chore(deps): update dependency hashicorp/terraform to v1 #58
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
0.15.5
->1.3.5
Release Notes
hashicorp/terraform
v1.3.5
Compare Source
1.3.5 (November 17, 2022)
BUG FIXES:
(sensitive value)
instead of sometimes as(sensitive)
[GH32004]v1.3.4
Compare Source
1.3.4 (November 02, 2022)
BUG FIXES:
console
when outputs contain preconditions (#32051)oidc_token
andoidc_token_file_path
properties (#31966)regex
,regexall
, andreplace
functions, to avoid unbounded memory usage for maliciously-crafted patterns. This change should not affect any reasonable patterns intended for practical use. (#32135)v1.3.3
Compare Source
1.3.3 (October 19, 2022)
BUG FIXES:
v1.3.2
Compare Source
1.3.2 (October 06, 2022)
BUG FIXES:
ignore_changes = all
could cause persistent diffs with legacy providers (#31914)import
(#31878)v1.3.1
Compare Source
1.3.1 (September 28, 2022)
NOTE:
darwin/amd64
anddarwin/arm64
architectures,terraform
binaries are now built with CGO enabled. This should not have any user-facing impact, except in cases where the pure Go DNS resolver causes problems on recent versions of macOS: using CGO may mitigate these issues. Please see the upstream bug https://github.com/golang/go/issues/52839 for more details.BUG FIXES:
v1.3.0
Compare Source
1.3.0 (September 21, 2022)
NEW FEATURES:
Optional attributes for object type constraints: When declaring an input variable whose type constraint includes an object type, you can now declare individual attributes as optional, and specify a default value to use if the caller doesn't set it. For example:
Assigning
{ a = "foo" }
to this variable will result in the value{ a = "foo", b = null, c = 127 }
.Added functions:
startswith
andendswith
allow you to check whether a given string has a specified prefix or suffix. (#31220)UPGRADE NOTES:
terraform show -json
: Output changes now include more detail about the unknown-ness of the planned value. Previously, a planned output would be marked as either fully known or partially unknown, with theafter_unknown
field having valuefalse
ortrue
respectively. Now outputs correctly expose the full structure of unknownness for complex values, allowing consumers of the JSON output format to determine which values in a collection are known only after apply.terraform import
: The-allow-missing-config
has been removed, and at least an empty configuration block must exist to import a resource.Consumers of the JSON output format expecting on the
after_unknown
field to be onlyfalse
ortrue
should be updated to support the change representation described in the documentation, and as was already used for resource changes. (#31235)AzureRM Backend: This release concludes the deprecation cycle started in Terraform v1.1 for the
azurerm
backend's support of "ADAL" authentication. This backend now supports only "MSAL" (Microsoft Graph) authentication.This follows from Microsoft's own deprecation of Azure AD Graph, and so you must follow the migration instructions presented in that Azure documentation to adopt Microsoft Graph and then change your backend configuration to use MSAL authentication before upgrading to Terraform v1.3.
When making requests to HTTPS servers, Terraform will now reject invalid handshakes that have duplicate extensions, as required by RFC 5246 section 7.4.1.4 and RFC 8446 section 4.2. This may cause new errors when interacting with existing buggy or misconfigured TLS servers, but should not affect correct servers.
This only applies to requests made directly by Terraform CLI, such as provider installation and remote state storage. Terraform providers are separate programs which decide their own policy for handling of TLS handshakes.
The following backends, which were deprecated in v1.2.3, have now been removed:
artifactory
,etcd
,etcdv3
,manta
,swift
. The legacy backend nameazure
has also been removed, because the current Azure backend is namedazurerm
. (#31711)ENHANCEMENTS:
timecmp
allows determining the ordering relationship between two timestamps while taking potentially-different UTC offsets into account. (#31687)moved
blocks can now describe resources moving to and from modules in separate module packages. (#31556)terraform fmt
now accepts multiple target paths, allowing formatting of several individual files at once. (#31687)terraform init
: provider installation errors now mention which host Terraform was downloading from (#31524)PlanResourceChange
for compatible providers when destroying resource instances. (#31179)BUG FIXES:
terraform show -json
: Fixed missing markers for unknown values in the encoding of partially unknown tuples and sets. (#31236)terraform output
CLI help documentation is now more consistent with web-based documentation. (#29354)terraform init
: Error messages now handle the situation where the underlying HTTP client library does not indicate a hostname for a failed request. (#31542)terraform init
: Don't panic if a child module contains a resource with a syntactically-invalid resource type name. (#31573)null
output values in a destroy plan will no longer report them as being deleted, which avoids reporting the deletion of an output value that was already absent. (#31471)terraform import
: Better handling of resources or modules that usefor_each
, and situations where data resources are needed to complete the operation. (#31283)EXPERIMENTS:
This release concludes the
module_variable_optional_attrs
experiment, which started in Terraform v0.14.0. The final design of the optional attributes feature is similar to the experimental form in the previous releases, but with two major differences:optional
function-like modifier for declaring an optional attribute now accepts an optional second argument for specifying a default value to use when the attribute isn't set by the caller. If not specified, the default value is a null value of the appropriate type as before.defaults
function, previously used to meet the use-case of replacing null values with default values, will not graduate to stable and has been removed. Use the second argument ofoptional
inline in your type constraint to declare default values instead.If you have any experimental modules that were participating in this experiment, you will need to remove the experiment opt-in and adopt the new syntax for declaring default values in order to migrate your existing module to the stablized version of this feature. If you are writing a shared module for others to use, we recommend declaring that your module requires Terraform v1.3.0 or later to give specific feedback when using the new feature on older Terraform versions, in place of the previous declaration to use the experimental form of this feature:
v1.2.9
Compare Source
1.2.9 (September 07, 2022)
ENHANCEMENTS:
v1.2.8
Compare Source
1.2.8 (August 24, 2022)
BUG FIXES:
flatten
function will no longer panic if given a null value that has been explicitly converted to or implicitly inferred as having a list, set, or tuple type. Previously Terraform would panic in such a situation because it tried to "flatten" the contents of the null value into the result, which is impossible. (#31675)tolist
,toset
, andtomap
functions, and various automatic conversions that include similar logic, will no longer panic when asked to infer an element type that is convertable from both a tuple type and a list type whose element type is not yet known. (#31675)v1.2.7
Compare Source
1.2.7 (August 10, 2022)
ENHANCEMENTS:
BUG FIXES:
v1.2.6
Compare Source
1.2.6 (July 27, 2022)
ENHANCEMENTS:
terraform init
fails to fully populate the.terraform.lock.hcl
file. (#31399)terraform init
fails on missing checksums. (#31408)BUG FIXES:
terraform show
when state file is invalid or unavailable. (#31444)terraform providers lock
command failing on missing checksums. (#31389)ignore_changes
(#31509)v1.2.5
Compare Source
1.2.5 (July 13, 2022)
BUG FIXES:
required_version
global constraint. (#31331)v1.2.4
Compare Source
1.2.4 (June 29, 2022)
ENHANCEMENTS:
required_providers
to prevent single providers from being required with multiple names. (#31218)addrs.Module.String
for allocations. (#31293)BUG FIXES:
-lock-timeout
flag. (#31256)precondition
orpostcondition
block omitted the requiredcondition
argument. (#31290)v1.2.3
Compare Source
1.2.3 (June 15, 2022)
UPGRADE NOTES:
planned to be removed in a future Terraform release. These backends have
been unmaintained since before Terraform v1.0, and may contain known bugs,
outdated packages, or security vulnerabilities.
BUG FIXES:
tencentcloud-terraform-lock
tag was not removed in all cases (#31223)v1.2.2
Compare Source
1.2.2 (June 01, 2022)
ENHANCEMENTS:
-var
arguments with spaces between the name and value now have an improved error message (#30985)BUG FIXES:
v1.2.1
Compare Source
1.2.1 (May 23, 2022)
BUG FIXES:
ed25519
keys (#31092)count
orfor_each
(#31091)v1.2.0
Compare Source
1.2.0 (May 18, 2022)
UPGRADE NOTES:
If you use the third-party credentials helper plugin terraform-credentials-env, you should disable it as part of upgrading to Terraform v1.2 because similar functionality is now built in to Terraform itself.
The new behavior supports the same environment variable naming scheme but has a difference in priority order from the credentials helper:
TF_TOKEN_...
environment variables will now take priority over credentials blocks in CLI configuration and credentials stored automatically by terraform login, which is not true for credentials provided by any credentials helper plugin. If you see Terraform using different credentials after upgrading, check to make sure you do not specify credentials for the same host in multiple locations.If you use the credentials helper in conjunction with the hashicorp/tfe Terraform provider to manage Terraform Cloud or Terraform Enterprise objects with Terraform, you should also upgrade to version 0.31 of that provider, which added the corresponding built-in support for these environment variables.
The official Linux packages for the v1.2 series now require Linux kernel version 2.6.32 or later.
When making outgoing HTTPS or other TLS connections as a client, Terraform now requires the server to support TLS v1.2. TLS v1.0 and v1.1 are no longer supported. Any safely up-to-date server should support TLS 1.2, and mainstream web browsers have required it since 2020.
When making outgoing HTTPS or other TLS connections as a client, Terraform will no longer accept CA certificates signed using the SHA-1 hash function. Publicly trusted Certificate Authorities have not issued SHA-1 certificates since 2015.
(Note: the changes to Terraform's requirements when interacting with TLS servers apply only to requests made by Terraform CLI itself, such as provider/module installation and state storage requests. Terraform provider plugins include their own TLS clients which may have different requirements, and may add new requirements in their own releases, independently of Terraform CLI changes.)
NEW FEATURES:
precondition
andpostcondition
check blocks for resources, data sources, and module output values: module authors can now document assumptions and assertions about configuration and state values. If these conditions are not met, Terraform will report a custom error message to the user and halt further execution.replace_triggered_by
is a newlifecycle
argument for managed resources which triggers replacement of an object based on changes to an upstream dependency.TF_TOKEN_
followed by an encoded version of the hostname. For example, Terraform will use variableTF_TOKEN_app_terraform_io
as a bearer token for requests to "app.terraform.io", for the Terraform Cloud integration and private registry requests.ENHANCEMENTS:
-target
. (#30327)TF_CLOUD_ORGANIZATION
andTF_CLOUD_HOSTNAME
now serve as fallbacks for the arguments of the same name inside acloud
block configuring integration with Terraform Cloud.TF_WORKSPACE
will now additionally serve as an implicit configuration of a single selected workspace on Terraform Cloud if (and only if) thecloud
block does not include an explicit workspaces configuration.ignore_changes
that is managed only by the provider. Specifying non-configurable attributes inignore_changes
has no effect becauseignore_changes
tells Terraform to ignore future changes made in the configuration. (#30517)terraform show -json
now includes exact type information for output values. (#30945)ssh
provisioner connection now supports SSH over HTTP proxy. (#30274)BUG FIXES:
tostring
,tonumber
, etc tonull
will now return a null value of the intended type. For example,tostring(null)
converts from a null value of an unknown type to a null value of string type. Terraform can often handle such conversions automatically when needed, but explicit annotations like this can help Terraform to understand author intent when inferring type conversions for complex-typed values. (#30879)cidrnetmask()
is called with an IPv6 address, as it was previously documented to do. IPv6 standards do not preserve the "netmask" syntax sometimes used for IPv4 network configuration; use CIDR prefix syntax instead. (#30703)terraform state
commands, Terraform now checks therequired_version
field in the configuration before proceeding. (#30511)import
,plan
,refresh
andapply
for workspaces in local execution mode. This behavior applies to bothremote
backend and thecloud
integration configuration. (#29972)terraform show -json
: JSON plan output now correctly maps aliased providers to their configurations, and includes the full provider source address alongside the short provider name. (#30138)cloud
andremote
backend now has higher priority than a token specified in acredentials
block in the CLI configuration. (#30664)cloud
integration now gracefully exits when-input=false
and an operation requires some user input.terraform apply -auto-approve
. Previously there was a window of time where interruption would cancel the plan step but not prevent Terraform from proceeding to the apply step. (#30979)v1.1.9
Compare Source
1.1.9 (April 20, 2022)
BUG FIXES:
ENHANCEMENTS:
v1.1.8
Compare Source
1.1.8 (April 07, 2022)
BUG FIXES:
sum()
function is called with a collection of string-encoded numbers, such assum(["1", "2", "3"])
. (#30684)terraform apply
phase if an error occurs during backend configuration. (#30780)v1.1.7
Compare Source
1.1.7 (March 02, 2022)
BUG FIXES:
terraform show -json
: Improve performance for deeply-nested object values. The previous implementation was accidentally quadratic, which could result in very long execution time for generating JSON plans, and timeouts on Terraform Cloud and Terraform Enterprise. (#30561)after migrating state to TFC.
v1.1.6
Compare Source
1.1.6 (February 16, 2022)
BUG FIXES:
type
function. This function may only be used at the top level of console expressions, to display the type of a given value. Attempting to use this function in complex expressions will now display a diagnostic error instead of crashing. (#30476)terraform state mv
: Will now correctly exit with error code1
when the specified resources cannot be found in state. Previously Terraform would display appropriate diagnostic errors, but exit successfully. (#29365)v1.1.5
Compare Source
1.1.5 (February 02, 2022)
ENHANCEMENTS:
BUG FIXES:
terraform workspace select
(#30193)v1.1.4
Compare Source
1.1.4 (January 19, 2022)
BUG FIXES:
count
to usingcount
, or vice-versa. (#30333)v1.1.3
Compare Source
1.1.3 (January 06, 2022)
BUG FIXES:
terraform init
: Will now remove from the dependency lock file entries for providers not used in the current configuration. Previously it would leave formerly-used providers behind in the lock file, leading to "missing or corrupted provider plugins" errors when other commands verified the consistency of the installed plugins against the locked plugins. (#30192)moved
block refactoring to include nested modules (#30233)terraform show
: Disable plan state lineage checks, ensuring that we can show plan files which were generated against non-default state files (#30205)v1.1.2
Compare Source
1.1.2 (December 17, 2021)
If you are using Terraform CLI v1.1.0 or v1.1.1, please upgrade to this new version as soon as possible.
Terraform CLI v1.1.0 and v1.1.1 both have a bug where a failure to construct the apply-time graph can cause Terraform to incorrectly report success and save an empty state, effectively "forgetting" all existing infrastructure. Although configurations that already worked on previous releases should not encounter this problem, it's possible that incorrect future configuration changes would trigger this behavior during the apply step.
BUG FIXES:
-target
in combination withmoved
blocks within modules (#30189)v1.1.1
Compare Source
1.1.1 (December 15, 2021)
If you are using Terraform CLI v1.1.0 or v1.1.1, please upgrade to the latest version as soon as possible.
Terraform CLI v1.1.0 and v1.1.1 both have a bug where a failure to construct the apply-time graph can cause Terraform to incorrectly report success and save an empty state, effectively "forgetting" all existing infrastructure. Although configurations that already worked on previous releases should not encounter this problem, it's possible that incorrect future configuration changes would trigger this behavior during the apply step.
BUG FIXES:
count
orfor_each
value (#30151)count
orfor_each
(#30171)v1.1.0
Compare Source
1.1.0 (December 08, 2021)
If you are using Terraform CLI v1.1.0 or v1.1.1, please upgrade to the latest version as soon as possible.
Terraform CLI v1.1.0 and v1.1.1 both have a bug where a failure to construct the apply-time graph can cause Terraform to incorrectly report success and save an empty state, effectively "forgetting" all existing infrastructure. Although configurations that already worked on previous releases should not encounter this problem, it's possible that incorrect future configuration changes would trigger this behavior during the apply step.
Terraform v1.1.0 is a new minor release, containing some new features and some bug fixes whose scope was too large for inclusion in a patch release.
NEW FEATURES:
moved
blocks for refactoring within modules: Module authors can now record in module source code whenever they've changed the address of a resource or resource instance, and then during planning Terraform will automatically migrate existing objects in the state to new addresses.This therefore avoids the need for users of a shared module to manually run
terraform state mv
after upgrading to a version of the module, as long as the change is expressible as static configuration. However,terraform state mv
will remain available for use in more complex migration situations that are not well-suited to declarative configuration.A new
cloud
block in theterraform
settings block introduces a native Terraform Cloud integration for the CLI-driven run workflow.The Cloud integration includes several enhancements, including per-run variable support using the
-var
flag, the ability to map Terraform Cloud workspaces to the current configuration via Workspace Tags, and an improved user experience for Terraform Cloud and Enterprise users with actionable error messages and prompts.terraform plan
andterraform apply
both now include additional annotations for resource instances planned for deletion to explain why Terraform has proposed that action.For example, if you change the
count
argument for a resource to a lower number then Terraform will now mention that as part of proposing to destroy any existing objects that exceed the new count.UPGRADE NOTES:
This release is covered by the Terraform v1.0 Compatibility Promises, but does include some changes permitted within those promises as described below.
Terraform on macOS now requires macOS 10.13 High Sierra or later; Older macOS versions are no longer supported.
The
terraform graph
command no longer supports-type=validate
and-type=eval
options. The validate graph is always the same as the plan graph anyway, and the "eval" graph was just an implementation detail of theterraform console
command. The default behavior of creating a plan graph should be a reasonable replacement for both of the removed graph modes. (Please note thatterraform graph
is not covered by the Terraform v1.0 compatibility promises, because its behavior inherently exposes Terraform Core implementation details, so we recommend it only for interactive debugging tasks and not for use in automation.)terraform apply
with a previously-saved plan file will now verify that the provider plugin packages used to create the plan fully match the ones used during apply, using the same checksum scheme that Terraform normally uses for the dependency lock file. Previously Terraform was checking consistency of plugins from a plan file using a legacy mechanism which covered only the main plugin executable, not any other files that might be distributed alongside in the plugin package.This additional check should not affect typical plugins that conform to the expectation that a plugin package's contents are immutable once released, but may affect a hypothetical in-house plugin that intentionally modifies extra files in its package directory somehow between plan and apply. If you have such a plugin, you'll need to change its approach to store those files in some other location separate from the package directory. This is a minor compatibility break motivated by increasing the assurance that plugins have not been inadvertently or maliciously modified between plan and apply.
terraform state mv
will now error when legacy-backup
or-backup-out
options are used without the-state
option on non-local backends. These options operate on a local state file only. Previously, these options were accepted but ignored silently when used with non-local backends.In the AzureRM backend, the new opt-in option
use_microsoft_graph
switches to using MSAL authentication tokens and Microsoft Graph rather than using ADAL tokens and Azure Active Directory Graph, which is now deprecated by Microsoft. The new mode will become the default in Terraform v1.2, so please plan to migrate to using this setting and test with your own Azure AD tenant prior to the Terraform v1.2 release.ENHANCEMENTS:
source
argument inmodule
blocks) during configuration decoding rather than only at module installation time. This is largely just an internal refactoring, but a visible benefit of this change is that theterraform init
messages about module downloading will now show the canonical module package address Terraform is downloading from, after interpreting the special shorthands for common cases like GitHub URLs. (#28854)nullable = false
ensures that a variable value will never benull
, and may instead take on the variable's default value if the caller sets it explicitly tonull
. (#29832)terraform plan
andterraform apply
: When Terraform plans to destroy a resource instance due to it no longer being declared in the configuration, the proposed plan output will now include a note hinting at what situation prompted that proposal, so you can more easily see what configuration change might avoid the object being destroyed. (#29637)terraform plan
andterraform apply
: Terraform will now report explicitly in the UI if it automatically moves a resource instance to a new address as a result of adding or removing thecount
argument from an existing resource. For example, if you previously hadresource "aws_subnet" "example"
withoutcount
, you might haveaws_subnet.example
already bound to a remote object in your state. If you addcount = 1
to that resource then Terraform would previously silently rebind the object toaws_subnet.example[0]
as part of planning, whereas now Terraform will mention that it did so explicitly in the plan description. (#29605)terraform workspace delete
: will now allow deleting a workspace whose state contains only data resource instances and output values, without runningterraform destroy
first. Previously the presence of data resources would require using-force
to override the safety check guarding against accidentally forgetting about remote objects, but a data resource is not responsible for the management of its associated remote object(s) and so there's no reason to require explicit deletion. (#29754)terraform validate
: Terraform now uses precise type information for resources during config validation, allowing more problems to be caught that that step rather than only during the planning step. (#29862)terraform state mv
will now return an error for-backup
or-backup-out
options used without the-state
option, unless the working directory is initialized to use the local backend. Previously Terraform would silently ignore those options, since they are applicable only to the local backend. (#27908)terraform console
: now has a newtype()
function, available only in the interactive console, for inspecting the exact type of a particular value as an aid to debugging. (#28501)BUG FIXES:
ignore_changes = all
now works in override files. (#29849)depends_on
arguments referring to not-yet-converged managed resources. (#29682)ignore_changes
can no longer cause a null map to be converted to an empty map, which would otherwise potentially cause surprising side-effects in provider logic. (#29928)terraform plan
: Improved rendering of changes inside attributes that accept lists, sets, or maps of nested object types. (#29827, #29983, #29986)terraform apply
: Will no longer try to apply a stale plan that was generated against an originally-empty state. Previously this was an unintended exception to the rule that a plan can only be applied to the state snapshot it was generated against. (#29755)terraform show -json
: Attributes that are declared as using the legacy Attributes as Blocks behavior are now represented more faithfully in the JSON plan output. (#29522)terraform init
: Will now update the backend configuration hash value at a more approprimate time, to ensure properly restarting a backend migration process that failed on the first attempt. (#29860)assume_role
block arguments, so that they are more compatible with theterraform_remote_state
data source. (#29307)v1.0.11
Compare Source
1.0.11 (November 10, 2021)
ENHANCEMENTS:
sts_endpoint
(#29841)BUG FIXES:
ignore_changes = all
would not work in override files (#29849)v1.0.10
Compare Source
1.0.10 (October 28, 2021)
BUG FIXES:
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.