Commit Graph

25830 Commits

Author SHA1 Message Date
James Bardin cbd64c0d3c restore the prior tainted status on failed apply 2019-11-08 10:33:27 -05:00
James Bardin 84b5de9ae4 simplify EvalMaybeTainted logic
The EvalMaybeTainted logic was confusing, with deep nesting and unneeded
duplicate fields.
2019-11-08 10:29:01 -05:00
James Bardin 4b04e3fa59 failing tests for destroying tainted resources
If a tainted resource fails to destroy, it loses the tainted status
2019-11-08 10:29:01 -05:00
James Bardin bee703360c
Merge pull request #23252 from hashicorp/jbardin/abs-state-dependencies
store absolute addresses for resource dependencies in the state
2019-11-08 10:25:32 -05:00
Martin Atkins 7db2825646 command/format: multi-line rendering for unchanged strings
We have a special treatment for multi-line strings that are being updated
in-place where we show them across multiple lines in the plan output, but
we didn't use that same treatment for rendering multi-line strings in
isolation such as when they are being added for the first time.

Here we detect when we're rendering a multi-line string in a no-change
situation and render it using the diff renderer instead, using the same
value for old and new and thus producing a multi-line result without any
diff markers at all.

This improves consistency between the change and no-change cases, and
makes multi-line strings (such as YAML in block mode) readable in all
cases.
2019-11-07 15:25:40 -08:00
James Bardin 46dbb3dde5 use Dependencies to connect creator and destroyer
The DestroyEdgeTransformer cannot determine ordering from the graph when
the destroyers are from orphaned resources, because there are no
references to resolve. The new stored Dependencies provides what we need
to connect the instances in this case.

We also add the StateDependencies method directly in the
GraphNodeResourceInstance interface, since all instances already
implement this, and we don't need another optional interface to check.

The old code in DestroyEdgeTransformer may no longer be needed in the
long run, but that can be determined separately, since too many of the
tests start with an incomplete state and rely on the Dependencies being
determined from the configuration alone.
2019-11-07 17:49:03 -05:00
James Bardin 10152da478 failing test for update from orphaned instance
Updates resulting from orphaned instances should happen after the
deletion of the instances.
2019-11-07 17:49:03 -05:00
James Bardin 5e16e8eece append dependencies during refresh
Refresh should load any new dependencies found because of configuration
or state changes, but retain any dependencies already in the state.
Orphaned resources would not be in config, but we do not want to lose
the destroy ordering for the later apply.
2019-11-07 17:49:03 -05:00
James Bardin 886af20f07 fixup some test comparisons 2019-11-07 17:49:03 -05:00
James Bardin 16b368e292 only need to handle depends_on to shim old state 2019-11-07 17:49:03 -05:00
James Bardin 42bb4a644c make use of the new state Dependencies
Make use of the new Dependencies field in the instance state.

The inter-instance dependencies will be determined from the complete
reference graph, so that absolute addresses can be stored, rather than
just references within a module. The Dependencies are added to the node
in the same manner as state, i.e. via an "attacher" interface and
transformer.  This is because dependencies are calculated from the graph
itself, and not from the config.
2019-11-07 17:49:03 -05:00
James Bardin 5a0a0020a0 read+write the new dependencies in the statefile
The test fixture did not like having modules when using the generic json
map, so read and compare the states in the final *File datastructure.
2019-11-07 17:49:03 -05:00
andrewjkeith 6cb9aaacfe website: Fix extension_requests argument name for Puppet provisioner 2019-11-06 17:14:12 -08:00
Lars Lehtonen 1219acf467 backend/atlas: fix use of T.Fatal() inside goroutine 2019-11-06 17:11:15 -08:00
Paddy ba7679b679 website: Remove reference to the now-deprecated pgp_key provider design pattern 2019-11-06 17:05:09 -08:00
Roger Berlind de4ef9c546 website: Clarify workspace concepts for remote backend
There are some differences between the Terraform CLI and Terraform Cloud ideas of workspaces.

