Commit Graph

21250 Commits

Author SHA1 Message Date
Jaka Hudoklin fd687a5b9e vendor: github.com/hashicorp/go-version 2017-12-11 17:48:52 +01:00
Martin Atkins c729bdff43 website: guide for using the S3 backend with multiple AWS accounts
Users commonly ask how the S3 backend can be used in an organization that
splits its infrastructure across many AWS accounts.

We've traditionally shied away from making specific recommendations here
because we can't possibly anticipate the different standards and
regulations that constrain each user. This new section attempts to
describe one possible approach that works well with Terraform's workflow,
with the goal that users make adjustments to it taking into account their
unique needs.

Since we are intentionally not being prescriptive here -- instead
considering this just one of many approaches -- it deviates from our usual
active writing style in several places to avoid giving the impression that
these are instructions to be followed exactly, which in some cases
requires the use of passive voice even though that is contrary to our
documentation style guide. For similar reasons, this section is also
light on specific code examples, since we do not wish to encourage users
to just copy-paste the examples without thinking through the consequences.
2017-12-08 16:53:43 -08:00
Clint bed1ea1542
Merge pull request #16885 from hashicorp/add-opentelekomcloud
add opentelekomcloud link to docs
2017-12-08 16:52:20 -06:00
clint shryock ccbd3db2b7 add opentelekomcloud link to docs 2017-12-08 16:45:33 -06:00
Techcadia e681907c50 [Add] Pathing and Override Output to DEBUG Command 2017-12-08 13:12:23 -08:00
Martin Atkins 252e814584
Update CHANGELOG.md 2017-12-07 16:32:56 -08:00
Martin Atkins 46e5f497e2
Update CHANGELOG.md 2017-12-07 16:31:29 -08:00
Nolan Davidson a50a383946 Additional work on the habitat provisioner.
Signed-off-by: Nolan Davidson <ndavidson@chef.io>
2017-12-07 16:29:30 -08:00
Nolan Davidson 653db95df7 Initial implementation of a habitat provisioner
First pass at loading the config data using the TF schema.

Signed-off-by: Nolan Davidson <ndavidson@chef.io>
2017-12-07 16:29:30 -08:00
Martin Atkins c8217d3bf1
Update CHANGELOG.md 2017-12-07 14:35:34 -08:00
Martin Atkins 87e1fb4d66 config: a nicer error message for invalid provider constraints
Previously our error message here was confusing and redundant:

    Error starting operation: provider.null: invalid version constraint "not valid": Malformed constraint: not valid

Instead, we'll generate a full HCL2 diagnostic here, which results in
something (subjectively) nicer:

    Error: Invalid provider version constraint

    The value "@ 1.0.0" given for provider.null is not a valid version
    constraint.

At the moment this message is an outlier in that the other validation
errors are all still just plain Go errors, but over time we'll want to
adjust all of these to be full diagnostics so that we can embed source
range information in them to help the user find the offending
configuration.
2017-12-07 14:28:43 -08:00
Martin Atkins 9a5c865040 command: validate config as part of loading it
Previously we required callers to separately call .Validate on the root
module to determine if there were any value errors, but we did that
inconsistently and would thus see crashes in some cases where later code
would try to use invalid configuration as if it were valid.

Now we run .Validate automatically after config loading, returning the
resulting diagnostics. Since we return a diagnostics here, it's possible
to return both warnings and errors.

We return the loaded module even if it's invalid, so callers are free to
ignore returned errors and try to work with the config anyway, though they
will need to be defensive against invalid configuration themselves in
that case.

As a result of this, all of the commands that load configuration now need
to use diagnostic printing to signal errors. For the moment this just
allows us to return potentially-multiple config errors/warnings in full
fidelity, but also sets us up for later when more subsystems are able
to produce rich diagnostics so we can show them all together.

Finally, this commit also removes some stale, commented-out code for the
"legacy" (pre-0.8) graph implementation, which has not been available
for some time.
2017-12-07 14:28:43 -08:00
Martin Atkins a214ddcbd6
Update CHANGELOG.md 2017-12-07 10:21:13 -08:00
James Bardin 8a5a8c30ae update CHANGELOG.md 2017-12-07 09:46:40 -05:00
James Bardin 62eb5ba726
Merge pull request #16866 from hashicorp/jbardin/count-splat-warning
accessing count directly in an output should is OK
2017-12-07 09:40:47 -05:00
James Bardin bbc20cfec9
Merge pull request #16865 from hashicorp/jbardin/gcs
gcs provider fixes
2017-12-07 09:39:55 -05:00
James Bardin e0b2c64645 accessing count directly in an output should is OK
There should be no warning when accessing a resource's count value
directly in an output.
2017-12-06 18:59:53 -05:00
James Bardin 52eced589f accept a path or contents for credentials
Match the operation of the google provider, by accepting either a file
path or contents for both `credentials` and `GOOGLE_CREDENTIALS`
2017-12-06 18:33:59 -05:00
James Bardin 2932203492 verify that a state can be read even when locked
This should only happen when a state is loaded via the backend, as well
as a remote state.
2017-12-06 18:33:59 -05:00
James Bardin 9dea2f78d4 create unique buckets for each test, and clean up
This creates a unique bucket name for each test, so that the tests in
parallel don't collide, and buckets left over from interrupted tests
don't cause future failures.

Also make sure that buckets are removed, regardless of content.
2017-12-06 18:33:59 -05:00
James Bardin aec45e6967 backends should never create unmanaged resources
The backend was creating bucket named in the configuration if it didn't
exist. We don't allow other backends to do this, because these are not
managed resources that terraform can control.
2017-12-06 18:32:41 -05:00
Martin Atkins f461c1750c
Update CHANGELOG.md 2017-12-06 09:38:30 -08:00
Kaveh Mousavi Zamani 7507e3cd21 backend/gcs: fix locking issue when used with terraform_remote_state
Previously there was a problem with double-locking when using the GCS backend with the terraform_remote_state data source.

Here we adjust the locking methodology to avoid that problem.
2017-12-06 09:36:16 -08:00
James Bardin 12b7dac124
Merge pull request #16833 from hashicorp/jbardin/plan-shutdown
Fully enable shutdown for plan and refresh in the local backend
2017-12-05 16:48:34 -05:00
James Bardin 120709d0d3
Merge pull request #16773 from hashicorp/jbardin/registry
Registry client refactor
2017-12-05 15:29:45 -05:00
James Bardin 34b4000be9 allow discovery without trailing slash 2017-12-05 15:09:16 -05:00
James Bardin 0e7dab09e6 Use the new registry.Client
The registry code has been moved into the new registry package. Remove
the duplicated code and use the new registry and registry/test packages.
2017-12-05 14:59:21 -05:00
James Bardin 91bd72f22b Create a registry.Client
This moves the registry specific functionality out of the module.Storage
and into its own package.
2017-12-05 14:58:48 -05:00
James Bardin 23d21b373e Add registry/test package
Move the mock regisry and helpers to this package, so they can used by
tests in both the registry and config/module packages.
2017-12-05 14:58:48 -05:00
Paul Banks 06f067b4e6
Update registry API docs with browse and search (#16846)
* Verify discovery works without trailing slash on discovery URL

* Update registry API docs with browse and search endpoints

* Add sample request/responses

* Add comment to test to indicate expecations

* Fix typo

* Remove trailing slash weirdness
2017-12-05 19:38:16 +00:00
Hunter Morgan 703673fb9e website: fix typo in the guide to writing Terraform providers 2017-12-05 11:35:17 -08:00
Kevin Fishner 3538f832b0 website: update "atlas" backend to recommend using ATLAS_TOKEN environment variable 2017-12-05 11:34:05 -08:00
Andrew d6b8e27086 website: Document required S3 IAM actions for S3 backend 2017-12-05 11:31:31 -08:00
Andrew 2b68f4393e website: explanation of TF_VAR_ precedence
Fixes #15595
2017-12-05 11:27:31 -08:00
Martin Atkins 1755ab54ca
Update CHANGELOG.md 2017-12-05 11:20:35 -08:00
Sander van Harmelen aaedf255c3 backend/s3: allow skipping the region check (#16757)
Without the possibility to skip this check, it’s not possible to use a custom region with a third-party service that mimicks the S3 API.
2017-12-05 11:19:36 -08:00
Martin Atkins 09a2da9eb9
Update CHANGELOG.md 2017-12-05 11:08:14 -08:00
David Meyer fe0cc3b0db config: new "rsadecrypt" interpolation function
The primary use-case is to decrypt windows passwords obtained from AWS, but this function is generic and may find other purposes too.
2017-12-05 11:06:32 -08:00
Martin Atkins c1e05b5c2e
Update CHANGELOG.md 2017-12-05 10:54:22 -08:00
mizuno 01c1142589 config: new "timeadd" interpolation function 2017-12-05 10:46:12 -08:00
Eyal Posener e1dadaae44 command: use newer version of "complete" library
This takes care of filtering results for us, so we don't need to do it on our end anymore.
2017-12-05 10:24:04 -08:00
Martin Atkins 53e421caad
Update CHANGELOG.md 2017-12-05 10:19:45 -08:00
Nic Cope 5c58ef16f7 provider/terraform: deprecate "environment" in favor of "workspace" 2017-12-05 10:18:28 -08:00
Martin Atkins 03c123e39d
Update CHANGELOG.md 2017-12-05 09:50:18 -08:00
Martin Atkins ab2dc0d987 website: "terraform push" version matching requirement
It's important to match the version of local Terraform with the remote Terraform version in Terraform Enterprise when using the "terraform push" command, or else the uploaded configuration package may not be compatible.
2017-12-05 09:28:31 -08:00
Subba Rao Pasupuleti 44cb98e04f provisioner/salt-masterless: Wait for operations to complete
Previously the provisioner did not wait until the Salt operation had completed before returning, causing some operations not to be applied, and causing the output to get swallowed.

Now we wait until the remote work is complete, and copy output into the Terraform log in a similar way as is done for other provisioners.
2017-12-05 09:26:40 -08:00
Allison Ravenhall fe33661b59 website: update "terraform env" reference to "terraform workspace" 2017-12-05 08:54:25 -08:00
James Bardin 2941ed464c replace the testShutdownHook with a check for Stop
Now that the local backend can be cancelled during plan and refresh, we
don't really need the testShutdownHook. Simplify the tests by just
checking for Stop being called on the provider.
2017-12-05 10:17:20 -05:00
James Bardin df38c2e3ea make the mock provider stoppable
The mock provider couldn't be stopped during diff, because the single
mutex was held through the oepration. Release the mutex so Stop can be
called.
2017-12-05 10:17:20 -05:00
James Bardin 85295e5c23 watch for cancellation in plan and refresh
Cancellation in the local backend was only implemented for apply.
2017-12-05 10:17:20 -05:00