Commit Graph

22 Commits

Author SHA1 Message Date
Martin Atkins
383bbdeebc Upgrade to Go 1.17
This includes the addition of the new "//go:build" comment form in addition
to the legacy "// +build" notation, as produced by gofmt to ensure
consistent behavior between Go versions. The new directives are all
equivalent to what was present before, so there's no change in behavior.

Go 1.17 continues to use the Unicode 13 tables as in Go 1.16, so this
upgrade does not require also upgrading our Unicode-related dependencies.

This upgrade includes the following breaking changes which will also
appear as breaking changes for Terraform users, but that are consistent
with the Terraform v1.0 compatibility promises.

- On MacOS, Terraform now requires macOS 10.13 High Sierra or later.

This upgrade also includes the following breaking changes which will
appear as breaking changes for Terraform users that are inconsistent with
our compatibility promises, but have justified exceptions as follows:

- cidrsubnet, cidrhost, and cidrnetmask will now reject IPv4 CIDR
  addresses whose decimal components have leading zeros, where previously
  they would just silently ignore those leading zeros.

  This is a security-motivated exception to our compatibility promises,
  because some external systems interpret zero-prefixed octets as octal
  numbers rather than decimal, and thus the previous lenient parsing could
  lead to a different interpretation of the address between systems, and
  thus potentially allow bypassing policy when configuring firewall rules
  etc.

This upgrade also includes the following breaking changes which could
_potentially_ appear as breaking changes for Terraform users, but that do
not in practice for the reasons given:

- The Go net/url package no longer allows query strings with pairs
  separated by semicolons instead of ampersands. This primarily affects
  HTTP servers written in Go, and Terraform includes a special temporary
  HTTP server as part of its implementation of OAuth for "terraform login",
  but that server only needs to accept URLs created by Terraform itself
  and Terraform does not generate any URLs that would be rejected.
2021-08-17 15:20:05 -07:00
James Bardin
4922c743c8 update circleci to cimg to match release pipeline
This allows us to update the go version as well
2021-05-20 11:14:14 -04:00
James Bardin
7b38f9dd1d rollback go version for circleci 2021-05-19 14:51:01 -04:00
James Bardin
d8e8ea34fa update go version 2021-05-19 14:03:12 -04:00
Martin Atkins
df1d932fd2 build: Use Go 1.16.2
Unfortunately at the moment I'm adding this the release isn't yet
available in the current version of goenv, but due to these including
security stuff and because we're about to make a Terraform release we're
letting this get slightly ahead of goenv on the assumption that it will
catch up shortly.
2021-03-17 10:27:37 -07:00
James Bardin
9ea805f480 Revert "match terraform-releases expectations"
This reverts commit 270de49ef5.
2021-02-24 14:33:24 -05:00
James Bardin
270de49ef5 match terraform-releases expectations 2021-02-24 14:08:12 -05:00
Martin Atkins
e3abe9020d build: Terraform is now built with Go 1.16 2021-02-23 09:56:06 -08:00
James Bardin
537070ca57 update to go1.15.2 2020-09-23 15:18:22 -04:00
Alisdair McDiarmid
b273ffe4df build: Use go 1.14.7
From the go release notes:

go1.14.3 (released 2020/05/14) includes fixes to cgo, the compiler, the
runtime, and the go/doc and math/big packages.

go1.14.4 (released 2020/06/01) includes fixes to the go doc command, the
runtime, and the encoding/json and os packages.

go1.14.5 (released 2020/07/14) includes security fixes to the
crypto/x509 and net/http packages.

go1.14.6 (released 2020/07/16) includes fixes to the go command, the
compiler, the linker, vet, and the database/sql, encoding/json,
net/http, reflect, and testing packages.

go1.14.7 (released 2020/08/06) includes security fixes to the
encoding/binary package.

https://golang.org/doc/devel/release.html#go1.14.minor
2020-08-25 12:37:08 -04:00
Matthew Frahry
481b03c34a
Update azure backend storage sdk (#24669)
* update vendored azure sdk

* vendor giovanni storage sdk

* Add giovanni clients

* go mod vendor

* Swap to new storage sdk

* workable tests

* update .go-version to 1.14.2

* Tests working minus SAS

* Add SAS Token support

* Update vendor

* Passing tests

* Add date randomizer

* Captalize RG

* Remove random bits

* Update client var name

Co-authored-by: kt <kt@katbyte.me>
2020-05-20 17:29:02 +02:00
Martin Atkins
43c1ec69e2 build: Use Go 1.14
This implies some notable changes that will have a visible impact to
end-users of official Terraform releases:

- Terraform is no longer compatible with MacOS 10.10 Yosemite, and
  requires at least 10.11 El Capitan. (Relatedly, Go 1.14 is planned to be
  the last release to support El Capitan, so while that remains supported
  for now, it's notable that Terraform 0.13 is likely to be the last major
  release of Terraform supporting it, with 0.14 likely to further require
  MacOS 10.12 Sierra.)

