Commit Graph

27764 Commits

Author SHA1 Message Date
James Bardin 1309b36b83 plan context test for mysterious changes
This plan would occasionally show changes when there weren't any due to
the sensitive marks being compared incorrectly.
2020-12-17 12:55:58 -05:00
James Bardin 79a31f627b compare unordered sets of PathMarkValues
When comparing marks for values during plan and apply, we need to ensure
the order of the marked paths is consistent.
2020-12-17 12:55:58 -05:00
Pam Selle 428d404d92
Allow for_each arguments containing sensitive values if they aren't keys (#27247)
* Add test for existing behavior, when a value contains a marked value

* Allow some marked values as for_each arguments

Rather than disallow values that have any marks
as for_each arguments, this makes the check more
nuanced to disallow cases where the whole value
is marked (a whole map, or any set). This allows
cases where a user may pass a map that has marked
values, but the keys are not sensitive
2020-12-17 11:27:12 -05:00
Pam Selle 1970c14a53
[docs] Add limitations section to for_each (#27299)
* Add limitations section to for_each

Move limitations from a note to their own section,
to allow for expansion on disallowing sensitive values
in for_each
2020-12-17 11:03:14 -05:00
James Bardin de114c4b7e
Merge pull request #27303 from hashicorp/jbardin/data-source-no-provider
modify ProvidedBy to indicate no provider needed for orphaned data sources
2020-12-17 09:06:52 -05:00
James Bardin c85adf191a modify ProvidedBy to indicate no provider needed
Because of the composition pattern used within core, we can't easily
remove a behavior from an embedded type. Rather than trying to
re-implement all necessary methods on the
NodePlannableResourceInstnaceOrphan to exclude orphaned data resources
from GraphNodeProviderConsumer, we can modify ProvidedBy to indicate
when there is no provider required.
2020-12-17 09:01:20 -05:00
Martin Atkins 21d6fb5a37 depsfile: Don't panic when lock file is unreadable
Previously we were expecting that the *hcl.File would always be non-nil,
even in error cases. That isn't always true, so now we'll be more robust
about it and explicitly return an empty locks object in that case, along
with the error diagnostics.

In particular this avoids a panic in a strange situation where the user
created a directory where the lock file would normally go. There's no
meaning to such a directory, so it would always be a mistake and so now
we'll return an error message about it, rather than panicking as before.

The error message for the situation where the lock file is a directory is
currently not very specific, but since it's HCL responsible for generating
that message we can't really fix that at this layer. Perhaps in future
we can change HCL to have a specialized error message for that particular
error situation, but for the sake of this commit the goal is only to
stop the panic and return a normal error message.
2020-12-15 17:00:35 -08:00
Robert c412935d63
correct terraform-bundle default plugins dir docs (#26965)
* correct terraform-bundle default plugins dir docs

* remove dangling character in local plugin dir log output
2020-12-15 13:52:31 -05:00
Pam Selle 6bfc4a8809
Merge pull request #27280 from hashicorp/pselle/docs-sensitive-var
(docs) Document sensitivity + function call behavior
2020-12-15 11:46:30 -05:00
Pam Selle ad1420cdf4
Merge pull request #27281 from hashicorp/pselle/double-mark
Guard against double marking in other locations in evaluate
2020-12-15 08:10:49 -05:00
Ben Drucker a39273cfa3 Merge remote-tracking branch 'origin/master' into validate-ignore-empty-provider 2020-12-14 14:39:48 -08:00
Pam Selle fa74710aef Guard against double marking in other locations in evaluate 2020-12-14 15:58:06 -05:00
Pam Selle d7f3239c51 Document sensitivity + function call behavior 2020-12-14 15:38:47 -05:00
Repon Kumar Roy 7d093cbede website: add example of multiple var cli
This PR updates the documentation of input variable of terraform. It's
mentioned that multiple `-var` is possible, but no example is given.
This PR adds an example of multiple `-var` option
2020-12-15 02:09:30 +08:00
Kristin Laemmert 9ac8e3c55e
Update CHANGELOG.md 2020-12-14 11:08:57 -05:00
Kristin Laemmert 8bab3dd374
command/state list: list resources in nested and expanded modules (#27268)
* command/state list: list resources in nested and expaneded modules

A few distinct bugs fixed in here:

There was a bug in the logic checking if a given module was the child of
the targetAddr, now fixed. That resolved the basic issue where resources
in nested submodules were not listed.

