core: Terraform will now silently drop attributes that appear in the state but are not present in the
corresponding resource type schema, on the assumption that those attributes existed in a previous version
of the provider and have now been removed. (#25779)
* core: The state upgrade logic for handling unqualified provider addresses from Terraform v0.11 and earlier
will no longer panic when it encounters references to the built-in `terraform` provider. (#25861)
* internal: Clean up provider package download temporary files after installing. (#25990)
* terraform: Evaluate module call arguments for `terraform import` even if defaults are given for input
variables (#25890)
* terraform: Fix misleading Terraform `required_version` constraint diagnostics when multiple `required_version`
settings exist in a single module (#25898)
- from 0.13.0
NEW FEATURES:
* **`count` and `for_each` for modules**: Similar to the arguments of the same name in `resource` and `data`
blocks, these create multiple instances of a module from a single `module` block. (#24461)
* **`depends_on` for modules**: Modules can now use the `depends_on` argument to ensure that all module
resource changes will be applied after any changes to the `depends_on` targets have been applied. (#25005)
* **Automatic installation of third-party providers**: Terraform now supports a decentralized namespace for
providers, allowing for automatic installation of community providers from third-party namespaces in the
public registry and from private registries. (More details will be added about this prior to release.)
* **Custom validation rules for input variables**: A new `validation` block type inside `variable` blocks
allows module authors to define validation rules at the public interface into a module, so that errors in
the calling configuration can be reported in the caller's context rather than inside the implementation
details of the module. (#25054)
* **New Kubernetes remote state storage backend**: This backend stores state snapshots as Kubernetes secrets.
(#19525)
BREAKING CHANGES:
* As part of introducing a new heirarchical namespace for providers, Terraform now requires an explicit `source`
specification for any provider that is not in the "hashicorp" namespace in the main public registry. (#24477)
For more information, including information on the automatic upgrade process, refer to the v0.13 upgrade guide.
* `terraform import`: the previously-deprecated `-provider` option is now removed. (#24090)
To specify a non-default provider configuration for import, add the `provider` meta-argument to the
target `resource` block.
* config: Inside `provisioner` blocks that have `when = destroy` set, and inside any `connection` blocks that are
used by such `provisioner` blocks, it is no longer valid to refer to any objects other than `self`, `count`, or
`each`. (This was previously deprecated in a v0.12 minor release.) (#24083)
If you are using `null_resource` to define provisioners not attached to a real resource, include any values your
provisioners need in the `triggers` map and change the provisioner configuration to refer to those values
via `self.triggers`.
* configs: At most one `terraform` `required_providers` block is permitted per module (#24763)
If you previously had multiple `required_providers` blocks in the same module, consolidate their requirements
together into a single block.
* The official MacOS builds of Terraform CLI are no longer compatible with Mac OS 10.10 Yosemite; Terraform now
requires at least Mac OS 10.11 El Capitan.
Terraform 0.13 is the last major release that will support 10.11 El Capitan, so if you are upgrading your OS
we recommend upgrading to Mac OS 10.12 Sierra or later.
* The official FreeBSD builds of Terraform CLI are no longer compatible with FreeBSD 10.x, which has reached
end-of-life. Terraform now requires FreeBSD 11.2 or later.
* backend/oss: The TableStore schema now requires a primary key named `LockID` of type `String`. (#24149)
* backend/s3: The previously-deprecated `lock_table`, `skip_get_ec2_platforms`, and `skip_requesting_account_id`
arguments are now removed. (#25134)
* backend/s3: The credential source preference order now considers EC2 instance profile credentials as lower
priority than shared configuration, web identity, and ECS role credentials. (#25134)
* backend/s3: The `AWS_METADATA_TIMEOUT` environment variable is no longer used. The timeout is now fixed at one
second with two retries. (#25134)
NOTES:
* The `terraform plan` and `terraform apply` commands will now detect and report changes to root module outputs
as needing to be applied even if there are no resource changes in the plan.
