This repository has been archived by the owner on Apr 30, 2024. It is now read-only.
Update Terraform hashicorp/terraform to >= 0.15.5 #166
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
Test plan: CI should pass with updated dependencies. No review required: this is an automated dependency update PR.
Release Notes
hashicorp/terraform (hashicorp/terraform)
v0.15.5
Compare Source
0.15.5 (June 02, 2021)
BUG FIXES:
terraform plan
andterraform apply
: Don't show "Objects have changed" notification when the detected changes are only internal details related to legacy SDK quirks. (#28796)v0.15.4
Compare Source
0.15.4 (May 19, 2021)
NEW FEATURES:
Noting changes made outside of Terraform: Terraform has always, by default, made a point during the planning operation of reading the current state of remote objects in order to detect any changes made outside of Terraform, to make sure the plan will take those into account.
Terraform will now report those detected changes as part of the plan result, in order to give additional context about the planned changes. We've often heard that people find it confusing when a plan includes a change that doesn't seem to be prompted by any recent change in the configuration, and so this feature is aiming to provide the previously-missing explanation for situations where Terraform is planning to undo a change.
It can also be useful just as general information when the change won't be undone by Terraform: if you've intentionally made a change outside of Terraform and mirrored that change in your configuration then Terraform will now confirm that it noticed the change you made and took it into account when planning.
By default this new output is for information only and doesn't change any behavior. If Terraform detects a change you were expecting then you don't need to take any additional action to respond to it. However, we've also added a new planning mode
-refresh-only
which allows you to explicitly plan and apply the action of writing those detected changes to the Terraform state, which serves as a plannable replacement forterraform refresh
. We don't have any plans to remove the long-standingterraform refresh
command, but we do recommend usingterraform apply -refresh-only
instead in most cases, because it will provide an opportunity to review what Terraform detected before updating the Terraform state.UPGRADE NOTES:
resource.
,template.
,arg.
, andlazy.
. We don't expect these additions to cause problems for most existing configurations, but could cause a conflict if you are using a custom provider which has a resource type named exactly "resource", "template", "arg", or "lazy". In that unlikely event, you can escape references to resources of those types by adding aresource.
prefix; for example, if you have aresource "template" "foo"
then you can change references to it fromtemplate.foo
toresource.template.foo
in order to escape the new meaning.ENHANCEMENTS:
filesha256
, will now stream the contents of the given file into the hash function in smaller chunks. Previously they would always read the entire file into memory before hashing it, due to following a similar implementation strategy as thefile
function. (#28681)terraform init
: add a new-migrate-state
flag instead of automatic state migration, to prevent failing when old backend config is not usable (#28718)terraform plan
andterraform apply
: will now report any changes Terraform detects during the "refresh" phase for each managed object, providing confirmation that Terraform has seen those changes and, where appropriate, extra context to help understand the planned change actions that follow. (#28634)terraform plan
andterraform apply
: now have a new option-refresh-only
to activate the "refresh only" planning mode, which causes Terraform to ignore any changes suggested by the configuration but still detect any changes made outside of Terraform since the latestterraform apply
. (#28634)GOOGLE_APPLICATION_CREDENTIALS
environment variable. This is also available in the Google Provider in versions newer than v3.61. (#28296)-refresh=false
,-replace
, and-refresh-only
. (#28746)BUG FIXES:
bastion_port
in a resourceconnection
block (#28665)create_before_destroy
replacement failed to destroy the old object, in which case Terraform needs to track both the new and old objects until the old object is successfully deleted. Refreshing these during planning means that you can, if you wish, delete a "deposed" object manually outside of Terraform and then have Terraform detect that you've done so. (#28634)lookup
andlength
functions, which were accidentally omitted from the larger update in 0.15.1 (#28509)v0.15.3
Compare Source
0.15.3 (May 06, 2021)
ENHANCEMENTS:
terraform show
: Add data to the JSON plan output describing which changes caused a resource to be replaced (#28608)BUG FIXES:
terraform show
: Fix crash for JSON plan output of new resources with sensitive attributes in nested blocks (#28624)v0.15.2
Compare Source
0.15.2 (May 05, 2021)
ENHANCEMENTS:
terraform plan
andterraform apply
: Both now support a new planning option-replace=...
which takes the address of a resource instance already tracked in the state and forces Terraform to upgrade either an update or no-op plan for that instance into a "replace" (either destroy-then-create or create-then-destroy depending on configuration), to allow replacing a degraded object with a new object of the same configuration in a single action and preview the effect of that before applying it.terraform apply
: Now has a-destroy
option for symmetry withterraform plan -destroy
, which makesterraform destroy
effectively an alias forterraform apply -destroy
. This change is only for consistency betweenterraform plan
andterraform apply
; there are no current plans to deprecateterraform destroy
. (#28489)BUG FIXES:
setproduct
with one or more empty collections (#28607)v0.15.1
Compare Source
0.15.1 (April 26, 2021)
ENHANCEMENTS:
config: Various Terraform language functions now have more precise inference rules for propagating the "sensitive" characteristic values.