The logic around allowMissing needed some tweaking to allow for empty
modules, as long as those modules had submodules with resources. state
list is the only command using allowMissing with false so this felt safe
to do.

Finally I extended the logic so list would included expanded modules,
which is to say giving module.foo would result in resources from
module.foo[1], module.foo[0], etc.

* update state list docs to show that module filtering includes any nested
modules
2020-12-14 11:07:15 -05:00
James Bardin 6d0db836a9
Merge pull request #27267 from hashicorp/jbardin/data-reference-doc
add implied data depends_on caveat
2020-12-11 15:21:39 -05:00
James Bardin cd4cb3f8d2 add implied data depends_on caveat 2020-12-11 13:42:09 -05:00
Alisdair McDiarmid e7db580e67
Merge pull request #27265 from hashicorp/alisdair/validate-json-tests
command: Add tests for terraform validate -json
2020-12-11 13:36:36 -05:00
Kristin Laemmert cc4b7a10af
Update CHANGELOG.md 2020-12-11 13:23:29 -05:00
Kristin Laemmert 8a4891383c
console: normalize module path before building context (#27263)
Expressions such as "path.root" were returning the cwd (or modulePath),
instead of the usual _relative_ path. This commit normalizes the path
before building the context.
2020-12-11 13:22:06 -05:00
Kristin Laemmert e938b02337
terraform: improve provider config related error messages (#27261)
* terraform: improve provider config related error messages with nil
config

If there is no provider configuration present in the config at all,
errors related to missing required arguments lack source information or
even a reference to the provider in question. This PR adds more specific
error messages in three of these situations:
- ValidateProvider
- ConfigureProvider: provider.PrepareProviderConfig
- ConfigureProvider: ctx.ConfigureProvider

To test the last case I added a ConfigureProviderFn to the MockContext.

* remove newlines and let the diagnost renderer handle fit
2020-12-11 13:18:49 -05:00
Alisdair McDiarmid f1b95788b9 command: Add tests for terraform validate -json
Also uncomment and fix some tests which had been skipped for a couple of
years. Those validate cases work now!

Note that these test cases and the JSON output are not especially
minimized, making them snapshot/golden tests. The output looks correct
at time of writing, and we don't expect to change validate significantly
any time soon, but if we do there will be some churn here.
2020-12-11 13:09:25 -05:00
Martin Atkins bab4979128 command/init: Remove the warnings about the "legacy" cache directory
We included these warnings in v0.14 after noticing that we'd accidentally
published some incorrect documentation about the purpose of the plugin
cache directory under .terraform/plugins. We switched to using
.terraform/providers instead so that we could treat any missing providers
that appear in the legacy directory as likely to be a result of following
that documentation, and thus produce this extra warning.

However, the further we get from v0.13 the more likely it is for this
warning to be a confusing false positive rather than something helpful,
and this is a non-trivial codepath requiring us to retain a concept that
we otherwise don't need (the "legacy cache dir"), so here we'll remove
those warnings and support code for v0.15 onwards.

These warnings were always accompanied by an error message saying that a
provider could not be found, and that error message remains after this
change. This just removes the "by the way..."-style warning we had been
emitting alongside the errors.
2020-12-11 08:00:15 -08:00
Alisdair McDiarmid 9b0af78f24
Merge pull request #27249 from hashicorp/alisdair/sum-func-robustness
lang: Improved robustness of sum function
2020-12-11 09:29:14 -05:00
Alisdair McDiarmid f27dae2ab7 lang: Improved robustness of sum function
Fixes error when calling sum with values not known until apply time.
Also allows sum to cope with numbers too large to represent in float64,
along with correctly handling errors when trying to sum opposing
infinities.
2020-12-10 17:13:56 -05:00
Pam Selle 6e1017f247
Merge pull request #27238 from hashicorp/pselle/count-sensitive
Unmark values in count before go conversion
2020-12-10 13:36:59 -05:00
Martin Atkins 4b3e237668 command/init: Hint about providers in other namespaces
If a user forgets to specify the source address for a provider, Terraform
will assume they meant a provider in the registry.terraform.io/hashicorp/
namespace. If that ultimately doesn't exist, we'll now try to see if
there's some other provider source address recorded in the registry's
legacy provider lookup table, and suggest it if so.

