chore(deps): update dependency terraform to v1.10.3

[renovate]

This PR contains the following updates:

Package	Update	Change
terraform	minor	1.3.8 -> 1.10.3

---

Release Notes

hashicorp/terraform (terraform)

v1.10.3

Compare Source

1.10.3 (December 18, 2024)

BUG FIXES:

• Terraform could panic when encountering an error during plan encoding (#​36212)

v1.10.2

Compare Source

1.10.2 (December 11, 2024)

BUG FIXES:

• cli: variables in an auto-loaded tfvars file which were overridden during plan incorrectly show as changed during apply [GH-36180]

v1.10.1

Compare Source

1.10.1 (December 4, 2024)

BUG FIXES:

• cli: Complex variables values set via environment variables were parsed incorrectly during apply (#​36121)
• config: templatefile would panic if given and entirely unknown map of variables (#​36118)
• config: templatefile would panic if the variables map contains marked values (#​36127)
• config: Remove constraint that an expanded resource block must only be used in conjunction with imports using for_each (#​36119)
• backend/s3: Lock files could not be written to buckets with object locking enabled (#​36120)

v1.10.0

Compare Source

1.10.0 (November 27, 2024)

NEW FEATURES:

• Ephemeral resources: Ephemeral resources are read anew during each phase of Terraform evaluation, and cannot be persisted to state storage. Ephemeral resources always produce ephemeral values.
• Ephemeral values: Input variables and outputs can now be defined as ephemeral. Ephemeral values may only be used in certain contexts in Terraform configuration, and are not persisted to the plan or state files.
  • ephemeralasnull function: a function takes a value of any type and returns a similar value of the same type with any ephemeral values replaced with non-ephemeral null values and all non-ephemeral values preserved.

BUG FIXES:

• The secret_suffix in the kubernetes backend now includes validation to prevent errors when the secret_suffix ends with a number (#​35666).
• The error message for an invalid default value for an input variable now indicates when the problem is with a nested value in a complex data type. (#​35465)
• Sensitive marks could be incorrectly transferred to nested resource values, causing erroneous changes during a plan (#​35501)
• Allow unknown error_message values to pass the core validate step, so variable validation can be completed later during plan
  (#​35537)
• Unencoded slashes within GitHub module source refs were being truncated and incorrectly used as subdirectories in the request path (#​35552)
• Terraform refresh-only plans with output only changes are now applyable. (#​35812)
• Postconditions referencing self with many instances could encounter an error during evaluation (#​35895)
• The plantimestamp() function would return an invalid date during validation (#​35902)
• Updates to resources which were forced to use create_before_destroy could lose that flag in the state temporarily and cause cycles if immediately removed from the configuration (#​35966)
• backend/cloud: Prefer KV tags, even when tags are defined as set (#​35937)
• Simplify config generation (plan -generate-config-out) for string attributes that contain primitive types (e.g. numbers or booleans) (#​35984)
• config: issensitive could incorrectly assert that an unknown value was not sensitive during plan, but later became sensitive during apply, causing failures where changes did not match the planned result (#​36012)
• config: The evaluation of conditional expressions and for expression in HCL could lose marks with certain combinations of unknown values (#​36017)

ENHANCEMENTS:

• The element function now accepts negative indices (#​35501)
• Import block validation has been improved to provide more useful errors and catch more invalid cases during terraform validate (#​35543)
• Performance enhancements for resource evaluation, especially when large numbers of resource instances are involved (#​35558)
• The plan, apply, and refresh commands now produce a deprecated warning when using the -state flag. Instead use the path attribute within the local backend to modify the state file. (#​35660)
• backend/cos: Add new auth for Tencent Cloud backend (#​35888)

UPGRADE NOTES:

• backend/s3: Removes deprecated attributes for assuming IAM role. Must use the assume_role block (#​35721)
• backend/s3: The s3 backend now supports S3 native state locking. When used with DynamoDB-based locking, locks will be acquired from both sources. In a future minor release of Terraform the DynamoDB locking mechanism and associated arguments will be deprecated. (#​35661)
• moved: Moved blocks now respect reserved keywords when parsing resource addresses. Configurations that reference resources with type names that match top level blocks and keywords from moved blocks will need to prepend the resource. identifier to these references. (#​35850)
• config: In order to ensure consistency in results from HCL conditional expressions, marks must be combined from all values within the expression to avoid losing mark information. This typically improves accuracy when validating configuration, but users may see sensitive results where they were lost previously.

