Terraform enables you to safely and predictably create, change, and improve infrastructure. It is an open source tool that codifies APIs into declarative configuration files that can be shared amongst team members, treated as code, edited, reviewed, and versioned.

Overview

Terraform

Terraform

Terraform is a tool for building, changing, and versioning infrastructure safely and efficiently. Terraform can manage existing and popular service providers as well as custom in-house solutions.

The key features of Terraform are:

  • Infrastructure as Code: Infrastructure is described using a high-level configuration syntax. This allows a blueprint of your datacenter to be versioned and treated as you would any other code. Additionally, infrastructure can be shared and re-used.

  • Execution Plans: Terraform has a "planning" step where it generates an execution plan. The execution plan shows what Terraform will do when you call apply. This lets you avoid any surprises when Terraform manipulates infrastructure.

  • Resource Graph: Terraform builds a graph of all your resources, and parallelizes the creation and modification of any non-dependent resources. Because of this, Terraform builds infrastructure as efficiently as possible, and operators get insight into dependencies in their infrastructure.

  • Change Automation: Complex changesets can be applied to your infrastructure with minimal human interaction. With the previously mentioned execution plan and resource graph, you know exactly what Terraform will change and in what order, avoiding many possible human errors.

For more information, see the introduction section of the Terraform website.

Getting Started & Documentation

Documentation is available on the Terraform website:

If you're new to Terraform and want to get started creating infrastructure, please check out our Getting Started guides on HashiCorp's learning platform. There are also additional guides to continue your learning.

Show off your Terraform knowledge by passing a certification exam. Visit the certification page for information about exams and find study materials on HashiCorp's learning platform.

Developing Terraform

This repository contains only Terraform core, which includes the command line interface and the main graph engine. Providers are implemented as plugins, and Terraform can automatically download providers that are published on the Terraform Registry. HashiCorp develops some providers, and others are developed by other organizations. For more information, see Extending Terraform.

To learn more about compiling Terraform and contributing suggested changes, please refer to the contributing guide.

To learn more about how we handle bug reports, please read the bug triage guide.

License

Mozilla Public License v2.0

Comments
  • Support use cases with conditional logic

    Support use cases with conditional logic

    It's been important from the beginning that Terraform's configuration language is declarative, which has meant that the core team has intentionally avoided adding flow-control statements like conditionals and loops to the language.

    But in the real world, there are still plenty of perfectly reasonable scenarios that are difficult to express in the current version of Terraform without copious amounts of duplication because of the lack of conditionals. We'd like Terraform to support these use cases one way or another.

    I'm opening this issue to collect some real-world example where, as a config author, it seems like an if statement would really make things easier.

    Using these examples, we'll play around with different ideas to improve the tools Terraform provides to the config author in these scenarios.

    So please feel free to chime in with some specific examples - ideally with with blocks of Terraform configuration included. If you've got ideas for syntax or config language features that could form a solution, those are welcome here too.

    (No need to respond with just "+1" / :+1: on this thread, since it's an issue we're already aware is important.)

    enhancement core 
    opened by phinze 167
  • depends_on cannot be used in a module

    depends_on cannot be used in a module

    Hi there,

    Terraform Version

    0.8.0 rc1+

    Affected Resource(s)

    module

    Terraform Configuration Files

    module "legacy_site" {
      source = "../../../../../modules/site"
      name = "foo-site"
      health_check_target = "TCP:443"
      azs = "${var.azs}"
      instance_count = "${var.instance_count}"
      vpc = "apps"
      region = "${var.region}"
      environment = "${var.environment}"
      run_list = "hs_site_foo"
    
      #rds_complete = "${module.rds.db_instance_id}"
      #elasticache_cache_complete = "${module.elasticache_cache.elasticache_id}"
      #elasticache_sessions_complete = "${module.elasticache_sessions.elasticache_id}"
    
      depends_on = [
      "module.rds",
      "module.elasticache_sessions"
      ]
    
    }
    

    Debug Output

    Error loading Terraform: module root: module legacy_site: depends_on is not a valid parameter module root: module legacy_site: depends_on is not a valid parameter

    Expected Behavior

    I am trying to use the new depends_on instead of the above outputs, so I create and provision my app once I know database and caches are built.

    Actual Behavior

    Nothing as terraform errors out as above.

    Steps to Reproduce

    1. terraform apply

    References

    depends_on can reference modules. This allows a resource or output to depend on everything within a module. (#10076)

    enhancement config 
    opened by chrisrlong 136
  • Depends_on for module

    Depends_on for module

    Possible workarounds

    For module to module dependencies, this workaround by @phinze may help.

    Original problem

    This issue was promoted by this question on Google Groups.

    Terraform version: Terraform v0.3.7

    I have two terraform modules for creating a digital ocean VM and DNS records that are kept purposely modular so they can be reused by others in my organisation.

    I want to add a series of provisioners using local_exec after a VM has been created and DNS records made.

    Attempted solution

    I tried adding a provisioner directly to my terraform file (i.e. not in a resource) which gave an error.

    I then tried using the null_resource which worked but was executed at the wrong time as it didn't know to wait for the other modules to execute first.

    I then tried adding a depends_on attribute to the null resource using a reference to a module but this doesn't seem to be supported using this syntax:

    depends_on = ["module.module_name"]
    

    Expected result

    Either a way for a resource to depend on a module as a dependency or a way to "inject" (for lack of a better word) some provisioners for a resource into a module without having to make a custom version of that module (I realise that might be a separate issue but it would solve my original problem).

    Terraform config used

    # Terraform definition file - this file is used to describe the required infrastructure for this project.
    
    # Digital Ocean provider configuration
    
    provider "digitalocean" {
        token = "${var.digital_ocean_token}"
    }
    
    
    # Resources
    
    # 'whoosh-dev-web1' resource
    
    # VM
    
    module "whoosh-dev-web1-droplet" {
        source = "github.com/antarctica/terraform-module-digital-ocean-droplet?ref=v1.0.0"
        hostname = "whoosh-dev-web1"
        ssh_fingerprint = "${var.ssh_fingerprint}"
    }
    
    # DNS records (public, private and default [which is an APEX record and points to public])
    
    module "whoosh-dev-web1-records" {
        source = "github.com/antarctica/terraform-module-digital-ocean-records?ref=v0.1.1"
        hostname = "whoosh-dev-web1"
        machine_interface_ipv4_public = "${module.whoosh-dev-web1-droplet.ip_v4_address_public}"
        machine_interface_ipv4_private = "${module.whoosh-dev-web1-droplet.ip_v4_address_private}"
    }
    
    
    # Provisioning (using a fake resource as provisioners can't be first class objects)
    
    # Note: The "null_resource" is an undocumented feature and should not be relied upon.
    # See https://github.com/hashicorp/terraform/issues/580 for more information.
    
    resource "null_resource" "provisioning" {
    
        depends_on = ["module.whoosh-dev-web1-records"]
    
        # This replicates the provisioning steps performed by Vagrant
        provisioner "local-exec" {
            command = "ansible-playbook -i provisioning/development provisioning/bootstrap-digitalocean.yml"
        }
    }
    
    enhancement core thinking 
    opened by felnne 133
  • AWS Provider Coverage

    AWS Provider Coverage

    AWS Provider Coverage

    View this spreadsheet for a near-time summary of AWS resource coverage. If there's a resource you would like to see coverage for, just add your GitHub username to next to the resource. We will use the number of community upvotes in the spreadsheet to help prioritize our efforts.

    https://docs.google.com/spreadsheets/d/1yJKjLaTmkWcUS3T8TLwvXC6EBwNSpuQbIq0Y7OnMXhw/edit?usp=sharing

    enhancement provider/aws 
    opened by pearkes 126
  • terraform get: can't use variable in module source parameter?

    terraform get: can't use variable in module source parameter?

    I'm trying to avoid hard-coding module sources; the simplest approach would be:

    variable "foo_module_source" {
      default = "github.com/thisisme/terraform-foo-module"
    }
    
    module "foo" {
      source = "${var.foo_module_source}"
    }
    

    The result I get while attempting to run terraform get -update is

    Error loading Terraform: Error downloading modules: error downloading module 'file:///home/thisisme/terraform-env/${var.foo_module_source}': source path error: stat /home/thisisme/terraform-env/${var.foo_module_source}: no such file or directory
    
    enhancement thinking config 
    opened by amaczuga 124
  • Optional arguments in object variable type definition

    Optional arguments in object variable type definition

    Current Terraform Version

    Terraform v0.12.0-alpha4 (2c36829d3265661d8edbd5014de8090ea7e2a076)
    

    Proposal

    I like the object variable type and it would be nice to be able to define optional arguments which can carry null value too, to use:

    variable "network_rules" {
      default = null
      type = object({
        bypass = optional(list(string))
        ip_rules = optional(list(string))
        virtual_network_subnet_ids = optional(list(string))
      })
    }
    
    resource "azurerm_storage_account" "sa" {
      name = random_string.name.result
      location = var.location
      resource_group_name = var.resource_group_name
      account_replication_type = var.account_replication_type
      account_tier = var.account_tier
    
      dynamic "network_rules" {
        for_each = var.network_rules == null ? [] : list(var.network_rules)
    
        content {
          bypass = network_rules.value.bypass
          ip_rules = network_rules.value.ip_rules
          virtual_network_subnet_ids = network_rules.value.virtual_network_subnet_ids
        }
      }
    

    instead of:

    variable "network_rules" {
      default = null
      type = map(string)
    }
    
    resource "azurerm_storage_account" "sa" {
      name = random_string.name.result
      location = var.location
      resource_group_name = var.resource_group_name
      account_replication_type = var.account_replication_type
      account_tier = var.account_tier
    
      dynamic "network_rules" {
        for_each = var.network_rules == null ? [] : list(var.network_rules)
    
        content {
          bypass = lookup(network_rules, "bypass", null) == null ? null : split(",", lookup(network_rules, "bypass"))
          ip_rules = lookup(network_rules, "ip_rules", null) == null ? null : split(",", lookup(network_rules, "ip_rules"))
          virtual_network_subnet_ids = lookup(network_rules, "virtual_network_subnet_ids", null) == null ? null : split(",", lookup(network_rules, "virtual_network_subnet_ids"))
        }
      }
    }
    
    enhancement config 
    opened by prehor 112
  • OpenStack Provider

    OpenStack Provider

    UPDATE: 2/11/2015

    To Do:

    • [x] FWaaS
    • [x] Security Groups Update Issue
    • [x] Volume detachment from volume resource
    • [ ] os-floating-ip/ neutron floating IP issue
    • [ ] Refactor Security Group Rules and LB Members to their own files

    This PR is to create an OpenStack Provider. It uses the Gophercloud v1.0 library and currently supports the following resources:

    Compute v2

    • Server
    • Key Pair
    • Security Group
    • Boot From Volume
    • Metadata
    • Resizing (on flavor_id change)

    Networking v2

    • Network
    • Subnet

    Load Balancer v1

    • Pool (with members)
    • Virtual IP
    • Monitor

    Block Storage v1

    • Volume

    Object Storage v1

    • Container

    The PR includes acceptance tests for all the above resources (tested against DevStack), as well as documentation. In addition, the resources are versioned and region-based. Hopefully, this PR includes enough resources to close #51

    opened by jrperritt 98
  • Using element with splat reference should scope dependency to selected resource

    Using element with splat reference should scope dependency to selected resource

    I'm trying to setup a multi-node cluster with attached ebs volumes. An example below:

    resource "aws_instance" "nodes" {
        instance_type = "${var.model}"
        key_name = "${var.ec2_keypair}"
        ami = "${lookup(var.zk_amis, var.region)}"
        count = "${var.node_count}"
        vpc_security_group_ids = ["${aws_security_group.default.id}"]
        subnet_id = "${lookup(var.subnet_ids, element(keys(var.subnet_ids), count.index))}"
        associate_public_ip_address = true
        user_data = "${file("cloud_init")}"
        tags {
            Name = "${var.cluster_name}-${count.index}"
        }
    }
    
    resource "aws_ebs_volume" "node-ebs" {
        count = "${var.node-count}"
        availability_zone = "${element(keys(var.subnet_ids), count.index)}"
        size = 100
        tags {
            Name = "${var.cluster_name}-ebs-${count.index}"
        }
    }
    
    resource "aws_volume_attachment" "node-attach" {
        count = "${var.node_count}"
        device_name = "/dev/xvdh"
        volume_id = "${element(aws_ebs_volume.node-ebs.*.id, count.index)}"
        instance_id = "${element(aws_instance.nodes.*.id, count.index)}"
    }
    

    If a change happens to a single node (for instance if a single ec2 instance is terminated) ALL of the aws_volume_attachments are recreated.

