Commit Graph

21572 Commits

Author SHA1 Message Date
Nic Cope 011841124b Support 'customer supplied encryption keys' in the GCS backend
https://cloud.google.com/storage/docs/encryption#customer-supplied

GCS state created using customer supplied encryption keys can only be read or
modified using the same key.
2017-12-17 19:27:52 -08:00
rv-jmaggio 7f8d686074 refactor and add a test 2017-12-15 21:04:15 -05:00
Kevin Fishner b13945f53c
Merge pull request #16931 from nfagerlund/dec2017_private_git_modules
docs: Clarify the use of private github repos with TFE
2017-12-15 16:04:46 -08:00
rv-jmaggio 0889c118a8 Fixing issues with workspace_key_prefix 2017-12-15 17:50:36 -05:00
James Bardin ea4cb6a20e check state version during init
The init command needs to parse the state to resolve providers, but
changes to the state format can cause that to fail with difficult to
understand errors. Check the terraform version during init and provide
the same error that would be returned by plan or apply.
2017-12-15 11:17:59 -05:00
Nick Fagerlund 40fefbd5e8 docs: Clarify the use of private github repos with TFE
The machine user/password approach is wrong for TFE; use SSH keys instead.
2017-12-14 17:35:50 -08:00
James Bardin ccb90d5b6b add gcs to the backends that support workspaces
Also add the term "workspaces" to the `prefix` documentation.
2017-12-14 10:25:03 -05:00
James Bardin 03ddb9134a
Merge pull request #16903 from rwcee/build-service-auth-token
Adds "build_auth_token" option to Habitat Provisioner
2017-12-14 09:18:50 -05:00
James Bardin f00dc45e8f
Merge pull request #16780 from nevans-sofi/processIgnoreChangesPatch
Ignore redundant IgnoreChanges attributes
2017-12-13 16:07:35 -05:00
Rob Campbell 29f70bc112 Adds build_auth_token to Habitat Provisioner
First successful run with private origin and HAB_AUTH_TOKEN set

Update struct, schema, and decodeConfig names to more sensible versions

Cleaned up formatting

Update habitat provisioner docs

Remove unused unitstring
2017-12-12 19:46:42 -05:00
Martin Atkins 681b2e7587
Update CHANGELOG.md 2017-12-12 15:30:02 -08:00
Gauthier Wallet 474c592569 backend/s3: allow named credentials profiles to be used
Here we upgrade the AWS Go SDK to 1.12.27 and AWS provider to include terraform-providers/terraform-provider-aws#1608. 

This includes the capability to use named credentials profiles from the `~/.aws/credentials` file to authenticate to the backend.
2017-12-12 15:27:05 -08:00
Maciej Skierkowski 0186db7962
Merge pull request #16901 from skierkowski/tfe-ga-updates
Updating links to TFE docs
2017-12-12 09:46:30 -08:00
Florian Forster 6680b1f16b core: check for negative indices in ResourceConfig.get
The bounds checking in ResourceConfig.get() was insufficient: it detected when the index was greater than or equal to cv.Len() but not when the index was less than zero. If the user provided an (invalid) configuration that referenced "foo.-1.bar", the provider would panic.

Now it behaves the same way as if the index were too high.
2017-12-12 09:18:38 -08:00
Maciej Skierkowski c1469aa39e Rename links for TFE classic and beta 2017-12-11 19:05:11 -08:00
Maciej Skierkowski 4a3c65984a Update not on TFE Module Registry availability 2017-12-11 19:04:54 -08:00
Maciej Skierkowski 8c2ed71163 Updates guides menu to use new TFE paths 2017-12-11 19:04:34 -08:00
Martin Atkins f1079257ac command: show a special error message when importing in an empty dir
If users run "terraform import" in a directory with no Terraform
configuration files, it's likely that they've made a mistake either by
being in the wrong directory or forgetting to use the -config option
on the command line.

To help users find their mistake in this case, we'll now produce a
specialized error message for this situation:

    Error: No Terraform configuration files

    The directory /home/user/example does not contain any Terraform
    configuration files (.tf or .tf.json). To specify a different
    configuration directory, use the -config="..." command line option.

