Commit Graph

27018 Commits

Author SHA1 Message Date
Alisdair McDiarmid 677aabc767 command: Fix backend config override validation
When loading a backend config override file, init was doing two things
wrong:

- First, if the file failed to parse, we accidentally didn't return,
  which caused a panic due to the parsed body being nil;
- Secondly, we were overzealous with the validation of the file,
  allowing only attributes. While most backend configs are attributes
  only, the enhanced remote backend body also contains a `workspaces`
  block, which we need to support here.

This commit fixes the first bug with an early return and adds test cases
for missing file and intentionally-blank filename (to clear the config).

We also add a schema validation for the backend block, based on the
backend schema itself. This requires constructing an HCL body schema so
that we can call `Content` and check for diagnostic errors.

The result is more useful errors when an invalid backend config override
file is used, while also supporting the enhanced remote backend config
fully.

Does not include tests specific to the remote backend, because the
mocking involved to allow the backend to fully initialize is too
involved to be worth it.
2020-08-21 16:21:13 -04:00
shaowenchen a2b52c0dfc
improvement github token
Signed-off-by: shaowenchen <mail@chenshaowen.com>
2020-08-21 17:50:05 +08:00
Kristin Laemmert e63093edc8
build: disable github pr annotations (#25942) 2020-08-20 13:06:48 -04:00
Kristin Laemmert 9168abc3e5
website/docs: clarify behavior of -state flag (#25928)
* website: clarify behavior of -state option
2020-08-20 10:23:08 -04:00
Cameron Stitt 2e829a0d54
Merge pull request #25929 from hashicorp/cam-stitt/config-depends-on
Ensure depends_on is in module calls for config
2020-08-20 22:30:49 +10:00
Cameron Stitt 54e32652f7
Ensure depends_on is in module calls for config 2020-08-20 07:49:03 +10:00
James Bardin 0c5430f88d
Merge pull request #25585 from chushenmeshile/master
fix ossbackend only returned 100 workspaces
2020-08-19 16:55:31 -04:00
Kristin Laemmert 8a75a4fc7b
terraform-bundle: initial changelog (#25917) 2020-08-19 15:20:07 -04:00
Nick Fagerlund ff9218c105 website: fix nav link text for 'providers mirror' 2020-08-19 12:14:24 -07:00
Rachel Sharp f44d32ab57 update cloud-init casing 2020-08-19 12:07:37 -07:00
Rachel Sharp bb598c27fe Updating links for cloud init guide in docs 2020-08-19 12:07:37 -07:00
James Bardin bd5ff98ca7
Merge pull request #25830 from hashicorp/kt/secret-metadata-host
backend/azurerm: support loading environments from a metadata host
2020-08-19 13:57:10 -04:00
James Bardin 82dcc93a1e
Merge pull request #25769 from hashicorp/f/azure-backend
dependencies: updating Azure/azure-sdk-for-go, Azure/go-autorest, hashicorp/go-azure-helpers, tombuildsstuff/giovanni
2020-08-19 13:56:54 -04:00
James Bardin d46e9a4198
Merge pull request #25770 from hashicorp/f/azure-backend-spcert
backend/azurerm: support for authenticating using a Client Certificate
2020-08-19 13:56:30 -04:00
James Bardin 59b7ae8eb4
Merge pull request #25694 from alrs/alrs/terraform-test-err
terraform: fix dropped test error
2020-08-19 11:37:41 -04:00
Alisdair McDiarmid 9a366b9b62
Update CHANGELOG.md 2020-08-19 11:27:51 -04:00
Alisdair McDiarmid 30c7dfca62
Merge pull request #25898 from hashicorp/alisdair/fix-required-version-diags
terraform: Fix required version constraint diags
2020-08-19 11:26:03 -04:00
Alisdair McDiarmid 3114e2ad7c
Merge pull request #25890 from hashicorp/import-our-nemesis
terraform: Eval module call arguments for import
2020-08-19 11:25:38 -04:00
James Bardin 7ef4e7f6ad
Merge pull request #25857 from hashicorp/jbardin/data-diffs
allow plan data state comparison with legacy SDK
2020-08-19 11:11:40 -04:00
James Bardin b68ab92392 more complicated for_each destroy 2020-08-19 11:10:12 -04:00
James Bardin a6776eaa94 completely prune inter-module dependencies
There was a missing outer loop for catching inverse module dependencies
when pruning nodes for destroy. Since the need to "register" the fully
destroyed modules no longer exists, the extra complication of pruning
the modules as a whole from the leaves inward is no longer required.
While it is technically still a valid optimization to reduce iterations,
the extra comparisons required to backtrack for transitive dependencies
don't amount to much, and having a single nested loop is much easier to
maintain.
2020-08-19 11:10:12 -04:00
kmoe d844d02b87
Update CHANGELOG.md 2020-08-19 14:10:37 +01:00
Daniel Dreier 1e73bed83b
Merge pull request #25916 from remilapeyre/patch-1
Add remilapeyre to CODEOWNERS
2020-08-19 09:09:53 -04:00
kmoe 6486b857d6
Merge pull request #25811 from hashicorp/terraform-version-order
terraform version: fix output order
2020-08-19 13:54:18 +01:00
Rémi Lapeyre 0056882859
Add remilapeyre to CODEOWNERS 2020-08-19 14:25:19 +02:00
Martin Atkins 189f9fa382
Update CHANGELOG.md 2020-08-18 14:41:07 -07:00
Martin Atkins 6f05430295
Update CHANGELOG.md 2020-08-18 14:39:57 -07:00
Martin Atkins ce67a818db internal/getproviders: Allow basedir for local search to be symlink
The SearchLocalDirectory function was intentionally written to only
support symlinks at the leaves so that it wouldn't risk getting into an
infinite loop traversing intermediate symlinks, but that rule was also
applying to the base directory itself.

It's pretty reasonable to put your local plugins in some location
Terraform wouldn't normally search (e.g. because you want to get them from
a shared filesystem mounted somewhere) and creating a symlink from one
of the locations Terraform _does_ search is a convenient way to help
Terraform find those without going all in on the explicit provider
installation methods configuration that is intended for more complicated
situations.

To allow for that, here we make a special exception for the base
directory, resolving that first before we do any directory walking.

In order to help with debugging a situation where there are for some
reason symlinks at intermediate levels inside the search tree, we also now
emit a WARN log line in that case to be explicit that symlinks are not
supported there and to hint to put the symlink at the top-level if you
want to use symlinks at all.

(The support for symlinks at the deepest level of search is not mentioned
in this message because we allow it primarily for our own cache linking
behavior.)
2020-08-18 14:28:50 -07:00
angie pinilla daa112b566
Update CHANGELOG for #25903 2020-08-18 14:18:58 -04:00
angie pinilla d96d834ec1
Merge pull request #25903 from hashicorp/f-aws-sdk-go-base-update
backend/s3: Update aws-sdk-go-base to v0.6.0
2020-08-18 14:09:28 -04:00
Angie Pinilla 582fb73a7c deps: Update aws-sdk-go-based to 0.6.0 2020-08-18 12:49:31 -04:00
Alisdair McDiarmid c98f352dc8 terraform: Fix required version constraint diags
If a module has multiple terraform.required_version constraints, any
failures would point at the last constraint in the error diagnostics. If
an earlier constraint was the actual problem, this leads to confusing
errors like this:

    Error: Unsupported Terraform Core version

      on main.tf line 6, in terraform:
       6:   required_version = ">= 0.13.0"

    This configuration does not support Terraform version 0.13.0.

The error was due to storing the declaration range of the constraint as
a pointer to the contents of a loop variable, which was later
overwritten in later iterations of the loop.  Instead we now use HCL's
handy Ptr() method to create a direct pointer to the range struct.
2020-08-18 09:35:32 -04:00
Alisdair McDiarmid d8e9964363 terraform: Eval module call arguments for import
Include the import walk in the list of operations for which we create an
EvalModuleCallArgument node. This causes module call arguments to be
evaluated even if the module variables have defaults, ensuring that
invalid default values (such as the common "{}" for variables thought of
as maps) do not cause failures specific to import.

This fixes a bug where a child module evaluates an input variable in its
locals block, assuming that it is a nested object structure. The bug
report includes a default value of "{}", which is overridden by a root
variable value. Without the eval node added in this commit, the default
value is used and the local evaluation errors.
2020-08-17 17:14:12 -04:00
Alisdair McDiarmid 27affd06ce
Update CHANGELOG.md 2020-08-17 11:23:34 -04:00
Alisdair McDiarmid eb9e32d7b2
Merge pull request #25861 from hashicorp/alisdair/builtin-provider-legacy-string
addrs: Fix LegacyString for builtin providers
2020-08-17 11:22:20 -04:00
Alex Novak 82aa2d4467
Correct annotation in expressions.html
`false` section was missing a finishing "`"
2020-08-14 16:33:54 -04:00
Alisdair McDiarmid e02e53ed4d states: Add roundtrip v3->v4 with builtin provider 2020-08-14 15:40:48 -04:00
Alisdair McDiarmid d53a4ac588 addrs: Fix LegacyString for builtin provider addrs
Builtin provider addrs (i.e. "terraform.io/builtin/terraform") should be
able to convert to legacy string form (i.e. "terraform"). This ensures
that we can safely round-trip through ParseLegacyAbsProviderConfig,
which can return either a legacy or a builtin provider addr.
2020-08-14 14:56:35 -04:00
Kristin Laemmert 95eca06782
statemgr: add a NewUnlockErrorFull state manager for tests (#25823)
* statemgr: add a NewUnlockErrorFull state manager for tests

I've frequently needed to coerce Unlock() errors for tests and it's been
awkward and fraught every time, so I decided to add a full state manger
that returns *mostly* errors. I intend to use this in conjunction with
the clistate.Locker interface, which first calls Lock() (to block if the
mutex is in use) at the start of Unlock(), so Lock() rather awkwardly needed to succeed.
2020-08-14 14:14:51 -04:00
Kristin Laemmert c9f710ac29
terraform: remove DisableReduce from refresh, plan and apply graphs (#25824) 2020-08-14 14:13:33 -04:00
James Bardin 93246bd978 allow plan data state comparison with legacy SDK
In order to determine if we need to re-read a data source during plan,
we need to compare the newly evaluated configuration with the stored
state. To do that we create a ProposedNewVal, which if there are no
changes, should match the existing state exactly.

A problem arises if the remote data source contains any blocks, and they
are not set in the configuration. Terraform always decodes configuration
blocks as empty containers, however the legacy SDK cannot correctly
handle empty blocks and may return a null block which is saved to the
state. In order to correctly make the comparison for planning, we need
to reify those null blocks as empty containers in the cty value.

The createEmptyBlocks helper converts any null NestingList or NestingSet
blocks to empty list or set cty values. We only need to be concerned
with List and Set, because those are the only types that can be defined
with the legacy SDK. In hindsight these could have been normalized in
the legacy SDK shims had this problem been uncovered earlier, but for the
sake of compatibility we will now normalize these in core.
2020-08-14 13:36:52 -04:00
Rémi Lapeyre e680211bc0 Split the state in chunks when they outgrow the limit of Consul KV store
The Consul KV store limits the size of the values in the KV store to 524288
bytes. Once the state reaches this limit Consul will refuse to save it. It is
currently possible to try to bypass this limitation by enable Gzip but the issue
will manifest itself later. This is particularly inconvenient as it is possible
for the state to reach this limit without changing the Terraform configuration
as datasources or computed attributes can suddenly return more data than they
used to. Several users already had issues with this.

To fix the problem once and for all we now split the payload in chunks of 524288
bytes when they are to large and store them separatly in the KV store. A small
JSON payload that references all the chunks so we can retrieve them later and
concatenate them to reconstruct the payload.

While this has the caveat of requiring multiple calls to Consul that cannot be
done as a single transaction as those have the same size limit, we use unique
paths for the chunks and CAS when setting the last payload so possible issues
during calls to Put() should not result in unreadable states.

Closes https://github.com/hashicorp/terraform/issues/19182
2020-08-14 17:38:18 +02:00
Kristin Laemmert b5f4f9a96e
website: add providers mirror command to providers sidebar 2020-08-14 10:17:55 -04:00
Kristin Laemmert 470298006f website: add providers mirror command to providers sidebar 2020-08-14 10:03:31 -04:00
Zachary Whaley af8d5a69d8 Fix error when TF_CLI_ARGS adds -no-color argument
Fixes #25845
2020-08-13 13:41:34 -05:00
Tony Carmichael f5c8ef19ad
Merge pull request #25844 from hashicorp/aicarmic-add-org-gpg-instructions
Update publishing.html.md
2020-08-13 10:03:17 -06:00
Tony Carmichael 76fb0515af
Update publishing.html.md
Clarify steps for sending in GPG keys if publishing with a GH org.
2020-08-13 09:40:52 -06:00
Rémi Lapeyre 032d339915 Sanitize lock path for the Consul backend when it ends with a /
When the path ends with / (e.g. `path = "tfstate/"), the lock
path used will contain two consecutive slashes (e.g. `tfstate//.lock`) which
Consul does not accept.

This change the lock path so it is sanitized to `tfstate/.lock`.

If the user has two different Terraform project, one with `path = "tfstate"` and
the other with `path = "tfstate/"`, the paths for the locks will be the same
which will be confusing as locking one project will lock both. I wish it were
possible to forbid ending slashes altogether but doing so would require all
users currently having an ending slash in the path to manually move their
Terraform state and would be a poor user experience.

Closes https://github.com/hashicorp/terraform/issues/15747
2020-08-13 16:29:43 +02:00
Rémi Lapeyre 11eb88753d Fix `terraform force-unlock <lock_id>` for Consul backend
When locking was enabled with the Consul backend and the lock not properly
released, the `terraform force-unlock <lock_id>` command would do nothing as
its implementation would exit early in that case.

It now destroys the session that created the lock and clean both the lock and
the lock-info keys.

A regression test is added to TestConsul_destroyLock() to catch the issue if it
happends again.

Closes https://github.com/hashicorp/terraform/issues/22174
2020-08-13 15:20:24 +02:00
kt 23b4c2db42
azurerm backend: support loading metadata from a given host 2020-08-12 15:04:40 -07:00