Commit Graph

949 Commits

Author SHA1 Message Date
Brian Flad ba081aa10a
backend/s3: Updates for Terraform v0.13.0 (#25134)
* deps: Update github.com/hashicorp/aws-sdk-go-base@v0.5.0

Updated via:

```
$ go get github.com/hashicorp/aws-sdk-go-base@v0.5.0
$ go mod tidy
$ go mod vendor
```

* backend/s3: Updates for Terraform v0.13.0

Reference: https://github.com/hashicorp/terraform/issues/13410
Reference: https://github.com/hashicorp/terraform/issues/18774
Reference: https://github.com/hashicorp/terraform/issues/19482
Reference: https://github.com/hashicorp/terraform/issues/20062
Reference: https://github.com/hashicorp/terraform/issues/20599
Reference: https://github.com/hashicorp/terraform/issues/22103
Reference: https://github.com/hashicorp/terraform/issues/22161
Reference: https://github.com/hashicorp/terraform/issues/22601
Reference: https://github.com/hashicorp/terraform/issues/22992
Reference: https://github.com/hashicorp/terraform/issues/24252
Reference: https://github.com/hashicorp/terraform/issues/24253
Reference: https://github.com/hashicorp/terraform/issues/24480
Reference: https://github.com/hashicorp/terraform/issues/25056

Changes:

```
NOTES

* backend/s3: Deprecated `lock_table`, `skip_get_ec2_platforms`, `skip_requesting_account_id` arguments have been removed
* backend/s3: Credential ordering has changed from static, environment, shared credentials, EC2 metadata, default AWS Go SDK (shared configuration, web identity, ECS, EC2 Metadata) to static, environment, shared credentials, default AWS Go SDK (shared configuration, web identity, ECS, EC2 Metadata)
* The `AWS_METADATA_TIMEOUT` environment variable no longer has any effect as we now depend on the default AWS Go SDK EC2 Metadata client timeout of one second with two retries

ENHANCEMENTS

* backend/s3: Always enable shared configuration file support (no longer require `AWS_SDK_LOAD_CONFIG` environment variable)
* backend/s3: Automatically expand `~` prefix for home directories in `shared_credentials_file` argument
* backend/s3: Add `assume_role_duration_seconds`, `assume_role_policy_arns`, `assume_role_tags`, and `assume_role_transitive_tag_keys` arguments

BUG FIXES

* backend/s3: Ensure configured profile is used
* backend/s3: Ensure configured STS endpoint is used during AssumeRole API calls
* backend/s3: Prefer AWS shared configuration over EC2 metadata credentials
* backend/s3: Prefer ECS credentials over EC2 metadata credentials
* backend/s3: Remove hardcoded AWS Provider messaging
```

Output from acceptance testing:

```
--- PASS: TestBackend (16.32s)
--- PASS: TestBackendConfig (0.58s)
--- PASS: TestBackendConfig_AssumeRole (0.02s)
--- PASS: TestBackendConfig_conflictingEncryptionSchema (0.00s)
--- PASS: TestBackendConfig_invalidKey (0.00s)
--- PASS: TestBackendConfig_invalidSSECustomerKeyEncoding (0.00s)
--- PASS: TestBackendConfig_invalidSSECustomerKeyLength (0.00s)
--- PASS: TestBackendExtraPaths (13.21s)
--- PASS: TestBackendLocked (28.98s)
--- PASS: TestBackendPrefixInWorkspace (5.65s)
--- PASS: TestBackendSSECustomerKey (17.60s)
--- PASS: TestBackend_impl (0.00s)
--- PASS: TestForceUnlock (17.50s)
--- PASS: TestKeyEnv (50.25s)
--- PASS: TestRemoteClient (4.78s)
--- PASS: TestRemoteClientLocks (16.85s)
--- PASS: TestRemoteClient_clientMD5 (12.08s)
--- PASS: TestRemoteClient_impl (0.00s)
--- PASS: TestRemoteClient_stateChecksum (17.92s)
```
2020-06-05 16:41:32 -04:00
Matthew Irish e36ed8968b
use example.com address in consul backend config
Currently the example config for the Consul backend uses a live Consul demo cluster at `demo.consul.io`. This results in TF state with sensitive information and all being stored on a public site when users just copy and paste the config. This PR changes it so that the config address isn't the public demo cluster.
2020-06-05 10:35:32 -05:00
Martin Atkins 49e2e00231 command: terraform providers mirror
This new command is intended to make it easy to create or update a mirror
directory containing suitable providers for the current configuration,
producing a layout that is appropriate both for a filesystem mirror or,
if copied into the document root of an HTTP server, a network mirror.