This is an improvement in behavior for most users, since it will now be possible to change `output` blocks and
use `terraform apply` to apply those changes.
If you have a configuration where a root module output value is changing for every plan (for example, by referring
to an unstable data source), you will need to remove or change that output value in order to allow convergence on
an empty plan. Otherwise, each new plan will propose more changes.
* Terraform CLI now supports TLS 1.3 and supports Ed25519 certificates when making outgoing connections to
remote TLS servers.
While both of these changes are backwards compatible in principle, certain legacy TLS server implementations can
reportedly encounter problems when attempting to negotiate TLS 1.3. (These changes affects only requests made by
Terraform CLI itself, such as to module registries or backends. Provider plugins have separate TLS implementations
that will gain these features on a separate release schedule.)
* On Unix systems where `use-vc` is set in `resolv.conf`, Terraform will now use TCP for DNS resolution.
We don't expect this to cause any problem for most users, but if you find you are seeing DNS resolution failures
after upgrading please verify that you can either reach your configured nameservers using TCP or that your resolver
configuration does not include the `use-vc` directive.
* The `terraform 0.12upgrade` command is no longer available. (#24403)
To upgrade from Terraform v0.11, first upgrade to the latest v0.12 release and then upgrade to v0.13 from there.
ENHANCEMENTS:
* config: `templatefile` function will now return a helpful error message if a given variable has an invalid name,
rather than relying on a syntax error in the template parsing itself. (#24184)
* config: The configuration language now uses Unicode 12.0 character tables for certain Unicode-version-sensitive
operations on strings, such as the `upper` and `lower` functions. Those working with strings containing new characters
introduced since Unicode 9.0 may see small differences in behavior as a result of these table updates.
* config: The new `sum` function takes a list or set of numbers and returns the sum of all elements. (#24666)
* config: Modules authored by the same vendor as the main provider they use can now pass metadata to the provider to
allow for instrumentation and analytics. (#22583)
* cli: The `terraform plan` and `terraform apply` commands now recognize changes to root module outputs as side-effects
to be approved and applied. This means you can apply root module output changes using the normal plan and apply workflow.
(#25047)
* cli: When installing providers from the Terraform Registry, Terraform will verify the trust signature for partner
providers, and allow for self-signed community providers. (#24617)
* cli: `terraform init` will display detailed trust signature information when installing providers from the Terraform
Registry and other provider registries. (#24932)
* cli: It is now possible to optionally specify explicitly which installation methods can be used for different providers
in the CLI configuration, such as forcing a particular provider to be loaded from a particular directory on local disk
instead of consulting its origin provider registry. (#24728)
* cli: The new `terraform state replace-provider` subcommand allows changing the selected provider for existing resource
instances in the Terraform state. (#24523)
* cli: The new `terraform providers mirror` subcommand can automatically construct or update a local filesystem mirror
directory containing the providers required for the current configuration. (#25084)
* cli: `terraform version -json` now produces machine-readable version information. (#25252)
* cli: `terraform import` can now work with provider configurations containing references to other objects, as long as the
data in question is already known in the current state. (#25420)
* cli: The `terraform state rm` command will now exit with status code 1 if the given resource address does not match any
resource instances. (#22300)
* cli: The `terraform login` command now requires the full word "yes" to confirm, rather than just "y",
for consistency with Terraform's other interactive prompts. (#25379)
* core: Several of Terraform's graph operations are now better optimized to support configurations with highly-connected
graphs. (#23811)
* backend/remote: Now supports `terraform state push -force`. (#24696)
* backend/remote: Can now accept `-target` options when creating a plan using _remote operations_, if
supported by the target server. (Server-side support for this in Terraform Cloud and Terraform Enterprise
will follow in forthcoming releases of each.) (#24834)
* backend/azurerm: Now uses the Giovanni Storage SDK to communicate with Azure. (#24669)
* backend/s3: The backend will now always consult the shared configuration file, even if the `AWS_SDK_LOAD_CONFIG`
environment variable isn't set. That environment variable is now ignored. (#25134)
* backend/s3: Region validation now automatically supports the new `af-south-1`
(Africa (Cape Town)) region. (#24744)
For AWS operations to work in the new region, you must explicitly enable it as described in AWS General
Reference: Enabling a Region. If you haven't enabled the region, the Terraform S3 Backend will
return `InvalidClientTokenId` errors during credential validation.
