Commit Graph

26772 Commits

Author SHA1 Message Date
Pam Selle 6a126df0c6
Merge pull request #26183 from hashicorp/pselle/sensitive-values
Add sensitive attribute to variables
2020-09-11 11:24:18 -04:00
Alisdair McDiarmid 36ae9647fc
Update CHANGELOG.md 2020-09-11 11:21:10 -04:00
Pam Selle 20ee878d0e Updates and improvements to comments 2020-09-11 11:15:44 -04:00
Alisdair McDiarmid 92abaadc02
Merge pull request #25842 from remilapeyre/consul-path-slash
Sanitize lock path for the Consul backend when it ends with a /
2020-09-11 11:14:49 -04:00
Alisdair McDiarmid 838182ccc9
Merge pull request #26209 from hashicorp/alisdair/upgrade-cli
vendor: Upgrade mitchellh/cli
2020-09-11 10:56:49 -04:00
Alisdair McDiarmid 1b1b17d7c7
Update CHANGELOG.md 2020-09-11 10:55:05 -04:00
Alisdair McDiarmid 549f595c04
Merge pull request #26184 from hashicorp/alisdair/required-providers-validation
configs: Error on invalid required_providers attrs
2020-09-11 10:53:05 -04:00
Pam Selle 8d8389da74 Add diff test with a sensitive change
Adds a diff test for a changed value,
and modifies the diff file to cover variable
diffs on sensitive values
2020-09-10 16:45:31 -04:00
Petros Kolyvas 0babd493ae
website: Add Google and Microsoft products to the summary for supported remote backends (#26204)
* Added Google and Microsoft products to the summary for supported remote backends

* Backends ordering change
2020-09-10 17:07:46 -03:00
Pam Selle 4034cf9f75 Add basic plan test coverage
This also unearthed that the marking must happen
earlier in the eval_diff in order to produce a valid plan
(so that the planned marked value matches the marked config
value)
2020-09-10 16:06:37 -04:00
Alisdair McDiarmid 59662c01af vendor: Upgrade mitchellh/cli
Update tests to match the fix in mitchellh/cli#71, which aligns MockUi
with BasicUi and allows newlines in user input.