Previous Releases

For information on prior major and minor releases, refer to their changelogs:

• v1.9
• v1.8
• v1.7
• v1.6
• v1.5
• v1.4
• v1.3
• v1.2
• v1.1
• v1.0
• v0.15
• v0.14
• v0.13
• v0.12
• v0.11 and earlier

v1.9.8

Compare Source

1.9.8 (October 16, 2024)

BUG FIXES:

• init: Highlight missing subdirectories of registry modules in error message (#​35848)
• init: Prevent crash when loading provider_meta blocks with invalid names (#​35842)
• config generation: Escape all invalid syntax in generate map keys with quotes (#​35837)
• plan: also validate provider requirements from state (#​35864)

v1.9.7

Compare Source

1.9.7 (October 2, 2024)

BUG FIXES:

• config generation: escape map keys with whitespaces (#​35754)

v1.9.6

Compare Source

1.9.6 (September 18, 2024)

BUG FIXES:

• plan renderer: Render complete changes within unknown nested blocks. (#​35644)
• plan renderer: Fix crash when attempting to render unknown nested blocks that contain attributes forcing resource replacement. (#​35644)
• plan renderer: Fix crash when rendering a plan that contains null attributes being update to unknown values. (#​35709)

v1.9.5

Compare Source

1.9.5 (August 20, 2024)

ENHANCEMENTS:

• cloud: The cloud block can now interact with workspaces that have HCP resource IDs. (#​35495)

BUG FIXES:

• core: removed blocks with provisioners were not executed when the resource was in a nested module. (#​35611)

v1.9.4

Compare Source

1.9.4 (August 7, 2024)

BUG FIXES:

• core: Unneeded variable validations were being executed during a destroy plan, which could cause plans starting with incomplete state to fail. (#​35511)
• init: Don't crash when discovering invalid syntax in duplicate required_providers blocks. (#​35533)

v1.9.3

Compare Source

1.9.3 (July 24, 2024)

ENHANCEMENTS:

• Terraform now returns a more specific error message in the awkward situation where an input variable validation rule is known to have failed (condition returned false) but the error message is derived from an unknown value. (#​35400)

BUG FIXES:

• core: Terraform no longer performs an unnecessary refresh when removing an instance targeted by a removed block. (#​35458)
• config generation: Fix validation error when using nested computed or deprecated attributes. (#​35484)
• Updated to newer github.com/hashicorp/go-retryablehttp version, addressing CVE-2024-6104, and bringing in updates for several indirect dependencies. (#​35473)
• Moved to building with Go 1.22.5, which addresses CVE-2024-24791 and several other non-security bugs. (#​35494)

v1.9.2

Compare Source

1.9.2 (July 10, 2024)

BUG FIXES:

• core: Fix panic when self-referencing direct instances from count and for_each meta attributes. (#​35432)

v1.9.1

Compare Source

1.9.1 (July 3, 2024)

UPGRADE NOTES:

• Library used by Terraform (hashicorp/go-getter) for installing/updating modules was upgraded from v1.7.4 to v1.7.5. This addresses CVE-2024-6257. This change may have a negative effect on performance of terraform init or terraform get in case of larger git repositories. Please do file an issue if you find the performance difference noticable. (#​35376)

BUG FIXES:

• terraform test: Removed additional erroneous error message when referencing attributes that don't exist. (#​35408)
• import blocks: Fix crash that occurs when incorrectly referencing the to resource from the id attribute. (#​35420)

v1.9.0

Compare Source

1.9.0 (June 26, 2024)

If you are upgrading from an earlier minor release, please refer to the Terraform v1.9 Upgrade Guide.