* backend/s3: A `~/` prefix in the `shared_credentials_file` argument is now expanded to
the current user's home directory. (#25134)
* backend/s3: The backend has a number of new options for customizing the "assume role" behavior,
including controlling the lifetime and access policy of temporary credentials. (#25134)
* backend/swift: The authentication options match those of the OpenStack provider. (#23510)
BUG FIXES:
* config: The `jsonencode` function can now correctly encode a single null value as
the JSON expression `null`. (#25078)
* config: The `map` function no longer crashes when incorrectly given a non-string key. (#24277)
* config: The `substr` function now correctly returns a zero-length string when given a
length of zero, rather than ignoring that argument entirely. (#24318)
* config: `ceil(1/0)` and `floor(1/0)` (that is, an infinity as an argument) now return another
infinity with the same sign, rather than just a large integer. (#21463)
* config: The `rsadecrypt` function now supports the OpenSSH RSA key format. (#25112)
* config: The `merge` function now returns more precise type information, making it usable for
values passed to `for_each`, and will no longer crash if all of the given maps are empty. (#24032), (#25303)
* vendor: The various set-manipulation functions, like `setunion`, will no longer
panic if given an unknown set value (#25318)
* config: Fixed a crash with incorrect syntax in `.tf.json` and `.tfvars.json` files. (#24650)
* config: The function argument expansion syntax `...` no longer incorrectly fails with "Invalid
expanding argument value" in situations where the expanding argument's type will not be known
until the apply phase. (#25216)
* config: Variable `validation` block error message checks no longer fail when non-ASCII
characters are present. (#25144)
* cli: The `terraform plan` command (and the implied plan run by `terraform apply` with no arguments)
will now print any warnings that were generated even if there are no changes to be made. (#24095)
* cli: `terraform state mv` now correctly records the resource's use of either `count` or `for_each`
based on the given target address. (#24254)
* cli: When using the `TF_CLI_CONFIG_FILE` environment variable to override where Terraform looks
for CLI configuration, Terraform will now ignore the default CLI configuration directory as well
as the default CLI configuration file. (#24728)
* cli: The `terraform login` command in OAuth2 mode now implements the PKCE OAuth 2 extension more
correctly. Previously it was not compliant with all of the details of the specification. (#24858)
* cli: Fixed a potential crash when the `HOME` environment variable isn't set, causing the native
service credentials store to be `nil`. (#25110)
* command/fmt: Error messages will now include source code snippets where possible. (#24471)
* command/apply: `terraform apply` will no longer silently exit when given an absolute
path to a saved plan file on Windows. (#25233)
* command/init: `terraform init` will now produce an explicit error message if given a non-directory
path for its configuration directory argument, and if a `-backend-config` file has a syntax error.
