Commit Graph

29169 Commits

Author SHA1 Message Date
Pam Selle 02c1bddfe1 Create experiment for sensitive attribute 2020-09-10 11:04:17 -04:00
Pam Selle 843ed8911b Don't save PathValueMarks on instance_object 2020-09-10 11:04:17 -04:00
Pam Selle 3723594b3d Point go module at master go-cty 2020-09-10 11:04:17 -04:00
Pam Selle 4089b77c2a Update vendored code 2020-09-10 11:04:17 -04:00
Pam Selle 712f5a5cc3 Update plannedNewVal itself
Using markedPlannedNewVal caused many test
failures with ignoreChanges, and I noted plannedNewVal
itself is modified in the eval_diff. plannedNewVal
is now marked closer to the change where it needs it.
There is also a test fixture update to remove interpolation warnings.
2020-09-10 11:04:17 -04:00
Pam Selle b03d5df9dc Disallow sensitive values as for_each arguments 2020-09-10 11:04:17 -04:00
Pam Selle 61c78fd3b9 Add case to compactValueStr not to expose sensitive vals in diagnostics 2020-09-10 11:04:17 -04:00
Pam Selle 3e8b125e53 Apply does not need remarking
Apply, at this moment, appears that
it does not require the remarking strategy,
as the plan has already been printed
2020-09-10 11:04:17 -04:00
Pam Selle 5b0b1a13a5 Update object compatible check to unmark
The hack approach appears consistent,
as we can remove marks before calling the
value validation
2020-09-10 11:04:17 -04:00
Pam Selle e9d9205ce8 Modifications to eval_diff 2020-09-10 11:04:17 -04:00
Pam Selle bc55b6a28b Use UnmarkDeepWithPaths and MarkWithPaths
Updates existing code to use the new Value
methods for unmarking/marking and removes
panics/workarounds in cty marshall methods
2020-09-10 11:04:17 -04:00
Pam Selle 7fef1db20d Add sensitive variable configs test coverage 2020-09-10 11:04:17 -04:00
Pam Selle 6c129a921b Unmark/remark in apply process to allow apply 2020-09-10 11:04:17 -04:00
Pam Selle 896d277a69 If the path is empty, we should not be marking the path 2020-09-10 11:04:17 -04:00
Pam Selle 84d118e18f Track sensitivity through evaluation
Mark sensitivity on a value. However, when the value is encoded to send to the
provider to produce a changeset we must remove the marks, so unmark the value
and remark it with the saved path afterwards
2020-09-10 11:04:17 -04:00
Alisdair McDiarmid 740ac873c9
Update CHANGELOG.md 2020-09-10 11:03:50 -04:00
Pam Selle 862ddf73e2 Add a sensitive attribute 2020-09-10 11:02:54 -04:00
Alisdair McDiarmid a18e1cb24f
Merge pull request #26187 from hashicorp/alisdair/concise-diff
command: Add experimental concise diff renderer
2020-09-10 11:01:20 -04:00
Alisdair McDiarmid 09d8355f43 command: Add experimental concise diff renderer
When rendering a diff between current state and projected state, we only
show resources and outputs which have changes. However, we show a full
structural diff for these values, which includes all attributes and
blocks for a changed resource or output. The result can be a very long
diff, which makes it difficult to verify what the changed fields are.

This commit adds an experimental concise diff renderer, which suppresses
most unchanged fields, only displaying the most relevant changes and
some identifying context. This means:

- Always show all identifying attributes, initially defined as `id`,
  `name`, and `tags`, even if unchanged;
- Only show changed, added, or removed primitive values: `string`,
  `number`, or `bool`;
- Only show added or removed elements in unordered collections and
  structural types: `map`, `set`, and `object`;
- Show added or removed elements with any surrounding unchanged elements
  for sequence types: `list` and `tuple`;
- Only show added or removed nested blocks, or blocks with changed
  attributes.

If any attributes, collection elements, or blocks are hidden, a count
is kept and displayed at the end of the parent scope. This ensures that
it is clear that the diff is only displaying a subset of the resource.