While here, this also converts some of the other existing messages to
diagnostics so that we can show any configuration warnings along with
the error message, and move towards the new standard error presentation.
2017-12-11 16:08:33 -08:00
James Bardin a7677e761a
Merge pull request #16892 from xtruder/master
vendor: github.com/hashicorp/go-version
2017-12-11 18:35:09 -05:00
Chris Marchesi 85119304b3
Merge pull request #16895 from hashicorp/b-resource-test-expecterror
helper/resource: Fail tests with no error that have ExpectError set
2017-12-11 14:18:55 -08:00
Chris Marchesi 3f8dad30c9
helper/resource: Fail tests with no error that have ExpectError set
Looks like while we were checking errors correctly when ExpectError was
set, we weren't checking for the *absence* of an error, which is should
be checked as well (no error is still not the error we are looking for).

Added a few more tests for ExpectError as well.
2017-12-11 14:05:40 -08:00
Rob Campbell 5daeee5f6d Update various files for new version of "stringer"
The latest version of stringer now uses strconv instead of fmt.
2017-12-11 13:26:29 -08:00
Jaka Hudoklin fd687a5b9e vendor: github.com/hashicorp/go-version 2017-12-11 17:48:52 +01:00
Martin Atkins c729bdff43 website: guide for using the S3 backend with multiple AWS accounts
Users commonly ask how the S3 backend can be used in an organization that
splits its infrastructure across many AWS accounts.

We've traditionally shied away from making specific recommendations here
because we can't possibly anticipate the different standards and
regulations that constrain each user. This new section attempts to
describe one possible approach that works well with Terraform's workflow,
with the goal that users make adjustments to it taking into account their
unique needs.

Since we are intentionally not being prescriptive here -- instead
considering this just one of many approaches -- it deviates from our usual
active writing style in several places to avoid giving the impression that
these are instructions to be followed exactly, which in some cases
requires the use of passive voice even though that is contrary to our
documentation style guide. For similar reasons, this section is also
light on specific code examples, since we do not wish to encourage users
to just copy-paste the examples without thinking through the consequences.
2017-12-08 16:53:43 -08:00
Clint bed1ea1542
Merge pull request #16885 from hashicorp/add-opentelekomcloud
add opentelekomcloud link to docs
2017-12-08 16:52:20 -06:00
clint shryock ccbd3db2b7 add opentelekomcloud link to docs 2017-12-08 16:45:33 -06:00
Techcadia e681907c50 [Add] Pathing and Override Output to DEBUG Command 2017-12-08 13:12:23 -08:00
Martin Atkins 252e814584
Update CHANGELOG.md 2017-12-07 16:32:56 -08:00
Martin Atkins 46e5f497e2
Update CHANGELOG.md 2017-12-07 16:31:29 -08:00
Nolan Davidson a50a383946 Additional work on the habitat provisioner.
Signed-off-by: Nolan Davidson <ndavidson@chef.io>
2017-12-07 16:29:30 -08:00
Nolan Davidson 653db95df7 Initial implementation of a habitat provisioner
First pass at loading the config data using the TF schema.

Signed-off-by: Nolan Davidson <ndavidson@chef.io>
2017-12-07 16:29:30 -08:00
Martin Atkins c8217d3bf1
Update CHANGELOG.md 2017-12-07 14:35:34 -08:00
Martin Atkins 87e1fb4d66 config: a nicer error message for invalid provider constraints
Previously our error message here was confusing and redundant:

    Error starting operation: provider.null: invalid version constraint "not valid": Malformed constraint: not valid

Instead, we'll generate a full HCL2 diagnostic here, which results in
something (subjectively) nicer:

    Error: Invalid provider version constraint

    The value "@ 1.0.0" given for provider.null is not a valid version
    constraint.

