mirror of https://github.com/hashicorp/terraform
dbanck/dynamic-deps-2
tracing
pss/safe-provider-download-during-init-in-automation
pss/safe-provider-download-during-init
mildwonkey/action-expansion
main
sebasslash/denote-sensitive-list-input-configuration
v1.14
make-ci-target
prototype-expansion-moved-3
guard-against-non-pointers-in-graph-add
prototype-expansion-moved
pss/discovery-block-download-via-download-event-callbacks
prototype-expansion-moved-2
sams/fill-nested
dbanck/init-graph
deprecated-resource-block-marks
modernize-console-command-to-use-arguments
jbardin/inline-type-conversion
modernize-providers-commands-to-use-command-package
modernize-state-commands-to-use-arguments-package
sams/skip-cleanup-release
expanding-moved-blocks
backport/dbanck/bump-otel/thankfully-picked-fish
modernize-taint-commands
modernize-state-commands
modernize-taint-commands-2
stacks-variable-validations
modernize-import-command
modernize-providers-lock-command
providers-command-modernization
mildwonkey/action-graph
sams/f-plan
sams/marks-provenance
tfdiags-test-helper-with-extras
pss/discovery-block-download-via-installer-as-blackbox-2
changelog-link-verification
pss/discovery-block-download-via-installer-as-blackbox
sams/jit-instances
refactor-config-types
pss/init-security-workflow-changes
sarah/workspace-list-json-output-nonbreaking
experimental/sams_matej/safe_targeting
sams/feat-targeting
sarah/workspace-list-using-views
v1.11
v1.13
v1.12
matejrisek/actions/on_failure
prototype-destroy-action
sarah/error-plan-workspace-mismatch-rebase
limit-usage-of-deep-unmarking
use-deprecation-marks-for-resource-deprecation-2
shweta/remove_extra_color_code_in_plan_string
sarah/init-cmd-testing-comments
prepare/1.15.0-alpha20260114
stacks-destory-argument
jbardin/planned-private-for-random
pss/validate-backend-state-store-config-in-plans
backport/fix-replace-triggered-by-validation/openly-selected-imp
pss/change-experiment-control
example-current-experiment
sarah/allow-experiment-overrides
use-deprecation-marks-for-resource-deprecation
deprecation-marks-2
fix-actions-not-respecting-resource-dependencies
changelog-fix-2
changelog-fix
backport/stacks-surface-diagnostics-from-locals/externally-sacred-snapper
backport/fails-in-apply-should-not-set-empty-state/gladly-leading-cattle
sarah/refactor-passing-backend-state-to-plan
stacks-invalid-locals
jbardin/terraform-data-write-only
undeferred-components-should-not-have-unknown-inputs
mildwonkey/actions-deps-tests
pss/update-how-operations-use-backend-config-state
mildwonkey/poc
sarah/plan-workspace-not-used-test
compliance/update-headers
1.13-bump-crypto-dep
experimental/add-on-failure
mjyocca/TF-25756-tf-reg-comp-protocol
prepare/1.15.0-alpha20251117
backport/bump-golang-crypto/lovely-cheerful-stud
proto/reg-comp
deprecation-structural-detection
backport/liamcervante/37841/remarkably-classic-tapir
deprecation-without-marks
azure/fix-empty-string-ignore
backport/dependabot/go_modules/golang.org/x/crypto-0.45.0/nominally-still-dory
backport/radek/pss-isolate-init/slowly-literate-molly
backport/dbanck/fix-list-no-identity-crash/vastly-driving-pig
backport/liamcervante/ephemeral-outputs-state/thankfully-easy-spider
backport/liamcervante/stacks/component-ephemeral-output/repeatedly-perfect-molly
backport/t-bump-go-getter/clearly-master-chow
mildwonkey/de-feral-actions
backport/alanpchua/update-release-scan-config/conversely-adequate-weevil
backport/alanpchua/update-release-scan-config/merely-together-hagfish
backport/liamcervante/ephemerals/stacks-and-tests/indirectly-arriving-shrimp
pss/add-pss-implementations-in-grpcwrap
liamcervante/37784
deps-oci-sdk-update
deprecation-marks
fix-action-targeting-2-backport-1-14
backport/refactor-action-apply-graph/gratefully-upward-perch
backport/liamcervante/actions/validate-ephemeral/remotely-next-monster
pss/2025-10-init-new-workdir
sams/query-validate-identity-change
backport/dbanck/check-identity-schema-decode/notably-heroic-moose
add-duration-to-action-complete
liamcervante/actions/defers-with-edges
backport/mildwonkey/actions/dont-panic-on-refresh/commonly-needed-bullfrog
backport/add-test-case-for-conditions-referencing-triggering-resource/forcibly-square-wahoo
fix-query-action-interference-2
fix-query-action-interference
sams/xtract-config
backport/sams/list-remove-experiments/rapidly-usable-macaque
mend-security/deploy-workflow-psirt_prd0014263
pss/migrate-state-store-to-backend
TF-27458-2-old
TF-27458-with-partial-expansion
TF-27480
TF-27458-with-partial-expansion-based-on-validation
sarah/add-azure-backend-testing-notes
TF-27460-with-unknown-conditions
TF-27460-with-count-and-index
pss/update-workspace-commands
actions/invoke-command-prototype
actions-in-modules
backport/sams/flaky-test/reliably-fond-flounder
equivalence-testing/add-action-invocations-to-summary
actions/prototype-looping-syntax
TF-27458-old
experiment/actions-no-reference-cycle
pss/prototyping-2025-08-12
backport/dbanck/identity-apply-error/wildly-intent-chamois
backport/dbanck/identity-apply-error/newly-pumped-bonefish
backport/dbanck/identity-apply-error/naturally-vital-grouper
pss/prototyping-2025-06-11
backport/dbanck/identity-apply-error/notably-allowing-macaw
provider-using-hashicorp-namespace
sams/exp/test-breakpoints
pss/enable-specific-experiment-for-init-via-flag
diagnostics-playground
local-state-via-terraform-provider
revert-37307-sams/no-runtime-build
TF-27252
stack-cli-download-in-plugin-cache
radek/pss-builtin-provider-impl
jbardin/ignore_changes
TF-25933
radek/pluggable-backends-protocol
sams/memo-eval-ctx
pss/warning-ss-in-child-module
radek/f-state-storage-cfg
ds-experimenting
sams/parallel-cleanup
bump/consul-remote-state-deps
build-workflow-dev/validate-window-symlink-pack-fix
fix-windows-symlink
sarah/pss-prototype-be-state
backport/radditude/remove-cgo-default/personally-calm-cat
v1.7
v1.6
v1.3
v1.10
v1.9
v1.8
v1.1
v1.0
backport/patch-1/virtually-up-fowl
v1.2
v1.4
v1.5
backport/patch-1/finally-wired-stingray
backport/patch-1/suddenly-stirred-piranha
backport/patch-1/nationally-working-kite
backport/bmm/update-use-cases/lovely-relevant-haddock
docs/reference-rewrites-phrase-1
backport/ilu/bump-vul/logically-robust-tomcat
sarah/pss-prototype-backend-state
backport/dbanck/fix-import-ui-identity/hugely-super-hippo
sams/tfquery-execute-res
sams/ephem-blocks
fixing-stacks-plugin-server-panics
sams/query-list
stacks-subcommand-plugin
backport/dbanck/relax-identity-validation/partly-bursting-llama
f-terraform-actions
backport/iframe-to-videoembed/promptly-grand-turtle
backport/iframe-to-videoembed/safely-ideal-platypus
