Commit Graph

28586 Commits

Author SHA1 Message Date
Pam Selle a1a46425bd Set and single test coverage 2020-10-15 17:25:53 -04:00
Pam Selle a5c5d2c28c Cover NestingMap case 2020-10-15 17:19:27 -04:00
Pam Selle f790332bff NestingList support tested 2020-10-15 16:55:11 -04:00
Pam Selle 10cffc477d Basic test for GetResource, plus sensitivity 2020-10-15 16:50:57 -04:00
Kristin Laemmert 31033001a8
Update CHANGELOG.md 2020-10-15 11:38:46 -04:00
Tony Carmichael db86f0d182
Merge pull request #26595 from hashicorp/aicarmic-patch-1
Update community-index.html.markdown
2020-10-15 09:25:26 -06:00
Tony Carmichael 9ff007d322
Update community-index.html.markdown 2020-10-15 08:57:33 -06:00
Tony Carmichael 49a3d14b3b
Update community-index.html.markdown
Updates to community listings now that registry has been GA for a few months.
2020-10-15 08:55:57 -06:00
hashicorp-ci 33cc81e65e Cleanup after v0.14.0-beta1 release 2020-10-15 14:19:40 +00:00
hashicorp-ci 0671bc7eab
Release v0.14.0-beta1 2020-10-15 14:03:43 +00:00
Sean Teeling 8980b6dc9e double check the state wasn't created in the short time prior to grabbing the lock 2020-10-14 20:25:41 -07:00
James Bardin 1ecd86d08e
Merge pull request #26155 from hashicorp/unused-env-var
Remove unused env var TF_SKIP_PROVIDER_VERIFY
2020-10-14 18:03:22 -04:00
James Bardin ffbdd72196
Merge pull request #26487 from hashicorp/jbardin/shell-escape
update taint command example
2020-10-14 17:59:33 -04:00
Pam Selle ee9ec8a193 Reordering so attributes are first (understandability) 2020-10-14 17:45:57 -04:00
Pam Selle e44e03b283 If our block doesn't contain any sensitive attrs, skip recursing into it 2020-10-14 17:44:50 -04:00
Pam Selle f60ae7ac08 Mark sensitive attributes in blocks
This implements marking sensitive attributes within
blocks when referenced by adding recursive calls
to get more paths from blocks' attributes
2020-10-14 17:37:06 -04:00
James Bardin 014fb898d5
Merge pull request #26589 from hashicorp/jbardin/vet-fixes
Fixes for go vet
2020-10-14 16:28:35 -04:00
Pam Selle 5e2905d222 Mark attributes providers mark as sensitive
This updates GetResource so that the value
returned has marks where the provider's schema
has marked an attribute as sensitive
2020-10-14 15:30:16 -04:00
James Bardin 98d01615f6 unreachable 2020-10-14 14:09:17 -04:00
James Bardin c61a893590 unused tests
these are no longer relevant
2020-10-14 14:08:09 -04:00
James Bardin 5e9425b562 unreachable 2020-10-14 14:06:00 -04:00
James Bardin b8df47c9ac add struct field names 2020-10-14 14:05:41 -04:00
Alisdair McDiarmid 8bd940d024 go get github.com/mattn/go-colorable@v0.1.8 2020-10-14 13:46:54 -04:00
Alisdair McDiarmid b1500db6b9
Merge pull request #26585 from hashicorp/alisdair/update-hcl-cty
Update hcl and go-cty dependencies
2020-10-14 13:42:46 -04:00
James Bardin 657dd33008
Merge pull request #26557 from remilapeyre/skip-ddl-commands
Add skip_table_creation and skip_index_creation options to the pg backend
2020-10-14 13:36:26 -04:00
James Bardin 08abf5d561
Merge pull request #26577 from hashicorp/jbardin/decoder-spec
Memoize Block.DecoderSpec
2020-10-14 12:45:23 -04:00
James Bardin e27ecba6e4 extended cache comments 2020-10-14 12:45:06 -04:00
Petros Kolyvas dc48450e79
Provisioner contribution guide updates (#26538)
An update on the deprecated state of vendor provisioners for our contribution guide.
2020-10-14 12:30:40 -04:00
Martin Atkins 0009768c7f internal/depsfile: Update the dependency lock file atomically
In this case, "atomic" means that there will be no situation where the
file contains only part of the newContent data, and therefore other
software monitoring the file for changes (using a mechanism like inotify)
won't encounter a truncated file.