At the moment this message is an outlier in that the other validation
errors are all still just plain Go errors, but over time we'll want to
adjust all of these to be full diagnostics so that we can embed source
range information in them to help the user find the offending
configuration.
2017-12-07 14:28:43 -08:00
Martin Atkins 9a5c865040 command: validate config as part of loading it
Previously we required callers to separately call .Validate on the root
module to determine if there were any value errors, but we did that
inconsistently and would thus see crashes in some cases where later code
would try to use invalid configuration as if it were valid.

Now we run .Validate automatically after config loading, returning the
resulting diagnostics. Since we return a diagnostics here, it's possible
to return both warnings and errors.

We return the loaded module even if it's invalid, so callers are free to
ignore returned errors and try to work with the config anyway, though they
will need to be defensive against invalid configuration themselves in
that case.

As a result of this, all of the commands that load configuration now need
to use diagnostic printing to signal errors. For the moment this just
allows us to return potentially-multiple config errors/warnings in full
fidelity, but also sets us up for later when more subsystems are able
to produce rich diagnostics so we can show them all together.

Finally, this commit also removes some stale, commented-out code for the
"legacy" (pre-0.8) graph implementation, which has not been available
for some time.
2017-12-07 14:28:43 -08:00
Martin Atkins a214ddcbd6
Update CHANGELOG.md 2017-12-07 10:21:13 -08:00
James Bardin 8a5a8c30ae update CHANGELOG.md 2017-12-07 09:46:40 -05:00
James Bardin 62eb5ba726
Merge pull request #16866 from hashicorp/jbardin/count-splat-warning
accessing count directly in an output should is OK
2017-12-07 09:40:47 -05:00
James Bardin bbc20cfec9
Merge pull request #16865 from hashicorp/jbardin/gcs
gcs provider fixes
2017-12-07 09:39:55 -05:00
James Bardin e0b2c64645 accessing count directly in an output should is OK
There should be no warning when accessing a resource's count value
directly in an output.
2017-12-06 18:59:53 -05:00
James Bardin 52eced589f accept a path or contents for credentials
Match the operation of the google provider, by accepting either a file
path or contents for both `credentials` and `GOOGLE_CREDENTIALS`
2017-12-06 18:33:59 -05:00
James Bardin 2932203492 verify that a state can be read even when locked
This should only happen when a state is loaded via the backend, as well
as a remote state.
2017-12-06 18:33:59 -05:00
James Bardin 9dea2f78d4 create unique buckets for each test, and clean up
This creates a unique bucket name for each test, so that the tests in
parallel don't collide, and buckets left over from interrupted tests
don't cause future failures.

Also make sure that buckets are removed, regardless of content.
2017-12-06 18:33:59 -05:00
James Bardin aec45e6967 backends should never create unmanaged resources
The backend was creating bucket named in the configuration if it didn't
exist. We don't allow other backends to do this, because these are not
managed resources that terraform can control.
2017-12-06 18:32:41 -05:00
Martin Atkins f461c1750c
Update CHANGELOG.md 2017-12-06 09:38:30 -08:00
Kaveh Mousavi Zamani 7507e3cd21 backend/gcs: fix locking issue when used with terraform_remote_state
Previously there was a problem with double-locking when using the GCS backend with the terraform_remote_state data source.

Here we adjust the locking methodology to avoid that problem.
2017-12-06 09:36:16 -08:00
James Bardin 12b7dac124
Merge pull request #16833 from hashicorp/jbardin/plan-shutdown
Fully enable shutdown for plan and refresh in the local backend
2017-12-05 16:48:34 -05:00
James Bardin 120709d0d3
Merge pull request #16773 from hashicorp/jbardin/registry
Registry client refactor
2017-12-05 15:29:45 -05:00
James Bardin 34b4000be9 allow discovery without trailing slash 2017-12-05 15:09:16 -05:00
James Bardin 0e7dab09e6 Use the new registry.Client
The registry code has been moved into the new registry package. Remove
the duplicated code and use the new registry and registry/test packages.
2017-12-05 14:59:21 -05:00
James Bardin 91bd72f22b Create a registry.Client
This moves the registry specific functionality out of the module.Storage
and into its own package.
2017-12-05 14:58:48 -05:00