backport/iframe-to-videoembed/strongly-capable-maggot
backport/dbanck/validate-identity-matches-schema/carefully-many-malamute
sarah/merge-main-controlling-destroys
sarah/partial-config-nested-attrs-bugfix
refactor-with-hcloverlay
f-controlling-destroys
docs/resource-block-ref-rewrite
sarah/add-file-fields
rs/remove_io_links
radek/testing-remove-unused-fields
sams/invalid-triggered-by-ref
docs/march-sprint-lang-rewrites
TF-24447-spike-stacks-cli-as-a-plugin
sarah/refactor-local-state-backend
tfmigrate-links
sams/deferred-targeting
output-deprecation
TF-24682-save
sams/inverse-target
sams/fix-single-wrapped-null
update-aws-sdk-go-base
RK/feedback-on-ephemeral-value-changes
RK/checks-draft
sams/resource-level-concurrency
sarah/auto-label-no-changelog
stacks-debugging-info
f-output-type
backport/sams/tf-test
backport/sams/fix-empty-state/cleanly-moral-maggot
backport/oss/solely-organic-gull
test-changie-check
backport/docs/stacks-deploy/clearly-curious-lioness
sarah/TF-21877
backport/IPL-7602/saved-plan-apply-hangs-with-auto-approve-flag/privately-humorous-jay
output-deprecation-with-marks
sams/cancel-ch-to-ctx
demo-pr
backport/changelog-and-experiments/adequately-ultimate-pika
sams/tf-test-parallel
backport-changie-changelog-to-1-10
cleanup/1.11.0-beta1
backport-changie-changelog
prepare/1.11.0-alpha20250107
prepare/-alpha20250107
ds/main-clean
Content-rewrites-part-1
TF-21851
TF-21851-only-dynamic-backend-first-try
release-0-10-3
equivalence-testing/sams/skip-graph-cycle-validation
f-builtin-write-only-attr
changelog-process
equivalence-testing/update-backend-comments
TF-21877
release/liamcervante-testing
cleanup-1.10-rc.3
equivalence-testing/jbardin/data-depends_on
input-deprecation
equivalence-testing/docs/dnf5
TF-18617-remove-in-the-end-version
equivalence-testing/docs/update-version-constraints-operators-reference
equivalence-testing/main
equivalence-testing/fix/typo-infrastructure
jbardin/no-refresh-objcompat
equivalence-testing/d-update-json-schema
equivalence-testing/jbardin/undeclared-vars
TF-21888
backport/jbardin/ephemeral-funcs/safely-quick-cougar
backport/dependabot/go_modules/github.com/golang-jwt/jwt/v4-4.5.1/daily-probable-ewe
rln-ephemeral-values-updates
trying-to-get-interactive-inputs-to-work
RK/ephemeral-values
ensure-checks-dont-leak-ephemeral-values
ephemeral-checks
add-ephemeral-func
ds/experiment/trigger-block
TF-18609
TF-18610-with-cross-component-ephemeral-values
backport/patch-1/hopelessly-enabled-magpie
ds/deferred-ephemeral-resources-with-change
ds/deferred-ephemeral-resources
ds/office-hours-removed-block
20240919
improve-error-message-for-removed-block-component-collission
apply-destroy-and-forget-plans
nolegacysdk-azure
add-removed-blocks-to-find-stack-config-components-rpc-call
radek/f-ev-ephemeral-func
radek/f-ev-variable-validation
docs/cli-nav-rename
docs/write-configuration-proposal
alisdair/stacks/sensitive-inputs
kmoe/render-output-sensitivity-changes
brandonc/plan_options_replace
brandonc/contains_equality_docs
docs/re-reformat-templatestring-funct
make-plan-public-with-deferred-plan-renderer
make-plan-public-with-deferred-plan-renderer-2
make-plan-public
TF-19059
artifact-manifest/main/presumably-calm-ostrich
jbardin/destroy-validations
f-collections-iterators
revert-32615-patch-1
TF-18435
TF-18463-2
TF-18463
TF-9822
b-variable-default-validation-context
TF-13968
TF-10919
spike-component-remove
f-actions-prototype
TF-17949
kmoe/ephemeral-output-values
f-core-finer-semaphore
f-fmt-required-providers
f-ephemeral-values
f-ephemeral-values-2
b-stacks-apply-variables-not-passed
f-ephemeral-values-stacks
docs/atrujill0-1.9-review
doc-provider-req-cta
f-cmd-console-release-lock
RK/renameAzureAD
f-rpcapi-multipkg
f-stacks-state-plan-handles
TF-13085
TF-13952
f-templatestring-dynamic-traversals
bmm/migrate-tf-phases-doc
f-events-actions
apparentlymart-patch-4
brandonc/deprecated_module_warnings
mjyocca/stacks-rpcapi-package-service
sebasslash/tf-15302_modifiable-snapshot-interval
TF-12601/deprecated-module-warnings
f-stacks-provider-singletons
b-plan-snapshot-experiments
TF-13965
backend/azure/update-to-latest-sdks
docs/atrujillo/lang-add-moved-ref
consistency-provider-deferred
nf/apr24-pr-template
TF-14641
TF-13964
TF-13963
nf/may24-alpha-release
jbardin/plan-valid-nested-null
ensure-all-deferred-provider-workflows-have-same-behavior
TF-13961
f-collections-set-zeroval
backport/RK/fix-links/adequately-related-bear
backport/RK/fix-links/willingly-ultimate-catfish
RK/fix-links
f-stacks-provider-cancel
testing-renovate
f-robust-marks-handling
tf-init-json
TF-13960
TF-13959
radditude/fix-provider-for-each
f-junit-xml-round-2
TF-13960-old
TF-13959-old
TF-13958-old
modify-dev-override-warn-with-backend
TF-13951
bmm/fix-style-anchor
WAF-110-Terraform-Code-Style-Guide
bmm/custom-condition-docs-fix
doc-dependency-updates
f-rehearse-gosum-changes
f-genconfig-hclwrite
f-no-more-helperschema
TF-13084
radditude/stacks-checkable
f-removed-provisioners
TF-10521-Implement-component-resource-correlators-in-the-agent
b-stacks-remove-data-resource
laurenolivia/changelog-fix-cloud-colorize
kmoe/dynamic-foreach-sensitive-error
alisdair/stackeval-hook-replace-action-counts-slice
alisdair/stackeval-hook-replace-action-counts
radditude/standard-panics
improve-dynamic-block-iterator-error
backport/patch-1/lovely-splendid-mackerel
improve-dynamic-block-error-message
document-provider-lock-using-cache
individual-element-diffs
b-evalcontext-funcs-in-partial-expanded-module
fix-is-sensitive
f-plan-applyable-complete-flags
use-plugin-cache-for-provider-lock
b-terraform-test-junit-invalid
heat/chore/update-website-node-version
f-deferred-actions-placeholder-eval
RK/fix-nav-upgrade-name
laurenolivia/fix-cloud-colorize
apparentlymart-patch-3
alisdair/stacks-sensitive-component-outputs
f-stacks-apply-ordering
kmoe/forget-plan-proto-2
backport/bmm/tf-test-mock-doc-update/trivially-kind-burro
bmm/tf-test-mock-doc-update
feature/applied_changes/add_component_addr
gh-issue-34396
brandonc/bump_go-slug_0.13.3
backport/patch-1/scarcely-touched-jennet
sebasslash/cloudplugin_terminal
RELPLAT-955-EOY-license-updates
feature/add-additional-fields-to-resource-proto
f-module-eval-plan
f-deferred-actions
apparentlymart-patch-2
f-addrs-localval-uniquekey
radditude/apply-sensitive-values
f-cmd-graph-simpler
jbardin/provider-functions
RK/update-oracle-registry-links
f-sso-endpoint
dep-minor-upgrades-v1.7
kmoe/import-moved-validation
tests_docs_fixup
apparentlymart-patch-1
b-val-refinements-panics
backport/mock-importstate-data-race/adversely-prompt-halibut
backport/s3/fix-coerce-value/certainly-saving-owl
