Commit Graph

26150 Commits

Author SHA1 Message Date
Kristin Laemmert 21b9da5a02
internal/providercache: verify that the provider protocol version is compatible (#24737)
* internal/providercache: verify that the provider protocol version is
compatible

The public registry includes a list of supported provider protocol
versions for each provider version. This change adds verification of
support and adds a specific error message pointing users to the closest
matching version.
2020-04-23 08:21:56 -04:00
Petros Kolyvas 7c278f9d80
Merge pull request #24479 from hashitop/f-update-doco-add-reference-tf_ignore-env_var
Update documentation to add reference to the TF_IGNORE environment variable used for validating .terraformignore excluded files.
2020-04-22 12:24:23 -04:00
Alisdair McDiarmid cd339a5a2b Only notify Slack on job failure 2020-04-22 11:26:44 -04:00
Alisdair McDiarmid 680a87c420 CircleCI Slack status is for jobs, not workflows 2020-04-22 11:21:32 -04:00
Alisdair McDiarmid 9aa0a2c266 Add CircleCI Slack build notifications 2020-04-22 11:11:12 -04:00
Alisdair McDiarmid 54abb87fb4 Fix broken test due to function rename 2020-04-22 10:52:49 -04:00
James Bardin 6c0f7703a6
Merge pull request #24697 from hashicorp/jbardin/get-module-data
Always return all module instances during evaluation
2020-04-22 09:49:45 -04:00
Martin Atkins 5af1e6234a main: Honor explicit provider_installation CLI config when present
If the CLI configuration contains a provider_installation block then we'll
use the source configuration it describes instead of the implied one we'd
build otherwise.
2020-04-21 16:28:59 -07:00
Martin Atkins c5bd783eba internal/getproviders: Stub NetworkMirrorSource
This is a placeholder for later implementation of a mirror source that
talks to a particular remote HTTP server and expects it to implement the
provider mirror protocol.
2020-04-21 16:27:48 -07:00
Martin Atkins 2c535d829d command/cliconfig: Decode provider_installation blocks
This new CLI config block type allows explicitly specifying where
Terraform should look to find provider plugins for installation. This is
not used anywhere as of this commit, but in a future commit we'll change
package main to treat the presence of a block of this type as a request
to disable the default set of provider sources and use these explicitly-
specified ones instead.
2020-04-21 15:48:07 -07:00
Kristin Laemmert a43f141f9e
tools/terraform-bundle: refactor to use new provider installer and provider directory layouts (#24629)
* tools/terraform-bundle: refactor to use new provider installer and
provider directory layouts

terraform-bundle now supports a "source" attribute for providers,
uses the new provider installer, and the archive it creates preserves
the new (required) directory hierarchy for providers, under a "plugins"
directory.

This is a breaking change in many ways: source is required for any
non-HashiCorp provider, locally-installed providers must be given a
source (can be arbitrary, see docs) and placed in the expected directory
hierarchy, and the unzipped archive is no longer flat; there is a new
"plugins" directory created with providers in the new directory layout.

This PR also extends the existing test to check the contents of the zip
file.

TODO: Re-enable e2e tests (currently suppressed with a t.Skip)
This commit includes an update to our travis configuration, so the terraform-bundle e2e tests run. It also turns off the e2e tests, which will fail until we have a terraform 0.13.* release under releases.hashicorp.com. We decided it was better to merge this now instead of waiting when we started seeing issues opened from users who built terraform-bundle from 0.13 and found it didn't work with 0.12 - better that they get an immediate error message from the binary directing them to build from the appropriate release.
2020-04-21 17:09:29 -04:00
Petros Kolyvas 1750994af1
Merge pull request #24533 from raphink/patch-1
Add FreeIPA provider
2020-04-21 17:04:25 -04:00
Kristin Laemmert 8108face36
terraform: return `initialization required` error when provider schemas not found (#24715)
A side effect of the various changes to the provider installer included losing the initialization required error message which would occur if a user removed or modified the .terraform directory.

