mirror of https://github.com/hashicorp/terraform
v1.15
pss/TF-33680-interactive-confirm-pss-providers
sarah/workspace-subcommands-args-2
main
TF-36258-automation-confirm-pss-providers
av/sepyt-motsuc
TF-35484
backport/av/fix-38402/illegally-summary-tarpon
matejrisek/providers/dynamic_sources
sarah/workspace-use-arguments-package
mildwonkey/import-in-module
v1.14
v1.13
jbardin/reaction
sarah/workspace-list-json-output-nonbreaking
build/add-linux-s390x
radek/pss-fix-missing-lockfile
av/merge-panic-fix
sams/fill-nested
backport/bump-go-getter/painfully-relevant-tortoise
dynamic-module-sources-bugs
mildwonkey/action-in-resource
radek/b-fix-pss-provider-upgrade
testing-for-tracing
ast-hclwrite-migration
backport/fix-base64-error-message/loudly-proven-monster
sarah-radek-b-fix-pss-provider-upgrade
prototype-tf-migration-ast
pss/cleanup-init-gating-flag
backport/jbardin/path-matcher/legally-upright-cub
feature/34010/add-strict-mode-tf-test
add-missing-variable-loading
pss/safe-provider-download-during-init-in-automation
pss/safe-provider-download-during-init
sams/tf-test-parallel-deps-cleanup
jbardin/eval-outputs-with-types
prototype-migrate-ux
stacks-variable-validations
modernize-other-commands
modernize-graph-command-to-use-arguments
modernize-force-unlock-command-to-use-arguments
modernize-fmt-command-to-use-arguments
modernize-workspace-new-command-to-use-arguments
modernize-workspace-delete-command-to-use-arguments
modernize-workspace-select-command-to-use-arguments
modernize-workspace-list-command-to-use-arguments
modernize-logout-command-to-use-arguments
modernize-get-command-to-use-arguments
mildwonkey/action-expansion
tracing
make-ci-target
prototype-expansion-moved-3
guard-against-non-pointers-in-graph-add
prototype-expansion-moved
pss/discovery-block-download-via-download-event-callbacks
prototype-expansion-moved-2
deprecated-resource-block-marks
modernize-console-command-to-use-arguments
modernize-providers-commands-to-use-command-package
modernize-state-commands-to-use-arguments-package
sams/skip-cleanup-release
expanding-moved-blocks
backport/dbanck/bump-otel/thankfully-picked-fish
modernize-taint-commands
modernize-state-commands
modernize-taint-commands-2
modernize-import-command
modernize-providers-lock-command
providers-command-modernization
mildwonkey/action-graph
sams/f-plan
sams/marks-provenance
tfdiags-test-helper-with-extras
pss/discovery-block-download-via-installer-as-blackbox-2
changelog-link-verification
pss/discovery-block-download-via-installer-as-blackbox
sams/jit-instances
refactor-config-types
pss/init-security-workflow-changes
experimental/sams_matej/safe_targeting
sams/feat-targeting
v1.11
v1.12
matejrisek/actions/on_failure
prototype-destroy-action
limit-usage-of-deep-unmarking
use-deprecation-marks-for-resource-deprecation-2
shweta/remove_extra_color_code_in_plan_string
sarah/init-cmd-testing-comments
prepare/1.15.0-alpha20260114
stacks-destory-argument
pss/validate-backend-state-store-config-in-plans
pss/change-experiment-control
example-current-experiment
sarah/allow-experiment-overrides
use-deprecation-marks-for-resource-deprecation
deprecation-marks-2
fix-actions-not-respecting-resource-dependencies
changelog-fix-2
changelog-fix
backport/stacks-surface-diagnostics-from-locals/externally-sacred-snapper
backport/fails-in-apply-should-not-set-empty-state/gladly-leading-cattle
stacks-invalid-locals
jbardin/terraform-data-write-only
undeferred-components-should-not-have-unknown-inputs
mildwonkey/actions-deps-tests
pss/update-how-operations-use-backend-config-state
mildwonkey/poc
sarah/plan-workspace-not-used-test
compliance/update-headers
1.13-bump-crypto-dep
experimental/add-on-failure
mjyocca/TF-25756-tf-reg-comp-protocol
prepare/1.15.0-alpha20251117
backport/bump-golang-crypto/lovely-cheerful-stud
proto/reg-comp
deprecation-structural-detection
backport/liamcervante/37841/remarkably-classic-tapir
deprecation-without-marks
azure/fix-empty-string-ignore
backport/dependabot/go_modules/golang.org/x/crypto-0.45.0/nominally-still-dory
backport/radek/pss-isolate-init/slowly-literate-molly
backport/dbanck/fix-list-no-identity-crash/vastly-driving-pig
backport/liamcervante/ephemeral-outputs-state/thankfully-easy-spider
backport/liamcervante/stacks/component-ephemeral-output/repeatedly-perfect-molly
backport/t-bump-go-getter/clearly-master-chow
mildwonkey/de-feral-actions
backport/alanpchua/update-release-scan-config/conversely-adequate-weevil
backport/alanpchua/update-release-scan-config/merely-together-hagfish
backport/liamcervante/ephemerals/stacks-and-tests/indirectly-arriving-shrimp
pss/add-pss-implementations-in-grpcwrap
liamcervante/37784
deps-oci-sdk-update
deprecation-marks
fix-action-targeting-2-backport-1-14
backport/refactor-action-apply-graph/gratefully-upward-perch
backport/liamcervante/actions/validate-ephemeral/remotely-next-monster
pss/2025-10-init-new-workdir
sams/query-validate-identity-change
backport/dbanck/check-identity-schema-decode/notably-heroic-moose
add-duration-to-action-complete
liamcervante/actions/defers-with-edges
backport/add-test-case-for-conditions-referencing-triggering-resource/forcibly-square-wahoo
fix-query-action-interference-2
fix-query-action-interference
sams/xtract-config
backport/sams/list-remove-experiments/rapidly-usable-macaque
mend-security/deploy-workflow-psirt_prd0014263
pss/migrate-state-store-to-backend
TF-27458-2-old
TF-27458-with-partial-expansion
TF-27480
TF-27458-with-partial-expansion-based-on-validation
sarah/add-azure-backend-testing-notes
TF-27460-with-unknown-conditions
TF-27460-with-count-and-index
pss/update-workspace-commands
actions/invoke-command-prototype
actions-in-modules
backport/sams/flaky-test/reliably-fond-flounder
equivalence-testing/add-action-invocations-to-summary
actions/prototype-looping-syntax
TF-27458-old
experiment/actions-no-reference-cycle
pss/prototyping-2025-08-12
backport/dbanck/identity-apply-error/wildly-intent-chamois
backport/dbanck/identity-apply-error/newly-pumped-bonefish
backport/dbanck/identity-apply-error/naturally-vital-grouper
pss/prototyping-2025-06-11
backport/dbanck/identity-apply-error/notably-allowing-macaw
provider-using-hashicorp-namespace
sams/exp/test-breakpoints
pss/enable-specific-experiment-for-init-via-flag
diagnostics-playground
local-state-via-terraform-provider
revert-37307-sams/no-runtime-build
TF-27252
stack-cli-download-in-plugin-cache
radek/pss-builtin-provider-impl
jbardin/ignore_changes
TF-25933
radek/pluggable-backends-protocol
sams/memo-eval-ctx
pss/warning-ss-in-child-module
radek/f-state-storage-cfg
ds-experimenting
sams/parallel-cleanup
bump/consul-remote-state-deps
build-workflow-dev/validate-window-symlink-pack-fix
fix-windows-symlink