backport/s3/fix-coerce-value/deeply-on-marlin
backport/s3/f-schema-single-nested-object/accurately-noble-stingray
backport/s3/f-schema-single-nested-object/miserably-well-arachnid
s3/f-check-for-bucket-in-init
backport/s3/improved-s3-error-messages/extremely-natural-filly
backport/TF-9149-terraform-1-5-should-not-enable-snapshots-when-x-terraform-snapshot-interval-is-not-sent/ghastly-social-hippo
s3/request-logging
backport/s3/request-logging/locally-feasible-snail
backport/s3/testing-endpoints/nominally-becoming-caiman
backport/s3/testing-endpoints/possibly-supreme-kite
backport/s3/testing-endpoints/strangely-cunning-manatee
s3/log-base
backport/s3/log-base/blatantly-ethical-buffalo
backport/TF-9149-terraform-1-5-should-not-enable-snapshots-when-x-terraform-snapshot-interval-is-not-sent/remarkably-moral-oriole
backport/TF-9149-terraform-1-5-should-not-enable-snapshots-when-x-terraform-snapshot-interval-is-not-sent/remarkably-stunning-mule
backport/TF-9149-terraform-1-5-should-not-enable-snapshots-when-x-terraform-snapshot-interval-is-not-sent/naturally-wise-primate
backport/jbardin/types/gently-unbiased-walleye
backport/jbardin/types/loudly-hot-poodle
alisdair-patch-1
backport/s3/allow-forbid-account-ids/rarely-casual-louse
backport/s3/allow-forbid-account-ids/violently-on-adder
alisdair/check-results-state-compatibility-1.5
backport/alisdair/check-results-state-compatibility/jointly-curious-kit
alisdair/check-results-state-compatibility-1.3
IPL-3022-terraform-cloud-state-locking-regression-for-local-users
brandonc/state_upload_fallback
import-id-interp-docs
go1.21
radditude/validate-module-names
brandonc/CHANGELOG-go-tfe-bump-v1.38.1
swap_ironbank_stanza
codeowners-core
enable_ironbank
backport/brandonc/bump_go-tfe_v1.32.1/adversely-fit-mite
radditude/check-ci
RK/remove-language
compliance/license-updates
compliance/license-update
s3/more-validation-modernization
update-linux-package-license
backport/jbardin/init-from-module-warnings/informally-trusting-asp
radditude/go-1.20.7
sebasslash/saved-cloud-plans-changelog
cli-team/saved-cloud-plans
brandonc/changelog_33333
TF-7327-using-multiple-terraform-remote-state-data-sources-can-cause-race-conditions-when-the-backend-configuring-localterraform-com
deps-grpc-cve-2023-32731
TF-7056-uploading-state-directly-to-hosted-state-upload-url-when-available
b-svchost-race-panic-v1.5
backport/b-svchost-race-panic/evidently-intense-horse
RK/add-checks-tutorial-and-fix-headers
sebasslash/snapshot-interval-header-check
RELENG-297-patch-set-output-deprecation
backport/fix-iss-33220/allegedly-oriented-warthog
kmoe/genconfig-timeouts
radditude/duplicate-import-blocks
TF-6378-Workspaces-can-use-agent-pools-when-not-in-allowed-workspaces
sarah-test-changes
nf/suggest/laurenolivia/codify-remote-plan-artifact
radditude/ci-test
jbardin/import-with-config
vravind1/plugin-framework-tutorial
alisdair/goimports-fixes
releng/disable-reproducability-checks
f-sourcebundle
laurenolivia/add-resource-drift-logtype
kmoe/plannable-import-plan-renderer
kmoe/plannable-import-types
jbardin/provider-resource-types
backport/patch-1/personally-brave-snapper
tf-5529-sro-tfe-version-check
bflad/debugging-link-to-provider-logging
releng/fix-ecr-tag
releng/fix-trigger-dependencies
releng/migrate-common-release-tooling
b-1.4-no-cty-refinements-yet
backport/patch-3/horribly-patient-ape
f-deferred-actions-old
judith/state
releng/test-linux-arm-tests
ashleemboyer-patch-1
doc-break-plugin-cache-env
docs/amb.migrate-link-formats
f-break-plugin-cache-with-env-var
brandonc/TF-4560
sebasslash/sro-provisioner-logs
sebasslash/fix-credentials-sourcing-backend
sebasslash/cloud-e2e-testworkflow
TF-3527-detect-alias-localterraform-com-during-terraform-init
alisdair/hcl-v2.16.0
f-smoke-test-prototype
f-typeexpr-inferred
kmoe-patch-1
kmoe/import-refresh-false
f-default-provider-address-allowlist
mktg-tf-ee07f063062f473a65a2c1d9c3036251
null-values-fix
f-output-value-types
backport/fix-future-lang-2/mostly-helped-shrew
fix-future-lang-2
f-cli-hide-fast-refresh
f-cmd-web
doc-unicode-hcl
brandonc/changelog_sensitive_diff_fixes
brandonc/changelog_nested_sensitive
f-build-go1.19.3
fix-links-devdot
brandonc/providers-estimate
brandonc/nested_attr_sensitive
fix-future-facing-language
gcs-backend-add-private-connect-support
mg_no_code_prov_followup
add-cont-valid-callout
f-partial-plan-on-error
gcs-backend-add-kms
doc-yamlencode-stable
mg_cli_install_architectures
b-check-output-multi-expand
b-check-resource-multi-expand
uk1288-redact-output-sensitive-values
fix-internals-overview
update-lang-frontmatter
megan_pr_touch_up
kmoe/init-checksum-miss-error
dividers-devdot-fixes
fix-dividers-for-devdot
megan_tf563
f-dynamic-provider-assignment
dev-portal-updates-docs
f-persistent-checks-old
f-jsonstate-2
b-flatten-panic
backport/patch-1/badly-correct-zebra
backport/patch-1/fully-fine-macaw
backport/patch-1/globally-true-burro
backport/patch-1/heavily-moving-teal
backport/patch-1/overly-fleet-polecat
backport/patch-1/presently-upright-newt
backport/patch-1/yearly-first-impala
update-readme
backport/patch-1/yearly-rich-skunk
tiny-fix-readme
kevin/remove-guides-docs
remove-terraform-docs
docs-readme-updates-versioned-docs
module-invocation-warning
update-important-section
f-expand-root-outputs
f-addrs-static-checkable
gs/add-pre-plan-run-tasks
f-moduletest-2
stable-website
backport/bugfix_typos/hardly-sharp-mosquito
fix-readme-again
fix-cdktf-link
backport/fix-apt-page/abnormally-relative-quagga
fix-apt-page
laura-update-docs-readme
MatthewTestBranch
tfexec-0.17.0
add-jsonstate-to-cloudbackendstate2
update-optional-type-attributes
docs-for-each-list-toset
add-jsonstate-to-cloudbackendstate
add-internals-to-sidebar
backport/patch-1/rarely-informed-gopher
f-functions-in-providers
f-testing-with-conditions
add-warnings-backends
add-version-notes-1.2
add-tutorial-custom-conditions
non-interactive-workflows
alisdair/fix-configload-snapshot-panic
fix-postconditions-example
f-partial-plan-on-error-ui
thiskevinwang-patch-1
brandonc/cloud_upgrade_013
update-run-task-result
taiidani/cloudScheme
brandonc/scheme_override_cloud
alisdair/metadata-functions-command
update-runtasks
add-note-about-spaces
sebasslash/err-approval-input-false
sebasslash/config-token-precedence
kevin/preview
update-TF-WORKSPACE-variable
sebasslash/rename-env-vars
laura-update-pre-post-conditions
release-notes-env-credentials
rt-changelog-entry-1.1
sebasslash/env-cloud-e2e-tests
sebasslash/add-cloud-e2e-test-workflow
sebasslash/tf-workspace-cloud-config
kevin/vercel-config
build-pr-checks
uk1288/update-changelog-md-v1-1