The error message here is a terse one addressed primarily to folks who are
already somewhat familiar with provider source addresses and how to
specify them. Terraform v0.13 had a more elaborate version of this error
message which directed the user to try the v0.13 automatic upgrade tool,
but we no longer have that available in v0.14 and later so the user must
make the fix themselves.
2020-12-10 10:11:27 -08:00
Alisdair McDiarmid 67f4134628
Merge pull request #27237 from hashicorp/alisdair/alltrue-anytrue-unknown
lang/funcs: Fix alltrue/anytrue with unknowns
2020-12-10 12:44:48 -05:00
Daniel Dreier c8216a8cb8
Update BUGPROCESS.md
Exclude backend/k8s from query filters because core team does not support it
2020-12-10 12:15:39 -05:00
Pam Selle 0d586fd056 Unmark values in count before go conversion
When evaluating count values, we need to unmark
the cty value before passing the value for conversion
into a go int value.
2020-12-10 11:38:10 -05:00
Alisdair McDiarmid df626e898c lang/funcs: Fix alltrue/anytrue with unknowns
The alltrue/anytrue functions did not correctly handle unknown values.
This commit changes these functions so that the result is unknown if:

- The list argument is unknown
- For alltrue: any elements are unknown
- For anytrue: any elements are unknown and no known elements are true

The last change is a little subtle, so there are test cases to cover it
specifically. Examples:

- anytrue(unknown) -> unknown
- anytrue(false, unknown) -> unknown
- anytrue(false, unknown, true) -> true
2020-12-10 11:36:14 -05:00
Alisdair McDiarmid 94151ed5c7
Merge pull request #27234 from hashicorp/alisdair/pkg-browser-override
command: Revert local patch for pkg/browser
2020-12-10 10:27:15 -05:00
James Bardin 5bb5f96176
Merge pull request #27233 from hashicorp/jbardin/apply-refresh-false
set SkipRefresh for plan and apply
2020-12-10 10:17:30 -05:00
Kristin Laemmert ff27841b50
terraform: final eval-related cleanup (#27232)
This is a purely mechanical refactor PR: I de-exported a few more
functions which did not need to be exported in the first place, and
fixed a few outdated log outputs.
2020-12-10 09:55:50 -05:00
James Bardin 7eac9e1d89 set SkipRefresh for plan and apply
The option is set in the same place for plan and apply.
2020-12-10 09:47:13 -05:00
Alisdair McDiarmid 4b9dada877 command: Revert local patch for pkg/browser
The upstream bug with opening a browser on Windows Subsystem for Linux
has been fixed, so this reverts our local patch for this. The approach
upstream adds fallback support for x-www-browser and www-browser if
xdg-open fails, and this fixes the problem on WSL.

This reverts commit 12e090ce48.
2020-12-10 09:27:02 -05:00
Kristin Laemmert c7bf43154f
Mildwonkey/eval apply (#27222)
* rename files for consistency with contents

* terraform: refactor EvalValidateSelfref

The EvalValidateSelfref eval node implementation was removed in favor of a regular function.

* terraform: refactor EvalValidateProvisioner

EvalValidateProvisioner is now a method on NodeValidatableResource.

* terraform: refactor EvalValidateResource

EvalValidateResource is now a method on NodeValidatableResource, and the
functions called by (the new) validateResource are now standalone
functions.

This particular refactor gets the prize for "most complicated test
refactoring".

* terraform: refactor EvalMaybeTainted

EvalMaybeTainted was a relatively simple operation which never returned
an error, so I've refactored it into a plain function and moved it into
the only file its called from.

* terraform: eval-related cleanup

De-exported preApplyHook, which got missed in my general cleanup sweeps.

Removed resourceHasUserVisibleApply in favor of moving the logic inline
- it was a single-line check so calling the function was (nearly) as
much code as just checking if the resource was managed.

* terraform: refactor EvalApplyProvisioners

EvalApplyProvisioners.Eval is now a method on
NodeResourceAbstractInstance. There were two "apply"ish functions, so I
named the first "evalApplyProvisioners" since it mainly determined if
provisioners should be run before passing off execution to
applyProvisioners.

* terraform: refactor EvalApply

EvalApply is now a method on NodeAbstractResourceInstance. This was one
of the trickier Eval()s to refactor, and my goal was to change as little
as possible to avoid unintended side effects.