NEW FEATURES:

• Input variable validation rules can refer to other objects: Previously input variable validation rules could refer only to the variable being validated. Now they are general expressions, similar to those elsewhere in a module, which can refer to other input variables and to other objects such as data resources.
• templatestring function: a new built-in function which is similar to templatefile but designed to render templates obtained dynamically, such as from a data resource result.

ENHANCEMENTS:

• terraform plan: Improved presentation of OPA and Sentinel policy evaluations in HCP Terraform remote runs, for logical separation.
• terraform init now accepts a -json option. If specified, enables the machine readable JSON output. (#​34886)
• terraform test: Test runs can now pass sensitive values to input variables while preserving their dynamic sensitivity. Previously sensitivity would be preserved only for variables statically declared as being sensitive, using sensitive = true. (#​35021)
• config: Input variable validation rules can now refer to other objects in the same module. (#​34955)
• config: templatestring function allows rendering a template provided as a string. (#​34968, #​35224, #​35285)
• core: Performance improvement during graph building for configurations with an extremely large number of resource blocks. (#​35088)
• built-in terraform provider: Allows moved block refactoring from the hashicorp/null provider null_resource resource type to the terraform_data resource type. (#​35163)
• terraform output with cloud block: Terraform no longer suggests that data loss could occur when outputs are not available. (#​35143)
• terraform console: Now has basic support for multi-line input in interactive mode. (#​34822)
  If an entered line contains opening parentheses/etc that are not closed, Terraform will await another line of input to complete the expression. This initial implementation is primarily intended to support pasting in multi-line expressions from elsewhere, rather than for manual multi-line editing, so the interactive editing support is currently limited.
• cli: Reduced copying of state to improve performance with large numbers of resources. (#​35164)
• removed blocks can now declare destroy-time provisioners which will be executed when the associated resource instances are destroyed. (#​35230)

BUG FIXES:

• remote-exec provisioner: Each remote connection will now be closed immediately after use. (#​34137)
• backend/s3: Fixed the digest value displayed for DynamoDB/S3 state checksum mismatches. (#​34387)
• terraform test: Fix bug in which non-Hashicorp providers required by testing modules and initialised within the test files were assigned incorrect registry addresses. (#​35161)
• config: The templatefile function no longer returns a "panic" error if the template file path is marked as sensitive. Instead, the template rendering result is also marked as sensitive. (#​35180)
• config: import blocks which referenced resources in non-existent modules were silently ignored when they should have raised an error (#​35330)
• terraform init: When selecting a version for a provider that has both positive and negative version constraints for the same prerelease -- e.g. 1.2.0-beta.1, !1.2.0-beta.1 -- the negative constraint will now overrule the positive, for consistency with how negative constraints are handled otherwise. Previously Terraform would incorrectly treat the positive as overriding the negative if the specified version was a prerelease. (#​35181)
• import: import blocks could block a destroy operation if the target resource was already deleted (#​35272)
• cli: plan output was missing blocks which were entirely unknown (#​35271)
• cli: fix crash when running providers mirror with an incomplete lock file (#​35322)
• core: Changing create_before_destroy when replacing an instance, then applying with -refresh=false would order the apply operations incorrectly (#​35261)
• core: Resource addresses that start with the optional resource. prefix will now be correctly parsed when used as an address target. (#​35333)

UPGRADE NOTES:

• terraform test: It is no longer valid to specify version constraints within provider blocks within .tftest.hcl files. Instead, version constraints must be supplied within the main configuration where the provider is in use.
• import: Invalid import blocks pointing to nonexistent modules were mistakenly ignored in prior versions. These will need to be fixed or removed in v1.9.