We are not using the new ErrorWriter, added in mitchellh/cli#81, as it
does not appear to interact correctly with panicwrap. All error output
from CLI parsing will continue to appear on stdout, not stderr.
2020-09-10 15:23:02 -04:00
hashicorp-ci b60ede1f9f Cleanup after v0.14.0-alpha20200910 release 2020-09-10 15:36:19 +00:00
hashicorp-ci 31917ed59e
Release v0.14.0-alpha20200910 2020-09-10 15:17:37 +00:00
Pam Selle f7e6e83a17
Update CHANGELOG.md 2020-09-10 11:09:59 -04:00
Pam Selle e4e16ccbd3 Rebase fix 2020-09-10 11:06:40 -04:00
Pam Selle 02c1bddfe1 Create experiment for sensitive attribute 2020-09-10 11:04:17 -04:00
Pam Selle 843ed8911b Don't save PathValueMarks on instance_object 2020-09-10 11:04:17 -04:00
Pam Selle 3723594b3d Point go module at master go-cty 2020-09-10 11:04:17 -04:00
Pam Selle 4089b77c2a Update vendored code 2020-09-10 11:04:17 -04:00
Pam Selle 712f5a5cc3 Update plannedNewVal itself
Using markedPlannedNewVal caused many test
failures with ignoreChanges, and I noted plannedNewVal
itself is modified in the eval_diff. plannedNewVal
is now marked closer to the change where it needs it.
There is also a test fixture update to remove interpolation warnings.
2020-09-10 11:04:17 -04:00
Pam Selle b03d5df9dc Disallow sensitive values as for_each arguments 2020-09-10 11:04:17 -04:00
Pam Selle 61c78fd3b9 Add case to compactValueStr not to expose sensitive vals in diagnostics 2020-09-10 11:04:17 -04:00
Pam Selle 3e8b125e53 Apply does not need remarking
Apply, at this moment, appears that
it does not require the remarking strategy,
as the plan has already been printed
2020-09-10 11:04:17 -04:00
Pam Selle 5b0b1a13a5 Update object compatible check to unmark
The hack approach appears consistent,
as we can remove marks before calling the
value validation
2020-09-10 11:04:17 -04:00
Pam Selle e9d9205ce8 Modifications to eval_diff 2020-09-10 11:04:17 -04:00
Pam Selle bc55b6a28b Use UnmarkDeepWithPaths and MarkWithPaths
Updates existing code to use the new Value
methods for unmarking/marking and removes
panics/workarounds in cty marshall methods
2020-09-10 11:04:17 -04:00
Pam Selle 7fef1db20d Add sensitive variable configs test coverage 2020-09-10 11:04:17 -04:00
Pam Selle 6c129a921b Unmark/remark in apply process to allow apply 2020-09-10 11:04:17 -04:00
Pam Selle 896d277a69 If the path is empty, we should not be marking the path 2020-09-10 11:04:17 -04:00
Pam Selle 84d118e18f Track sensitivity through evaluation
Mark sensitivity on a value. However, when the value is encoded to send to the
provider to produce a changeset we must remove the marks, so unmark the value
and remark it with the saved path afterwards
2020-09-10 11:04:17 -04:00
Alisdair McDiarmid 740ac873c9
Update CHANGELOG.md 2020-09-10 11:03:50 -04:00
Pam Selle 862ddf73e2 Add a sensitive attribute 2020-09-10 11:02:54 -04:00
Alisdair McDiarmid a18e1cb24f
Merge pull request #26187 from hashicorp/alisdair/concise-diff
command: Add experimental concise diff renderer
2020-09-10 11:01:20 -04:00
Alisdair McDiarmid 09d8355f43 command: Add experimental concise diff renderer
When rendering a diff between current state and projected state, we only
show resources and outputs which have changes. However, we show a full
structural diff for these values, which includes all attributes and
blocks for a changed resource or output. The result can be a very long
diff, which makes it difficult to verify what the changed fields are.

This commit adds an experimental concise diff renderer, which suppresses
most unchanged fields, only displaying the most relevant changes and
some identifying context. This means:

- Always show all identifying attributes, initially defined as `id`,
  `name`, and `tags`, even if unchanged;
- Only show changed, added, or removed primitive values: `string`,
  `number`, or `bool`;
- Only show added or removed elements in unordered collections and
  structural types: `map`, `set`, and `object`;
- Show added or removed elements with any surrounding unchanged elements
  for sequence types: `list` and `tuple`;
- Only show added or removed nested blocks, or blocks with changed
  attributes.

If any attributes, collection elements, or blocks are hidden, a count
is kept and displayed at the end of the parent scope. This ensures that
it is clear that the diff is only displaying a subset of the resource.

The experiment is currently enabled by default, but can be disabled by
setting the TF_X_CONCISE_DIFF environment variable to 0.
2020-09-10 10:35:55 -04:00
Pam Selle ee544aa4e8
Merge pull request #26190 from hashicorp/pselle/force-push-fix
Fix bug for force push for backends besides the remote backend
2020-09-10 09:20:07 -04:00
Pam Selle 2c35869a32 Fix bug for force push for backends besides the remote backend
In refactoring the force push code when implementing force push
for the Terraform remote backend, a bug was introduced that
meant that backends that don't implement the EnableForcePush
method would still have their state validated. This commit
fixes that, and adds test coverage such that there is a separate
mockRemoteClient that has this method implemented.
2020-09-10 09:13:57 -04:00
James Bardin ec231c7616 apply the stored plan CreateThenDelete action
When applying a plan, a forced CreateBeforeDestroy may not be set during
the apply walk when downstream resources are no longer present in the
graph. We still need to stick to that plan, and both the
NodeApplyableResourceInstance EvalTree and the individual Eval nodes
need to operate on that planned value.