The affected functions are
chunklist
,concat
,flatten
,keys
,length
,lookup
,merge
,setproduct
,tolist
,tomap
,values
, andzipmap
. The details are a little different for each of these but the general idea is to, as far as possible, preserve the sensitive characteristic on individual element or attribute values in result structures rather than always conservatively applying sensitivity to the whole result.The primary benefit of these improvements is that you can now use these functions as part of constructing maps for
for_each
in situations where the input collection is never sensitive but some of the elements/attributes inside might be. (#28446] [#28460)cli: Update the HashiCorp public key (#28505)
cli: Diagnostic messages can now be annotated with resource and provider addresses. (#28275)
cli:
terraform login
now has a new user experience for successful log-ins to Terraform Cloud and Terraform Enterprise. (#28487)core: Minor graph performance optimizations. (#28329)
BUG FIXES:
sensitive
attribute for sensitive values remains, with an extended diagnostic message to explain why. (#28472)v0.15.0
Compare Source
0.15.0 (April 14, 2021)
UPGRADE NOTES AND BREAKING CHANGES:
The following is a summary of each of the changes in this release that might require special consideration when upgrading. Refer to the Terraform v0.15 upgrade guide for more details and recommended upgrade steps.
"Proxy configuration blocks" (provider blocks with only
alias
set) in shared modules are now replaced with a more explicitconfiguration_aliases
argument within therequired_providers
block. Some support for the old syntax is retained for backward compatibility, but we've added explicit error messages for situations where Terraform would previously silently misinterpret the purpose of an emptyprovider
block. (#27739)The
list
andmap
functions, both of which were deprecated since Terraform v0.12, are now removed. You can replace uses of these functions withtolist([...])
andtomap({...})
respectively. (#26818)Terraform now requires UTF-8 character encoding and virtual terminal support when running on Windows. This unifies Terraform's terminal handling on Windows with that of other platforms, as per Microsoft recommendations. Terraform previously required these terminal features on all other platforms, and now requires them on Windows too.
UTF-8 and virtual terminal support were introduced across various Windows 10 updates, and so Terraform is no longer officially supported on the original release of Windows 10 or on Windows 8 and earlier. However, there are currently no technical measures to artificially prevent Terraform from running on these obsolete Windows releases, and so you may still be able to use Terraform v0.15 on older Windows versions if you either disable formatting (using the
-no-color
) option, or if you use a third-party terminal emulator package such as ConEmu, Cmder, or mintty.We strongly encourage planning to migrate to a newer version of Windows rather than relying on these workarounds for the long term, because the Terraform team will test future releases only on up-to-date Windows 10 and can therefore not guarantee ongoing support for older versions.