uk1288/update-changelog-md
sebasslash/resolve-flaky-env-var-test
uk1288/fix-for-cloud-integration-panic
sebasslash/add-tf-hostname-env-var
f-init-provider-source-feedback
sebasslash/add-tf-org-env-var
uturunku1-patch-2
link_workflow_tutorials
migrate-go-tfe-1_0
f-ng-workflow
uturunku1-patch-1
update-cidrnetmask-docs
tchupp/override-local-vars
backport/barrettclark/update-go-slug/severely-destined-crow
preapply-runtasks-clioutput
fix-broken-link
kmoe/unused-resource-attributes
f-e2etest-deps-forbidden
alisdair/disable-preconditions-postconditions
update-depends-on-docs
fix-preconditions
preapply-runtasks-cli-output
barrettclark/fix-state-outputs-read-permissions
fix-last-intro-nits
fix-intro-page-images
add-new-intro-docs
fix-provisioners-content
update-packaging-action-name
update_gen_meta
f-diagnostics-cli-reorg
test-branch-protection-workflow
alisdair/resource-instance-object-dependencies
f-new-build-pipeline
f-implied-move-module-call
b-1.1-module-source-git
backport/doc-refactoring-nav-link/honestly-sweet-sawfly
tfc-integration-docs
f-svcauth-environment
f-preconditions-postconditions
nf/nov21-migrate-away-from-cloud
tags-reconfigure-msg
backport/jbardin/k8s-mod-update/likely-probable-falcon
lafentres/autolabel-dependabot-prs
cloud-e2e-fix
f-validate-lint
f-rpcplugin-interface
brandonc/variable_parsing_refactor
nq.docs-content-update
backport/jbardin/coerce-value-nested-types/certainly-rested-chigger
backport/jbardin/optional-attrs/obviously-growing-duck
f-plugin-finder
backport/main/absolutely-sterling-whippet
revert-29088-minify_jsonencode
omarismail/run-vars
backport/jbardin/format-empty-nested-attrs/rightly-uncommon-bluegill
backport/jbardin/format-id-name-marks/perfectly-boss-bass
b-miekg-dns-upgrade
f-unused-attr
backport/jbardin/ignore-changes-marks/formerly-new-insect
prototype-implicit-graph
f-moved-again
f-decode-moved
f-derived-values-tracking
alisdair/prototype-moved-actions
v0.15
doc-config-refactoring
review-1.0-docs
f-template-values
cgriggs01-tpdp-default
f-plan-immediate-ops
backport/f-plan-refresh-only-and-replace/really-absolute-silkworm
backport/f-plan-action-reason/incredibly-concrete-jackal
v0.14
v0.13
v0.11
v0.12
f-submodule-outputs-inferred-sensitive
backport/k8s-backend-credentials/radically-decent-mite
res-add-learn-link-debug
f-func-expandnull
f-new-plan-modes
alisdair/version-should-include-prerelease
f-debugger
update-tfe-login-flow
json-schema-export-crash
f-exprstress
alisdair/still-applying-consolidation
f-fewer-apply-updates
pselle/env_delete
b-tf-builtin-provider-parser-fix
f-gen-integration-tests
jan21_language_urls
jan21_url_rfc
b-dev-overrides-plan-warning
jan21_test_broken_link_check
f-prototype-workspaces-are-states
f-cmd-output-raw
pault/0.14-tfce-continue-on-error
cmd-fmt-parens-error
alisdair/mildwonkey/type-func
revamp-cli-config
f-prototype-drift
gitrgoliveira-patch-1
fix-value-assertion-errors
f-nix-legacy-providers
26258
alisdair/are-consul-tests-running
f-temp-without-provider-blocks
f-depfile-pkg
alisdair/plan-summary-after-changes
mnomitch/varialbe-errors-on-remote-backend
alisdair/concise-diff-experiment
alisdair/remote-input-variable-unset
alisdair/backend-config-override-fix-remote-test
f-skip-attrs-as-blocks
alisdair/duplicate-no-color
cgriggs01-stable-pdp
guide-v0.13-beta
july2020_pre0.13_stable-website_backup
f-terraform-version-lock
b-module-instance-resource-deps
f-playground
alisdair/alpine-latest
alisdair/providers-list
f-provider-http-mirrors
f-providers-mirror-2
f-outputs-plan
f-plan-reads
f-cmdline-funcs
ps-protocol2
k8sback
f-refresh-plan
alisdair/getproviders-retries-bad-branch-do-not-use
registry-provider-tiers
f-providerinst-command-tests
f-provider-source-local-discovery
f-cmd-show-config
f-langserver
paddy_module_attribution_tmp
f-providers-new-installer
paddy_paul_proto52
f-providers-mirror
f-cliconfig-hcl2api
build-circleci
f-possible-apply-refactoring
f-core-rpc
f-provider-state-storage
f-workspaces2-prototype
p-go-azure-helpers-0.10.0
f-func-cidrsubnets
regenerate-protobufs
f-resource-for_each-and-experiments
f-testing-eval-prototype
sdk-removed
Incident16886
f-state-upgrade-always
sdk-v0.11-with-go-modules
pluginsdk-v0.12-early8
pluginsdk-v0.12-early7
pluginsdk-v0.12-early6
pluginsdk-v0.12-early5
cd/deprecate-in-docs
pluginsdk-v0.12-early4
pluginsdk-v0.12-early3
f-objchange-nulls
b-nested-set-unknown
b-sdk-nested-id
vendor-bump-hil
b-sdk-import-verify-test
pluginsdk-v0.12-early2
pluginsdk-v0.12-early1
v011
v0.12-alpha
allthingsclowd-patch-1
f-v0.12-cmdvars
f-outputs-in-plan
azurerm-backend-proxy
go1.11rc1-vendor-experiment
f-hcl2-planstate
f-provider-schema-init
f-hcl2-context-old
proto-test-harness
f-svchost-disco
v1.4.2
v1.4.1
v1.4.0
v1.4.0-rc1
v1.3.9
v1.4.0-beta2
v1.3.8
v1.4.0-beta1
v1.3.7
v1.4.0-alpha20221207
v1.3.6
v1.3.5
v1.4.0-alpha20221109
v1.3.4
v1.3.3
v1.3.2
v1.3.1
v1.3.0
v1.3.0-rc1
v1.2.9
v1.3.0-beta1
v1.2.8
v1.3.0-alpha20220817
v1.2.7
v1.3.0-alpha20220803
v1.2.6
v1.2.5
v1.3.0-alpha20220706
v1.2.4
v1.3.0-alpha20220622
v1.2.3
v1.3.0-alpha20220608
v1.2.2
v1.2.1
v1.3.0-dev
v1.2.0
v1.2.0-rc2
v1.2.0-rc1
v1.2.0-beta1
v1.1.9
v1.2.0-alpha20220413
v1.1.8
v1.2.0-alpha-20220328
v1.1.7
v1.1.6
v1.1.5
v1.1.4
v1.1.3
v1.1.2
v1.1.1
v1.1.0
v1.1.0-rc1
v1.1.0-beta2
v1.0.11
v1.1.0-beta1
v1.1.0-alpha20211029
v1.0.10
v1.1.0-alpha20211020
v1.0.9
v1.1.0-alpha20211006
v1.0.8
v1.1.0-alpha20210922
v1.0.7
v1.1.0-alpha20210908
v1.0.6
v1.0.5
v1.1.0-alpha20210811
v1.0.4
v1.1.0-alpha20210728
v1.0.3
v1.1.0-alpha20210714
v1.0.2
v1.1.0-alpha20210630
v1.0.1
v1.1.0-alpha20210616
v1.0.0
v0.15.5
v0.15.4
v0.15.3
v0.15.2
v0.11.15
v0.12.31
v0.13.7
v0.14.11
v0.15.1
v0.15.0
v0.14.10
v0.15.0-rc2
v0.15.0-rc1
v0.14.9
v0.15.0-beta2
v0.14.8
v0.15.0-beta1
v0.14.7
v0.15.0-alpha20210210
v0.14.6
v0.15.0-alpha20210127
v0.14.5
v0.15.0-alpha20210107
v0.14.4
v0.13.6
v0.12.30
v0.14.3
v0.14.2
v0.14.1
v0.14.0
v0.14.0-rc1
v0.14.0-beta2
v0.13.5
v0.14.0-beta1
v0.14.0-alpha20201007
v0.13.4
v0.14.0-alpha20200923
v0.13.3
v0.14.0-alpha20200910
v0.13.2
v0.13.1
v0.13.0
v0.12.29
v0.13.0-rc1
v0.13.0-beta3
v0.12.28
v0.12.27
v0.13.0-beta2
v0.13.0-beta1
v0.12.26
v0.12.25
v0.12.24
v0.12.23
v0.12.22
v0.12.21
v0.12.20
v0.12.19
v0.12.18
v0.12.17
v0.12.16
v0.12.15
v0.12.14
v0.12.13
v0.12.12
v0.12.11
v0.12.10
v0.12.9
v0.12.8
v0.12.7
v0.12.6
v0.12.5
v0.12.4
v0.12.3
v0.12.2
v0.12.1
v0.12.0
v0.12.0-dev20190520H16
v0.11.14
v0.12.0-rc1
v0.12.0-beta2
v0.11.13
v0.11.12
v0.12.0-beta1
v0.11.12-beta1
v0.11.11
v0.12.0-alpha4
v0.12.0-alpha3
v0.12.0-alpha2
v0.11.10
v0.12.0-alpha1
v0.11.9
v0.11.9-beta1
v0.11.8
v0.11.7
v0.11.6
v0.11.5
v0.11.4
v0.11.3
v0.11.2
v0.11.1
v0.11.0
v0.11.0-rc1