Previous Releases

For information on prior major and minor releases, see their changelogs:

• v1.8
• v1.7
• v1.6
• v1.5
• v1.4
• v1.3
• v1.2
• v1.1
• v1.0
• v0.15
• v0.14
• v0.13
• v0.12
• v0.11 and earlier

v1.8.5

Compare Source

1.8.5 (June 5, 2024)

BUG FIXES:

• terraform test: Remove duplicate warning diagnostic when providing values for unknown variables in run blocks. (#​35172)

v1.8.4

Compare Source

1.8.4 (May 22, 2024)

BUG FIXES:

• core: Fix exponential slowdown in some cases when modules are using depends_on. (#​35157)
• import blocks: Fix bug where resources with nested, computed, and optional id attributes would fail to generate configuration. (#​35220)
• Updated to new golang.org/x/net release, which addressed CVE-2023-45288 (#​35165)

v1.8.3

Compare Source

1.8.3 (May 8, 2024)

BUG FIXES:

• terraform test: Providers configured within an overridden module could panic. (#​35110)
• core: Fix crash when a provider incorrectly plans a nested object when the configuration is null (#​35090)

v1.8.2

Compare Source

1.8.2 (April 24, 2024)

BUG FIXES:

• terraform apply: Prevent panic when a provider erroneously provides unknown values. (#​35048)
• terraform plan: Replace panic with error message when self-referencing resources and data sources from the count and for_each meta attributes. (#​35047)
• terraform test: Restore TF_ENV_* variables being made available to testing modules. (#​35014)
• terraform test: Prevent crash when referencing local variables within overridden modules. (#​35030)

ENHANCEMENTS:

• Improved performance by removing unneeded additional computation for a disabled experimental feature. (#​35066)

OTHER CHANGES:

• Update all references to Terraform Cloud to refer to HCP Terraform, the service's new name. This only affects display text; the cloud block and environment variables like TF_CLOUD_ORGANIZATION remain unchanged. (#​35050)

NOTE:

Starting with this release, we are including a copy of our license file in all packaged versions of our releases, such as the release .zip files. If you are consuming these files directly and would prefer to extract the one terraform file instead of extracting everything, you need to add an extra argument specifying the file to extract, like this:

unzip terraform_1.8.2_linux_amd64.zip terraform

v1.8.1

Compare Source

1.8.1 (April 17, 2024)

BUG FIXES:

• Fix crash in terraform plan when referencing a module output that does not exist within the try(...) function. (#​34985)
• Fix crash in terraform apply when referencing a module with no planned changes. (#​34985)
• moved block: Fix crash when move targets a module which no longer exists. (#​34986)
• import block: Fix crash when generating configuration for resources with complex sensitive attributes. (#​34996)
• Plan renderer: Correctly render strings that begin with JSON compatible text but don't end with it. (#​34959)

v1.8.0

Compare Source

1.8.0 (April 10, 2024)

If you are upgrading from Terraform v1.7 or earlier, please refer to
the Terraform v1.8 Upgrade Guide.

NEW FEATURES:

• Providers can now offer functions which can be used from within the Terraform configuration language.

  The syntax for calling a provider-contributed function is provider::provider_name::function_name(). (#​34394)

• Providers can now transfer the ownership of a remote object between resources of different types, for situations where there are two different resource types that represent the same remote object type.

  This extends the moved block behavior to support moving between two resources of different types only if the provider for the target resource type declares that it can convert from the source resource type. Refer to provider documentation for details on which pairs of resource types are supported.

• New issensitive function returns true if the given value is marked as sensitive.

ENHANCEMENTS:

• terraform test: File-level variables can now refer to global variables. (#​34699)

• When generating configuration based on import blocks, Terraform will detect strings that contain valid JSON syntax and generate them as calls to the jsonencode function, rather than generating a single string. This is primarily motivated by readability, but might also be useful if you need to replace part of the literal value with an expression as you generalize your module beyond the one example used for importing.

• terraform plan now uses a different presentation for describing changes to lists where the old and new lists have the same length. It now compares the elements with correlated indices and shows a separate diff for each one, rather than trying to show a diff for the list as a whole. The behavior is unchanged for lists of different lengths.

• terraform providers lock accepts a new boolean option -enable-plugin-cache. If specified, and if a global plugin cache is configured, Terraform will use the cache in the provider lock process. (#​34632)

• built-in "terraform" provider: new decode_tfvars, encode_tfvars, and encode_expr functions, for unusual situations where it's helpful to manually generate or read from Terraform's "tfvars" format. (#​34718)

• terraform show's JSON rendering of a plan now includes two explicit flags "applyable" and "complete", which both summarize characteristics of a plan that were previously only inferrable by consumers replicating some of Terraform Core's own logic. (#​34642)

  "applyable" means that it makes sense for a wrapping automation to offer to apply this plan.