The experiment is currently enabled by default, but can be disabled by
setting the TF_X_CONCISE_DIFF environment variable to 0.
2020-09-10 10:35:55 -04:00
Pam Selle ee544aa4e8
Merge pull request #26190 from hashicorp/pselle/force-push-fix
Fix bug for force push for backends besides the remote backend
2020-09-10 09:20:07 -04:00
Pam Selle 2c35869a32 Fix bug for force push for backends besides the remote backend
In refactoring the force push code when implementing force push
for the Terraform remote backend, a bug was introduced that
meant that backends that don't implement the EnableForcePush
method would still have their state validated. This commit
fixes that, and adds test coverage such that there is a separate
mockRemoteClient that has this method implemented.
2020-09-10 09:13:57 -04:00
Paul Tyng f3ff843ffd Remove unused env var TF_SKIP_PROVIDER_VERIFY 2020-09-10 09:03:56 -04:00
James Bardin ec231c7616 apply the stored plan CreateThenDelete action
When applying a plan, a forced CreateBeforeDestroy may not be set during
the apply walk when downstream resources are no longer present in the
graph. We still need to stick to that plan, and both the
NodeApplyableResourceInstance EvalTree and the individual Eval nodes
need to operate on that planned value.

Ensure that we always check for an existing plan when determining
CreateBeforeDestroy status. This must happen in 2 different code paths
due to the eval node pattern currently in-use. Future refactoring may be
able to unify these code-paths to make this less fragile.
2020-09-09 17:02:28 -04:00
James Bardin 7695d1cefe add test for forced cbd with no other changes
If a resource is forced CreateBeforeDestroy from a dependent resource,
and that dependent has no changes, the plan is changed from
CreateThenDelete to DeleteThenCreate causing an apply error.
2020-09-09 16:41:01 -04:00
Kristin Laemmert 1a1225ae29
Mildwonkey/eval local (#26182)
* terraform: refactor EvalLocal, remove unused EvalDeleteLocal
* terraform: refactor NodeCountBoundary
* terraform: node_module_expand refactor
2020-09-09 15:59:29 -04:00
James Bardin cf6bc7163a not all plan action changes are provider bugs
A provider cannot influence CreateThenDelete vs DeleteThenCreate, so we
shouldn't attribute this to the provider in the error.
2020-09-09 15:45:06 -04:00
Jon "The Nice Guy" Spriggs 6f9ce7310c
Website: Add map example to templatefile function docs (#26126)
This change adds an example of using a map with a few keys and shows how it runs it.

Co-authored-by: Nick Fagerlund <nick@hashicorp.com>
2020-09-09 12:30:06 -07:00
James Bardin b8b6cae8ef
Merge pull request #26186 from hashicorp/jbardin/cbd-module-dep
don't connect module closers to destroy nodes
2020-09-09 14:15:57 -04:00
James Bardin c9e581e58a don't connect module closers to destroy nodes
One of the tenants of the graph transformations is that resource destroy
nodes can only be ordered relative to other resources, and can't be
referenced directly. This was broken by the module close node which
naively connected to all module nodes, creating cycles in some cases
when edges are reversed from CreateBeforeDestroy.
2020-09-09 12:23:23 -04:00
Alisdair McDiarmid 898b459a03 configs: Error on invalid required_providers attrs
A few users have recently been confused about the purpose of the
required_providers objects, adding provider configuration parameters in
addition to version and source. This previously did not cause an error
so would result in a confusingly distant failure.

This commit adds a single diagnostic for any required_providers object
which includes attributes other than version or source.
2020-09-09 11:52:47 -04:00
Alisdair McDiarmid 3419422891 website: Fix docs for implied provider FS mirrors
In addition to the directories previously listed, Terraform looks in the
CLI config directory ($HOME/.terraform.d/plugins on macOS/Linux/UNIX,
and %APPDATA%/terraform.d/plugins on Windows). List this in the
documentation for clarity.

We also add a note about the working directory relative "vendor"
location, ./terraform.d/plugins.
2020-09-09 11:15:02 -04:00
Kristin Laemmert 069f379e75 terraform: refactor Node*Ouput
This commit refactors NodeApplyableOutput and NodeDestroyableOutput into
the new Execute() pattern, collapsing the functions in eval_output.go
into one place.

I also reverted a recent decision to have Execute take a _pointer_ to a
walkOperation: I was thinking of interfaces, not constant bytes, so all
it did was cause problems.

And finally I removed eval_lang.go, which was unused.
2020-09-09 08:45:54 -04:00
Pam Selle 5153ea633b Add docs notes for deprecation 2020-09-08 14:33:13 -04:00
Pam Selle e191a57093
Merge pull request #25952 from shaowenchen/improvement_docs
improvement github token
2020-09-08 14:30:54 -04:00
Pam Selle 5ec1868419
Merge pull request #25864 from alexnovak/patch-1
Correct annotation in expressions.html
2020-09-08 14:26:46 -04:00
Pam Selle 621ee056e6
Merge pull request #26108 from qrilka/patch-1
Minor typo
2020-09-08 14:16:07 -04:00
Pam Selle 11119e7e3f
Merge pull request #26158 from fourplusone/patch-1
Fix broken link in providers/mirror documentation
2020-09-08 14:13:32 -04:00
Pam Selle afa43d9484
Merge pull request #26170 from hashicorp/pselle/fixE2Etests-osx
Update workDir of e2e binary to eval symlinks
2020-09-08 14:12:51 -04:00
Pam Selle 880546bd66 Update workDir of e2e binary to eval symlinks
Due to a recent update to OS X, this is necessary
so that the correct working directory is saved,
so that methods like Path() on the e2e binary
will return the correct value
2020-09-08 13:46:20 -04:00
Kristin Laemmert 8a4b2ab817 terraform: EvalNode removal, continued
This commit continues the overall EvalNode removal project.

Something to note: the NodeRefreshableDataResourceInstance's Execute()
function is intentionally refactored in the bare minimum,
hardly-a-refactor style, because we have another ongoing project which
aims to remove NodeRefreshable*s. It is not worth the effort at this
time. We may revisit this decision in the future.
2020-09-08 13:05:43 -04:00
Kristin Laemmert df6f3fa6de terraform: modify Execute() signature
walkOperation should be a pointer to simplify test writers' lives - it
is not needed in most cases.
2020-09-08 13:05:43 -04:00
Martin Atkins 773dd56b42 internal/depsfile: Introduce the concept of "non-lockable" providers
It doesn't make sense for a built-in provider to appear in a lock file
because built-in providers have no version independent of the version of
Terraform they are compiled into.

We also exclude legacy providers here, because they were supported only
as a transitional aid to enable the Terraform 0.13 upgrade process and
are not intended for explicit selection.

The provider installer will, once it's updated to understand dependency
locking, use this concept to decide which subset of its selections to
record in the dependency lock file for reference for future installation
requests.
2020-09-08 09:50:58 -07:00
Martin Atkins 98e2e69abb internal/depsfile: SaveLocksToFile implementation
This is an initial implementation of writing locks back to a file on disk.
This initial implementation is incomplete because it does not write the
changes to the new file atomically. We'll revisit that in a later commit
as we return to polish these codepaths, once we've proven out this
package's design by integrating it with Terraform's provider installer.
2020-09-08 09:50:58 -07:00
Martin Atkins 92723661d0 internal/depsfile: Loading locks from HCL files on disk
This is the initial implementation of the parser/decoder portion of the
new dependency lock file handler. It's currently dead code because the
caller isn't written yet. We'll continue to build out this functionality
here until we have the basic level of both load and save functionality
before introducing this into the provider installer codepath.
2020-09-08 09:50:58 -07:00
Martin Atkins 6993ecb0a6 internal/getproviders: VersionConstraintsString for "~> 2" input
The version constraint parser allows "~> 2", but it behavior is identical
to "~> 2.0". Due to a quirk of the constraint parser (caused by the fact
that it supports both Ruby-style and npm/cargo-style constraints), it
ends up returning "~> 2" with the minor version marked as "unconstrained"
rather than as zero, but that means the same thing as zero in this context
anyway and so we'll prefer to stringify as "~> 2.0" so that we can be
clearer about how Terraform is understanding that version constraint.
2020-09-08 09:50:58 -07:00
Alisdair McDiarmid a176aaa4da
Merge pull request #26136 from hashicorp/alisdair/fix-providercache-test-failures-on-macOS
internal: Fix providercache test failures on macOS
2020-09-08 09:45:12 -04:00
Alisdair McDiarmid 1c8a7f65d0
Merge pull request #26137 from hashicorp/alisdair/output-changes-tests
command: Add tests for format.OutputChanges
2020-09-08 09:45:05 -04:00
Kristin Laemmert 2de6698be6
Update CHANGELOG.md 2020-09-08 08:21:17 -04:00
Kristin Laemmert 923e157b5c
configs: deprecate version argument inside provider configuration blocks (#26135)
The version argument is deprecated in Terraform v0.14 in favor of
required_providers and will be removed in a future version of terraform
(expected to be v0.15). The provider configuration documentation already
discourages use of 'version' inside provider configuration blocks, so it
only needed an extra note that it is actively deprecated.
2020-09-08 08:19:00 -04:00
Matthias Bartelmeß cec5222287
Correct typo 2020-09-08 00:18:28 +02:00