It does _not_ mean that there can't be existing filehandles open against
the old version of the file. On Windows systems the write will fail in
that case, but on Unix systems the write will typically succeed but leave
the existing filehandles still pointing at the old version of the file.
They'll need to reopen the file in order to see the new content.
2020-10-14 08:01:19 -07:00
Martin Atkins 55e6f64977 internal/depsfile: Factor out our atomic file replacement logic
This originated in the cliconfig code to write out credentials files. The
Windows implementation of this in particular was quite onerous to get
right because it needs a very specific sequence of operations to avoid
running into exclusive file locks, and so by factoring this out with
only cosmetic modification we can avoid repeating all of that engineering
effort for other atomic file writing use-cases.
2020-10-14 08:01:19 -07:00
Martin Atkins e70ab09bf1 command: new cache directory .terraform/providers for providers
Terraform v0.10 introduced .terraform/plugins as a cache directory for
automatically-installed plugins, Terraform v0.13 later reorganized the
directory structure inside but retained its purpose as a cache.

The local cache used to also serve as a record of specifically which
packages were selected in a particular working directory, with the intent
that a second run of "terraform init" would always select the same
packages again. That meant that in some sense it behaved a bit like a
local filesystem mirror directory, even though that wasn't its intended
purpose.

Due to some unfortunate miscommunications, somewhere a long the line we
published some documentation that _recommended_ using the cache directory
as if it were a filesystem mirror directory when working with Terraform
Cloud. That was really only working as an accident of implementation
details, and Terraform v0.14 is now going to break that because the source
of record for the currently-selected provider versions is now the
public-facing dependency lock file rather than the contents of an existing
local cache directory on disk.

After some consideration of how to move forward here, this commit
implements a compromise that tries to avoid silently doing anything
surprising while still giving useful guidance to folks who were previously
using the unsupported strategy. Specifically:

- The local cache directory will now be .terraform/providers rather than
  .terraform/plugins, because .terraform/plugins is effectively "poisoned"
  by the incorrect usage that we can't reliably distinguish from prior
  version correct usage.

- The .terraform/plugins directory is now the "legacy cache directory". It
  is intentionally _not_ now a filesystem mirror directory, because that
  would risk incorrectly interpreting providers automatically installed
  by Terraform v0.13 as if they were a local mirror, and thus upgrades
  and checksum fetches from the origin registry would be blocked.

- Because of the previous two points, someone who _was_ trying to use the
  legacy cache directory as a filesystem mirror would see installation
  fail for any providers they manually added to the legacy directory.

  To avoid leaving that user stumped as to what went wrong, there's a
  heuristic for the case where a non-official provider fails installation
  and yet we can see it in the legacy cache directory. If that heuristic
  matches then we'll produce a warning message hinting to move the
  provider under the terraform.d/plugins directory, which is a _correct_
  location for "bundled" provider plugins that belong only to a single
  configuration (as opposed to being installed globally on a system).

This does unfortunately mean that anyone who was following the
incorrectly-documented pattern will now encounter an error (and the
aforementioned warning hint) after upgrading to Terraform v0.14. This
seems like the safest compromise because Terraform can't automatically
infer the intent of files it finds in .terraform/plugins in order to
decide automatically how best to handle them.

