v0.12.1

BUG FIXES:

• core: Always try to select a workspace after initialization (#21234)
• command/show: fix inconsistent json output causing a panic [#21541]
• config: distinct function no longer panics when given an empty list (#21538)
• config: Don't panic when a version constraint is added to a module that was previously initialized without one (#21542)
• config: matchkeys function argument type checking will no longer fail incorrectly during validation (#21576)
• backend/local: Don't panic if an instance in the state only has deposed instances, and no current instance (#21575)

v0.12.0

---

This is the aggregated summary of changes compared to v0.11.14. If you'd like to see the incremental changelog through each of the v0.12.0 prereleases, please refer to the v0.12.0-rc1 changelog.

---

The focus of v0.12.0 was on improvements to the Terraform language made in response to all of the feedback and experience gathered on prior versions. We hope that these language improvements will help to make configurations for more complex situations more readable, and improve the usability of re-usable modules.

However, an overhaul of this kind inevitably means that 100% compatibility is not possible. The updated language is designed to be broadly compatible with the 0.11 language as documented, but some of the improvements required a slightly stricter parser and language model in order to resolve ambiguity or to give better feedback in error messages.

If you are upgrading to v0.12.0, we strongly recommend reading the upgrade guide to learn the recommended upgrade process, which includes a tool to automatically upgrade many improved language constructs and to indicate situations where human intuition is required to complete the upgrade.

Incompatibilities and Notes

• As noted above, the language overhaul means that several aspects of the language are now parsed or evaluated more strictly than before, so configurations that employ workarounds for prior version limitations or that followed conventions other than what was shown in documentation may require some updates. For more information, please refer to the upgrade guide.

• In order to give better feedback about mistakes, Terraform now validates that all variable names set via -var and -var-file options correspond to declared variables, generating errors or warnings if not. In situations where automation is providing a fixed set of variables to all configurations (whether they are using them or not), use TF_VAR_ environment variables instead, which are ignored if they do not correspond to a declared variable.

• The wire protocol for provider and provisioner plugins has changed, so plugins built against prior versions of Terraform are not compatible with Terraform v0.12. The most commonly-downloaded providers already had v0.12-compatible releases at the time of v0.12.0 release, but some other providers (particularly those distributed independently of the terraform init installation mechanism) will need to make new releases before they can be used with Terraform v0.12 or later.

• The index API for automatic provider installation in terraform init is now provided by the Terraform Registry at registry.terraform.io, rather than the indexes directly on releases.hashicorp.com. The "releases" server is still currently the distribution source for the release archives themselves at the time of writing, but that may change over time.

• The serialization formats for persisted state snapshots and saved plans have changed. Third-party tools that parse these artifacts will need to be updated to support these new serialization formats.

  For most use-cases, we recommend instead using terraform show -json to read the content of state or plan, in a form that is less likely to see significant breaking changes in future releases.

• terraform validate now has a slightly smaller scope than before, focusing only on configuration syntax and type/value checking. This makes it safe to run in unattended scenarios, such as on save in a text editor.

New Features

The full set of language improvements is too large to list them all out exhaustively, so the list below covers some highlights:

• First-class expressions: Prior to v0.12, expressions could be used only via string interpolation, like "${var.foo}". Expressions are now fully integrated into the language, allowing them to be used directly as argument values, like ami = var.ami.

• for expressions: This new expression construct allows the construction of a list or map by transforming and filtering elements from another list or map. For more information, refer to the for expressions documentation.

• Dynamic configuration blocks: For nested configuration blocks accepted as part of a resource configuration, it is now possible to dynamically generate zero or more blocks corresponding to items in a list or map using the special new dynamic block construct. This is the official replacement for the common (but buggy) unofficial workaround of treating a block type name as if it were an attribute expecting a list of maps value, which worked sometimes before as a result of some unintended coincidences in the implementation.

• Generalised "splat" operator: The aws_instance.foo.*.id syntax was previously a special case only for resources with count set. It is now an operator within the expression language that can be applied to any list value. There is also an optional new splat variant that allows both index and attribute access operations on each item in the list. For more information, refer to the Splat Expressions documentation.

• Nullable argument values: It is now possible to use a conditional expression like var.foo != "" ? var.foo : null to conditionally leave an argument value unset, whereas before Terraform required the configuration author to provide a specific default value in this case. Assigning null to an argument is equivalent to omitting that argument entirely.

• Rich types in module inputs variables and output values: Terraform v0.7 added support for returning flat lists and maps of strings, but this is now generalized to allow returning arbitrary nested data structures with mixed types. Module authors can specify an expected type constraint for each input variable to allow early type checking of arguments.

