* Add test coverage for `parseReattachProviders`

* Add unhappy path test cases to parseReattachProviders test

* Add `isProviderReattached` function, to help identify when a reattached provider is being used for PSS

* Move reattach config-related code into its own package

* Make calling code not need to know what the ENV is for reattach providers

* Refactor IsProviderReattached to use pre-existing logic

* Add test case, make spell check happy with US English

* Add headers

* Make calling code responsible for reading in the related ENV

* Add godoc comment to TF_REATTACH_PROVIDERS const

* Update internal/getproviders/reattach/reattach.go

…ired attrs (#37626)

* actions: improve handling of null config so we can properly report missing required arguments

There are various methods in terraform that will let you know if you are missing required attributes - none of which work with nil inputs. This commit changes the handling, passing in an empty object if the config was null, and adding additional context to the error message when the config block is missing.

…37653)

* actions: allow invoke only on local execution while TFC adds support

* actually return early

Handle `-help` usage in stacks plugin

docs(destroying): fix typos

We don't need to plan any actions during query plan mode.
Test stolen from DanielMSchmidt, thank you!

…he list block (#37620)

…als and resources (#37663)

* evaluate: return diagnostics instead of unknown for uninitialised locals and resources

* changelog

* also input variables

…r accessing a state store. (#37665)

* Add method to allow accessing factories from locks that are in memory

* Create new getStateStoreProviderFactory method for accessing a factory from config

* Update getStateStoreProviderFactory to use in memory locks instead of reading them from the deps lock file. Update calling code to accommodate this.

* Add tests for getStateStoreProviderFactory, improve errors returned from method

* Update test following schema change in simple providers

* Move test case into e2etest package, so we protect against environments where building binaries isn't possible

* Fix issues with running test in e2etest package

* Update code comments

Co-authored-by: Radek Simko <[email protected]>

---------

Co-authored-by: Radek Simko <[email protected]>

…ering resource

* Implement ReadStateBytes + WriteStateBytes

* [WIP] -  Testing ReadStateBytes and WriteStateBytes (#37464)

* Fix nil pointer error

* Add WIP test for ReadStateBytes

* Move test mock to separate testing file

* Update mock to send unexpected EOF when there's a problem returning data and it's not a true EOF

* Add test case for when length != expected length

* Add test for when trying to read state from a store type that doesn't exist

* Change symbol names to lowercase

* Add ability to force a diagnostic to be returned from `mockReadStateBytesClient`'s `Recv` method

* Add test showing error diagnostics raised by the ReadStateBytes client are returned

* Add missing header

* Simplify mock by using an embedded type

* Rename `mockOpts` to `mockReadStateBytesOpts`

* Update existing tests to assert what arguments are passed to the RPC method call

* Add mock WriteStateBytesClient which uses `go.uber.org/mock/gomock` to enable assertions about calls to Send

* Add a test for WriteStateBytes that makes assertions about calls to the Send method

* Update test case to explicitly test writing data smaller than the chunk size

* Implement chunking in WriteStateBytes, add test case to assert expected chunking behaviour

* Add generated mock for Provider_WriteStateBytesClient in protocol v6

* Update tests to use new `MockProvider_WriteStateBytesClient`, remove handwritten mock

* Update code comments in test

* Add tests for diagnostics and errors returned during WriteStateBytes

* Add generated mock for Provider_ReadStateBytesClient in protocol v6, replace old mock

* Add test case for grpc errors in ReadStateBytes, fix how error is returned

* Typo in comment

* Add missing warning test, rename some test cases

* Update proto file definition of Read/WriteStateBytes RPCs (#37529)

* Update Read/WriteStateBytes RPCs to match hashicorp/terraform-plugin-go#531

* Run `make protobuf`

* Run `make generate`

* Update use of `proto.ReadStateBytes_ResponseChunk` in tests

* Fix how diagnostics are handled alongside EOF error, update ReadStateBytes test

* More fixes - test setup was incorrect

I think? I assume that a response would be returned full of zero-values when EOF is encountered.

