Commit Graph

6122 Commits

Author SHA1 Message Date
Pam Selle 7924117acc
Add note to upgrade guide about provider sensitivity (#26643)
* Add note to upgrade guide about provider sensitivity

Now that sensitivity follows attributes providers mark
as sensitive, add this note to the upgrade guide.

Co-authored-by: Alisdair McDiarmid <alisdair@users.noreply.github.com>
2020-10-20 13:13:51 -04:00
Alisdair McDiarmid 5e047b0a0b
Merge pull request #26611 from hashicorp/alisdair/sensitive-values-provisioners
Fixes for sensitive values used as input to provisioners
2020-10-19 13:39:18 -04:00
Alisdair McDiarmid 9d2994ab9b website: Sensitive values in provisioner config 2020-10-19 13:19:51 -04:00
Pam Selle 02c48f8071 Comment fixing 2020-10-18 13:00:09 -04:00
Martin Atkins 30204ecded command/cliconfig: Allow development overrides for providers
For normal provider installation we want to associate each provider with
a selected version number and find a suitable package for that version
that conforms to the official hashes for that release.

Those requirements are very onerous for a provider developer currently
testing a not-yet-released build, though. To allow for that case this new
CLI configuration feature allows overriding specific providers to refer
to give local filesystem directories.

Any provider overridden in this way is not subject to the usual
restrictions about selected versions or checksum conformance, and
activating an override won't cause any changes to the selections recorded
in the lock file because it's intended to be a temporary setting for one
developer only.

This is, in a sense, a spiritual successor of an old capability we had to
override specific plugins in the CLI configuration file. There were
some vestiges of that left in the main package and CLI config package
but nothing has actually been honoring them for several versions now and
so this commit removes them to avoid confusion with the new mechanism.
2020-10-16 14:31:15 -07:00
Tony Carmichael 9ff007d322
Update community-index.html.markdown 2020-10-15 08:57:33 -06:00
Tony Carmichael 49a3d14b3b
Update community-index.html.markdown
Updates to community listings now that registry has been GA for a few months.
2020-10-15 08:55:57 -06:00
James Bardin ffbdd72196
Merge pull request #26487 from hashicorp/jbardin/shell-escape
update taint command example
2020-10-14 17:59:33 -04:00
James Bardin 657dd33008
Merge pull request #26557 from remilapeyre/skip-ddl-commands
Add skip_table_creation and skip_index_creation options to the pg backend
2020-10-14 13:36:26 -04:00
Martin Atkins e70ab09bf1 command: new cache directory .terraform/providers for providers
Terraform v0.10 introduced .terraform/plugins as a cache directory for
automatically-installed plugins, Terraform v0.13 later reorganized the
directory structure inside but retained its purpose as a cache.

The local cache used to also serve as a record of specifically which
packages were selected in a particular working directory, with the intent
that a second run of "terraform init" would always select the same
packages again. That meant that in some sense it behaved a bit like a
local filesystem mirror directory, even though that wasn't its intended
purpose.

Due to some unfortunate miscommunications, somewhere a long the line we
published some documentation that _recommended_ using the cache directory
as if it were a filesystem mirror directory when working with Terraform
Cloud. That was really only working as an accident of implementation
details, and Terraform v0.14 is now going to break that because the source
of record for the currently-selected provider versions is now the
public-facing dependency lock file rather than the contents of an existing
local cache directory on disk.

After some consideration of how to move forward here, this commit
implements a compromise that tries to avoid silently doing anything
surprising while still giving useful guidance to folks who were previously
using the unsupported strategy. Specifically:

- The local cache directory will now be .terraform/providers rather than
  .terraform/plugins, because .terraform/plugins is effectively "poisoned"
  by the incorrect usage that we can't reliably distinguish from prior
  version correct usage.

- The .terraform/plugins directory is now the "legacy cache directory". It
  is intentionally _not_ now a filesystem mirror directory, because that
  would risk incorrectly interpreting providers automatically installed
  by Terraform v0.13 as if they were a local mirror, and thus upgrades
  and checksum fetches from the origin registry would be blocked.

- Because of the previous two points, someone who _was_ trying to use the
  legacy cache directory as a filesystem mirror would see installation
  fail for any providers they manually added to the legacy directory.

  To avoid leaving that user stumped as to what went wrong, there's a
  heuristic for the case where a non-official provider fails installation
  and yet we can see it in the legacy cache directory. If that heuristic
  matches then we'll produce a warning message hinting to move the
  provider under the terraform.d/plugins directory, which is a _correct_
  location for "bundled" provider plugins that belong only to a single
  configuration (as opposed to being installed globally on a system).

This does unfortunately mean that anyone who was following the
incorrectly-documented pattern will now encounter an error (and the
aforementioned warning hint) after upgrading to Terraform v0.14. This
seems like the safest compromise because Terraform can't automatically
infer the intent of files it finds in .terraform/plugins in order to
decide automatically how best to handle them.