Previously these were silently ignored. (#25300), (#25411)
* command/console: (#25442)
* command/import: The `import` command will now properly attach the configured provider for the target
resource based on the configuration, making the `-provider` command line option unnecessary. (#22862)
* command/import: The `-allow-missing-config` option now works correctly. It was inadvertently
disabled as part of v0.12 refactoring. (#25352)
* command/show: Resource addresses are now consistently formatted between the plan and prior state
in the `-json` output. (#24256)
* core: Fixed a crash related to an unsafe concurrent read and write of a map data structure. (#24599)
* core: Instances are now destroyed only using their stored state, without re-evaluating configuration. This
avoids a number of dependency cycle problems when "delete" actions are included in a plan. (#24083)
* provider/terraform: The `terraform_remote_state` data source will no longer attempt to "configure" the
selected backend during validation, which means backends will not try to perform remote actions such as
verifying credentials during `terraform validate`. Local validation still applies in all cases, and the
configuration step will still occur prior to actually reading the remote state in a normal plan/apply
operation. (#24887)
* backend/remote: Backend will no longer crash if the user cancels backend initialization at an inopportune
time, or if there is a connection error. (#25135) (#25341)
* backend/azurerm: The backend will now create a Azure storage snapshot of the previous Terraform
state snapshot before writing a new one. (#24069)
* backend/s3: Various other minor authentication-related fixes previously made in the AWS provider. (#25134)
* backend/oss: Now allows locking of multiple different state files. (#24149)
* provisioner/remote-exec: The provisioner will now return an explicit error if the `host` connection argument
is an empty string. Previously it would repeatedly attempt to resolve an empty hostname until timeout. (#24080)
* provisioner/chef: The provisioner will now gracefully handle non-failure (RFC062) exit codes returned from Chef. (#19155)
* provisioner/habitat: The provisioner will no longer generate `user.toml` with world-readable permissions. (#24321)
* communicator/winrm: Support a connection timeout for WinRM `connection` blocks. Previously this
argument worked for SSH only. (#25350)
EXPERIMENTS:
* This release concludes the `variable_validation` experiment that was started in Terraform v0.12.20. If you were
participating in the experiment, you should remove the experiment opt-in from your configuration as part of upgrading
to Terraform 0.13. The experiment received only feedback that can be addressed with backward-compatible future
enhancements, so we've included it into this release as stable with no changes to its original design so far. We'll
consider additional features related to custom validation in future releases after seeing how it's used in
real-world modules.
- from 0.12.29
BUG FIXES:
* core: core: Prevent quadratic memory usage with large numbers of instances by not storing the complete resource
state in each instance (#25633)
- from 0.12.28
BUG FIXES:
* build: build the 0.12 version of Terraform with Go 1.12.13, rather than 0.13 Terraform's 1.14.2 (#25386)
- from 0.12.27
BUG FIXES:
* backend/remote: fix panic when there's a connection error to the remote backend (#25341)
- Bump mininum Go API version to 1.14
* Mon Jun 08 2020 Dirk Mueller <dmueller@suse.com>
- update to 0.12.26
ENHANCEMENTS:
* backend/remote: Can now accept -target options when creating a plan using
remote operations, if supported by the target server. (Server-side support
for this in Terraform Cloud and Terraform Enterprise will follow in
forthcoming releases of each.) (#24834)
* cli: A special new lifecycle mode for provider plugins where they are
assumed to be controlled by an external process outside of Terraform. This
is for automated provider plugin testing only, and is not an end-user
feature. (#24674)
* Tue May 19 2020 Dirk Mueller <dmueller@suse.com>
- update to 0.12.25:
NOTES:
* backend/s3: Region validation now automatically supports the new af-south-1 (Africa (Cape Town)) region.
ENHANCEMENTS:
* backend/s3: Support automatic region validation for af-south-1 (#24744)
* backend/remote: Add support for force push to remote backend (#24884)
BUG FIXES:
* core: Destroy provisioners should not evaluate for_each expressions (#24163)
* core: Fix races in GetVariableValue (#24599)
* Tue Mar 24 2020 Petr Cervinka <petr@cervinka.net>
- Update to 0.12.24
BUG FIXES:
* command/login: Fix bug when using terraform login on Windows (#24397)
* registry: Fix panic when server is unreachable (#24411)
* Fri Mar 06 2020 Petr Cervinka <petr@cervinka.net>
- Update to 0.12.23
BUG FIXES:
* cli: Fix wrong version returned by `terraform version`
- Update to 0.12.22
ENHANCEMENTS:
* registry: Add configurable retries for module and provider discovery requests to the remote registry ([#24260](https://github.com/hashicorp/terraform/pull/24260))
* registry: Add configurable request timeout for the remote registry client ([#24259](https://github.com/hashicorp/terraform/pull/24259))
BUG FIXES:
* cli: Fix terraform state mv to correctly set the resource each mode based on the target address ([#24254](https://github.com/hashicorp/terraform/issues/24254))
* cli: The `terraform plan` command (and the implied plan run by `terraform apply` with no arguments) will now print any warnings that were generated even if there are no changes to be made. ([#24095](https://github.com/hashicorp/terraform/issues/24095))
* Wed Feb 19 2020 Petr Cervinka <petr@cervinka.net>
- Update to 0.12.21
NEW FEATURES:
* backend/cos: New backend "cos", supporting using Tencent Cloud Storage as a remote backend.