    Clearly we would not want volume attachments to be removed in a production environment. Worse than that, in conjunction with #2957 you first must unmount these attachments before they can be recreated. This has the effect of making volume attachments only viable on brand new clusters.

    bug core 
    opened by kklipsch 95
  • A way to hide certain expected changes from the

    A way to hide certain expected changes from the "refresh" report ("Objects have changed outside of Terraform")

    After upgrading to 0.15.4 terraform reports changes that are ignored. It is exactly like commented here: https://github.com/hashicorp/terraform/issues/28776#issuecomment-846547594

    Terraform Version

    Terraform v0.15.4
    on darwin_amd64
    + provider registry.terraform.io/hashicorp/aws v3.42.0
    + provider registry.terraform.io/hashicorp/template v2.2.0
    

    Terraform Configuration Files

    
    resource "aws_batch_compute_environment" "batch_compute" {
      lifecycle {
        ignore_changes = [compute_resources[0].desired_vcpus]
      }
    
    ...
    
      compute_resources {
    ...
      }
    }
    
    resource "aws_db_instance" "postgres_db" {
      ...
    
      lifecycle {
        prevent_destroy = true
        ignore_changes = [latest_restorable_time]
      }
    }
    

    Output

    Note: Objects have changed outside of Terraform
    
    Terraform detected the following changes made outside of Terraform since the last "terraform apply":
    
      # module.db.aws_db_instance.postgres_db has been changed
      ~ resource "aws_db_instance" "postgres_db" {
            id                                    = "db"
          ~ latest_restorable_time                = "2021-05-25T10:24:14Z" -> "2021-05-25T10:29:14Z"
            name                                  = "db"
            tags                                  = {
                "Name" = "DatabaseServer"
            }
            # (47 unchanged attributes hidden)
    
            # (1 unchanged block hidden)
        }
      # module.batch_processor_dot_backend.aws_batch_compute_environment.batch_compute has been changed
      ~ resource "aws_batch_compute_environment" "batch_compute" {
            id                       = "batch-compute"
            tags                     = {}
            # (9 unchanged attributes hidden)
    
          ~ compute_resources {
              ~ desired_vcpus      = 0 -> 2
                tags               = {}
                # (9 unchanged attributes hidden)
            }
        }
    

    Expected Behavior

    No changes should be reported because they are listed in ignored changes.

    Actual Behavior

    Changes are reported.

    Steps to Reproduce

    Change any resource outside of terraform and see that terraform apply reports changed even when they should be ignored.

    Additional Context

    References

    • https://github.com/hashicorp/terraform/issues/28776
    • https://github.com/hashicorp/terraform/issues/28776#issuecomment-846547594
    • https://github.com/hashicorp/terraform/pull/28634#issuecomment-845934989
    enhancement cli v0.15 
    opened by petkaantonov 91
  • Problem with dependant module resolution if the path is relative

    Problem with dependant module resolution if the path is relative

    Terraform Version

    0.12.13

    Terraform Configuration Files

    Here you can see two examples: https://github.com/xocasdashdash/terraform-test-case

    One works perfectly with 0.11, same one fails on 0.12.13 (and on dev too).

    Debug Output

    2019/11/09 10:56:07 [INFO] Terraform version: 0.12.13
    2019/11/09 10:56:07 [INFO] Go runtime version: go1.12.9
    2019/11/09 10:56:07 [INFO] CLI args: []string{"/usr/local/Cellar/tfenv/0.6.0/versions/0.12.13/terraform", "init"}
    2019/11/09 10:56:07 [DEBUG] Attempting to open CLI config file: /Users/joaquin.fernandez/.terraformrc
    2019/11/09 10:56:07 [DEBUG] File doesn't exist, but doesn't need to. Ignoring.
    2019/11/09 10:56:07 [DEBUG] checking for credentials in "/Users/joaquin.fernandez/.terraform.d/plugins"
    2019/11/09 10:56:07 [DEBUG] checking for credentials in "/Users/joaquin.fernandez/.terraform.d/plugins/darwin_amd64"
    2019/11/09 10:56:07 [INFO] CLI command args: []string{"init"}
    2019/11/09 10:56:07 [TRACE] ModuleInstaller: installing child modules for . into .terraform/modules
    Initializing modules...
    2019/11/09 10:56:07 [DEBUG] Module installer: begin a-module
    2019/11/09 10:56:07 [TRACE] ModuleInstaller: Module installer: a-module <nil> already installed in .terraform/modules/a-module
    2019/11/09 10:56:07 [DEBUG] Module installer: begin a-module.b_module
    2019/11/09 10:56:07 [TRACE] ModuleInstaller: Module installer: a-module.b_module <nil> already installed in /Users/joaquin.fernandez/projects/personal/terraform-test/not-works-on-tf-0.12.13/modules/a-module/b-module
    2019/11/09 10:56:07 [DEBUG] Module installer: begin a-module.b_module.c_module
    2019/11/09 10:56:07 [TRACE] ModuleInstaller: Module installer: a-module.b_module.c_module <nil> already installed in /Users/joaquin.fernandez/projects/personal/terraform-test/not-works-on-tf-0.12.13/modules/a-module/c-module
    2019/11/09 10:56:07 [DEBUG] Module installer: begin a-module.d_module
    2019/11/09 10:56:07 [TRACE] ModuleInstaller: a-module.d_module has local path "../d-module/"
    2019/11/09 10:56:07 [TRACE] ModuleInstaller: a-module.d_module uses directory from parent: .terraform/modules/d-module
    2019/11/09 10:56:07 [DEBUG] Module installer: a-module.d_module installed at
    2019/11/09 10:56:07 [TRACE] modsdir: writing modules manifest to .terraform/modules/modules.json
    - a-module.d_module in
    
    Error: Unreadable module directory
    
    Unable to evaluate directory symlink: lstat .terraform/modules/d-module: no
    such file or directory
    
    
    Error: Failed to read module directory
    
    Module directory  does not exist or cannot be read.
    
    
    Error: Unreadable module directory
    
    Unable to evaluate directory symlink: lstat .terraform/modules/d-module: no
    such file or directory
    
    
    Error: Failed to read module directory
    
    

    Expected Behavior

    It should resolve to the correct module path for the "d-module".

    Actual Behavior

    It does not. But if I change the route to use a local symlink and add a double "//" on the last folder before the module folder "//a-module" and set up a symlink from the module to the parent folder it does work correctly.

    Steps to Reproduce

    Run terraform init in each of the three folders with the last working version (0.11.14 and 0.12.13).

    Additional Context

    I've tried to fix it myself and I think the fix should go to this function: https://github.com/hashicorp/terraform/blob/6f66aad03262441521829ca3a678da2bb6bf51d9/internal/initwd/module_install.go#L226

    I'm gonna try some more to make it work but I believe a bigger change will be needed to get this to work in all cases

    bug cli config v0.12 v0.13 v0.14 
    opened by xocasdashdash 87
  • vSphere Provider: Mapping out the Next Steps

    vSphere Provider: Mapping out the Next Steps

    Wanted to kick off a higher level discussion of what needs to be done on the vSphere provider and in what order.

    • What are the important missing resources?
    • Are there any enhancements that need to be made to the existing functionality?
    • What do we need to do to ensure the provider works with all common versions of vSphere in the wild?

    Pinging @tkak and @mkuzmin to chime in as well as anybody else with interest/knowledge in the community.

    question provider/vsphere 
    opened by phinze 86
  • Question: How to store an arbitrary value in state?

    Question: How to store an arbitrary value in state?

    Terraform Version

    N/A
    

    Use Cases

    I want to store an arbitrary value in state. I will know the value (passed in by an environment variable), and I just want to store it in state. I imagine there is a provider for this somewhere but I couldn't see an easy one to use .

    My actual usecase is that I want to know from which git commit a terraform infra was last deployed. I have all my terraform resources in a module (module.root), so i figure outside the top level module I'll have some arbirary resource like this:

    resource "some_resource" "git_commit_hash" {
        value = var.git_commit_hash
        depends_on = [ 
            module.root
        ]
    }
    

    This will mean the some_resource only gets applied when everything in the module.root is successfully applied - great!

    By looking at all my git_commit_hash resources across all my statefiles I will understand the last successful githash that was applied.

    Attempted Solutions

    I am looking for a provider or terraform resource that can just store a value, and I cant think of one, despite searching. I'm sure there is one

    Proposal

    No response

    References

    No response

    enhancement new 
    opened by gtmtech 3
  • Add golangci-lint to keep code quality

    Add golangci-lint to keep code quality

    Terraform Version

    Terraform v1.4.0-dev
    on darwin_arm64
    

    Use Cases

    Go is a very easy language to analyze ast as it has a standard static analysis tool (go vet). There are also tools such as golangci-lint that provide a variety of linters. This is not a minority setting, but one that is also provided by various well-known libraries, including Kubernetes. In fact, even terraform has potential bugs like #32261 that have gone unnoticed until now. And such bugs may still exist. As we develop more features in the future, such bugs could have a significant impact on users and, more importantly, on the company. Therefore, by introducing linter at this time, the quality of the code can be assured at the level of static analysis.

    Attempted Solutions

    None.

    Proposal

    Loadmap

    • [ ] Discuss the introduction of golangci-lint
    • [ ] Select which linter to enable
    • [ ] Set the linter setting and fix lint errors
    • [ ] Add a new workflow to check by linter

    References

    No response

    enhancement new 
    opened by sivchari 0
  • Streaming JSON output emits non-JSON messages for state locker events

    Streaming JSON output emits non-JSON messages for state locker events

    Terraform Version

    Terraform v1.3.0
    on linux_amd64
    + provider registry.terraform.io/hashicorp/aws v4.39.0
    + provider registry.terraform.io/hashicorp/random v3.4.3
    

    Terraform Configuration Files

    not relevant

    Debug Output

    not relevant

    Expected Behavior

    terraform plan --json should only produce JSON for STDOUT

    Actual Behavior

    Not only JSON but informational messages may appear which break JSON, e.g.

    terraform plan --json
    
    {...some json here}
    {...some json here}
    Releasing state lock. This may take a few moments...
    

    Steps to Reproduce

    terraform plan --json > /tmp/somefile

    Additional Context

    Releasing state lock. This may take a few moments... message does not appear always, only when generation takes certain time.

    References

    No response

    bug good first issue confirmed explained v1.3 
    opened by giner 1
  • Custom error messages for auth error in http state backend

    Custom error messages for auth error in http state backend

    Terraform Version

    Terraform v1.3.0
    on linux_amd64
    

    Use Cases

    when implementing a custom http state backend, when user request to take the lock, if the backend decide the user does not have permissions, then it can return a "403 Forbidden", in that case the output the user see uts

    │ Error: Error acquiring the state lock
    │ 
    │ Error message: HTTP remote state endpoint invalid auth
    │ 
    │ Terraform acquires a state lock to protect the state from being written
    │ by multiple users at the same time. Please resolve the issue above and try
    │ again. For most commands, you can disable locking with the "-lock=false"
    │ flag, but this is not recommended.
    

    independent of the body of the response, robing the http backend server the opportunity to provide information to the user on what to do.

    Attempted Solutions

    no could not find one

    Proposal

    I'm happy to write this, but my solution would be to on the backend code and probbaly other special casesto read the body of the response, and if the body its JSON with the field "errmsg" then display that message... if not, display the original error.

    example... if the response body its:

    {
       "msg": "You dont have permission to access this state file, please request it through http://bar.biz/request/tf"
    }
    

    then the display should look like

    │ Error: Error acquiring the state lock │ │ Error message: You dont have permission to access this state file, please request it through http://bar.biz/request/tf │ │ Terraform acquires a state lock to protect the state from being written │ by multiple users at the same time. Please resolve the issue above and try │ again. For most commands, you can disable locking with the "-lock=false" │ flag, but this is not recommended.

    References

    none that i could find

    enhancement new 
    opened by aleivag 0
  • Documentation update for cli graph command

    Documentation update for cli graph command

    This PR adds instruction for how to modify the dot command to export the graph to other image file formats instead of exporting to .svg and converting.

    The documentation for how to use the terraform graph command shows piping to dot and then exporting the file in .svg format which needs GraphViz to open. This made it difficult to share the image if the other person didn't also have the software installed. Conversing .svg to .png or other file formats wasn't immediately clear online or required you to upload to an online tool (which most companies wouldn't want to do) or resulting in rudimentary methods such as screen-shotting the opened .svg image.

    documentation 
    opened by sheilman16 2
  • support json output for workspace list

    support json output for workspace list

    The change adds a flag (-json) to terraform workspace list command which prints a json output instead of the standard output.

