Commit Graph

28181 Commits

Author SHA1 Message Date
Anthony Sottile 8cd72e51cb
fix file mode on lock file (#27205)
Signed-off-by: Anthony Sottile <asottile@umich.edu>
2020-12-18 11:51:59 -05:00
Alisdair McDiarmid 577b1ea2af core: Fix for sensitive data source arguments 2020-12-18 11:22:00 -05:00
Robin Norwood 235c141565 Add links to outputs and locals tutorials 2020-12-17 12:24:53 -08:00
Nick Fagerlund 85d477aee9 website: Fix numerous links with redirects or broken anchors
These links largely still go somewhere useful, but they have some kind of issue
revealed by our new link checker:

- Some of them point to a stale URL that redirects, and can be updated to the
  new destination.
- Some of them point to anchors that don't exist (anymore?) in the destination.
- Some of them end up redirecting unnecessarily due to how the server handles
  directory URLs without trailing slashes. Sorry, I know that's pointless, just,
  humor me for the time being so we can get our CI green. 😭

In a couple cases, I've added invisible anchors to destination pages, either to
preserve an old habit or because the current anchors kind of suck due to being
particularly long or meandering.
2020-12-17 12:23:50 -08:00
Nick Fagerlund 1fff4e2690 website: Update links to redirected provider docs pages
This commit intentionally leaves the indexes of provider docs alone, to avoid
merge conflicts when we delete those.
2020-12-17 12:23:50 -08:00
Alisdair McDiarmid a7c9e41249
Merge pull request #27320 from hashicorp/alisdair/update-deps
Update hcl and go-cty dependencies
2020-12-17 14:24:53 -05:00
James Bardin f5187aa869
Merge pull request #27318 from hashicorp/jbardin/path-marks
Correctly compare unordered sets of marks
2020-12-17 13:49:50 -05:00
Alisdair McDiarmid 908017fe69 go get github.com/zclconf/go-cty@v1.7.1 2020-12-17 13:04:53 -05:00
Alisdair McDiarmid 409c713591 go get github.com/hashicorp/hcl/v2@v2.8.1 2020-12-17 13:01:54 -05:00
Alisdair McDiarmid 619c6727ef backend/remote: No version check for operations
Terraform remote version conflicts are not a concern for operations. We
are in one of three states:

- Running remotely, in which case the local version is irrelevant;
- Workspace configured for local operations, in which case the remote
  version is meaningless;
- Forcing local operations with a remote backend, which should only
  happen in the Terraform Cloud worker, in which case the Terraform
  versions by definition match.

This commit therefore disables the version check for operations (plan
and apply), which has the consequence of disabling it in Terraform Cloud
and Enterprise runs. In turn this enables Terraform Enterprise runs with
bundles which have a version that doesn't exactly match the bundled
Terraform version.
2020-12-17 12:58:38 -05:00
James Bardin 1309b36b83 plan context test for mysterious changes
This plan would occasionally show changes when there weren't any due to
the sensitive marks being compared incorrectly.
2020-12-17 12:55:58 -05:00
James Bardin 79a31f627b compare unordered sets of PathMarkValues
When comparing marks for values during plan and apply, we need to ensure
the order of the marked paths is consistent.
2020-12-17 12:55:58 -05:00
Pam Selle 428d404d92
Allow for_each arguments containing sensitive values if they aren't keys (#27247)
* Add test for existing behavior, when a value contains a marked value

* Allow some marked values as for_each arguments

Rather than disallow values that have any marks
as for_each arguments, this makes the check more
nuanced to disallow cases where the whole value
is marked (a whole map, or any set). This allows
cases where a user may pass a map that has marked
values, but the keys are not sensitive
2020-12-17 11:27:12 -05:00
Pam Selle 1970c14a53
[docs] Add limitations section to for_each (#27299)
* Add limitations section to for_each

