Commit Graph

27025 Commits

Author SHA1 Message Date
James Bardin aa3b15c438
Merge pull request #25618 from hashicorp/jbardin/destroy-eval
Allow provider config evaluation during a full destroy
2020-07-20 17:02:12 -04:00
James Bardin 5b8e5ec276 destroy provisioner test
Ensure that we have destroy provisioner test that reference self
2020-07-20 15:49:51 -04:00
Justin Campbell 24064c4ed9
website: Add links to registry doc preview tool (#25619) 2020-07-20 12:28:55 -04:00
Alisdair McDiarmid 0a837003e9
Merge pull request #25615 from suzuki-shunsuke/docs/fix-output-format-of-state-show
docs: fix the output format of state show command
2020-07-20 11:17:16 -04:00
James Bardin 3223e352ea skip broken test
This is the known case broken by the changes to allow resources pending
destruction to be evaluated from state. When a resource references
another that is create_before_destroy, and that resource is being scaled
in, the first resource will not be updated correctly.
2020-07-20 09:49:47 -04:00
James Bardin 5b8010b5b9 add a fixup transformer to connect destroy refs
Since we have to allow destroy nodes to be evaluated for providers
during a full destroy, this is adding a transformer to connect temporary
values to any destroy versions of their references when possible. The
ensures that the destroy happens before evaluation, even when there
isn't a full create-then-destroy set of instances.

The cases where the connection can't be made are when the temporary
value has a provider descendant, which means it must evaluate early in
the case of a full destroy. This means the value may contain incorrect
data when referencing resource that are create_before_destroy, or being
scaled-in via count or for_each. That will need to be addressed later by
reevaluating how we handle the full destroy case in terraform.
2020-07-20 09:49:47 -04:00
James Bardin d1dba76132 allow the evaluation of resource being destroyed
During a full destroy, providers may reference resources that are going
to be destroyed as well. We currently cannot change this behavior, so we
need to allow the evaluation and try to prevent it from leaking into as
many other places as possible. Another transformer to try and protect
the values in locals, variables and outputs will be added to enforce
destroy ordering when possible.
2020-07-20 09:49:47 -04:00
James Bardin 6f9d2c51e2 you cannot refer to destroy nodes
Outputs and locals cannot refer to destroy nodes. Since those nodes
types do not have different ordering for create and destroy operations,
connecting them directly to destroy nodes can cause cycles.
2020-07-20 09:49:47 -04:00
James Bardin ca8338e343 fix tests after moving incorrect references
The destroy graph builder test requires state in order to be correct,
which it didn't have. The other tests hits the edge case where a planned
destroy cannot remove outputs, because the apply phase does not know it
was created from a destroy.
2020-07-20 09:49:47 -04:00
James Bardin ebe31acc48 track destroy references for data sources too
Since data source destruction is only state removal, and other resources
cannot depend on them creating any physical resources, the destroy
dependencies were not tracked in the state. It turns out that there is a
special case which requires this; running terraform destroy where the
provider depends on a data source. In that case the resources using that
provider need to record their indirect dependence on the data source, so
that they can be deleted before the data source is removed from the
state.
2020-07-20 09:49:47 -04:00
James Bardin c0dbc95236 test destroy with provider depending on a resource 2020-07-20 09:49:47 -04:00
Shunsuke Suzuki 1dd4d70bab docs: fix the output format of state show command
From v0.12 the output format of state show command seems to be changed
but the old format is used in the document.
2020-07-20 22:15:47 +09:00
Martin Atkins 79d74c9ba0
Update CHANGELOG.md 2020-07-17 09:04:54 -07:00
Martin Atkins 61baceb308 core: Skip edges between resource instances in different module instances
Our reference transformer analyses and our destroy transformer analyses
are built around static (not-yet-expanded) addresses so that they can
correctly handle mixtures of expanded and not-yet-expanded objects in the
same graph.

However, this characteristic also makes them unnecessarily conservative
in their handling of references between resources within different
instances of the same module: we know they can never interact with each
other in practice because the dependencies for all instances of a module
are the same and so one instance cannot possibly depend on another.

As a compromise then, here we introduce a new helper function that can
recognize when a proposed edge is between two resource instances that
belong to different instances of the same module, and thus allow us to
skip actually creating those edges even though our imprecise analyses
believe them to be needed.

As well as significantly reducing the number of edges in situations where
multi-instance resources appear inside multi-instance modules, this also
fixes some potential cycles in situations where a single plan includes
both destroying an instance of a module and creating a new instance of the
same module: the dependencies between the objects in the instance being
destroyed and the objects in the instance being created can, if allowed
to connect, cause Terraform to believe that the create and the destroy
both depend on one another even though there is no need for that to be
true in practice.

This involves a very specialized helper function to encode the situation
where this exception applies. This function has an ugly name to reflect
how specialized it is; it's not intended to be of any use outside of these
three situations in particular.
2020-07-17 08:40:13 -07:00
davidair 5cde8b999b
Tiny typo in an error message
Changing "An module" to "A module" in an error message
2020-07-17 11:09:45 -04:00
Tony Carmichael e320cd2b35
website: fix markdown formatting in publishing.html.md (#25598) 2020-07-16 14:21:14 -07:00
Tony Carmichael 78f93de64b
Merge pull request #25564 from hashicorp/aicarmic-publishing-docs
Update publishing.html.md
2020-07-16 11:29:53 -06:00
Tony Carmichael aa36cbc769
Update website/docs/registry/providers/publishing.html.md
Co-authored-by: Paul Tyng <ptyng@hashicorp.com>
2020-07-16 11:29:16 -06:00
Chris Griggs ae5cb9e4cf
Merge pull request #25590 from hashicorp/cgriggs01-cloudamqp
[Website] CloudAMQP links
2020-07-15 10:40:13 -07:00
Tony Carmichael 73d31e5eef
Update publishing.html.md
modify to add separate header so we can target link to this section, and clarify that the licensing requirement is for verified/partner providers only
2020-07-14 17:59:14 -06:00
Chris Griggs f286aa78ff [Website] CloudAMQP links 2020-07-14 14:50:09 -07:00
Kristin Laemmert f8e3456867
command/show: fix bug displaying provider config in json output of tf plan (#25577)
A lingering FIXME caused missing configuration from provider config
blocks in the json output of terraform plan. This fixes the regression
and adds a test. For the sake of testing, I added an optional attribute
to the show test provider, which resulted in the providers schema test
getting an update - not a bad addition, but we can always add a
test-specific provider schema as needed.
2020-07-14 15:28:31 -04:00
Martin Atkins bcec7f5576 website: v0.13 upgrade guide about "terraform apply" during upgrading
Part of the upgrade process happens in the first "terraform apply" after
adding explicit source addresses in the configuration. Previously we just
left that implied under the assumption that everyone would run
"terraform apply" shortly after anyway, but there is a specific tricky
situation where the first change after upgrading is to remove a resource
from the configuration, leaving Terraform unable to complete the upgrade.

Because of that, we'll now explicitly direct users to run
"terraform apply" after upgrading. Along with that, there's a reminder to
make sure that "terraform plan" indicates no changes before upgrading, so
that completing the upgrade doesn't involve also applying changes to
remote objects.
2020-07-14 09:34:17 -07:00
Paul Tyng ae36898f55
Merge pull request #25567 from hashicorp/aicarmic-publishing-docs-2
Update publishing.html.md
2020-07-13 22:31:25 -04:00
Tony Carmichael e5fec70cb7
Update publishing.html.md
Add note to dissuade in-place replace of a released provider
2020-07-13 15:35:48 -06:00
Tony Carmichael 527a15353e
Update publishing.html.md
Add OSS license requirement and list of permitted licenses to the instructions.
2020-07-13 13:26:29 -06:00
James Bardin 83632e078f
Merge pull request #25544 from hashicorp/jbardin/resource-state
don't store an entire Resource's state in each ResourceInstance
2020-07-13 13:23:40 -04:00
Kristin Laemmert 9cb8456f3d
configs: prevent panic with invalid type name (#25562)
An invalid type name in a resource (or data source) could cause a panic
when determining the implied provider for the resource. This commit adds
verification that the type name is valid. It does not add a diagnostic,
since the invalid type name would have already been caught by the
parser.

Fixes #25560
2020-07-13 09:47:16 -04:00
James Bardin 662ea420d6 update CHANGELOG.md 2020-07-10 14:37:26 -04:00
James Bardin 26fb544e43
Merge pull request #25543 from hashicorp/jbardin/prune-root-temps
ensure root module locals and vars are pruned
2020-07-10 14:31:41 -04:00
James Bardin ee8cc627a0 don't store an entire Resource in each Instance
The AbstractResourceInstance type was storing the entire Resource from
the state, when it only needs the actual instance state. This would
cause resources to consume memory on the order of n^2, where n in the
number of instances of the resource.

Rather than attaching the entire resource state, which includes copying
each individual instance, only attach the ResourceInstance state, and
extract out the provider address from the Resource.
2020-07-10 13:35:13 -04:00
James Bardin a0567458e2 ensure root module locals and vars are pruned
The pruneUnusedNodes transformer was skipping root level locals and
variables, causing them to be left in the graph during a full destroy.
Use the return value from temporaryValue to indicate if the node is
truly temporary or not, rather then keeping the entire root module.
2020-07-10 09:30:03 -04:00
Alisdair McDiarmid 1c7a8c3e43
Update CHANGELOG.md 2020-07-09 14:59:06 -04:00
Alisdair McDiarmid 53e587e1a6
Merge pull request #25504 from hashicorp/alisdair/post-install-cache-validate
Add post-install provider cache validation and error reporting
2020-07-09 14:55:17 -04:00
Kristin Laemmert e639d813ee add test cases and remove no-longer-needed validation 2020-07-08 13:53:54 -04:00
Martin Atkins 0a46ded3e7 addrs: Disallow provider source addresses starting with terraform-
The main motivation here is to produce a helpful error if a user
incorrectly uses the terraform-provider- prefix (which we see on provider
VCS repositories and plugin executables) as part of the source address.

However, this also more broadly blocks "terraform-" as a prefix in
anticipation of whatever instinct causes the phenomenon where e.g.
Python's PyPI has thousands of packages whose names start with "python-",
even though everything on PyPI is for Python by definition. This is
definitely not _necessary_, but it's better to be restrictive at first
and weaken later as needed.
2020-07-08 10:18:55 -07:00
Martin Atkins 7909dd318d command/init: Specialized error message for host that isn't registry
If the user specifies a host that isn't a provider registry in a provider
source address then we'll print out some specialized error messages for
different variants of that situation.

In particular, this includes a special case for when the error is on the
hostname "github.com", in anticipation of folks incorrectly attempting to
use GitHub repository URLs (or Go-style module paths that happen to be
on GitHub) to specify providers, so we can give a more specific hint about
that.

This is just a different presentation of an existing error case that we
are already covering in the installer tests, so there are no new tests
here. We could in principle have a test covering the exact text of these
error messages, but we don't have much precedent for command package tests
covering that level of cosmetic detail.
2020-07-08 10:18:55 -07:00
Martin Atkins 80ab867e57 command/init: Remove special 0.12upgrade heuristic
For Terraform v0.12 we introduced a special loading mode where we would
use the 0.11-syntax-compatible "earlyconfig" package as a heuristic to
identify situations where it was likely that the user was trying to use
0.11-only syntax that the upgrade tool might help with.

However, as the language has moved on that is no longer a suitable
heuristic in Terraform 0.13 and later: other new additions to the
language can cause the main loader to disagree with earlyconfig, which
would lead us to give poor advice about how to respond.

Instead, we'll now return the same generic "there are errors" message in
all syntax error cases. We have an extra message for errors in this
case (as compared to other commands) because "terraform init" is usually
the first command a new user interacts with and so this message gives some
extra explanation about what "terraform init" will do with the
configuration once it's valid.

This also includes a reset control character in the output of the message
as part of our ongoing mission to stop Terraform printing out whole
paragraphs of colored text, which can often be hard to read for various
reasons.
2020-07-08 10:18:55 -07:00
Kristin Laemmert 384cfaacf9 lang/funcs: refactor Subnet and Host functions to support 64-bit systems 2020-07-08 10:58:06 -04:00
Kristin Laemmert 642e3590a2 upgrade go-cidr to v1.1.0 2020-07-08 10:57:57 -04:00
Petros Kolyvas 3877f20e6d
Merge pull request #25515 from magodo/add_outlook_provider
Add community provider to terraform.io: terraform-provider-outlook
2020-07-08 10:21:03 -04:00
James Bardin 8e79611e59
Merge pull request #25500 from hashicorp/jbardin/destroy-output-expand
Do not evaluate output when doing a full destroy
2020-07-08 10:07:20 -04:00
magodo 70e25b6a87 add community provider entry: terraform-provider-outlook 2020-07-08 22:01:47 +08:00
Sune Keller 4438df6131
website: Add cidrsubnets to IP Network Functions index (#25185)
Signed-off-by: Sune Keller <absukl@almbrand.dk>
2020-07-08 08:43:14 -04:00
Tony Carmichael 8245fdcf21
Merge pull request #25505 from hashicorp/cgriggs-website-links
[Website] Update provider links
2020-07-07 14:57:20 -06:00
Chris Griggs bf25bd6e84 [Website] Update provider links 2020-07-07 13:44:32 -07:00
Petros Kolyvas 073fd0d183
Merge pull request #25061 from c-carpenter/patch-1
Update taint.html.markdown
2020-07-07 16:33:12 -04:00
Alisdair McDiarmid 87d1fb4006 command/init: Display provider validation errors
After installing providers, we validate the presence of an executable
file, and generate a selected versions lockfile. If this process fails,
notify the user. One possible cause for this is an invalid provider
package with a missing or misnamed executable file.
2020-07-07 15:20:20 -04:00
Alisdair McDiarmid 3b1347ac1a providercache: Validate provider executable file
At the end of the EnsureProviderVersions process, we generate a lockfile
of the selected and installed provider versions. This includes a hash of
the unpacked provider directory.

When calculating this hash and generating the lockfile, we now also
verify that the provider directory contains a valid executable file. If
not, we return an error for this provider and trigger the installer's
HashPackageFailure event. Note that this event is not yet processed by
terraform init; that comes in the next commit.
2020-07-07 15:20:17 -04:00
Alisdair McDiarmid a18b531b14 getproviders: FakeInstallablePackageMeta filename
Add an optional execFilename argument to the test helper function
FakeInstallablePackageMeta, which allows the creation of invalid
packages.
2020-07-07 15:18:30 -04:00