Commit Graph

20565 Commits

Author SHA1 Message Date
James Bardin d8f4c1f618 reverse the merge order for cached provider Input
Previously when looking up cached provider input, the Input was taken in
its entirety, and only provider configuration fields that weren't in the
saved input were added. This would cause providers in modules to use the
entire configuration from parent modules, even if they themselves had
entirely different configs.

Note: this is only marginally beter than the old behavior. It may be
slightly more correct, but stil can't account for the user's intent, and
may be adding configured values from one provider into another.

Change the PathCacheKey to just join the path on a non-path character
(|), which makes for easier debugging.
2017-10-27 09:08:15 -04:00
James Bardin 1536c531ff cleanup 2017-10-27 09:08:15 -04:00
James Bardin db7596c045 use the inherited provider configs in the graph
Use the configured providers directly, rather than looking for inherited
provider configuration during graph evaluation.

First remove the provider config cache, and the associated
SetProviderConfig and ParentProviderConfig methods on the eval context.
Every provider must be configured, so there's no need to look for
configuration from other provider instances.

The config.ProviderConfig struct now has a Scope field which stores the
proper path for the interpolation scope. To get this metadata to the
interpolator, we add an EvalInterpolatProvider node which can carry the
ProviderConfig, and an InterpolateProvider context method to carry the
ProviderConfig.Scope into the InterplationScope.

Some of the tests could be adjusted to account for the new inheritance
behavior, and some were simply no longer valid and will be removed.

The remaining tests have questions on how they should work in practice.
This mostly concerns orphaned modules where there is no longer a way to
obtain a provider. In some cases we may require that a minimal provider
config be present to handle the destroy process, but we need further
testing.

All disabled code was commented out in this commit to record any
additional comments. The following commit will be a cleanup pass.
2017-10-27 09:08:15 -04:00
James Bardin cb0e37a870 implement provider inheritence during loading
This implements provider inheritance during config loading, rather than
during graph evaluation. At this point it's much simpler to find the
desired configuration, and once all providers are declared, all the
inheritance code in the graph can be removed.

The inheritance is dome by simply copying the RawConfig from the parent
ProviderConfig into the module. Since this happens before any
evaluation, we record the original interpolation scope in the
ProviderConfig so that it can be properly resolved later on.
2017-10-27 09:08:15 -04:00
James Bardin 29e5a355b9 add "version" and "provider" to module config
Add the Version and Providers fields to the module config.

Add ProviderConfig.Scope, which will be used to record the original
path of a ProviderConfig for interpolation.
2017-10-27 09:08:15 -04:00
Brandon Hops dceecdc047 website: dyn_record can now be imported
Importable as of terraform-providers/terraform-provider-dyn#19 .
2017-10-26 12:03:24 -07:00
Dana Hoffman a7e308fc2c helper/schema: Schema.Elem documentation for TypeMap
Updated it to state that Elem is valid for TypeMaps too, and that TypeSets can use a Resource as an Elem.
2017-10-26 10:29:47 -07:00
Martin Atkins a49834a223 Update CHANGELOG.md 2017-10-26 09:43:18 -07:00
Martin Atkins e9816c60f1 main: allow overriding host-based discovery in CLI config
For situations where the default network-based discovery is inappropriate
or inconvenient, this allows users to provide a hard-coded discovery
document for a particular hostname in the CLI config.

This is a new config block, rather than combined with the existing
"credentials" block, because credentials should ideally live in separate
files from other config so that they can be managed more carefully.
However, this new "host" block _is_ designed to have room for additional
host-specific configuration _other than_ credentials in future, which
might include TLS certificate overrides or other such things used during
the discovery step.
2017-10-26 08:58:52 -07:00
Martin Atkins 74180229d0 svchost/disco: allow overriding discovery for a particular hostname
The default network-based discovery is not desirable for all situations,
so this mechanism allows callers to provide a services map for a given
hostname that was obtained some other way (caller-defined) which will then
cause network-based discovery to be skipped and the given map to be
returned verbatim.
2017-10-26 08:58:52 -07:00
Radek Simko ddff8bbc00 Update CHANGELOG.md 2017-10-26 15:57:19 +01:00
Radek Simko c57ed954d3 Merge pull request #16456 from hashicorp/f-loosen-schema-validation
helper/schema: Loosen validation for 'id' field
2017-10-26 15:56:24 +01:00
Radek Simko 7fceccfbf7
helper/schema: Loosen validation for 'id' field 2017-10-26 09:37:38 +01:00
Martin Atkins dfaa21fcf2 Update CHANGELOG.md 2017-10-25 17:38:30 -07:00
Martin Atkins 9f6b33139e Update CHANGELOG.md 2017-10-25 17:38:00 -07:00
Martin Atkins 5347f82f9a command: Include provider versions in "terraform version"
We encourage users to share the "terraform version" output as part of
filing an issue, but previously it only printed the core Terraform version
and this left provider maintainers with no information about which
_provider_ version an issue relates to.

Here we make a best effort to show versions for providers, though we will
omit some or all of them if either "terraform init" hasn't been run (and
so no providers were selected yet) or if there are other inconsistencies
that would cause Terraform to object on startup and require a re-run of
"terraform init".
2017-10-25 17:36:24 -07:00
Martin Atkins 34cecfa839 command/e2etest: fix incorrect "terraform version" test
Two different errors here caused this test to pass even though it was
incorrect: the wanted version string was incorrect, but the test for it
was also inverted, and so together this made the test pass even though
it was actually not testing the output at all.
2017-10-25 17:36:24 -07:00
James Bardin d33e0f0a58 Merge pull request #16452 from hashicorp/jbardin/registry-packages
Registry packages
2017-10-25 17:19:07 -04:00
James Bardin 0a673fa5ef use svchost.IsValid for FriendlyHost.Valid 2017-10-25 17:10:15 -04:00
James Bardin 54c5aab7ef missed another models dep in the registry 2017-10-25 15:57:51 -04:00
James Bardin a881460839 fix vet error in registry package 2017-10-25 15:49:35 -04:00
James Bardin 4f76d3a556 remove models dependency from the regresp
That isn't needed by terraform, and can be left in a registry package.
2017-10-25 15:27:29 -04:00
James Bardin 666164c369 disallow github and bitbucket hosts
These hosts have special usage in module source strings, and can't be
valid registry hosts.
2017-10-25 14:11:34 -04:00
James Bardin 27e578e7fb convert FriendlyHost to use svchost for validation
Removed some of the test cases that we don't allow in the svchost
package. Will check back if those are needed in the registry and work
around them as necessary.
2017-10-25 14:11:34 -04:00
James Bardin 248a5e4523 copy regsrc and response from registry repo
keep these in one place for now
2017-10-25 14:11:33 -04:00
Martin Atkins 12b6ec9241 release: clean up after v0.10.8 2017-10-25 09:17:09 -07:00
Martin Atkins e0fd3ddd70
v0.10.8 2017-10-25 09:13:40 -07:00
James Bardin f9ad58c66a Merge pull request #16451 from hashicorp/jbardin/disco
add Transport field to Disco
2017-10-25 12:04:07 -04:00
James Bardin e7ecec6860 add Transport field to Disco
For the same reason the disco tests need to override the http.Transport,
other test fixtures will need to as well. Provide a field to override
the default httpTransport.
2017-10-25 10:49:36 -04:00
JJ Asghar 5ae892fdf2 provisioner/chef: doc example of ssl_verify_mode 2017-10-24 14:47:42 -07:00
Clint 385e564250 fix build ld_flag (#16430) 2017-10-24 14:10:15 -05:00
Lyle Franklin 43dcaa1a00 config: Don't panic if config directory contains only overrides 2017-10-23 15:46:15 -07:00
Martin Atkins 8d9b44105a Update CHANGELOG.md 2017-10-23 13:30:40 -07:00
jd3nn1s 21c9c2ce00 communicator/winrm: pass cacert option correctly
It appears that the cacert option for the winrm provisioner was
not getting passed correctly to the winrm package. Log output
showed that CACert was false regardless of configuration.

While the validation of the connector looked for cacert, the winrm
communicator looked for ca_cert.
2017-10-23 13:28:41 -07:00
Martin Atkins 1feb26f196 main: load CLI config files from ~/.terraform.d/*.tfrc
Now that we are looking into the CLI config file for service host
credentials, it's important to support multiple separate files so that
users can keep credentials separate from other settings and credentials
for different hosts separate from one another.

There is no restriction on which settings can appear in which locations.
This is up to the user to decide, depending on their security needs and
e.g. on whether certain files are generated vs. manually-edited.
2017-10-21 09:37:05 -07:00
Martin Atkins 11ba1d2a4c main: factor out CLI config loading into its own function
Previously we handled all of the config sources directly within the main
function. We're going to make CLI config loading more complex shortly, so
having this encapsulated in its own function will avoid creating even more
clutter inside the main function.

Along the way here we also switch from using native Go "error" to using
tfdiags.Diagnostics, so that we can potentially issue warnings here too
in future, and so that we can return multiple errors.
2017-10-21 09:37:05 -07:00
Martin Atkins a2c59c6ecd main: validate credentials blocks in CLI config
We require that each "credentials" block has a valid hostname and that
there be no more than one "credentials_helper" block.

There are some more sophisticated validations we could do here, such as
checking if the same host is declared more than once, but since this
config handling will be rewritten to use HCL2 in the near future, and this
sort of check is easier to do in the HCL2 API, we just check the basic
stuff for now and plan to revisit later.
2017-10-21 09:37:05 -07:00
Martin Atkins fe7ef7ae5d main: include credentials and credentials_helper when merging CLI configs 2017-10-21 09:37:05 -07:00
Martin Atkins 35a058fb3d main: configure credentials from the CLI config file 2017-10-21 09:37:05 -07:00
James Bardin 47c45788bc Merge pull request #16406 from hashicorp/jbardin/version-package
Add a standalone version package for all of terraform
2017-10-20 21:53:42 -04:00
Martin Atkins 374bafab33 Update CHANGELOG.md 2017-10-20 15:43:56 -07:00
Patrick Van Stee a4a53f6f99 command/validate: Load plugins from plugin_path file
This was added to other commands in 0.10 but was missed on "validate".
2017-10-20 15:42:51 -07:00
Arthur Burkart 013df9350b hashcode: "Strings" function for hashing slices of strings 2017-10-20 14:54:23 -07:00
Sander van Harmelen 314ef8b110 Update CHANGELOG.md 2017-10-20 17:50:37 +02:00
Sander van Harmelen a5d7f94ced Update CHANGELOG.md 2017-10-20 17:49:57 +02:00
Christoph Kappel af206e7543 Clean clients from chef-vault on recreate_client enabled (#16357)
Fixes #15921

When terraform re-creates an existing node/client with chef provisioner,
the already existing client (which has old keys) must be removed from
the vault items. Afterwards, the chef-vault will be updated with the
newly created client (which has the new keys). Therefore, the recreated
client will be able to decrypt the vault items properly.
2017-10-20 17:46:29 +02:00
James Bardin 36b8be43e8 use the new version package
Update all references to the version values to use the new package.
The VersionString function was left in the terraform package
specifically for the aws provider, which is vendored. We can remove that
last call once the provider is updated.
2017-10-19 21:48:08 -04:00
James Bardin 3f6a7f3ed2 add a terraform version package
Many terraform project packages now want access to the current terraform
version information. Since most packages end up being consumed by the
core terraform package, preventing import cycles becomes difficult.
2017-10-19 19:18:17 -04:00
Martin Atkins d5b0beac01 svchost/auth: static credentials source
This uses an in-memory table of credentials keyed on hostname. This is
the simplest possible credentials source that can actually return
credentials, and is suitable for representing statically-configured
credentials from configuration.
2017-10-19 11:18:43 -07:00
Martin Atkins 865e61b4ea main+command: provide service disco and creds to commands
The command package is the main place we need access to these, so that
we can use them during init (to install packages, for example) and so that
we can use them to configure remote backends.

For the moment we're just providing an empty credentials object, which
will start to include both statically-configured and
helper-program-provided credentials sources in subsequent commits.
2017-10-19 11:18:43 -07:00