As explained by the deleted comments, this package was used to identify situations where the `terraform 0.12upgrade` command can help migrate 0.11 syntax. Current versions of terraform don't include this command, and it's not likely that users are attempting upgrades from 0.11 to 1.4+
The replacement init swaps the order of the module and backend initialization in order to prepare for the next commit.
Config initialization now takes the following approach:
1. Load the root module, but withhold diagnostic errors until after version check
2. Initialize the backend, but withhold diagnostic errors until after version check
3. Get modules
4. Load all config (root and modules)
5. Check terraform version requirements (this can be defined by nested modules) and display any errors. It's important to show these first because prior errors could be the result of a newer terraform version syntax
6. Finally, show any errors related to backed init or config loading
* Add mTLS support for http backend by way of client cert & key, as well as enterprise cacert.
* Fix style.
* Skip cert validation to be sure error is related to missing client cert; not untrusted server cert.
* Remove misplaced err check.
* Fix the size of test using http backend.
* Just for correctness, include all certs in the pem encoded cert - sometimes certs come with a chain of their signers.
* Adjusted names as recommended in PR comments.
* Adjusted names to be full-length and more descriptive.
* Added full-fledged testing with mTLS http server
* Fix goimports.
* Fix the names of the backend config.
* Exclusive lock for write and delete.
* Revert "Fix goimports."
This reverts commit 7d40f6099fbbb675fb2e25e35ee40aeafe3d0a22.
* goimports just for server test.
* Added the go:generation for the mock.
* Move the TLS configuration out to make it more readable - don't replace the HTTPClient as the retryablehttp already creates one - just configure its TLS.
* Just switch the client/data params - felt more natural this way.
* Update internal/backend/remote-state/http/backend.go
Co-authored-by: kmoe <5575356+kmoe@users.noreply.github.com>
* Update internal/backend/remote-state/http/testdata/gencerts.sh
Co-authored-by: kmoe <5575356+kmoe@users.noreply.github.com>
* Update internal/backend/remote-state/http/backend.go
Co-authored-by: kmoe <5575356+kmoe@users.noreply.github.com>
* Update internal/backend/remote-state/http/backend.go
Co-authored-by: kmoe <5575356+kmoe@users.noreply.github.com>
* Update internal/backend/remote-state/http/backend.go
Co-authored-by: kmoe <5575356+kmoe@users.noreply.github.com>
* Update internal/backend/remote-state/http/backend.go
Co-authored-by: kmoe <5575356+kmoe@users.noreply.github.com>
* the location of the file name is not sensitive.
* Added error if only one of client_certificate_pem and client_private_key_pem are set.
* Remove testify from test cases; use t.Error* for assert and t.Fatal* for require.
* Fixed import consistency
* Just use default openssl.
* Since file(...) is so trivial to use, changed the client cert, key, and ca cert to be the data.
See also https://github.com/hashicorp/terraform-provider-http/pull/211
Co-authored-by: Sheridan C Rawlins <scr@ouryahoo.com>
Co-authored-by: kmoe <5575356+kmoe@users.noreply.github.com>
Currently Terraform will use an entry from the global plugin cache only if
it matches a checksum already recorded in the dependency lock file. This
allows Terraform to produce a complete lock file entry on the first
encounter with a new provider, whereas using the cache in that case would
cause the lock file to only cover the single package in the cache and
thereefore be unusable on any other operating system or CPU architecture.
This temporary CLI config option is a pragmatic exception to support those
who cannot currently correctly use the dependency lock file but who still
want to benefit from the plugin cache. With this setting enabled,
Terraform has permission to produce a dependency lock file that is only
suitable for the current system if that would allow use of an existing
entry in the plugin cache.
We are introducing this option to resolve a conflict between the needs of
folks who are using the dependency lock file as expected and the needs of
folks who cannot use the dependency lock file for some reason. The hope
then is to give respite to those who need this exception in the meantime
while we understand better why they cannot use the dependency lock file
and improve its design so that everyone will be able to use it
successfully in a future version of Terraform. This option will become a
silent no-op in a future version of Terraform, once the dependency lock
file behavior is sufficient for all supported Terraform development
workflows.
