Commit Graph

142 Commits

Author SHA1 Message Date
Mars Hall 31c9776d55 Switch pg backend to session-level advisory locking, to avoid rollback of partial state updates 2019-03-04 17:01:08 -08:00
Mars Hall 3c68b857be
📚 correction to pg backend configuration 2019-02-26 15:30:17 -08:00
Mars Hall 4875529c8d 📚 doc pg backend config & locking 2019-02-26 10:26:06 -08:00
Mars Hall 2621f95bd2 📚 doc corrections 2019-02-25 16:30:30 -08:00
Mars Hall b9a91b7c1e Switch pg backend to use native Postgres locks 2019-02-25 16:05:53 -08:00
Mars Hall 2831459ca2 📚 pg backend technical design & clarifications 2019-02-22 13:51:57 -08:00
Mars Hall 312d408f06 📚 pg backend docs 2019-02-22 13:51:57 -08:00
James Bardin 55cf4e95a5
Merge pull request #19979 from usererror/consul-backend-lock-acl
Add details about using lock=true when consul ACL is enabled
2019-02-22 15:04:25 -05:00
Brian Flad 1aaac172b0
backend/s3: Switch from github.com/terraform-providers/terraform-provider-aws to github.com/hashicorp/aws-sdk-go-base
Output from acceptance testing (no new failures):

```
--- PASS: TestBackend_impl (0.00s)
--- PASS: TestBackendConfig (0.37s)
--- PASS: TestBackendConfig_invalidKey (0.00s)
--- PASS: TestBackend (3.26s)
--- PASS: TestBackendLocked (6.80s)
--- FAIL: TestBackendExtraPaths (2.32s)
--- PASS: TestBackendPrefixInWorkspace (2.06s)
--- PASS: TestKeyEnv (8.20s)
--- PASS: TestRemoteClient_impl (0.00s)
--- PASS: TestRemoteClient (2.42s)
--- PASS: TestRemoteClientLocks (6.33s)
--- PASS: TestForceUnlock (13.31s)
--- PASS: TestRemoteClient_clientMD5 (11.75s)
--- PASS: TestRemoteClient_stateChecksum (10.07s)
```
2019-02-18 02:30:30 -05:00
Nick Fagerlund 0fddabf972 website: Reorganize nav sidebars to improve jumps between sections 2019-01-31 16:18:23 -08:00
Tom Harvey ec0419fe91
backend/azurerm: fixing the syntax highlighting (#20085) 2019-01-23 13:33:11 +00:00
Sander van Harmelen e08a7e979e backend/remote: use the correct test operation 2019-01-15 16:13:16 +01:00
Scott Stevenson cef46ef953
Add details about using lock=true when consul ACL is enabled
This PR addresses https://github.com/hashicorp/terraform/issues/19963.
2019-01-11 14:43:56 -05:00
Brian Flad ed37d07632
backend/s3: Configure AWS Client MaxRetries and provide enhanced S3 NoSuchBucket error message
The AWS Go SDK automatically provides a default request retryer with exponential backoff that is invoked via setting `MaxRetries` or leaving it `nil` will default to 3. The terraform-aws-provider `config.Client()` sets `MaxRetries` to 0 unless explicitly configured above 0. Previously, we were not overriding this behavior by setting the configuration and therefore not invoking the default request retryer.

The default retryer already handles HTTP error codes above 500, including S3's InternalError response, so the extraneous handling can be removed. This will also start automatically retrying many additional cases, such as temporary networking issues or other retryable AWS service responses.

Changes:
* s3/backend: Add `max_retries` argument
* s3/backend: Enhance S3 NoSuchBucket error to include additional information
2019-01-09 13:01:37 -05:00
Sander van Harmelen da8e02eb2e
Merge pull request #19647 from hashicorp/svh/f-versions
core:  add a method to the disco package retrieve version constraints
2018-12-14 12:38:52 +01:00
Sander van Harmelen 268c0f85ce Add a method to retrieve version contraints 2018-12-14 12:17:31 +01:00
Brian Flad 058434d28b
Merge pull request #19571 from hashicorp/f-backend-s3-other-endpoints
backend/s3: Support DynamoDB, IAM, and STS endpoint configurations
2018-12-10 19:28:01 -05:00
Tom Harvey 383bc98f5c
backend/azurerm: Support for authenticating using the Azure CLI (#19465)
* Upgrading to 2.0.0 of github.com/hashicorp/go-azure-helpers