* WIP - avoid crash if chunk is nil

* Sarah's updates to radek/pss-read-write (#37642)

* Update code to not expect a chunk when EOF encountered

* Return early if any grpc errors are encountered during ReadStateBytes

* Close the stream with CloseSend once everything's read without error. Add test case about handling grpc errors from CloseSend.

* Fix test case about warnings: We would expect to receive a chunk with data alongside the warning and have a normal closing of the stream after EOF

* Add log line, remove unneeded type info

* Implement configurable state chunk size

* handle metadata in WriteStateBytes correctly

* validate chunk sizes received from provider

* ReadStateBytes: avoid early return on warnings

---------

Co-authored-by: Sarah French <[email protected]>

* Fix lack of protoc-gen-go-grpc

This appears to have been removed in https://github.com/hashicorp/terraform/pull/29492/files#diff-0329966ed7ce7286cfaf91161ac003af419cc566dd6420bb07670f9e4a389c81 accidentally following linting?

* Fix Args to include all arguments

The docs say "Args holds command line arguments, including the command as Args[0]."

* Add TODO for swapping to non-deprecated repo for protoc-gen-go

)

…of `github.com/golang/protobuf/protoc-gen-go` (#37685)

* Reformat Args in steps definitions

* Swap to using the new version of protoc-gen-go that doesn't include grpc support (instead it relies on protoc-gen-go-grpc).

Update command flags to reflect this change in tooling.

See this comment for explanation: golang/protobuf#1070 (comment)

* Run `make protobuf` with problem generate steps commented out.

* Use `require_unimplemented_servers=false` to minimise changes at the time of upgrading tooling

In future we can navigate the consequences of this in its own PR.

* WIP

* Fix out/opt typo, add remaining flags once terraform1.proto was being found ok

* Run `make protobuf`

* `go get google.golang.org/grpc/cmd/[email protected]` && `go mod tidy`

This version includes a feature that allows the copyright comment in the .proto file to be pulled across to generated _grpc.pb.go files.

* Run `make protobuf` with new version of protoc-gen-go-grpc that allows copyright comment to be copied to generated output files

* Potential fix for `internal/rpcapi/dynrpcserver/generator`

During the latest refactor, the wrong schema was fetched when generating
configuration from a list resource. Having the list resource schema
instead of the managed resource schema prevented the config generation
from matching the computed attributes within the state, causing them to
show up in the configuration.

It turns out the tests for this didn't have computed attributes, so the
accidental swap during refactoring didn't cause the tests to fail. A
small addition to the tests adding an `id` attribute picks the
regression.

turns out the invalid id attributes were captured in the command test,
so removing them caused that to fail too.

get correct schema when generating query config

…37650)

Fixed #37780

…nfiguration. (#37777)

* Pull determining of PSS provider's version from current locks into a separate method

* Add code for identifying when config and provider version match existing backend state (i.e. no changes)

* Update test - locks are now needed before it hits expected error diag return

* Add test showing successful init when no config changes are detected.

* Update `getStateStorageProviderVersion` to return nil versions for builtin and re-attached providers.

This makes comparison easier when determining if config has changed since last init.

* Add test coverage for `getStateStorageProviderVersion`

* Move testing fixtures around, preparing for different types of changed state_store config changes being tested

* Add test showing that changing the state_store config is detected as a change, but handling this scenario isn't implemented yet

* Update hashes in test fixture backend state file to be accurate

Previously dummy values were fine, but as tests using hashes to identify changes these values need to be accurate!

* Update existing test cases so that Terraform uses the same test provider version as described in the backend state file fixture for the test.

* Add test showing that changing the PSS provider's config is detected as a change, but handling this scenario isn't implemented yet

* Add test showing that swapping to a different state storage implementation in the same provider is detected as a change, but handling this scenario isn't implemented yet

* Add test showing that changing the provider used for PSS is detected as a change, but handling this scenario isn't implemented yet

* Add test showing that upgrading a provider is detected as a change, but handling this scenario isn't implemented yet

* Update test to use v1.2.3 for consistency with other tests

Just to avoid any confusion if copy-pasting happens in future.