    Output example when -json is passed:

    [{"Name":"default","Selected":true}]
    

    formatted with jq

    [
      {
        "Name": "default",
        "Selected": true
      }
    ]
    

    This change solves https://github.com/hashicorp/terraform/issues/30506

    It has no breaking change (if -json is not provided, output stays the same as before)

    enhancement 
    opened by efiShtain 2
Releases(v1.3.5)
  • v1.3.5(Nov 17, 2022)

    1.3.5 (November 17, 2022)

    BUG FIXES:

    • Prevent crash while serializing the plan for an empty destroy operation (#32207)
    • Allow a destroy plan to refresh instances while taking into account that some may no longer exist (#32208)
    • Fix Terraform creating objects that should not exist in variables that specify default attributes in optional objects. (#32178)
    • Fix several Terraform crashes that are caused by HCL creating objects that should not exist in variables that specify default attributes in optional objects within collections. (#32178)
    • Fix inconsistent behaviour in empty vs null collections. (#32178)
    • Prevent file uploads from creating unneeded temporary files when the payload size is known (#32206)
    • Nested attributes marked sensitive by schema no longer reveal sub-attributes in the plan diff (#32004)
    • Nested attributes now more consistently display when they become unknown or null values in the plan diff (#32004)
    • Sensitive values are now always displayed as (sensitive value) instead of sometimes as (sensitive) [GH32004]
    Source code(tar.gz)
    Source code(zip)
  • v1.4.0-alpha20221109(Nov 9, 2022)

    1.4.0 (Unreleased)

    BUG FIXES:

    • The module installer will now record in its manifest a correct module source URL after normalization when the URL given as input contains both a query string portion and a subdirectory portion. Terraform itself doesn't currently make use of this information and so this is just a cosmetic fix to make the recorded metadata more correct. (#31636)

    ENHANCEMENTS:

    • terraform init will now ignore entries in the optional global provider cache directory unless they match a checksum already tracked in the current configuration's dependency lock file. This therefore avoids the long-standing problem that when installing a new provider for the first time from the cache we can't determine the full set of checksums to include in the lock file. Once the lock file has been updated to include a checksum covering the item in the global cache, Terraform will then use the cache entry for subsequent installation of the same provider package. (#32129)
    • The "Failed to install provider" error message now includes the reason a provider could not be installed. (#31898)
    • backend/gcs: Add kms_encryption_key argument, to allow encryption of state files using Cloud KMS keys. (#24967)
    • backend/gcs: Add storage_custom_endpoint argument, to allow communication with the backend via a Private Service Connect endpoint. (#28856)
    • backend/gcs: Update documentation for usage of gcs with terraform_remote_state (#32065)

    EXPERIMENTS:

    • Since its introduction the yamlencode function's documentation carried a warning that it was experimental. This predated our more formalized idea of language experiments and so wasn't guarded by an explicit opt-in, but the intention was to allow for small adjustments to its behavior if we learned it was producing invalid YAML in some cases, due to the relative complexity of the YAML specification.

      From Terraform v1.4 onwards, yamlencode is no longer documented as experimental and is now subject to the Terraform v1.x Compatibility Promises. There are no changes to its previous behavior in v1.3 and so no special action is required when upgrading.

    Source code(tar.gz)
    Source code(zip)
  • v1.3.4(Nov 2, 2022)

    1.3.4 (November 02, 2022)

    BUG FIXES:

    • Fix invalid refresh-only plan caused by data sources being deferred to apply (#32111)
    • Optimize the handling of condition checks during apply to prevent performance regressions with large numbers of instances (#32123)
    • Output preconditions should not be evaluated during destroy (#32051)
    • Fix crash from console when outputs contain preconditions (#32051)
    • Destroy with no state would still attempt to evaluate some values (#32051)
    • Prevent unnecessary evaluation and planning of resources during the pre-destroy refresh (#32051)
    • AzureRM Backend: support for generic OIDC authentication via the oidc_token and oidc_token_file_path properties (#31966)
    • Input and Module Variables: Convert variable types before attempting to apply default values. (#32027)
    • When installing remote module packages delivered in tar format, Terraform now limits the tar header block size to 1MiB to avoid unbounded memory usage for maliciously-crafted module packages. (#32135)
    • Terraform will now reject excessively-complex regular expression patterns passed to the regex, regexall, and replace functions, to avoid unbounded memory usage for maliciously-crafted patterns. This change should not affect any reasonable patterns intended for practical use. (#32135)
    • Terraform on Windows now rejects invalid environment variables whose values contain the NUL character when propagating environment variables to a child process such as a provider plugin. Previously Terraform would incorrectly treat that character as a separator between two separate environment variables. (#32135)
    Source code(tar.gz)
    Source code(zip)
  • v1.3.3(Oct 19, 2022)

    1.3.3 (October 19, 2022)

    BUG FIXES:

    • Fix error when removing a resource from configuration which has according to the provider has already been deleted. (#31850)
    • Fix error when setting empty collections into variables with collections of nested objects with default values. (#32033)
    Source code(tar.gz)
    Source code(zip)
  • v1.3.2(Oct 6, 2022)

    1.3.2 (October 06, 2022)

    BUG FIXES:

    • Fixed a crash caused by Terraform incorrectly re-registering output value preconditions during the apply phase (rather than just reusing the already-planned checks from the plan phase). (#31890)
    • Prevent errors when the provider reports that a deposed instance no longer exists (#31902)
    • Using ignore_changes = all could cause persistent diffs with legacy providers (#31914)
    • Fix cycles when resource dependencies cross over between independent provider configurations (#31917)
    • Improve handling of missing resource instances during import (#31878)
    Source code(tar.gz)
    Source code(zip)
  • v1.3.1(Sep 28, 2022)

    1.3.1 (September 28, 2022)

    NOTE:

    • On darwin/amd64 and darwin/arm64 architectures, terraform binaries are now built with CGO enabled. This should not have any user-facing impact, except in cases where the pure Go DNS resolver causes problems on recent versions of macOS: using CGO may mitigate these issues. Please see the upstream bug https://github.com/golang/go/issues/52839 for more details.

    BUG FIXES:

    • Fixed a crash when using objects with optional attributes and default values in collections, most visible with nested modules. (#31847)
    • Prevent cycles in some situations where a provider depends on resources in the configuration which are participating in planned changes. (#31857)
    • Fixed an error when attempting to destroy a configuration where resources do not exist in the state. (#31858)
    • Data sources which cannot be read during will no longer prevent the state from being serialized. (#31871)
    • Fixed a crash which occured when a resource with a precondition and/or a postcondition appeared inside a module with two or more instances. (#31860)
    Source code(tar.gz)
    Source code(zip)
  • v1.3.0(Sep 21, 2022)

    1.3.0 (September 21, 2022)

    NEW FEATURES:

    • Optional attributes for object type constraints: When declaring an input variable whose type constraint includes an object type, you can now declare individual attributes as optional, and specify a default value to use if the caller doesn't set it. For example:

      variable "with_optional_attribute" {
        type = object({
          a = string                # a required attribute
          b = optional(string)      # an optional attribute
          c = optional(number, 127) # an optional attribute with a default value
        })
      }
      

      Assigning { a = "foo" } to this variable will result in the value { a = "foo", b = null, c = 127 }.

    • Added functions: startswith and endswith allow you to check whether a given string has a specified prefix or suffix. (#31220)

    UPGRADE NOTES:

    • terraform show -json: Output changes now include more detail about the unknown-ness of the planned value. Previously, a planned output would be marked as either fully known or partially unknown, with the after_unknown field having value false or true respectively. Now outputs correctly expose the full structure of unknownness for complex values, allowing consumers of the JSON output format to determine which values in a collection are known only after apply.

    • terraform import: The -allow-missing-config has been removed, and at least an empty configuration block must exist to import a resource.

    • Consumers of the JSON output format expecting on the after_unknown field to be only false or true should be updated to support the change representation described in the documentation, and as was already used for resource changes. (#31235)

    • AzureRM Backend: This release concludes the deprecation cycle started in Terraform v1.1 for the azurerm backend's support of "ADAL" authentication. This backend now supports only "MSAL" (Microsoft Graph) authentication.

      This follows from Microsoft's own deprecation of Azure AD Graph, and so you must follow the migration instructions presented in that Azure documentation to adopt Microsoft Graph and then change your backend configuration to use MSAL authentication before upgrading to Terraform v1.3.

    • When making requests to HTTPS servers, Terraform will now reject invalid handshakes that have duplicate extensions, as required by RFC 5246 section 7.4.1.4 and RFC 8446 section 4.2. This may cause new errors when interacting with existing buggy or misconfigured TLS servers, but should not affect correct servers.

      This only applies to requests made directly by Terraform CLI, such as provider installation and remote state storage. Terraform providers are separate programs which decide their own policy for handling of TLS handshakes.

    • The following backends, which were deprecated in v1.2.3, have now been removed: artifactory, etcd, etcdv3, manta, swift. The legacy backend name azure has also been removed, because the current Azure backend is named azurerm. (#31711)

    ENHANCEMENTS:

    • config: Optional attributes for object type constraints, as described under new features above. (#31154)
    • config: New built-in function timecmp allows determining the ordering relationship between two timestamps while taking potentially-different UTC offsets into account. (#31687)
    • config: When reporting an error message related to a function call, Terraform will now include contextual information about the signature of the function that was being called, as an aid to understanding why the call might have failed. (#31299)
    • config: When reporting an error or warning message that isn't caused by values being unknown or marked as sensitive, Terraform will no longer mention any values having those characteristics in the contextual information presented alongside the error. Terraform will still return this information for the small subset of error messages that are specifically about unknown values or sensitive values being invalid in certain contexts. (#31299)
    • config: moved blocks can now describe resources moving to and from modules in separate module packages. (#31556)
    • terraform fmt now accepts multiple target paths, allowing formatting of several individual files at once. (#31687)
    • terraform init: provider installation errors now mention which host Terraform was downloading from (#31524)
    • CLI: Terraform will report more explicitly when it is proposing to delete an object due to it having moved to a resource instance that is not currently declared in the configuration. (#31695)
    • CLI: When showing the progress of a remote operation running in Terraform Cloud, Terraform CLI will include information about pre-plan run tasks (#31617)
    • The AzureRM Backend now only supports MSAL (and Microsoft Graph) and no longer makes use of ADAL (and Azure Active Directory Graph) for authentication (#31070)
    • The COS backend now supports global acceleration. (#31425)
    • provider plugin protocol: The Terraform CLI now calls PlanResourceChange for compatible providers when destroying resource instances. (#31179)
    • As an implementation detail of the Terraform Cloud integration, Terraform CLI will now capture and upload the JSON integration format for state along with any newly-recorded state snapshots, which then in turn allows Terraform Cloud to provide that information to API-based external integrations. (#31698)

    BUG FIXES:

    • config: Terraform was not previously evaluating preconditions and postconditions during the apply phase for resource instances that didn't have any changes pending, which was incorrect because the outcome of a condition can potentially be affected by changes to other objects in the configuration. Terraform will now always check the conditions for every resource instance included in a plan during the apply phase, even for resource instances that have "no-op" changes. This means that some failures that would previously have been detected only by a subsequent run will now be detected during the same run that caused them, thereby giving the feedback at the appropriate time. (#31491)
    • terraform show -json: Fixed missing markers for unknown values in the encoding of partially unknown tuples and sets. (#31236)
    • terraform output CLI help documentation is now more consistent with web-based documentation. (#29354)
    • terraform init: Error messages now handle the situation where the underlying HTTP client library does not indicate a hostname for a failed request. (#31542)
    • terraform init: Don't panic if a child module contains a resource with a syntactically-invalid resource type name. (#31573)
    • CLI: The representation of destroying already-null output values in a destroy plan will no longer report them as being deleted, which avoids reporting the deletion of an output value that was already absent. (#31471)
    • terraform import: Better handling of resources or modules that use for_each, and situations where data resources are needed to complete the operation. (#31283)

    EXPERIMENTS:

    • This release concludes the module_variable_optional_attrs experiment, which started in Terraform v0.14.0. The final design of the optional attributes feature is similar to the experimental form in the previous releases, but with two major differences:

      • The optional function-like modifier for declaring an optional attribute now accepts an optional second argument for specifying a default value to use when the attribute isn't set by the caller. If not specified, the default value is a null value of the appropriate type as before.
      • The built-in defaults function, previously used to meet the use-case of replacing null values with default values, will not graduate to stable and has been removed. Use the second argument of optional inline in your type constraint to declare default values instead.

      If you have any experimental modules that were participating in this experiment, you will need to remove the experiment opt-in and adopt the new syntax for declaring default values in order to migrate your existing module to the stablized version of this feature. If you are writing a shared module for others to use, we recommend declaring that your module requires Terraform v1.3.0 or later to give specific feedback when using the new feature on older Terraform versions, in place of the previous declaration to use the experimental form of this feature:

      terraform {
        required_version = ">= 1.3.0"
      }
      
    Source code(tar.gz)
    Source code(zip)
  • v1.3.0-rc1(Sep 14, 2022)

    1.3.0 (Unreleased)

    NEW FEATURES:

    • Optional attributes for object type constraints: When declaring an input variable whose type constraint includes an object type, you can now declare individual attributes as optional, and specify a default value to use if the caller doesn't set it. For example:

      variable "with_optional_attribute" {
        type = object({
          a = string                # a required attribute
          b = optional(string)      # an optional attribute
          c = optional(number, 127) # an optional attribute with a default value
        })
      }
      

      Assigning { a = "foo" } to this variable will result in the value { a = "foo", b = null, c = 127 }.

    • Added functions: startswith and endswith allow you to check whether a given string has a specified prefix or suffix. (#31220)

    UPGRADE NOTES:

    • terraform show -json: Output changes now include more detail about the unknown-ness of the planned value. Previously, a planned output would be marked as either fully known or partially unknown, with the after_unknown field having value false or true respectively. Now outputs correctly expose the full structure of unknownness for complex values, allowing consumers of the JSON output format to determine which values in a collection are known only after apply.

    • terraform import: The -allow-missing-config has been removed, and at least an empty configuration block must exist to import a resource.

    • Consumers of the JSON output format expecting on the after_unknown field to be only false or true should be updated to support the change representation described in the documentation, and as was already used for resource changes. (#31235)

    • AzureRM Backend: This release concludes the deprecation cycle started in Terraform v1.1 for the azurerm backend's support of "ADAL" authentication. This backend now supports only "MSAL" (Microsoft Graph) authentication.

      This follows from Microsoft's own deprecation of Azure AD Graph, and so you must follow the migration instructions presented in that Azure documentation to adopt Microsoft Graph and then change your backend configuration to use MSAL authentication before upgrading to Terraform v1.3.

    • When making requests to HTTPS servers, Terraform will now reject invalid handshakes that have duplicate extensions, as required by RFC 5246 section 7.4.1.4 and RFC 8446 section 4.2. This may cause new errors when interacting with existing buggy or misconfigured TLS servers, but should not affect correct servers.

      This only applies to requests made directly by Terraform CLI, such as provider installation and remote state storage. Terraform providers are separate programs which decide their own policy for handling of TLS handshakes.

    • The following backends, which were deprecated in v1.2.3, have now been removed: artifactory, etcd, etcdv3, manta, swift. The legacy backend name azure has also been removed, because the current Azure backend is named azurerm. [#31711]

    ENHANCEMENTS:

    • config: Optional attributes for object type constraints, as described under new features above. (#31154)
    • config: New built-in function timecmp allows determining the ordering relationship between two timestamps while taking potentially-different UTC offsets into account. (#31687)
    • config: When reporting an error message related to a function call, Terraform will now include contextual information about the signature of the function that was being called, as an aid to understanding why the call might have failed. (#31299)
    • config: When reporting an error or warning message that isn't caused by values being unknown or marked as sensitive, Terraform will no longer mention any values having those characteristics in the contextual information presented alongside the error. Terraform will still return this information for the small subset of error messages that are specifically about unknown values or sensitive values being invalid in certain contexts. (#31299)
    • config: moved blocks can now describe resources moving to and from modules in separate module packages. (#31556)
    • terraform fmt now accepts multiple target paths, allowing formatting of several individual files at once. (#31687)
    • terraform init: provider installation errors now mention which host Terraform was downloading from (#31524)
    • CLI: Terraform will report more explicitly when it is proposing to delete an object due to it having moved to a resource instance that is not currently declared in the configuration. (#31695)
    • CLI: When showing the progress of a remote operation running in Terraform Cloud, Terraform CLI will include information about pre-plan run tasks (#31617)
    • The AzureRM Backend now only supports MSAL (and Microsoft Graph) and no longer makes use of ADAL (and Azure Active Directory Graph) for authentication (#31070)
    • The COS backend now supports global acceleration. (#31425)
    • provider plugin protocol: The Terraform CLI now calls PlanResourceChange for compatible providers when destroying resource instances. (#31179)
    • As an implementation detail of the Terraform Cloud integration, Terraform CLI will now capture and upload the JSON integration format for state along with any newly-recorded state snapshots, which then in turn allows Terraform Cloud to provide that information to API-based external integrations. (#31698)

    BUG FIXES:

    • config: Terraform was not previously evaluating preconditions and postconditions during the apply phase for resource instances that didn't have any changes pending, which was incorrect because the outcome of a condition can potentially be affected by changes to other objects in the configuration. Terraform will now always check the conditions for every resource instance included in a plan during the apply phase, even for resource instances that have "no-op" changes. This means that some failures that would previously have been detected only by a subsequent run will now be detected during the same run that caused them, thereby giving the feedback at the appropriate time. (#31491)
    • terraform show -json: Fixed missing markers for unknown values in the encoding of partially unknown tuples and sets. (#31236)
    • terraform output CLI help documentation is now more consistent with web-based documentation. (#29354)
    • terraform init: Error messages now handle the situation where the underlying HTTP client library does not indicate a hostname for a failed request. (#31542)
    • terraform init: Don't panic if a child module contains a resource with a syntactically-invalid resource type name. (#31573)
    • CLI: The representation of destroying already-null output values in a destroy plan will no longer report them as being deleted, which avoids reporting the deletion of an output value that was already absent. (#31471)
    • terraform import: Better handling of resources or modules that use for_each, and situations where data resources are needed to complete the operation. (#31283)

    EXPERIMENTS:

    • This release concludes the module_variable_optional_attrs experiment, which started in Terraform v0.14.0. The final design of the optional attributes feature is similar to the experimental form in the previous releases, but with two major differences:

      • The optional function-like modifier for declaring an optional attribute now accepts an optional second argument for specifying a default value to use when the attribute isn't set by the caller. If not specified, the default value is a null value of the appropriate type as before.
      • The built-in defaults function, previously used to meet the use-case of replacing null values with default values, will not graduate to stable and has been removed. Use the second argument of optional inline in your type constraint to declare default values instead.

      If you have any experimental modules that were participating in this experiment, you will need to remove the experiment opt-in and adopt the new syntax for declaring default values in order to migrate your existing module to the stablized version of this feature. If you are writing a shared module for others to use, we recommend declaring that your module requires Terraform v1.3.0 or later to give specific feedback when using the new feature on older Terraform versions, in place of the previous declaration to use the experimental form of this feature:

      terraform {
        required_version = ">= 1.3.0"
      }
      
    Source code(tar.gz)
    Source code(zip)
  • v1.2.9(Sep 7, 2022)

  • v1.3.0-beta1(Aug 31, 2022)

    1.3.0 (Unreleased)

    NEW FEATURES:

    • Optional attributes for object type constraints: When declaring an input variable whose type constraint includes an object type, you can now declare individual attributes as optional, and specify a default value to use if the caller doesn't set it. For example:

      variable "with_optional_attribute" {
        type = object({
          a = string                # a required attribute
          b = optional(string)      # an optional attribute
          c = optional(number, 127) # an optional attribute with a default value
        })
      }
      

      Assigning { a = "foo" } to this variable will result in the value { a = "foo", b = null, c = 127 }.

    • Added functions: startswith and endswith allow you to check whether a given string has a specified prefix or suffix. (#31220)

    UPGRADE NOTES:

    • terraform show -json: Output changes now include more detail about the unknown-ness of the planned value. Previously, a planned output would be marked as either fully known or partially unknown, with the after_unknown field having value false or true respectively. Now outputs correctly expose the full structure of unknownness for complex values, allowing consumers of the JSON output format to determine which values in a collection are known only after apply.

    • terraform import: The -allow-missing-config has been removed, and at least an empty configuration block must exist to import a resource.

    • Consumers of the JSON output format expecting on the after_unknown field to be only false or true should be updated to support the change representation described in the documentation, and as was already used for resource changes. (#31235)

    • AzureRM Backend: This release concludes the deprecation cycle started in Terraform v1.1 for the azurerm backend's support of "ADAL" authentication. This backend now supports only "MSAL" (Microsoft Graph) authentication.

      This follows from Microsoft's own deprecation of Azure AD Graph, and so you must follow the migration instructions presented in that Azure documentation to adopt Microsoft Graph and then change your backend configuration to use MSAL authentication before upgrading to Terraform v1.3.

    • When making requests to HTTPS servers, Terraform will now reject invalid handshakes that have duplicate extensions, as required by RFC 5246 section 7.4.1.4 and RFC 8446 section 4.2. This may cause new errors when interacting with existing buggy or misconfigured TLS servers, but should not affect correct servers.

      This only applies to requests made directly by Terraform CLI, such as provider installation and remote state storage. Terraform providers are separate programs which decide their own policy for handling of TLS handshakes.

    • The following backends, which were deprecated in v1.2.3, have now been removed: artifactory, etcd, etcdv3, manta, swift. The azure backend name has been removed: please use the name azurerm for this backend. [#31711]

    ENHANCEMENTS:

    • config: Optional attributes for object type constraints, as described under new features above. (#31154)
    • config: New built-in function timecmp allows determining the ordering relationship between two timestamps while taking potentially-different UTC offsets into account. (#31687)
    • terraform fmt now accepts multiple target paths, allowing formatting of several individual files at once. (#31687)
    • When reporting an error message related to a function call, Terraform will now include contextual information about the signature of the function that was being called, as an aid to understanding why the call might have failed. (#31299)
    • When reporting an error or warning message that isn't caused by values being unknown or marked as sensitive, Terraform will no longer mention any values having those characteristics in the contextual information presented alongside the error. Terraform will still return this information for the small subset of error messages that are specifically about unknown values or sensitive values being invalid in certain contexts. (#31299)
    • The Terraform CLI now calls PlanResourceChange for compatible providers when destroying resource instances. (#31179)
    • The AzureRM Backend now only supports MSAL (and Microsoft Graph) and no longer makes use of ADAL (and Azure Active Directory Graph) for authentication (#31070)
    • The COS backend now supports global acceleration. (#31425)
    • providercache: include host in provider installation error (#31524)
    • refactoring: moved blocks can now be used to move resources to and from external modules (#31556)
    • refactoring/plans: Terraform will now indicate when the deletion of a resource is due to moving a resource to a target not in configuration. This information is also available as a ResourceInstanceActionReason in the planproto. (#31695)
    • When showing the progress of a remote operation running in Terraform Cloud, Terraform CLI will include information about pre-plan run tasks (#31617)
    • Terraform now sends the JSON state representation to the Cloud backend (when available) (#31698)

    BUG FIXES:

    • config: Terraform was not previously evaluating preconditions and postconditions during the apply phase for resource instances that didn't have any changes pending, which was incorrect because the outcome of a condition can potentially be affected by changes to other objects in the configuration. Terraform will now always check the conditions for every resource instance included in a plan during the apply phase, even for resource instances that have "no-op" changes. This means that some failures that would previously have been detected only by a subsequent run will now be detected during the same run that caused them, thereby giving the feedback at the appropriate time. (#31491)
    • terraform show -json: Fixed missing unknown markers in the encoding of partially unknown tuples and sets. (#31236)
    • terraform output CLI help documentation is now more consistent with web-based documentation. (#29354)
    • getproviders: account for occasionally missing Host header in errors (#31542)
    • core: Do not create "delete" changes for nonexistent outputs (#31471)
    • configload: validate implied provider names in submodules to avoid crash (#31573)
    • core: import fails when resources or modules are expanded with for each, or input from data sources is required (#31283)

    EXPERIMENTS:

    • This release concludes the module_variable_optional_attrs experiment, which started in Terraform v0.14.0. The final design of the optional attributes feature is similar to the experimental form in the previous releases, but with two major differences:

      • The optional function-like modifier for declaring an optional attribute now accepts an optional second argument for specifying a default value to use when the attribute isn't set by the caller. If not specified, the default value is a null value of the appropriate type as before.
      • The built-in defaults function, previously used to meet the use-case of replacing null values with default values, will not graduate to stable and has been removed. Use the second argument of optional inline in your type constraint to declare default values instead.

      If you have any experimental modules that were participating in this experiment, you will need to remove the experiment opt-in and adopt the new syntax for declaring default values in order to migrate your existing module to the stablized version of this feature. If you are writing a shared module for others to use, we recommend declaring that your module requires Terraform v1.3.0 or later to give specific feedback when using the new feature on older Terraform versions, in place of the previous declaration to use the experimental form of this feature:

      terraform {
        required_version = ">= 1.3.0"
      }
      
    Source code(tar.gz)
    Source code(zip)
  • v1.2.8(Aug 24, 2022)

    1.2.8 (August 24, 2022)

    BUG FIXES:

    • config: The flatten function will no longer panic if given a null value that has been explicitly converted to or implicitly inferred as having a list, set, or tuple type. Previously Terraform would panic in such a situation because it tried to "flatten" the contents of the null value into the result, which is impossible. (#31675)
    • config: The tolist, toset, and tomap functions, and various automatic conversions that include similar logic, will no longer panic when asked to infer an element type that is convertable from both a tuple type and a list type whose element type is not yet known. (#31675)
    Source code(tar.gz)
    Source code(zip)
  • v1.3.0-alpha20220817(Aug 17, 2022)

    1.3.0 (Unreleased)

    NEW FEATURES:

    • Optional attributes for object type constraints: When declaring an input variable whose type constraint includes an object type, you can now declare individual attributes as optional, and specify a default value to use if the caller doesn't set it. For example:

      variable "with_optional_attribute" {
        type = object({
          a = string                # a required attribute
          b = optional(string)      # an optional attribute
          c = optional(number, 127) # an optional attribute with a default value
        })
      }
      

      Assigning { a = "foo" } to this variable will result in the value { a = "foo", b = null, c = 127 }.

    • Added functions: startswith and endswith allow you to check whether a given string has a specified prefix or suffix. (#31220)

    UPGRADE NOTES:

    • terraform show -json: Output changes now include more detail about the unknown-ness of the planned value. Previously, a planned output would be marked as either fully known or partially unknown, with the after_unknown field having value false or true respectively. Now outputs correctly expose the full structure of unknownness for complex values, allowing consumers of the JSON output format to determine which values in a collection are known only after apply.

    • terraform import: The -allow-missing-config has been removed, and at least an empty configuration block must exist to import a resource.

      Consumers of the JSON output format expecting on the after_unknown field to be only false or true should be updated to support the change representation described in the documentation, and as was already used for resource changes. (#31235)

    ENHANCEMENTS:

    • config: Optional attributes for object type constraints, as described under new features above. (#31154)
    • terraform fmt now accepts multiple target paths, allowing formatting of several individual files at once. (#28191)
    • When reporting an error message related to a function call, Terraform will now include contextual information about the signature of the function that was being called, as an aid to understanding why the call might have failed. (#31299)
    • When reporting an error or warning message that isn't caused by values being unknown or marked as sensitive, Terraform will no longer mention any values having those characteristics in the contextual information presented alongside the error. Terraform will still return this information for the small subset of error messages that are specifically about unknown values or sensitive values being invalid in certain contexts. (#31299)
    • The Terraform CLI now calls PlanResourceChange for compatible providers when destroying resource instances. (#31179)
    • The AzureRM Backend now only supports MSAL (and Microsoft Graph) and no longer makes use of ADAL (and Azure Active Directory Graph) for authentication (#31070)
    • The COS backend now supports global acceleration. (#31425)
    • providercache: include host in provider installation error (#31524)
    • refactoring: moved blocks can now be used to move resources to and from external modules (#31556)

    BUG FIXES:

    • config: Terraform was not previously evaluating preconditions and postconditions during the apply phase for resource instances that didn't have any changes pending, which was incorrect because the outcome of a condition can potentially be affected by changes to other objects in the configuration. Terraform will now always check the conditions for every resource instance included in a plan during the apply phase, even for resource instances that have "no-op" changes. This means that some failures that would previously have been detected only by a subsequent run will now be detected during the same run that caused them, thereby giving the feedback at the appropriate time. (#31491)
    • terraform show -json: Fixed missing unknown markers in the encoding of partially unknown tuples and sets. (#31236)
    • terraform output CLI help documentation is now more consistent with web-based documentation. (#29354)
    • getproviders: account for occasionally missing Host header in errors (#31542)
    • core: Do not create "delete" changes for nonexistent outputs (#31471)
    • configload: validate implied provider names in submodules to avoid crash (#31573)
    • core: import fails when resources or modules are expanded with for each, or input from data sources is required (#31283)

    EXPERIMENTS:

    • This release concludes the module_variable_optional_attrs experiment, which started in Terraform v0.14.0. The final design of the optional attributes feature is similar to the experimental form in the previous releases, but with two major differences:

      • The optional function-like modifier for declaring an optional attribute now accepts an optional second argument for specifying a default value to use when the attribute isn't set by the caller. If not specified, the default value is a null value of the appropriate type as before.
      • The built-in defaults function, previously used to meet the use-case of replacing null values with default values, will not graduate to stable and has been removed. Use the second argument of optional inline in your type constraint to declare default values instead.

      If you have any experimental modules that were participating in this experiment, you will need to remove the experiment opt-in and adopt the new syntax for declaring default values in order to migrate your existing module to the stablized version of this feature. If you are writing a shared module for others to use, we recommend declaring that your module requires Terraform v1.3.0 or later to give specific feedback when using the new feature on older Terraform versions, in place of the previous declaration to use the experimental form of this feature:

      terraform {
        required_version = ">= 1.3.0"
      }
      
    Source code(tar.gz)
    Source code(zip)
  • v1.2.7(Aug 10, 2022)

    1.2.7 (August 10, 2022)

    ENHANCEMENTS:

    • config: Check for direct references to deprecated computed attributes. (#31576)

    BUG FIXES:

    • config: Fix an crash if a submodule contains a resource whose implied provider local name contains invalid characters, by adding additional validation rules to turn it into a real error. (#31573)
    • core: Fix some handling of provider schema attributes which use the newer "structural typing" mechanism introduced with protocol version 6, and therefore with the new Terraform Plugin Framework (#31532)
    • command: Add missing output text for applyable refresh plans. (#31469)
    Source code(tar.gz)
    Source code(zip)
  • v1.3.0-alpha20220803(Aug 3, 2022)

    1.3.0 (Unreleased)

    NEW FEATURES:

    • Optional attributes for object type constraints: When declaring an input variable whose type constraint includes an object type, you can now declare individual attributes as optional, and specify a default value to use if the caller doesn't set it. For example:

      variable "with_optional_attribute" {
        type = object({
          a = string                # a required attribute
          b = optional(string)      # an optional attribute
          c = optional(number, 127) # an optional attribute with a default value
        })
      }
      

      Assigning { a = "foo" } to this variable will result in the value { a = "foo", b = null, c = 127 }.

    • Added functions: startswith and endswith allow you to check whether a given string has a specified prefix or suffix. (#31220)

    UPGRADE NOTES:

    • terraform show -json: Output changes now include more detail about the unknown-ness of the planned value. Previously, a planned output would be marked as either fully known or partially unknown, with the after_unknown field having value false or true respectively. Now outputs correctly expose the full structure of unknownness for complex values, allowing consumers of the JSON output format to determine which values in a collection are known only after apply.

      Consumers of the JSON output format expecting on the after_unknown field to be only false or true should be updated to support the change representation described in the documentation, and as was already used for resource changes. (#31235)

    ENHANCEMENTS:

    • config: Optional attributes for object type constraints, as described under new features above. (#31154)
    • When reporting an error message related to a function call, Terraform will now include contextual information about the signature of the function that was being called, as an aid to understanding why the call might have failed. (#31299)
    • When reporting an error or warning message that isn't caused by values being unknown or marked as sensitive, Terraform will no longer mention any values having those characteristics in the contextual information presented alongside the error. Terraform will still return this information for the small subset of error messages that are specifically about unknown values or sensitive values being invalid in certain contexts. (#31299)
    • The Terraform CLI now calls PlanResourceChange for compatible providers when destroying resource instances. (#31179)
    • The AzureRM Backend now only supports MSAL (and Microsoft Graph) and no longer makes use of ADAL (and Azure Active Directory Graph) for authentication (#31070)
    • The COS backend now supports global acceleration. (#31425)
    • providercache: include host in provider installation error (#31524)

    BUG FIXES:

    • config: Terraform was not previously evaluating preconditions and postconditions during the apply phase for resource instances that didn't have any changes pending, which was incorrect because the outcome of a condition can potentially be affected by changes to other objects in the configuration. Terraform will now always check the conditions for every resource instance included in a plan during the apply phase, even for resource instances that have "no-op" changes. This means that some failures that would previously have been detected only by a subsequent run will now be detected during the same run that caused them, thereby giving the feedback at the appropriate time. (#31491)
    • terraform show -json: Fixed missing unknown markers in the encoding of partially unknown tuples and sets. (#31236)
    • terraform output CLI help documentation is now more consistent with web-based documentation. (#29354)
    • getproviders: account for occasionally missing Host header in errors (#31542)
    • core: Do not create "delete" changes for nonexistent outputs (#31471)

    EXPERIMENTS:

    • This release concludes the module_variable_optional_attrs experiment, which started in Terraform v0.14.0. The final design of the optional attributes feature is similar to the experimental form in the previous releases, but with two major differences:

      • The optional function-like modifier for declaring an optional attribute now accepts an optional second argument for specifying a default value to use when the attribute isn't set by the caller. If not specified, the default value is a null value of the appropriate type as before.
      • The built-in defaults function, previously used to meet the use-case of replacing null values with default values, will not graduate to stable and has been removed. Use the second argument of optional inline in your type constraint to declare default values instead.

      If you have any experimental modules that were participating in this experiment, you will need to remove the experiment opt-in and adopt the new syntax for declaring default values in order to migrate your existing module to the stablized version of this feature. If you are writing a shared module for others to use, we recommend declaring that your module requires Terraform v1.3.0 or later to give specific feedback when using the new feature on older Terraform versions, in place of the previous declaration to use the experimental form of this feature:

      terraform {
        required_version = ">= 1.3.0"
      }
      
    Source code(tar.gz)
    Source code(zip)
  • v1.2.6(Jul 27, 2022)

    1.2.6 (July 27, 2022)

    ENHANCEMENTS:

    • Add a warning and guidance when terraform init fails to fully populate the .terraform.lock.hcl file. (#31399)
    • Add a direct link to the relevant documentation when terraform init fails on missing checksums. (#31408)

    BUG FIXES:

    • Fix panic on terraform show when state file is invalid or unavailable. (#31444)
    • Fix terraform providers lock command failing on missing checksums. (#31389)
    • Some combinations of move block operations would be executed in the wrong order (#31499)
    • Don't attribute an error to the provider when a computed attribute is listed in ignore_changes (#31509)
    Source code(tar.gz)
    Source code(zip)
  • v1.2.5(Jul 13, 2022)

    1.2.5 (July 13, 2022)

    BUG FIXES:

    • Report correct error message when a prerelease field is included in the required_version global constraint. (#31331)
    • Fix case when extra blank lines were inserted into the plan for unchanged blocks. (#31330)
    Source code(tar.gz)
    Source code(zip)
  • v1.3.0-alpha20220706(Jul 6, 2022)

    1.3.0 (Unreleased)

    NEW FEATURES:

    • Optional attributes for object type constraints: When declaring an input variable whose type constraint includes an object type, you can now declare individual attributes as optional, and specify a default value to use if the caller doesn't set it. For example:

      variable "with_optional_attribute" {
        type = object({
          a = string                # a required attribute
          b = optional(string)      # an optional attribute
          c = optional(number, 127) # an optional attribute with a default value
        })
      }
      

      Assigning { a = "foo" } to this variable will result in the value { a = "foo", b = null, c = 127 }.

    UPGRADE NOTES:

    • terraform show -json: Output changes now include more detail about the unknown-ness of the planned value. Previously, a planned output would be marked as either fully known or partially unknown, with the after_unknown field having value false or true respectively. Now outputs correctly expose the full structure of unknownness for complex values, allowing consumers of the JSON output format to determine which values in a collection are known only after apply.

      Consumers of the JSON output format expecting on the after_unknown field to be only false or true should be updated to support the change representation described in the documentation, and as was already used for resource changes. (#31235)

    ENHANCEMENTS:

    • config: Optional attributes for object type constraints, as described under new features above. (#31154)
    • When reporting an error message related to a function call, Terraform will now include contextual information about the signature of the function that was being called, as an aid to understanding why the call might have failed. (#31299)
    • When reporting an error or warning message that isn't caused by values being unknown or marked as sensitive, Terraform will no longer mention any values having those characteristics in the contextual information presented alongside the error. Terraform will still return this information for the small subset of error messages that are specifically about unknown values or sensitive values being invalid in certain contexts. (#31299)
    • The Terraform CLI now calls PlanResourceChange for compatible providers when destroying resource instances. (#31179)

    BUG FIXES:

    • Made terraform output CLI help documentation consistent with web-based documentation. (#29354)
    • terraform show -json: Fixed missing unknown markers in the encoding of partially unknown tuples and sets. (#31236)

    EXPERIMENTS:

    • This release concludes the module_variable_optional_attrs experiment, which started in Terraform v0.14.0. The final design of the optional attributes feature is similar to the experimental form in the previous releases, but with two major differences:

      • The optional function-like modifier for declaring an optional attribute now accepts an optional second argument for specifying a default value to use when the attribute isn't set by the caller. If not specified, the default value is a null value of the appropriate type as before.
      • The built-in defaults function, previously used to meet the use-case of replacing null values with default values, will not graduate to stable and has been removed. Use the second argument of optional inline in your type constraint to declare default values instead.

      If you have any experimental modules that were participating in this experiment, you will need to remove the experiment opt-in and adopt the new syntax for declaring default values in order to migrate your existing module to the stablized version of this feature. If you are writing a shared module for others to use, we recommend declaring that your module requires Terraform v1.3.0 or later to give specific feedback when using the new feature on older Terraform versions, in place of the previous declaration to use the experimental form of this feature:

      terraform {
        required_version = ">= 1.3.0"
      }
      
    Source code(tar.gz)
    Source code(zip)
  • v1.2.4(Jun 29, 2022)

    1.2.4 (June 29, 2022)

    ENHANCEMENTS:

    • Improved validation of required_providers to prevent single providers from being required with multiple names. (#31218)
    • Improved plan performance by optimizing addrs.Module.String for allocations. (#31293)

    BUG FIXES:

    • backend/http: Fixed bug where the HTTP backend would fail to retry acquiring the state lock and ignored the -lock-timeout flag. (#31256)
    • Fix crash if a precondition or postcondition block omitted the required condition argument. (#31290)
    Source code(tar.gz)
    Source code(zip)
  • v1.3.0-alpha20220622(Jun 22, 2022)

    1.3.0 (Unreleased)

    NEW FEATURES:

    • Optional attributes for object type constraints: When declaring an input variable whose type constraint includes an object type, you can now declare individual attributes as optional, and specify a default value to use if the caller doesn't set it. For example:

      variable "with_optional_attribute" {
        type = object({
          a = string                # a required attribute
          b = optional(string)      # an optional attribute
          c = optional(number, 127) # an optional attribute with a default value
        })
      }
      

      Assigning { a = "foo" } to this variable will result in the value { a = "foo", b = null, c = 127 }.

    UPGRADE NOTES:

    • terraform show -json: Output changes now include more detail about the unknown-ness of the planned value. Previously, a planned output would be marked as either fully known or partially unknown, with the after_unknown field having value false or true respectively. Now outputs correctly expose the full structure of unknownness for complex values, allowing consumers of the JSON output format to determine which values in a collection are known only after apply.

      Consumers of the JSON output format expecting on the after_unknown field to be only false or true should be updated to support the change representation described in the documentation, and as was already used for resource changes. (#31235)

    ENHANCEMENTS:

    • config: Optional attributes for object type constraints, as described under new features above. (#31154)

    BUG FIXES:

    • Made terraform output CLI help documentation consistent with web-based documentation. (#29354)
    • terraform show -json: Fixed missing unknown markers in the encoding of partially unknown tuples and sets. (#31236)

    EXPERIMENTS:

    • This release concludes the module_variable_optional_attrs experiment, which started in Terraform v0.14.0. The final design of the optional attributes feature is similar to the experimental form in the previous releases, but with two major differences:

      • The optional function-like modifier for declaring an optional attribute now accepts an optional second argument for specifying a default value to use when the attribute isn't set by the caller. If not specified, the default value is a null value of the appropriate type as before.
      • The built-in defaults function, previously used to meet the use-case of replacing null values with default values, will not graduate to stable and has been removed. Use the second argument of optional inline in your type constraint to declare default values instead.

      If you have any experimental modules that were participating in this experiment, you will need to remove the experiment opt-in and adopt the new syntax for declaring default values in order to migrate your existing module to the stablized version of this feature.

    Source code(tar.gz)
    Source code(zip)
  • v1.2.3(Jun 15, 2022)

    1.2.3 (June 15, 2022)

    UPGRADE NOTES:

    • The following remote state backends are now marked as deprecated, and are planned to be removed in a future Terraform release. These backends have been unmaintained since before Terraform v1.0, and may contain known bugs, outdated packages, or security vulnerabilities.
      • artifactory
      • etcd
      • etcdv3
      • manta
      • swift

    BUG FIXES:

    • Missing check for error diagnostics in GetProviderSchema could result in panic (#31184)
    • Module registries returning X-Terraform-Get locations with no URL would error with "no getter available for X-Terraform-Get source protocol" (#31237)
    • Fix crash from concurrent operation on shared set of resource instance dependencies (#31246)
    • backend/cos: tencentcloud-terraform-lock tag was not removed in all cases (#31223)
    Source code(tar.gz)
    Source code(zip)
  • v1.3.0-alpha20220608(Jun 8, 2022)

    1.3.0 (Unreleased)

    UPGRADE NOTES:

    • Module variable type constraints now support an optional() modifier for object attribute types. Optional attributes may be omitted from the variable value, and will be replaced by a default value (or null if no default is specified). For example:

      variable "with_optional_attribute" {
        type = object({
          a = string                # a required attribute
          b = optional(string)      # an optional attribute
          c = optional(number, 127) # an optional attribute with default value
        })
      }
      

      Assigning { a = "foo" } to this variable will result in the value { a = "foo", b = null, c = 127 }.

      This functionality was introduced as an experiment in Terraform 0.14. This release removes the experimental defaults function. (#31154)

    BUG FIXES:

    • Made terraform output CLI help documentation consistent with web-based documentation (#29354)
    Source code(tar.gz)
    Source code(zip)
  • v1.2.2(Jun 1, 2022)

    1.2.2 (June 01, 2022)

    ENHANCEMENTS:

    • Invalid -var arguments with spaces between the name and value now have an improved error message (#30985)

    BUG FIXES:

    • Terraform now hides invalid input values for sensitive root module variables when generating error diagnostics (#30552)
    • Fixed crash on CLI autocomplete (#31160)
    • The "Configuration contains unknown values" error message now includes attribute paths (#31111)
    Source code(tar.gz)
    Source code(zip)
  • v1.2.1(May 23, 2022)

    1.2.1 (May 23, 2022)

    BUG FIXES:

    • SSH provisioner connections fail when using signed ed25519 keys (#31092)
    • Crash with invalid module source (#31060)
    • Incorrect "Module is incompatible with count, for_each, and depends_on" error when a provider is nested within a module along with a sub-module using count or for_each (#31091)
    Source code(tar.gz)
    Source code(zip)
  • v1.2.0(May 18, 2022)

    1.2.0 (May 18, 2022)

    UPGRADE NOTES:

    • If you use the third-party credentials helper plugin terraform-credentials-env, you should disable it as part of upgrading to Terraform v1.2 because similar functionality is now built in to Terraform itself.

      The new behavior supports the same environment variable naming scheme but has a difference in priority order from the credentials helper: TF_TOKEN_... environment variables will now take priority over credentials blocks in CLI configuration and credentials stored automatically by terraform login, which is not true for credentials provided by any credentials helper plugin. If you see Terraform using different credentials after upgrading, check to make sure you do not specify credentials for the same host in multiple locations.

      If you use the credentials helper in conjunction with the hashicorp/tfe Terraform provider to manage Terraform Cloud or Terraform Enterprise objects with Terraform, you should also upgrade to version 0.31 of that provider, which added the corresponding built-in support for these environment variables.

    • The official Linux packages for the v1.2 series now require Linux kernel version 2.6.32 or later.

    • When making outgoing HTTPS or other TLS connections as a client, Terraform now requires the server to support TLS v1.2. TLS v1.0 and v1.1 are no longer supported. Any safely up-to-date server should support TLS 1.2, and mainstream web browsers have required it since 2020.

    • When making outgoing HTTPS or other TLS connections as a client, Terraform will no longer accept CA certificates signed using the SHA-1 hash function. Publicly trusted Certificate Authorities have not issued SHA-1 certificates since 2015.

    (Note: the changes to Terraform's requirements when interacting with TLS servers apply only to requests made by Terraform CLI itself, such as provider/module installation and state storage requests. Terraform provider plugins include their own TLS clients which may have different requirements, and may add new requirements in their own releases, independently of Terraform CLI changes.)

    NEW FEATURES:

    • precondition and postcondition check blocks for resources, data sources, and module output values: module authors can now document assumptions and assertions about configuration and state values. If these conditions are not met, Terraform will report a custom error message to the user and halt further execution.
    • replace_triggered_by is a new lifecycle argument for managed resources which triggers replacement of an object based on changes to an upstream dependency.
    • You can now specify credentials for Terraform-native services using an environment variable named as TF_TOKEN_ followed by an encoded version of the hostname. For example, Terraform will use variable TF_TOKEN_app_terraform_io as a bearer token for requests to "app.terraform.io", for the Terraform Cloud integration and private registry requests.

    ENHANCEMENTS:

    • When showing a plan, Terraform CLI will now only show "Changes outside of Terraform" if they relate to resources and resource attributes that contributed to the changes Terraform is proposing to make. (#30486)
    • Error messages for preconditions, postconditions, and custom variable validations are now evaluated as expressions, allowing interpolation of relevant values into the output. (#30613)
    • When showing the progress of a remote operation running in Terraform Cloud, Terraform CLI will include information about post-plan run tasks. (#30141)
    • Terraform will now show a slightly different note in the plan output if a data resource read is deferred to the apply step due to it depending on a managed resource that has changes pending. (#30971)
    • The "Invalid for_each argument" error message for unknown maps/sets now includes an additional paragraph to try to help the user notice they can move apply-time values into the map values instead of the map keys, and thus avoid the problem without resorting to -target. (#30327)
    • There are some small improvements to the error and warning messages Terraform will emit in the case of invalid provider configuration passing between modules. There are no changes to which situations will produce errors and warnings, but the messages now include additional information intended to clarify what problem Terraform is describing and how to address it. (#30639)
    • The environment variables TF_CLOUD_ORGANIZATION and TF_CLOUD_HOSTNAME now serve as fallbacks for the arguments of the same name inside a cloud block configuring integration with Terraform Cloud.
    • The environment variable TF_WORKSPACE will now additionally serve as an implicit configuration of a single selected workspace on Terraform Cloud if (and only if) the cloud block does not include an explicit workspaces configuration.
    • The AzureRM Backend now defaults to using MSAL (and Microsoft Graph) rather than ADAL (and Azure Active Directory Graph) for authentication. (#30891)
    • The AzureRM Backend now supports authenticating as a service principal using OpenID Connect. (#30936)
    • When running on macOS, Terraform will now use platform APIs to validate certificates presented by TLS (HTTPS) servers. This may change exactly which root certificates Terraform will accept as valid. (#30768)
    • Show remote host in error message for clarity when installation of provider fails (#30810)
    • Terraform now prints a warning when adding an attribute to ignore_changes that is managed only by the provider. Specifying non-configurable attributes in ignore_changes has no effect because ignore_changes tells Terraform to ignore future changes made in the configuration. (#30517)
    • terraform show -json now includes exact type information for output values. (#30945)
    • The ssh provisioner connection now supports SSH over HTTP proxy. (#30274)
      • The SSH client for provisioners now supports newer key algorithms, allowing it to connect to servers running more recent versions of OpenSSH. (#30962)

    BUG FIXES:

    • Terraform now handles type constraints, nullability, and custom variable validation properly for root module variables. Previously there was an order of operations problem where the nullability and custom variable validation were checked too early, prior to dealing with the type constraints, and thus that logic could potentially "see" an incorrectly-typed value in spite of the type constraint, leading to incorrect errors. (#29959)
    • When reporting a type mismatch between the true and false results of a conditional expression when both results are of the same structural type kind (object/tuple, or a collection thereof), Terraform will no longer return a confusing message like "the types are object and object, respectively", and will instead attempt to explain how the two structural types differ. (#30920)
    • Applying the various type conversion functions like tostring, tonumber, etc to null will now return a null value of the intended type. For example, tostring(null) converts from a null value of an unknown type to a null value of string type. Terraform can often handle such conversions automatically when needed, but explicit annotations like this can help Terraform to understand author intent when inferring type conversions for complex-typed values. (#30879)
    • Terraform now returns an error when cidrnetmask() is called with an IPv6 address, as it was previously documented to do. IPv6 standards do not preserve the "netmask" syntax sometimes used for IPv4 network configuration; use CIDR prefix syntax instead. (#30703)
    • When performing advanced state management with the terraform state commands, Terraform now checks the required_version field in the configuration before proceeding. (#30511)
    • When rendering a diff, Terraform now quotes the name of any object attribute whose string representation is not a valid identifier. (#30766)
    • Terraform will now prioritize local terraform variables over remote terraform variables in operations such as import, plan, refresh and apply for workspaces in local execution mode. This behavior applies to both remote backend and the cloud integration configuration. (#29972)
    • terraform show -json: JSON plan output now correctly maps aliased providers to their configurations, and includes the full provider source address alongside the short provider name. (#30138)
    • The local token configuration in the cloud and remote backend now has higher priority than a token specified in a credentials block in the CLI configuration. (#30664)
    • The cloud integration now gracefully exits when -input=false and an operation requires some user input.
    • Terraform will now reliably detect an inteerruptiong (e.g. Ctrl+C) during planning for terraform apply -auto-approve. Previously there was a window of time where interruption would cancel the plan step but not prevent Terraform from proceeding to the apply step. (#30979)
    • Terraform will no longer crash if a provider fails to return a schema. (#30987)
    Source code(tar.gz)
    Source code(zip)
  • v1.2.0-rc2(May 11, 2022)

    1.2.0-rc2 (Unreleased)

    UPGRADE NOTES:

    • The official Linux packages for the v1.2 series now require Linux kernel version 2.6.32 or later.

    • When making outgoing HTTPS or other TLS connections as a client, Terraform now requires the server to support TLS v1.2. TLS v1.0 and v1.1 are no longer supported. Any safely up-to-date server should support TLS 1.2, and mainstream web browsers have required it since 2020.

    • When making outgoing HTTPS or other TLS connections as a client, Terraform will no longer accept CA certificates signed using the SHA-1 hash function. Publicly trusted Certificate Authorities have not issued SHA-1 certificates since 2015.

      (Note: the changes to Terraform's requirements when interacting with TLS servers apply only to requests made by Terraform CLI itself, such as provider/module installation and state storage requests. Terraform provider plugins include their own TLS clients which may have different requirements, and may add new requirements in their own releases, independently of Terraform CLI changes.)

    • If you use the third-party credentials helper plugin terraform-credentials-env, you should disable it as part of upgrading to Terraform v1.2 because similar functionality is now built in to Terraform itself.

      The new behavior supports the same environment variable naming scheme but has a difference in priority order from the credentials helper: TF_TOKEN_... environment variables will now take priority over credentials blocks in CLI configuration and credentials stored automatically by terraform login, which is not true for credentials provided by any credentials helper plugin. If you see Terraform using different credentials after upgrading, check to make sure you do not specify credentials for the same host in multiple locations.

      If you use the credentials helper in conjunction with the hashicorp/tfe Terraform provider to manage Terraform Cloud or Terraform Enterprise objects with Terraform, you should also upgrade to version 0.31 of that provider, which added the corresponding built-in support for these environment variables.

    NEW FEATURES:

    • precondition and postcondition check blocks for resources, data sources, and module output values: module authors can now document assumptions and assertions about configuration and state values. If these conditions are not met, Terraform will report a custom error message to the user and halt further evaluation.
    • You may specify remote network service credentials using an environment variable named after the host name with a TF_TOKEN_ prefix. For example, the value of a variable named TF_TOKEN_app_terraform_io will be used as a bearer authorization token when the CLI makes service requests to the host name "app.terraform.io".
    • replace_triggered_by is a new lifecycle argument which allows one to configure the replacement of a resource based on changes in a dependency.

