Commit Graph

27014 Commits

Author SHA1 Message Date
Pam Selle ee9ec8a193 Reordering so attributes are first (understandability) 2020-10-14 17:45:57 -04:00
Pam Selle e44e03b283 If our block doesn't contain any sensitive attrs, skip recursing into it 2020-10-14 17:44:50 -04:00
Pam Selle f60ae7ac08 Mark sensitive attributes in blocks
This implements marking sensitive attributes within
blocks when referenced by adding recursive calls
to get more paths from blocks' attributes
2020-10-14 17:37:06 -04:00
Pam Selle 5e2905d222 Mark attributes providers mark as sensitive
This updates GetResource so that the value
returned has marks where the provider's schema
has marked an attribute as sensitive
2020-10-14 15:30:16 -04:00
Martin Atkins af20a769be
Update CHANGELOG.md 2020-10-12 10:21:49 -07:00
Martin Atkins 0bbbb9c64b configs: Experimental support for optional object type attributes
This builds on an experimental feature in the underlying cty library which
allows marking specific attribtues of an object type constraint as
optional, which in turn modifies how the cty conversion package handles
missing attributes in a source value: it will silently substitute a null
value of the appropriate type rather than returning an error.

In order to implement the experiment this commit temporarily forks the
HCL typeexpr extension package into a local internal/typeexpr package,
where I've extended the type constraint syntax to allow annotating object
type attributes as being optional using the HCL function call syntax.
If the experiment is successful -- both at the Terraform layer and in
the underlying cty library -- we'll likely send these modifications to
upstream HCL so that other HCL-based languages can potentially benefit
from this new capability.

Because it's experimental, the optional attribute modifier is allowed only
with an explicit opt-in to the module_variable_optional_attrs experiment.
2020-10-12 10:12:28 -07:00
Pam Selle 18d59d768f
Update CHANGELOG.md 2020-10-12 10:08:55 -04:00
Pam Selle 3cba9b9968
Merge pull request #26543 from caarlos0/err
fix: update go-versions with improved error handling
2020-10-12 10:07:35 -04:00
Carlos Alexandro Becker fe31aa854d fix: update go-versions with improved error handling
closes #26516

Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com>
2020-10-10 08:36:23 -03:00
Alex Pilon 10ed2dcf8f Restore issue migrator 2020-10-09 15:41:15 -04:00
Alex Pilon 8f95d2e6e0 Migration test 2020-10-09 14:03:45 -04:00
Martin Atkins 96f0ac1f43
Update CHANGELOG.md 2020-10-09 09:30:32 -07:00
Martin Atkins e1cf0ac801 internal/depsfile: Control how the "hashes" value is formatted
Previously we were just letting hclwrite do its default formatting
behavior here. The current behavior there isn't ideal anyway -- it puts
big data structures all on one line -- but even ignoring that our goal
for this file format is to keep things in a highly-normalized shape so
that diffs against the file are clear and easy to read.

With that in mind, here we directly control how we write that value into
the file, which means that later changes to hclwrite's list/set
presentation won't affect it, regardless of what form they take.
2020-10-09 09:26:23 -07:00
Martin Atkins 897cb72b36 website: Initial docs for the new dependency lock file behaviors
This includes both the main documentation about the lock file itself and
changes to related documentation about Terraform commands that interact
with the lock file.

We will likely continue to update this first pass of documentation as we
get feedback and questions during the prerelease period.
2020-10-09 09:26:23 -07:00
Martin Atkins e270291f19 command: terraform providers lock
This command is intended to help support situations where Terraform is
configured to use only local mirrors for provider installation and so the
normal "terraform init" flow would not have direct access to the official
package checksums published in the origin registry.

The intended workflow here is to use this command only when adding a new
provider or changing an existing provider's version in the configuration,
to augment the lock file with all of the checksums required to verify
the provider across a variety of different platforms. Once this command
has recorded all of the official checksums, future runs of
"terraform init" will verify that provider packages obtained from a local
mirror match with those upstream checksums.
2020-10-09 09:26:23 -07:00
Martin Atkins 2611e08430 command/init: Mention using the lock file for provider selection
This probably isn't the best UI we could do here, but it's a placeholder
for now just to avoid making it seem like we're ignoring the lock file
and checking for new versions anyway.
2020-10-09 09:26:23 -07:00
Martin Atkins b3f5c7f1e6 command/init: Read, respect, and update provider dependency locks
This changes the approach used by the provider installer to remember
between runs which selections it has previously made, using the lock file
format implemented in internal/depsfile.

