Commit Graph

26898 Commits

Author SHA1 Message Date
Pam Selle 531728f6e9 Sensitive diffs for primitive types
When showing primitive type diffs, hide possibly
sensitive values
2020-09-24 13:27:15 -04:00
Pam Selle 20921dbfb8 Add warning about sensitivity change
This commit adds a warning before displaying
a sensitive diff, and always obfuscates the old value (even
if it was not previously marked as sensitive)
2020-09-24 12:57:40 -04:00
Pam Selle 0a02e7040f
Store sensitive attribute paths in state (#26338)
* Add creation test and simplify in-place test

* Add deletion test

* Start adding marking from state

Start storing paths that should be marked
when pulled out of state. Implements deep
copy for attr paths. This commit also includes some
comment noise from investigations, and fixing the diff test

* Fix apply stripping marks

* Expand diff tests

* Basic apply test

* Update comments on equality checks to clarify current understanding

* Add JSON serialization for sensitive paths

We need to serialize a slice of cty.Path values to be used to re-mark
the sensitive values of a resource instance when loading the state file.
Paths consist of a list of steps, each of which may be either getting an
attribute value by name, or indexing into a collection by string or
number.

To serialize these without building a complex parser for a compact
string form, we render a nested array of small objects, like so:

[
  [
    { type: "get_attr", value: "foo" },
    { type: "index", value: { "type": "number", "value": 2 } }
  ]
]

The above example is equivalent to a path `foo[2]`.

* Format diffs with map types

Comparisons need unmarked values to operate on,
so create unmarked values for those operations. Additionally,
change diff to cover map types

* Remove debugging printing

* Fix bug with marking non-sensitive values

When pulling a sensitive value from state,
we were previously using those marks to remark
the planned new value, but that new value
might *not* be sensitive, so let's not do that

* Fix apply test

Apply was not passing the second state
through to the third pass at apply

* Consistency in checking for length of paths vs inspecting into value

* In apply, don't mark with before paths

* AttrPaths test coverage for DeepCopy

* Revert format changes

Reverts format changes in format/diff for this
branch so those changes can be discussed on a separate PR

* Refactor name of AttrPaths to AttrSensitivePaths

* Rename AttributePaths/attributePaths for naming consistency

Co-authored-by: Alisdair McDiarmid <alisdair@users.noreply.github.com>
2020-09-24 12:40:17 -04:00
James Bardin a7c5a72c3d
Merge pull request #26358 from hashicorp/jbardin/no-vendor
Remove vendoring
2020-09-24 10:57:02 -04:00
James Bardin 15dd493139
Merge pull request #26357 from hashicorp/jbardin/go-version
Update go to 1.15
2020-09-24 10:09:45 -04:00
James Bardin 435d8bdbae
Merge pull request #26343 from hashicorp/jbardin/update-cbd-state
Update create_before_destroy in state during refresh
2020-09-24 10:03:18 -04:00
James Bardin a0cee10720 add Addr field for logging 2020-09-24 09:49:22 -04:00
James Bardin eb17d9799b refresh cbd test 2020-09-24 09:43:48 -04:00
James Bardin 27809871ca update create_before_destroy when refreshing
In order to save any changes to lifecycle options, we need to record
those changes during refresh, otherwise they would only be updated when
there is a change in the resource to be applied.
2020-09-24 09:43:45 -04:00
James Bardin 014bd30a67
Merge pull request #26353 from hashicorp/jbardin/refresh-false
Re-implement -refresh=false
2020-09-24 09:40:33 -04:00
James Bardin 37569f5cc3 insert PlanRefresh into the context 2020-09-24 09:34:49 -04:00
James Bardin b16c600edc verify skipRefresh during plan 2020-09-24 09:34:49 -04:00
James Bardin 84f7116ac8 thread skipContext through to the instance node 2020-09-24 09:34:49 -04:00
James Bardin eebb4dfcb2 add SkipRefresh to the terraform context 2020-09-24 09:34:49 -04:00
James Bardin c2566bff7b
Merge pull request #26351 from hashicorp/jbardin/dependencies
we no longer need EvalRefreshDependencies
2020-09-24 09:33:59 -04:00
James Bardin 53a8e321eb remove mod=vendor in statemgr test 2020-09-24 08:44:49 -04:00
James Bardin 2e5366ac69 remove -mod=vendor from command tests 2020-09-23 17:56:19 -04:00
James Bardin 50e547db4d remove vendoring from contribution guide 2020-09-23 17:06:59 -04:00
James Bardin 8bfbafa790 remove vendor from some tooling 2020-09-23 17:06:59 -04:00
James Bardin bf5fc8b913 go1.15 in circleci 2020-09-23 16:54:37 -04:00
James Bardin 35a5b40500 remove vendor folder
Go modules are well understood and supported now, and since our build
pipeline no longer uses the vendored packages, we can remove the extra
overhead of maintaining these files.
2020-09-23 16:44:35 -04:00
James Bardin 6b6499d61c update go.sum for go1.15 2020-09-23 16:43:43 -04:00
James Bardin df1ac404fc fix error string matching in test
This package is no longer used, but we are retaining it for now for its
help in protocol test coverage.
2020-09-23 16:43:40 -04:00
James Bardin 537070ca57 update to go1.15.2 2020-09-23 15:18:22 -04:00
hashicorp-ci 6d86cd46f7 Cleanup after v0.14.0-alpha20200923 release 2020-09-23 18:19:52 +00:00
James Bardin def1f9b084 we no longer need EvalRefreshDependencies
This evaluation was required when refresh ran in a separate walk and
managed resources were only partly handled by configuration. Now that we
have the correct dependency information available when refreshing
configured resources, we can update their state accordingly. Since
orphaned resources are not refreshed, they can retain their stored
dependencies for correct ordering.