Built-in vendor provisioners (chef, habitat, puppet, and salt-masterless) have been removed. (#26938)
Interrupting execution will now cause terraform to exit with a non-zero exit status. (#26738)
The trailing
[DIR]
argument to specify the working directory for various commands is no longer supported. Use the global-chdir
option instead. (#27664)For example, instead of
terraform init infra
, writeterraform -chdir=infra init
.The
-lock
and-lock-timeout
options are no longer available onterraform init
(#27464)The
-verify-plugins=false
option is no longer available onterraform init
. (Terraform now always verifies plugins.) (#27461)The
-get-plugins=false
option is no longer available onterraform init
. (Terraform now always installs plugins.) (#27463)The
-force
option is no longer available onterraform destroy
. Use-auto-approve
instead (#27681)The
-var
and-var-file
options are no longer available onterraform validate
. These were deprecated and have had no effect since Terraform v0.12. (#27906)terraform version -json
output no longer includes the (previously-unpopulated) "revision" property (#27484)In the
gcs
backend thepath
config argument, which was deprecated since Terraform v0.11, is now removed. Use theprefix
argument instead. (#26841)The deprecated
ignore_changes = ["*"]
wildcard syntax is no longer supported. Useignore_changes = all
instead. (#27834)Previously deprecated quoted variable type constraints are no longer supported. Follow the instructions in the error message to update your type signatures to be more explicit. For example, use
map(string)
instead of"map"
. (#27852)Terraform will no longer make use of the
HTTP_PROXY
environment variable to determine proxy settings for connecting to HTTPS servers. You must always setHTTPS_PROXY
if you intend to use a proxy to connect to an HTTPS server. (Note: This affects only connections made directly from Terraform CLI. Terraform providers are separate programs that make their own requests and may thus have different proxy configuration behaviors.)Provider-defined sensitive attributes will now be redacted throughout the plan output. You may now see values redacted as
(sensitive)
that were previously visible, because sensitivity did not follow provider-defined sensitive attributes.If you are transforming a value and wish to force it not to be sensitive, such as if you are transforming a value in such a way that removes the sensitive data, we recommend using the new
nonsensitive
function to hint Terraform that the result is not sensitive.The
atlas
backend, which was deprecated since Terraform v0.12, is now removed. (#26651)We've upgraded the underlying TLS and certificate-related libraries that Terraform uses when making HTTPS requests to remote systems. This includes the usual tweaks to preferences for different cryptographic algorithms during handshakes and also some slightly-stricter checking of certificate syntax. These changes should not cause problems for correctly-implemented HTTPS servers, but can sometimes cause unexpected behavior changes with servers or middleboxes that don't comply fully with the relevant specifications.
ENHANCEMENTS:
required_providers
entry can now containconfiguration_aliases
to declare additional configuration aliases names without requirring a configuration block (#27739)one
for concisely converting a zero-or-one element list/set into a single value that might benull
. (#27454)sensitive
andnonsensitive
allow module authors to explicitly override Terraform's default infererence of value sensitivity for situations where it's too conservative or not conservative enough. (#27341)backend
block in a non-root module. Terraform has always ignored such declarations, but previously did so silently. This is a warning rather than an error only because it is sometimes convenient to temporarily use a root module as if it were a child module in order to test or debug its behavior separately from its main backend. (#26954)terraform fmt
now automatically fixes most cases that the warning would previously highlight. We still recommend using simpler expressions where possible, but the deprecation warning had caused a common confusion in the community that the interpolation syntax is always deprecated, rather than only in the interpolation-only case. (#27835)terraform init
: Will now make suggestions for possible providers on some registry failures, and generally remind ofrequired_providers
on all registry failures. (#28014)terraform init
: Provider installation will now only attempt to rewrite.terraform.lock.hcl
if it would contain new information. (#28230)terraform init
: New-lockfile=readonly
option, which suppresses writing changes to the dependency lock file. Any installed provider packages must already be recorded in the lock file, or initialization will fail. Use this if you are managing the lock file via a separate process and want to avoid adding new checksums for existing dependencies. (#27630)terraform show
: Improved performance when rendering large plans as JSON. (#27998)terraform validate
: The JSON output now includes a code snippet object for each diagnostic. If present, this object contains an excerpt of the source code which triggered the diagnostic, similar to what Terraform would include in human-oriented diagnostic messages. (#28057)terraform destory