v0.11.0-beta1
v0.10.8
v0.10.7
v0.10.6
v0.10.5
v0.10.4
v0.10.3
v0.10.2
v0.10.1
v0.10.0-rc1
v0.10.0-beta2
v0.9.11
v0.9.10
v0.9.9
v0.10.0-beta1
v0.9.8
v0.9.7
v0.9.6
v0.9.5
v0.9.4
v0.9.3
v0.9.2
v0.9.1
v0.9.0
v0.9.0-beta2
v0.8.8
v0.9.0-beta1
v0.8.7
v0.8.6
v0.8.5
v0.8.4
v0.8.3
v0.8.2
v0.8.1
v0.8.0
v0.8.0-rc3
v0.8.0-rc2
v0.7.13
v0.8.0-rc1
v0.7.12
v0.8.0-beta2
v0.7.11
v0.8.0-beta1
v0.7.9
v0.7.8
v0.7.7
v0.7.6
v0.7.5
v0.7.4
v0.7.3
v0.7.2
v0.7.1
v0.7.0
v0.7.0-rc4
v0.7.0-rc3
v0.7.0-rc2
v0.7.0-rc1
v0.6.16
v0.6.15
v0.6.14
v0.6.13
v0.6.12
v0.6.11
v0.6.10
v0.6.9
v0.6.8
v0.6.7
v0.6.6
v0.6.5
v0.6.4
v0.6.3
v0.6.2
v0.6.1
v0.6.0
v0.5.3
0.7.7
list
v0.1.0
v0.1.1
v0.10.0
v0.2.0
v0.2.1
v0.2.2
v0.3.0
v0.3.1
v0.3.5
v0.3.6
v0.3.7
v0.4.0
v0.4.1
v0.4.2
v0.5.0
v0.5.1
v0.7.10
v1.10.0
v1.10.0-alpha20240606
v1.10.0-alpha20240619
v1.10.0-alpha20240717
v1.10.0-alpha20240730
v1.10.0-alpha20240807
v1.10.0-alpha20240814
v1.10.0-alpha20240828
v1.10.0-alpha20240911
v1.10.0-alpha20240918
v1.10.0-alpha20240926
v1.10.0-alpha20241009
v1.10.0-alpha20241023
v1.10.0-beta1
v1.10.0-rc1
v1.10.0-rc2
v1.10.0-rc3
v1.10.1
v1.10.2
v1.10.3
v1.10.4
v1.10.5
v1.11.0
v1.11.0-alpha20241106
v1.11.0-alpha20241211
v1.11.0-alpha20241218
v1.11.0-alpha20250107
v1.11.0-beta1
v1.11.0-beta2
v1.11.0-rc1
v1.11.0-rc2
v1.11.0-rc3
v1.11.1
v1.11.2
v1.11.3
v1.11.4
v1.12.0
v1.12.0-alpha20250213
v1.12.0-alpha20250312
v1.12.0-alpha20250319
v1.12.0-beta1
v1.12.0-beta2
v1.12.0-beta3
v1.12.0-rc1
v1.12.0-rc2
v1.12.1
v1.12.2
v1.13.0
v1.13.0-alpha20250521
v1.13.0-alpha20250604
v1.13.0-alpha20250623
v1.13.0-alpha20250702
v1.13.0-alpha20250708
v1.13.0-beta1
v1.13.0-beta2
v1.13.0-beta3
v1.13.0-rc1
v1.13.1
v1.13.2
v1.13.3
v1.13.4
v1.13.5
v1.14.0
v1.14.0-alpha20250716
v1.14.0-alpha20250724
v1.14.0-alpha20250806
v1.14.0-alpha20250813
v1.14.0-alpha20250827
v1.14.0-alpha20250903
v1.14.0-alpha20250911
v1.14.0-beta1
v1.14.0-beta2
v1.14.0-beta3
v1.14.0-rc1
v1.14.0-rc2
v1.14.1
v1.14.2
v1.14.3
v1.14.4
v1.14.5
v1.14.6
v1.15.0-alpha20251119
v1.15.0-alpha20251203
v1.15.0-alpha20260204
v1.15.0-alpha20260218
v1.3.10
v1.4.3
v1.4.4
v1.4.5
v1.4.6
v1.4.7
v1.5.0
v1.5.0-alpha20230405
v1.5.0-alpha20230504
v1.5.0-beta1
v1.5.0-beta2
v1.5.0-rc1
v1.5.0-rc2
v1.5.1
v1.5.2
v1.5.3
v1.5.4
v1.5.5
v1.5.6
v1.5.7
v1.6.0
v1.6.0-alpha20230719
v1.6.0-alpha20230802
v1.6.0-alpha20230816
v1.6.0-beta1
v1.6.0-beta2
v1.6.0-beta3
v1.6.0-rc1
v1.6.1
v1.6.2
v1.6.3
v1.6.4
v1.6.5
v1.6.6
v1.7.0
v1.7.0-alpha20231025
v1.7.0-alpha20231108
v1.7.0-alpha20231130
v1.7.0-beta1
v1.7.0-beta2
v1.7.0-rc1
v1.7.0-rc2
v1.7.1
v1.7.2
v1.7.3
v1.7.4
v1.7.5
v1.8.0
v1.8.0-alpha20240131
v1.8.0-alpha20240214
v1.8.0-alpha20240216
v1.8.0-alpha20240228
v1.8.0-beta1
v1.8.0-rc1
v1.8.0-rc2
v1.8.1
v1.8.2
v1.8.3
v1.8.4
v1.8.5
v1.9.0
v1.9.0-alpha20240404
v1.9.0-alpha20240501
v1.9.0-alpha20240516
v1.9.0-beta1
v1.9.0-rc1
v1.9.0-rc2
v1.9.0-rc3
v1.9.1
v1.9.2
v1.9.3
v1.9.4
v1.9.5
v1.9.6
v1.9.7
v1.9.8
${ noResults }
138 Commits (6440c839474f052d8997bb5cec19c2743e5108e6)
| Author | SHA1 | Message | Date |
|---|---|---|---|
Kristin Laemmert
|
3933cbd491
|
remove LegacyProvider (#26433)
|
5 years ago |
Martin Atkins
|
593cf7b4d5 |
didyoumean: move from "helper" to "internal"
This new-ish package ended up under "helper" during the 0.12 cycle for want of some other place to put it, but in retrospect that was an odd choice because the "helper/" tree is otherwise a bunch of legacy code from when the SDK lived in this repository. Here we move it over into the "internal" directory just to distance it from the guidance of not using "helper/" packages in new projects; didyoumean is a package we actively use as part of error message hints. |
5 years ago |
|
Martin Atkins
|
59b116f7bf |
command/init: Remove support for legacy provider addresses
We no longer need to support 0.12-and-earlier-style provider addresses because users should've upgraded their existing configurations and states on Terraform 0.13 already. For now this is only checked in the "init" command, because various test shims are still relying on the idea of legacy providers the core layer. However, rejecting these during init is sufficient grounds to avoid supporting legacy provider addresses in the new dependency lock file format, and thus sets the stage for a more severe removal of legacy provider support in a later commit. |
5 years ago |
|
Martin Atkins
|
0b734a2803 |
command: Make provider installation interruptible
In earlier commits we started to make the installation codepath context-aware so that it could be canceled in the event of a SIGINT, but we didn't complete wiring that through the API of the getproviders package. Here we make the getproviders.Source interface methods, along with some other functions that can make network requests, take a context.Context argument and act appropriately if that context is cancelled. The main providercache.Installer.EnsureProviderVersions method now also has some context-awareness so that it can abort its work early if its context reports any sort of error. That avoids waiting for the process to wind through all of the remaining iterations of the various loops, logging each request failure separately, and instead returns just a single aggregate "canceled" error. We can then set things up in the "terraform init" and "terraform providers mirror" commands so that the context will be cancelled if we get an interrupt signal, allowing provider installation to abort early while still atomically completing any local-side effects that may have started. |
5 years ago |
|
Martin Atkins
|
ef64df950c |
getproviders: Prepare for having multiple valid hashes per package
As we continue iterating towards saving valid hashes for a package in a depsfile lock file after installation and verifying them on future installation, this prepares getproviders for the possibility of having multiple valid hashes per package. This will arise in future commits for two reasons: - We will need to support both the legacy "zip hash" hashing scheme and the new-style content-based hashing scheme because currently the registry protocol is only able to produce the legacy scheme, but our other installation sources prefer the content-based scheme. Therefore packages will typically have a mixture of hashes of both types. - Installing from an upstream registry will save the hashes for the packages across all supported platforms, rather than just the current platform, and we'll consider all of those valid for future installation if we see both successful matching of the current platform checksum and a signature verification for the checksums file as a whole. This also includes some more preparation for the second case above in that signatureAuthentication now supports AcceptableHashes and returns all of the zip-based hashes it can find in the checksums file. This is a bit of an abstraction leak because previously that authenticator considered its "document" to just be opaque bytes, but we want to make sure that we can only end up trusting _all_ of the hashes if we've verified that the document is signed. Hopefully we'll make this better in a future commit with some refactoring, but that's deferred for now in order to minimize disruption to existing codepaths while we work towards a provider locking MVP. |
