Commit Graph

28490 Commits

Author SHA1 Message Date
Alisdair McDiarmid c798dc98db command: Show diffs when only sensitivity changes
When an attribute's sensitivity changes, but its value remains the same,
we consider this an update operation for the plan. This commit updates
the diff renderer to match this, detecting and displaying the change in
sensitivity.

Previously, the renderer would detect no changes to the value of the
attribute, and consider it a no-op action. This resulted in suppression
of the attribute when the plan is in concise mode.

This is achieved with a new helper function, ctyEqualValueAndMarks. We
call this function whenever we want to check that two values are equal
in order to determine whether the action is update or no-op.
2020-10-13 13:55:16 -04:00
Sean Teeling 7d6ec431d2 test locks in non-default workspace 2020-10-13 08:18:54 -07:00
Pam Selle fcae49611c
Merge pull request #26555 from hashicorp/pselle/sensitive-var-value-compat
Avoid disclosing values in errors on marked vals
2020-10-13 10:51:25 -04:00
Kristin Laemmert 57fd4c34d1 terraform: fix ProviderConfigTransformer
The ProviderConfigTransformer was using only the provider FQN to attach
a provider configuration to the provider, but what it needs to do is
find the local name for the given provider FQN (which may not match the
type name) and use that when searching for matching provider
configuration.

Fixes #26556

This will also be backported to the v0.13 branch.
2020-10-13 10:07:25 -04:00
Kristin Laemmert 2a478ed905 this is still used, let's leave it in place for now 2020-10-13 10:03:24 -04:00
Sean Teeling e1f1b84d67 Refresh state outside of grabbing the lock; only grab the lock on provisioning if the state file doesn't exist; this is similar to the GCS backend 2020-10-12 21:45:25 -07:00
James Bardin 5677978eb0
Merge pull request #26551 from hashicorp/jbardin/render-output-changes
Render output changes based on the plan
2020-10-12 19:05:10 -04:00
James Bardin 241765f0ab don't check outputs for legacy tests
The legacy tests never had to account for outputs in the plan. This path
is not used outside of old builtin test provider, so just work around
the output changes until we remove this completely.
2020-10-12 18:59:14 -04:00
James Bardin 5eca0788c6 rely solely on the plan changes for outputs
Now that outputs changes are tracked in full, we can remove the
comparisons with the prior state and use the planned changes directly.
2020-10-12 18:59:14 -04:00
Martin Atkins e1aff2bab0 website: First draft of v0.14 upgrade guide
The upgrade requirements for this release are considerably more modest
than for Terraform v0.13, so this time we just have some notes about a
few changes in behavior that may be impactful to some users.

This first pass is intended to be included as part of a forthcoming beta
testers' guide as we begin the v0.14 beta testing period. We will make
further changes to this upgrade guide based on feedback from those who
participate in the beta process.

Note that this upgrade guide is not intended as release marketing material
and so its presentation is focused on addressing concerns users might
encounter while upgrading. We'll share highlights from the release in
other contexts, such as the changelog and in the product blog.
2020-10-12 15:29:42 -07:00
James Bardin 03640057be
Merge pull request #26533 from hashicorp/jbardin/plan-output-changes
Use recorded changes for outputs and plan root output removals
2020-10-12 17:35:36 -04:00
James Bardin 28e4281674 handle sensitivity in the OutputChange
The state is not loaded here with any marks, so we cannot rely on marks
alone for equality comparison. Compare both the state and the
configuration sensitivity before creating the OutputChange.
2020-10-12 17:29:45 -04:00
James Bardin d2514a9abd update new outputs plan json 2020-10-12 17:29:45 -04:00
James Bardin d82778f4fc insert before values into the output changes
Lookup before values for output changes.
Use Update action when output has a non-null before value.
2020-10-12 17:29:45 -04:00
James Bardin 0f5bf21983 remove last use of the apply graph Destroy flag!
The apply graph builder no longer uses the destroy flag, which is not
always known since the destroy flag is not stored in the plan file.
2020-10-12 17:29:45 -04:00
James Bardin ff21cc3c8d remove the need for destroyRootOutputTransformer
Since root outputs can now use the planned changes, we can directly
insert the correct applyable or destroyable node into the graph during
plan and apply, and it will remove the outputs if they are being
destroyed.
2020-10-12 17:29:45 -04:00
Rémi Lapeyre 12a0a21c0b Add skip_table_creation and skip_index_creation options to the pg backend
Closes https://github.com/hashicorp/terraform/issues/25708
2020-10-12 22:47:19 +02:00
Pam Selle da4ddd0160 Avoid disclosing values in errors on marked vals
AssertObjectCompatible is a special case that will
expose Go string values of values unless otherwise
stopped. This adds that check.
2020-10-12 15:53:34 -04:00
Martin Atkins af20a769be
Update CHANGELOG.md 2020-10-12 10:21:49 -07:00
Martin Atkins 0bbbb9c64b configs: Experimental support for optional object type attributes
This builds on an experimental feature in the underlying cty library which
allows marking specific attribtues of an object type constraint as
optional, which in turn modifies how the cty conversion package handles
missing attributes in a source value: it will silently substitute a null
value of the appropriate type rather than returning an error.