sarah/pss-prototype-be-state
backport/radditude/remove-cgo-default/personally-calm-cat
v1.7
v1.6
v1.3
v1.10
v1.9
v1.8
v1.1
v1.0
backport/patch-1/virtually-up-fowl
v1.2
v1.4
v1.5
backport/patch-1/finally-wired-stingray
backport/patch-1/suddenly-stirred-piranha
backport/patch-1/nationally-working-kite
backport/bmm/update-use-cases/lovely-relevant-haddock
docs/reference-rewrites-phrase-1
backport/ilu/bump-vul/logically-robust-tomcat
sarah/pss-prototype-backend-state
backport/dbanck/fix-import-ui-identity/hugely-super-hippo
sams/tfquery-execute-res
sams/ephem-blocks
fixing-stacks-plugin-server-panics
sams/query-list
stacks-subcommand-plugin
backport/dbanck/relax-identity-validation/partly-bursting-llama
f-terraform-actions
backport/iframe-to-videoembed/promptly-grand-turtle
backport/iframe-to-videoembed/safely-ideal-platypus
backport/iframe-to-videoembed/strongly-capable-maggot
backport/dbanck/validate-identity-matches-schema/carefully-many-malamute
sarah/merge-main-controlling-destroys
sarah/partial-config-nested-attrs-bugfix
refactor-with-hcloverlay
f-controlling-destroys
docs/resource-block-ref-rewrite
sarah/add-file-fields
rs/remove_io_links
radek/testing-remove-unused-fields
sams/invalid-triggered-by-ref
docs/march-sprint-lang-rewrites
TF-24447-spike-stacks-cli-as-a-plugin
sarah/refactor-local-state-backend
tfmigrate-links
sams/deferred-targeting
output-deprecation
TF-24682-save
sams/inverse-target
sams/fix-single-wrapped-null
update-aws-sdk-go-base
RK/feedback-on-ephemeral-value-changes
RK/checks-draft
sams/resource-level-concurrency
sarah/auto-label-no-changelog
stacks-debugging-info
backport/sams/tf-test
backport/sams/fix-empty-state/cleanly-moral-maggot
backport/oss/solely-organic-gull
test-changie-check
backport/docs/stacks-deploy/clearly-curious-lioness
sarah/TF-21877
backport/IPL-7602/saved-plan-apply-hangs-with-auto-approve-flag/privately-humorous-jay
output-deprecation-with-marks
sams/cancel-ch-to-ctx
demo-pr
backport/changelog-and-experiments/adequately-ultimate-pika
sams/tf-test-parallel
backport-changie-changelog-to-1-10
cleanup/1.11.0-beta1
backport-changie-changelog
prepare/1.11.0-alpha20250107
prepare/-alpha20250107
ds/main-clean
Content-rewrites-part-1
TF-21851
TF-21851-only-dynamic-backend-first-try
release-0-10-3
equivalence-testing/sams/skip-graph-cycle-validation
f-builtin-write-only-attr
changelog-process
equivalence-testing/update-backend-comments
TF-21877
release/liamcervante-testing
cleanup-1.10-rc.3
equivalence-testing/jbardin/data-depends_on
input-deprecation
equivalence-testing/docs/dnf5
TF-18617-remove-in-the-end-version
equivalence-testing/docs/update-version-constraints-operators-reference
equivalence-testing/main
equivalence-testing/fix/typo-infrastructure
jbardin/no-refresh-objcompat
equivalence-testing/d-update-json-schema
equivalence-testing/jbardin/undeclared-vars
TF-21888
backport/jbardin/ephemeral-funcs/safely-quick-cougar
backport/dependabot/go_modules/github.com/golang-jwt/jwt/v4-4.5.1/daily-probable-ewe
rln-ephemeral-values-updates
trying-to-get-interactive-inputs-to-work
RK/ephemeral-values
ensure-checks-dont-leak-ephemeral-values
ephemeral-checks
add-ephemeral-func
ds/experiment/trigger-block
TF-18609
TF-18610-with-cross-component-ephemeral-values
backport/patch-1/hopelessly-enabled-magpie
ds/deferred-ephemeral-resources-with-change
ds/deferred-ephemeral-resources
ds/office-hours-removed-block
20240919
improve-error-message-for-removed-block-component-collission
apply-destroy-and-forget-plans
nolegacysdk-azure
add-removed-blocks-to-find-stack-config-components-rpc-call
radek/f-ev-ephemeral-func
radek/f-ev-variable-validation
docs/cli-nav-rename
docs/write-configuration-proposal
alisdair/stacks/sensitive-inputs
kmoe/render-output-sensitivity-changes
brandonc/plan_options_replace
brandonc/contains_equality_docs
docs/re-reformat-templatestring-funct
make-plan-public-with-deferred-plan-renderer
make-plan-public-with-deferred-plan-renderer-2
make-plan-public
TF-19059
artifact-manifest/main/presumably-calm-ostrich
jbardin/destroy-validations
f-collections-iterators
revert-32615-patch-1
TF-18435
TF-18463-2
TF-18463
TF-9822
b-variable-default-validation-context
TF-13968
TF-10919
spike-component-remove
f-actions-prototype
TF-17949
kmoe/ephemeral-output-values
f-core-finer-semaphore
f-fmt-required-providers
f-ephemeral-values
f-ephemeral-values-2
b-stacks-apply-variables-not-passed
f-ephemeral-values-stacks
docs/atrujill0-1.9-review
doc-provider-req-cta
f-cmd-console-release-lock
RK/renameAzureAD
f-rpcapi-multipkg
f-stacks-state-plan-handles
TF-13085
TF-13952
f-templatestring-dynamic-traversals
bmm/migrate-tf-phases-doc
f-events-actions
apparentlymart-patch-4
brandonc/deprecated_module_warnings
mjyocca/stacks-rpcapi-package-service
sebasslash/tf-15302_modifiable-snapshot-interval
TF-12601/deprecated-module-warnings
f-stacks-provider-singletons
b-plan-snapshot-experiments
TF-13965
backend/azure/update-to-latest-sdks
docs/atrujillo/lang-add-moved-ref
consistency-provider-deferred
nf/apr24-pr-template
TF-14641
TF-13964
TF-13963
nf/may24-alpha-release
jbardin/plan-valid-nested-null
ensure-all-deferred-provider-workflows-have-same-behavior
TF-13961
f-collections-set-zeroval
backport/RK/fix-links/adequately-related-bear
backport/RK/fix-links/willingly-ultimate-catfish
RK/fix-links
f-stacks-provider-cancel
testing-renovate
f-robust-marks-handling
tf-init-json
TF-13960
TF-13959
radditude/fix-provider-for-each
f-junit-xml-round-2
TF-13960-old
TF-13959-old
TF-13958-old
modify-dev-override-warn-with-backend
TF-13951
bmm/fix-style-anchor
WAF-110-Terraform-Code-Style-Guide
bmm/custom-condition-docs-fix
doc-dependency-updates
f-rehearse-gosum-changes
f-genconfig-hclwrite
f-no-more-helperschema
TF-13084
radditude/stacks-checkable
f-removed-provisioners
TF-10521-Implement-component-resource-correlators-in-the-agent
b-stacks-remove-data-resource
laurenolivia/changelog-fix-cloud-colorize
kmoe/dynamic-foreach-sensitive-error
alisdair/stackeval-hook-replace-action-counts-slice
alisdair/stackeval-hook-replace-action-counts
radditude/standard-panics
improve-dynamic-block-iterator-error
backport/patch-1/lovely-splendid-mackerel
improve-dynamic-block-error-message
document-provider-lock-using-cache
individual-element-diffs
b-evalcontext-funcs-in-partial-expanded-module
fix-is-sensitive
f-plan-applyable-complete-flags
use-plugin-cache-for-provider-lock
b-terraform-test-junit-invalid
heat/chore/update-website-node-version
f-deferred-actions-placeholder-eval
RK/fix-nav-upgrade-name
laurenolivia/fix-cloud-colorize
apparentlymart-patch-3
alisdair/stacks-sensitive-component-outputs
f-stacks-apply-ordering
kmoe/forget-plan-proto-2
backport/bmm/tf-test-mock-doc-update/trivially-kind-burro