instead ofdestroy
, will now print out a specific error message about the command being invalid, rather than just printing out the usual help directory. (#26967)TF_LOG_CORE
andTF_LOG_PROVIDER
(#26685)BUG FIXES:
defaults
function. (#27979, #28067)terraform validate
: Validation now ignores providers that lack configuration, which is useful for validating modules intended to be called from other modules which therefore don't include their own provider configurations. (#24896)terraform fmt
: Fixfmt
output when unwrapping redundant multi-line string interpolations (#28202)terraform console
: expressions usingpath
(path.root
,path.module
) now return the same result as they would in a configuration (#27263)terraform show
: Fix crash when rendering JSON plans containing iterable unknown values. (#28253)terraform show
: fix issue withchild_modules
not properly displaying in certain circumstances. (#27352)terraform state list
: fix bug where nested modules' resources were missing (#27268)terraform state mv
: fix display names in errors and improve error when failing to target a whole resource (#27482)terraform taint
: show resource name in -allow-missing warning (#27501)terraform untaint
: show resource name in -allow-missing warning (#27502)-input=false
. Previously Terraform would behave as if the user entered an empty string, which often led to confusing results. (#26509)TF_LOG
levels other thantrace
will now work reliably. (#26632)-refresh=false
. (#28272)terraform show saved.tfplan
matchesterraform plan
, and sensitive values are elided. (#28201)create_before_destroy
ordering is preserved. (#28228)EXPERIMENTS:
provider_sensitive_attrs
: This experiment has now concluded, and its functionality is now on by default. If you were previously participating in this experiment then you can remove the experiment opt-in with no other necessary configuration changes.terraform test
command, which is currently an experimental feature serving as part of the Module Testing Experiment.v0.14.11
Compare Source
0.14.11 (April 26, 2021)
ENHANCEMENTS:
v0.14.10
Compare Source
0.14.10 (April 07, 2021)
BUG FIXES:
v0.14.9
Compare Source
0.14.9 (March 24, 2021)
BUG FIXES:
v0.14.8
Compare Source
BUG FIXES:
ENHANCEMENTS:
v0.14.7
Compare Source
0.14.7 (February 17, 2021)
ENHANCEMENTS:
target_platform
as"windows"
in theconnection
block. (#26865)BUG FIXES:
show -json
not outputting the full module tree when some child modules have no resources (#27352)required_providers
instead of provider config (#27697)v0.14.6
Compare Source
0.14.6 (February 04, 2021)
ENHANCEMENTS:
BUG FIXES:
init
will reuse installed providers rather than fetching the provider again (#27582)v0.14.5
Compare Source
0.14.5 (January 20, 2021)
ENHANCEMENTS:
BUG FIXES:
v0.14.4
Compare Source
0.14.4 (January 06, 2021)
UPGRADE NOTES:
BUG FIXES:
sensitive
values as arguments to data sources ([#27335])sensitive
values ascount
arguments on validate ([#27410])sensitive
values to module input variables which have custom variable validation ([#27412])sensitive
values ([#27420])v0.14.3
Compare Source
0.14.3 (December 17, 2020)
ENHANCEMENTS:
terraform output
: Now supports a new "raw" mode, activated by the-raw
option, for printing out the raw string representation of a particular output value. (#27212)Only primitive-typed values have a string representation, so this formatting mode is not compatible with complex types. The
-json
mode is still available as a general way to get a machine-readable representation of an output value of any type.config:
for_each
now allows maps whose element values are sensitive, as long as the element keys and the map itself are not sensitive. (#27247)BUG FIXES:
anytrue
andalltrue
functions when called with values which are not known until apply. (#27240)sum
function when called with values which are not known until apply. Also allowssum
to cope with numbers too large to represent in float64, along with correctly handling errors around infinite values. (#27249)count
expressions (#27238)sensitive
values with expressions and functions.coalescelist
with anull
argument (#26988)terraform apply
:-refresh=false
was skipped when running apply directly (#27233)terraform init
: setting-get-plugins
tofalse
will now cause a warning, as this flag has been a no-op since 0.13.0 and usage is better served through usingprovider_installation
blocks (#27092)terraform init
and other commands which interact with the dependency lock file: These will now generate a normal error message if the lock file is incorrectly a directory, rather than crashing as before. (#27250)v0.14.2
Compare Source
0.14.2 (December 08, 2020)
BUG FIXES:
terraform_remote_state
data source. This check is unnecessary, because the data source is read-only by definition. (#27197)v0.14.1
Compare Source
0.14.1 (December 08, 2020)
ENHANCEMENTS:
-ignore-remote-version
. (#26947)BUG FIXES:
ignore_changes
appears to not work, or causes validation errors with some resources. (#27141)terraform fmt
: Fix incorrect formatting with attribute expressions enclosed in parentheses. (#27040)v0.14.0
Compare Source
0.14.0 (December 02, 2020)
NEW FEATURES:
Terraform now supports marking input variables as sensitive, and will propagate that sensitivity through expressions that derive from sensitive input variables.