  "complete" means that applying this plan is expected to achieve convergence between desired and actual state. If this flag is present and set to false then wrapping automations should ideally encourage an operator to run another plan/apply round to continue making progress toward convergence.

BUG FIXES:

• core: Sensitive values will now be tracked more accurately in state and plans, preventing unexpected updates with no apparent changes. (#​34567)
• core: Fix incorrect error message when using in invalid iterator argument within a dynamic block. (#​34751)
• core: Fixed edge-case bug that could cause loss of floating point precision when round-tripping due to incorrectly using a MessagePack integer to represent a large non-integral number. (#​24576)
• config: Converting from an unknown map value to an object type now correctly handles the situation where the map element type disagrees with an optional attribute of the target type, since when a map value is unknown we don't yet know which keys it has and thus cannot predict what subset of the elements will get converted as attributes in the resulting object. (#​34756)
• cloud: Fixed unparsed color codes in policy failure error messages. (#​34473)

Previous Releases

For information on prior major and minor releases, see their changelogs:

• v1.7
• v1.6
• v1.5
• v1.4
• v1.3
• v1.2
• v1.1
• v1.0
• v0.15
• v0.14
• v0.13
• v0.12
• v0.11 and earlier

v1.7.5

Compare Source

1.7.5 (March 13, 2024)

BUG FIXES:

• backend/s3: When using s3 backend and encountering a network issue, the retry code would fail with "failed to rewind transport stream for retry". Now the retry should be successful. (#​34796)

v1.7.4

Compare Source

1.7.4 (February 21, 2024)

BUG FIXES:

• terraform test: Fix automatic loading of variable files within the test directory on windows platforms. (#​34666)
• plan renderer: Very large numbers (> 2^63) will no longer be truncated in the human-readable plan. (#​34702)

v1.7.3

Compare Source

1.7.3 (February 7, 2024)

BUG FIXES:

• terraform test: Fix crash when dynamic-typed attributes are not assigned values in mocks. (#​34610)
• provisioners/file: Fix panic when source is null. (#​34621)
• import: Throw helpful error message if an import block is configured with an empty ID (34625)

v1.7.2

Compare Source

1.7.2 (January 31, 2024)

BUG FIXES:

• backend/s3: No longer returns error when IAM user or role does not have access to the default workspace prefix env:. (#​34511)
• cloud: When triggering a run, the .terraform/modules directory was being excluded from the configuration upload causing Terraform Cloud to try (and sometimes fail) to re-download the modules. (#​34543)

ENHANCEMENTS:

• terraform fmt: Terraform mock data files (.tfmock.hcl) will now be included when executing the format command. (#​34580)
• Add additional diagnostics when a generated provider block that fails schema validation requires explicit configuration. (#​34595)

v1.7.1

Compare Source

1.7.1 (January 24, 2024)

BUG FIXES:

• terraform test: Fix crash when referencing variables or functions within the file level variables block. (#​34531)
• terraform test: Fix crash when override_module block was missing the outputs attribute. (#​34563)

v1.7.0

Compare Source

1.7.0 (January 17, 2024)

UPGRADE NOTES:

• Input validations are being restored to the state file in this version of Terraform. Due to a state interoperability issue (#​33770) in earlier versions, users that require interaction between different minor series should ensure they have upgraded to the following patches:

  • Users of Terraform prior to 1.3.0 are unaffected;
  • Terraform 1.3 series users should upgrade to 1.3.10;
  • Terraform 1.4 series users should upgrade to 1.4.7;
  • Terraform 1.5 series users should upgrade to 1.5.7;
  • Users of Terraform 1.6.0 and later are unaffected.
    This is important for users with terraform_remote_state data sources reading remote state across different versions of Terraform.

• nonsensitive function no longer raises an error when applied to a value that is already non-sensitive. (#​33856)

• terraform graph now produces a simplified graph describing only relationships between resources by default, for consistency with the granularity of information returned by other commands that emphasize resources as the main interesting object type and de-emphasize the other "glue" objects that connect them.

  The type of graph that earlier versions of Terraform produced by default is still available with explicit use of the -type=plan option, producing an approximation of the real dependency graph Terraform Core would use to construct a plan.

• terraform test: Simplify the ordering of destroy operations during test cleanup to simple reverse run block order. (#​34293)

• backend/s3: The use_legacy_workflow argument now defaults to false. The backend will now search for credentials in the same order as the default provider chain in the AWS SDKs and AWS CLI. To revert to the legacy credential provider chain ordering, set this value to true. This argument, and the ability to use the legacy workflow, is deprecated. To encourage consistency with the AWS SDKs, this argument will be removed in a future minor version.

NEW FEATURES:

• terraform test: Providers, modules, resources, and data sources can now be mocked during executions of terraform test. The following new blocks have been introduced within .tftest.hcl files:

  • mock_provider: Can replace provider instances with mocked providers, allowing tests to execute in command = apply mode without requiring a configured cloud provider account and credentials. Terraform will create fake resources for mocked providers and maintain them in state for the lifecycle of the given test file.
  • override_resource: Specific resources can be overridden so Terraform will create a fake resource with custom values instead of creating infrastructure for the overridden resource.
  • override_data: Specific data sources can be overridden so data can be imported into tests without requiring real infrastructure to be created externally first.
  • override_module: Specific modules can be overridden in their entirety to give greater control over the returned outputs without requiring in-depth knowledge of the module itself.

• removed block for refactoring modules: Module authors can now record in source code when a resource or module call has been removed from configuration, and can inform Terraform whether the corresponding object should be deleted or simply removed from state.

  This effectively provides a configuration-driven workflow to replace terraform state rm. Removing an object from state is a new type of action which is planned and applied like any other. The terraform state rm command will remain available for scenarios in which directly modifying the state file is appropriate.

BUG FIXES:

• Ignore potential remote terraform version mismatch when running force-unlock (#​28853)
• Exit Dockerfile build script early on cd failure. (#​34128)
• terraform test: Stop attempting to destroy run blocks that have no actual infrastructure to destroy. This fixes an issue where attempts to destroy "verification" run blocks that load only data sources would fail if the underlying infrastructure referenced by the run blocks had already been destroyed. (#​34331)
• terraform test: Improve error message for invalid run block names. (#​34469)
• terraform test: Fix bug where outputs in "empty" modules were not available to the assertions from Terraform test files. (#​34482)
• security: Upstream patch to mitigate the security advisory CVE-2023-48795, which potentially affects local-exec and file provisioners connecting to remote hosts using SSH. (#​34426)

ENHANCEMENTS:

• terraform test: Providers defined within test files can now reference variables from their configuration that are defined within the test file. (#​34069)
• terraform test: Providers defined within test files can now reference outputs from run blocks. (#​34118)
• terraform test: Terraform functions are now available within variables and provider blocks within test files. (#​34204)
• terraform test: Terraform will now load variables from any terraform.tfvars within the testing directory, and apply the variable values to tests within the same directory. (#​34341)
• terraform graph: Now produces a simplified resources-only graph by default. (#​34288)
• terraform console: Now supports a -plan option which allows evaluating expressions against the planned new state, rather than against the prior state. This provides a more complete set of values for use in console expressions, at the expense of a slower startup time due first calculating the plan. (#​34342)
• import: for_each can now be used to expand the import block to handle multiple resource instances (#​33932)
• If the proposed change for a resource instance is rejected either due to a postcondition block or a prevent_destroy setting, Terraform will now include that proposed change in the plan output alongside the relevant error, whereas before the error would replace the proposed change in the output. (#​34312)
• .terraformignore: improve performance when ignoring large directories (#​34400)

Previous Releases

For information on prior major and minor releases, see their changelogs:

• v1.6
• v1.5
• v1.4
• v1.3
• v1.2
• v1.1
• v1.0
• v0.15
• v0.14
• v0.13
• v0.12
• v0.11 and earlier

v1.6.6

Compare Source

1.6.6 (December 13, 2023)