This means that version constraints in the configuration are considered
only for providers we've not seen before or when -upgrade mode is active.
2020-10-09 09:26:23 -07:00
Martin Atkins 4a1b081afb depsfile: Locks.Equal and Locks.Empty methods
These are helper functions to give the installation UI some hints about
whether the lock file has changed so that it can in turn give the user
advice about it. The UI-layer callers of these will follow in a later
commit.
2020-10-09 09:26:23 -07:00
Pam Selle eb2a027684
Merge pull request #26518 from hashicorp/pselle/sensitive-experiment
Remove sensitive_variables experiment
2020-10-08 16:14:37 -04:00
James Bardin c4d6b13285
Merge pull request #26520 from hashicorp/jbardin/fix-test-divergence
fix tests that happened during the cleanup
2020-10-08 15:04:40 -04:00
James Bardin f5361286cc fix tests that happened during the cleanup 2020-10-08 14:58:43 -04:00
James Bardin 57a47d0b82
Merge pull request #26519 from hashicorp/jbardin/FIXME
Cleanup and remove legacy types from test mocks
2020-10-08 14:54:40 -04:00
James Bardin 103a6cf2db update mock provider call 2020-10-08 13:52:04 -04:00
James Bardin 027a6c2cf6 update command tests to use new mock provider 2020-10-08 13:49:41 -04:00
Pam Selle c1957fcaf0 Add JSON test case for variable sensitive flag 2020-10-08 13:13:32 -04:00
James Bardin a0caed541d remove legacy ApplyFn from mock provisioner 2020-10-08 13:13:13 -04:00
James Bardin 177797100d remove old mock validateFn 2020-10-08 12:43:46 -04:00
James Bardin ea5ee39f38 remove old mock provider ConfigureFn 2020-10-08 12:26:12 -04:00
James Bardin 0a6853a3f8 replace testDiffFn and testApplyFn
Replace the old mock provider test functions with modern equivalents.
There were a lot of inconsistencies in how they were used, so we needed
to update a lot of tests to match the correct behavior.
2020-10-08 11:47:34 -04:00
Pam Selle bc57c20d10 Remove sensitive_variables experiment
Ahead of the beta, remove the sensitive_variable experiment
and update tests accordingly
2020-10-08 11:22:20 -04:00
Kristin Laemmert 6f4f6fbc72 helper: deprecate pathorcontents
pathorcontents was solely used by the gcs backend. I moved the function
into the backend package so it could still be used by other backends for
good measure.
2020-10-08 08:42:16 -04:00
Kristin Laemmert 04be220f5f deprecate helper/copy
helper/copy CopyDir was used heavily in tests. It differes from
internal/copydir in a few ways, the main one being that it creates the
dst directory while the internal version expected the dst to exist
(there are other differences, which is why I did not just switch tests
to using internal's CopyDir).

I moved the CopyDir func from helper/copy into command_test.go; I could
also have moved it into internal/copy and named it something like
CreateDirAndCopy so if that seems like a better option please let me
know.

helper/copy/CopyFile was used in a couple of spots so I moved it into
internal, at which point I thought it made more sense to rename the
package copy (instead of copydir).

There's also a `go mod tidy` included.
2020-10-08 08:42:16 -04:00
Daniel Dreier f4324a384e
Fix formatting in BUGPROCESS.md 2020-10-07 16:40:00 -04:00
Pam Selle ece9f8c1f4
Merge pull request #26507 from hashicorp/pselle/sensitive-vars-change
Update state when sensitivity changes
2020-10-07 15:39:07 -04:00
Pam Selle a927e88c06 Compare before and after paths completely 2020-10-07 14:58:43 -04:00
hashicorp-ci 072a519b7f Cleanup after v0.14.0-alpha20201007 release 2020-10-07 17:36:01 +00:00
Pam Selle 2c352ef182 Apply should not communicate w provider if only sensitivity changes
If sensitivity changes, we have an update plan,
but should avoid communicating with the provider
on the apply, as the values are equal (and otherwise
a NoOp plan)
2020-10-07 13:30:35 -04:00
hashicorp-ci 803dd7fca2
Release v0.14.0-alpha20201007 2020-10-07 16:56:10 +00:00
Alisdair McDiarmid d05e3b40bf
Merge pull request #26492 from hashicorp/alisdair/sensitive-value-force-replacement
command: Fix missing force new for sensitive vars and blocks
2020-10-07 11:10:36 -04:00
Kristin Laemmert d2e999ba1f
remove unused code (#26503)
* remove unused code

I've removed the provider-specific code under registry, and unused nil
backend, and replaced a call to helper from backend/oss (the other
callers of that func are provisioners scheduled to be deprecated).

I also removed the Dockerfile, as our build process uses a different
file.

Finally I removed the examples directory, which had outdated examples
and links. There are better, actively maintained examples available.

* command: remove various unused bits

* test wasn't running

* backend: remove unused err
2020-10-07 11:00:06 -04:00
Pam Selle 7c2ec1640a Tidy eval_diff assignments and update plan action
When the sensitivity has changed, we want to write to
state and also display to the user that the sensitivity
has changed, so make this an update action. Also
clean up some assignments, since Contains traverses the val
anyway, this is a little tighter.
2020-10-07 10:59:28 -04:00
Pam Selle 33cbf2698d Typo fix in eval_variable 2020-10-07 10:58:05 -04:00
Pam Selle 923f9f226d Update some comments in states package 2020-10-07 10:57:25 -04:00
Alisdair McDiarmid 62e6f56a50 command: Fix missing force new for sensitive blocks
If an entire block is marked sensitive (possibly because it is of type
NestedSet) and results in replacement of the resource, we should render
the standard "forces replacement" text after the opening line of the
block.
2020-10-07 10:50:54 -04:00
James Bardin ca7b5bc28b dead code 2020-10-07 10:50:21 -04:00
James Bardin 8d5e844158 no need to loop this test any longer 2020-10-07 10:47:09 -04:00
James Bardin 826ccdd123 re-enable test 2020-10-07 10:44:41 -04:00
Pam Selle 7a7ad23113
Merge pull request #26491 from hashicorp/pselle/sensitive-vals-out-modules
Consider sensitivity when evaluating module outputs
2020-10-07 09:55:03 -04:00
James Bardin 496cf629cb
Merge pull request #26495 from hashicorp/jbardin/evaluate-walks
Audit some graph building and GraphNodeExecutable
2020-10-07 09:20:05 -04:00
James Bardin 35714e61e6 audit graph builder to make them more similar
Auditing the graph builder to remove unused transformers (planning does
not need to close provisioners for example), and re-order them. While
many of the transformations are commutative, using the same order
ensures the same behavior between operations when the commutative
property is lost or changed.
2020-10-06 17:39:53 -04:00