* Support for authenticating using Azure CLI

* backend/azurerm: support for authenticating using the Azure CLI
2018-12-10 21:23:30 +00:00
Brian Flad 9a3b02cd6c
backend/s3: Support DynamoDB, IAM, and STS endpoint configurations
This change enables a few related use cases:
* AWS has partitions outside Commercial, GovCloud (US), and China, which are the only endpoints automatically handled by the AWS Go SDK. DynamoDB locking and credential verification can not currently be enabled in those regions.
* Allows usage of any DynamoDB-compatible API for state locking
* Allows usage of any IAM/STS-compatible API for credential verification
2018-12-07 03:10:51 -05:00
Tom Harvey 6d4f702467
backend/azurerm: support for custom resource manager endpoints (#19460)
* backend/azurerm: removing the `arm_` prefix from keys

* removing the deprecated fields test because the deprecation makes it fail

* authentication: support for custom resource manager endpoints

* Adding debug prefixes to the log statements
2018-11-26 14:42:16 +01:00
Tom Harvey d580f30e03
backend/azurerm: removing the `arm_` prefix from keys (#19448)
* backend/azurerm: removing the `arm_` prefix from keys

* removing the deprecated fields test because the deprecation makes it fail
2018-11-26 11:19:43 +01:00
Tom Harvey 96b1c951fa
backend/azurerm: support for authenticating via SAS Tokens (#19440)
* adding acceptance tests for msi auth

* including the resource group name in the tests

* backend/azurerm: support for authenticating using a SAS Token

* resolving merge conflicts

* moving the defer to prior to the error
2018-11-22 18:02:33 +01:00
Tom Harvey c928962f44
backend/azurerm: support for authenticating via msi (#19433)
* backend/azurerm: support for authenticating via msi

* adding acceptance tests for msi auth

* including the resource group name in the tests

* support for using the test client via msi
2018-11-22 16:52:27 +01:00
Tom Harvey 0ec109bdc0
backend/azurerm: upgrading the SDK / support for proxies (#19414)
* vendor updates

- updating to v21.3.0 of github.com/Azure/azure-sdk-for-go
- updating to v10.15.4 of github.com/Azure/go-autorest
- vendoring github.com/hashicorp/go-azure-helpers @ 0.1.1

* backend/azurerm: refactoring to use the new auth package

- refactoring the backend to use a shared client via the new auth package
- adding tests covering both Service Principal and Access Key auth
- support for authenticating using a proxy
- rewriting the backend documentation to include examples of both authentication types

