This project is mirrored from https://:*****@github.com/hashicorp/terraform.git.
Pull mirroring failed .
Repository mirroring has been paused due to too many failed attempts. It can be resumed by a project maintainer.
Repository mirroring has been paused due to too many failed attempts. It can be resumed by a project maintainer.
- 09 Nov, 2022 4 commits
-
-
Martin Atkins authored
This includes the fix for a bug in what Terraform calls the "yamldecode" function, where it was not correctly handling any situation where the decode result is a null value. It was previously returning an unknown value in that case, whereas now it returns a null value as expected.
-
hc-github-team-tf-core authored
-
hc-github-team-tf-core authored
-
Laura Pacilio authored
Additional note on usage of single quotes for for_each resources
-
- 08 Nov, 2022 3 commits
-
-
Ira authored
Co-authored-by:
Laura Pacilio <83350965+laurapacilio@users.noreply.github.com>
-
Laura Pacilio authored
Document provider registry response property shasum
-
Joe Harrison authored
Co-authored-by:
Laura Pacilio <83350965+laurapacilio@users.noreply.github.com>
-
- 07 Nov, 2022 1 commit
-
-
Laura Pacilio authored
Looks like a copy-paste error
-
- 04 Nov, 2022 2 commits
-
-
Martin Atkins authored
-
Martin Atkins authored
When we originally introduced the trust-on-first-use checksum locking mechanism in v0.14, we had to make some tricky decisions about how it should interact with the pre-existing optional read-through global cache of provider packages: The global cache essentially conflicts with the checksum locking because if the needed provider is already in the cache then Terraform skips installing the provider from upstream and therefore misses the opportunity to capture the signed checksums published by the provider developer. We can't use the signed checksums to verify a cache entry because the origin registry protocol is still using the legacy ziphash scheme and that is only usable for the original zipped provider packages and not for the unpacked-layout cache directory. Therefore we decided to prioritize the existing cache directory behavior at the expense of the lock file behavior, making Terraform produce an incomplete lock file in that case. Now that we've had some real-world experience with the lock file mechanism, we can see that the chosen compromise was not ideal because it causes "terraform init" to behave significantly differently in its lock file update behavior depending on whether or not a particular provider is already cached. By robbing Terraform of its opportunity to fetch the official checksums, Terraform must generate a lock file that is inherently non-portable, which is problematic for any team which works with the same Terraform configuration on multiple different platforms. This change addresses that problem by essentially flipping the decision so that we'll prioritize the lock file behavior over the provider cache behavior. Now a global cache entry is eligible for use if and only if the lock file already contains a checksum that matches the cache entry. This means that the first time a particular configuration sees a new provider it will always be fetched from the configured installation source (typically the origin registry) and record the checksums from that source. On subsequent installs of the same provider version already locked, Terraform will then consider the cache entry to be eligible and skip re-downloading the same package. This intentionally makes the global cache mechanism subordinate to the lock file mechanism: the lock file must be populated in order for the global cache to be effective. For those who have many separate configurations which all refer to the same provider version, they will need to re-download the provider once for each configuration in order to gather the information needed to populate the lock file, whereas before they would have only downloaded it for the _first_ configuration using that provider. This should therefore remove the most significant cause of folks ending up with incomplete lock files that don't work for colleagues using other platforms, and the expense of bypassing the cache for the first use of each new package with each new configuration. This tradeoff seems reasonable because otherwise such users would inevitably need to run "terraform providers lock" separately anyway, and that command _always_ bypasses the cache. Although this change does decrease the hit rate of the cache, if we subtract the never-cached downloads caused by "terraform providers lock" then this is a net benefit overall, and does the right thing by default without the need to run a separate command.
-
- 02 Nov, 2022 10 commits
-
-
Brandon Croft authored
fix: don't reveal nested attributes with sensitive schema
-
Matthew Garrell authored
fix broken links
-
Martin Atkins authored
-
Martin Atkins authored
-
Martin Atkins authored
This includes a small selection of security-related fixes which do not urgently impact Terraform's behavior but do close some potential avenues for unbounded resource usage or misbehavior with malicious input: - https://github.com/golang/go/issues/54853 - https://github.com/golang/go/issues/55949 - https://github.com/golang/go/issues/56284
-
kmoe authored
-
James Bardin authored
don't lose checks from refresh-only plan
-
James Bardin authored
-
James Bardin authored
don't plan data source reads during refresh-only
-
Liam Cervante authored
* Convert variable types before applying defaults * revert change to unrelated test * Add another test case to verify behaviour * update go-cty * Update internal/terraform/eval_variable.go Co-authored-by:
alisdair <alisdair@users.noreply.github.com> Co-authored-by:
alisdair <alisdair@users.noreply.github.com>
-
- 01 Nov, 2022 9 commits
-
-
Graham Davison authored
S3 Backend : Bucket key should not contain trailing slash
-
James Bardin authored
Apply optimizations for handling of condition checks
-
James Bardin authored
-
James Bardin authored
We need to avoid re-writing the state for every NoOp apply. We may still be evaluating the instance to account for any side-effects in the condition checks, however the state of the instance has not changes. Re-writing the state is a non-current operation, which may require encoding a fairly large instance state and re-serializing the entire state blob, so it is best avoided if possible.
-
James Bardin authored
ONly add NoOp changes to the apply graph if they have conditions which need to be evaluated.
-
James Bardin authored
-
James Bardin authored
Ensure that empty check results are normalized in state serialization to prevent unexpected state changes from being written. Because there is no consistent empty, null and omit_empty usage for state structs, there's no good way to create a test which will fail for future additions.
-
James Bardin authored
-
James Bardin authored
If there are no changes, then there is no reason to create an apply graph since all objects are known. We however do need the walk to match the expected state structure. This is probably only cleanup of empty nested modules and outputs, but some investigation is needed before making the full change. For now we can store the checks from the plan directly into the new state, since the apply walk overwrote the results we had already.
-
- 31 Oct, 2022 3 commits
-
-
Paschalis Tsilias authored
-
Laura Pacilio authored
-
Tom Bamford authored
backend/azurerm: add support for generic OIDC authentication
-
- 28 Oct, 2022 5 commits
-
-
Sarah French authored
-
Liam Nesteroff authored
* Update gcs.mdx Updated GCS remote backend to include the >=0.12 remote backend data source formatting (incl .output before output name) * Update gcs.mdx removed old data source example * Update gcs.mdx updated to local_file and output->outputs * Update gcs.mdx removed "outputs" from the pre 0.12 ref
-
Craig Wright authored
Update CONTRIBUTING.md
-
Craig Wright authored
Removing the statement which does not reflect the current status for reviews of community-contributed pull requests.
-
James Bardin authored
When executing a refresh-only plan, it is not valid to plan a data source read. If the data source config is not known during planning, the only valid update would be the prior state, if there is any.
-
- 25 Oct, 2022 3 commits
-
-
Ira authored
Co-authored-by:
Laura Pacilio <83350965+laurapacilio@users.noreply.github.com>
-
Brandon Croft authored
Update the # public providers estimate in the Terraform Intro
-
Brandon Croft authored
-