This initial version is not customizable aside from being able to select
multiple platforms to install packages for.

Future iterations of this could include commands to turn the JSON index
generation on and off, or to instruct it to produce the unpacked directory
layout instead of the packed directory layout as it currently does. Both
of those options would make the generated directory unsuitable to be
a network mirror, but it would still work as a filesystem mirror.

In the long run this will hopefully form part of a replacement workflow to
terraform-bundle as a way to put copies of providers somewhere so we don't
need to re-download them every time, but some other changes will be needed
outside of just this command before that'd be true, such as adding support
for network and/or filesystem mirrors in Terraform Enterprise.
2020-06-01 14:49:43 -07:00
Martin Atkins 67311f73fd website: Draw better attention to for and for_each patterns
When helping folks in the community forum, I commonly see questions around
more complex patterns in transforming deep data structures into different
shapes to work with for_each. We have examples of these patterns in the
docs for the functions that they rely on, but they were not previously
very discoverable in the main configuration language documentation
sections.

Here I've moved the "Using Expressions in for_each" subsection on the
Resources page above some of the other sub-sections to hopefully make it
easier to see, and written out in more detail the two specific patterns
that answer a significant number of for_each-related user questions in
the hope that readers will be more likely to realize that the links are
relevant to what their goals.

I also added some more elaboration about the behavior of converting from
list to set in the "Using Sets" subsection, because this feature is often
a user's first encounter with the set data type and I've inferred from
some of the questions I've answered that a number of Terraform users don't
have prior experience with set data types in other languages to draw
assumptions from.

Finally, I added some similar links to the for_each patterns within the
for expression documentation itself, to try to make those examples more
visible to those who might be discovering the documentation in a different
sequence, e.g. by following a deep link shared in an answer to a question
in the community forum.
2020-06-01 14:17:47 -07:00
Will Brock b4dd2b8b2e
Fix typo replacing and with as 2020-05-30 18:10:51 -04:00
James Bardin 866449a78a
Merge pull request #25069 from hashicorp/jbardin/depends-on-docs
depends_on doc updates
2020-05-29 16:50:39 -04:00
Martin Atkins 89c2a61b41 website: Small corrections to the "plan" and "apply" command docs
The "apply" documentation contained a simple typo, while the "plan"
documentation contained outdated information about using
"terraform plan PLANFILE" to view a plan. The latter is now a separate
command entirely, since Terraform 0.12: "terraform show PLANFILE".
2020-05-29 07:36:40 -07:00
Martin Atkins 31a4b44d2e backend/local: treat output changes as side-effects to be applied
This is a baby-step towards an intended future where all Terraform actions
which have side-effects in either remote objects or the Terraform state
can go through the plan+apply workflow.

This initial change is focused only on allowing plan+apply for changes to
root module output values, so that these can be written into a new state
snapshot (for consumption by terraform_remote_state elsewhere) without
having to go outside of the primary workflow by running
"terraform refresh".

This is also better than "terraform refresh" because it gives an
opportunity to review the proposed changes before applying them, as we're
accustomed to with resource changes.

The downside here is that Terraform Core was not designed to produce
accurate changesets for root module outputs. Although we added a place for
it in the plan model in Terraform 0.12, Terraform Core currently produces
inaccurate changesets there which don't properly track the prior values.

We're planning to rework Terraform Core's evaluation approach in a
forthcoming release so it would itself be able to distinguish between the
prior state and the planned new state to produce an accurate changeset,
but this commit introduces a temporary stop-gap solution of implementing
the logic up in the local backend code, where we can freeze a snapshot of
the prior state before we take any other actions and then use that to
produce an accurate output changeset to decide whether the plan has
externally-visible side-effects and render any changes to output values.