In order to implement the experiment this commit temporarily forks the
HCL typeexpr extension package into a local internal/typeexpr package,
where I've extended the type constraint syntax to allow annotating object
type attributes as being optional using the HCL function call syntax.
If the experiment is successful -- both at the Terraform layer and in
the underlying cty library -- we'll likely send these modifications to
upstream HCL so that other HCL-based languages can potentially benefit
from this new capability.

Because it's experimental, the optional attribute modifier is allowed only
with an explicit opt-in to the module_variable_optional_attrs experiment.
2020-10-12 10:12:28 -07:00
Pam Selle 18d59d768f
Update CHANGELOG.md 2020-10-12 10:08:55 -04:00
Pam Selle 3cba9b9968
Merge pull request #26543 from caarlos0/err
fix: update go-versions with improved error handling
2020-10-12 10:07:35 -04:00
Carlos Alexandro Becker fe31aa854d fix: update go-versions with improved error handling
closes #26516

Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com>
2020-10-10 08:36:23 -03:00
Alex Pilon 10ed2dcf8f Restore issue migrator 2020-10-09 15:41:15 -04:00
Alex Pilon 8f95d2e6e0 Migration test 2020-10-09 14:03:45 -04:00
James Bardin d8e6d66362 use recorded changes for outputs
We record output changes in the plan, but don't currently use them for
anything other than display. If we have a wholly known output value
stored in the plan, we should prefer that for apply in order to ensure
consistency with the planned values. This also avoids cases where
evaluation during apply cannot happen correctly, like when all resources
are being removed or we are executing a destroy.

We also need to record output Delete changes when the plan is for
destroy operation. Otherwise without a change, the apply step will
attempt to evaluate the outputs, causing errors, or leaving them in the
state with stale values.
2020-10-09 13:13:27 -04:00
Martin Atkins 96f0ac1f43
Update CHANGELOG.md 2020-10-09 09:30:32 -07:00
Martin Atkins e1cf0ac801 internal/depsfile: Control how the "hashes" value is formatted
Previously we were just letting hclwrite do its default formatting
behavior here. The current behavior there isn't ideal anyway -- it puts
big data structures all on one line -- but even ignoring that our goal
for this file format is to keep things in a highly-normalized shape so
that diffs against the file are clear and easy to read.

With that in mind, here we directly control how we write that value into
the file, which means that later changes to hclwrite's list/set
presentation won't affect it, regardless of what form they take.
2020-10-09 09:26:23 -07:00
Martin Atkins 897cb72b36 website: Initial docs for the new dependency lock file behaviors
This includes both the main documentation about the lock file itself and
changes to related documentation about Terraform commands that interact
with the lock file.

We will likely continue to update this first pass of documentation as we
get feedback and questions during the prerelease period.
2020-10-09 09:26:23 -07:00
Martin Atkins e270291f19 command: terraform providers lock
This command is intended to help support situations where Terraform is
configured to use only local mirrors for provider installation and so the
normal "terraform init" flow would not have direct access to the official
package checksums published in the origin registry.