This documentation aims to explain those differences and show different patterns for configuring the remote backend and the implications of different approaches.
2019-11-06 17:03:20 -08:00
Martin Atkins dbff07c841
Update CHANGELOG.md 2019-11-06 16:30:41 -08:00
Josh Grancell ac3578a0bc command/output: Absence of outputs is not an error 2019-11-06 16:26:32 -08:00
Martin Atkins 21228b473a
Update CHANGELOG.md 2019-11-06 14:19:52 -08:00
Joaquín Fernández Campo d2bc7c25b9 backend/artifactory: Honor HTTP_PROXY and HTTPS_PROXY environment variables 2019-11-06 14:18:33 -08:00
Kent 'picat' Gruber a7f935c63b main: Warn about potential sensitive information in logs when panicking 2019-11-06 14:12:33 -08:00
James Bardin 2d9d6d7afe
Merge pull request #23302 from hashicorp/jbardin/provisioner-utf8
sanitize provisioner output strings
2019-11-06 15:14:29 -05:00
James Bardin 49439d02d1 sanitize provisioner output strings
The grpc protocol requires strings to be valid utf8, but because
provisioners often don't have control over the command output, invalid
utf8 sequences can make it into the response causing grpc transport
errors.

Replace all invalid utf sequences with the standard utf replacement
character in the provisioner output. The code is a direct copy from the
go1.13 std library, and can be replaced with strings.ToValidUTF8 once
it's available.
2019-11-06 14:57:52 -05:00
Martin Atkins 2de4a28860 Build with Go 1.12.13
This is the latest 1.12 minor release at the time of writing. We are not
yet upgrading to Go 1.13 because it ends support for MacOS 10.10 and
earlier (Yosemite) and for versions of FreeBSD prior to 11.2, and so we
need to make that switch with care to properly phase those out as
supported platforms in Terraform too.
2019-11-06 07:02:54 -08:00
Martin Atkins 3a54047984
Update CHANGELOG.md 2019-11-06 06:57:14 -08:00
Martin Atkins d0cbbb6a00 command/format: Remove defunct "Plan" type and associated symbols
This "Plan" type, along with the other types it directly or indirectly
embeds and the associated functions, are adaptations of the
flatmap-oriented plan renderer logic from Terraform 0.11 and prior.

The current diff rendering logic is in diff.go, and so the contents of the
plan.go file are defunct apart from the DiffActionSymbol function that
both implementations share. Therefore here we move DiffActionSymbol into
diff.go and then remove plan.go entirely, in the interests of dead code
removal.
2019-11-06 06:53:32 -08:00
Martin Atkins 9a62ab3014 command: "terraform show" renders plans like "terraform plan"
During the Terraform 0.12 work we briefly had a partial update of the old
Terraform 0.11 (and prior) diff renderer that could work with the new
plan structure, but could produce only partial results.

We switched to the new plan implementation prior to release, but the
"terraform show" command was left calling into the old partial
implementation, and thus produced incomplete results when rendering a
saved plan.

Here we instead use the plan rendering logic from the "terraform plan"
command, making the output of both identical.

Unfortunately, due to the current backend architecture that logic lives
inside the local backend package, and it contains some business logic
around state and schema wrangling that would make it inappropriate to move
wholesale into the command/format package. To allow for a low-risk fix to
the "terraform show" output, here we avoid some more severe refactoring by
just exporting the rendering functionality in a way that allows the
"terraform show" command to call into it.

In future we'd like to move all of the code that actually writes to the
output into the "command" package so that the roles of these components
are better segregated, but that is too big a change to block fixing this
issue.
2019-11-06 06:53:32 -08:00
Keith Kirk 9ba211c04e Avoid leaking sensitive values in undeclared warnings 2019-11-05 17:32:57 -08:00
Martin Atkins b97cf967a1
Update CHANGELOG.md 2019-11-05 16:25:27 -08:00
Bastien Penavayre e7022679b2 vendor: go get github.com/mitchellh/panicwrap@v1.0.0 2019-11-05 16:22:45 -08:00
James Bardin cf49f794d7
Merge pull request #22821 from xiaozhu36/master
backend(oss): add a new field ecs_role_name to support more scenario
2019-11-05 18:11:53 -05:00
Chris Griggs fa12e9f7d9
Merge pull request #23276 from hashicorp/cgriggs01-modifiers
[Website] Community update
2019-11-04 10:57:03 -08:00
cgriggs01 a5ad6dd57b update CDA and Okta 2019-11-04 10:13:43 -08:00
rajata07 f40f8bd4e3 small fix with command usage 'terraform workspace New' 2019-11-03 18:30:03 +01:00
Lucas do Amaral Saboya 806397803c
Update Output values docs. 2019-11-02 17:56:16 -03:00
He Guimin bfae627112 add a new field ecs_role_name to support more scenario 2019-11-02 00:09:46 +08:00
Pam Selle f9f7320438
Merge pull request #17911 from vkatsikaros/patch-2
Expand example explanation
2019-11-01 11:49:27 -04:00
Pam Selle 4f1d363b98 Change wording back to attach, add for_each mention 2019-11-01 11:47:46 -04:00
vkatsikaros 22321efa71 Expand example explanation
As mentioned in  #17871 the current example can hide the fact that the module
path plays an important role. The example's explanation is expanded.