Move limitations from a note to their own section,
to allow for expansion on disallowing sensitive values
in for_each
2020-12-17 11:03:14 -05:00
James Bardin de114c4b7e
Merge pull request #27303 from hashicorp/jbardin/data-source-no-provider
modify ProvidedBy to indicate no provider needed for orphaned data sources
2020-12-17 09:06:52 -05:00
James Bardin c85adf191a modify ProvidedBy to indicate no provider needed
Because of the composition pattern used within core, we can't easily
remove a behavior from an embedded type. Rather than trying to
re-implement all necessary methods on the
NodePlannableResourceInstnaceOrphan to exclude orphaned data resources
from GraphNodeProviderConsumer, we can modify ProvidedBy to indicate
when there is no provider required.
2020-12-17 09:01:20 -05:00
Martin Atkins 21d6fb5a37 depsfile: Don't panic when lock file is unreadable
Previously we were expecting that the *hcl.File would always be non-nil,
even in error cases. That isn't always true, so now we'll be more robust
about it and explicitly return an empty locks object in that case, along
with the error diagnostics.

In particular this avoids a panic in a strange situation where the user
created a directory where the lock file would normally go. There's no
meaning to such a directory, so it would always be a mistake and so now
we'll return an error message about it, rather than panicking as before.

The error message for the situation where the lock file is a directory is
currently not very specific, but since it's HCL responsible for generating
that message we can't really fix that at this layer. Perhaps in future
we can change HCL to have a specialized error message for that particular
error situation, but for the sake of this commit the goal is only to
stop the panic and return a normal error message.
2020-12-15 17:00:35 -08:00
Robert c412935d63
correct terraform-bundle default plugins dir docs (#26965)
* correct terraform-bundle default plugins dir docs

* remove dangling character in local plugin dir log output
2020-12-15 13:52:31 -05:00
Pam Selle 6bfc4a8809
Merge pull request #27280 from hashicorp/pselle/docs-sensitive-var
(docs) Document sensitivity + function call behavior
2020-12-15 11:46:30 -05:00
Pam Selle ad1420cdf4
Merge pull request #27281 from hashicorp/pselle/double-mark
Guard against double marking in other locations in evaluate
2020-12-15 08:10:49 -05:00
Ben Drucker a39273cfa3 Merge remote-tracking branch 'origin/master' into validate-ignore-empty-provider 2020-12-14 14:39:48 -08:00
Pam Selle fa74710aef Guard against double marking in other locations in evaluate 2020-12-14 15:58:06 -05:00
Pam Selle d7f3239c51 Document sensitivity + function call behavior 2020-12-14 15:38:47 -05:00
Repon Kumar Roy 7d093cbede website: add example of multiple var cli
This PR updates the documentation of input variable of terraform. It's
mentioned that multiple `-var` is possible, but no example is given.
This PR adds an example of multiple `-var` option
2020-12-15 02:09:30 +08:00
Kristin Laemmert 9ac8e3c55e
Update CHANGELOG.md 2020-12-14 11:08:57 -05:00
Kristin Laemmert 8bab3dd374
command/state list: list resources in nested and expanded modules (#27268)
* command/state list: list resources in nested and expaneded modules

A few distinct bugs fixed in here:

There was a bug in the logic checking if a given module was the child of
the targetAddr, now fixed. That resolved the basic issue where resources
in nested submodules were not listed.

The logic around allowMissing needed some tweaking to allow for empty
modules, as long as those modules had submodules with resources. state
list is the only command using allowMissing with false so this felt safe
to do.

Finally I extended the logic so list would included expanded modules,
which is to say giving module.foo would result in resources from
module.foo[1], module.foo[0], etc.

* update state list docs to show that module filtering includes any nested
modules
2020-12-14 11:07:15 -05:00
James Bardin 6d0db836a9
Merge pull request #27267 from hashicorp/jbardin/data-reference-doc
add implied data depends_on caveat
2020-12-11 15:21:39 -05:00
James Bardin cd4cb3f8d2 add implied data depends_on caveat 2020-12-11 13:42:09 -05:00
Alisdair McDiarmid e7db580e67
Merge pull request #27265 from hashicorp/alisdair/validate-json-tests
command: Add tests for terraform validate -json
2020-12-11 13:36:36 -05:00
Kristin Laemmert cc4b7a10af
Update CHANGELOG.md 2020-12-11 13:23:29 -05:00
Kristin Laemmert 8a4891383c
console: normalize module path before building context (#27263)
Expressions such as "path.root" were returning the cwd (or modulePath),
instead of the usual _relative_ path. This commit normalizes the path
before building the context.
2020-12-11 13:22:06 -05:00
Kristin Laemmert e938b02337
terraform: improve provider config related error messages (#27261)
* terraform: improve provider config related error messages with nil
config

If there is no provider configuration present in the config at all,
errors related to missing required arguments lack source information or
even a reference to the provider in question. This PR adds more specific
error messages in three of these situations:
- ValidateProvider
- ConfigureProvider: provider.PrepareProviderConfig
- ConfigureProvider: ctx.ConfigureProvider

To test the last case I added a ConfigureProviderFn to the MockContext.

