Commit Graph

28464 Commits

Author SHA1 Message Date
James Bardin 0b5746b6bb
Merge pull request #25176 from hashicorp/jbardin/module-expansion-transformer
Incorrect early return in module expansion transformer
2020-06-08 10:19:05 -04:00
Kristin Laemmert 30ab95fb55
Update CHANGELOG.md 2020-06-08 08:29:15 -04:00
Kristin Laemmert 58bcc2e9bb
addrs: detect builtin provider when parsing legacy provider string (#25154)
* addrs: detect builtin provider when parsing legacy provider string

The ParseLegacyAbsProviderConfig was not detecting builtin providers
("terraform"), which caused issues for all users with 0.12 state and
the "terraform_remote_state" data source. Since "terraform" is the only
built-in provider this adds a very simple check to the parser so it
properly returns the builtin FQN.

* add tests to the addrs package
2020-06-08 08:27:36 -04:00
Alisdair McDiarmid d741c3f917
Update CHANGELOG.md 2020-06-08 07:21:47 -04:00
Alisdair McDiarmid 3f62e4686b
Merge pull request #25146 from hashicorp/alisdair/simplify-makefile
Makefile: remove unused targets
2020-06-08 07:17:54 -04:00
Alisdair McDiarmid ba374baef0 Makefile: remove unused targets
Most of the targets in the Makefile have not been used in either CI or
the normal development workflow for some time. Removing them clarifies
that the expected way to build Terraform locally is simple: go install.

Remaining targets:

- fmtcheck, generate: these are used in CI to verify that the code is
  correctly formatted and that generate has been run appropriately
- protobuf: referenced in CONTRIBUTING.md as the simplest way to build
  the proto files
- website, website-test: used to compile and test the local website in
  isolation from the terraform-website repo
2020-06-08 07:02:54 -04:00
James Bardin 198c632e04 incorrect early return during module transformer
The recursive call should only return immediately on error.

The switch statement to find the current path should not use
ReferenceOutside, as we are getting the path for configuration, not for
references. This case would not have been taken currently, since all
GraphNodeReferenceOutside are also GraphNodeModulePath.
2020-06-06 21:45:05 -04:00
James Bardin 242a916a17 variable ModulePath must return configured path
The parent path case is handled ReferenceOutside
2020-06-06 21:45:05 -04:00
James Bardin 9722686b62 validation test with multiple nested modules 2020-06-06 21:44:41 -04:00
John Houston 01ebdd27f2 Rework soak test to error on unlock failure 2020-06-05 18:27:30 -04:00
John Houston b0f7e273e8 Add errors for lock disappearing 2020-06-05 18:10:24 -04:00
Chris Griggs 4b99c9a88d [Website] provider links 2020-06-05 14:27:22 -07:00
Brian Flad 5e3c02ba27
Update CHANGELOG for #25134 2020-06-05 16:43:20 -04:00
Brian Flad ba081aa10a
backend/s3: Updates for Terraform v0.13.0 (#25134)
* deps: Update github.com/hashicorp/aws-sdk-go-base@v0.5.0

Updated via:

```
$ go get github.com/hashicorp/aws-sdk-go-base@v0.5.0
$ go mod tidy
$ go mod vendor
```

* backend/s3: Updates for Terraform v0.13.0

Reference: https://github.com/hashicorp/terraform/issues/13410
Reference: https://github.com/hashicorp/terraform/issues/18774
Reference: https://github.com/hashicorp/terraform/issues/19482
Reference: https://github.com/hashicorp/terraform/issues/20062
Reference: https://github.com/hashicorp/terraform/issues/20599
Reference: https://github.com/hashicorp/terraform/issues/22103
Reference: https://github.com/hashicorp/terraform/issues/22161
Reference: https://github.com/hashicorp/terraform/issues/22601
Reference: https://github.com/hashicorp/terraform/issues/22992
Reference: https://github.com/hashicorp/terraform/issues/24252
Reference: https://github.com/hashicorp/terraform/issues/24253
Reference: https://github.com/hashicorp/terraform/issues/24480
Reference: https://github.com/hashicorp/terraform/issues/25056