6 years ago |
|
Martin Atkins
|
6694cfaa0e |
getproviders: Add a real type Hash for package hashes
The logic for what constitutes a valid hash and how different hash schemes are represented was starting to get sprawled over many different files and packages. Consistently with other cases where we've used named types to gather the definition of a particular string into a single place and have the Go compiler help us use it properly, this introduces both getproviders.Hash representing a hash value and getproviders.HashScheme representing the idea of a particular hash scheme. Most of this changeset is updating existing uses of primitive strings to uses of getproviders.Hash. The new type definitions are in internal/getproviders/hash.go. |
6 years ago |
|
Martin Atkins
|
264a3cf031 |
depsfile: Flatten the "hashes" locks to a single set of strings
Although origin registries return specific [filename, hash] pairs, our various different installation methods can't produce a structured mapping from platform to hash without breaking changes. Therefore, as a compromise, we'll continue to do platform-specific checks against upstream data in the cases where that's possible (installation from origin registry or network mirror) but we'll treat the lock file as just a flat set of equally-valid hashes, at least one of which must match after we've completed whatever checks we've made against the upstream-provided checksums/signatures. This includes only the minimal internal/getproviders updates required to make this compile. A subsequent commit will update that package to actually support the idea of verifying against multiple hashes. |
6 years ago |
|
Martin Atkins
|
b2c0ccdf96 |
internal/getproviders: Allow PackageMeta to carry acceptable hashes
The "acceptable hashes" for a package is a set of hashes that the upstream source considers to be good hashes for checking whether future installs of the same provider version are considered to match this one. Because the acceptable hashes are a package authentication concern and they already need to be known (at least in part) to implement the authenticators, here we add AcceptableHashes as an optional extra method that an authenticator can implement. Because these are hashes chosen by the upstream system, the caller must make its own determination about their trustworthiness. The result of authentication is likely to be an input to that, for example by distrusting hashes produced by an authenticator that succeeds but doesn't report having validated anything. |
6 years ago |
|
Martin Atkins
|
e843097e52 |
internal/getproviders: Formalize the "ziphash" hashing scheme
This is the pre-existing hashing scheme that was initially built for releases.hashicorp.com and then later reused for the provider registry protocol, which takes a SHA256 hash of the official distribution .zip file and formats it as lowercase hex. This is a non-ideal hash scheme because it works only for PackageLocalArchive locations, and so we can't verify package directories on local disk against such hashes. However, the registry protocol is now a compatibility constraint and so we're going to need to support this hashing scheme for the foreseeable future. |
6 years ago |
|
Martin Atkins
|
773dd56b42 |
internal/depsfile: Introduce the concept of "non-lockable" providers
It doesn't make sense for a built-in provider to appear in a lock file because built-in providers have no version independent of the version of Terraform they are compiled into. We also exclude legacy providers here, because they were supported only as a transitional aid to enable the Terraform 0.13 upgrade process and are not intended for explicit selection. The provider installer will, once it's updated to understand dependency locking, use this concept to decide which subset of its selections to record in the dependency lock file for reference for future installation requests. |
6 years ago |
|
Martin Atkins
|
98e2e69abb |
internal/depsfile: SaveLocksToFile implementation
This is an initial implementation of writing locks back to a file on disk. This initial implementation is incomplete because it does not write the changes to the new file atomically. We'll revisit that in a later commit as we return to polish these codepaths, once we've proven out this package's design by integrating it with Terraform's provider installer. |
6 years ago |
|
Martin Atkins
|
92723661d0 |
internal/depsfile: Loading locks from HCL files on disk
This is the initial implementation of the parser/decoder portion of the new dependency lock file handler. It's currently dead code because the caller isn't written yet. We'll continue to build out this functionality here until we have the basic level of both load and save functionality before introducing this into the provider installer codepath. |
6 years ago |
|
Martin Atkins
|
6993ecb0a6 |
internal/getproviders: VersionConstraintsString for "~> 2" input
The version constraint parser allows "~> 2", but it behavior is identical to "~> 2.0". Due to a quirk of the constraint parser (caused by the fact that it supports both Ruby-style and npm/cargo-style constraints), it ends up returning "~> 2" with the minor version marked as "unconstrained" rather than as zero, but that means the same thing as zero in this context anyway and so we'll prefer to stringify as "~> 2.0" so that we can be clearer about how Terraform is understanding that version constraint. |
6 years ago |
Alisdair McDiarmid
|
5587509bcf |
internal: Fix providercache test failures on macOS
For reasons that are unclear, these two tests just started failing on
macOS very recently. The failure looked like:
PackageDir: strings.Join({
"/",
+ "private/",
"var/folders/3h/foobar/T/terraform-test-p",
"rovidercache655312854/registry.terraform.io/hashicorp/null/2.0.0",
"/windows_amd64",
},
Speculating that the macOS temporary directory moved into the /private
directory, I added a couple of EvalSymlinks calls and the tests pass
again.