* switching to use the build-in logging function

* documenting it's also possible to retrieve the access key from an env var
2018-11-21 22:06:03 +01:00
Kristin Laemmert 1be09745d7
Merge pull request #19007 from cardoe/fix-swift-backend-docs
Fix backend/swift docs
2018-11-08 06:34:09 -08:00
Tom Harvey 49c42b9830
docs: add warning to backend/swift about auto-expire
If the user uses the auto-expire value in the backend/swift settings
then swift will automatically delete their Statefile which is likely
something the user doesn't want given how Terraform works.
2018-11-06 18:18:46 -06:00
Doug Goldstein 817be7b23f
website: update backend/swift examples to use versioning
Since object versioning is a best practice the docs should have all the
examples containing it by default.
2018-11-06 18:18:46 -06:00
Doug Goldstein 58cb47d108
website: backend/swift fix bad link for object versioning
The displayed link said `expire_after` but really is a link to
`archive_container` so update the link to read the right data.
fixes #19005
2018-11-06 18:18:46 -06:00
Doug Goldstein ddc30b6546
website: backend/swift add docs link for expire_after
Provide a link to the OpenStack Swift docs for the object expiration
feature that is used by the `expire_after` field.
2018-11-06 18:18:45 -06:00
Doug Goldstein b31aab4469
website: fix backend/swift links to Swift docs
The links to the OpenStack Swift documentation were broken due to
changes on the OpenStack website.
2018-11-06 18:18:45 -06:00
Doug Goldstein 027b107268
website: update deprecated backend/swift docs
Update the examples and docs to not directly reference deprecated
fields.
2018-11-06 18:18:45 -06:00
Sander van Harmelen 52a1b22f7a Implement the remote enhanced backend
This is a refactored version of the `remote` backend that was initially added to Terraform v0.11.8 which should now be compatible with v0.12.0.
2018-11-06 16:29:46 +01:00
Nick Fagerlund ab88f8ca0f
website: Update and link the page about remote backend operations (#19203) 2018-10-29 11:00:24 -07:00
Kristin Laemmert 5fa624c55e website: update terraform_remote_state syntax in backend docs 2018-10-29 09:22:21 -07:00
Henrique M. Gontijo 642cdd331f
Fix typo. 2018-10-22 14:26:33 -07:00
Sander van Harmelen 775f8a9626 Make sure we always set a custom header
This is for TFE to recognize were the calls come from.
2018-10-15 20:33:42 +02:00
Sander van Harmelen 77b9fad7f0 backend/manta: deprecate camelcase attribute name
This change is needed (next to making it consistent as its the only attribute name that uses camelcase) because passing that attribute objectName in the update `terraform_remote_state` resource, ended up giving me this error: https://github.com/hashicorp/terraform/blob/master/helper/schema/schema.go#L736
2018-08-29 20:22:04 +02:00
Paul Hinze cf8516287e
website: Classify remote backends as a preview release 2018-08-24 17:10:46 -05:00
Alexis Grant 6e5259911e
PTFE not ready for use with this remote version 2018-08-24 13:10:28 -07:00
Nick Fagerlund 4612a71414 website: revise docs for remote backend and credentials config 2018-08-22 14:30:23 -07:00
Paul Tyng d0fec98833
Merge pull request #18647 from hashicorp/paultyng-patch-1
Clarifying the language around "root outputs"
2018-08-17 09:27:05 -04:00
Sander van Harmelen 7049d973a9 Do not use the TFE_TOKEN env variable
Instead promote the use of shared credentials using the CLI Config File
2018-08-10 20:20:16 +02:00
Paul Tyng 22bdc44cb1
Clarifying the language around "root outputs" 2018-08-09 13:20:45 -04:00
Sander van Harmelen 7fb2d1b8de Implement the Enterprise enhanced remote backend 2018-08-03 22:22:55 +02:00
Nick Fagerlund 2487af1945 website: atlas backend requires https protocol in address (#18585)
Just providing the hostname won't work. This commit adds an example and fixes
the explanation.
2018-08-01 17:33:11 -07:00
Nick Fagerlund a51fc61014 website: Revise "atlas" backend page
Add links to important docs (like user tokens), and explain that this isn't part
of our recommended primary workflows anymore.
2018-07-09 15:28:30 -07:00
Thomas Kula e2373c8073 website: Using demo.consul.io requires scheme = "https"
Following the examples as they were previously would cause errors
accessing demo.consul.io. Now we consistently set the scheme to https for
all examples that use demo.consul.io.

This also includes some other updates to the URLs, since the Consul demo
has been rebuilt with a different based configuration, and some general
formatting and copyediting changes in the Consul example.
2018-06-22 10:18:27 -07:00
nicklathe e552897c52 Fix typo (wit -> with) for etcdv3 backend docs 2018-06-11 11:46:17 -07:00
Andrew Haines b6fbb42be6
Add required DynamoDB IAM permissions for state locking to S3 backend docs 2018-04-04 10:38:52 +01:00
Andrew Haines 6c2b2515bd
Update reference to deprecated argument in S3 backend docs 2018-04-04 09:20:08 +01:00
Logan Rakai dd935588f7
Typo Correction 2018-03-18 00:01:30 -06:00
James Bardin 5458ea9aff update etcd documentation links
Add missing link to ectdv3.

Update etcd v2 link to the current v2 README, which highlights the pending
deprecation.
2018-02-15 17:13:24 -05:00
Harry Mills 856b852ac2
Correct typo 2018-01-24 11:02:12 -05:00
Paddy e4cdbd6c9f
Merge pull request #16936 from negz/gcskeys
Support 'customer supplied encryption keys' in the GCS backend
2018-01-09 01:17:35 -08:00
James Bardin d1a678db0d
Merge pull request #16915 from hashicorp/jbardin/gcs-docs
add gcs to the backends that support workspaces in the documentation
2018-01-08 16:47:45 -05:00
Paul Stack 191cf283d5 backend/manta: Support Triton RBAC
Triton Manta allows an account other than the main triton account to be used via RBAC.