Previously, plugin factories were created after the configuration was loaded, in terraform.NewContext. Terraform would compare the required providers (from config and state) to the available providers and return the aforementioned error if a provider was missing.

Provider factories are now loaded at the beginning of any terraform command, before terraform even loads the configuration, and therefore before terraform has a list of required providers.

This commit replaces the current error when a providers' schema cannot be found in the provider factories with the init error, and adds a command test (to plan tests, for no real reason other than that's what I thought of first).
2020-04-21 16:29:27 -04:00
Petros Kolyvas eb76f41031
Merge pull request #24723 from hashicorp/cgriggs01-provider-links
[Website] Adding provider docs
2020-04-21 12:59:27 -04:00
Chris Griggs b6d602c162 [Website] Adding provider docs 2020-04-21 09:11:14 -07:00
Petros Kolyvas a31cd8059a
Merge pull request #24702 from bmcustodio/bmcustodio-change-username
Change my username.
2020-04-21 10:13:21 -04:00
Alisdair McDiarmid 7871c40a2c
Update CHANGELOG.md 2020-04-20 12:13:36 -04:00
Alisdair McDiarmid e32e7e2c4b
Merge pull request #24617 from hashicorp/alisdair/provider-installer-signature-verification
internal: Verify provider signatures on install
2020-04-20 12:11:40 -04:00
James Bardin 92837e6296 return unknown module expansions during validate
There is no expansion during validation, so in order for module
references to work we need to ensure that the returned values are
unknown.
2020-04-20 10:20:55 -04:00
Bruno Miguel Custódio 1bb292bcdb
Change my username.
Signed-off-by: Bruno Miguel Custódio <brunomcustodio@gmail.com>
2020-04-18 08:34:22 +01:00
Martin Atkins 92d6a30bb4 main: skip direct provider installation for providers available locally
This more closely replicates the 0.12-and-earlier behavior, where having
at least one version of a provider installed locally would totally disable
any attempt to look for newer versions remotely.

This is just for the implicit default behavior. Assumption is that later
we'll have an explicit configuration mechanism that will allow the user
to specify exactly where to look for what, and thus avoid tricky
heuristics like this.
2020-04-17 13:55:11 -07:00
Alisdair McDiarmid a5b3d497cc internal: Verify provider signatures on install
Providers installed from the registry are accompanied by a list of
checksums (the "SHA256SUMS" file), which is cryptographically signed to
allow package authentication. The process of verifying this has multiple
steps:

- First we must verify that the SHA256 hash of the package archive
  matches the expected hash. This could be done for local installations
  too, in the future.
- Next we ensure that the expected hash returned as part of the registry
  API response matches an entry in the checksum list.
- Finally we verify the cryptographic signature of the checksum list,
  using the public keys provided by the registry.

Each of these steps is implemented as a separate PackageAuthentication
type. The local archive installation mechanism uses only the archive
checksum authenticator, and the HTTP installation uses all three in the
order given.

The package authentication system now also returns a result value, which
is used by command/init to display the result of the authentication
process.

There are three tiers of signature, each of which is presented
differently to the user:

- Signatures from the embedded HashiCorp public key indicate that the
  provider is officially supported by HashiCorp;
- If the signing key is not from HashiCorp, it may have an associated
  trust signature, which indicates that the provider is from one of
  HashiCorp's trusted partners;
- Otherwise, if the signature is valid, this is a community provider.
2020-04-17 13:57:19 -04:00
Kristin Laemmert f09ae6f862
provider source tests: added test suite to exercise hyphenated providers (#24685) 2020-04-16 15:54:33 -04:00
Paul Tyng 1c9735bab5
Merge pull request #24686 from hashicorp/paultyng-patch-1
Add page explaining provider trust tiers
2020-04-16 10:53:47 -04:00
Paul Tyng 3856dacc1e
Update website/docs/registry/providers/tiers.html.md 2020-04-16 10:03:52 -04:00
Paul Tyng 663a57b263
Update website/docs/registry/providers/tiers.html.md
Co-Authored-By: Alisdair McDiarmid <alisdair@users.noreply.github.com>
2020-04-16 10:02:48 -04:00
Paul Tyng 0f25f796e1
Add page explaining provider trust tiers 2020-04-16 09:34:35 -04:00
Ryan Uber dcbd835ac3
Merge pull request #24655 from hashicorp/b-remote-policy-check-race
backend/remote: display cost estimate and policy check whenever available
2020-04-15 12:38:15 -07:00
Ryan Uber 105fcb3cac backend/remote: move reading policy check logs earlier 2020-04-15 12:31:44 -07:00
Alisdair McDiarmid 24ced6bbca
Update CHANGELOG.md 2020-04-15 14:28:34 -04:00
Noah Mercado d4d8812afa
Feature: Sum Function (#24666)
The sum function takes a list or set of numbers and returns the sum of those
numbers.
2020-04-15 14:27:06 -04:00
Katy Moe 46342373db docs: link to cloud-init provider 2020-04-15 00:31:51 +01:00
James Bardin d152d13bea fix error output in repl test
The module error is unfortunately less specific at the moment, but
change the error text here to match.
2020-04-14 14:50:43 -04:00
James Bardin 42cee86ee2 remove GetModuleInstanceOutput
There is no codepath that can use this any longer, since we need to
evaluate the modules as whole objects.

This means we're going to have to live for now with invalid module
output references returning "object" errors rather that "module".
2020-04-14 14:49:10 -04:00
James Bardin ad069b7416 update evaluation to use state ModuleOutputs
This way we don't need the extra copy of the entire module.
2020-04-14 14:49:10 -04:00
Chris Griggs 8d71337596
Merge pull request #24653 from hashicorp/cgriggs01-infoblox-links
[Website] provider links
2020-04-14 09:36:29 -07:00
Alisdair McDiarmid a2b21db556
Update CHANGELOG.md 2020-04-14 09:24:54 -04:00
Alisdair McDiarmid 8e7ace44c3
Merge pull request #24650 from hashicorp/alisdair/upgrade-hcl
vendor: go get github.com/hashicorp/hcl/v2@v2.4.0
2020-04-14 09:21:44 -04:00
Namho Kim 9cc658b491 specify that `timestamp` returns UTC 2020-04-13 18:09:05 -07:00
Daniel Dreier c14d6f4241
Fix typo in CONTRIBUTING.md 2020-04-13 18:01:12 -07:00
Pam Selle ab101f99df
Merge pull request #24635 from hashicorp/pselle/docs-mod-count
Docs for count/for_each on modules
2020-04-13 18:39:59 -04:00
James Bardin 2c4c027a97 Add ModuleOutputs method to states
In order to efficiently build the module objects for evaluation, we need
to collect the outputs from a set of module instances. The ModuleOutputs
method will return a copy of the state outputs, while not requiring the
unnecessary copying of each entire module.
2020-04-13 17:59:09 -04:00
James Bardin e9eb8e04cc add AbsOutputAddrs to state outputs
We need all module instance outputs to build the objects for evaluation,
but there is no need to copy all the resource instances along with that.
This allows us to only return the output states, with enough information
to connect them with their module instances.
2020-04-13 16:37:59 -04:00
James Bardin 27cc2aeb9c change evaluation to use whole modules
The evaluationStateData needs the change to the GetModule method to work
with the new evaluator. This is using a deep copy of module instances,
which we will clean up after some changes to the states package.
2020-04-13 16:23:24 -04:00
James Bardin 323d9fb69f plans fix 2020-04-13 16:21:09 -04:00
Ryan Uber 93906e1ad8 backend/remote: display cost estimate and policy check whenever available 2020-04-13 13:04:53 -07:00
Chris Griggs 8da255073e [Website] provider links 2020-04-13 12:29:15 -07:00
Pam Selle 146644a848 update addressing section 2020-04-13 12:13:18 -04:00
Pam Selle 608c17d518 Update providers block notes 2020-04-13 12:08:08 -04:00
Fred 76f583ac9f
website/docs: fix broken hcl json spec link (#24630) 2020-04-13 11:15:13 -04:00