One notable change: there was a createNew boolean that was only used in
NodeApplyableResourceInstance.managedResourceExecute, and that boolean
was populated from the change (which was available from
managedResourceExecute), so I removed it from apply entirely. Out of an
abundance of caution I assigned the value to createNew in (roughtly) the same spot,
in case I was missing some place where the change might get modified.

TODO: Destroy nodes passed nil configs into apply, and I am curious if
we can get the same functionality by checking if the planned change is a
destroy, instead of passing a config into apply. That felt too risky for
this refactor but it is something I would like to explore at a future
point.

There are also a few updates to log output in this PR, since I spent
some time staring at logs and noticed various spots I missed.
2020-12-10 08:05:53 -05:00
Kristin Laemmert d50dc9cf16 terraform: refactor EvalValidateResource
EvalValidateResource is now a method on NodeValidatableResource, and the
functions called by (the new) validateResource are now standalone
functions.

This particular refactor gets the prize for "most complicated test
refactoring".
2020-12-10 08:05:00 -05:00
Kristin Laemmert fbe3219fbe terraform: refactor EvalValidateProvisioner
EvalValidateProvisioner is now a method on NodeValidatableResource.
2020-12-10 08:05:00 -05:00
Kristin Laemmert a5cb780c87 terraform: refactor EvalValidateSelfref
The EvalValidateSelfref eval node implementation was removed in favor of a regular function.
2020-12-10 08:05:00 -05:00
Kristin Laemmert 468999b9b0 rename files for consistency with contents 2020-12-10 08:05:00 -05:00
Nick Fagerlund 48d35b9332 website: Fix a stray broken link to 0.8 -> 0.9 backend upgrade doc
I missed this earlier because my link checker was collapsing the two links from
this page to that page into a single report.

For posterity's sake, I'm linking directly to the markdown file in GitHub at an
appropriate tag version. I do not expect anyone to ever click this link again,
though.
2020-12-09 13:28:01 -08:00
Martin Atkins 3268a7eaba command/output: Raw output mode
So far the output command has had a default output format intended for
human consumption and a JSON output format intended for machine
consumption.

However, until Terraform v0.14 the default output format for primitive
types happened to be _almost_ a raw string representation of the value,
and so users started using that as a more convenient way to access
primitive-typed output values from shell scripts, avoiding the need to
also use a tool like "jq" to decode the JSON.

Recognizing that primitive-typed output values are common and that
processing them with shell scripts is common, this commit introduces a new
-raw mode which is explicitly intended for that use-case, guaranteeing
that the result will always be the direct result of a string conversion
of the output value, or an error if no such conversion is possible.

Our policy elsewhere in Terraform is that we always use JSON for
machine-readable output. We adopted that policy because our other
machine-readable output has typically been complex data structures rather
than single primitive values. A special mode seems justified for output
values because it is common for root module output values to be just
strings, and so it's pragmatic to offer access to the raw value directly
rather than requiring a round-trip through JSON.
2020-12-09 10:10:02 -08:00
Pam Selle 7acc483110
Merge pull request #27206 from hashicorp/pselle/vendor-provisioner-docs
Fix docs for 0.15 for vendor provisioners
2020-12-09 08:08:33 -05:00
Pam Selle aa044bdd39 Fix docs for 0.15 for vendor provisioners 2020-12-08 16:51:50 -05:00
Alisdair McDiarmid 30126baff4
Merge pull request #27199 from hashicorp/alisdair/remote-backend-version-latest
backend/remote: Fix for "latest" workspace version
2020-12-08 15:40:43 -05:00
Alisdair McDiarmid 94e2fe9a38
Merge pull request #27197 from hashicorp/alisdair/terraform-remote-state-version-fix
Fix terraform_remote_state backend version check
2020-12-08 15:40:28 -05:00
Alisdair McDiarmid 6e0d8cde91 backend/remote: Fix for "latest" workspace version
Terraform Cloud/Enterprise support a pseudo-version of "latest" for the
configured workspace Terraform version. If this is chosen, we abandon
the attempt to verify the versions are compatible, as the meaning of
"latest" cannot be predicted.

This affects both the StateMgr check (used for commands which execute
remotely) and the full version check (for local commands).
2020-12-08 15:34:23 -05:00
Alisdair McDiarmid 107dc0c34f Fix terraform_remote_state backend version check
The change recently introduced to ensure that remote backend users do
not accidentally upgrade their state file needs to be disabled for all
read-only uses, including the builtin terraform_remote_state data
source.
2020-12-08 14:18:04 -05:00