Here we expose the SDC_USER / TRITON_USER options to the backend so that a user can be specified.
2018-01-03 12:12:46 -08:00
Nic Cope 011841124b Support 'customer supplied encryption keys' in the GCS backend
https://cloud.google.com/storage/docs/encryption#customer-supplied

GCS state created using customer supplied encryption keys can only be read or
modified using the same key.
2017-12-17 19:27:52 -08:00
James Bardin ccb90d5b6b add gcs to the backends that support workspaces
Also add the term "workspaces" to the `prefix` documentation.
2017-12-14 10:25:03 -05:00
Martin Atkins c729bdff43 website: guide for using the S3 backend with multiple AWS accounts
Users commonly ask how the S3 backend can be used in an organization that
splits its infrastructure across many AWS accounts.

We've traditionally shied away from making specific recommendations here
because we can't possibly anticipate the different standards and
regulations that constrain each user. This new section attempts to
describe one possible approach that works well with Terraform's workflow,
with the goal that users make adjustments to it taking into account their
unique needs.

Since we are intentionally not being prescriptive here -- instead
considering this just one of many approaches -- it deviates from our usual
active writing style in several places to avoid giving the impression that
these are instructions to be followed exactly, which in some cases
requires the use of passive voice even though that is contrary to our
documentation style guide. For similar reasons, this section is also
light on specific code examples, since we do not wish to encourage users
to just copy-paste the examples without thinking through the consequences.
2017-12-08 16:53:43 -08:00
Kevin Fishner 3538f832b0 website: update "atlas" backend to recommend using ATLAS_TOKEN environment variable 2017-12-05 11:34:05 -08:00
Andrew d6b8e27086 website: Document required S3 IAM actions for S3 backend 2017-12-05 11:31:31 -08:00
Sander van Harmelen aaedf255c3 backend/s3: allow skipping the region check (#16757)
Without the possibility to skip this check, it’s not possible to use a custom region with a third-party service that mimicks the S3 API.
2017-12-05 11:19:36 -08:00
Dominik Lekse 323654a716 Fixed documentation of azurerm backend advanced access variables (#16552)
Signed-off-by: Dominik Lekse <dominik@lekse.de>
2017-11-06 16:54:30 +00:00
stack72 1fd0f803e4 Migrate Manta Remote state to be a backend
This PR changes manta from being a legacy remote state client to a new backend type. This also includes creating a simple lock within manta

This PR also unifies the way the triton client is configured (the schema) and also uses the same env vars to set the backend up

It is important to note that if the remote state path does not exist, then the backend will create that path. This means the user doesn't need to fall into a chicken and egg situation of creating the directory in advance before interacting with it
2017-10-30 18:36:50 +02:00
Greg Oliver b5d3559d2d website: refine the description of the azurerm backend 2017-10-27 17:26:37 -07:00
Florian Forster 927085289d backend/remote-state/gcs: Implement the "region" config option.
This allows to select the region in which a bucket is created.
This copies behavior from the Google Cloud provider.
2017-10-27 16:52:21 -04:00
Florian Forster 9583d0945c backend/remote-state/gcs: Add support for the GOOGLE_PROJECT environment variable.
This copies behavior from the Google Cloud provider.
2017-10-27 16:52:21 -04:00
Florian Forster 52e6159219 backend/remote-state/gcs: Improve "bucket" and "credentials" documentation. 2017-10-27 16:52:21 -04:00
Florian Forster df386d3133 backend/remote-state/gcs: Automatically create the bucket if needed.
This resurrects the previously documented but unused "project" option.
This option is required to create buckets (so they are associated with the
right cloud project) but not to access the buckets later on (because their
names are globally unique).
2017-10-27 16:52:21 -04:00
Florian Forster 5205c63bc9 website/docs/backends/types/gcs.html.md: Update.
* Remove the (unused) "project" option.
* Mark the "credentials" option as optional; document behavior when
  unset.
* Mark the "path" option as deprecated (was: legacy) to match
  Terraform's terminology.
2017-10-27 16:52:21 -04:00
Florian Forster 14bfbf0617 backend/remote-state/gcs: Document the "prefix" option.
"state_dir" has been renamed to "prefix" to better fix the GCS
terminology.
2017-10-27 16:51:21 -04:00
James Bardin 91442b7146 Merge pull request #15680 from brunomcustodio/etcdv3-backend
[WIP] etcd v3 backend with lock support.
2017-10-03 14:15:58 -04:00
James Bardin d477d1f6d4 Merge pull request #15553 from bonifaido/custom_s3_backend
Allow non-AWS S3 backends
2017-10-02 19:39:48 -04:00
Bruno Miguel Custodio 524c3934c6
Add TLS support. 2017-09-09 08:03:59 +01:00
Bruno Miguel Custodio 6daf1d9d84
Allow for username and password to be read from envvars. 2017-09-08 23:41:27 +01:00
Bruno Miguel Custodio 8f7b315037
Add documentation. 2017-09-08 23:40:05 +01:00
Tom Harvey cbb512d374 Updating the AzureRM Backend Documentation (#15990)
* Updating to reference this has been renamed