    ENHANCEMENTS:

    • The "Invalid for_each argument" error message for unknown maps/sets now includes an additional paragraph to try to help the user notice they can move apply-time values into the map values instead of the map keys, and thus avoid the problem without resorting to -target. (#30327)
    • When showing the progress of a remote operation running in Terraform Cloud, Terraform CLI will include information about post-plan run tasks. (#30141)
    • Error messages for preconditions, postconditions, and custom variable validations are now evaluated as expressions, allowing interpolation of relevant values into the output. (#30613)
    • There are some small improvements to the error and warning messages Terraform will emit in the case of invalid provider configuration passing between modules. There are no changes to which situations will produce errors and warnings, but the messages now include additional information intended to clarify what problem Terraform is describing and how to address it. (#30639)
    • When running terraform plan, only show external changes which may have contributed to the current plan (#30486)
    • Terraform will now show a slightly different note in the plan output if a data resource read is deferred to the apply step due to it depending on a managed resource that has changes pending. (#30971)
    • Add TF_CLOUD_ORGANIZATION environment variable fallback for organization in the cloud configuration
    • Add TF_CLOUD_HOSTNAME environment variable fallback for hostname in the cloud configuration
    • TF_WORKSPACE can now be used to configure the workspaces attribute in your cloud configuration
    • When running on macOS, Terraform will now use platform APIs to validate certificates presented by TLS (HTTPS) servers. This may change exactly which root certificates Terraform will accept as valid. (#30768)
    • The AzureRM Backend now defaults to using MSAL (and Microsoft Graph) rather than ADAL (and Azure Active Directory Graph) for authentication. (#30891)
    • The AzureRM Backend now supports authenticating as a service principal using OpenID Connect. (#30936)
    • Show remote host in error message for clarity when installation of provider fails (#30810)
    • Terraform now prints a warning when adding an attribute to ignore_changes that is managed only by the provider (non-optional computed attribute). (#30517)
    • JSON plan and state output now includes exact type representations for output values. (#30945)
    • The ssh provisioner connection now supports SSH over HTTP proxy. (#30274)

    BUG FIXES:

    • Terraform now handles type constraints, nullability, and custom variable validation properly for root module variables. Previously there was an order of operations problem where the nullability and custom variable validation were checked too early, prior to dealing with the type constraints, and thus that logic could potentially "see" an incorrectly-typed value in spite of the type constraint, leading to incorrect errors. (#29959)
    • Applying the various type conversion functions like tostring, tonumber, etc to null will now return a null value of the intended type. For example, tostring(null) converts from a null value of an unknown type to a null value of string type. Terraform can often handle such conversions automatically when needed, but explicit annotations like this can help Terraform to understand author intent when inferring type conversions for complex-typed values. (#30879)
    • When reporting a type mismatch between the true and false results of a conditional expression when both results are of the same structural type kind (object/tuple, or a collection thereof), Terraform will no longer return a confusing message like "the types are object and object, respectively", and will instead attempt to explain how the two structural types differ. (#30920)
    • Terraform now outputs an error when cidrnetmask() is called with an IPv6 address, as it was previously documented to do. (#30703)
    • When performing advanced state management with the terraform state commands, Terraform now checks the required_version field in the configuration before proceeding. (#30511)
    • When rendering a diff, Terraform now quotes the name of any object attribute whose string representation is not a valid identifier. (#30766)
    • Terraform will prioritize local terraform variables over remote terraform variables in operations such as import, plan, refresh and apply for workspaces in local execution mode. This behavior applies to both remote backend and the cloud integration configuration. (#29972)
    • terraform show -json: JSON plan output now correctly maps aliased providers to their configurations, and includes the full provider source address alongside the short provider name. (#30138)
    • The local token configuration in the cloud and remote backend now has higher priority than the token specified in a CLI configuration. (#30664)
    • The cloud integration now gracefully exits when -input=false and an operation requires some user input.
    • The ssh client for provisioners is updated to use newer key algorithms, allowing it to connect to more recent versions of openssh servers (#30962)
    • A cancellation in the CLI may not be caught when using -auto-approve, causing unintended changes to be applied (#30979)
    • A provider failing to return a schema could result in a panic (#30987)
    Source code(tar.gz)
    Source code(zip)
  • v1.2.0-rc1(May 4, 2022)

    1.2.0-rc1 (Unreleased)

    UPGRADE NOTES:

    • The official Linux packages for the v1.2 series now require Linux kernel version 2.6.32 or later.

    • When making outgoing HTTPS or other TLS connections as a client, Terraform now requires the server to support TLS v1.2. TLS v1.0 and v1.1 are no longer supported. Any safely up-to-date server should support TLS 1.2, and mainstream web browsers have required it since 2020.

    • When making outgoing HTTPS or other TLS connections as a client, Terraform will no longer accept CA certificates signed using the SHA-1 hash function. Publicly trusted Certificate Authorities have not issued SHA-1 certificates since 2015.

      (Note: the changes to Terraform's requirements when interacting with TLS servers apply only to requests made by Terraform CLI itself, such as provider/module installation and state storage requests. Terraform provider plugins include their own TLS clients which may have different requirements, and may add new requirements in their own releases, independently of Terraform CLI changes.)

    • If you use the third-party credentials helper plugin terraform-credentials-env, you should disable it as part of upgrading to Terraform v1.2 because similar functionality is now built in to Terraform itself.

      The new behavior supports the same environment variable naming scheme but has a difference in priority order from the credentials helper: TF_TOKEN_... environment variables will now take priority over credentials blocks in CLI configuration and credentials stored automatically by terraform login, which is not true for credentials provided by any credentials helper plugin. If you see Terraform using different credentials after upgrading, check to make sure you do not specify credentials for the same host in multiple locations.

      If you use the credentials helper in conjunction with the hashicorp/tfe Terraform provider to manage Terraform Cloud or Terraform Enterprise objects with Terraform, you should also upgrade to version 0.31 of that provider, which added the corresponding built-in support for these environment variables.

    NEW FEATURES:

    • precondition and postcondition check blocks for resources, data sources, and module output values: module authors can now document assumptions and assertions about configuration and state values. If these conditions are not met, Terraform will report a custom error message to the user and halt further evaluation.
    • You may specify remote network service credentials using an environment variable named after the host name with a TF_TOKEN_ prefix. For example, the value of a variable named TF_TOKEN_app_terraform_io will be used as a bearer authorization token when the CLI makes service requests to the host name "app.terraform.io".
    • replace_triggered_by is a new lifecycle argument which allows one to configure the replacement of a resource based on changes in a dependency.

    ENHANCEMENTS:

    • The "Invalid for_each argument" error message for unknown maps/sets now includes an additional paragraph to try to help the user notice they can move apply-time values into the map values instead of the map keys, and thus avoid the problem without resorting to -target. (#30327)
    • When showing the progress of a remote operation running in Terraform Cloud, Terraform CLI will include information about post-plan run tasks. (#30141)
    • Error messages for preconditions, postconditions, and custom variable validations are now evaluated as expressions, allowing interpolation of relevant values into the output. (#30613)
    • There are some small improvements to the error and warning messages Terraform will emit in the case of invalid provider configuration passing between modules. There are no changes to which situations will produce errors and warnings, but the messages now include additional information intended to clarify what problem Terraform is describing and how to address it. (#30639)
    • When running terraform plan, only show external changes which may have contributed to the current plan (#30486)
    • Add TF_CLOUD_ORGANIZATION environment variable fallback for organization in the cloud configuration
    • Add TF_CLOUD_HOSTNAME environment variable fallback for hostname in the cloud configuration
    • TF_WORKSPACE can now be used to configure the workspaces attribute in your cloud configuration
    • When running on macOS, Terraform will now use platform APIs to validate certificates presented by TLS (HTTPS) servers. This may change exactly which root certificates Terraform will accept as valid. (#30768)
    • The AzureRM Backend now defaults to using MSAL (and Microsoft Graph) rather than ADAL (and Azure Active Directory Graph) for authentication. (#30891)
    • The AzureRM Backend now supports authenticating as a service principal using OpenID Connect. (#30936)
    • Show remote host in error message for clarity when installation of provider fails (#30810)
    • Terraform now prints a warning when adding an attribute to ignore_changes that is managed only by the provider (non-optional computed attribute). (#30517)
    • JSON plan and state output now includes exact type representations for output values. (#30945)
    • The ssh provisioner connection now supports SSH over HTTP proxy. (#30274)

    BUG FIXES:

    • Terraform now handles type constraints, nullability, and custom variable validation properly for root module variables. Previously there was an order of operations problem where the nullability and custom variable validation were checked too early, prior to dealing with the type constraints, and thus that logic could potentially "see" an incorrectly-typed value in spite of the type constraint, leading to incorrect errors. (#29959)
    • Applying the various type conversion functions like tostring, tonumber, etc to null will now return a null value of the intended type. For example, tostring(null) converts from a null value of an unknown type to a null value of string type. Terraform can often handle such conversions automatically when needed, but explicit annotations like this can help Terraform to understand author intent when inferring type conversions for complex-typed values. (#30879)
    • When reporting a type mismatch between the true and false results of a conditional expression when both results are of the same structural type kind (object/tuple, or a collection thereof), Terraform will no longer return a confusing message like "the types are object and object, respectively", and will instead attempt to explain how the two structural types differ. (#30920)
    • Terraform now outputs an error when cidrnetmask() is called with an IPv6 address, as it was previously documented to do. (#30703)
    • When performing advanced state management with the terraform state commands, Terraform now checks the required_version field in the configuration before proceeding. (#30511)
    • When rendering a diff, Terraform now quotes the name of any object attribute whose string representation is not a valid identifier. (#30766)
    • Terraform will prioritize local terraform variables over remote terraform variables in operations such as import, plan, refresh and apply for workspaces in local execution mode. This behavior applies to both remote backend and the cloud integration configuration. (#29972)
    • terraform show -json: JSON plan output now correctly maps aliased providers to their configurations, and includes the full provider source address alongside the short provider name. (#30138)
    • The local token configuration in the cloud and remote backend now has higher priority than the token specified in a CLI configuration. (#30664)
    • The cloud integration now gracefully exits when -input=false and an operation requires some user input.
    • The ssh client for provisioners is updated to use newer key algorithms, allowing it to connect to more recent versions of openssh servers (#30962)
    • A cancellation in the CLI may not be caught when using -auto-approve, causing unintended changes to be applied (#30979)
    • A provider failing to return a schema could result in a panic (#30987)
    Source code(tar.gz)
    Source code(zip)
  • v1.2.0-beta1(Apr 27, 2022)

    1.2.0 (Unreleased)

    UPGRADE NOTES:

    • The official Linux packages for the v1.2 series now require Linux kernel version 2.6.32 or later.

    • When making outgoing HTTPS or other TLS connections as a client, Terraform now requires the server to support TLS v1.2. TLS v1.0 and v1.1 are no longer supported. Any safely up-to-date server should support TLS 1.2, and mainstream web browsers have required it since 2020.

    • When making outgoing HTTPS or other TLS connections as a client, Terraform will no longer accept CA certificates signed using the SHA-1 hash function. Publicly trusted Certificate Authorities have not issued SHA-1 certificates since 2015.

      (Note: the changes to Terraform's requirements when interacting with TLS servers apply only to requests made by Terraform CLI itself, such as provider/module installation and state storage requests. Terraform provider plugins include their own TLS clients which may have different requirements, and may add new requirements in their own releases, independently of Terraform CLI changes.)

    • If you use the third-party credentials helper plugin terraform-credentials-env, you should disable it as part of upgrading to Terraform v1.2 because similar functionality is now built in to Terraform itself.

      The new behavior supports the same environment variable naming scheme but has a difference in priority order from the credentials helper: TF_TOKEN_... environment variables will now take priority over credentials blocks in CLI configuration and credentials stored automatically by terraform login, which is not true for credentials provided by any credentials helper plugin. If you see Terraform using different credentials after upgrading, check to make sure you do not specify credentials for the same host in multiple locations.

      If you use the credentials helper in conjunction with the hashicorp/tfe Terraform provider to manage Terraform Cloud or Terraform Enterprise objects with Terraform, you should also upgrade to version 0.31 of that provider, which added the corresponding built-in support for these environment variables.

    NEW FEATURES:

    • precondition and postcondition check blocks for resources, data sources, and module output values: module authors can now document assumptions and assertions about configuration and state values. If these conditions are not met, Terraform will report a custom error message to the user and halt further evaluation.
    • You may specify remote network service credentials using an environment variable named after the host name with a TF_TOKEN_ prefix. For example, the value of a variable named TF_TOKEN_app_terraform_io will be used as a bearer authorization token when the CLI makes service requests to the host name "app.terraform.io".
    • replace_triggered_by is a new lifecycle argument which allows one to configure the replacement of a resource based on changes in a dependency.