Moreover, the verb "attach" is replaced with "map" to make the vocabulary
consistent with the wording in the documentation of the terraform state.
2019-11-01 11:44:39 -04:00
tf-release-bot 9bd823bc11 Cleanup after v0.12.13 release 2019-10-31 19:28:10 +00:00
tf-release-bot 5cb4596387
v0.12.13 2019-10-31 19:16:37 +00:00
Pam Selle 5070ab7989
Merge pull request #23185 from scott1138/patch-1
Update taint docs - for_each
2019-10-31 13:16:53 -04:00
Martin Atkins 6afb82ee1f
Update CHANGELOG.md 2019-10-31 09:53:25 -07:00
Martin Atkins 8f27409007 backend/remote: Support HCL variable values in local operations
For remote operations, the remote system (Terraform Cloud or Enterprise)
writes the stored variable values into a .tfvars file before running the
remote copy of Terraform CLI.

By contrast, for operations that only run locally (like
"terraform import"), we fetch the stored variable values from the remote
API and add them into the set of available variables directly as part
of creating the local execution context.

Previously in the local-only case we were assuming that all stored
variables are strings, which isn't true: the Terraform Cloud/Enterprise UI
allows users to specify that a particular variable is given as an HCL
expression, in which case the correct behavior is to parse and evaluate
the expression to obtain the final value.

This also addresses a related issue whereby previously we were forcing
all sensitive values to be represented as a special string "<sensitive>".
That leads to type checking errors for any variable specified as having
a type other than string, so instead here we use an unknown value as a
placeholder so that type checking can pass.

Unpopulated sensitive values may cause errors downstream though, so we'll
also produce a warning for each of them to let the user know that those
variables are not available for local-only operations. It's a warning
rather than an error so that operations that don't rely on known values
for those variables can potentially complete successfully.

This can potentially produce errors in situations that would've been
silently ignored before: if a remote variable is marked as being HCL
syntax but is not valid HCL then it will now fail parsing at this early
stage, whereas previously it would've just passed through as a string
and failed only if the operation tried to interpret it as a non-string.
However, in situations like these the remote operations like
"terraform plan" would already have been failing with an equivalent
error message anyway, so it's unlikely that any existing workspace that
is being used for routine operations would have such a broken
configuration.
2019-10-31 09:45:50 -07:00
Martin Atkins 9f9f22091e backend/remote: Unlock workspace if Context fails
Previously any error case in the Context method would cause us to leave
the remote workspace locked on exit, requiring manual action to unlock it.
2019-10-31 09:45:50 -07:00
James Bardin 2c3c011f20 change state dependencies to AbsResource addrs
We need to be able to reference all possible dependencies for ordering
when the configuration is no longer present, which means that absolute
addresses must be used. Since this is only to recreate the proper
ordering for instance destruction, only resources addresses need to be
listed rather than individual instance addresses.
2019-10-30 17:25:53 -04:00
Chris Griggs 74249a8c23
Merge pull request #23235 from hashicorp/cgriggs01-cherryservers
[Website] CherryServer doc links
2019-10-30 11:16:51 -07:00
cgriggs01 e3b18cd0d9 [Website] CherryServer doc links 2019-10-30 10:55:01 -07:00
James Bardin cd7c3e4231 update CHANGELOG.md 2019-10-30 11:04:51 -04:00
James Bardin 7829a4f6ce
Merge pull request #23215 from hashicorp/jbardin/for-each-self
Resource value may be an object in self evaluation
2019-10-29 12:58:25 -04:00