* remove newlines and let the diagnost renderer handle fit
2020-12-11 13:18:49 -05:00
Alisdair McDiarmid f1b95788b9 command: Add tests for terraform validate -json
Also uncomment and fix some tests which had been skipped for a couple of
years. Those validate cases work now!

Note that these test cases and the JSON output are not especially
minimized, making them snapshot/golden tests. The output looks correct
at time of writing, and we don't expect to change validate significantly
any time soon, but if we do there will be some churn here.
2020-12-11 13:09:25 -05:00
Martin Atkins bab4979128 command/init: Remove the warnings about the "legacy" cache directory
We included these warnings in v0.14 after noticing that we'd accidentally
published some incorrect documentation about the purpose of the plugin
cache directory under .terraform/plugins. We switched to using
.terraform/providers instead so that we could treat any missing providers
that appear in the legacy directory as likely to be a result of following
that documentation, and thus produce this extra warning.

However, the further we get from v0.13 the more likely it is for this
warning to be a confusing false positive rather than something helpful,
and this is a non-trivial codepath requiring us to retain a concept that
we otherwise don't need (the "legacy cache dir"), so here we'll remove
those warnings and support code for v0.15 onwards.

These warnings were always accompanied by an error message saying that a
provider could not be found, and that error message remains after this
change. This just removes the "by the way..."-style warning we had been
emitting alongside the errors.
2020-12-11 08:00:15 -08:00
Alisdair McDiarmid 9b0af78f24
Merge pull request #27249 from hashicorp/alisdair/sum-func-robustness
lang: Improved robustness of sum function
2020-12-11 09:29:14 -05:00
Alisdair McDiarmid f27dae2ab7 lang: Improved robustness of sum function
Fixes error when calling sum with values not known until apply time.
Also allows sum to cope with numbers too large to represent in float64,
along with correctly handling errors when trying to sum opposing
infinities.
2020-12-10 17:13:56 -05:00
Pam Selle 6e1017f247
Merge pull request #27238 from hashicorp/pselle/count-sensitive
Unmark values in count before go conversion
2020-12-10 13:36:59 -05:00
Martin Atkins 4b3e237668 command/init: Hint about providers in other namespaces
If a user forgets to specify the source address for a provider, Terraform
will assume they meant a provider in the registry.terraform.io/hashicorp/
namespace. If that ultimately doesn't exist, we'll now try to see if
there's some other provider source address recorded in the registry's
legacy provider lookup table, and suggest it if so.

The error message here is a terse one addressed primarily to folks who are
already somewhat familiar with provider source addresses and how to
specify them. Terraform v0.13 had a more elaborate version of this error
message which directed the user to try the v0.13 automatic upgrade tool,
but we no longer have that available in v0.14 and later so the user must
make the fix themselves.
2020-12-10 10:11:27 -08:00
Alisdair McDiarmid 67f4134628
Merge pull request #27237 from hashicorp/alisdair/alltrue-anytrue-unknown
lang/funcs: Fix alltrue/anytrue with unknowns
2020-12-10 12:44:48 -05:00
Daniel Dreier c8216a8cb8
Update BUGPROCESS.md
Exclude backend/k8s from query filters because core team does not support it
2020-12-10 12:15:39 -05:00
Pam Selle 0d586fd056 Unmark values in count before go conversion
When evaluating count values, we need to unmark
the cty value before passing the value for conversion
into a go int value.
2020-12-10 11:38:10 -05:00
Alisdair McDiarmid df626e898c lang/funcs: Fix alltrue/anytrue with unknowns
The alltrue/anytrue functions did not correctly handle unknown values.
This commit changes these functions so that the result is unknown if:

- The list argument is unknown
- For alltrue: any elements are unknown
- For anytrue: any elements are unknown and no known elements are true