* More corrections to existing test fixtures - unset config should be null, and replace dummy hash values with correct values.

* Fix test for using -reconfigure with state_store; the default workspace would already exist in this scenario

* Update TestInit_stateStore_configUnchanged to assert that init was a no-op for backend state

* Remove unused fixture

* Remove test that's replaced by new tests in command/init_test.go

* Replace old references to deleted "state-store-changed" test fixture & update test to not expect a value for region attr in provider config

* Make test fixture coupling a little more understandable

* Refactor detection of no need to migrate into a function

* Add TODO about more involved provider version change tests

We will allow downgrades to succeed as long as the schema version number is unchanged

* Update (configs.StateStore)Hash method to return a single hash that's impacted by: state store config, provider config, state store type, provider source

* Update calling code and test helper code to reflect that the nested provider block no longer has its own hash

* Remove test; there is now a single hash that SHOULD be affected by the provider block!

* Also use provider name, from config, in hash

* Update tests to reflect changes in how hashes are made

* Remove unused `stateStoreConfigNeedsMigration` function

* Remove duplicate isProviderReattached function.

* Fixes to affected tests

* Allow provider version to impact the state storage hash, update impacted tests and test fixtures

* Update tests that now require locks data to be present in test setup

* Update comment for accuracy

* Fixes to other test fixtures - remove excess hash field, set hash to 0 to indicate they're not set accurately.

* Make upgrade test actually use upgrade code path

* Add lock files to test fixture directories that represent a project that's had a successful prior init using PSS

…7793)

…plugin-go (#37647)

* Update protoc version in downloader script

* go get google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.5.1

This matched terraform-plugin-go

* make protobuf

* Run `make protobuf`

* Update generator to handle generic types from google.golang.org/grpc

Looks like this was added in v1.69.3 in grpc/grpc-go#7057 ?

* Run `make generate`

* Fix "cannot infer Res" compile error - more usage of generics

* More fixing compile errors due to switching to use of a generic

* Make putting `google.golang.org/grpc` import into generated files conditional

* Run `make generate`

* Update more places where generics now need to be used

* Update generator to handle any types from google.golang.org/grpc in same switch case.

…rting (#37800)

The CheckPrior function results validation did not take into account
unknown values, because unknown values were not originally allowed in
the plugin protocol from which this check was adapted.

The test is simple, in that we can just reverse the check which
originally didn't allow this change in value. Provider function return
values types are defined by the protocol, and should be validated at
that call site. The CheckPrior code paths should only be used for the
exact purpose of detecting invalid changes in the return value between
successive phases of execution.

filesystem functions, don't cache unknown function results

…7804)

* actions: remove unused variable
* fix minor comments and logged typos

* ephemerals: allow root ephemeral outputs in stacks and test

* remember to set new opt for apply stage

Once we have a resource instance we no longer need to have all possible
forceReplace addresses available within that instance. We can determine
immediately if the instance address is in the set if replacement
addresses. This avoids bugs caused by sharing the `-replace` flag
addresses across all resource nodes.

* testing: include file-level errors in JUnit skipped elements

Fixes #37801

* testing: use suite-level system-err for file errors

Don't carry all `-replace` addresses through to every instance

…7823)

…37856)

Bumps the github-actions-breaking group with 2 updates: [actions/upload-artifact](https://github.com/actions/upload-artifact) and [actions/download-artifact](https://github.com/actions/download-artifact).


Updates `actions/upload-artifact` from 4.6.2 to 5.0.0
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@ea165f8...330a01c)

Updates `actions/download-artifact` from 5.0.0 to 6.0.0
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](actions/download-artifact@634f93c...018cc2c)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: 5.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions-breaking
- dependency-name: actions/download-artifact
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions-breaking
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>