bmm/tf-test-mock-doc-update
feature/applied_changes/add_component_addr
gh-issue-34396
brandonc/bump_go-slug_0.13.3
backport/patch-1/scarcely-touched-jennet
sebasslash/cloudplugin_terminal
RELPLAT-955-EOY-license-updates
feature/add-additional-fields-to-resource-proto
f-module-eval-plan
f-deferred-actions
apparentlymart-patch-2
f-addrs-localval-uniquekey
radditude/apply-sensitive-values
f-cmd-graph-simpler
jbardin/provider-functions
RK/update-oracle-registry-links
f-sso-endpoint
dep-minor-upgrades-v1.7
kmoe/import-moved-validation
tests_docs_fixup
apparentlymart-patch-1
b-val-refinements-panics
backport/mock-importstate-data-race/adversely-prompt-halibut
backport/s3/fix-coerce-value/certainly-saving-owl
backport/s3/fix-coerce-value/deeply-on-marlin
backport/s3/f-schema-single-nested-object/accurately-noble-stingray
backport/s3/f-schema-single-nested-object/miserably-well-arachnid
s3/f-check-for-bucket-in-init
backport/s3/improved-s3-error-messages/extremely-natural-filly
backport/TF-9149-terraform-1-5-should-not-enable-snapshots-when-x-terraform-snapshot-interval-is-not-sent/ghastly-social-hippo
s3/request-logging
backport/s3/request-logging/locally-feasible-snail
backport/s3/testing-endpoints/nominally-becoming-caiman
backport/s3/testing-endpoints/possibly-supreme-kite
backport/s3/testing-endpoints/strangely-cunning-manatee
s3/log-base
backport/s3/log-base/blatantly-ethical-buffalo
backport/TF-9149-terraform-1-5-should-not-enable-snapshots-when-x-terraform-snapshot-interval-is-not-sent/remarkably-moral-oriole
backport/TF-9149-terraform-1-5-should-not-enable-snapshots-when-x-terraform-snapshot-interval-is-not-sent/remarkably-stunning-mule
backport/TF-9149-terraform-1-5-should-not-enable-snapshots-when-x-terraform-snapshot-interval-is-not-sent/naturally-wise-primate
backport/jbardin/types/gently-unbiased-walleye
backport/jbardin/types/loudly-hot-poodle
alisdair-patch-1
backport/s3/allow-forbid-account-ids/rarely-casual-louse
backport/s3/allow-forbid-account-ids/violently-on-adder
alisdair/check-results-state-compatibility-1.5
backport/alisdair/check-results-state-compatibility/jointly-curious-kit
alisdair/check-results-state-compatibility-1.3
IPL-3022-terraform-cloud-state-locking-regression-for-local-users
brandonc/state_upload_fallback
import-id-interp-docs
go1.21
radditude/validate-module-names
brandonc/CHANGELOG-go-tfe-bump-v1.38.1
swap_ironbank_stanza
codeowners-core
enable_ironbank
backport/brandonc/bump_go-tfe_v1.32.1/adversely-fit-mite
radditude/check-ci
RK/remove-language
compliance/license-updates
compliance/license-update
s3/more-validation-modernization
update-linux-package-license
backport/jbardin/init-from-module-warnings/informally-trusting-asp
radditude/go-1.20.7
sebasslash/saved-cloud-plans-changelog
cli-team/saved-cloud-plans
brandonc/changelog_33333
TF-7327-using-multiple-terraform-remote-state-data-sources-can-cause-race-conditions-when-the-backend-configuring-localterraform-com
deps-grpc-cve-2023-32731
TF-7056-uploading-state-directly-to-hosted-state-upload-url-when-available
b-svchost-race-panic-v1.5
backport/b-svchost-race-panic/evidently-intense-horse
RK/add-checks-tutorial-and-fix-headers
sebasslash/snapshot-interval-header-check
RELENG-297-patch-set-output-deprecation
backport/fix-iss-33220/allegedly-oriented-warthog
kmoe/genconfig-timeouts
radditude/duplicate-import-blocks
TF-6378-Workspaces-can-use-agent-pools-when-not-in-allowed-workspaces
sarah-test-changes
nf/suggest/laurenolivia/codify-remote-plan-artifact
radditude/ci-test
jbardin/import-with-config
vravind1/plugin-framework-tutorial
alisdair/goimports-fixes
releng/disable-reproducability-checks
f-sourcebundle
laurenolivia/add-resource-drift-logtype
kmoe/plannable-import-plan-renderer
kmoe/plannable-import-types
jbardin/provider-resource-types
backport/patch-1/personally-brave-snapper
tf-5529-sro-tfe-version-check
bflad/debugging-link-to-provider-logging
releng/fix-ecr-tag
releng/fix-trigger-dependencies
releng/migrate-common-release-tooling
b-1.4-no-cty-refinements-yet
backport/patch-3/horribly-patient-ape
f-deferred-actions-old
judith/state
releng/test-linux-arm-tests
ashleemboyer-patch-1
doc-break-plugin-cache-env
docs/amb.migrate-link-formats
f-break-plugin-cache-with-env-var
brandonc/TF-4560
sebasslash/sro-provisioner-logs
sebasslash/fix-credentials-sourcing-backend
sebasslash/cloud-e2e-testworkflow
TF-3527-detect-alias-localterraform-com-during-terraform-init
alisdair/hcl-v2.16.0
f-smoke-test-prototype
f-typeexpr-inferred
kmoe-patch-1
kmoe/import-refresh-false
f-default-provider-address-allowlist
mktg-tf-ee07f063062f473a65a2c1d9c3036251
null-values-fix
f-output-value-types
backport/fix-future-lang-2/mostly-helped-shrew
fix-future-lang-2
f-cli-hide-fast-refresh
f-cmd-web
doc-unicode-hcl
brandonc/changelog_sensitive_diff_fixes
brandonc/changelog_nested_sensitive
f-build-go1.19.3
fix-links-devdot
brandonc/providers-estimate
brandonc/nested_attr_sensitive
fix-future-facing-language
gcs-backend-add-private-connect-support
mg_no_code_prov_followup
add-cont-valid-callout
f-partial-plan-on-error
gcs-backend-add-kms
doc-yamlencode-stable
mg_cli_install_architectures
b-check-output-multi-expand
b-check-resource-multi-expand
uk1288-redact-output-sensitive-values
fix-internals-overview
update-lang-frontmatter
megan_pr_touch_up
kmoe/init-checksum-miss-error
dividers-devdot-fixes
fix-dividers-for-devdot
megan_tf563
f-dynamic-provider-assignment
dev-portal-updates-docs
f-persistent-checks-old
f-jsonstate-2
b-flatten-panic
backport/patch-1/badly-correct-zebra
backport/patch-1/fully-fine-macaw
backport/patch-1/globally-true-burro
backport/patch-1/heavily-moving-teal
backport/patch-1/overly-fleet-polecat
backport/patch-1/presently-upright-newt
backport/patch-1/yearly-first-impala
update-readme
backport/patch-1/yearly-rich-skunk
tiny-fix-readme
kevin/remove-guides-docs
remove-terraform-docs
docs-readme-updates-versioned-docs
module-invocation-warning
update-important-section
f-expand-root-outputs
f-addrs-static-checkable
gs/add-pre-plan-run-tasks
f-moduletest-2
stable-website
backport/bugfix_typos/hardly-sharp-mosquito
fix-readme-again
fix-cdktf-link
backport/fix-apt-page/abnormally-relative-quagga
fix-apt-page
laura-update-docs-readme
MatthewTestBranch
tfexec-0.17.0
add-jsonstate-to-cloudbackendstate2
update-optional-type-attributes
docs-for-each-list-toset
add-jsonstate-to-cloudbackendstate
add-internals-to-sidebar
backport/patch-1/rarely-informed-gopher
f-functions-in-providers
f-testing-with-conditions
add-warnings-backends
add-version-notes-1.2
add-tutorial-custom-conditions
non-interactive-workflows
alisdair/fix-configload-snapshot-panic
fix-postconditions-example