No other unit tests appear to be affected by this at the moment.
|
6 years ago |
|
Alisdair McDiarmid
|
fc7e467d19 |
command: Add redirect support to 0.13upgrade
If a provider changes namespace in the registry, we can detect this when running the 0.13upgrade command. As long as there is a version matching the user's constraints, we now use the provider's new source address. Otherwise, warn the user that the provider has moved and a version upgrade is necessary to move to it. |
6 years ago |
Alan D. Salewski
|
f63c38d6a1
|
internal/initwd: allow tests to pass when $PWD contains symlinks (#26015)
Fixes #26014 |
6 years ago |
|
Martin Atkins
|
2bd2a9a923 |
internal/getproviders: HTTPMirrorSource implementation
We previously had this just stubbed out because it was a stretch goal for the v0.13.0 release and it ultimately didn't make it in. Here we fill out the existing stub -- with a minor change to its interface so it can access credentials -- with a client implementation that is compatible with the directory structure produced by the "terraform providers mirror" subcommand, were the result to be published on a static file server. |
6 years ago |
|
Martin Atkins
|
146e983c36 |
internal/getproviders: package authenticator for our new-style hashes
Earlier we introduced a new package hashing mechanism that is compatible with both packed and unpacked packages, because it's a hash of the contents of the package rather than of the archive it's delivered in. However, we were using that only for the local selections file and not for any remote package authentication yet. The provider network mirrors protocol includes new-style hashes as a step towards transitioning over to the new hash format in all cases, so this new authenticator is here in preparation for verifying the checksums of packages coming from network mirrors, for mirrors that support them. For now this leaves us in a kinda confusing situation where we have both NewPackageHashAuthentication for the new style and NewArchiveChecksumAuthentication for the old style, which for the moment is represented only by a doc comment on the latter. Hopefully we can remove NewArchiveChecksumAuthentication in a future commit, if we can get the registry updated to use the new hashing format. |
6 years ago |
|
Alisdair McDiarmid
|
915f53af23 |
internal: Clean up package install temp file
The installFromHTTPURL function downloads a package to a temporary file, then delegates to installFromLocalArchive to install it. We were previously not deleting the temporary file afterwards. This commit fixes that. |
6 years ago |
|
Martin Atkins
|
ce67a818db |
internal/getproviders: Allow basedir for local search to be symlink
The SearchLocalDirectory function was intentionally written to only support symlinks at the leaves so that it wouldn't risk getting into an infinite loop traversing intermediate symlinks, but that rule was also applying to the base directory itself. It's pretty reasonable to put your local plugins in some location Terraform wouldn't normally search (e.g. because you want to get them from a shared filesystem mounted somewhere) and creating a symlink from one of the locations Terraform _does_ search is a convenient way to help Terraform find those without going all in on the explicit provider installation methods configuration that is intended for more complicated situations. To allow for that, here we make a special exception for the base directory, resolving that first before we do any directory walking. In order to help with debugging a situation where there are for some reason symlinks at intermediate levels inside the search tree, we also now emit a WARN log line in that case to be explicit that symlinks are not supported there and to hint to put the symlink at the top-level if you want to use symlinks at all. (The support for symlinks at the deepest level of search is not mentioned in this message because we allow it primarily for our own cache linking behavior.) |
6 years ago |
|
Alisdair McDiarmid
|
440543f427 |
internal/providercache: Fix bug when symlink fails
When installing a provider which is already cached, we attempt to create a symlink from the install directory targeting the cache. If symlinking fails due to missing OS/filesystem support, we instead want to copy the cached provider. The fallback code to do this would always fail, due to a missing target directory. This commit fixes that. I was unable to find a way to add automated tests around this, but I have manually verified the fix on Windows 8.1. |
6 years ago |
|
Alisdair McDiarmid
|
3b1347ac1a |
providercache: Validate provider executable file
At the end of the EnsureProviderVersions process, we generate a lockfile of the selected and installed provider versions. This includes a hash of the unpacked provider directory. When calculating this hash and generating the lockfile, we now also verify that the provider directory contains a valid executable file. If not, we return an error for this provider and trigger the installer's HashPackageFailure event. Note that this event is not yet processed by terraform init; that comes in the next commit. |
6 years ago |
|
Alisdair McDiarmid
|
a18b531b14 |
getproviders: FakeInstallablePackageMeta filename
Add an optional execFilename argument to the test helper function FakeInstallablePackageMeta, which allows the creation of invalid packages. |
6 years ago |
|
Alisdair McDiarmid
|
8e87ccb689 |
providercache: Lazily detect executable file
Instead of searching the installed provider package directory for a binary as we install it, we can lazily detect the executable as it is required. Doing so allows us to separately report an invalid unpacked package, giving the user more actionable error messages. |
6 years ago |
|
Kristin Laemmert
|
47e657c611
|
internal/getproviders: decode and return any registry warnings (#25337)
* internal/getproviders: decode and return any registry warnings The public registry may include a list of warnings in the "versions" response for any given provider. This PR adds support for warnings from the registry and an installer event to return those warnings to the user. |
6 years ago |
|
Kristin Laemmert
|
1b8f4566fa
|
internal/initwd: fix panics with relative submodules in DirFromModule (#25250)
* internal/initwd: fix panics with relative submodules in DirFromModule
There were two related issues here:
1. panic with any local module with submodules
1. panic with a relative directory that was above the workdir ("../")
The first panic was caused by the local installer looking up the root
module with the (nonexistant) key "root.", instead of "".
The second panic was caused by the installer trying to determine the
relative path from ".". This was fixed by detecting "." as the source
path and using the absolute path for the call to filepath.Rel.
Added test cases for both panics and updated the existing e2e tests with
the correct install paths.
