Commit Graph

27541 Commits

Author SHA1 Message Date
Alisdair McDiarmid c98f352dc8 terraform: Fix required version constraint diags
If a module has multiple terraform.required_version constraints, any
failures would point at the last constraint in the error diagnostics. If
an earlier constraint was the actual problem, this leads to confusing
errors like this:

    Error: Unsupported Terraform Core version

      on main.tf line 6, in terraform:
       6:   required_version = ">= 0.13.0"

    This configuration does not support Terraform version 0.13.0.

The error was due to storing the declaration range of the constraint as
a pointer to the contents of a loop variable, which was later
overwritten in later iterations of the loop.  Instead we now use HCL's
handy Ptr() method to create a direct pointer to the range struct.
2020-08-18 09:35:32 -04:00
Alisdair McDiarmid d8e9964363 terraform: Eval module call arguments for import
Include the import walk in the list of operations for which we create an
EvalModuleCallArgument node. This causes module call arguments to be
evaluated even if the module variables have defaults, ensuring that
invalid default values (such as the common "{}" for variables thought of
as maps) do not cause failures specific to import.

This fixes a bug where a child module evaluates an input variable in its
locals block, assuming that it is a nested object structure. The bug
report includes a default value of "{}", which is overridden by a root
variable value. Without the eval node added in this commit, the default
value is used and the local evaluation errors.
2020-08-17 17:14:12 -04:00
Alisdair McDiarmid 27affd06ce
Update CHANGELOG.md 2020-08-17 11:23:34 -04:00
Alisdair McDiarmid eb9e32d7b2
Merge pull request #25861 from hashicorp/alisdair/builtin-provider-legacy-string
addrs: Fix LegacyString for builtin providers
2020-08-17 11:22:20 -04:00
Alex Novak 82aa2d4467
Correct annotation in expressions.html
`false` section was missing a finishing "`"
2020-08-14 16:33:54 -04:00
Alisdair McDiarmid e02e53ed4d states: Add roundtrip v3->v4 with builtin provider 2020-08-14 15:40:48 -04:00
Alisdair McDiarmid d53a4ac588 addrs: Fix LegacyString for builtin provider addrs
Builtin provider addrs (i.e. "terraform.io/builtin/terraform") should be
able to convert to legacy string form (i.e. "terraform"). This ensures
that we can safely round-trip through ParseLegacyAbsProviderConfig,
which can return either a legacy or a builtin provider addr.
2020-08-14 14:56:35 -04:00
Kristin Laemmert 95eca06782
statemgr: add a NewUnlockErrorFull state manager for tests (#25823)
* statemgr: add a NewUnlockErrorFull state manager for tests

I've frequently needed to coerce Unlock() errors for tests and it's been
awkward and fraught every time, so I decided to add a full state manger
that returns *mostly* errors. I intend to use this in conjunction with
the clistate.Locker interface, which first calls Lock() (to block if the
mutex is in use) at the start of Unlock(), so Lock() rather awkwardly needed to succeed.
2020-08-14 14:14:51 -04:00
Kristin Laemmert c9f710ac29
terraform: remove DisableReduce from refresh, plan and apply graphs (#25824) 2020-08-14 14:13:33 -04:00
James Bardin 93246bd978 allow plan data state comparison with legacy SDK
In order to determine if we need to re-read a data source during plan,
we need to compare the newly evaluated configuration with the stored
state. To do that we create a ProposedNewVal, which if there are no
changes, should match the existing state exactly.

A problem arises if the remote data source contains any blocks, and they
are not set in the configuration. Terraform always decodes configuration
blocks as empty containers, however the legacy SDK cannot correctly
handle empty blocks and may return a null block which is saved to the
state. In order to correctly make the comparison for planning, we need
to reify those null blocks as empty containers in the cty value.

The createEmptyBlocks helper converts any null NestingList or NestingSet
blocks to empty list or set cty values. We only need to be concerned
with List and Set, because those are the only types that can be defined
with the legacy SDK. In hindsight these could have been normalized in
the legacy SDK shims had this problem been uncovered earlier, but for the
sake of compatibility we will now normalize these in core.
2020-08-14 13:36:52 -04:00
Rémi Lapeyre e680211bc0 Split the state in chunks when they outgrow the limit of Consul KV store
The Consul KV store limits the size of the values in the KV store to 524288
bytes. Once the state reaches this limit Consul will refuse to save it. It is
currently possible to try to bypass this limitation by enable Gzip but the issue
will manifest itself later. This is particularly inconvenient as it is possible
for the state to reach this limit without changing the Terraform configuration
as datasources or computed attributes can suddenly return more data than they
used to. Several users already had issues with this.

To fix the problem once and for all we now split the payload in chunks of 524288
bytes when they are to large and store them separatly in the KV store. A small
JSON payload that references all the chunks so we can retrieve them later and
concatenate them to reconstruct the payload.

While this has the caveat of requiring multiple calls to Consul that cannot be
done as a single transaction as those have the same size limit, we use unique
paths for the chunks and CAS when setting the last payload so possible issues
during calls to Put() should not result in unreadable states.

Closes https://github.com/hashicorp/terraform/issues/19182
2020-08-14 17:38:18 +02:00
Kristin Laemmert b5f4f9a96e
website: add providers mirror command to providers sidebar 2020-08-14 10:17:55 -04:00
Kristin Laemmert 470298006f website: add providers mirror command to providers sidebar 2020-08-14 10:03:31 -04:00
Zachary Whaley af8d5a69d8 Fix error when TF_CLI_ARGS adds -no-color argument
Fixes #25845
2020-08-13 13:41:34 -05:00
Tony Carmichael f5c8ef19ad
Merge pull request #25844 from hashicorp/aicarmic-add-org-gpg-instructions
Update publishing.html.md
2020-08-13 10:03:17 -06:00
Tony Carmichael 76fb0515af
Update publishing.html.md
Clarify steps for sending in GPG keys if publishing with a GH org.
2020-08-13 09:40:52 -06:00
Rémi Lapeyre 032d339915 Sanitize lock path for the Consul backend when it ends with a /
When the path ends with / (e.g. `path = "tfstate/"), the lock
path used will contain two consecutive slashes (e.g. `tfstate//.lock`) which
Consul does not accept.

This change the lock path so it is sanitized to `tfstate/.lock`.

If the user has two different Terraform project, one with `path = "tfstate"` and
the other with `path = "tfstate/"`, the paths for the locks will be the same
which will be confusing as locking one project will lock both. I wish it were
possible to forbid ending slashes altogether but doing so would require all
users currently having an ending slash in the path to manually move their
Terraform state and would be a poor user experience.

Closes https://github.com/hashicorp/terraform/issues/15747
2020-08-13 16:29:43 +02:00
Rémi Lapeyre 11eb88753d Fix `terraform force-unlock <lock_id>` for Consul backend
When locking was enabled with the Consul backend and the lock not properly
released, the `terraform force-unlock <lock_id>` command would do nothing as
its implementation would exit early in that case.

It now destroys the session that created the lock and clean both the lock and
the lock-info keys.

A regression test is added to TestConsul_destroyLock() to catch the issue if it
happends again.

Closes https://github.com/hashicorp/terraform/issues/22174
2020-08-13 15:20:24 +02:00
kt 23b4c2db42
azurerm backend: support loading metadata from a given host 2020-08-12 15:04:40 -07:00
Katy Moe e59553ef02
test outdated version output 2020-08-12 21:22:39 +01:00
Pam Selle ce2bbb151a
Merge pull request #25825 from hashicorp/pselle/build-website
[build] Fix missing VERSION for running make website
2020-08-12 13:34:00 -04:00
Pam Selle 0eac3de22a Fix missing VERSION for running make website 2020-08-12 13:24:03 -04:00
James Bardin ebd7828892 update CHANGELOG.md 2020-08-12 10:54:56 -04:00
Pam Selle f63b261fca
Merge pull request #25791 from hashicorp/aug20_provisioners_nav
website: Move provisioners into language section of nav sidebar
2020-08-12 10:54:13 -04:00
James Bardin 1c09df1a66
Merge pull request #25779 from hashicorp/jbardin/remove-state-attrs
Remove resource state attributes that are no longer in the schema
2020-08-12 10:49:44 -04:00
James Bardin aec0059920
Merge pull request #25760 from hashicorp/jbardin/target-resource
Generalize target addresses before expansion
2020-08-12 10:28:51 -04:00
James Bardin b9e076ec66 re-add ModuleInstance -> Module conversion
When working with a ConfigResource, the generalization of a
ModuleInstance to a Module was inadvertently dropped, and there was to
test coverage for that type of target.

Ensure we can target a specific module instance alone.
2020-08-12 10:22:13 -04:00
James Bardin 0df5a7e6cf Generalize target addresses before expansion
Before expansion happens, we only have expansion resource nodes that
know their ConfigResource address. In order to properly compare these to
targets within a module instance, we need to generalize the target to
also be a ConfigResource.

We can also remove the IgnoreIndices field from the transformer, since
we have addresses that are properly scoped and can compare them in the
correct context.
2020-08-12 10:12:43 -04:00
James Bardin cbbd487130
Merge pull request #25663 from hashicorp/jbardin/plan-empty-resource
Return known empty containers from resource evaluation during plan
2020-08-12 10:10:59 -04:00
James Bardin c8ed0ccbdb
Merge pull request #25662 from hashicorp/jbardin/dynamic-set-block
Unknown set blocks with dynamic may have 0 elements
2020-08-12 10:06:59 -04:00
Kristin Laemmert 7111d8deb1
Merge pull request #25783 from nvogel/master
Fix documentation example for the indent function
2020-08-12 09:34:07 -04:00
Katy Moe 25337b7217
fix outdated message output order 2020-08-11 23:27:29 +01:00
Nick Fagerlund 2ffb71bcee
website: Fix several broken links (#25808) 2020-08-11 15:24:51 -07:00
Alisdair McDiarmid 96d2265ddb command: Add test for invalid selected workspace
If somehow an invalid workspace has been selected, the Meta.Workspace
method should not return an error, to ensure that we don't break any
existing workflows with invalid workspace names.
2020-08-11 12:33:12 -04:00
Alisdair McDiarmid 8252920e9a command: Allow workspace delete with invalid name
We are validating the workspace name for all workspace commands. Due to
a bug with the TF_WORKSPACE environment variable, it has been possible
to accidentally create a workspace with an invalid name.

This commit removes the valid workspace name check for workspace delete
to allow users to clean up any invalid workspaces.
2020-08-11 12:33:12 -04:00
Alisdair McDiarmid b239570abb command: Always validate workspace name
The workspace name can be overridden by setting a TF_WORKSPACE
environment variable. If this is done, we should still validate the
resulting workspace name; otherwise, we could end up with an invalid and
unselectable workspace.

This change updates the Meta.Workspace function to return an error, and
handles that error wherever necessary.
2020-08-11 12:33:12 -04:00
Alisdair McDiarmid 31f858e1bb
Update CHANGELOG.md 2020-08-11 12:21:54 -04:00
Alisdair McDiarmid ef65f552c8
Merge pull request #25647 from hashicorp/alisdair/remove-stubbed-out-apply-diff-code
command: Remove stubbed-out apply diff output code
2020-08-11 12:18:49 -04:00
Alisdair McDiarmid c5377ca50f
Merge pull request #25523 from hashicorp/alisdair/fix-state-mv-panic
command: Fix state mv for only resource in module
2020-08-11 12:18:32 -04:00
Alisdair McDiarmid 17e1c9dd05 command: Fix state mv for only resource in module
When moving a resource block with multiple instances to a new address
within the same module, we need to ensure that the target module is
present as late as possible. Otherwise, deleting the resource from the
original address triggers pruning, and the module is removed just before
we try to add the resource to it, which causes a crash.

Includes regression test which panics without this code change.
2020-08-11 11:54:35 -04:00
Kristin Laemmert 67ee056c0b
Update CHANGELOG.md 2020-08-11 11:52:19 -04:00
Kristin Laemmert 4729f7f76b
lang/funcs: update cidrsubnet and cidrhost for 64-bit systems (#25517)
* upgrade go-cidr to v1.1.0

* lang/funcs: refactor Subnet and Host functions to support 64-bit systems

* add test cases and remove no-longer-needed validation
2020-08-11 11:51:31 -04:00
Kristin Laemmert 989b58071f
Update CHANGELOG.md 2020-08-11 11:50:31 -04:00
Kristin Laemmert 5964e928dc
states/statefile: consistently sort resources across modules (#25498)
If a statefile had resources with the same name in different modules,
the sort order could be inconsistent between state refreshes. This adds
the module to the Less() function used in sorting and a minimal test to
verify consistent ordering.
2020-08-11 11:50:07 -04:00
Kristin Laemmert 3cfe888057
Update CHANGELOG.md 2020-08-11 11:49:26 -04:00
Kristin Laemmert 30142b02e3
Update CHANGELOG.md 2020-08-11 11:48:27 -04:00
Kristin Laemmert df4627fecb
configs: include "providers" when overriding modules (#25496) 2020-08-11 11:46:40 -04:00
Kristin Laemmert 6621501ae3
state: remove deprecated state package (#25490)
Most of the state package has been deprecated by the states package.
This PR replaces all the references to the old state package that
can be done simply - the low-hanging fruit.

* states: move state.Locker to statemgr

The state.Locker interface was a wrapper around a statemgr.Full, so
moving this was relatively straightforward.

* command: remove unnecessary use of state package for writing local terraform state files

* move state.LocalState into terraform package

state.LocalState is responsible for managing terraform.States, so it
made sense (to me) to move it into the terraform package.

* slight change of heart: move state.LocalState into clistate instead of
terraform
2020-08-11 11:43:01 -04:00
Kristin Laemmert adf5cde180
Update CHANGELOG.md 2020-08-11 11:25:49 -04:00
Kristin Laemmert 86e9ba3d65
* backend/local: push responsibility for unlocking state into individual operations
* unlock the state if Context() has an error, exactly as backend/remote does today
* terraform console and terraform import will exit before unlocking state in case of error in Context()
* responsibility for unlocking state in the local backend is pushed down the stack, out of backend.go and into each individual state operation
* add tests confirming that state is not locked after apply and plan

* backend/local: add checks that the state is unlocked after operations

This adds tests to plan, apply and refresh which validate that the state
is unlocked after all operations, regardless of exit status. I've also
added specific tests that force Context() to fail during each operation
to verify that locking behavior specifically.
2020-08-11 11:23:42 -04:00