Ensure that we always check for an existing plan when determining
CreateBeforeDestroy status. This must happen in 2 different code paths
due to the eval node pattern currently in-use. Future refactoring may be
able to unify these code-paths to make this less fragile.
2020-09-09 17:02:28 -04:00
James Bardin 7695d1cefe add test for forced cbd with no other changes
If a resource is forced CreateBeforeDestroy from a dependent resource,
and that dependent has no changes, the plan is changed from
CreateThenDelete to DeleteThenCreate causing an apply error.
2020-09-09 16:41:01 -04:00
Kristin Laemmert 1a1225ae29
Mildwonkey/eval local (#26182)
* terraform: refactor EvalLocal, remove unused EvalDeleteLocal
* terraform: refactor NodeCountBoundary
* terraform: node_module_expand refactor
2020-09-09 15:59:29 -04:00
James Bardin cf6bc7163a not all plan action changes are provider bugs
A provider cannot influence CreateThenDelete vs DeleteThenCreate, so we
shouldn't attribute this to the provider in the error.
2020-09-09 15:45:06 -04:00
Jon "The Nice Guy" Spriggs 6f9ce7310c
Website: Add map example to templatefile function docs (#26126)
This change adds an example of using a map with a few keys and shows how it runs it.

Co-authored-by: Nick Fagerlund <nick@hashicorp.com>
2020-09-09 12:30:06 -07:00
James Bardin b8b6cae8ef
Merge pull request #26186 from hashicorp/jbardin/cbd-module-dep
don't connect module closers to destroy nodes
2020-09-09 14:15:57 -04:00
James Bardin c9e581e58a don't connect module closers to destroy nodes
One of the tenants of the graph transformations is that resource destroy
nodes can only be ordered relative to other resources, and can't be
referenced directly. This was broken by the module close node which
naively connected to all module nodes, creating cycles in some cases
when edges are reversed from CreateBeforeDestroy.
2020-09-09 12:23:23 -04:00
Alisdair McDiarmid 898b459a03 configs: Error on invalid required_providers attrs
A few users have recently been confused about the purpose of the
required_providers objects, adding provider configuration parameters in
addition to version and source. This previously did not cause an error
so would result in a confusingly distant failure.

This commit adds a single diagnostic for any required_providers object
which includes attributes other than version or source.
2020-09-09 11:52:47 -04:00
Alisdair McDiarmid 3419422891 website: Fix docs for implied provider FS mirrors
In addition to the directories previously listed, Terraform looks in the
CLI config directory ($HOME/.terraform.d/plugins on macOS/Linux/UNIX,
and %APPDATA%/terraform.d/plugins on Windows). List this in the
documentation for clarity.

We also add a note about the working directory relative "vendor"
location, ./terraform.d/plugins.
2020-09-09 11:15:02 -04:00
Kristin Laemmert 069f379e75 terraform: refactor Node*Ouput
This commit refactors NodeApplyableOutput and NodeDestroyableOutput into
the new Execute() pattern, collapsing the functions in eval_output.go
into one place.

I also reverted a recent decision to have Execute take a _pointer_ to a
walkOperation: I was thinking of interfaces, not constant bytes, so all
it did was cause problems.

And finally I removed eval_lang.go, which was unused.
2020-09-09 08:45:54 -04:00
Pam Selle 5153ea633b Add docs notes for deprecation 2020-09-08 14:33:13 -04:00
Pam Selle e191a57093
Merge pull request #25952 from shaowenchen/improvement_docs
improvement github token
2020-09-08 14:30:54 -04:00
Pam Selle 5ec1868419
Merge pull request #25864 from alexnovak/patch-1
Correct annotation in expressions.html
2020-09-08 14:26:46 -04:00
Pam Selle 621ee056e6
Merge pull request #26108 from qrilka/patch-1
Minor typo
2020-09-08 14:16:07 -04:00