This also prevents users from introducing cycles with nodes they can't
"see", since only orphaned nodes will retain their stored dependencies,
and the remaining nodes will be updated according to the configuration.
2020-09-23 14:08:52 -04:00
hashicorp-ci f4a36d8939
Release v0.14.0-alpha20200923 2020-09-23 17:44:31 +00:00
Martin Atkins bd5aeb3d45
Update CHANGELOG.md 2020-09-23 10:22:41 -07:00
Martin Atkins 1510a33d2a
Update CHANGELOG.md 2020-09-23 10:18:57 -07:00
Pam Selle c8169950a8
Merge pull request #26342 from hashicorp/pselle/evaluate_test
tests: Add test for GetInputVariable, with sensitive config
2020-09-23 11:25:47 -04:00
Martin Atkins ddab48a3b4
hashibot: Temporarily disable issue migration
The bot seems to currently be running into some operational problems that are
creating noise for provider development teams by potentially migrating issues
multiple times.

This is just a tactical change to stop the annoying symptoms right now, to
give some time to figure out what's actually going on here.
2020-09-22 14:41:18 -07:00
Alisdair McDiarmid 14a233b019 command: Taint should respect required_version
Despite not requiring the configuration for any other reason, the taint
subcommand should not execute if the required_version constraints cannot
be met. Doing so can result in an undesirable state file upgrade.
2020-09-22 17:33:09 -04:00
Pam Selle a720409ded Add test for GetInputVariable, with sensitive config
This adds a test for GetInputVariable, and includes
a variable with a "sensitive" attribute in configuration,
to test that that value is marked as sensitive
2020-09-22 16:35:40 -04:00
James Bardin ce2e59f835
Merge pull request #26329 from hashicorp/jbardin/remove-refresh
Remove refresh entirely
2020-09-22 15:40:53 -04:00
Pam Selle 9c16724221
Merge pull request #26337 from hashicorp/pselle/docs-vendor-provisioners
docs: Vendor provisioner deprecation version
2020-09-22 14:54:21 -04:00
Alisdair McDiarmid 0a5f2d9047
Merge pull request #26334 from hashicorp/alisdair/deprecate-nested-redundant-interpolation-expressions
configs: Deprecate nested redundant interpolations
2020-09-22 14:11:52 -04:00
Pam Selle 3ba38f9b1f (docs) Vendor provisioner deprecation version 2020-09-22 14:06:39 -04:00
Alisdair McDiarmid 13ed5af5c8 configs: Deprecate nested redundant interpolations
Previous deprecations only included direct assignment of template-only
expressions to arguments. That is, this was not deprecated:

locals {
  foo = ["${var.foo}"]
}

This commit uses hclsyntax.VisitAll to detect and show deprecations for
all template-only expressions, no matter how deep they are in a given
expression.
2020-09-22 13:40:08 -04:00
Alisdair McDiarmid 85ddb386ec
Merge pull request #26318 from hashicorp/alisdair/providers-schema-required-providers
command: Providers schema shows required_providers
2020-09-22 12:42:06 -04:00
James Bardin 87676358e7 update CHANGELOG.md 2020-09-22 10:57:47 -04:00
Alisdair McDiarmid 18f9ea53b9 command: Providers schema shows required_providers
The providers schema command is using the Config.ProviderTypes method,
which had not been kept up to date with the changes to provider
requirements detection made in Config.ProviderRequirements. This
resulted in any currently-unused providers being omitted from the
output.

This commit changes the ProviderTypes method to use the same underlying
logic as ProviderRequirements, which ensures that `required_providers`
blocks are taken into account.

Includes an integration test case to verify that this fixes the provider
schemas command bug.
2020-09-22 10:28:32 -04:00
James Bardin 906d399189 remove refresh!
Delete all the code associated with the Refresh walk
2020-09-22 10:27:45 -04:00
James Bardin 915d4e4b45
Merge pull request #26321 from hashicorp/jbardin/simplify-data-lifecycle
simplify data lifecycle
2020-09-22 10:27:16 -04:00
Justin Campbell 1554e04108
website: Add Registry email to publishing doc (#26327) 2020-09-22 10:26:29 -04:00
James Bardin 522df46d91 test output was incorrectly changed
Roll back this part of the change. The incorrect output never passed the
test.
2020-09-22 10:05:52 -04:00
James Bardin ab06f0c9f8 we can roll back the e2e tests
the data sources no longer show up in the tests
2020-09-22 09:55:19 -04:00
James Bardin 6039622111 Simplify data lifecycle for the no-refresh world
Now that we don't have to handle data sources that may or may not have
been updated during a refresh phase, and the plan phase can save the
data source to the refreshed state, we can remove a lot of the logic
involved in detecting whether the data source needs to be planned or
not.

When there is no separate refresh phase, we always must attempt to read
the data source during planning, and the only conditions are based on
having a known configuration, and not having any dependencies on which
we're waiting. If the data source is read during plan, we can now save
that directly to the refreshed state, and don't need to smuggle the
value as a change to be saved during apply.
2020-09-22 09:55:19 -04:00
James Bardin 921f36a361
Merge pull request #26317 from hashicorp/jbardin/remove-refresh-walk
Replace internal Refresh command with Plan
2020-09-22 09:54:24 -04:00
Paul Tyng 59e77685cb
Merge pull request #26326 from hashicorp/paultyng-patch-1
Minor instructions update for GPG key creation
2020-09-22 09:37:34 -04:00
Justin Campbell 45666f8216
website: Update Registry key management docs (#26299) 2020-09-22 09:37:26 -04:00