|
6 years ago |
Lars Lehtonen
|
3ddfa66ca4
|
internal/modsdir: Fix Dropped Error (#24600)
* internal/modsdir: fix dropped error * fix typo to unmarshalling Co-authored-by: Daniel Dreier <danieldreier@users.noreply.github.com> |
6 years ago |
|
Martin Atkins
|
85af77386c |
internal/getproviders: PackageFilePathForPackage
This is the equivalent of UnpackedDirectoryPathForPackage when working with the packed directory layout. It returns a path to a .zip file with a name that would be detected by SearchLocalDirectory as a PackageLocalArchive package. |
6 years ago |
|
Martin Atkins
|
9489672d54 |
internal/getproviders: Package hashing for local filesystem packages
We previously had this functionality available for cached packages in the providercache package. This moves the main implementation of this over to the getproviders package and then implements it also for PackageMeta, allowing us to compute hashes in a consistent way across both of our representations of a provider package. The new methods on PackageMeta will only be effective for packages in the local filesystem because we need direct access to the contents in order to produce the hash. Hopefully in future the registry protocol will be able to also provide hashes using this content-based (rather than archive-based) algorithm and then we'll be able to make this work for PackageMeta referring to a package obtained from a registry too, but hashes for local packages only are still useful for some cases right now, such as generating mirror directories in the "terraform providers mirror" command. |
6 years ago |
|
Alisdair McDiarmid
|
ef28671b34
|
Merge pull request #24932 from hashicorp/signing-language
Modify language for reporting signing state |
6 years ago |
Paddy
|
5127f1ef8b
|
command: Unmanaged providers
This adds supports for "unmanaged" providers, or providers with process lifecycles not controlled by Terraform. These providers are assumed to be started before Terraform is launched, and are assumed to shut themselves down after Terraform has finished running. To do this, we must update the go-plugin dependency to v1.3.0, which added support for the "test mode" plugin serving that powers all this. As a side-effect of not needing to manage the process lifecycle anymore, Terraform also no longer needs to worry about the provider's binary, as it won't be used for anything anymore. Because of this, we can disable the init behavior that concerns itself with downloading that provider's binary, checking its version, and otherwise managing the binary. This is all managed on a per-provider basis, so managed providers that Terraform downloads, starts, and stops can be used in the same commands as unmanaged providers. The TF_REATTACH_PROVIDERS environment variable is added, and is a JSON encoding of the provider's address to the information we need to connect to it. This change enables two benefits: first, delve and other debuggers can now be attached to provider server processes, and Terraform can connect. This allows for attaching debuggers to provider processes, which before was difficult to impossible. Second, it allows the SDK test framework to host the provider in the same process as the test driver, while running a production Terraform binary against the provider. This allows for Go's built-in race detector and test coverage tooling to work as expected in provider tests. Unmanaged providers are expected to work in the exact same way as managed providers, with one caveat: Terraform kills provider processes and restarts them once per graph walk, meaning multiple times during most Terraform CLI commands. As unmanaged providers can't be killed by Terraform, and have no visibility into graph walks, unmanaged providers are likely to have differences in how their global mutable state behaves when compared to managed providers. Namely, unmanaged providers are likely to retain global state when managed providers would have reset it. Developers relying on global state should be aware of this. |
6 years ago |
Paul Tyng
|
22ef5cc99c |
Modify language for reporting signing state
Be more explicit about the signing status of fetched plugins and provide documentation about the different signing options. |
6 years ago |
|
Alisdair McDiarmid
|
62d826e066 |
command/init: Use full config for provider reqs
Relying on the early config for provider requirements was necessary in Terraform 0.12, to allow the 0.12upgrade command to run after init installs providers. However in 0.13, the same restrictions do not apply, and the detection of provider requirements has changed. As a result, the early config loader gives incorrect provider requirements in some circumstances, such as those in the new test in this commit. Therefore we are changing the init command to use the requirements found by the full configuration loader. This also means that we can remove the internal initwd CheckCoreVersionRequirements function. |
6 years ago |
|
Kristin Laemmert
|
eead4c49fe |
command/init: add e2e tests for provider not found messages
|
6 years ago |
|
Kristin Laemmert
|
8d28d73de3 |
getproviders: add a registry-specific error and modify output when a
provider is not found. Previously a user would see the following error even if terraform was only searching the local filesystem: "provider registry registry.terraform.io does not have a provider named ...." This PR adds a registry-specific error type and modifies the MultiSource installer to check for registry errors. It will return the registry-specific error message if there is one, but if not the error message will list all locations searched. |
6 years ago |
|
Kristin Laemmert
|
0d620018fe
|
provider cache: log errors and validate dir exists (#24993)
* providercache: add logging for errors from getproviders.SearchLocalDirectory providercache.fillMetaCache() was silently swallowing errors when searching the cache directory. This commit logs the error without changing the behavior otherwise. * command/cliconfig: validate plugin cache dir exists The plugin cache directory must exist for terraform to use it, so we will add a check at the begining. |
6 years ago |
|
Kristin Laemmert
|
d350818126
|
internal/getproviders: fix panic with invalid path parts (#24940)
* internal/getproviders: fix panic with invalid path parts If the search path is missing a directory, the provider installer would try to create an addrs.Provider with the wrong parts. For example if the hostname was missing (as in the test case), it would call addrs.NewProvider with (namespace, typename, version). This adds a validation step for each part before calling addrs.NewProvider to avoid the panic. |
6 years ago |
|
Alisdair McDiarmid
|
070c3018f8 |
internal/providercache: Remove unused retry events
|
6 years ago |
|
Alisdair McDiarmid
|
e27a36cafd |
internal/getproviders: Retry failed HTTP requests
This is a port of the retry/timeout logic added in #24260 and #24259, using the same environment variables to configure the retry and timeout settings. |
6 years ago |
|
Kristin Laemmert
|
60321b41e8
|
getproviders: move protocol compatibility functions into registry client (#24846)
* internal/registry source: return error if requested provider version protocols are not supported * getproviders: move responsibility for protocol compatibility checks into the registry client The original implementation had the providercache checking the provider metadata for protocol compatibility, but this is only relevant for the registry source so it made more sense to move the logic into getproviders. This also addresses an issue where we were pulling the metadata for every provider version until we found one that was supported. I've extended the registry client to unmarshal the protocols in `ProviderVersions` so we can filter through that list, instead of pulling each version's metadata. |
6 years ago |
|
Alisdair McDiarmid
|
62b0cbed12 |
internal: Fix LookupLegacyProvider
When looking up the namespace for a legacy provider source, we need to
use the /v1/providers/-/{name}/versions endpoint. For non-HashiCorp
providers, the /v1/providers/-/{name} endpoint returns a 404.
This commit updates the LegacyProviderDefaultNamespace method and the
mock registry servers accordingly.
|
6 years ago |
|
Alisdair McDiarmid
|
ae98bd12a7 |
command: Rework 0.13upgrade sub-command
This commit implements most of the intended functionality of the upgrade command for rewriting configurations. For a given module, it makes a list of all providers in use. Then it attempts to detect the source address for providers without an explicit source. Once this step is complete, the tool rewrites the relevant configuration files. This results in a single "required_providers" block for the module, with a source for each provider. Any providers for which the source cannot be detected (for example, unofficial providers) will need a source to be defined by the user. The tool writes an explanatory comment to the configuration to help with this. |
6 years ago |
|
Kristin Laemmert
|
cca0526705
|
providercache: actually break out of the loop when a matching version is found (#24823)
|
6 years ago |
|
Kristin Laemmert
|
ce03f1255f
|
internal/providercache: fix error message for protocol mismatch (#24818)
There was a bug in the installer trying to pass a nil error. |
6 years ago |
|
Kristin Laemmert
|
320fcf4942
|
internal/getproviders: apply case normalizations in ParseMultiSourceMatchingPatterns (#24753)
* internal/getproviders: apply case normalizations in ParseMultiSourceMatchingPatterns This is a very minor refactor which takes advantage of addrs.ParseProviderPart case normalization to normalize non-wildcard sources. |
6 years ago |
|
Martin Atkins
|
1ce3c60693
|
command/cliconfig: Explicit provider installation method configuration
This set of commits allows explicit configuration of provider installation methods in the CLI config, overriding the implicit method selections. |
6 years ago |
|
Martin Atkins
|
8b75d1498f |
command/cliconfig: Use existing HTTP mirror source rather than new stub
An earlier commit added a redundant stub for a new network mirror source that was already previously stubbed as HTTPMirrorSource. This commit removes the unnecessary extra stub and changes the CLI config handling to use it instead. Along the way this also switches to using a full base URL rather than just a hostname for the mirror, because using the usual "Terraform-native service discovery" protocol here doesn't isn't as useful as in the places we normally use it (the mirror mechanism is already serving as an indirection over the registry protocol) and using a direct base URL will make it easier to deploy an HTTP mirror under a path prefix on an existing static file server. |
6 years ago |
|
Kristin Laemmert
|
84e9d86c25
|
Update installer_test.go
update now-exported function (fix bad PR) |
6 years ago |
|
Kristin Laemmert
|
21b9da5a02
|
internal/providercache: verify that the provider protocol version is compatible (#24737)
* internal/providercache: verify that the provider protocol version is compatible The public registry includes a list of supported provider protocol versions for each provider version. This change adds verification of support and adds a specific error message pointing users to the closest matching version. |
6 years ago |
|
Alisdair McDiarmid
|
54abb87fb4 |
Fix broken test due to function rename
|
6 years ago |