    ENHANCEMENTS:

    • The "Invalid for_each argument" error message for unknown maps/sets now includes an additional paragraph to try to help the user notice they can move apply-time values into the map values instead of the map keys, and thus avoid the problem without resorting to -target. (#30327)
    • When showing the progress of a remote operation running in Terraform Cloud, Terraform CLI will include information about post-plan run tasks. (#30141)
    • Error messages for preconditions, postconditions, and custom variable validations are now evaluated as expressions, allowing interpolation of relevant values into the output. (#30613)
    • There are some small improvements to the error and warning messages Terraform will emit in the case of invalid provider configuration passing between modules. There are no changes to which situations will produce errors and warnings, but the messages now include additional information intended to clarify what problem Terraform is describing and how to address it. (#30639)
    • When running terraform plan, only show external changes which may have contributed to the current plan (#30486)
    • Add TF_CLOUD_ORGANIZATION environment variable fallback for organization in the cloud configuration
    • Add TF_CLOUD_HOSTNAME environment variable fallback for hostname in the cloud configuration
    • TF_WORKSPACE can now be used to configure the workspaces attribute in your cloud configuration
    • When running on macOS, Terraform will now use platform APIs to validate certificates presented by TLS (HTTPS) servers. This may change exactly which root certificates Terraform will accept as valid. (#30768)
    • The AzureRM Backend now defaults to using MSAL (and Microsoft Graph) rather than ADAL (and Azure Active Directory Graph) for authentication. (#30891)
    • The AzureRM Backend now supports authenticating as a service principal using OpenID Connect. (#30936)
    • Show remote host in error message for clarity when installation of provider fails (#30810)
    • Terraform now prints a warning when adding an attribute to ignore_changes that is managed only by the provider (non-optional computed attribute). (#30517)
    • JSON plan and state output now includes exact type representations for output values. (#30945)

    BUG FIXES:

    • Terraform now handles type constraints, nullability, and custom variable validation properly for root module variables. Previously there was an order of operations problem where the nullability and custom variable validation were checked too early, prior to dealing with the type constraints, and thus that logic could potentially "see" an incorrectly-typed value in spite of the type constraint, leading to incorrect errors. (#29959)
    • Applying the various type conversion functions like tostring, tonumber, etc to null will now return a null value of the intended type. For example, tostring(null) converts from a null value of an unknown type to a null value of string type. Terraform can often handle such conversions automatically when needed, but explicit annotations like this can help Terraform to understand author intent when inferring type conversions for complex-typed values. (#30879)
    • When reporting a type mismatch between the true and false results of a conditional expression when both results are of the same structural type kind (object/tuple, or a collection thereof), Terraform will no longer return a confusing message like "the types are object and object, respectively", and will instead attempt to explain how the two structural types differ. (#30920)
    • Terraform now outputs an error when cidrnetmask() is called with an IPv6 address, as it was previously documented to do. (#30703)
    • When performing advanced state management with the terraform state commands, Terraform now checks the required_version field in the configuration before proceeding. (#30511)
    • When rendering a diff, Terraform now quotes the name of any object attribute whose string representation is not a valid identifier. (#30766)
    • Terraform will prioritize local terraform variables over remote terraform variables in operations such as import, plan, refresh and apply for workspaces in local execution mode. This behavior applies to both remote backend and the cloud integration configuration. (#29972)
    • terraform show -json: JSON plan output now correctly maps aliased providers to their configurations, and includes the full provider source address alongside the short provider name. (#30138)
    • The local token configuration in the cloud and remote backend now has higher priority than the token specified in a CLI configuration. (#30664)
    • The cloud integration now gracefully exits when -input=false and an operation requires some user input.
    Source code(tar.gz)
    Source code(zip)
  • v1.1.9(Apr 20, 2022)

    1.1.9 (April 20, 2022)

    BUG FIXES:

    • cli: Fix crash when using sensitive values in sets. (#30825)
    • cli: Fix double-quoted map keys when rendering a diff. (#30855)
    • core: Prevent errors when handling a data source with incompatible schema changes (#30830)

    ENHANCEMENTS:

    • cli: Terraform now supports run tasks, a Terraform Cloud integration for executing remote operations, for the post plan stage of a run.
    Source code(tar.gz)
    Source code(zip)
  • v1.2.0-alpha20220413(Apr 13, 2022)

    1.2.0 (Unreleased)

    UPGRADE NOTES:

    • The official Linux packages for the v1.2 series now require Linux kernel version 2.6.32 or later.
    • When making outgoing HTTPS or other TLS connections as a client, Terraform now requires the server to support TLS v1.2. TLS v1.0 and v1.1 are no longer supported. Any safely up-to-date server should support TLS 1.2, and mainstream web browsers have required it since 2020.
    • When making outgoing HTTPS or other TLS connections as a client, Terraform will no longer accept CA certificates signed using the SHA-1 hash function. Publicly trusted Certificate Authorities have not issued SHA-1 certificates since 2015.

    (Note: the changes to Terraform's requirements when interacting with TLS servers apply only to requests made by Terraform CLI itself, such as provider/module installation and state storage requests. Terraform provider plugins include their own TLS clients which may have different requirements, and may add new requirements in their own releases, independently of Terraform CLI changes.)

    NEW FEATURES:

    • precondition and postcondition check blocks for resources, data sources, and module output values: module authors can now document assumptions and assertions about configuration and state values. If these conditions are not met, Terraform will report a custom error message to the user and halt further evaluation.
    • Terraform now supports run tasks, a Terraform Cloud integration for executing remote operations, for the post plan stage of a run.

    ENHANCEMENTS:

    • The "Invalid for_each argument" error message for unknown maps/sets now includes an additional paragraph to try to help the user notice they can move apply-time values into the map values instead of the map keys, and thus avoid the problem without resorting to -target. (#30327)
    • When showing the progress of a remote operation running in Terraform Cloud, Terraform CLI will include information about post-plan run tasks. (#30141)
    • Error messages for preconditions, postconditions, and custom variable validations are now evaluated as expressions, allowing interpolation of relevant values into the output. (#30613)
    • There are some small improvements to the error and warning messages Terraform will emit in the case of invalid provider configuration passing between modules. There are no changes to which situations will produce errors and warnings, but the messages now include additional information intended to clarify what problem Terraform is describing and how to address it. (#30639)
    • When running terraform plan, only show external changes which may have contributed to the current plan (#30486)
    • Add TF_ORGANIZATION environment variable fallback for organization in the cloud configuration
    • Add TF_HOSTNAME environment variable fallback for hostname in the cloud configuration
    • When running on macOS, Terraform will now use platform APIs to validate certificates presented by TLS (HTTPS) servers. This may change exactly which root certificates Terraform will accept as valid. (#30768)

    BUG FIXES:

    • Terraform now handles type constraints, nullability, and custom variable validation properly for root module variables. Previously there was an order of operations problem where the nullability and custom variable validation were checked too early, prior to dealing with the type constraints, and thus that logic could potentially "see" an incorrectly-typed value in spite of the type constraint, leading to incorrect errors. (#29959)
    • terraform show -json: JSON plan output now correctly maps aliased providers to their configurations, and includes the full provider source address alongside the short provider name. (#30138)
    • Terraform now prints a warning when adding an attribute to ignore_changes that is managed only by the provider (non-optional computed attribute). (#30517)
    • Terraform will prioritize local terraform variables over remote terraform variables in operations such as import, plan, refresh and apply for workspaces in local execution mode. This behavior applies to both remote backend and the cloud integration configuration. (#29972)
    • Terraform now outputs an error when cidrnetmask() is called with an IPv6 address. (#30703)
    • When performing advanced state management with the terraform state commands, Terraform now checks the required_version field in the configuration before proceeding. (#30511)
    • When rendering a diff, Terraform now quotes the name of any object attribute whose string representation is not a valid identifier. (#30766)

    UPGRADE NOTES:

    • The Terraform Cloud integration relies on the Go-TFE SDK. Terraform has upgraded this dependency to use its new major version 1.0 [#30626]. Go-TFE v1.0.0 CHANGELOG.
    Source code(tar.gz)
    Source code(zip)
  • v1.1.8(Apr 7, 2022)

    1.1.8 (April 07, 2022)

    BUG FIXES:

    • cli: Fix missing identifying attributes (e.g. "id", "name") when displaying plan diffs with nested objects. (#30685)
    • functions: Fix error when sum() function is called with a collection of string-encoded numbers, such as sum(["1", "2", "3"]). (#30684)
    • When rendering a diff, Terraform now quotes the name of any object attribute whose string representation is not a valid identifier. (#30766)
    • Terraform will no longer crash in the terraform apply phase if an error occurs during backend configuration. (#30780)
    Source code(tar.gz)
    Source code(zip)
Owner
HashiCorp
Consistent workflows to provision, secure, connect, and run any infrastructure for any application.
HashiCorp
Terraform-equinix-migration-tool - Tool to migrate code from Equinix Metal terraform provider to Equinix terraform provider

Equinix Terraform Provider Migration Tool This tool targets a terraform working

Equinix 1 Feb 15, 2022
sail is an operation framework based on Ansible/Helm. sail follows the principles of Infrastructure as Code (IaC), Operation as Code (OaC), and Everything as Code. So it is a tool for DevOps.

sail 中文文档 sail is an operation framework based on Ansible/Helm. sail follows the principles of Infrastructure as Code (IaC), Operation as Code (OaC),a

Bougou Nisou 10 Dec 16, 2021
Continuous Delivery for Declarative Kubernetes, Serverless and Infrastructure Applications

Continuous Delivery for Declarative Kubernetes, Serverless and Infrastructure Applications Explore PipeCD docs » Overview PipeCD provides a unified co

PipeCD 632 Nov 13, 2022
ip-masq-agent-v2 aims to solve more specific networking cases, allow for more configuration options, and improve observability compared to the original.

ip-masq-agent-v2 Based on the original ip-masq-agent, v2 aims to solve more specific networking cases, allow for more configuration options, and impro

Microsoft Azure 5 Aug 31, 2022
kube-champ 43 Oct 19, 2022
Terraform-in-Terraform: Execute Modules directly from the Terraform Registry

Terraform-In-Terraform Provider This provider allows running Terraform in Terraform. This might seem insane but there are some edge cases where it com

WeakPixel 39 Aug 31, 2022
LazyXds enables Istio only push needed xDS to sidecars to reduce resource consumption and speed up xDS configuration propagation.

LazyXds LazyXds enables Istio only push needed xDS to sidecars to reduce resource consumption and speed up xDS configuration propagation. Problems to

Aeraki Mesh 15 Nov 15, 2022
An open-source, distributed, cloud-native CD (Continuous Delivery) product designed for developersAn open-source, distributed, cloud-native CD (Continuous Delivery) product designed for developers

Developer-oriented Continuous Delivery Product ⁣ English | 简体中文 Table of Contents Zadig Table of Contents What is Zadig Quick start How to use? How to

null 0 Oct 19, 2021
Flux is a tool for keeping Kubernetes clusters in sync with sources of configuration, and automating updates to configuration when there is new code to deploy.

Flux is a tool for keeping Kubernetes clusters in sync with sources of configuration (like Git repositories), and automating updates to configuration when there is new code to deploy.

Flux project 4.1k Nov 27, 2022
A Kubernetes Operator, that helps DevOps team accelerate their journey into the cloud and K8s.

A Kubernetes Operator, that helps DevOps team accelerate their journey into the cloud and K8s. OAM operator scaffolds all of the code required to create resources across various cloud provides, which includes both K8s and Non-K8s resources

Pavan Kumar 2 Nov 30, 2021
Vilicus is an open source tool that orchestrates security scans of container images(docker/oci) and centralizes all results into a database for further analysis and metrics.

Vilicus Table of Contents Overview How does it work? Architecture Development Run deployment manually Usage Example of analysis Overview Vilicus is an

Ederson Brilhante 79 Nov 17, 2022
An open source alternative to terraform enterprise.

oTF An open source alternative to terraform enterprise. Functionality is currently limited: Remote execution mode (plans and applies run remotely) Sta

Louis Garman 99 Nov 20, 2022
The server-side reproduction, similar the one of https://popcat.click, improve the performance and speed.

PopCat Echo The server-side reproduction, similar the one of https://popcat.click, improve the performance and speed. Docker Image The docker image is

SuperSonic 62 Jun 19, 2022
Shared counter (with max limit) for k6 load testing tool

xk6-increment This is a k6 extension using the xk6 system. ❗ This is a proof of concept, isn't supported by the k6 team, and may break in the future.

Michail Safronov 0 Nov 30, 2021
Cloud Infrastructure as Code

CloudIaC Cloud Infrastructure as Code CloudIaC 是基于基础设施即代码构建的云环境自动化管理平台。 CloudIaC 将易于使用的界面与强大的治理工具相结合,让您和您团队的成员可以快速轻松的在云中部署和管理环境。 通过将 CloudIaC 集成到您的流程中

iDCOS 92 Oct 25, 2022
Infrastructure as Code Workshop

infrastructure-as-code-workshop Infrastructure as Code Workshop Run Pulumi projects Just cd into the pulumi-* folder and type pulumi up Run Terraform

Engin Diri 7 Oct 21, 2022
go-opa-validate is an open-source lib that evaluates OPA (open policy agent) policy against JSON or YAML data.

go-opa-validate go-opa-validate is an open-source lib that evaluates OPA (open policy agent) policy against JSON or YAML data. Installation Usage Cont

chenk 5 Feb 5, 2022
Library/tool to change a yaml given a rules file

golang-yaml-rules/yaml-transform Library/tool to change a yaml given a rules file Using jsonpath ( https://github.com/vmware-labs/yaml-jsonpath ), thi

null 0 Feb 11, 2022