* Clarifying Blob Storage
2017-09-04 07:56:16 +01:00
Loïc Albertin 21b287e919 backend/consul: allow specifying various Consul client security options
These new options are equivalent to the consul CLI arguments -ca-file, -client-cert and -client-key.
2017-08-23 09:47:21 -07:00
Martin Atkins 2e0c1d07ae Merge #15793: Locking support in HTTP remote backend 2017-08-22 09:43:38 -07:00
Ross McFarland e5029de439 Update remote/http doc to match locking changes 2017-08-20 05:59:34 -07:00
James Bardin 216a68a41b update backend docs to reflect new azurerm name
The backend has been renamed. Using the old name in the config will
trigger a deprecation warning, but the implementation and the
documentation is the same.
2017-08-17 12:55:48 -04:00
Peter McAtominey f9e8e54835 backend: convert Azure remote state to a backend
Added locking support via blob leasing (requires that an empty state is
created before any lock can be acquired.

Added support for "environments" in much the same way as the S3 backend.
2017-08-17 16:32:17 +01:00
Tom Harvey 81f9c78122 Adding `resource_group_name` back in, fixes #15610 (#15809) 2017-08-15 11:54:48 +01:00
Ross McFarland 06b4b509d7 Doc state/http supports_locking 2017-08-13 09:49:49 -07:00
James Bardin f63b216016 Update S3 backend docs to reflect new workspaces
Explain the path generated for state files when using workspaces.
2017-07-28 15:08:24 -04:00
Martin Atkins 23ef0e3247 website: more-elaborate "terraform init" docs
The "terraform init" command has a lot of different functionality now,
making it hard to follow all of the options in the previous presentation.
Instead, here we describe each of the steps and its associated options
separately, hopefully making it easier to understand what each option
relates to.

In addition, much of the detail around backend partial configuration is
factored out into the backend configuration page, where it seems more
"at home"; previously it felt hard to follow exactly how partial
configuration would be used, due to the information on it being split over
two different pages.
2017-07-25 08:25:49 -07:00
Nandor Kracser f6c77339f2 Allow non-AWS S3 backends
This commit makes sts, metadata and other AWS related API calls optional, thus the backend initialization will not send non-AWS API tokens to AWS APIs
2017-07-14 13:08:47 +02:00
James Bardin 5066fa2151 Merge pull request #13871 from fatmcgav/swift_move_to_backend
Move Swift remote state to backend
2017-06-27 16:23:46 -04:00
Thomas Schaaf 4b85e91ac5 Update s3.html.md (#15299) 2017-06-27 18:57:38 +03:00
Alex Rowley 22f36a6e43
Document new field for S3 backend 2017-06-22 21:01:44 +01:00
Gavin Williams af5467b9fd website: Update swift backend documentation 2017-06-13 22:04:02 +01:00
Martin Atkins 7ed70bb00e website: new filesystem layout for core/provider split
This repo now contains only the core docs, with other content moving elsewhere.
2017-06-13 11:25:32 -07:00