BUG FIXES:

• terraform test: Stop attempting to destroy run blocks that have no actual infrastructure to destroy. This fixes an issue where attempts to destroy "verification" run blocks that load only data sources would fail if the underlying infrastructure referenced by the run blocks had already been destroyed. (#​34331)
• cloud: prevent running saved cloud plans in VCS-connected workspaces. Saved plans might be applied later, and VCS workspaces shouldn't apply configurations that don't come from their designated VCS branch.
• core: Unmanaged plugins (mainly used by provider acceptance testing) would not have a provider address set, preventing the caching of their schemas (#​34380)

v1.6.5

Compare Source

1.6.5 (November 29, 2023)

BUG FIXES:

• backend/s3: Fixes parsing errors in shared config and credentials files. (#​34313)
• backend/s3: Fixes error with AWS SSO when using FIPS endpoints. (#​34313)

v1.6.4

Compare Source

1.6.4 (November 15, 2023)

ENHANCEMENTS:

• backend/s3: Add the parameter endpoints.sso to allow overriding the AWS SSO API endpoint. (#​34195)

BUG FIXES:

• terraform test: Fix bug preventing passing sensitive output values from previous run blocks as inputs to future run blocks. (#​34190)
• backend/s3: Add https_proxy and no_proxy parameters to allow fully specifying proxy configuration (#​34243)

v1.6.3

Compare Source

1.6.3 (November 1, 2023)

ENHANCEMENTS:

• backend/s3: Adds the parameter skip_s3_checksum to allow users to disable checksum on S3 uploads for compatibility with "S3-compatible" APIs. (#​34127)

v1.6.2

Compare Source

1.6.2 (October 18, 2023)

BUG FIXES

• terraform test: Fix performance issues when using provisioners within configs being tested. (#​34026)
• terraform test: Only process and parse relevant variables for each run block. (#​34072)
• Fix occasional crash when destroying configurations with variables containing validations. (#​34101)
• Fix interoperability issues between v1.6 series and earlier series by removing variable validations from the state file (#​34058).
• cloud: Fixes panic when saving state in Terraform Cloud when certain types of API errors are returned (#​34074).
• config: Fix crash in conditional statements with certain combinations of unknown values. Improve handling of refined values into the conditional expression results (#​34096)
• config: Update HCL to fix bug when decoding objects with optional attributes (#​34108)
• backend/s3: Some configurations would require -reconfigure during each init when config was not decoded correctly (#​34108)

v1.6.1

Compare Source

1.6.1 (October 10, 2023)

ENHANCEMENTS:

• backend/s3: The skip_requesting_account_id argument supports AWS API implementations that do not have the IAM, STS, or metadata API. (#​34002)

BUG FIXES:

• config: Using sensitive values as one or both of the results of a conditional expression will no longer crash. [GH-33996]
• config: Conditional expression returning refined-non-null result will no longer crash. [GH-33996]
• cli: Reverted back to previous behavior of ignoring signing key expiration for provider installation, since it's the provider registry's responsibility to verify key validity at publication time. [GH-34004]
• cli: GIT_SSH_COMMAND is now preserved again when fetching modules from git source addresses. [GH-34045]
• cloud: The TF_WORKSPACE environment variable works with the cloud block again; it can specify a workspace when none is configured, or select an active workspace when the config specifies tags. [GH-34012]
• backend/s3: S3, DynamoDB, IAM, and STS endpoint parameters will no longer fail validation if the parsed scheme or hostname is empty. (#​34017)
• backend/s3: Providing a key alias to the kms_key_id argument will no longer fail validation. (#​33993)

v1.6.0

Compare Source

1.6.0 (October 4, 2023)

UPGRADE NOTES:

• On macOS, Terraform now requires macOS 10.15 Catalina or later; support for previous versions has been discontinued.
• On Windows, Terraform now requires at least Windows 10 or Windows Server 2016; support for previous versions has been discontinued.
• The S3 backend has a number of significant changes to its configuration format in this release, intended to match with recent changes in the hashicorp/aws provider:
  • Configuration settings related to assuming IAM roles now belong to a nested block assume_role. The top-level arguments role_arn, session_name, external_id, assume_role_duration_seconds, assume_role_policy_arns, assume_role_tags, and assume_role_transitive_tag_keys are all now deprecated in favor of the nested equivalents. (#​30495)
  • Configuration settings related to overriding the locations of AWS service endpoints used by the provider now belong to a nested block endpoints. The top-level arguments dynamodb_endpoint, iam_endpoint, endpoint (fir S3), and sts_endpoint are now deprecated in favor of the nested equivalents. (#​30492)
  • The backend now uses the following environment variables for overriding the default locations of AWS service endpoints used by the provider: AWS_ENDPOINT_URL_DYNAMODB, AWS_ENDPOINT_URL_IAM, AWS_ENDPOINT_URL_S3, and AWS_ENDPOINT_URL_STS. The old non-standard names for these environment variables are now deprecated: AWS_DYNAMODB_ENDPOINT, AWS_IAM_ENDPOINT, AWS_S3_ENDPOINT, and AWS_STS_ENDPOINT. (#​30479)
  • The singular shared_credentials_file argument is deprecated in favor of the plural shared_credentials_files.
  • The force_path_style argument is deprecated in favor of use_path_style for consistency with the AWS SDK. (#​30491)

NEW FEATURES:

• terraform test: The terraform test command is now generally available. This comes with a significant change to how tests are written and executed, based on feedback from the experimental phase.

  Terraform tests are written in .tftest.hcl files, containing a series of run blocks. Each run block executes a Terraform plan and optional apply against the Terraform configuration under test and can check conditions against the resulting plan and state.

ENHANCEMENTS:

• config: The import block id field now accepts expressions referring to other values such as resource attributes, as long as the value is a string known at plan time. (#​33618)

• Terraform Cloud integration: Remote plans on Terraform Cloud/Enterprise can now be saved using the -out option, viewed using terraform show, and applied using terraform apply with the saved plan filename. (#​33492)

• config: Terraform can now track some additional detail about values that won't be known until the apply step, such as the range of possible lengths for a collection or whether an unknown value can possibly be null.

• core: Provider schemas can now be cached globally for compatible providers, allowing them to be reused throughout core without requesting them for each new provider instance. This can significantly reduce memory usage when there are many instances of the same provider in a single configuration (#​33482)

  When this information is available, Terraform can potentially generate known results for some operations on unknown values. This doesn't mean that Terraform can immediately track that detail in all cases, but the type system now supports that and so over time we can improve the level of detail generated by built-in functions, language operators, Terraform providers, etc. (#​33234)

• config: The try and can functions can now return more precise and consistent results when faced with unknown arguments (#​33758)

• terraform show -json: Now includes errored property, indicating whether the planning process halted with an error. An errored plan is not applyable. (#​33372)

• core: Terraform will now skip requesting the (possibly very large) provider schema from providers which indicate during handshake that they don't require that for correct behavior, in situations where Terraform Core itself does not need the schema. (#​33486)

• backend/kubernetes: The Kubernetes backend is no longer limited to storing states below 1MiB in size, and can now scale by splitting state across multiple secrets. (#​29678)

• backend/s3: Various improvements for consistency with hashicorp/aws provider capabilities:

  • assume_role_with_web_identity nested block for assuming a role with dynamic credentials such as a JSON Web Token. (#​31244)
  • Now honors the standard AWS environment variables for credential and configuration files: AWS_CONFIG_FILE and AWS_SHARED_CREDENTIALS_FILE. (#​30493)
  • shared_config_files and shared_credentials_files arguments for specifying credential and configuration files as part of the backend configuration. (#​30493)
  • Internally the backend now uses AWS SDK for Go v2, which should address various other missing behaviors that are handled by the SDK rather than by Terraform itself. ([#​30443](https://redirect.github.com/hashi

---

Configuration

📅 Schedule: Branch creation - "every 2 weeks on Monday before 7am" in timezone Europe/Berlin, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.