This temporary approach should be replaced by a more appropriately-placed
solution in Terraform Core in a release, which should then allow further
behaviors in similar vein, such as user-visible drift detection for
resource instances.
2020-05-29 07:36:40 -07:00
Martin Atkins d1bc412220 configs: Custom variable validation is no longer experimental
All of the feedback from the experiment described enhancements that can
potentially be added later without breaking changes, so this change simply
removes the experiment gate from the feature as originally implemented
with no changes to its functionality.

Further enhancements may follow in later releases, but the goal of this
change is just to ship the feature exactly as it was under the experiment.

Most of the changes here are cleaning up the experiment opt-ins from our
test cases. The most important parts are in configs/experiments.go and in
experiments/experiment.go .
2020-05-28 16:07:59 -07:00
James Bardin 5d64029275 depends_on doc updates
Update depends_on for modules and data sources.
2020-05-28 16:17:01 -04:00
Alisdair McDiarmid ef28671b34
Merge pull request #24932 from hashicorp/signing-language
Modify language for reporting signing state
2020-05-28 09:09:34 -04:00
Paul Tyng 22ef5cc99c Modify language for reporting signing state
Be more explicit about the signing status of fetched plugins and provide documentation about the different signing options.
2020-05-26 13:14:05 -04:00
Garron Kramer f3db1232a0
Update modules.html.md
the -module option is no longer present.
2020-05-25 15:41:45 +03:00
Daniel Dreier df39e0a806
Merge pull request #23989 from tatsuo48/fix_sample_code
fix sample code
2020-05-21 15:03:52 -07:00
Daniel Dreier 398972aa24
Merge pull request #22826 from yessarath/patch-1
local backend example added
2020-05-21 14:54:55 -07:00
Daniel Dreier f737d684e5
Update website/docs/providers/terraform/d/remote_state.html.md
Co-authored-by: Nick Fagerlund <nick@hashicorp.com>
2020-05-21 14:54:40 -07:00
Daniel Dreier d006b85c26
Update website/docs/providers/terraform/d/remote_state.html.md
Co-authored-by: Nick Fagerlund <nick@hashicorp.com>
2020-05-21 14:54:30 -07:00
Daniel Dreier 1c024aa06f
Merge pull request #24319 from ritarock/improve_doc
improve s3.html.md
2020-05-21 14:33:14 -07:00
Daniel Dreier 44e3d99409
Merge pull request #24659 from hashicorp/timestamp-doc
specify that `timestamp` returns UTC
2020-05-21 14:30:16 -07:00
Daniel Dreier 5e35dedc2a
Update website/docs/configuration/functions/timestamp.html.md
Co-authored-by: Matthew Sanabria <24284972+sudomateo@users.noreply.github.com>
2020-05-21 14:29:38 -07:00
Daniel Dreier 5f80f6d49d
Merge pull request #24771 from bradleypmartin/issue-24198-update-docs-for-map-type
Update maps docs to reflect v0.12 colon behavior
2020-05-21 14:28:19 -07:00
Daniel Dreier 5ef80b35e3
Merge pull request #24996 from pcleddy/foreach_with_toset_and_list
Example of for_each with list -> set using toset
2020-05-21 14:22:06 -07:00
Pam Selle bfbdb4cb1d
Add docs for provider limitations when expanding modules (#25007)
* Add docs for provider limitations when expanding modules
2020-05-21 14:04:44 -04:00
Petros Kolyvas c2f1033e86
Removing the "future version will...
We fully intend to do this, but this vague statement is no longer helpful. Will update when we have something more concrete.
2020-05-20 20:44:43 -04:00
Paul Leddy 3d17c87698 Example of for_each with list -> set using toset 2020-05-19 16:03:21 -07:00
Paul Tyng e8f75b55ab
Remove sumologic from community 2020-05-16 12:23:46 -04:00
Nick Fagerlund e358d6b618
website: Edit text of new TF_IGNORE env var docs (#24788)
* website: Edit text of new TF_IGNORE env var docs

Fixing one broken link, and tidying the sentences a bit.