Changes:

```
NOTES

* backend/s3: Deprecated `lock_table`, `skip_get_ec2_platforms`, `skip_requesting_account_id` arguments have been removed
* backend/s3: Credential ordering has changed from static, environment, shared credentials, EC2 metadata, default AWS Go SDK (shared configuration, web identity, ECS, EC2 Metadata) to static, environment, shared credentials, default AWS Go SDK (shared configuration, web identity, ECS, EC2 Metadata)
* The `AWS_METADATA_TIMEOUT` environment variable no longer has any effect as we now depend on the default AWS Go SDK EC2 Metadata client timeout of one second with two retries

ENHANCEMENTS

* backend/s3: Always enable shared configuration file support (no longer require `AWS_SDK_LOAD_CONFIG` environment variable)
* backend/s3: Automatically expand `~` prefix for home directories in `shared_credentials_file` argument
* backend/s3: Add `assume_role_duration_seconds`, `assume_role_policy_arns`, `assume_role_tags`, and `assume_role_transitive_tag_keys` arguments

BUG FIXES

* backend/s3: Ensure configured profile is used
* backend/s3: Ensure configured STS endpoint is used during AssumeRole API calls
* backend/s3: Prefer AWS shared configuration over EC2 metadata credentials
* backend/s3: Prefer ECS credentials over EC2 metadata credentials
* backend/s3: Remove hardcoded AWS Provider messaging
```

Output from acceptance testing:

```
--- PASS: TestBackend (16.32s)
--- PASS: TestBackendConfig (0.58s)
--- PASS: TestBackendConfig_AssumeRole (0.02s)
--- PASS: TestBackendConfig_conflictingEncryptionSchema (0.00s)
--- PASS: TestBackendConfig_invalidKey (0.00s)
--- PASS: TestBackendConfig_invalidSSECustomerKeyEncoding (0.00s)
--- PASS: TestBackendConfig_invalidSSECustomerKeyLength (0.00s)
--- PASS: TestBackendExtraPaths (13.21s)
--- PASS: TestBackendLocked (28.98s)
--- PASS: TestBackendPrefixInWorkspace (5.65s)
--- PASS: TestBackendSSECustomerKey (17.60s)
--- PASS: TestBackend_impl (0.00s)
--- PASS: TestForceUnlock (17.50s)
--- PASS: TestKeyEnv (50.25s)
--- PASS: TestRemoteClient (4.78s)
--- PASS: TestRemoteClientLocks (16.85s)
--- PASS: TestRemoteClient_clientMD5 (12.08s)
--- PASS: TestRemoteClient_impl (0.00s)
--- PASS: TestRemoteClient_stateChecksum (17.92s)
```
2020-06-05 16:41:32 -04:00
Alisdair McDiarmid c87c0a9d2a command/format: Fix empty overlap diagnostics
Diagnostics where the highlight range has an empty overlap with a line
would skip lines of the output. This is because if two ranges abut each
other, they can be considered to overlap, but that overlap is empty.
This results in an edge case in the diagnostic printer which causes the
line not to be printed.
2020-06-05 16:17:27 -04:00
Chris Stephens 2dd64a7816
plans: Update error message for apply validation (#21312)
* Update error message for apply validation