f-partial-plan-on-error-ui
thiskevinwang-patch-1
brandonc/cloud_upgrade_013
update-run-task-result
taiidani/cloudScheme
brandonc/scheme_override_cloud
alisdair/metadata-functions-command
update-runtasks
add-note-about-spaces
sebasslash/err-approval-input-false
sebasslash/config-token-precedence
kevin/preview
update-TF-WORKSPACE-variable
sebasslash/rename-env-vars
laura-update-pre-post-conditions
release-notes-env-credentials
rt-changelog-entry-1.1
sebasslash/env-cloud-e2e-tests
sebasslash/add-cloud-e2e-test-workflow
sebasslash/tf-workspace-cloud-config
kevin/vercel-config
build-pr-checks
uk1288/update-changelog-md-v1-1
uk1288/update-changelog-md
sebasslash/resolve-flaky-env-var-test
uk1288/fix-for-cloud-integration-panic
sebasslash/add-tf-hostname-env-var
f-init-provider-source-feedback
sebasslash/add-tf-org-env-var
uturunku1-patch-2
link_workflow_tutorials
migrate-go-tfe-1_0
f-ng-workflow
uturunku1-patch-1
update-cidrnetmask-docs
tchupp/override-local-vars
backport/barrettclark/update-go-slug/severely-destined-crow
preapply-runtasks-clioutput
fix-broken-link
kmoe/unused-resource-attributes
f-e2etest-deps-forbidden
alisdair/disable-preconditions-postconditions
update-depends-on-docs
fix-preconditions
preapply-runtasks-cli-output
barrettclark/fix-state-outputs-read-permissions
fix-last-intro-nits
fix-intro-page-images
add-new-intro-docs
fix-provisioners-content
update-packaging-action-name
update_gen_meta
f-diagnostics-cli-reorg
test-branch-protection-workflow
alisdair/resource-instance-object-dependencies
f-new-build-pipeline
f-implied-move-module-call
b-1.1-module-source-git
backport/doc-refactoring-nav-link/honestly-sweet-sawfly
tfc-integration-docs
f-svcauth-environment
f-preconditions-postconditions
nf/nov21-migrate-away-from-cloud
tags-reconfigure-msg
backport/jbardin/k8s-mod-update/likely-probable-falcon
lafentres/autolabel-dependabot-prs
cloud-e2e-fix
f-validate-lint
f-rpcplugin-interface
brandonc/variable_parsing_refactor
nq.docs-content-update
backport/jbardin/coerce-value-nested-types/certainly-rested-chigger
backport/jbardin/optional-attrs/obviously-growing-duck
f-plugin-finder
backport/main/absolutely-sterling-whippet
revert-29088-minify_jsonencode
omarismail/run-vars
backport/jbardin/format-empty-nested-attrs/rightly-uncommon-bluegill
backport/jbardin/format-id-name-marks/perfectly-boss-bass
b-miekg-dns-upgrade
f-unused-attr
backport/jbardin/ignore-changes-marks/formerly-new-insect
prototype-implicit-graph
f-moved-again
f-decode-moved
f-derived-values-tracking
alisdair/prototype-moved-actions
v0.15
doc-config-refactoring
review-1.0-docs
f-template-values
cgriggs01-tpdp-default
f-plan-immediate-ops
backport/f-plan-refresh-only-and-replace/really-absolute-silkworm
backport/f-plan-action-reason/incredibly-concrete-jackal
v0.14
v0.13
v0.11
v0.12
f-submodule-outputs-inferred-sensitive
backport/k8s-backend-credentials/radically-decent-mite
res-add-learn-link-debug
f-func-expandnull
f-new-plan-modes
alisdair/version-should-include-prerelease
f-debugger
update-tfe-login-flow
json-schema-export-crash
f-exprstress
alisdair/still-applying-consolidation
f-fewer-apply-updates
pselle/env_delete
b-tf-builtin-provider-parser-fix
f-gen-integration-tests
jan21_language_urls
jan21_url_rfc
b-dev-overrides-plan-warning
jan21_test_broken_link_check
f-prototype-workspaces-are-states
f-cmd-output-raw
pault/0.14-tfce-continue-on-error
cmd-fmt-parens-error
alisdair/mildwonkey/type-func
revamp-cli-config
f-prototype-drift
gitrgoliveira-patch-1
fix-value-assertion-errors
f-nix-legacy-providers
26258
alisdair/are-consul-tests-running
f-temp-without-provider-blocks
f-depfile-pkg
alisdair/plan-summary-after-changes
mnomitch/varialbe-errors-on-remote-backend
alisdair/concise-diff-experiment
alisdair/remote-input-variable-unset
alisdair/backend-config-override-fix-remote-test
f-skip-attrs-as-blocks
alisdair/duplicate-no-color
cgriggs01-stable-pdp
guide-v0.13-beta
july2020_pre0.13_stable-website_backup
f-terraform-version-lock
b-module-instance-resource-deps
f-playground
alisdair/alpine-latest
alisdair/providers-list
f-provider-http-mirrors
f-providers-mirror-2
f-outputs-plan
f-plan-reads
f-cmdline-funcs
ps-protocol2
k8sback
f-refresh-plan
alisdair/getproviders-retries-bad-branch-do-not-use
registry-provider-tiers
f-providerinst-command-tests
f-provider-source-local-discovery
f-cmd-show-config
f-langserver
paddy_module_attribution_tmp
f-providers-new-installer
paddy_paul_proto52
f-providers-mirror
f-cliconfig-hcl2api
build-circleci
f-possible-apply-refactoring
f-core-rpc
f-provider-state-storage
f-workspaces2-prototype
p-go-azure-helpers-0.10.0
f-func-cidrsubnets
regenerate-protobufs
f-resource-for_each-and-experiments
f-testing-eval-prototype
sdk-removed
Incident16886
f-state-upgrade-always
sdk-v0.11-with-go-modules
pluginsdk-v0.12-early8
pluginsdk-v0.12-early7
pluginsdk-v0.12-early6
pluginsdk-v0.12-early5
cd/deprecate-in-docs
pluginsdk-v0.12-early4
pluginsdk-v0.12-early3
f-objchange-nulls
b-nested-set-unknown
b-sdk-nested-id
vendor-bump-hil
b-sdk-import-verify-test
pluginsdk-v0.12-early2
pluginsdk-v0.12-early1
v011
v0.12-alpha
allthingsclowd-patch-1
f-v0.12-cmdvars
f-outputs-in-plan
azurerm-backend-proxy
go1.11rc1-vendor-experiment
f-hcl2-planstate
f-provider-schema-init
f-hcl2-context-old
proto-test-harness
f-svchost-disco
v1.4.2
v1.4.1
v1.4.0
v1.4.0-rc1
v1.3.9
v1.4.0-beta2
v1.3.8
v1.4.0-beta1
v1.3.7
v1.4.0-alpha20221207
v1.3.6
v1.3.5
v1.4.0-alpha20221109
v1.3.4
v1.3.3
v1.3.2
v1.3.1
v1.3.0
v1.3.0-rc1
v1.2.9
v1.3.0-beta1
v1.2.8
v1.3.0-alpha20220817
v1.2.7
v1.3.0-alpha20220803
v1.2.6
v1.2.5
v1.3.0-alpha20220706
v1.2.4
v1.3.0-alpha20220622
v1.2.3
v1.3.0-alpha20220608
v1.2.2
v1.2.1
v1.3.0-dev
v1.2.0
v1.2.0-rc2
v1.2.0-rc1
v1.2.0-beta1
v1.1.9
v1.2.0-alpha20220413
v1.1.8
v1.2.0-alpha-20220328
v1.1.7
v1.1.6
v1.1.5
v1.1.4
v1.1.3
v1.1.2
v1.1.1
v1.1.0
v1.1.0-rc1
v1.1.0-beta2
v1.0.11
v1.1.0-beta1
v1.1.0-alpha20211029
v1.0.10
v1.1.0-alpha20211020
v1.0.9
v1.1.0-alpha20211006
v1.0.8
v1.1.0-alpha20210922
v1.0.7
v1.1.0-alpha20210908
v1.0.6
v1.0.5
v1.1.0-alpha20210811
v1.0.4
v1.1.0-alpha20210728
v1.0.3
v1.1.0-alpha20210714
v1.0.2
v1.1.0-alpha20210630
v1.0.1
v1.1.0-alpha20210616
v1.0.0
v0.15.5
v0.15.4
v0.15.3
v0.15.2
v0.11.15
v0.12.31
v0.13.7
v0.14.11
v0.15.1
v0.15.0
v0.14.10
v0.15.0-rc2
v0.15.0-rc1
v0.14.9
v0.15.0-beta2
v0.14.8
v0.15.0-beta1
v0.14.7
v0.15.0-alpha20210210
v0.14.6
v0.15.0-alpha20210127
v0.14.5
v0.15.0-alpha20210107
v0.14.4
v0.13.6
v0.12.30
v0.14.3
v0.14.2
v0.14.1
v0.14.0
v0.14.0-rc1
v0.14.0-beta2
v0.13.5
v0.14.0-beta1
v0.14.0-alpha20201007
v0.13.4
v0.14.0-alpha20200923
v0.13.3
v0.14.0-alpha20200910
v0.13.2
v0.13.1
v0.13.0
v0.12.29
v0.13.0-rc1
v0.13.0-beta3
v0.12.28
v0.12.27
v0.13.0-beta2
v0.13.0-beta1
v0.12.26