terraform init
will now generate a lock file in the configuration directory which you can check in to your version control so that Terraform can make the same version selections in future. (#26524)If you wish to retain the previous behavior of always taking the newest version allowed by the version constraints on each install, you can run
terraform init -upgrade
to see that behavior.Terraform will now support reading and writing all compatible state files, even from future versions of Terraform. This means that users of Terraform 0.14.0 will be able to share state files with future Terraform versions until a new state file format version is needed. We have no plans to change the state file format at this time. (#26752)
UPGRADE NOTES:
sensitive
, or attributes a provider defines assensitive
if theprovider_sensitive_attrs
experiment is activated) must also be defined as sensitive, or Terraform will error at plan.version
argument inside provider configuration blocks has been documented as deprecated since Terraform 0.12. As of 0.14 it will now also generate an explicit deprecation warning. To avoid the warning, use provider requirements declarations instead. (#26135)Transfer-Encoding: identity
. (#26357)terraform 0.13upgrade
subcommand and the associated upgrade mechanisms are no longer available. Complete the v0.13 upgrade process before upgrading to Terraform v0.14.debug
command, which did not offer additional functionality, has been removed.ENHANCEMENTS:
sensitive
argument for variable blocks, which supresses output where that variable is used (#26183)alltrue
andanytrue
functions, which serve as a sort of dynamic version of the&&
and||
or operators, respectively. These are intended to allow evaluating boolean conditions, such as in variablevalidation
blocks, across all of the items in a collection usingfor
expressions. (#25656], [#26498)textencodebase64
andtextdecodebase64
for encoding text in various character encodings other than UTF-8. (#25470)terraform plan
andterraform apply
: Added an experimental concise diff renderer. By default, Terraform plans now hide most unchanged fields, only displaying the most relevant changes and some identifying context. This experiment can be disabled by setting aTF_X_CONCISE_DIFF
environment variable to0
. (#26187)ignore_changes
can now apply to map keys that are not listed in the configuration (#26421)terraform console
: Now has distinct rendering of lists, sets, and tuples, and correctly renders objects withnull
attribute values. Multi-line strings are rendered using the "heredoc" syntax. (#26189, #27054)terraform login
: Added support for OAuth2 application scopes. (#26239)terraform fmt
: Will now do some slightly more opinionated normalization behaviors, using the documented idiomatic syntax. (#26390)terraform init
's provider installation step will now abort promptly if Terraform receives an interrupt signal. (#26405)-chdir=...
, placed before the selected subcommand, instructs Terraform to switch to a different working directory before executing the subcommand. This is similar to switching to a new directory withcd
before running Terraform, but it avoids changing the state of the calling shell. (#26087)terraform init
. (#26761)terraform plan
no longer uses a separate refresh phase. Instead, all resources are updated on-demand during planning (#26270)SSL_CERT_DIR
environment variable can now be a colon-separated list of multiple certificate search paths. (#26357)Security.framework
API to access the system trust roots, for improved consistency with other MacOS software. (#26357)BUG FIXES:
required_providers
object. (#26184)element()
is called with a negative offset (#26079)lookup()
will now only treat map as unknown if it is wholly unknown (#26427)terraform fmt
: Fix incorrect heredoc syntax in plan diff output (#25725)terraform show
: Hide sensitive outputs from display (#26740)terraform taint
: If the configuration'srequired_version
constraint is not met, thetaint
subcommand will now correctly exit early. (#26345)terraform taint
andterraform untaint
: Fix issue when usingtaint
(anduntaint
) with workspaces where statefile was not found. (#22467)terraform init
: Fix locksfile constraint output for versions like "1.2". (#26637)terraform init
: Omit duplicate version constraints when installing packages or writing locksfile. (#26678)state push -force
to work for all backends (#26190)/
(#25842)EXPERIMENTS:
Experiments are Terraform language features that are not yet finalized but that we've included in a release so you can potentially try them out and share feedback. These features are only available if you explicitly enable the relevant experiment for your module. To share feedback on active experiments, please open an enhancement request issue in the main Terraform repository.
module_variable_optional_attrs
: When declaring an input variable for a module whose type constraint (type
argument) contains an object type constraint, the type expressions for the attributes can be annotated with the experimentaloptional(...)
modifier.Marking an attribute as "optional" changes the type conversion behavior for that type constraint so that if the given value is a map or object that has no attribute of that name then Terraform will silently give that attribute the value
null
, rather than returning an error saying that it is required. The resulting value still conforms to the type constraint in that the attribute is considered to be present, but references to it in the recieving module will find a null value and can act on that accordingly.This experiment also includes a function named
defaults
which you can use in a local value to replace the null values representing optional attributes with non-null default values. The function also requires that you enable themodule_variable_optional_attrs
experiment for any module which calls it.provider_sensitive_attrs
: This is an unusual experiment in that it doesn't directly allow you to use a new feature in your module configuration but instead it changes the automatic behavior of Terraform in modules where it's enabled.For modules where this experiment is active, Terraform will consider the attribute sensitivity flags set in provider resource type schemas when propagating the "sensitive" flag through expressions in the configuration. This is experimental because it has the potential to make far more items in the output be marked as sensitive than before, and so we want to get some experience and feedback about it before hopefully making this the default behavior.
One important consequence of enabling this experiment is that you may need to mark more of
Configuration
📅 Schedule: Branch creation - "on the 1st through 7th day of the month" in timezone America/Los_Angeles, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.