The last change is a little subtle, so there are test cases to cover it
specifically. Examples:

- anytrue(unknown) -> unknown
- anytrue(false, unknown) -> unknown
- anytrue(false, unknown, true) -> true
2020-12-10 11:36:14 -05:00
Alisdair McDiarmid 94151ed5c7
Merge pull request #27234 from hashicorp/alisdair/pkg-browser-override
command: Revert local patch for pkg/browser
2020-12-10 10:27:15 -05:00
James Bardin 5bb5f96176
Merge pull request #27233 from hashicorp/jbardin/apply-refresh-false
set SkipRefresh for plan and apply
2020-12-10 10:17:30 -05:00
Kristin Laemmert ff27841b50
terraform: final eval-related cleanup (#27232)
This is a purely mechanical refactor PR: I de-exported a few more
functions which did not need to be exported in the first place, and
fixed a few outdated log outputs.
2020-12-10 09:55:50 -05:00
James Bardin 7eac9e1d89 set SkipRefresh for plan and apply
The option is set in the same place for plan and apply.
2020-12-10 09:47:13 -05:00
Alisdair McDiarmid 4b9dada877 command: Revert local patch for pkg/browser
The upstream bug with opening a browser on Windows Subsystem for Linux
has been fixed, so this reverts our local patch for this. The approach
upstream adds fallback support for x-www-browser and www-browser if
xdg-open fails, and this fixes the problem on WSL.

This reverts commit 12e090ce48.
2020-12-10 09:27:02 -05:00
Kristin Laemmert c7bf43154f
Mildwonkey/eval apply (#27222)
* rename files for consistency with contents

* terraform: refactor EvalValidateSelfref

The EvalValidateSelfref eval node implementation was removed in favor of a regular function.

* terraform: refactor EvalValidateProvisioner

EvalValidateProvisioner is now a method on NodeValidatableResource.

* terraform: refactor EvalValidateResource

EvalValidateResource is now a method on NodeValidatableResource, and the
functions called by (the new) validateResource are now standalone
functions.

This particular refactor gets the prize for "most complicated test
refactoring".

* terraform: refactor EvalMaybeTainted

EvalMaybeTainted was a relatively simple operation which never returned
an error, so I've refactored it into a plain function and moved it into
the only file its called from.

* terraform: eval-related cleanup

De-exported preApplyHook, which got missed in my general cleanup sweeps.

Removed resourceHasUserVisibleApply in favor of moving the logic inline
- it was a single-line check so calling the function was (nearly) as
much code as just checking if the resource was managed.

* terraform: refactor EvalApplyProvisioners

EvalApplyProvisioners.Eval is now a method on
NodeResourceAbstractInstance. There were two "apply"ish functions, so I
named the first "evalApplyProvisioners" since it mainly determined if
provisioners should be run before passing off execution to
applyProvisioners.

* terraform: refactor EvalApply

EvalApply is now a method on NodeAbstractResourceInstance. This was one
of the trickier Eval()s to refactor, and my goal was to change as little
as possible to avoid unintended side effects.

One notable change: there was a createNew boolean that was only used in
NodeApplyableResourceInstance.managedResourceExecute, and that boolean
was populated from the change (which was available from
managedResourceExecute), so I removed it from apply entirely. Out of an
abundance of caution I assigned the value to createNew in (roughtly) the same spot,
in case I was missing some place where the change might get modified.

TODO: Destroy nodes passed nil configs into apply, and I am curious if
we can get the same functionality by checking if the planned change is a
destroy, instead of passing a config into apply. That felt too risky for
this refactor but it is something I would like to explore at a future
point.

There are also a few updates to log output in this PR, since I spent
some time staring at logs and noticed various spots I missed.
2020-12-10 08:05:53 -05:00
Kristin Laemmert d50dc9cf16 terraform: refactor EvalValidateResource
EvalValidateResource is now a method on NodeValidatableResource, and the
functions called by (the new) validateResource are now standalone
functions.

This particular refactor gets the prize for "most complicated test
refactoring".
2020-12-10 08:05:00 -05:00
Kristin Laemmert fbe3219fbe terraform: refactor EvalValidateProvisioner
EvalValidateProvisioner is now a method on NodeValidatableResource.
2020-12-10 08:05:00 -05:00