The intended workflow here is to use this command only when adding a new
provider or changing an existing provider's version in the configuration,
to augment the lock file with all of the checksums required to verify
the provider across a variety of different platforms. Once this command
has recorded all of the official checksums, future runs of
"terraform init" will verify that provider packages obtained from a local
mirror match with those upstream checksums.
2020-10-09 09:26:23 -07:00
Martin Atkins 2611e08430 command/init: Mention using the lock file for provider selection
This probably isn't the best UI we could do here, but it's a placeholder
for now just to avoid making it seem like we're ignoring the lock file
and checking for new versions anyway.
2020-10-09 09:26:23 -07:00
Martin Atkins b3f5c7f1e6 command/init: Read, respect, and update provider dependency locks
This changes the approach used by the provider installer to remember
between runs which selections it has previously made, using the lock file
format implemented in internal/depsfile.

This means that version constraints in the configuration are considered
only for providers we've not seen before or when -upgrade mode is active.
2020-10-09 09:26:23 -07:00
Martin Atkins 4a1b081afb depsfile: Locks.Equal and Locks.Empty methods
These are helper functions to give the installation UI some hints about
whether the lock file has changed so that it can in turn give the user
advice about it. The UI-layer callers of these will follow in a later
commit.
2020-10-09 09:26:23 -07:00
Pam Selle eb2a027684
Merge pull request #26518 from hashicorp/pselle/sensitive-experiment
Remove sensitive_variables experiment
2020-10-08 16:14:37 -04:00
James Bardin c4d6b13285
Merge pull request #26520 from hashicorp/jbardin/fix-test-divergence
fix tests that happened during the cleanup
2020-10-08 15:04:40 -04:00
James Bardin f5361286cc fix tests that happened during the cleanup 2020-10-08 14:58:43 -04:00
James Bardin 57a47d0b82
Merge pull request #26519 from hashicorp/jbardin/FIXME
Cleanup and remove legacy types from test mocks
2020-10-08 14:54:40 -04:00
James Bardin 103a6cf2db update mock provider call 2020-10-08 13:52:04 -04:00
James Bardin 027a6c2cf6 update command tests to use new mock provider 2020-10-08 13:49:41 -04:00
Pam Selle c1957fcaf0 Add JSON test case for variable sensitive flag 2020-10-08 13:13:32 -04:00
James Bardin a0caed541d remove legacy ApplyFn from mock provisioner 2020-10-08 13:13:13 -04:00
James Bardin 177797100d remove old mock validateFn 2020-10-08 12:43:46 -04:00
James Bardin ea5ee39f38 remove old mock provider ConfigureFn 2020-10-08 12:26:12 -04:00
James Bardin 0a6853a3f8 replace testDiffFn and testApplyFn
Replace the old mock provider test functions with modern equivalents.
There were a lot of inconsistencies in how they were used, so we needed
to update a lot of tests to match the correct behavior.
2020-10-08 11:47:34 -04:00
Pam Selle bc57c20d10 Remove sensitive_variables experiment
Ahead of the beta, remove the sensitive_variable experiment
and update tests accordingly
2020-10-08 11:22:20 -04:00
Kristin Laemmert 6f4f6fbc72 helper: deprecate pathorcontents
pathorcontents was solely used by the gcs backend. I moved the function
into the backend package so it could still be used by other backends for
good measure.
2020-10-08 08:42:16 -04:00
Kristin Laemmert 04be220f5f deprecate helper/copy
helper/copy CopyDir was used heavily in tests. It differes from
internal/copydir in a few ways, the main one being that it creates the
dst directory while the internal version expected the dst to exist
(there are other differences, which is why I did not just switch tests
to using internal's CopyDir).

I moved the CopyDir func from helper/copy into command_test.go; I could
also have moved it into internal/copy and named it something like
CreateDirAndCopy so if that seems like a better option please let me
know.

helper/copy/CopyFile was used in a couple of spots so I moved it into
internal, at which point I thought it made more sense to rename the
package copy (instead of copydir).

There's also a `go mod tidy` included.
2020-10-08 08:42:16 -04:00
Daniel Dreier f4324a384e
Fix formatting in BUGPROCESS.md 2020-10-07 16:40:00 -04:00
Pam Selle ece9f8c1f4
Merge pull request #26507 from hashicorp/pselle/sensitive-vars-change
Update state when sensitivity changes
2020-10-07 15:39:07 -04:00
Pam Selle a927e88c06 Compare before and after paths completely 2020-10-07 14:58:43 -04:00