• Resource and module object values: An entire resource or module can now be treated as an object value within expressions, including passing them through input variables and output values to other modules, using an attribute-less reference syntax, like aws_instance.foo.

• Extended template syntax: The simple interpolation syntax from prior versions is extended to become a simple template language, with support for conditional interpolations and repeated interpolations through iteration. For more information, see the String Templates documentation.

• jsondecode and csvdecode interpolation functions: Due to the richer type system in the new configuration language implementation, we can now offer functions for decoding serialization formats. jsondecode is the opposite of jsonencode, while csvdecode provides a way to load in lists of maps from a compact tabular representation.

• Revamped error messages: Error messages relating to configuration now always include information about where in the configuration the problem was found, along with other contextual information. We have also revisited many of the most common error messages to reword them for clarity, consistency, and actionability.

• Structual plan output: When Terraform renders the set of changes it plans to make, it will now use formatting designed to be similar to the input configuration language, including nested rendering of individual changes within multi-line strings, JSON strings, and nested collections.

Other Improvements

• terraform validate now accepts an argument -json which produces machine-readable output. Please refer to the documentation for this command for details on the format and some caveats that consumers must consider when using this interface. (#17539)

• The JSON-based variant of the Terraform language now has a more tightly-specified and reliable mapping to the native syntax variant. In prior versions, certain Terraform configuration features did not function as expected or were not usable via the JSON-based forms. For more information, see the JSON Configuration Syntax documentation.

• The new built-in function templatefile allows rendering a template from a file directly in the language, without installing the separate Template provider and using the template_file data source.

• The new built-in function formatdate, which is a specialized string formatting function for creating machine-oriented timestamp strings in various formats.

• The new built-in functions reverse, which reverses the order of items in a list, and strrev, which reverses the order of Unicode characters in a string.

• A new pg state storage backend allows storing state in a PostgreSQL database.

• The azurerm state storage backend supports new authentication mechanisms, custom r...

v0.11.14

NEW FEATURES:

• terraform 0.12checklist command detects and reports on some preparation steps that will make a subsequent Terraform 0.12 upgrade smoother. (#21241)

IMPROVEMENTS:

• provider/terraform: The terraform_remote_state data source is now able to read outputs from a state snapshot created by Terraform 0.12, to provide more flexibility when upgrading individual configurations to Terraform 0.12 in a decomposed environment. (#21226)
• backend/s3: Support DynamoDB, IAM, and STS endpoint configurations (#20659)
• backend/s3: Support for AWS regions eu-north-1 and us-gov-east-1 (#20659)
• backend/s3: Enhance retry logic and provide max_retries configuration for retry attempts (#20659)
• backend/s3: Enhance S3 NoSuchBucket error to include additional information (#20659)
• backend/s3: Remove unused EC2 platform and AWS Account ID lookup, and deprecate equivalent skip_get_ec2_platforms and skip_requesting_account_id arguments (#20659)
• backend/remote: Do not unlock a workspace after a failed state upload (#21148)

BUG FIXES:

• backend/remote: Ensure variables are loaded correctly when using terraform console (#20858)
• backend/remote: Make sure workspaces are correctly uploaded (#20953)
• backend/remote: Fix panic when loading cached configuration with 0.12 backend schema (#21199)
• core: Fix a potential crash when loading module manifests with Windows paths (#20812)
• core: Make sure UIInput keeps working after being canceled (#21140)
• core: Always try to select a workspace after initialization (#21230)

v0.12.0-rc1

The following are the significant changes since 0.12.0-beta2.

NEW FEATURES:

• New function strrev, for reversing unicode strings. (#21091)

IMPROVEMENTS:

• backend/s3: Support for the new AWS region ap-east-1 (#21117)
• backend/remote: Do not unlock a workspace after a failed state upload (#21148)
• command/init: Improve formatting of provider names during discovery (#21094)
• command/0.12upgrade: Upgrade indexing of splat syntax (#21103)
• command/0.12upgrade: Return error for invalid references (e.g. with initial digits) (#21103)

BUG FIXES:

• core: Make sure UIInput keeps working after being canceled (#21139)
• lang/funcs: flatten fix handling of sets and tuples; return a tuple (#21171)
• states/statefile: properly upgrade dependency syntax (#21159)

v0.12.0-beta2

BACKWARDS INCOMPATIBILITIES / NOTES:

• The terraform state ... family of commands have all been adjusted to more consistently match how resource addresses are resolved elsewhere in Terraform. In general the matches are now more specific than they were before (matching less, rather than more) but if you are using any of those commands in existing automation please verify that you will still getting expected behavior using the -dry-run options.
• The project and region arguments for the gcs backend have now been removed, after having first been deprecated and then ignored in previous versions. These arguments are no longer needed because the backend expects the specified bucket to already exist. (#19285)

NEW FEATURES:

• New function reverse, for reversing lists. (#18887)

IMPROVEMENTS:

• The warning for undeclared variables in .tfvars files now consolidates multiple warnings when there are more than three, to avoid an overwhelming wall of warnings in situations where a common .tfvars file is used across many configurations. Setting "global" variables in .tfvars is deprecated for v0.12 and should be replaced with the TF_VAR_... environment variables. (#20581)
• backend/remote: Retry calls when the remote backend responds with a server error (#20588)
• backend/remote: Check for external updates while waiting for user input (#20620)
• config: The coalesce function now skips null values (#21002)
• backend/pg: Switch pg backend to session-level advisory locking (#20561)
• plugin/discover: Parse and display provider warnings from the Terraform Registry (#20674)
• plugin/registry: Add friendly error for when registry unresponsive (#20853)

BUG FIXES:

• backend/remote: Ensure variables are loaded correctly when using terraform console (#20857)
• backend/remote: Make sure workspaces are correctly uploaded (#20952)
• config: Correct filebase64sha256 function return value (#20654)
• command/fmt: "Heredoc" sequences no longer cause incorrect indentation for following blocks (#20715)
• command/state ...: The address-matching logic for all of these commands now correctly matches an address like aws_instance.foo only in the root module, rather than maching all resources/instances of the given type and name in descendent modules too. (#20719)
• command/state list: Properly load user-supplied statefile. (#21015)
• command/state mv: Some regressions between 0.11 and 0.12 have been addressed. (#20719)
• command/plan: Diff renderer will no longer panic if an object is removed from the end of a list of objects. (#20765)
• command/plan: Diff renderer will now correctly indicate when adding a new attribute is what forces resource instance replacement. (#20827)
• config: The coalesce function will now correctly ignore empty strings (#21002)
• helper/schema: Prevent crash when setting a TypeSet attribute with a typed nil of *schema.Set (#20891)
• core: Restore pre-v0.12 behavior of retaining objects in state if a delete operation fails. (#21033)

v0.11.13

BUG FIXES:

• backend/remote: Fix a backend initialization bug (#20638)

v0.11.12

IMPROVEMENTS:

• The filemd5, filesha1, etc functions from Terraform v0.12 are backported primarily to allow writing
  modules that can work in both Terraform 0.11 and 0.12, since the sha1(file("...")) pattern in 0.12
  works only for files containing valid UTF-8 text; sha1file("...") must be used instead. Both
  forms are equivalent in Terraform 0.11.
• backend/remote: Retry calls when the remote backend responds with a server error (#20589)
• backend/remote: Check for external updates while waiting for user input (#20622)

BUG FIXES:

• backend/remote: Fix "token too long" errors when streaming remote operation logs (#20241)
• backend/remote: Use the can-queue-apply permission to detect if apply is allowed (#20462)
• backend/remote: Exit with 1 when a remote run is canceled (#20482)
• core: Use slashes in the module manifest to prevent Windows/Linux compatibility issues (#20246)

v0.12.0-beta1

This is a pre-release version of Terraform v0.12.0.

For important information on the status of this release, please see the release announcement.

BACKWARDS INCOMPATIBILITIES / NOTES:

• backend/s3: workspace_key_prefix can no longer be defined with leading or trailing slashes. Users should verify the state paths in s3 if they need to change this in case there are extra slashes in the keys (#20432)
• config: path.module and path.root now return paths with forward slashes on all operating systems, including Windows. This avoids the need to write constructed paths differently for Windows vs. other operating systems, but any existing constructed paths containing backslashes for Windows must now be rewritten to use forward slashes, like "${path.module}/foo/bar". (#19708)
• config: path.module and path.root are now relative to the current working directory, rather than absolute as before. This avoids including a host-specific absolute path prefix on constructed paths, but may show as a diff after upgrade in situations where a constructed path is included in a resource attribute value. (#19708)
• tools/terraform-bundle: use the terraform-bundle of the same tag as the targeted terraform binary version. This avoids adding complexity to resolve protocol versions across different terraform versions. (#20030)

IMPROVEMENTS:

• communicator/ssh: Add SSH certificate authentication (#18896)
• communicator/ssh: Enable ssh keepalive messages for long running commands (#20437)
• config: New set-theory functions sethaselement, setunion, setintersection, and setproduct for working with set values.
• config: New type conversion functions tostring, tonumber, tobool, tolist, toset, and tomap. Explicit conversions are rarely required but occasionally useful; use these functions only when necessary.
• plugins: Plugin RPC connection is now authenticated (#19629)
• backend/azurerm: Support for authenticating using the Azure CLI (#19465)
• backend/remote: Return detailed version (in)compatibility information (#19659)
• backend/remote: Log early to indicate remote execution started (#19941)
• backend/remote: Make sure the correct error is shown when having version incompatibilities (#20086)
• backend/remote: Fix "token too long" errors when streaming remote operation logs (#20242)
• backend/remote: Use the state.v2 service when using remote state only (#20379)
• backend/remote: Use the can-queue-apply permission to detect if apply is allowed (#20460)
• backend/s3: Fix missing workspace entries when using workspace_key_prefix with trailing slashes (#20432)
• backend/s3: Support DynamoDB, IAM, and STS endpoint configurations (#19571)
• backend/s3: Support for the new AWS region eu-north-1 (#19651)
• backend/s3: Enhance retry logic and provide max_retries configuration to retry attempts (#19951)
• backend/s3: Enhance S3 NoSuchBucket error to include additional information (#19951)
• backend/s3: Remove unused EC2 platform and AWS Account ID lookup, and deprecate equivalent skip_get_ec2_platforms and skip_requesting_account_id arguments (#20374)
• backend/swift: Add support for locking and workspaces (#20211)
• core: Enhance service discovery error handling and messaging (#19589)
• core: Add support to retrieve version constraints to service discovery (#19647)
• core: Validate provisioner connection blocks, and mark host field as required (#19707)
• command/format: Ignore removal of empty strings (#19990)
• command/format: Reduce whitespaces in empty fields (#19995)
• command/format: Render null in dark gray (#19616)
• command/init: Add provider protocol compatibility UI err msg during registry discovery (#19976)
• command/providers schema: Add command to export schemas for all currently-configured providers (#20446)
• command/show: Add support for machine readable output via a -json argument to terraform show (#19687)
• command/state: Use locking when updating states (#19939)
• provisioner/salt: Default values for remote_state_tree and remote_pillar_roots (#17151)

BUG FIXES:

• config: Detect and reject self-referencing local values (#19706)
• config: Accept and ignore UTF-8 byte-order mark for configuration files (#19715)
• config: More helpful error message for a situation that may arise on upgrade from Terraform 0.11 or earlier (#19727)
• config: Backends configured with -backend-config are correctly applied and stored along with default values (#20480)
• connection/winrm: Set the correct default port when HTTPS is used (#19540)
• plugins: GRPC plugins shutdown correctly when Close is called (#19629)
• backend/local: Avoid rendering data sources on destroy (#19613)
• backend/local: Fix incorrect destroy/update count on apply (#19610)
• backend/local: Render CBD replacement (+/-) correctly (#19642)
• backend/remote: Exit with 1 when a remote run is canceled (#20481)
• command/format: Fix rendering of nested blocks during update (#19611)
• command/format: Fix rendering of force-new updates (#19609)
• command/format: Fix rendering of nested (JSON) object (#20071)
• command/format: Fix rendering of unknown elements in set/map/list (#20067)
• command/init: Fix plugin installer using wrong protocol causing incompatiable API version with plugin (#19221)
• command/providers: Support -no-color argument to terraform providers, which was previously incorrectly returning an error (#19671)
• helper/schema: Fix setting a set in a list (#19552)
• states/statemgr: Avoid HTML escaping when printing LockInfo (#20005)
• core: Correct errors when referencing a resource containing count without an index (#19674)
• core: Fix occasional invalid provider errors when scaling down a counted datasource (#19676)
• core: Fix crash when applying a stored plan containing destroys (#19726)

NEW FEATURES:

• backend/pg: Support for using Postgresql for remote state storage (#19070)

v0.11.12-beta1

IMPROVEMENTS:

• command/state: Use locking when updating states (#19939)
• backend/remote: Add support for remote state only organizations (#20007)
• backend/remote: Make sure the correct error is shown when having version incompatibilities (#20086)

BUG FIXES:

• backend/remote: Fix an error that prevents checking version constraints (#19668)
• backend/remote: Compare versions without the prerelease (#19705)

v0.11.11

IMPROVEMENTS:

• backend/remote: Return detailed version (in)compatibility information (#19660)
• core: Enhance service discovery error handling and messaging (#19660)
• core: Add support to retrieve version constraints to service discovery (#19660)

BUG FIXES:

• backend/remote: Fix symlink issues and Windows support when uploading configurations (#19573)