* Use the new structured renderer in place of the old diffs package
* remove old plan tests
* refresh only plans should show moved resources in the refresh section
* remove attributes that do not match the relevant attributes filter
* fix formatting
* fix renderer function, don't drop irrelevant attributes just mark them as no-ops
* fix imports
* fix bugs in the renderer exposed by the equivalence tests
* imports
* gofmt
* remove attributes that do not match the relevant attributes filter
* fix formatting
* fix renderer function, don't drop irrelevant attributes just mark them as no-ops
* fix imports
* raw unmodified broken tests
* tests execute, no panics
* fix whitespace differences
* fix all the tests
* fix tests
* actually fix tests
* add missing plan metadata into the renderer
* address comments
* complete merge
* remove TODO raising questions about outputs, they are fixed
* missing bold on plan
* pause implementation
* change -> diff, value -> change
* add support for json and multiline strings to the primitive renderer
* goimports
* remove unused function
* go fmt
* address comments
* change -> diff, value -> change
* also update readme#
* pause
* Update internal/command/jsonformat/computed/diff.go
Co-authored-by: Alisdair McDiarmid <alisdair@users.noreply.github.com>
* add interface assertions for diff renderers
* Add support for different kinds of blocks, and for sensitive blocks
Co-authored-by: Alisdair McDiarmid <alisdair@users.noreply.github.com>
* prep for processing the structured run output
* undo unwanted change to a json key
* Add skeleton functions and API for refactored renderer
* goimports
* Fix documentation of the RenderOpts struct
* Add rendering functionality for primitives to the structured renderer
* add test case for override
* Add support for parsing and rendering sensitive values in the renderer
* Add support for unknown/computed values in the structured renderer
* delete missing unit tests
* Add support for object attributes in the structured renderer
* goimports
* Add support for the replace paths data in the structured renderer
* Add support for maps in the structured renderer
* Add support for lists in the structured renderer
* goimports
* Add support for sets in the structured renderer
* goimports
* Add support for blocks in the structured renderer
* goimports
* Add support for outputs in the structured renderer
* fix ordering of blocks
* remove unused test stub
* fix typo
* prep for processing the structured run output
* undo unwanted change to a json key
* Add skeleton functions and API for refactored renderer
* goimports
* Fix documentation of the RenderOpts struct
* Add rendering functionality for primitives to the structured renderer
* add test case for override
* Add support for parsing and rendering sensitive values in the renderer
* Add support for unknown/computed values in the structured renderer
* delete missing unit tests
* Add support for object attributes in the structured renderer
* goimports
* Add support for the replace paths data in the structured renderer
* Add support for maps in the structured renderer
* Add support for lists in the structured renderer
* goimports
* Add support for sets in the structured renderer
* goimports
* Add support for blocks in the structured renderer
* goimports
* fix ordering of blocks
* remove unused test stub
* prep for processing the structured run output
* undo unwanted change to a json key
* Add skeleton functions and API for refactored renderer
* goimports
* Fix documentation of the RenderOpts struct
* Add rendering functionality for primitives to the structured renderer
* add test case for override
* Add support for parsing and rendering sensitive values in the renderer
* Add support for unknown/computed values in the structured renderer
* delete missing unit tests
* Add support for object attributes in the structured renderer
* goimports
* Add support for the replace paths data in the structured renderer
* Add support for maps in the structured renderer
* Add support for lists in the structured renderer
* goimports
* Add support for sets in the structured renderer
* goimports
* prep for processing the structured run output
* undo unwanted change to a json key
* Add skeleton functions and API for refactored renderer
* goimports
* Fix documentation of the RenderOpts struct
* Add rendering functionality for primitives to the structured renderer
* add test case for override
* Add support for parsing and rendering sensitive values in the renderer
* Add support for unknown/computed values in the structured renderer
* delete missing unit tests
* Add support for object attributes in the structured renderer
* goimports
* Add support for the replace paths data in the structured renderer
* Add support for maps in the structured renderer
* Add support for lists in the structured renderer
* goimports
* add additional comments explaining
* prep for processing the structured run output
* undo unwanted change to a json key
* Add skeleton functions and API for refactored renderer
* goimports
* Fix documentation of the RenderOpts struct
* Add rendering functionality for primitives to the structured renderer
* add test case for override
* Add support for parsing and rendering sensitive values in the renderer
* Add support for unknown/computed values in the structured renderer
* delete missing unit tests
* Add support for object attributes in the structured renderer
* goimports
* Add support for the replace paths data in the structured renderer
* Add support for maps in the structured renderer
* prep for processing the structured run output
* undo unwanted change to a json key
* Add skeleton functions and API for refactored renderer
* goimports
* Fix documentation of the RenderOpts struct
* Add rendering functionality for primitives to the structured renderer
* add test case for override
* Add support for parsing and rendering sensitive values in the renderer
* Add support for unknown/computed values in the structured renderer
* delete missing unit tests
* Add support for object attributes in the structured renderer
* goimports
* Add support for the replace paths data in the structured renderer
* prep for processing the structured run output
* undo unwanted change to a json key
* Add skeleton functions and API for refactored renderer
* goimports
* Fix documentation of the RenderOpts struct
* Add rendering functionality for primitives to the structured renderer
* add test case for override
* Add support for parsing and rendering sensitive values in the renderer
* Add support for unknown/computed values in the structured renderer
* delete missing unit tests
* Add support for object attributes in the structured renderer
* goimports
* prep for processing the structured run output
* undo unwanted change to a json key
* Add skeleton functions and API for refactored renderer
* goimports
* Fix documentation of the RenderOpts struct
* Add rendering functionality for primitives to the structured renderer
* add test case for override
* Add support for parsing and rendering sensitive values in the renderer
* Add support for unknown/computed values in the structured renderer
* delete missing unit tests
* prep for processing the structured run output
* undo unwanted change to a json key
* Add skeleton functions and API for refactored renderer
* goimports
* Fix documentation of the RenderOpts struct
* Add rendering functionality for primitives to the structured renderer
* add test case for override
* Add support for parsing and rendering sensitive values in the renderer
* prep for processing the structured run output
* undo unwanted change to a json key
* Add skeleton functions and API for refactored renderer
* goimports
* Fix documentation of the RenderOpts struct
* Add rendering functionality for primitives to the structured renderer
* add test case for override
* goimports
* prep for processing the structured run output
* undo unwanted change to a json key
* Add skeleton functions and API for refactored renderer
* goimports
* Fix documentation of the RenderOpts struct
* Add README explaining implementation details for renderer and plans for future expansion
* Update internal/command/jsonformat/README.md
Co-authored-by: Alisdair McDiarmid <alisdair@users.noreply.github.com>
* address comments
Co-authored-by: Alisdair McDiarmid <alisdair@users.noreply.github.com>
Make writing a plan file the default. We already create plans which have
no changes so the plan result would need to be checked in automation, so
having plans with errors should not pose a problem.
If we find workflows which cannot handle a plan that can't be applied,
we can reevaluate the need for a specialized flag. In the meantime, it
feels more logical that the plan output would always describe the result
of the plan, even if that included errors.
This is a prototype of how the CLI layer might make use of Terraform
Core's ability to produce a partial plan if it encounters an error during
planning, with two new situations:
- When using local CLI workflow, Terraform will show the partial plan
before showing any errors.
- "terraform plan" has a new option -always-out=..., which is similar to
the existing -out=... but additionally instructs Terraform to produce
a plan file even if the plan is incomplete due to errors. This means
that the plan can still be inspected by external UI implementations.
This is just a prototype to explore how these parts might fit together.
It's not a complete implementation and so should not be shipped. In
particular, it doesn't include any mention of a plan being incomplete in
the "terraform show -json" output or in the "terraform plan -json" output,
both of which would be required for a complete solution.
When we originally introduced the trust-on-first-use checksum locking
mechanism in v0.14, we had to make some tricky decisions about how it
should interact with the pre-existing optional read-through global cache
of provider packages:
The global cache essentially conflicts with the checksum locking because
if the needed provider is already in the cache then Terraform skips
installing the provider from upstream and therefore misses the opportunity
to capture the signed checksums published by the provider developer. We
can't use the signed checksums to verify a cache entry because the origin
registry protocol is still using the legacy ziphash scheme and that is
only usable for the original zipped provider packages and not for the
unpacked-layout cache directory. Therefore we decided to prioritize the
existing cache directory behavior at the expense of the lock file behavior,
making Terraform produce an incomplete lock file in that case.
Now that we've had some real-world experience with the lock file mechanism,
we can see that the chosen compromise was not ideal because it causes
"terraform init" to behave significantly differently in its lock file
update behavior depending on whether or not a particular provider is
already cached. By robbing Terraform of its opportunity to fetch the
official checksums, Terraform must generate a lock file that is inherently
non-portable, which is problematic for any team which works with the same
Terraform configuration on multiple different platforms.
This change addresses that problem by essentially flipping the decision so
that we'll prioritize the lock file behavior over the provider cache
behavior. Now a global cache entry is eligible for use if and only if the
lock file already contains a checksum that matches the cache entry. This
means that the first time a particular configuration sees a new provider
it will always be fetched from the configured installation source
(typically the origin registry) and record the checksums from that source.
On subsequent installs of the same provider version already locked,
Terraform will then consider the cache entry to be eligible and skip
re-downloading the same package.
This intentionally makes the global cache mechanism subordinate to the
lock file mechanism: the lock file must be populated in order for the
global cache to be effective. For those who have many separate
configurations which all refer to the same provider version, they will
need to re-download the provider once for each configuration in order to
gather the information needed to populate the lock file, whereas before
they would have only downloaded it for the _first_ configuration using
that provider.
This should therefore remove the most significant cause of folks ending
up with incomplete lock files that don't work for colleagues using other
platforms, and the expense of bypassing the cache for the first use of
each new package with each new configuration. This tradeoff seems
reasonable because otherwise such users would inevitably need to run
"terraform providers lock" separately anyway, and that command _always_
bypasses the cache. Although this change does decrease the hit rate of the
cache, if we subtract the never-cached downloads caused by
"terraform providers lock" then this is a net benefit overall, and does
the right thing by default without the need to run a separate command.