Add a hint that the validation failure has occurred at the root of the resource
schema to the error message. This is because the root resource has an empty
path when being validated and the path is being relied upon to provide context
into the error message.
2020-06-05 15:08:10 -04:00
Alisdair McDiarmid 6c3ad8eaad
Merge pull request #25147 from hashicorp/dont-use-demo-in-config
use example.com address in consul backend config
2020-06-05 13:46:55 -04:00
John Houston e5f7237582 Soak test for kubernetes backend 2020-06-05 13:32:59 -04:00
Matthew Irish e36ed8968b
use example.com address in consul backend config
Currently the example config for the Consul backend uses a live Consul demo cluster at `demo.consul.io`. This results in TF state with sensitive information and all being stored on a public site when users just copy and paste the config. This PR changes it so that the config address isn't the public demo cluster.
2020-06-05 10:35:32 -05:00
Kristin Laemmert 0b38ab3078
Update CHANGELOG.md 2020-06-05 09:13:50 -04:00
Kristin Laemmert e6cf6cd758
backend/remote: do not panic if PrepareConfig or Configure receive null (#25135)
* backend/remote: do not panic if PrepareConfig or Configure receive null
objects

If a user cancels (ctrl-c) terraform init while it is requesting missing
configuration options for the remote backend, the PrepareConfig and
Configure functions would receive a null cty.Value which would result in
panics. This PR adds a check for null objects to the two functions in
question.

Fixes #23992
2020-06-05 09:11:44 -04:00
samir elsharkawy 5dfc266da9 config/name_values: fix index out of range in looksLikeSentences 2020-06-05 13:29:43 +02:00
He Guimin 5b4950e2cb backend(oss): supports setting HTTPS_PROXY 2020-06-05 14:48:58 +08:00
James Bardin 023454a3a6
Merge pull request #25138 from hashicorp/jbardin/module-data-depends-on
Data source within modules using depends_on
2020-06-04 21:54:04 -04:00
James Bardin c3ec4d8e26 get whether parent modules have depends_on set
During refresh, data sources need to know if their parent modules have
depends_on configured at all. Pass this info back through the search for
depends_on resources, and delay refresh when it's set.
2020-06-04 18:07:06 -04:00
James Bardin 4637be4377 add a way to force depends_on behavior of data
Resources that are not yet created will not be in the graph during
refresh, and therefore cannot be attached to the data source nodes. In
this case we still need to indicate if there are depends_on entries
inherited from the module call, which we can do with the forceDependsOn
field.
2020-06-04 18:03:32 -04:00
James Bardin e74ebe1787 get more depends_on info for data source
Since data sources may be read during refresh or early in plan, they
need to know if there are any inherited dependencies from containing
modules too.
2020-06-04 18:03:14 -04:00
James Bardin a03c86f612 add DependsOn method to moduleExpandModule
We'll need this again for getting the transitive depends_on references
from parent module calls. This is needed to inform us how to handle data
sources during refresh and plan.
2020-06-04 18:03:03 -04:00
James Bardin 535267e986 add dependsOn to evalDataRead
this is also needed during refresh, so move it into the base struct type
2020-06-04 18:03:03 -04:00
James Bardin 58babccc7a improve depends_on test to check ordering 2020-06-04 18:03:03 -04:00
Lars Lehtonen 3ddfa66ca4
internal/modsdir: Fix Dropped Error (#24600)
* internal/modsdir: fix dropped error

* fix typo to unmarshalling

Co-authored-by: Daniel Dreier <danieldreier@users.noreply.github.com>
2020-06-04 10:26:26 -04:00
Shunsuke Miyoshi dc3ce1bbf7
command/refresh: fix state file path (#22885)
* fix default state file path for refresh command
2020-06-04 10:24:53 -04:00
Alisdair McDiarmid b3d3d6460e Update CHANGELOG.md 2020-06-04 08:52:49 -04:00
Alisdair McDiarmid fbb966b97b command: Fix 0.13upgrade usage 2020-06-04 08:51:24 -04:00
Alisdair McDiarmid 9b73e68ce9
Merge pull request #25127 from minamijoyo/add-yes-to-0.13upgrade-help
Add `-yes` flag to 0.13upgrade help message
2020-06-04 08:44:22 -04:00
John Houston 23fb8f6d21 Add kubernetes backend
Co-authored-by: Dan Ramich <danold215@gmail.com>
2020-06-04 02:29:57 -04:00
Masayuki Morita f266956a5d Add `-yes` flag to 0.13upgrade help message
It seems to be implemented but not shown in help message.