The internals of the .terraform directory are always considered
implementation detail for a particular Terraform version and so switching
to a new directory for the _actual_ cache directory fits within our usual
set of guarantees, though it's definitely non-ideal in isolation but okay
when taken in the broader context of this problem, where the alternative
would be silent misbehavior when upgrading.
2020-10-14 07:53:41 -07:00
James Bardin bb76c3b50c
Update configs/configschema/decoder_spec.go
Co-authored-by: Kristin Laemmert <mildwonkey@users.noreply.github.com>
2020-10-14 10:33:44 -04:00
Alisdair McDiarmid 948ab5ebca go get github.com/zclconf/go-cty@e5225636c8c2 2020-10-14 10:17:22 -04:00
Alisdair McDiarmid a647b11af8 go get github.com/hashicorp/hcl/v2@v2.7.0 2020-10-14 10:16:42 -04:00
James Bardin dd8a8bdea1 add benchmark used for DecoderSpec
Not a great benchmark, but record it here for posterity. Practical
testing with the AWS provider gives us a 98% speedup for simple plans.
2020-10-14 09:19:26 -04:00
James Bardin d40e2fb8d1 cache DecoderSpec calls
DecoderSpec may be called many times, and deeply recursive calls are
expensive. Since we cannot synchronize the Blocks themselves due to them
being copied in parts of the code, we use a separate cache to store the
generated Specs.
2020-10-14 09:19:26 -04:00
James Bardin d3307f4864
Merge pull request #26584 from hashicorp/jbardin/var-tests
re-enable and fix module variable tests
2020-10-14 09:16:59 -04:00
James Bardin 2e35ac12f3
Merge pull request #26583 from hashicorp/jbardin/go-cmp
update go-cmp
2020-10-14 09:12:44 -04:00
James Bardin 073beb90a6 re-enable and fix module variable tests
A few tests were inadvertently renamed, causing them to be be skipped.
For some reason this is not caught by the `vet` pass that happens during
normal testing.
2020-10-14 09:10:37 -04:00
James Bardin e20a01a292 update go-cmp
Update go-cmp to prevent pointer arithmetic panics when using the race
detector.
2020-10-14 08:37:14 -04:00
Pam Selle 8f72f4f317
Merge pull request #21936 from tiny-dancer/patch-1
Terraform Plan CLI Vars Format
2020-10-13 16:18:39 -04:00
Pam Selle 98603a7c51
Merge pull request #20036 from scraly/patch-2
feat(environment variable): add TF_WORKSPACE information
2020-10-13 16:11:09 -04:00
Pam Selle 305c6fc029
Merge branch 'master' into patch-2 2020-10-13 16:07:28 -04:00
Pam Selle 31805ef04c
Merge pull request #26575 from hashicorp/pselle/chdir-fix
Fix un-saved error on chdir
2020-10-13 16:02:49 -04:00
Alisdair McDiarmid a275d40274
Merge pull request #26573 from hashicorp/alisdair/show-diffs-when-only-sensitivity-changes
command: Show diffs when only sensitivity changes
2020-10-13 14:56:51 -04:00
Pam Selle 328baaad84 Fix un-saved error on chdir 2020-10-13 14:22:25 -04:00
Alisdair McDiarmid c798dc98db command: Show diffs when only sensitivity changes
When an attribute's sensitivity changes, but its value remains the same,
we consider this an update operation for the plan. This commit updates
the diff renderer to match this, detecting and displaying the change in
sensitivity.

Previously, the renderer would detect no changes to the value of the
attribute, and consider it a no-op action. This resulted in suppression
of the attribute when the plan is in concise mode.

This is achieved with a new helper function, ctyEqualValueAndMarks. We
call this function whenever we want to check that two values are equal
in order to determine whether the action is update or no-op.
2020-10-13 13:55:16 -04:00
Sean Teeling 7d6ec431d2 test locks in non-default workspace 2020-10-13 08:18:54 -07:00
Pam Selle fcae49611c
Merge pull request #26555 from hashicorp/pselle/sensitive-var-value-compat
Avoid disclosing values in errors on marked vals
2020-10-13 10:51:25 -04:00
Kristin Laemmert 57fd4c34d1 terraform: fix ProviderConfigTransformer
The ProviderConfigTransformer was using only the provider FQN to attach
a provider configuration to the provider, but what it needs to do is
find the local name for the given provider FQN (which may not match the
type name) and use that when searching for matching provider
configuration.

Fixes #26556

This will also be backported to the v0.13 branch.
2020-10-13 10:07:25 -04:00