v0.12.25
v0.12.24
v0.12.23
v0.12.22
v0.12.21
v0.12.20
v0.12.19
v0.12.18
v0.12.17
v0.12.16
v0.12.15
v0.12.14
v0.12.13
v0.12.12
v0.12.11
v0.12.10
v0.12.9
v0.12.8
v0.12.7
v0.12.6
v0.12.5
v0.12.4
v0.12.3
v0.12.2
v0.12.1
v0.12.0
v0.12.0-dev20190520H16
v0.11.14
v0.12.0-rc1
v0.12.0-beta2
v0.11.13
v0.11.12
v0.12.0-beta1
v0.11.12-beta1
v0.11.11
v0.12.0-alpha4
v0.12.0-alpha3
v0.12.0-alpha2
v0.11.10
v0.12.0-alpha1
v0.11.9
v0.11.9-beta1
v0.11.8
v0.11.7
v0.11.6
v0.11.5
v0.11.4
v0.11.3
v0.11.2
v0.11.1
v0.11.0
v0.11.0-rc1
v0.11.0-beta1
v0.10.8
v0.10.7
v0.10.6
v0.10.5
v0.10.4
v0.10.3
v0.10.2
v0.10.1
v0.10.0-rc1
v0.10.0-beta2
v0.9.11
v0.9.10
v0.9.9
v0.10.0-beta1
v0.9.8
v0.9.7
v0.9.6
v0.9.5
v0.9.4
v0.9.3
v0.9.2
v0.9.1
v0.9.0
v0.9.0-beta2
v0.8.8
v0.9.0-beta1
v0.8.7
v0.8.6
v0.8.5
v0.8.4
v0.8.3
v0.8.2
v0.8.1
v0.8.0
v0.8.0-rc3
v0.8.0-rc2
v0.7.13
v0.8.0-rc1
v0.7.12
v0.8.0-beta2
v0.7.11
v0.8.0-beta1
v0.7.9
v0.7.8
v0.7.7
v0.7.6
v0.7.5
v0.7.4
v0.7.3
v0.7.2
v0.7.1
v0.7.0
v0.7.0-rc4
v0.7.0-rc3
v0.7.0-rc2
v0.7.0-rc1
v0.6.16
v0.6.15
v0.6.14
v0.6.13
v0.6.12
v0.6.11
v0.6.10
v0.6.9
v0.6.8
v0.6.7
v0.6.6
v0.6.5
v0.6.4
v0.6.3
v0.6.2
v0.6.1
v0.6.0
v0.5.3
0.7.7
list
v0.1.0
v0.1.1
v0.10.0
v0.2.0
v0.2.1
v0.2.2
v0.3.0
v0.3.1
v0.3.5
v0.3.6
v0.3.7
v0.4.0
v0.4.1
v0.4.2
v0.5.0
v0.5.1
v0.7.10
v1.10.0
v1.10.0-alpha20240606
v1.10.0-alpha20240619
v1.10.0-alpha20240717
v1.10.0-alpha20240730
v1.10.0-alpha20240807
v1.10.0-alpha20240814
v1.10.0-alpha20240828
v1.10.0-alpha20240911
v1.10.0-alpha20240918
v1.10.0-alpha20240926
v1.10.0-alpha20241009
v1.10.0-alpha20241023
v1.10.0-beta1
v1.10.0-rc1
v1.10.0-rc2
v1.10.0-rc3
v1.10.1
v1.10.2
v1.10.3
v1.10.4
v1.10.5
v1.11.0
v1.11.0-alpha20241106
v1.11.0-alpha20241211
v1.11.0-alpha20241218
v1.11.0-alpha20250107
v1.11.0-beta1
v1.11.0-beta2
v1.11.0-rc1
v1.11.0-rc2
v1.11.0-rc3
v1.11.1
v1.11.2
v1.11.3
v1.11.4
v1.12.0
v1.12.0-alpha20250213
v1.12.0-alpha20250312
v1.12.0-alpha20250319
v1.12.0-beta1
v1.12.0-beta2
v1.12.0-beta3
v1.12.0-rc1
v1.12.0-rc2
v1.12.1
v1.12.2
v1.13.0
v1.13.0-alpha20250521
v1.13.0-alpha20250604
v1.13.0-alpha20250623
v1.13.0-alpha20250702
v1.13.0-alpha20250708
v1.13.0-beta1
v1.13.0-beta2
v1.13.0-beta3
v1.13.0-rc1
v1.13.1
v1.13.2
v1.13.3
v1.13.4
v1.13.5
v1.14.0
v1.14.0-alpha20250716
v1.14.0-alpha20250724
v1.14.0-alpha20250806
v1.14.0-alpha20250813
v1.14.0-alpha20250827
v1.14.0-alpha20250903
v1.14.0-alpha20250911
v1.14.0-beta1
v1.14.0-beta2
v1.14.0-beta3
v1.14.0-rc1
v1.14.0-rc2
v1.14.1
v1.14.2
v1.14.3
v1.14.4
v1.14.5
v1.14.6
v1.14.7
v1.14.8
v1.14.9
v1.15.0
v1.15.0-alpha20251119
v1.15.0-alpha20251203
v1.15.0-alpha20260204
v1.15.0-alpha20260218
v1.15.0-alpha20260304
v1.15.0-beta1
v1.15.0-beta2
v1.15.0-rc1
v1.15.0-rc2
v1.15.0-rc3
v1.15.0-rc4
v1.3.10
v1.4.3
v1.4.4
v1.4.5
v1.4.6
v1.4.7
v1.5.0
v1.5.0-alpha20230405
v1.5.0-alpha20230504
v1.5.0-beta1
v1.5.0-beta2
v1.5.0-rc1
v1.5.0-rc2
v1.5.1
v1.5.2
v1.5.3
v1.5.4
v1.5.5
v1.5.6
v1.5.7
v1.6.0
v1.6.0-alpha20230719
v1.6.0-alpha20230802
v1.6.0-alpha20230816
v1.6.0-beta1
v1.6.0-beta2
v1.6.0-beta3
v1.6.0-rc1
v1.6.1
v1.6.2
v1.6.3
v1.6.4
v1.6.5
v1.6.6
v1.7.0
v1.7.0-alpha20231025
v1.7.0-alpha20231108
v1.7.0-alpha20231130
v1.7.0-beta1
v1.7.0-beta2
v1.7.0-rc1
v1.7.0-rc2
v1.7.1
v1.7.2
v1.7.3
v1.7.4
v1.7.5
v1.8.0
v1.8.0-alpha20240131
v1.8.0-alpha20240214
v1.8.0-alpha20240216
v1.8.0-alpha20240228
v1.8.0-beta1
v1.8.0-rc1
v1.8.0-rc2
v1.8.1
v1.8.2
v1.8.3
v1.8.4
v1.8.5
v1.9.0
v1.9.0-alpha20240404
v1.9.0-alpha20240501
v1.9.0-alpha20240516
v1.9.0-beta1
v1.9.0-rc1
v1.9.0-rc2
v1.9.0-rc3
v1.9.1
v1.9.2
v1.9.3
v1.9.4
v1.9.5
v1.9.6
v1.9.7
v1.9.8
${ noResults }
138 Commits (148b19b0d7e36b6f2b8a169d2cb7b6069ab5d00a)
| Author | SHA1 | Message | Date |
|---|---|---|---|
Daniel Schmidt
|
f3764ead4c
|
Merge pull request #35118 from hashicorp/consistency-provider-deferred
stacks: error if provider emits deferred action when it's not supported |
2 years ago |
|
Daniel Schmidt
|
f684df82f6
|
stack: improve wording
Co-authored-by: Brian Flad <bflad417@gmail.com> |
2 years ago |
|
Daniel Schmidt
|
08917d1628
|
stacks: error if provider emits deferred action when it's not supported
|
2 years ago |
James Bardin
|
2562420d16 |
prevent panics with null objects in nested attrs
When descending into nested structural attributes, don't try to extract attributes from null objects. Unlike with blocks, nested attributes allow the possibility of assigning null values. While these technically aren't allowed to be altered, we need to accept these for compatibility. |
2 years ago |
Martin Atkins
|
30e2fd6525 |
Handle marks a little more consistently
In the very first implementation of "sensitive values" we were unfortunately not disciplined about separating the idea of "marked value" from the idea of "sensitive value" (where the latter is a subset of the former). The first implementation just assumed that any marking whatsoever meant "sensitive". We later improved that by adding the marks package and the marks.Sensitive value to standardize on the representation of "sensitive value" as being a value marked with _that specific mark_. However, we did not perform a thorough review of all of the mark-handling codepaths to make sure they all agreed on that definition. In particular, the state and plan models were both designed as if they supported arbitrary marks but then in practice marks other than marks.Sensitive would be handled in various inconsistent ways: dropped entirely, or interpreted as if marks.Sensitive, and possibly do so inconsistently when a value is used only in memory vs. round-tripped through a wire/file format. The goal of this commit is to resolve those oddities so that there are now two possible situations: - General mark handling: some codepaths genuinely handle marks generically, by transporting them from input value to output value in a way consistent with how cty itself deals with marks. This is the ideal case because it means we can add new marks in future and assume these codepaths will handle them correctly without any further modifications. - Sensitive-only mark preservation: the codepaths that interact with our wire protocols and file formats typically have only specialized support for sensitive values in particular, and lack support for any other marks. Those codepaths are now subject to a new rule where they must return an error if asked to deal with any other mark, so that if we introduce new marks in future we'll be forced either to define how we'll avoid those markings reaching the file/wire formats or extend the file/wire formats to support the new marks. Some new helper functions in package marks are intended to standardize how we deal with the "sensitive values only" situations, in the hope that this will make it easier to keep things consistent as the codebase evolves in future. In practice the modules runtime only ever uses marks.Sensitive as a mark today, so all of these checks are effectively covering "should never happen" cases. The only other mark Terraform uses is an implementation detail of "terraform console" and does not interact with any of the codepaths that only support sensitive values in particular. |