* command/login: Enable "terraform login" and add support for UI-generated tokens ([#23995](https://github.com/hashicorp/terraform/issues/23995))
* command/logout: Add "terraform logout" command to remove local credentials ([#24048](https://github.com/hashicorp/terraform/issues/24048))
ENHANCEMENTS:
* command/workspace delete: release lock after workspace removal warning ([#24085](https://github.com/hashicorp/terraform/issues/24085))
* lang/funcs: add `setsubtract` function ([#23424](https://github.com/hashicorp/terraform/issues/23424))
BUG FIXES:
* command/state show: Fix an issue when a resource has a non-default provider configured ([#24027](https://github.com/hashicorp/terraform/issues/24027))
* backend/remote-state: Fix issues where lingering lock files remained when deleting non-empty workspaces ([#24085](https://github.com/hashicorp/terraform/issues/24085))
* command/import: Release lock if initialization error occurs on import ([#23318](https://github.com/hashicorp/terraform/issues/23318))
* terraform: Fix panic when using `for_each` with a set containing `null` values ([#24047](https://github.com/hashicorp/terraform/issues/24047))
* Wed Feb 19 2020 Petr Cervinka <petr@cervinka.net>
- Run spec-cleaner
- Update to 0.12.20
ENHANCEMENTS:
* config: New built-in functions `try` and `can` are intended to ease working with data structures whose shape isn't known statically. ([#23794](https://github.com/hashicorp/terraform/issues/23794))
* config: New, optional syntax for [`required_providers`](https://www.terraform.io/docs/configuration/terraform.html#specifying-required-provider-versions) setting in `terraform` blocks. This is not intended for general use yet but will support upcoming enhancements. [[#23843](https://github.com/hashicorp/terraform/issues/23843)]
BUG FIXES:
* command/show: Fix an issue with show and aliased providers ([#23848](https://github.com/hashicorp/terraform/issues/23848))
* core: Always clean up empty resources before empty modules ([#23822](https://github.com/hashicorp/terraform/issues/23822))
* internal/modsdir/manifest: Fix CLI issue with Windows machines ([#23865](https://github.com/hashicorp/terraform/issues/23865))
EXPERIMENTS:
* This release includes an _opt-in experiment_ for [custom validation rules on module variables](https://www.terraform.io/docs/configuration/variables.html#custom-validation-rules).
The feature is not yet finalized and is subject to breaking changes even in minor releases, but we're introducing it here in order to solicit feedback from module developers about which use-cases it is meeting, any use-cases it _isn't_ meeting, and any situations where things feel harder to express than they might be.
Due to the experimental nature of this feature, we do not recommend using it in "production" modules yet and we require an explicit [experimental feature opt-in](https://www.terraform.io/docs/configuration/terraform.html#experimental-language-features) of `variable_validation`. Depending on what feedback we receive, the design of this experimental feature may change significantly in future versions without an automatic upgrade path.
