Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): update terraform hashicorp/terraform to v1.10.0 #311

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

red-hat-konflux[bot]
Copy link

This PR contains the following updates:

Package Type Update Change
hashicorp/terraform required_version minor 1.8.0 -> 1.10.0

Release Notes

hashicorp/terraform (hashicorp/terraform)

v1.10.0

Compare Source

1.10.0 (November 27, 2024)

NEW FEATURES:

  • Ephemeral resources: Ephemeral resources are read anew during each phase of Terraform evaluation, and cannot be persisted to state storage. Ephemeral resources always produce ephemeral values.
  • Ephemeral values: Input variables and outputs can now be defined as ephemeral. Ephemeral values may only be used in certain contexts in Terraform configuration, and are not persisted to the plan or state files.
    • ephemeralasnull function: a function takes a value of any type and returns a similar value of the same type with any ephemeral values replaced with non-ephemeral null values and all non-ephemeral values preserved.

BUG FIXES:

  • The secret_suffix in the kubernetes backend now includes validation to prevent errors when the secret_suffix ends with a number (#​35666).
  • The error message for an invalid default value for an input variable now indicates when the problem is with a nested value in a complex data type. (#​35465)
  • Sensitive marks could be incorrectly transferred to nested resource values, causing erroneous changes during a plan (#​35501)
  • Allow unknown error_message values to pass the core validate step, so variable validation can be completed later during plan
    (#​35537)
  • Unencoded slashes within GitHub module source refs were being truncated and incorrectly used as subdirectories in the request path (#​35552)
  • Terraform refresh-only plans with output only changes are now applyable. (#​35812)
  • Postconditions referencing self with many instances could encounter an error during evaluation (#​35895)
  • The plantimestamp() function would return an invalid date during validation (#​35902)
  • Updates to resources which were forced to use create_before_destroy could lose that flag in the state temporarily and cause cycles if immediately removed from the configuration (#​35966)
  • backend/cloud: Prefer KV tags, even when tags are defined as set (#​35937)
  • Simplify config generation (plan -generate-config-out) for string attributes that contain primitive types (e.g. numbers or booleans) (#​35984)
  • config: issensitive could incorrectly assert that an unknown value was not sensitive during plan, but later became sensitive during apply, causing failures where changes did not match the planned result (#​36012)
  • config: The evaluation of conditional expressions and for expression in HCL could lose marks with certain combinations of unknown values (#​36017)

ENHANCEMENTS:

  • The element function now accepts negative indices (#​35501)
  • Import block validation has been improved to provide more useful errors and catch more invalid cases during terraform validate (#​35543)
  • Performance enhancements for resource evaluation, especially when large numbers of resource instances are involved (#​35558)
  • The plan, apply, and refresh commands now produce a deprecated warning when using the -state flag. Instead use the path attribute within the local backend to modify the state file. (#​35660)
  • backend/cos: Add new auth for Tencent Cloud backend (#​35888)

UPGRADE NOTES:

  • backend/s3: Removes deprecated attributes for assuming IAM role. Must use the assume_role block (#​35721)
  • backend/s3: The s3 backend now supports S3 native state locking. When used with DynamoDB-based locking, locks will be acquired from both sources. In a future minor release of Terraform the DynamoDB locking mechanism and associated arguments will be deprecated. (#​35661)
  • moved: Moved blocks now respect reserved keywords when parsing resource addresses. Configurations that reference resources with type names that match top level blocks and keywords from moved blocks will need to prepend the resource. identifier to these references. (#​35850)
  • config: In order to ensure consistency in results from HCL conditional expressions, marks must be combined from all values within the expression to avoid losing mark information. This typically improves accuracy when validating configuration, but users may see sensitive results where they were lost previously.
Previous Releases

For information on prior major and minor releases, refer to their changelogs:

v1.9.8

Compare Source

1.9.8 (October 16, 2024)

BUG FIXES:

  • init: Highlight missing subdirectories of registry modules in error message (#​35848)
  • init: Prevent crash when loading provider_meta blocks with invalid names (#​35842)
  • config generation: Escape all invalid syntax in generate map keys with quotes (#​35837)
  • plan: also validate provider requirements from state (#​35864)

v1.9.7

Compare Source

1.9.7 (October 2, 2024)

BUG FIXES:

  • config generation: escape map keys with whitespaces (#​35754)

v1.9.6

Compare Source

1.9.6 (September 18, 2024)

BUG FIXES:

