Commit Graph

27737 Commits

Author SHA1 Message Date
Alisdair McDiarmid 1fa65bdd91 core: Fix sensitive value variable validation
Binding a sensitive value to a variable with custom validation rules
would cause a panic, as the validation expression carries the sensitive
mark when it is evaluated for truthiness. This commit drops the marks
before testing, which fixes the issue.
2021-01-05 13:52:33 -05:00
Pam Selle dbde1be363 Update validate test to add case for marked count value
The diff here is largely a refactor to allow the test to run multiple cases
2021-01-05 11:49:35 -05:00
Pam Selle 33c31dce2b Use evaluateCountExpressionValue in validate step
There was a special, duplicate function that could be replaced by
calling evaluateCountExpressionValue, and removes duplicate code
2021-01-05 11:26:18 -05:00
Alisdair McDiarmid 7e09cd1228 backend/remote: No version check for local ops
If the remote backend is connected to a Terraform Cloud workspace in
local operations mode, we disable the version check, as the remote
Terraform version is meaningless.
2021-01-05 09:11:19 -05:00
Nick Fagerlund 5ceb8b2b98 website: Adopt `terraform_remote_state` into language docs
...and also shrink the explanation for alternate sharing approaches, a bit.

Actually, it looks like I already half-adopted it by accident. 😬 But this
commit adds it to the sidebar under "State", so users can browse to it. I'm
leaving the URL alone, because it's not urgent and we'll need to adjust a large
swath of URLs at some point anyway.

This change effectively stops presenting `terraform` as a provider in the normal
sense, and reduces /docs/providers/terraform/index.html to a ghost page in the
language section (to avoid breaking links for the time being). The message a
reader should get is that Terraform has one special built-in data source where
you don't need to think about the provider or its version.
2021-01-04 12:08:09 -08:00
Pam Selle e9748574b9
Merge pull request #27373 from stakiran/patch-1
website: Fix wrong link of operators.
2021-01-04 14:22:21 -05:00
Alisdair McDiarmid f770f03620
Merge pull request #27335 from hashicorp/alisdair/fix-sensitive-data-source-arguments
core: Fix for sensitive data source arguments
2021-01-04 13:53:35 -05:00
Alisdair McDiarmid c0a5a5be1b
Merge pull request #27319 from hashicorp/alisdair/backend-remote-no-version-check-for-operations
backend/remote: No version check for operations
2021-01-04 13:52:38 -05:00
stakiran 3ce7edc018
website: Fix wrong link of operators.
not "references.html" but "operators.html".
2020-12-27 21:15:13 +09:00
Nick Fagerlund c0e37a7ea1
Merge pull request #27339 from hashicorp/dec20_reduce_provider_indexes
website: Remove provider category indexes, reduce main list
2020-12-18 13:42:01 -08:00
Pam Selle 77c67a3963
Merge pull request #27338 from hashicorp/pselle/test-sets
[tests] Roll back test schema expansion and isolate
2020-12-18 16:28:58 -05:00
Nick Fagerlund cc6a226bcf website: Remove provider category indexes, reduce main list
As of December 18, 2020, we've redirected nearly all of the provider
documentation that used to live on terraform.io:

- For providers that got published on the Registry, we redirected each docs page
to the corresponding Registry docs page.

- For providers that never got adopted by a new publisher, we archived the
GitHub repository and redirected each docs page to the corresponding Markdown
source file on github.com. (For an example of these redirects, see
https://www.terraform.io/docs/providers/telefonicaopencloud/r/s3_bucket.html)

There are ten providers left that we haven't redirected. These ones got adopted
by new publishers and _will_ end up on the Registry, but they aren't quite ready
to ship and get their permanent redirects, and we don't want to sabotage their
SEO by 301ing to a temporary destination.
2020-12-18 13:13:45 -08:00
Pam Selle 87b576da7a Roll back test schema expansion and isolate
Isolate the test schema expansion, because having NestingSet
in the schema actually necessitates [] values in the AttrsJson.
While this didn't fail any tests on its addition, that
is scary and so isolate this to the one test using it.
2020-12-18 15:08:44 -05:00
Anthony Sottile 8cd72e51cb
fix file mode on lock file (#27205)
Signed-off-by: Anthony Sottile <asottile@umich.edu>
2020-12-18 11:51:59 -05:00
Alisdair McDiarmid 577b1ea2af core: Fix for sensitive data source arguments 2020-12-18 11:22:00 -05:00
Robin Norwood 235c141565 Add links to outputs and locals tutorials 2020-12-17 12:24:53 -08:00
Nick Fagerlund 85d477aee9 website: Fix numerous links with redirects or broken anchors
These links largely still go somewhere useful, but they have some kind of issue
revealed by our new link checker:

- Some of them point to a stale URL that redirects, and can be updated to the
  new destination.
- Some of them point to anchors that don't exist (anymore?) in the destination.
- Some of them end up redirecting unnecessarily due to how the server handles
  directory URLs without trailing slashes. Sorry, I know that's pointless, just,
  humor me for the time being so we can get our CI green. 😭

In a couple cases, I've added invisible anchors to destination pages, either to
preserve an old habit or because the current anchors kind of suck due to being
particularly long or meandering.
2020-12-17 12:23:50 -08:00
Nick Fagerlund 1fff4e2690 website: Update links to redirected provider docs pages
This commit intentionally leaves the indexes of provider docs alone, to avoid
merge conflicts when we delete those.
2020-12-17 12:23:50 -08:00
Alisdair McDiarmid a7c9e41249
Merge pull request #27320 from hashicorp/alisdair/update-deps
Update hcl and go-cty dependencies
2020-12-17 14:24:53 -05:00
James Bardin f5187aa869
Merge pull request #27318 from hashicorp/jbardin/path-marks
Correctly compare unordered sets of marks
2020-12-17 13:49:50 -05:00
Alisdair McDiarmid 908017fe69 go get github.com/zclconf/go-cty@v1.7.1 2020-12-17 13:04:53 -05:00
Alisdair McDiarmid 409c713591 go get github.com/hashicorp/hcl/v2@v2.8.1 2020-12-17 13:01:54 -05:00
Alisdair McDiarmid 619c6727ef backend/remote: No version check for operations
Terraform remote version conflicts are not a concern for operations. We
are in one of three states:

- Running remotely, in which case the local version is irrelevant;
- Workspace configured for local operations, in which case the remote
  version is meaningless;
- Forcing local operations with a remote backend, which should only
  happen in the Terraform Cloud worker, in which case the Terraform
  versions by definition match.

This commit therefore disables the version check for operations (plan
and apply), which has the consequence of disabling it in Terraform Cloud
and Enterprise runs. In turn this enables Terraform Enterprise runs with
bundles which have a version that doesn't exactly match the bundled
Terraform version.
2020-12-17 12:58:38 -05:00
James Bardin 1309b36b83 plan context test for mysterious changes
This plan would occasionally show changes when there weren't any due to
the sensitive marks being compared incorrectly.
2020-12-17 12:55:58 -05:00
James Bardin 79a31f627b compare unordered sets of PathMarkValues
When comparing marks for values during plan and apply, we need to ensure
the order of the marked paths is consistent.
2020-12-17 12:55:58 -05:00
Pam Selle 428d404d92
Allow for_each arguments containing sensitive values if they aren't keys (#27247)
* Add test for existing behavior, when a value contains a marked value

* Allow some marked values as for_each arguments

Rather than disallow values that have any marks
as for_each arguments, this makes the check more
nuanced to disallow cases where the whole value
is marked (a whole map, or any set). This allows
cases where a user may pass a map that has marked
values, but the keys are not sensitive
2020-12-17 11:27:12 -05:00
Pam Selle 1970c14a53
[docs] Add limitations section to for_each (#27299)
* Add limitations section to for_each

Move limitations from a note to their own section,
to allow for expansion on disallowing sensitive values
in for_each
2020-12-17 11:03:14 -05:00
James Bardin de114c4b7e
Merge pull request #27303 from hashicorp/jbardin/data-source-no-provider
modify ProvidedBy to indicate no provider needed for orphaned data sources
2020-12-17 09:06:52 -05:00
James Bardin c85adf191a modify ProvidedBy to indicate no provider needed
Because of the composition pattern used within core, we can't easily
remove a behavior from an embedded type. Rather than trying to
re-implement all necessary methods on the
NodePlannableResourceInstnaceOrphan to exclude orphaned data resources
from GraphNodeProviderConsumer, we can modify ProvidedBy to indicate
when there is no provider required.
2020-12-17 09:01:20 -05:00
Martin Atkins 21d6fb5a37 depsfile: Don't panic when lock file is unreadable
Previously we were expecting that the *hcl.File would always be non-nil,
even in error cases. That isn't always true, so now we'll be more robust
about it and explicitly return an empty locks object in that case, along
with the error diagnostics.

In particular this avoids a panic in a strange situation where the user
created a directory where the lock file would normally go. There's no
meaning to such a directory, so it would always be a mistake and so now
we'll return an error message about it, rather than panicking as before.

The error message for the situation where the lock file is a directory is
currently not very specific, but since it's HCL responsible for generating
that message we can't really fix that at this layer. Perhaps in future
we can change HCL to have a specialized error message for that particular
error situation, but for the sake of this commit the goal is only to
stop the panic and return a normal error message.
2020-12-15 17:00:35 -08:00
Robert c412935d63
correct terraform-bundle default plugins dir docs (#26965)
* correct terraform-bundle default plugins dir docs

* remove dangling character in local plugin dir log output
2020-12-15 13:52:31 -05:00
Pam Selle 6bfc4a8809
Merge pull request #27280 from hashicorp/pselle/docs-sensitive-var
(docs) Document sensitivity + function call behavior
2020-12-15 11:46:30 -05:00
Pam Selle ad1420cdf4
Merge pull request #27281 from hashicorp/pselle/double-mark
Guard against double marking in other locations in evaluate
2020-12-15 08:10:49 -05:00
Ben Drucker a39273cfa3 Merge remote-tracking branch 'origin/master' into validate-ignore-empty-provider 2020-12-14 14:39:48 -08:00
Pam Selle fa74710aef Guard against double marking in other locations in evaluate 2020-12-14 15:58:06 -05:00
Pam Selle d7f3239c51 Document sensitivity + function call behavior 2020-12-14 15:38:47 -05:00
Repon Kumar Roy 7d093cbede website: add example of multiple var cli
This PR updates the documentation of input variable of terraform. It's
mentioned that multiple `-var` is possible, but no example is given.
This PR adds an example of multiple `-var` option
2020-12-15 02:09:30 +08:00
Kristin Laemmert 9ac8e3c55e
Update CHANGELOG.md 2020-12-14 11:08:57 -05:00
Kristin Laemmert 8bab3dd374
command/state list: list resources in nested and expanded modules (#27268)
* command/state list: list resources in nested and expaneded modules

A few distinct bugs fixed in here:

There was a bug in the logic checking if a given module was the child of
the targetAddr, now fixed. That resolved the basic issue where resources
in nested submodules were not listed.

The logic around allowMissing needed some tweaking to allow for empty
modules, as long as those modules had submodules with resources. state
list is the only command using allowMissing with false so this felt safe
to do.

Finally I extended the logic so list would included expanded modules,
which is to say giving module.foo would result in resources from
module.foo[1], module.foo[0], etc.

* update state list docs to show that module filtering includes any nested
modules
2020-12-14 11:07:15 -05:00
James Bardin 6d0db836a9
Merge pull request #27267 from hashicorp/jbardin/data-reference-doc
add implied data depends_on caveat
2020-12-11 15:21:39 -05:00
James Bardin cd4cb3f8d2 add implied data depends_on caveat 2020-12-11 13:42:09 -05:00
Alisdair McDiarmid e7db580e67
Merge pull request #27265 from hashicorp/alisdair/validate-json-tests
command: Add tests for terraform validate -json
2020-12-11 13:36:36 -05:00
Kristin Laemmert cc4b7a10af
Update CHANGELOG.md 2020-12-11 13:23:29 -05:00
Kristin Laemmert 8a4891383c
console: normalize module path before building context (#27263)
Expressions such as "path.root" were returning the cwd (or modulePath),
instead of the usual _relative_ path. This commit normalizes the path
before building the context.
2020-12-11 13:22:06 -05:00
Kristin Laemmert e938b02337
terraform: improve provider config related error messages (#27261)
* terraform: improve provider config related error messages with nil
config

If there is no provider configuration present in the config at all,
errors related to missing required arguments lack source information or
even a reference to the provider in question. This PR adds more specific
error messages in three of these situations:
- ValidateProvider
- ConfigureProvider: provider.PrepareProviderConfig
- ConfigureProvider: ctx.ConfigureProvider

To test the last case I added a ConfigureProviderFn to the MockContext.

* remove newlines and let the diagnost renderer handle fit
2020-12-11 13:18:49 -05:00
Alisdair McDiarmid f1b95788b9 command: Add tests for terraform validate -json
Also uncomment and fix some tests which had been skipped for a couple of
years. Those validate cases work now!

Note that these test cases and the JSON output are not especially
minimized, making them snapshot/golden tests. The output looks correct
at time of writing, and we don't expect to change validate significantly
any time soon, but if we do there will be some churn here.
2020-12-11 13:09:25 -05:00
Martin Atkins bab4979128 command/init: Remove the warnings about the "legacy" cache directory
We included these warnings in v0.14 after noticing that we'd accidentally
published some incorrect documentation about the purpose of the plugin
cache directory under .terraform/plugins. We switched to using
.terraform/providers instead so that we could treat any missing providers
that appear in the legacy directory as likely to be a result of following
that documentation, and thus produce this extra warning.

However, the further we get from v0.13 the more likely it is for this
warning to be a confusing false positive rather than something helpful,
and this is a non-trivial codepath requiring us to retain a concept that
we otherwise don't need (the "legacy cache dir"), so here we'll remove
those warnings and support code for v0.15 onwards.

These warnings were always accompanied by an error message saying that a
provider could not be found, and that error message remains after this
change. This just removes the "by the way..."-style warning we had been
emitting alongside the errors.
2020-12-11 08:00:15 -08:00
Alisdair McDiarmid 9b0af78f24
Merge pull request #27249 from hashicorp/alisdair/sum-func-robustness
lang: Improved robustness of sum function
2020-12-11 09:29:14 -05:00
Alisdair McDiarmid f27dae2ab7 lang: Improved robustness of sum function
Fixes error when calling sum with values not known until apply time.
Also allows sum to cope with numbers too large to represent in float64,
along with correctly handling errors when trying to sum opposing
infinities.
2020-12-10 17:13:56 -05:00
Pam Selle 6e1017f247
Merge pull request #27238 from hashicorp/pselle/count-sensitive
Unmark values in count before go conversion
2020-12-10 13:36:59 -05:00