* Mon Jan 20 2020 John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- Update in SLE-15 (bsc#1158440, CVE-2019-19316)
* Wed Jan 15 2020 Jean-Philippe Evrard <jevrard@suse.com>
- Update to 0.12.19
ENHANCEMENTS:
command/init: Cache Terraform Registry metadata responses when handling multiple references to the same module. (#23727)
command/state-mv: Detect and remove references elsewhere in the state to the source address in a terraform state mv operation. This does not affect any current operations but will cause the resulting state snapshot to be different than before, and a future version of Terraform may make use of this additional precision. (#23791)
BUG FIXES:
command/init: Fix an issue with via an update to go-getter where modules would fail to download from the registry (#23792)
command/init: use backend config from state when -backend=false is used during init. (#23802)
core: Do not evaluate unused config values, which may not be valid during destroy (#23717)
core: Better error handling for an odd "should never happen" situation regarding the restoration of a deposed instance during a create_before_destroy replace action. While this does not yet fix the situation (it can still happen), it now has a specialized error message to hopefully help gather some more information about the root cause in future reports. (#23718)
core: Prevent insertion of default providers when resources are removed from the config. (#23696)
core: Detect and handle dependencies implied by references in a connection block directly within a resource block. (#23663)
communicator/ssh: Fix deadlock when SSH agent forwarding fails. (#23661)
- Update to 0.12.18
NOTES:
cli: Our darwin releases for this version and up will be signed and notarized according to Apple's requirements.
Prior to this release, MacOS 10.15+ users attempting to run our software reported seeing the error: "'terraform' cannot be opened because the developer cannot be verified." This error affected all MacOS 10.15+ users who downloaded our software directly via web browsers, and was caused by changes to Apple's third-party software requirements.
Our recommended approach to install and interact with the Terraform CLI can be found here.
MacOS 10.15+ users should plan to upgrade to 0.12.18+.
UPGRADE NOTES:
Inside provisioner blocks that have when = destroy set, and inside any connection blocks that are used by such provisioner blocks, it is now deprecated to refer to any objects other than self, count, and each.
Terraform has historically allowed this but doing so tends to cause downstream problems with dependency cycles or incorrect destroy ordering because it causes the destroy phase of one resource to depend on the existing state of another. Although this is currently only a warning, we strongly suggest seeking alternative approaches for existing configurations that are hitting this warning in order to avoid the risk of later problems should you need to replace or destroy the related resources.
This deprecation warning will be promoted to an error in a future release.
ENHANCEMENTS:
provisioners: Warn about the deprecation of non-self references in destroy-time provisioners, both to allow preparation for this later becoming an error and also as an extra hint for the "Cycle" errors that commonly arise when such references are used. (#23559)
cli: The terraform plan and terraform apply commands (and some others) now accept the additional option -compact-warnings. If set, and if Terraform produces warnings that are not also accompanied by errors, then the warnings will be presented in the output in a compact form that includes only the summary information, thus providing a compromise to avoid warnings overwhelming the output if you are not yet ready to resolve them. (#23632)
BUG FIXES:
backend/s3: Fix for users with >1000 workspaces (#22963)
cli: Allow moving indexed resource instances to new addresses that that don't yet exist in state (#23582)
cli: Improved heuristics for log level filtering with the TF_LOG environment variable, although it is still not 100% reliable for levels other than TRACE due to limitations of Terraform's internal logging infrastructure. Because of that, levels other than TRACE will now cause the logs to begin with a warning about potential filtering inaccuracy. (#23577)
command/show: Fix panic on show plan (#23581)
config: Fixed referencing errors generally involving for_each (#23475)
provisioners: The built-in provisioners (local-exec, remote-exec, file, etc) will no longer fail when the TF_CLI_ARGS environment variable is set. (#17400)
/usr/bin/terraform /usr/share/doc/packages/terraform /usr/share/doc/packages/terraform/CHANGELOG.md /usr/share/doc/packages/terraform/README.md /usr/share/licenses/terraform /usr/share/licenses/terraform/LICENSE
Generated by rpm2html 1.8.1
Fabrice Bellet, Sat Mar 9 12:50:11 2024