Commit Graph

27300 Commits

Author SHA1 Message Date
Alisdair McDiarmid 9d2994ab9b website: Sensitive values in provisioner config 2020-10-19 13:19:51 -04:00
Pam Selle b44dad3ce6
Merge pull request #26623 from hashicorp/pselle/cleanup
Comment fixing
2020-10-19 10:30:40 -04:00
Alisdair McDiarmid 24edf66c01
Update CHANGELOG.md 2020-10-19 10:06:07 -04:00
Alisdair McDiarmid e6d42ec4b3
Update CHANGELOG.md 2020-10-19 10:05:59 -04:00
Alisdair McDiarmid 4206b69060
Merge pull request #26588 from hashicorp/alisdair/upgrade-colorable
go get github.com/mattn/go-colorable@v0.1.8
2020-10-19 10:04:07 -04:00
James Bardin 46c0cedb20 handle empty json 2020-10-19 09:41:03 -04:00
James Bardin af9f985d66 Accept JSON encoded dynamic values from providers
Core was previously ignoring JSON-encoded dynamic values, but these are
technically supported, so we must either error or accept the value.
Since we already have the decoder for Json state, it's minimal effort to
support this on all plugin methods too.

This change also gives providers an easy way to implement the
UpgradeResourceState method. The obvious implementation of returning the same
JSON-encoded value has tripped up a few providers not using the legacy
SDK already, and we should have at least indicated that the value was
being lost.
2020-10-19 09:41:03 -04:00
James Bardin 488840171a
Merge pull request #26613 from hashicorp/jbardin/plugin-dynamic-json
Accept JSON encoded dynamic values from providers
2020-10-19 09:37:50 -04:00
James Bardin 353937411d handle empty json 2020-10-19 09:31:37 -04:00
Pam Selle 02c48f8071 Comment fixing 2020-10-18 13:00:09 -04:00
Paul Thrasher d380f5873c
Allow runs to continue on tfce error
A cost estimation error does not actually stop a run, so the run was continuing in the background after the cli exits, causing confusion. This change matches the UI behavior.
2020-10-16 17:27:04 -07:00
Martin Atkins 30204ecded command/cliconfig: Allow development overrides for providers
For normal provider installation we want to associate each provider with
a selected version number and find a suitable package for that version
that conforms to the official hashes for that release.

Those requirements are very onerous for a provider developer currently
testing a not-yet-released build, though. To allow for that case this new
CLI configuration feature allows overriding specific providers to refer
to give local filesystem directories.

Any provider overridden in this way is not subject to the usual
restrictions about selected versions or checksum conformance, and
activating an override won't cause any changes to the selections recorded
in the lock file because it's intended to be a temporary setting for one
developer only.

This is, in a sense, a spiritual successor of an old capability we had to
override specific plugins in the CLI configuration file. There were
some vestiges of that left in the main package and CLI config package
but nothing has actually been honoring them for several versions now and
so this commit removes them to avoid confusion with the new mechanism.
2020-10-16 14:31:15 -07:00
James Bardin 98dc399062
Merge pull request #26606 from hashicorp/jbardin/proposed-set-comparison
More precise handling of lists and maps within sets for ProposedNewObject
2020-10-16 16:21:12 -04:00
James Bardin e3804810a9 Accept JSON encoded dynamic values from providers
Core was previously ignoring JSON-encoded dynamic values, but these are
technically supported, so we must either error or accept the value.
Since we already have the decoder for Json state, it's minimal effort to
support this on all plugin methods too.

This change also gives providers an easy way to implement the
UpgradeResourceState method. The obvious implementation of returning the same
JSON-encoded value has tripped up a few providers not using the legacy
SDK already, and we should have at least indicated that the value was
being lost.
2020-10-16 16:19:11 -04:00
Alisdair McDiarmid 4f53234d8c terraform: Hide maybe-sensitive provisioner output
If the provisioner configuration includes sensitive values, it's a
reasonable assumption that we should suppress its log output. Obvious
examples where this makes sense include echoing a secret to a file using
local-exec or remote-exec.

This commit adds tests for both logging output from provisioners with
non-sensitive configuration, and suppressing logs for provisioners with
sensitive values in configuration.

Note that we do not suppress logs if connection info contains sensitive
information, as provisioners should not be logging connection
information under any circumstances.
2020-10-16 15:29:44 -04:00
Alisdair McDiarmid 9c580335e3 terraform: Unmark provisioner arguments
If provisioner configuration or connection info includes sensitive
values, we need to unmark them before calling the provisioner. Failing
to do so causes serialization to error.

Unlike resources, we do not need to capture marked paths here, so we
just discard the marks.
2020-10-16 15:12:09 -04:00
James Bardin 77af322c1c handle non-null, but empty NestingMap in a set 2020-10-15 21:21:14 -04:00
James Bardin b59c64245b refactor ifs to reduce indentation 2020-10-15 20:55:56 -04:00
James Bardin f128b8c4fa take dynamic types into account when comparing set
If a NestingList or NestingMap contains a dynamic type, they must be
handled as a cty.Tuple and cty.Object respectively, because the elements
may not have precisely matching types.
2020-10-15 20:07:00 -04:00
Alexander Ovechkin d7db008df2 added empty list test case 2020-10-15 19:21:41 -04:00
Alexander Ovechkin 8fbb4d0163 Converting ListVal to ListVal instead of TupleVal in setElementCompareValue 2020-10-15 19:21:41 -04:00
Pam Selle a9823515ec Update context apply test 2020-10-15 17:38:09 -04:00
Pam Selle a1a46425bd Set and single test coverage 2020-10-15 17:25:53 -04:00
Pam Selle a5c5d2c28c Cover NestingMap case 2020-10-15 17:19:27 -04:00
Pam Selle f790332bff NestingList support tested 2020-10-15 16:55:11 -04:00
Pam Selle 10cffc477d Basic test for GetResource, plus sensitivity 2020-10-15 16:50:57 -04:00
Kristin Laemmert 31033001a8
Update CHANGELOG.md 2020-10-15 11:38:46 -04:00
Tony Carmichael db86f0d182
Merge pull request #26595 from hashicorp/aicarmic-patch-1
Update community-index.html.markdown
2020-10-15 09:25:26 -06:00
Tony Carmichael 9ff007d322
Update community-index.html.markdown 2020-10-15 08:57:33 -06:00
Tony Carmichael 49a3d14b3b
Update community-index.html.markdown
Updates to community listings now that registry has been GA for a few months.
2020-10-15 08:55:57 -06:00
hashicorp-ci 33cc81e65e Cleanup after v0.14.0-beta1 release 2020-10-15 14:19:40 +00:00
hashicorp-ci 0671bc7eab
Release v0.14.0-beta1 2020-10-15 14:03:43 +00:00
James Bardin 1ecd86d08e
Merge pull request #26155 from hashicorp/unused-env-var
Remove unused env var TF_SKIP_PROVIDER_VERIFY
2020-10-14 18:03:22 -04:00
James Bardin ffbdd72196
Merge pull request #26487 from hashicorp/jbardin/shell-escape
update taint command example
2020-10-14 17:59:33 -04:00
Pam Selle ee9ec8a193 Reordering so attributes are first (understandability) 2020-10-14 17:45:57 -04:00
Pam Selle e44e03b283 If our block doesn't contain any sensitive attrs, skip recursing into it 2020-10-14 17:44:50 -04:00
Pam Selle f60ae7ac08 Mark sensitive attributes in blocks
This implements marking sensitive attributes within
blocks when referenced by adding recursive calls
to get more paths from blocks' attributes
2020-10-14 17:37:06 -04:00
James Bardin 014fb898d5
Merge pull request #26589 from hashicorp/jbardin/vet-fixes
Fixes for go vet
2020-10-14 16:28:35 -04:00
Pam Selle 5e2905d222 Mark attributes providers mark as sensitive
This updates GetResource so that the value
returned has marks where the provider's schema
has marked an attribute as sensitive
2020-10-14 15:30:16 -04:00
James Bardin 98d01615f6 unreachable 2020-10-14 14:09:17 -04:00
James Bardin c61a893590 unused tests
these are no longer relevant
2020-10-14 14:08:09 -04:00
James Bardin 5e9425b562 unreachable 2020-10-14 14:06:00 -04:00
James Bardin b8df47c9ac add struct field names 2020-10-14 14:05:41 -04:00
Alisdair McDiarmid 8bd940d024 go get github.com/mattn/go-colorable@v0.1.8 2020-10-14 13:46:54 -04:00
Alisdair McDiarmid b1500db6b9
Merge pull request #26585 from hashicorp/alisdair/update-hcl-cty
Update hcl and go-cty dependencies
2020-10-14 13:42:46 -04:00
James Bardin 657dd33008
Merge pull request #26557 from remilapeyre/skip-ddl-commands
Add skip_table_creation and skip_index_creation options to the pg backend
2020-10-14 13:36:26 -04:00
James Bardin 08abf5d561
Merge pull request #26577 from hashicorp/jbardin/decoder-spec
Memoize Block.DecoderSpec
2020-10-14 12:45:23 -04:00
James Bardin e27ecba6e4 extended cache comments 2020-10-14 12:45:06 -04:00
Petros Kolyvas dc48450e79
Provisioner contribution guide updates (#26538)
An update on the deprecated state of vendor provisioners for our contribution guide.
2020-10-14 12:30:40 -04:00
Martin Atkins 0009768c7f internal/depsfile: Update the dependency lock file atomically
In this case, "atomic" means that there will be no situation where the
file contains only part of the newContent data, and therefore other
software monitoring the file for changes (using a mechanism like inotify)
won't encounter a truncated file.

It does _not_ mean that there can't be existing filehandles open against
the old version of the file. On Windows systems the write will fail in
that case, but on Unix systems the write will typically succeed but leave
the existing filehandles still pointing at the old version of the file.
They'll need to reopen the file in order to see the new content.
2020-10-14 08:01:19 -07:00