2 years ago |
|
Martin Atkins
|
ea60ca7d70 |
plans/planfile: Don't use deprecated "io/ioutil" package
Everything from ioutil has been moved into other locations in modern Go. This particular package only used ioutil.ReadAll and ioutil.ReadFile, which have been replaced by io.ReadAll and os.ReadFile respectively. |
2 years ago |
|
Martin Atkins
|
6be3ddf9e7 |
planfile: Reject value marks that we cannot serialize
The plan file format can only preserve the "sensitive" mark, but previously it was just silently treating any other mark as if it were the sensitive mark. Now we'll reject any other marks at serialization time. There are not currently any other marks used by the modules runtime and so in practice this cannot fail yet, but this is here to guard against misbehavior if we introduce new marks in future without considering whether and how they are to be serialized. (For any mark we choose not to serialize, it'll be the caller's responsibility to replace the values using unsupported marks with suitable unmarked placeholders.) |
2 years ago |
|
Daniel Schmidt
|
57018c8d57
|
stacks: add test case for ReportDataSourceInstanceDeferred
|
2 years ago |
|
Daniel Schmidt
|
7e3fb0850c
|
stacks: add ReportDataSourceInstanceDeferred method
|
2 years ago |
|
Daniel Schmidt
|
4db9ab8536
|
stacks: check if resource instance is deferred
before marking it as deferred |
2 years ago |
|
Daniel Schmidt
|
5b8f77d2a4
|
stacks: add deferred actions to plugin protocol
We are moving the deferred reason from plans/deferring to providers to have a single representation of deferred reason to be used from providers to the plan. Using the plan's representation causes circular dependencies. Co-authored-by: Matej Risek <matej.risek@hashicorp.com> |
2 years ago |
Liam Cervante
|
cbee7469b0
|
Complete functionality for the unknown instances processing path for resources (#34945)
* Expand functionality of the unknown count/for_each path when processing resources * remove reference to experiment in tests * fix race tests * update tests * address comments |
2 years ago |
|
Liam Cervante
|
28797e7938
|
Add the deferred changes into the plan (#34946)
* Add the deferred changes into the plan * add copywrite headers |
2 years ago |
Nick Fagerlund
|
d3cdb2b26d |
Add DeferralAllowed fields to PlanOpts, graphWalkOpts, and Deferred
The concept behind deferred actions is that various objects (resources, data
sources, modules, stack components) can end up being *deferred*, meaning that
we're unable to produce an actionable plan for them and intend to run the *rest*
of the plan to completion and apply it without taking action on those objects,
which will have to wait for another future plan.
For the most part, we only *find out* about the kinds of absences that force
deferral at the time of *graph walk.* That's because deferral is caused by
unknown values in count/for_each, absent dependencies reported by the provider,
or dependency on something that got deferred, none of which can really be know
at graph construction.
Also, we don't always want deferral to be an available option -- for the time
being, we want to preserve existing behavior in the modules runtime ("normal
terraform") while enabling deferral in Stacks.
So, *things that happen during graph walk need to know whether they can defer.*
(And if not, they'll throw an error if they hit such an absence.) That means the
top-level signal that deferral is enabled (which should arrive as part of the
PlanOpts) needs to make it all the way down into the graph walk methods.
The graph walk methods generally have access to an EvalContext, and EvalContext
conveniently gives you access to a Deferred tracker, the pointer to which is
shared across all related EvalContexts. So, the Deferred will be what tells you
whether you can defer.
|
2 years ago |
|
Martin Atkins
|
d3b8a55781 |
go.mod: go get google.golang.org/protobuf@v1.33.0
Many of the changes between these two versions seem to be in parts of the
library that Terraform doesn't use, but there are a few sensitive parts:
- Slight changes to details of how the library implements the JSON
encoding of protobuf. Terraform CLI/Core don't use this, but some
of the backends might use it indirectly when talking to their
underlying APIs.
- Some details of the "protoreflect" package for working with
protobuf descriptors dynamically (rather than using generated stubs)
have changed, but it seems pretty marginal and unlikely to cause
problems.
|
2 years ago |
|
Martin Atkins
|
5f2eab6944 |
providerreqs: Provider requirement/version types in their own package
As we previously found with "package addrs", any package that contains types used as identifiers or addresses tends to get imported from all over, which means that if we mix real logic with those types in the same package then a lot more packages end up depending indirectly on our external dependencies. In this case, the getproviders package depends on various things we need only during provider installation, such as the library we use for GPG signature verification. Lots of different packages in Terraform need to talk about provider requirements, but only the CLI layer actually needs to do provider installation, and so this commit splits the types we use to talk about requirements into a new package "providerreqs", which package getproviders then depends on. To keep the size of this diff relatively small to start I've left forwarding aliases in package getproviders, which means that not all of the callers needed to be updated all at once. This commit does update all of the packages that the remote state backends depend on though, because that then allows us to reduce the set of indirect dependencies for each of those backends. The nested module go.mod files show that this has disconnected the indirect dependencies on github.com/ProtonMail/go-crypto and on github.com/cloudflare/circl , both of which Terraform CLI uses only for provider installation. |
2 years ago |
|
Martin Atkins
|
d86eee6c1f |
go.mod: Eliminate github.com/apparentlymart/go-dump
I originally wrote this library as a stopgap measure because
davecgh/go-spew produced a hard-to-read representation of cty.Value due to
exposing the raw internals, whereas my "go-dump" instead just pretty-prints
whatever fmt.Sprintf("%#v", ...) would return for a given value.
However, in the meantime I wrote ctydebug as a more cty-specialized
library for this purpose, and we switched to using go-cmp as our primary
library for deep-comparing data structures, and so our few remaining uses
of apparentlymart/go-dump were vestigial in tests that haven't been
updated recently enough to have been updated to our new standards.
This commit therefore swaps out all use of that library with combinations
of go-cmp and ctydebug, matching our current standards for how to do these
sorts of things in tests. This removes our dependency on "go-dump"
altogether.
At least one of our dependencies is still using go-dump as part of its own
test suite, and so the Go toolchain still includes its declared version
in our go.sum file. However, this library is no longer linked in to
Terraform either in real builds or in test binaries, and so it gets dropped
entirely from our go.mod file.
|
2 years ago |
CJ Horton
|
5a750561e6 |
round-trip check results through stack plans
Components expect that check results will be round-tripped through the plan in order to update unknown check results during the apply. We hadn't wired this up for stack plans, resulting in panics when the apply tries to update a check status that doesn't exist. |
2 years ago |
|
Martin Atkins
|
db07b905e9 |
deferring: A new package for tracking deferred actions
When we defer planning actions that have direct side-effects -- that is, resource instance actions -- we need to remember that we did so because we then need to force deferring planning for any other resources downstream to preserve the required order of operations. That means we need to keep track of what we've already deferred so we can check whether a newly-visited resource instance must also be deferred. We also need to track deferrals for the purpose of reporting them as part of the plan presented to the end-user. This change _starts_ to implement that, but for now the public API is limited only to generating a boolean signal for whether there are any deferrals at all, because that's the minimum possible reporting that allows for correct behavior (so the caller can treat the resulting plan slight differently in the workflow). In future we'll also want to be able to return placeholder values for not-yet-expanded resource instances, but that's not fully built out here yet since for an initial implementation we can cheat and use cty.DynamicVal as a universal "we know nothing at all" placeholder. This API is likely to grow and change in forthcoming commits as we continue wiring these new behaviors into the Terraform modules runtime. |
2 years ago |
|
Martin Atkins
|
884e1fb2a4 |
terraform: Plans can be "complete" and "applyable"
These ideas are both already implied by some logic elsewhere in the system, but until now we didn't have the decision logic centralized in a single place that could therefore evolve over time without necessarily always updating every caller together. We'll now have the modules runtime produce its own boolean ruling about each characteristic, which callers can rely on for the mechanical decision-making of whether to offer the user an "approve" prompt, and whether to remind the user after apply that it was an incomplete plan that will probably therefore need at least one more plan/apply round to converge. The "Applyable" flag directly replaces the previous method Plan.CanApply, with equivalent logic. Making this a field instead of a method means that we can freeze it as part of a saved plan, rather than recalculating it when we reload the plan, and we can export the field value in our export formats like JSON while ensuring it'll always be consistent with what Terraform is using internally. Callers can (and should) still use other context in the plan to return more tailored messages for specific situations they already know about that might be useful to users, but with these flags as a baseline callers can now just fall back to a generic presentation when encountering a situation they don't yet understand, rather than making the wrong decision and causing something strange to happen. That is: a lack of awareness of a new rule will now cause just a generic message in the UI, rather than incorrect behavior. This commit mostly just deals with populating the flags, and then all of the direct consequences of that on our various tests. Further changes to actually make use of these flags elsewhere in the system will follow in later commits, both in this repository and in other repositories. |
2 years ago |
|
James Bardin
|
bc945f22eb
|
Merge pull request #34515 from hashicorp/jbardin/provider-function-validation
Add validation for provider function results |
2 years ago |
|
James Bardin
|
a3aa517589 |
store and verify provider functions calls in plan
Store the hashed function calls within the plan file, so that Terraform can validate the results during apply as well. The error won't be as good, since we don't have access to the prior results to help debugging, but it is very helpful to indicate when a function returned an incorrect result rather than show that the resource attempted to apply a different value from what was originally planned. |
2 years ago |
Alisdair McDiarmid
|
fc75657113 |
terraform: Support sensitive input variable values
The stacks runtime interacts directly with the modules runtime's planning operations, rather than through the usual CLI paths. As a result, root module input variable values can be marked as sensitive upon entry. This commit adds support for such marked values to the modules runtime and the `plans.Plan` type. This is sufficient for stacks, which does not use the planfile serialization, but we may in future choose to serialize these decoded marks also. |
2 years ago |
|
Martin Atkins
|
a4d61733f6 |
stackplan: Include extra info in raw component instance plan
We'll now track the planned action, the component addresses we depend on, and the planned output values. |
2 years ago |
kmoe
|
6ac20050a5
|
planproto: parse forget actions (#34433)
|
2 years ago |
|
kmoe
|
cc3e3bd513
|
planproto: add Forget, CreateThenForget actions (#34430)
|
2 years ago |
|
CJ Horton
|
89aea31bbd |
stackstate: sensitive values are preserved when deserializing
Without this, sensitive values cause a permadiff, since their sensitivity is lost on every round trip through state. |
2 years ago |
|
Martin Atkins
|
caeecbebcb |
planfile: Move some of the proto convert funcs into package planproto
Previously we had much of the mechanical conversion logic for going from in-memory structures to protobuf messages as unexported functions in the planfile package. We're now using planproto for parts of the representation of stack plans and states too, and so having those helpers exported is helpful. In some of our other protobuf packages we've adopted the convention of putting simple conversion functions in the same package as the protobuf stubs themselves, following the convention used upstream such as the additional encoding/decoding helper functions in the "anypb" package. This therefore follows that lead by adding some helpful constructor functions to package planproto and then making the equivalent functions back in planfile just thinly wrap them for now, to avoid churning the callers too much and thus making backports potentially harder. |
2 years ago |
|
kmoe
|
a718f70f85
|
Add removed block (#34251)
* terraform: remove redundant code NodeDestroyResourceInstance is never instantiated with a DeposedKey of anything other than states.NotDeposed, so the deleted code is never run. Deposed objects get a NodeDestroyDeposedResourceInstanceObject instead. * tfdiags: add helper func * configs: introduce removed block type * terraform: add forget action * renderer: render forget actions * terraform: deposed objects can be forgotten Deposed objects encountered during planning spawn NodePlanDeposedResourceInstanceObject, which previously generated a destroy change. Now it will generate a forget change if the deposed object is a forget target, and a destroy change otherwise. The apply graph gains a new node type, NodeForgetDeposedResourceInstanceObject, whose execution simply removes the object from the state. * configs: add RemoveTarget address type * terraform: modules can be forgotten * terraform: error if removed obj still in config * tests: better error on restore state fail * Update CHANGELOG.md |
2 years ago |
|
Martin Atkins
|
4e34e6ebfa |
stacks: Track prior state for all resource instance objects
Previously our raw plan data structure only included information about resource instances that have planned actions, which meant we were missing those which only get their state updated during refresh and don't actually need any real work done. Now we'll track everything, accepting that some "planned changes" for resource instance objects will not actually include a planned change in the typical sense, and instead only represent a state update. |
2 years ago |
|
Martin Atkins
|
1f7dbaf3a8 |
plans: ResourceInstanceChange.ObjectAddr
We've now many times made the mistake of thinking that the resource instance address is a suitable unique identifier for a resource instance change in a plan -- the name certainly seems to suggest it -- but really these represent changes to resource instance _objects_ and so it's important to also include the DeposedKey field as part of the unique identifier for a change. Now we'll expose ObjectAddr as a new method that returns the two together for convenient use as a single address value, along with adding some commentary to the fields to make it clearer that Addr is not sufficient. Ideally we'd rename Addr to make it less of an attractive nuisance, but that was too invasive a change for today so will need to wait for another time. |
2 years ago |
|
Martin Atkins
|
13e26b60dd |
addrs: Adopt DeposedKey as an address type; remove states.Generation
Previously we had states.DeposedKey as our representation of the unique keys used to differentiate between multiple deposed objects on the same resource instance. That type is useful in various places, but its presence in the "states" package made it troublesome to import for some callers. Since its purpose is as an identifier, this type is more at home in the "addrs" package. The states package retains a small number of aliases to preserve compatibility with a few existing callers for now, until we have the stomach for a more invasive change. This also removes the largely-redundant states.Generation interface type, which initially was intended as a way to distinguish between "current" objects and deposed objects, but didn't really add anything because we already have addrs.NotDeposed to represent that situation. Instead, we just ended up with various bits of boilerplate adapter code converting between the two representations. Everything now uses addrs.DeposedKey and uses addrs.NotDeposed to identify non-deposed objects. |
2 years ago |
|
Martin Atkins
|
dd04b2caef |
rpcapi: Track action for changes to stack component instances
|
2 years ago |
|
Martin Atkins
|
c81b9e926f |
planfile: Expose some protobuf decoding helpers
Our internal format for stack plans will share some of the message types from the main plan file format but use a different overall container, so now we'll expose a few helpers for the sub-parts of the structure that can appear in both a stack plan and a normal plan. |
2 years ago |
|
Martin Atkins
|
9942deded1 |
plans: Move "planproto" up to toplevel
The Go package containing the generated stubs for the plan file format's protobuf messages was previously nestled as an internal package under "plans", making it importable only for source files under "plans". To avoid duplicating various message types into the new "stack plan" serialization, we'll now make this package internal to the whole of this codebase rather than just to "plans", and then have the stack data protocol buffers schema import it to reuse the same message types. |
2 years ago |
|
Liam Cervante
|
4ce385a19b
|
testing framework: implement overrides in terraform graph (#34169)
* testing framework: implement overrides in terraform graph * fix bug for modules and module instances * add test for ModuleInstance.ContainingModule() |
3 years ago |
|
CJ Horton
|
98b81d3c50 |
add missing copyright headers
|
3 years ago |
hashicorp-copywrite[bot]
|
53c34ff49c
|
Update copyright file headers to BUSL-1.1
|
3 years ago |
|
Nick Fagerlund
|
f98f920b67 |
Add error wrapper types to highlight bad plan/state data
This commit uses Go's error wrapping features to transparently add some optional info to certain planfile/state read errors. Specifically, we wrap errors when we think we've identified the file type but are somehow unable to use it. Callers that aren't interested in what we think about our input can just ignore the wrapping; callers that ARE interested can use `errors.As()`. |
3 years ago |
|
Nick Fagerlund
|
0df3c143bb |
New plans.Quality type for display-relevant facts about a plan
This commit replaces the existing jsonformat.PlanRendererOpt type with a new type with identical semantics, located in the plans package. We needed to be able to exchange the facts represented by `jsonformat.PlanRendererOpt` across some package boundaries, but the jsonformat package is implicated in too many dependency chains to be safe for that purpose! So, we had to make a new one. The plans package seems safe to import from all the places that must emit or accept this info, and already contains plans.Mode, which is effectively a sibling of this type. |
3 years ago |
|
Nick Fagerlund
|
f9d937a4dd |
Apply a confirmable run when given a saved cloud plan (#33270)
It displays a run header with link to web UI, like starting a new plan does, then confirms the run and streams the apply logs. If you can't apply the run (it's from a different workspace, is in an unconfirmable state, etc. etc.), it displays an error instead. Notable points along the way: * Implement `WrappedPlanFile` sum type, and update planfile consumers to use it instead of a plain `planfile.Reader`. * Enable applying a saved cloud plan * Update TFC mocks — add org name to workspace, and minimal support for includes on MockRuns.ReadWithOptions. |
3 years ago |
|
Martin Atkins
|
a7807dac16 |
main: Optionally configure an OpenTelemetry OTLP exporter
Terraform CLI is sometimes used as part of a larger distributed system, in which case it would be helpful to be able to gather telemetry from it as part of the larger request it's being run in response to. We'll now support optionally enabling an OTLP exporter by setting the environment variable OTEL_TRACES_EXPORTER=otlp (a standard OpenTelemetry convention). As of this commit there isn't actually anything emitting traces to the specified collector, but we'll gradually add tracing instrumentation to parts of Terraform CLI and Core in later commits. |
3 years ago |
|
Liam Cervante
|
c9bc7e8479
|
Add input validation into the 'checks' outputs and tracking (#33481)
|
3 years ago |
|
Liam Cervante
|
3732bffe13
|
[Testing Framework] Adds TestContext for evaluating test assertions (#33326)
* Add test structure to views package for rendering test output * Add test file HCL configuration and parser functionality * Adds a TestContext structure for evaluating assertions against the state and plan |
3 years ago |
|
Martin Atkins
|
d49e991c3c |
plans/objchange: Support nested unknowns in our unrefinedValue shim
Several parts of the objchange logic incorrectly use cty.Value.RawEquals for value comparison, instead of more appropriate comparison methods like cty.Value.Equals or c.Value.Range().Includes. That makes them incorrectly consider two unknown values with the same type but different refinements as always non-equal, rather than evaluating based on the overlap between the refinements (if any). As a short-term fix for that we previously added this unrefinedValue shim that just strips away the refinements for comparison, thus allowing callers to continue using RawEquals as long as they've already taken care of all of the other things that can make that go wrong, such as value marks. Unfortunately the shim was too simplistic and only supported direct unknown values. Unknown values with refinements can also appear nested inside known container values such as collections, so the shim needs to recursively un-refine the entire data structure in that case. This is still intended only as a temporary fix until we have time to revisit all of the callers and make them use cty's own logic for comparison. Using cty's own logic will make the results more precise, because e.g. it can notice if two unknown strings have different known prefixes and therefore cannot possibly be equal despite not being fully known. For now this shim will accept any pair of unknown values of the same type as equal, regardless of refinement. |
3 years ago |
|
James Bardin
|
f6c536e436 |
validate planned set sizes using refinements
|
3 years ago |
|
James Bardin
|
3c8a163583 |
set length is unknown with partially known elems
If a set contains partially known values the length is unknown which causes assertPlannedObjectValid to fail valid plans. Revert to the old method if using LengthInt for the set lengths, which returns the maximum number of possible elements, with a guard for entirely unknown set values. |
3 years ago |
|
Martin Atkins
|
4c439b099f |
plans/objchange: Don't consider refinements when validating plans
Providers that existed prior to refinements (all of them, at the time of writing) cannot preserve refinements sent in unknown values in the configuration, and even if one day providers _are_ aware of refinements there we might add new ones that existing providers don't know how to handle. For that reason we'll absolve providers of the responsibility of preserving refinements from config into plan by fixing some cases where we were incorrectly using RawEquals to compare values; that function isn't appropriate for comparing values that might be unknown. However, to avoid a disruptive change right now this initial fix just strips off the refinements before comparing. Ideally this should be using Value.Equals and handling unknown values more explicitly, but we'll save that for a possible later improvement. This does not include a similar exception for validating whether a final value conforms to a plan because the plan value and the final value are both produced by the same provider and so providers ought to be able to be consistent with their _own_ treatment of refinements, if any. Configuration is special because Terraform itself generates that, and so it can potentially contain refinements that a particular provider has no awareness of. |
3 years ago |
|
Martin Atkins
|
dfe5e1ddc4 |
plans/objchange: Providers must honor their unknown value refinements
If the original value was unknown but its range was refined then the provider must return a value that is within the refined range, because otherwise downstream planning decisions could be invalidated. This relies on cty's definition of whether a value is in a refined range, which has pretty good coverage for the "false" case and so should give a pretty good signal, but it'll probably improve over time and so providers must not rely on any loopholes in the current implementation and must keep their promises even if Terraform can't currently check them. |
3 years ago |
CJ Horton
|
258bdbe89f
|
Merge pull request #33238 from hashicorp/radditude/import-plan-plumbing
plannable import: correct plumbing when using a plan output file |
3 years ago |