  • plan renderer: Render complete changes within unknown nested blocks. (#​35644)
  • plan renderer: Fix crash when attempting to render unknown nested blocks that contain attributes forcing resource replacement. (#​35644)
  • plan renderer: Fix crash when rendering a plan that contains null attributes being update to unknown values. (#​35709)

v1.9.5

Compare Source

1.9.5 (August 20, 2024)

ENHANCEMENTS:

  • cloud: The cloud block can now interact with workspaces that have HCP resource IDs. (#​35495)

BUG FIXES:

  • core: removed blocks with provisioners were not executed when the resource was in a nested module. (#​35611)

v1.9.4

Compare Source

1.9.4 (August 7, 2024)

BUG FIXES:

  • core: Unneeded variable validations were being executed during a destroy plan, which could cause plans starting with incomplete state to fail. (#​35511)
  • init: Don't crash when discovering invalid syntax in duplicate required_providers blocks. (#​35533)

v1.9.3

Compare Source

1.9.3 (July 24, 2024)

ENHANCEMENTS:

  • Terraform now returns a more specific error message in the awkward situation where an input variable validation rule is known to have failed (condition returned false) but the error message is derived from an unknown value. (#​35400)

BUG FIXES:

  • core: Terraform no longer performs an unnecessary refresh when removing an instance targeted by a removed block. (#​35458)
  • config generation: Fix validation error when using nested computed or deprecated attributes. (#​35484)
  • Updated to newer github.com/hashicorp/go-retryablehttp version, addressing CVE-2024-6104, and bringing in updates for several indirect dependencies. (#​35473)
  • Moved to building with Go 1.22.5, which addresses CVE-2024-24791 and several other non-security bugs. (#​35494)

v1.9.2

Compare Source

1.9.2 (July 10, 2024)

BUG FIXES:

  • core: Fix panic when self-referencing direct instances from count and for_each meta attributes. (#​35432)

v1.9.1

Compare Source

1.9.1 (July 3, 2024)

UPGRADE NOTES:

  • Library used by Terraform (hashicorp/go-getter) for installing/updating modules was upgraded from v1.7.4 to v1.7.5. This addresses CVE-2024-6257. This change may have a negative effect on performance of terraform init or terraform get in case of larger git repositories. Please do file an issue if you find the performance difference noticable. (#​35376)

BUG FIXES:

  • terraform test: Removed additional erroneous error message when referencing attributes that don't exist. (#​35408)
  • import blocks: Fix crash that occurs when incorrectly referencing the to resource from the id attribute. (#​35420)

v1.9.0

Compare Source

1.9.0 (June 26, 2024)

If you are upgrading from an earlier minor release, please refer to the Terraform v1.9 Upgrade Guide.

NEW FEATURES:

  • Input variable validation rules can refer to other objects: Previously input variable validation rules could refer only to the variable being validated. Now they are general expressions, similar to those elsewhere in a module, which can refer to other input variables and to other objects such as data resources.
  • templatestring function: a new built-in function which is similar to templatefile but designed to render templates obtained dynamically, such as from a data resource result.

ENHANCEMENTS:

  • terraform plan: Improved presentation of OPA and Sentinel policy evaluations in HCP Terraform remote runs, for logical separation.
  • terraform init now accepts a -json option. If specified, enables the machine readable JSON output. (#​34886)
  • terraform test: Test runs can now pass sensitive values to input variables while preserving their dynamic sensitivity. Previously sensitivity would be preserved only for variables statically declared as being sensitive, using sensitive = true. (#​35021)
  • config: Input variable validation rules can now refer to other objects in the same module. (#​34955)
  • config: templatestring function allows rendering a template provided as a string. (#​34968, #​35224, #​35285)
  • core: Performance improvement during graph building for configurations with an extremely large number of resource blocks. (#​35088)
  • built-in terraform provider: Allows moved block refactoring from the hashicorp/null provider null_resource resource type to the terraform_data resource type. (#​35163)
  • terraform output with cloud block: Terraform no longer suggests that data loss could occur when outputs are not available. (#​35143)
  • terraform console: Now has basic support for multi-line input in interactive mode. (#​34822)
    If an entered line contains opening parentheses/etc that are not closed, Terraform will await another line of input to complete the expression. This initial implementation is primarily intended to support pasting in multi-line expressions from elsewhere, rather than for manual multi-line editing, so the interactive editing support is currently limited.
  • cli: Reduced copying of state to improve performance with large numbers of resources. (#​35164)
  • removed blocks can now declare destroy-time provisioners which will be executed when the associated resource instances are destroyed. (#​35230)

BUG FIXES:

  • remote-exec provisioner: Each remote connection will now be closed immediately after use. (#​34137)
  • backend/s3: Fixed the digest value displayed for DynamoDB/S3 state checksum mismatches. (#​34387)
  • terraform test: Fix bug in which non-Hashicorp providers required by testing modules and initialised within the test files were assigned incorrect registry addresses. (#​35161)
  • config: The templatefile function no longer returns a "panic" error if the template file path is marked as sensitive. Instead, the template rendering result is also marked as sensitive. (#​35180)
  • config: import blocks which referenced resources in non-existent modules were silently ignored when they should have raised an error (#​35330)
  • terraform init: When selecting a version for a provider that has both positive and negative version constraints for the same prerelease -- e.g. 1.2.0-beta.1, !1.2.0-beta.1 -- the negative constraint will now overrule the positive, for consistency with how negative constraints are handled otherwise. Previously Terraform would incorrectly treat the positive as overriding the negative if the specified version was a prerelease. (#​35181)
  • import: import blocks could block a destroy operation if the target resource was already deleted (#​35272)
  • cli: plan output was missing blocks which were entirely unknown (#​35271)
  • cli: fix crash when running providers mirror with an incomplete lock file (#​35322)
  • core: Changing create_before_destroy when replacing an instance, then applying with -refresh=false would order the apply operations incorrectly (#​35261)
  • core: Resource addresses that start with the optional resource. prefix will now be correctly parsed when used as an address target. (#​35333)

UPGRADE NOTES:

  • terraform test: It is no longer valid to specify version constraints within provider blocks within .tftest.hcl files. Instead, version constraints must be supplied within the main configuration where the provider is in use.
  • import: Invalid import blocks pointing to nonexistent modules were mistakenly ignored in prior versions. These will need to be fixed or removed in v1.9.
Previous Releases

For information on prior major and minor releases, see their changelogs:

v1.8.5

Compare Source

1.8.5 (June 5, 2024)

BUG FIXES:

  • terraform test: Remove duplicate warning diagnostic when providing values for unknown variables in run blocks. (#​35172)

v1.8.4

Compare Source

1.8.4 (May 22, 2024)

BUG FIXES:

  • core: Fix exponential slowdown in some cases when modules are using depends_on. (#​35157)
  • import blocks: Fix bug where resources with nested, computed, and optional id attributes would fail to generate configuration. (#​35220)
  • Updated to new golang.org/x/net release, which addressed CVE-2023-45288 (#​35165)

v1.8.3

Compare Source

1.8.3 (May 8, 2024)

BUG FIXES:

  • terraform test: Providers configured within an overridden module could panic. (#​35110)
  • core: Fix crash when a provider incorrectly plans a nested object when the configuration is null (#​35090)

v1.8.2

Compare Source

1.8.2 (April 24, 2024)

BUG FIXES:

  • terraform apply: Prevent panic when a provider erroneously provides unknown values. (#​35048)
  • terraform plan: Replace panic with error message when self-referencing resources and data sources from the count and for_each meta attributes. (#​35047)
  • terraform test: Restore TF_ENV_* variables being made available to testing modules. (#​35014)
  • terraform test: Prevent crash when referencing local variables within overridden modules. (#​35030)

ENHANCEMENTS:

  • Improved performance by removing unneeded additional computation for a disabled experimental feature. (#​35066)

OTHER CHANGES:

  • Update all references to Terraform Cloud to refer to HCP Terraform, the service's new name. This only affects display text; the cloud block and environment variables like TF_CLOUD_ORGANIZATION remain unchanged. (#​35050)

NOTE:

Starting with this release, we are including a copy of our license file in all packaged versions of our releases, such as the release .zip files. If you are consuming these files directly and would prefer to extract the one terraform file instead of extracting everything, you need to add an extra argument specifying the file to extract, like this:

unzip terraform_1.8.2_linux_amd64.zip terraform

v1.8.1

Compare Source

1.8.1 (April 17, 2024)

BUG FIXES:

  • Fix crash in terraform plan when referencing a module output that does not exist within the try(...) function. (#​34985)
  • Fix crash in terraform apply when referencing a module with no planned changes. (#​34985)
  • moved block: Fix crash when move targets a module which no longer exists. (#​34986)
  • import block: Fix crash when generating configuration for resources with complex sensitive attributes. (#​34996)
  • Plan renderer: Correctly render strings that begin with JSON compatible text but don't end with it. (#​34959)

Configuration

📅 Schedule: Branch creation - "after 5am on friday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
Copy link

openshift-ci bot commented Nov 29, 2024

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: red-hat-konflux[bot]

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants