Commit Graph

438 Commits

Author SHA1 Message Date
Nick Fagerlund
b3f254e08d Upgrade to go-tfe v1.29.0 (for saved plan run support) 2023-07-24 14:07:16 -04:00
Martin Atkins
a7807dac16 main: Optionally configure an OpenTelemetry OTLP exporter
Terraform CLI is sometimes used as part of a larger distributed system, in
which case it would be helpful to be able to gather telemetry from it
as part of the larger request it's being run in response to.

We'll now support optionally enabling an OTLP exporter by setting the
environment variable OTEL_TRACES_EXPORTER=otlp (a standard OpenTelemetry
convention). As of this commit there isn't actually anything emitting
traces to the specified collector, but we'll gradually add tracing
instrumentation to parts of Terraform CLI and Core in later commits.
2023-07-14 10:24:10 -07:00
Martin Atkins
9e6cc4ae6f go.mod: go get google.golang.org/grpc@v1.53.0
This is to upgrade past the vulnerability described here:
    https://github.com/advisories/GHSA-cfgp-2977-2fmm

Terraform does not seem to be significantly affected by it since our use
is primarily between Terraform Core and provider plugins where at worst
a provider could just make its own connection to Terraform malfunction.
However, this also appears to be a relatively low-risk upgrade.

This does force upgrading some of the Google Cloud Platform dependencies,
which the "gcs" (Google Cloud Storage) backend depends on, so there is
some minor risk to that backend but the upstream changes to those
dependencies do not seem to be significant.
2023-07-06 13:14:07 -07:00
Brandon Croft
63124e0cb7
Merge pull request #33336 from hashicorp/TF-7056-uploading-state-directly-to-hosted-state-upload-url-when-available
cloud: when saving state, utilize new 'pending' state version
2023-06-22 11:11:00 -06:00
Liam Cervante
1fe57d457d
upgrade golang.org/x/crypto/openpgp to github.com/ProtoMail/go-crypto (#33406) 2023-06-22 08:32:12 +02:00
Brandon Croft
9fe3f7a7b4
cloud: when saving state, create a pending state version then upload
Create a pending state version followed by a separate state upload

When this version of the endpoint fails (It is not yet generally available, or when using with Terraform Enterprise) Fall back to the original call with state content included in the request.

This strategy will reduce the amount of save failures due to network latency and gateway timeouts.
2023-06-21 12:30:32 -06:00
Martin Atkins
237877f170 go.mod: go get github.com/hashicorp/terraform-svchost@v0.1.1
This includes a change to make svchost.Disco and the caching credentials
source both safe for concurrent calls.
2023-06-14 07:36:45 -07:00
CJ Horton
8213513e2b
Merge pull request #33278 from hashicorp/radditude/cloud-config-generation
plannable import: allow writing generated config when using the cloud integration
2023-05-31 12:00:37 -07:00
Martin Atkins
1962b1167c go.mod: go get github.com/hashicorp/hcl/v2@v2.17.0
This introduces HCL's own updates to generate refinements for unknown
results from some operations.
2023-05-31 10:14:13 -07:00
CJ Horton
b705414d6b use newly released go-tfe 1.26.0 2023-05-30 17:25:23 -07:00
Martin Atkins
9f6a3ba701 build: Generate copyright headers automatically
HashiCorp legal now requires a copyright claim in a comment at the top of
every substantial file in this repository. If we don't add this ourselves
then a bot will open a PR to add missing entries, but that process adds
git history, pull request, and GitHub notification noise so instead we'll
deal with it proactively as part of our usual code generation steps.

This means that pull requests will fail their checks if there are any
files that lack copyright headers, so we can deal with those before we
merge rather than in a subsequent PR.
2023-05-30 08:21:40 -07:00
CJ Horton
cdce4c4a6d write generated config when using the cloud integration 2023-05-30 00:17:02 -07:00
CJ Horton
b88bae2ec4 tests for cloud backend config generation 2023-05-29 22:34:30 -07:00
Martin Atkins
1ef550e59a go.mod: go get github.com/zclconf/go-cty@v1.3.2 2023-05-24 13:44:03 -07:00
Martin Atkins
c046b846a7 go.mod: upgrade github.com/hashicorp/go-tfe for response header hooks 2023-05-23 15:25:48 -07:00
James Bardin
6c08c3e45e udpate go-cty 2023-05-19 13:37:10 -04:00
Sebastian Rivera
b23cfaefe8 Refactor SRO check to prevent duplicate plan output 2023-04-13 18:30:56 -04:00
Martin Atkins
9f827f57ae go.mod: Revert cty minor version v1.13 upgrade
We inadvertently incorporated the new minor release of cty into the 1.4
branch, and that's introduced some more refined handling of unknown values
that is too much of a change to introduce in a patch release.

Therefore this reverts back to the previous minor release for the v1.4
series, and then we'll separately get the main branch ready to work
correctly with the new cty before Terraform v1.5.

This reverts just the upgrade and the corresponding test changes from
#32775, while retaining the HCL upgrade and the new test case it
introduced for that bug it was trying to fix. That new test is still
passing so it seems that the cty upgrade is not crucial to that fix.
2023-03-16 11:48:41 -04:00
Liam Cervante
32f151f20b
Update HCL to handle type mismatches when applying defaults (#32775)
* add test reproducing terraform crash

* pull latest hcl

* add missing go.sum file

* also fix tests broken by go-cty update
2023-03-09 14:29:58 +01:00
Alisdair McDiarmid
5e83ccc1f9 Remove terraform-config-inspect 2023-03-06 09:14:28 -05:00
dependabot[bot]
cff7584a38 Bump golang.org/x/net from 0.5.0 to 0.7.0
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.5.0 to 0.7.0.
- [Release notes](https://github.com/golang/net/releases)
- [Commits](https://github.com/golang/net/compare/v0.5.0...v0.7.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-21 16:31:19 -08:00
Martin Atkins
c7aff57c92 build: Use Go 1.20.0
This changes which Go version we use for official releases and for
everyday development and testing.

At the time of this commit Go 1.20.1 is available but is not yet included
in goenv, the tool that we use in some environments for reacting
automatically to this file. I expect we'll upgrade to Go 1.20.1 very soon,
but this is a routine upgrade to the latest major release so that we can
start soaking in the new compiler and library behaviors throughout the
v1.5 development period.

Go 1.20 continues to support only Unicode 13, so we do not need to make
any changes to our supporting packages that also rely on Unicode data.
2023-02-17 14:24:52 -08:00
Jukie
e2106907f5 Update go-getter version 2023-02-13 11:15:58 -07:00
Yin Luo
e9b066f514
Support assume role for cos backend (#32631)
* go get github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/sts/v20180813@v1.0.588

* feat:support assume_role for COS backend

* update go.mod and go.sum

* change secret_id and secret_key from required to optional

* update cos doc

* update logic by comments

* rm sensitive info in log
2023-02-13 10:25:58 +01:00
Sebastian Rivera
de574ae6d4
Initial implementation of structured logging in cloud backend (#32504)
* Implementation of structured logging.

These are the changes that enable the cloud backend to consume
structured logs and make use of the new plan renderer. This will enable
CLI-driven runs to view the structured output in the Terraform Cloud UI.

* Cloud structured logging unit tests

* Remove deferred logs logic, fix minor issues

Color formatting fixes, log type stop lists, default behavior for logs
that are unknown

* Use service disco path in redacted plan url
2023-02-09 13:35:48 +01:00
Brandon Croft
0cafe0dfdb
Merge pull request #32571 from hashicorp/TF-3527-detect-alias-localterraform-com-during-terraform-init
Add support for Terraform Enterprise generic hostname localterraform.com
2023-01-31 10:59:12 -07:00
Liam Cervante
24b88b7a72
Reverse the order of conversion/defaults, and update HCL with more flexible defaults package (#32454)
* Add failing test case for the given issue

* pause

* don't use local when sending PR for review

* go get github.com/hashicorp/hcl/v2@v2.16.0

* Update go.mod

---------

Co-authored-by: Alisdair McDiarmid <alisdair@users.noreply.github.com>
2023-01-31 06:37:24 -05:00
Brandon Croft
2fe3a23094
Add generic hostname (localterraform.com) support to cloud backend
Aliases the backend hostname config as "localterraform.com" and duplicates any existing auth credentials during cloud backend configuration.
2023-01-30 17:21:24 -07:00
Sheridan C Rawlins
75e5ae27a2
[fixes 31700] Add mTLS support for http backend by way of client cert & key, as well as enterprise cacert. (#31699)
* Add mTLS support for http backend by way of client cert & key, as well as enterprise cacert.

* Fix style.

* Skip cert validation to be sure error is related to missing client cert; not untrusted server cert.

* Remove misplaced err check.

* Fix the size of test using http backend.

* Just for correctness, include all certs in the pem encoded cert - sometimes certs come with a chain of their signers.

* Adjusted names as recommended in PR comments.

* Adjusted names to be full-length and more descriptive.

* Added full-fledged testing with mTLS http server

* Fix goimports.

* Fix the names of the backend config.

* Exclusive lock for write and delete.

* Revert "Fix goimports."

This reverts commit 7d40f6099fbbb675fb2e25e35ee40aeafe3d0a22.

* goimports just for server test.

* Added the go:generation for the mock.

* Move the TLS configuration out to make it more readable - don't replace the HTTPClient as the retryablehttp already creates one - just configure its TLS.

* Just switch the client/data params - felt more natural this way.

* Update internal/backend/remote-state/http/backend.go

Co-authored-by: kmoe <5575356+kmoe@users.noreply.github.com>

* Update internal/backend/remote-state/http/testdata/gencerts.sh

Co-authored-by: kmoe <5575356+kmoe@users.noreply.github.com>

* Update internal/backend/remote-state/http/backend.go

Co-authored-by: kmoe <5575356+kmoe@users.noreply.github.com>

* Update internal/backend/remote-state/http/backend.go

Co-authored-by: kmoe <5575356+kmoe@users.noreply.github.com>

* Update internal/backend/remote-state/http/backend.go

Co-authored-by: kmoe <5575356+kmoe@users.noreply.github.com>

* Update internal/backend/remote-state/http/backend.go

Co-authored-by: kmoe <5575356+kmoe@users.noreply.github.com>

* the location of the file name is not sensitive.

* Added error if only one of client_certificate_pem and client_private_key_pem are set.

* Remove testify from test cases; use t.Error* for assert and t.Fatal* for require.

* Fixed import consistency

* Just use default openssl.

* Since file(...) is so trivial to use, changed the client cert, key, and ca cert to be the data.

See also https://github.com/hashicorp/terraform-provider-http/pull/211

Co-authored-by: Sheridan C Rawlins <scr@ouryahoo.com>
Co-authored-by: kmoe <5575356+kmoe@users.noreply.github.com>
2023-01-26 14:08:07 +00:00
Anna Winkler
3cc7e55465
Expand error when discovery document request fails (#32394)
* Expand error when discovery document request fails.
* Use error type from svchost library
* Use svchost v0.0.1
2023-01-24 15:19:12 -07:00
Brandon Croft
5ac03755e7
Merge pull request #32303 from mrinalirao/mr/policy-evaluation
Add policy evaluation task stage to the CLI
2023-01-17 14:47:23 -07:00
Martin Atkins
8253821e56 go get github.com/zclconf/go-cty-yaml@v1.0.3
This includes the fix for a bug in what Terraform calls the "yamldecode"
function, where it was not correctly handling any situation where the
decode result is a null value. It was previously returning an unknown
value in that case, whereas now it returns a null value as expected.
2022-11-29 17:45:45 -08:00
mrinalirao
d7c7f3689c refactor task results to run as a task stage 2022-11-29 11:57:51 +11:00
Jarrett Spiker
cebd5e3fce Upgrade go-tfe to 1.12.0 2022-11-21 14:54:07 -05:00
Sarah French
6fd3a8cdf4
go get cloud.google.com/go/storage@v1.28.0 (#32203)
* go get cloud.google.com/go/storage@v1.28.0

* go mod tidy

* Run `make generate` & `make protobuf` using go1.19.3
2022-11-21 13:14:55 +00:00
Jamie Finnigan
530c0d33e4
go.mod: go get -u github.com/mitchellh/cli 2022-11-15 09:05:52 -08:00
Liam Cervante
0c7fda1906
Update HCL and go-cty to fix optional and default attributes (#32178)
* Add test cases to verify all the default and optional issues are fixed

* actually commit all the tests

* update go-cty

* Update hcl
2022-11-10 14:00:16 +00:00
Liam Cervante
6521355ba5
Convert variable types before applying defaults (#32027)
* Convert variable types before applying defaults

* revert change to unrelated test

* Add another test case to verify behaviour

* update go-cty

* Update internal/terraform/eval_variable.go

Co-authored-by: alisdair <alisdair@users.noreply.github.com>

Co-authored-by: alisdair <alisdair@users.noreply.github.com>
2022-11-02 09:38:23 +01:00
Tom Bamford
ff68c8d129
Merge pull request #31966 from kschu91/feature/azure-generic-oidc
backend/azurerm: add support for generic OIDC authentication
2022-10-31 11:25:36 +00:00
Liam Cervante
ab8a3f7063
Update go-cty to latest version (#32033)
* Update go-cty to latest version

* go mod tidy
2022-10-18 17:06:10 +02:00
James Bardin
713421c3ab
Merge pull request #31908 from hashicorp/bump_net
go get -u golang.org/x/net
2022-10-18 09:44:59 -04:00
Brandon Croft
bc1436af53
Merge pull request #31821 from glennsarti/gs/TF-707-add-pre-apply
Add support for pre-apply task results in the cloud backend
2022-10-10 09:18:15 -06:00
Kevin Schu
5842950291 Added support for generic OIDC authentication (eg. Gitlab) and ensure documentation is more clear about it´s usage. oidc_request_url and oidc_request_token are meant to be used for Github Actions only. 2022-10-07 19:23:01 +02:00
Sarah French
d43ec0f30f
Add customer-managed encryption key (KMS) support to GCS backend (#31786)
* Add ability to use customer-managed KMS key to encrypt state, add acceptance tests

* Change test names for different encrpytion methods

* Commit files updated by `go mod tidy`

* Add guard against missing ENVs to `setupKmsKey` func

* Update KMS setup function to get credentials from ENVs

* Update tests to not include zero-values in config

This means that default values are supplied later by TF instead of supplied as config from the user

This also avoids issues related to making field conflicts explicit with `ConflictsWith`

* Make `encryption_key` & `kms_encryption_key` conflicting fields

Removing the Default from `encryption_key` does not appear to be a breaking change when tested manually

* Add ability to set `kms_encryption_key` via ENV

* Refactor `encryption_key` to use `DefaultFunc` to access ENV, if set

* Remove comments

* Update `gcs` backend docs & descriptions in schema

* Update `gcs` backend docs to include information on encryption methods

* Apply technical writing suggestions from code review

Co-authored-by: Matthew Garrell <69917312+mgarrell777@users.noreply.github.com>

* Update documentation to remove passive voice

* Change use of context in tests, add inline comment, update logs

* Remove use of `ReadPathOrContents` for new field

Co-authored-by: Matthew Garrell <69917312+mgarrell777@users.noreply.github.com>
2022-10-04 10:10:49 +01:00
Jamie Finnigan
f133b06dee go get -u golang.org/x/net 2022-09-29 17:28:33 -07:00
Alisdair McDiarmid
10ae444ee2 Upgrade HCL to fix optional attr default crash
Also add regression test coverage of the crash. This would occur when
objects with optional attributes had default values of different type
from the attribute type, and the objects were members of a collection.

For example:

list(object({
  a = optional(set(string), [])
}))

If this type constraint is applied to a variable value where one object
has a set(string) value for a, and the other object applies the empty
tuple default, Terraform would crash.
2022-09-23 10:34:54 -04:00
Glenn Sarti
fc7b6b7f15 Upgrade go-tfe to 1.10.0
This commit updates the go-tfe library to the latest version (1.10.0). This is needed by
later commits for the pre-apply task stage.
2022-09-20 16:18:19 +08:00
Alisdair McDiarmid
9d864c2430 Use upstreamed HCL typexpr package
The 2.14.0 release of HCL includes the typeexpr changes we tested here,
so now we can revert to using the HCL package and remove our fork.
2022-09-01 16:03:48 -04:00
James Bardin
522556534d
remove deprecated backends (#31711)
* remove deprecated backends

* remove backend docs

Remove references to deprecated backends from docs.
2022-08-31 10:17:07 +01:00
Megan Bang
de8bd5826f first part of code review comments 2022-08-30 17:01:44 -05:00