diff --git a/CHANGELOG.md b/CHANGELOG.md index 2a9f361fd0..884ebfe563 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -44,6 +44,7 @@ BUG FIXES: * When rendering a diff, Terraform now quotes the name of any object attribute whose string representation is not a valid identifier. ([#30766](https://github.com/hashicorp/terraform/issues/30766)) * Terraform will prioritize local terraform variables over remote terraform variables in operations such as `import`, `plan`, `refresh` and `apply` for workspaces in local execution mode. This behavior applies to both `remote` backend and the `cloud` integration configuration. ([#29972](https://github.com/hashicorp/terraform/issues/29972)) * `terraform show -json`: JSON plan output now correctly maps aliased providers to their configurations, and includes the full provider source address alongside the short provider name. ([#30138](https://github.com/hashicorp/terraform/issues/30138)) +* The local token configuration now has higher priority than the token specified in a CLI configuration. ([#30664](https://github.com/hashicorp/terraform/issues/30664)) ## Previous Releases diff --git a/internal/backend/remote/backend.go b/internal/backend/remote/backend.go index 4635fa6f26..131a9a9039 100644 --- a/internal/backend/remote/backend.go +++ b/internal/backend/remote/backend.go @@ -256,24 +256,25 @@ func (b *Remote) Configure(obj cty.Value) tfdiags.Diagnostics { return diags } - // Retrieve the token for this host as configured in the credentials - // section of the CLI Config File. - token, err := b.token() - if err != nil { - diags = diags.Append(tfdiags.AttributeValue( - tfdiags.Error, - strings.ToUpper(err.Error()[:1])+err.Error()[1:], - "", // no description is needed here, the error is clear - cty.Path{cty.GetAttrStep{Name: "hostname"}}, - )) - return diags + // Get the token from the config. + var token string + if val := obj.GetAttr("token"); !val.IsNull() { + token = val.AsString() } - // Get the token from the config if no token was configured for this - // host in credentials section of the CLI Config File. + // Retrieve the token for this host as configured in the credentials + // section of the CLI Config File if no token was configured for this + // host in the config. if token == "" { - if val := obj.GetAttr("token"); !val.IsNull() { - token = val.AsString() + token, err = b.token() + if err != nil { + diags = diags.Append(tfdiags.AttributeValue( + tfdiags.Error, + strings.ToUpper(err.Error()[:1])+err.Error()[1:], + "", // no description is needed here, the error is clear + cty.Path{cty.GetAttrStep{Name: "hostname"}}, + )) + return diags } } diff --git a/internal/cloud/backend.go b/internal/cloud/backend.go index 9a01af33f0..6f64a9476c 100644 --- a/internal/cloud/backend.go +++ b/internal/cloud/backend.go @@ -214,24 +214,24 @@ func (b *Cloud) Configure(obj cty.Value) tfdiags.Diagnostics { return diags } - // Retrieve the token for this host as configured in the credentials - // section of the CLI Config File. - token, err := b.token() - if err != nil { - diags = diags.Append(tfdiags.AttributeValue( - tfdiags.Error, - strings.ToUpper(err.Error()[:1])+err.Error()[1:], - "", // no description is needed here, the error is clear - cty.Path{cty.GetAttrStep{Name: "hostname"}}, - )) - return diags + // First we'll retrieve the token from the configuration + var token string + if val := obj.GetAttr("token"); !val.IsNull() { + token = val.AsString() } - // Get the token from the config if no token was configured for this - // host in credentials section of the CLI Config File. + // Get the token from the CLI Config File in the credentials section + // if no token was not set in the configuration if token == "" { - if val := obj.GetAttr("token"); !val.IsNull() { - token = val.AsString() + token, err = b.token() + if err != nil { + diags = diags.Append(tfdiags.AttributeValue( + tfdiags.Error, + strings.ToUpper(err.Error()[:1])+err.Error()[1:], + "", // no description is needed here, the error is clear + cty.Path{cty.GetAttrStep{Name: "hostname"}}, + )) + return diags } }