FYI: A help message for 0.12upgrade command on the 0.12 branch.
https://github.com/hashicorp/terraform/blob/v0.12.26/command/012_config_upgrade.go#L235-L243
2020-06-04 11:11:46 +09:00
Alvin Huang 73ccbd146f Cleanup after v0.13.0-beta1 release 2020-06-03 14:43:54 -04:00
hashicorp-ci 4befa3c7d9
Release v0.13.0-beta1 2020-06-03 18:10:37 +00:00
Alisdair McDiarmid 6f04215cc0
Update CHANGELOG.md 2020-06-03 11:54:10 -04:00
Alisdair McDiarmid c921c8580e
Merge pull request #25112 from hashicorp/alisdair/support-openssh-rsa-key-encoding
lang/funcs: Add support for OpenSSH RSA key format
2020-06-03 11:52:10 -04:00
Alisdair McDiarmid de0e67e5f6
Merge pull request #25110 from hashicorp/alisdair/credentials-source-nil-receiver
command: Fix panic for nil credentials source
2020-06-03 11:51:49 -04:00
Alisdair McDiarmid a4f5e04066 lang/funcs: Add support for OpenSSH RSA key format
Previously this function only supported the x509 RSA private key format.
More recent versions of OpenSSH default to generating a new PEM key
format, which this commit now supports using the x/crypto/ssh package.

Also improve the returned error messages for various invalid ciphertext
or invalid private key errors.
2020-06-03 10:50:38 -04:00
Alisdair McDiarmid f1f24df7ff main: Pass untyped nil for missing creds source
If we are unable to create a credentials source for some reason, we can
rely on the disco object to nil-check it before calling any of its
methods. However to do this we must ensure that we pass untyped nil.
This commit rearranges the initialization to ensure that this happens.

The user-facing bug that triggered this work is that running init when
the HOME environment variable is unset would result in a panic on macOS.
2020-06-03 09:46:53 -04:00
Kristin Laemmert 6fbd3942ea configs: fix panic with provider aliases
addProviderRequirements() was incorrectly using the map keys from the module
provider configs when looking up the provider FQN. The map keys include
alias, so this resulted in a panic. Update addProviderRequirements() to
use the provider's name (only) when looking up the FQN.
2020-06-02 10:55:31 -04:00
Kristin Laemmert daa57ba9f6
terraform: fix panic with the combination of non extant resource and dynamics (#25097) 2020-06-02 09:01:12 -04:00
Martin Atkins 7f91090c5c
Update CHANGELOG.md 2020-06-01 14:52:43 -07:00
Martin Atkins cdad6e5860
Update CHANGELOG.md 2020-06-01 14:51:11 -07:00
Martin Atkins 49e2e00231 command: terraform providers mirror
This new command is intended to make it easy to create or update a mirror
directory containing suitable providers for the current configuration,
producing a layout that is appropriate both for a filesystem mirror or,
if copied into the document root of an HTTP server, a network mirror.

This initial version is not customizable aside from being able to select
multiple platforms to install packages for.

Future iterations of this could include commands to turn the JSON index
generation on and off, or to instruct it to produce the unpacked directory
layout instead of the packed directory layout as it currently does. Both
of those options would make the generated directory unsuitable to be
a network mirror, but it would still work as a filesystem mirror.

In the long run this will hopefully form part of a replacement workflow to
terraform-bundle as a way to put copies of providers somewhere so we don't
need to re-download them every time, but some other changes will be needed
outside of just this command before that'd be true, such as adding support
for network and/or filesystem mirrors in Terraform Enterprise.
2020-06-01 14:49:43 -07:00
Martin Atkins 85af77386c internal/getproviders: PackageFilePathForPackage
This is the equivalent of UnpackedDirectoryPathForPackage when working
with the packed directory layout. It returns a path to a .zip file with
a name that would be detected by SearchLocalDirectory as a
PackageLocalArchive package.
2020-06-01 14:49:43 -07:00