* typo

Co-authored-by: Pam Selle <pam@hashicorp.com>
2020-05-14 13:35:27 -07:00
Chris Griggs c29b51b455 [Website] Kingsoft cloud provider link 2020-05-14 09:33:12 -07:00
charlotte.mach 172d6caf04 Add info on dynamodb locking multiple state files as per issue #15303 2020-05-13 15:04:56 -07:00
Jean Dupouy a54bb124a9
website/docs: provider aliases in the JSON format
Fixes #24889
2020-05-13 15:52:26 +02:00
James Bardin e912dc8551
Merge pull request #19155 from bdwyertech/chef-exit-codes
Chef: Gracefully Handle RFC062 Exit Codes
2020-05-12 17:09:05 -04:00
Alisdair McDiarmid 20483da548 website: Add docs for 0.13upgrade 2020-05-11 15:38:16 -04:00
Chris Griggs 53a36a11b2
Merge pull request #24875 from hashicorp/cgriggs01-community
[Website] Adding community providers
2020-05-08 07:59:46 -07:00
Robin Norwood af5c425360
website: Add link to new learn track in configuration/modules.html (#24847) 2020-05-07 15:52:22 -07:00
Chris Griggs 3c1854c206 Adding community provider 2020-05-05 14:35:02 -07:00
Sander van Harmelen 2e5fbdf684 Remove (now) incorrect example
This example doesn't really show how these values should be used. The
default of retry_on_exit_code is now already when most people want, so
this line is not needed in most cases.

I think the docs describe the new options just fine, so lets leave this
out...
2020-05-05 16:31:57 -04:00
Sander van Harmelen 9453308c78 Make sure the WinRM communicator can reconnect 2020-05-05 16:18:30 -04:00
Sander van Harmelen a614056925 Refactor the code a bit to make it more idiomatic 2020-05-01 08:58:33 -04:00
Brian Dwyer 2f4067cf70
Clean up and add docs
Signed-off-by: Brian Dwyer <Brian.Dwyer@broadridge.com>
2020-04-30 08:16:17 -04:00
Robin Norwood d47f984e75
Add reference to new modules track (#24445) 2020-04-28 11:09:42 -07:00
kmoe 8e7a4a6c21
Merge pull request #24670 from hashicorp/kmoe-cloudinit-provider
Cloud-init provider link
2020-04-28 10:03:46 +01:00
Daniel Dreier 1170efb14a
Merge pull request #23510 from kayrus/new-swift-opts
backend/remote: Swift Authentication Update
2020-04-27 14:37:25 -07:00
Daniel Dreier 7aa97f415d
Fix "additoinal" typo in web site
Fixes 24769
2020-04-27 10:14:27 -07:00
bradleypmartin 0b45a3c83d Update maps docs to reflect v0.12 colon behavior 2020-04-26 17:52:08 -06:00
kayrus bd344f9d73 Sync auth options with upstream openstack provider 2020-04-25 08:39:33 +02:00
Alisdair McDiarmid 9266e944fa
Merge pull request #24752 from hashicorp/alisdair/terraform-state-replace-provider-docs
website: Add docs for state replace-provider
2020-04-24 16:33:08 -04:00
Martin Atkins 1ce3c60693
command/cliconfig: Explicit provider installation method configuration
This set of commits allows explicit configuration of provider installation methods
in the CLI config, overriding the implicit method selections.
2020-04-23 10:58:00 -07:00
Martin Atkins dadec6ee9e fixup docs 2020-04-23 10:52:01 -07:00
Martin Atkins c6cbbcb79a website: Initial documentation for provider_installation in the CLI config
This is an initial draft of documentation for this new feature of the
CLI configuration. This is mainly intended as a placeholder for now,
because there are other documentation updates pending for the new provider
namespacing and installation scheme and we'll likely want to revise these
docs to better complement the broader documentation once it's written.
2020-04-23 10:52:01 -07:00
Alisdair McDiarmid 52d64127f7 website: Add docs for state replace-provider 2020-04-23 11:41:57 -04:00