The internals of the .terraform directory are always considered
implementation detail for a particular Terraform version and so switching
to a new directory for the _actual_ cache directory fits within our usual
set of guarantees, though it's definitely non-ideal in isolation but okay
when taken in the broader context of this problem, where the alternative
would be silent misbehavior when upgrading.
2020-10-14 07:53:41 -07:00
Pam Selle 8f72f4f317
Merge pull request #21936 from tiny-dancer/patch-1
Terraform Plan CLI Vars Format
2020-10-13 16:18:39 -04:00
Pam Selle 305c6fc029
Merge branch 'master' into patch-2 2020-10-13 16:07:28 -04:00
Martin Atkins e1aff2bab0 website: First draft of v0.14 upgrade guide
The upgrade requirements for this release are considerably more modest
than for Terraform v0.13, so this time we just have some notes about a
few changes in behavior that may be impactful to some users.

This first pass is intended to be included as part of a forthcoming beta
testers' guide as we begin the v0.14 beta testing period. We will make
further changes to this upgrade guide based on feedback from those who
participate in the beta process.

Note that this upgrade guide is not intended as release marketing material
and so its presentation is focused on addressing concerns users might
encounter while upgrading. We'll share highlights from the release in
other contexts, such as the changelog and in the product blog.
2020-10-12 15:29:42 -07:00
Rémi Lapeyre 12a0a21c0b Add skip_table_creation and skip_index_creation options to the pg backend
Closes https://github.com/hashicorp/terraform/issues/25708
2020-10-12 22:47:19 +02:00
Martin Atkins 0bbbb9c64b configs: Experimental support for optional object type attributes
This builds on an experimental feature in the underlying cty library which
allows marking specific attribtues of an object type constraint as
optional, which in turn modifies how the cty conversion package handles
missing attributes in a source value: it will silently substitute a null
value of the appropriate type rather than returning an error.

In order to implement the experiment this commit temporarily forks the
HCL typeexpr extension package into a local internal/typeexpr package,
where I've extended the type constraint syntax to allow annotating object
type attributes as being optional using the HCL function call syntax.
If the experiment is successful -- both at the Terraform layer and in
the underlying cty library -- we'll likely send these modifications to
upstream HCL so that other HCL-based languages can potentially benefit
from this new capability.

Because it's experimental, the optional attribute modifier is allowed only
with an explicit opt-in to the module_variable_optional_attrs experiment.
2020-10-12 10:12:28 -07:00
Martin Atkins 897cb72b36 website: Initial docs for the new dependency lock file behaviors
This includes both the main documentation about the lock file itself and
changes to related documentation about Terraform commands that interact
with the lock file.

We will likely continue to update this first pass of documentation as we
get feedback and questions during the prerelease period.
2020-10-09 09:26:23 -07:00
Pam Selle 9a9e61ef06 Update docs for output sensitivity change 2020-10-06 14:26:16 -04:00
Pam Selle cc007a27b7
Merge pull request #26482 from hashicorp/pselle/sensitive-var-nested-docs
Add sensitive variable docs for nested blocks
2020-10-06 10:16:26 -04:00
James Bardin c1efe351b2 update taint command example
Fix the example to match the usual shell style, and add a note about
different shells requiring different escaping formats.
2020-10-05 20:38:47 -04:00
Pam Selle 4d01fc88fc Add sensitive variable docs for nested blocks
Add note to docs about nested block behavior for sensitive variables
2020-10-05 17:23:49 -04:00
Pam Selle 01ff7e0205
Merge pull request #26480 from nisunisu/fix_typo
Fixed a typo
2020-10-05 14:47:53 -04:00
JT Smith 6ac8bfb86d
[Documentation] Typo fixes
Just re-read the docs the ignore_changes update and saw a few typos
2020-10-05 10:10:38 -06:00
James Bardin ee564a5ceb
Merge pull request #26421 from hashicorp/jbardin/ignore-changes-map
allow ignore_changes to reference any map key
2020-10-05 12:06:05 -04:00
nisunisu 911d09d877 Fixed a typo 2020-10-04 22:11:45 +09:00
Nick Fagerlund 26f786959b
website: Update all Learn crosslinks (#26442)
* website: Update all Learn crosslinks

The URL structure on Learn recently changed, so it's time to update some URLs.

Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
2020-10-02 11:02:59 -07:00
Jerry Chong 90cbc5a123
Modified terraform force-unlock command
-Added code block for terraform force-unlock LOCK_ID
2020-10-02 09:42:55 +08:00
Pam Selle a7e43dfd46
Merge pull request #26431 from hashicorp/pselle/sensitive-vals-docs
docs: Docs for sensitive variables
2020-10-01 13:50:11 -04:00
Pam Selle 3ddbb4b009 Update provider caveat grammar 2020-10-01 13:19:14 -04:00
Pam Selle 93d38ff2d2 Update intro to code blocks 2020-10-01 13:16:15 -04:00
Pam Selle be50089c7f Rephrase sensitive index description 2020-10-01 13:12:25 -04:00
Pam Selle 09551de078 Rewrite intro to section, rename section, move state info
Move the information about state from the "caveats" to the main
info section, using similar information to sensitive outputs.
Updates the header of the section from similar inspiration.
2020-10-01 13:09:52 -04:00
Pam Selle 5cf61448e7
Update website/docs/configuration/variables.html.md
Co-authored-by: Kristin Laemmert <mildwonkey@users.noreply.github.com>
2020-10-01 12:58:43 -04:00
James Bardin 82793f8158 update ignore_changes doc
We can remove the caveat about changing map elements.

Add a little more text about the intended use case for ignore_changes,
as the common case of fixing erroneous provider behavior should not be
the primary motivation for the maintenance of this feature.
2020-10-01 09:36:36 -04:00
Pam Selle 2a35240a17
Merge pull request #26314 from hashicorp/remove-template-provider-link
docs: remove link to deprecated provider
2020-09-30 17:57:02 -04:00
Pam Selle e369fe0559 Docs for sensitive variables 2020-09-30 11:57:03 -04:00
Pam Selle b57248533d Re-organize variable page for sensitive argument addition 2020-09-30 11:57:03 -04:00
Thanonchai 85e83608fc
website: fix broken link to local backend in apply.html (#26307)
The link to local backend doesn't exist.  Update to what I believe is the correct one.
2020-09-28 16:09:34 -07:00
Alejandro Rosero Vicuña 6d66b8b616
website: Make template file extension more consistent (#25029)
Co-authored-by: Judith Malnick <judith.patudith@gmail.com>
2020-09-28 16:08:24 -07:00
Robin Norwood 7ccea30b28
website: Terraform import and remote backends (#26241)
* Put link to tutorial in its own section, call it a tutorial instead of guide, and use new canonical URL.

* Mention limitations of using import with a remote backed

* Typo fix

Co-authored-by: Nick Fagerlund <nick.fagerlund@gmail.com>
2020-09-28 16:03:15 -07:00
Pam Selle 9c16724221
Merge pull request #26337 from hashicorp/pselle/docs-vendor-provisioners
docs: Vendor provisioner deprecation version
2020-09-22 14:54:21 -04:00
Pam Selle 3ba38f9b1f (docs) Vendor provisioner deprecation version 2020-09-22 14:06:39 -04:00
Justin Campbell 1554e04108
website: Add Registry email to publishing doc (#26327) 2020-09-22 10:26:29 -04:00
Paul Tyng 59e77685cb
Merge pull request #26326 from hashicorp/paultyng-patch-1
Minor instructions update for GPG key creation
2020-09-22 09:37:34 -04:00
Justin Campbell 45666f8216
website: Update Registry key management docs (#26299) 2020-09-22 09:37:26 -04:00
Paul Tyng 192c4337c3
Update publishing.html.md 2020-09-22 09:35:30 -04:00
Arthur Burkart 6ed47c7241
lang/funcs: Add "alltrue" function (#25656)
This commit adds an `alltrue` function to Terraform configuration. A
reason we might want this function is because it will enable more
powerful custom variable validations. For example:

```hcl
variable "amis" {
  type = list(object({
    id = string
  }))

  validation {
    condition = (alltrue([
      for a in var.amis : length(a.id) > 4 && substr(a.id, 0, 4) == "ami-"
    ]))
    error_message = "The ID of at least one AMI was invalid."
  }
}
```
2020-09-22 09:06:42 -04:00
kmoe f12bb4698e
remove link to deprecated provider 2020-09-21 17:04:46 +01:00
Alisdair McDiarmid 3c6239f4c5
Merge pull request #26244 from hashicorp/alisdair/credentials-helper-no-credentials
website: Credentials helper response for no creds
2020-09-16 11:36:43 -04:00
Pam Selle 81a6cde3cf
Merge pull request #26203 from hashicorp/pselle/deprecate-vendor-provisioners
Deprecate vendor (3rd party) provisioners
2020-09-15 13:52:10 -04:00
Alisdair McDiarmid aa8c73cd18 website: Credentials helper response for no creds
For a credentials helper plugin to be useful with Terraform 0.13+, we
need to cope with the case of having no credentials for a host without
this being an error. This is to allow the public Terraform Registry to
be accessed without supplying a token.

The way to implement this is to respond to queries for credentials for a
host which has no credentials stored with an empty object and a success
exit code. This contradicts the previous documentation, which calls for
an error response in this case.
2020-09-15 09:00:44 -04:00