- Terraform is no longer compatible with FreeBSD 10.x, which has reached
  end-of-life. Terraform now requires FreeBSD 11.2 or later.

- Terraform now supports TLS 1.3 when it makes connections to remote
  services such as backends and module registries. Although TLS 1.3 is
  backward-compatible in principle, some legacy systems reportedly work
  incorrectly when attempting to negotiate it. (This change does not
  affect outgoing requests made by provider plugins, though they will see
  a similar change in behavior once built with Go 1.13 or later.)

- Ed25519 certificates are now supported for TLS 1.2 and 1.3 connections.

- On UNIX systems where "use-vc" is set in resolv.conf, TCP will now be
  used for DNS resolution. This is unlikely to cause issues in practice
  because a system set up in this way can presumably already reach its
  nameservers over TCP (or else other applications would misbehave), but
  could potentially lead to lookup failures in unusual situations where a
  system only runs Terraform, has historically had "use-vc" in its
  configuration, but yet is blocked from reaching its configured
  nameservers over TCP.

- Some parts of Terraform now support Unicode 12.0 when working with
  strings. However, notably the Terraform Language itself continues to
  use the text segmentation tables from Unicode 9.0, which means it lacks
  up-to-date support for recognizing modern emoji combining forms as
  single characters. (We may wish to upgrade the text segmentation tables
  to Unicode 12.0 tables in a later commit, to restore consistency.)

This also includes some changes to the contents of "vendor", and
particularly to the format of vendor/modules.txt, per the changes to
vendoring in the Go 1.14 toolchain. This new syntax is activated by the
specification of "go 1.14" in the go.mod file.

Finally, the exact format of error messages from the net/http library has
changed since Go 1.12, and so a couple of our tests needed updates to
their expected error messages to match that.
2020-03-04 13:26:50 -08:00
Martin Atkins
2de4a28860 Build with Go 1.12.13
This is the latest 1.12 minor release at the time of writing. We are not
yet upgrading to Go 1.13 because it ends support for MacOS 10.10 and
earlier (Yosemite) and for versions of FreeBSD prior to 11.2, and so we
need to make that switch with care to properly phase those out as
supported platforms in Terraform too.
2019-11-06 07:02:54 -08:00
Martin Atkins
39b6a322e6 build: Use Go 1.12.9
This is a minor release of Go that does not include any changes that
affect Terraform's behavior.

This does include a fix for golang/go#31084 that could potentially affect
HCL arithmetic (via math/big) on aarch64, but we do not currently build
Terraform for aarch64 so it cannot have affected any previous releases.
2019-08-16 16:29:43 -07:00
Martin Atkins
f6c6a88fe8 build: Use Go 1.12.8
This this includes some security fixes that don't impact Terraform along
with a number of general improvements and fixes in the Go toolchain that
don't appear to affect Terraform behavior.

- URL parsing (such as in the "source" argument in a "module" block) now
  validates more strictly the port portion, rejecting non-numeric ports.
  Previously this could potentially lead to parts of the URL being
  silently ignored.

- The temporary callback server for the forthcoming OAuth client
  implementation in "terraform login" would otherwise have been vulnerable
  to local (on the same host) denial of service attacks, which is not
  a common attack vector but good to fix anyway.
2019-08-16 16:29:43 -07:00
Radek Simko
67defb768e
go-version: Bump to 1.12.4 2019-05-13 15:34:21 +01:00
James Bardin
b5b1e94f3a bump go version to 1.12.1 2019-03-14 17:28:16 -04:00
Martin Atkins
1a8ddc26a5 Switch to Go 1.11.5
An earlier commit incorrectly updated some versions in go.mod without also
updating the vendor tree, so this also rolls those back to where they used
to be so that we can roll them forward carefully and make sure the tests
actually pass. (If we just accept these new versions as specified the
tests do not pass, so some work is required to fix those regressions.)
2019-01-30 17:16:12 -08:00
Alex Pilon
de769533e1
require go1.11.4 2019-01-15 14:26:21 -05:00
Martin Atkins
413959406a build: Use Go 1.11.3 in Travis-CI and in environments using "goenv" 2018-12-13 17:30:48 -08:00
Martin Atkins
88984aaca0 build: Specify in .go-version that we build with Go 1.11.1 2018-10-16 19:14:11 -07:00
Martin Atkins
e6c958048c build: Document in a machine-readable way that we are now using Go 1.11 2018-10-16 19:14:11 -07:00