fix(deps)!: Update Terraform hashicorp/terraform to v1

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
hashicorp/terraform	required_version	major	~> 0.12.6 -> ~> 1.6.0

---

Release Notes

hashicorp/terraform (hashicorp/terraform)

v1.6.6

Compare Source

1.6.6 (December 13, 2023)

BUG FIXES:

• terraform test: Stop attempting to destroy run blocks that have no actual infrastructure to destroy. This fixes an issue where attempts to destroy "verification" run blocks that load only data sources would fail if the underlying infrastructure referenced by the run blocks had already been destroyed. (#​34331)
• cloud: prevent running saved cloud plans in VCS-connected workspaces. Saved plans might be applied later, and VCS workspaces shouldn't apply configurations that don't come from their designated VCS branch.
• core: Unmanaged plugins (mainly used by provider acceptance testing) would not have a provider address set, preventing the caching of their schemas (#​34380)

v1.6.5

Compare Source

1.6.5 (November 29, 2023)

BUG FIXES:

• backend/s3: Fixes parsing errors in shared config and credentials files. (#​34313)
• backend/s3: Fixes error with AWS SSO when using FIPS endpoints. (#​34313)

v1.6.4

Compare Source

1.6.4 (November 15, 2023)

ENHANCEMENTS:

• backend/s3: Add the parameter endpoints.sso to allow overriding the AWS SSO API endpoint. (#​34195)

BUG FIXES:

• terraform test: Fix bug preventing passing sensitive output values from previous run blocks as inputs to future run blocks. (#​34190)
• backend/s3: Add https_proxy and no_proxy parameters to allow fully specifying proxy configuration (#​34243)

v1.6.3

Compare Source

1.6.3 (November 1, 2023)

ENHANCEMENTS:

• backend/s3: Adds the parameter skip_s3_checksum to allow users to disable checksum on S3 uploads for compatibility with "S3-compatible" APIs. (#​34127)

v1.6.2

Compare Source

1.6.2 (October 18, 2023)

BUG FIXES

• terraform test: Fix performance issues when using provisioners within configs being tested. (#​34026)
• terraform test: Only process and parse relevant variables for each run block. (#​34072)
• Fix occasional crash when destroying configurations with variables containing validations. (#​34101)
• Fix interoperability issues between v1.6 series and earlier series by removing variable validations from the state file (#​34058).
• cloud: Fixes panic when saving state in Terraform Cloud when certain types of API errors are returned (#​34074).
• config: Fix crash in conditional statements with certain combinations of unknown values. Improve handling of refined values into the conditional expression results (#​34096)
• config: Update HCL to fix bug when decoding objects with optional attributes (#​34108)
• backend/s3: Some configurations would require -reconfigure during each init when config was not decoded correctly (#​34108)

v1.6.1

Compare Source

1.6.1 (October 10, 2023)

ENHANCEMENTS:

• backend/s3: The skip_requesting_account_id argument supports AWS API implementations that do not have the IAM, STS, or metadata API. (#​34002)

BUG FIXES:

• config: Using sensitive values as one or both of the results of a conditional expression will no longer crash. [GH-33996]
• config: Conditional expression returning refined-non-null result will no longer crash. [GH-33996]
• cli: Reverted back to previous behavior of ignoring signing key expiration for provider installation, since it's the provider registry's responsibility to verify key validity at publication time. [GH-34004]
• cli: GIT_SSH_COMMAND is now preserved again when fetching modules from git source addresses. [GH-34045]
• cloud: The TF_WORKSPACE environment variable works with the cloud block again; it can specify a workspace when none is configured, or select an active workspace when the config specifies tags. [GH-34012]
• backend/s3: S3, DynamoDB, IAM, and STS endpoint parameters will no longer fail validation if the parsed scheme or hostname is empty. (#​34017)
• backend/s3: Providing a key alias to the kms_key_id argument will no longer fail validation. (#​33993)

v1.6.0

Compare Source

1.6.0 (October 4, 2023)

UPGRADE NOTES:

• On macOS, Terraform now requires macOS 10.15 Catalina or later; support for previous versions has been discontinued.
• On Windows, Terraform now requires at least Windows 10 or Windows Server 2016; support for previous versions has been discontinued.
• The S3 backend has a number of significant changes to its configuration format in this release, intended to match with recent changes in the hashicorp/aws provider:
  • Configuration settings related to assuming IAM roles now belong to a nested block assume_role. The top-level arguments role_arn, session_name, external_id, assume_role_duration_seconds, assume_role_policy_arns, assume_role_tags, and assume_role_transitive_tag_keys are all now deprecated in favor of the nested equivalents. (#​30495)
  • Configuration settings related to overriding the locations of AWS service endpoints used by the provider now belong to a nested block endpoints. The top-level arguments dynamodb_endpoint, iam_endpoint, endpoint (fir S3), and sts_endpoint are now deprecated in favor of the nested equivalents. (#​30492)
  • The backend now uses the following environment variables for overriding the default locations of AWS service endpoints used by the provider: AWS_ENDPOINT_URL_DYNAMODB, AWS_ENDPOINT_URL_IAM, AWS_ENDPOINT_URL_S3, and AWS_ENDPOINT_URL_STS. The old non-standard names for these environment variables are now deprecated: AWS_DYNAMODB_ENDPOINT, AWS_IAM_ENDPOINT, AWS_S3_ENDPOINT, and AWS_STS_ENDPOINT. (#​30479)
  • The singular shared_credentials_file argument is deprecated in favor of the plural shared_credentials_files.
  • The force_path_style argument is deprecated in favor of use_path_style for consistency with the AWS SDK. (#​30491)

NEW FEATURES:

• terraform test: The terraform test command is now generally available. This comes with a significant change to how tests are written and executed, based on feedback from the experimental phase.

  Terraform tests are written in .tftest.hcl files, containing a series of run blocks. Each run block executes a Terraform plan and optional apply against the Terraform configuration under test and can check conditions against the resulting plan and state.

ENHANCEMENTS:

• config: The import block id field now accepts expressions referring to other values such as resource attributes, as long as the value is a string known at plan time. (#​33618)

• Terraform Cloud integration: Remote plans on Terraform Cloud/Enterprise can now be saved using the -out option, viewed using terraform show, and applied using terraform apply with the saved plan filename. (#​33492)

• config: Terraform can now track some additional detail about values that won't be known until the apply step, such as the range of possible lengths for a collection or whether an unknown value can possibly be null.

• core: Provider schemas can now be cached globally for compatible providers, allowing them to be reused throughout core without requesting them for each new provider instance. This can significantly reduce memory usage when there are many instances of the same provider in a single configuration (#​33482)

  When this information is available, Terraform can potentially generate known results for some operations on unknown values. This doesn't mean that Terraform can immediately track that detail in all cases, but the type system now supports that and so over time we can improve the level of detail generated by built-in functions, language operators, Terraform providers, etc. (#​33234)

• config: The try and can functions can now return more precise and consistent results when faced with unknown arguments (#​33758)

• terraform show -json: Now includes errored property, indicating whether the planning process halted with an error. An errored plan is not applyable. (#​33372)

• core: Terraform will now skip requesting the (possibly very large) provider schema from providers which indicate during handshake that they don't require that for correct behavior, in situations where Terraform Core itself does not need the schema. (#​33486)

• backend/kubernetes: The Kubernetes backend is no longer limited to storing states below 1MiB in size, and can now scale by splitting state across multiple secrets. (#​29678)

• backend/s3: Various improvements for consistency with hashicorp/aws provider capabilities:

  • assume_role_with_web_identity nested block for assuming a role with dynamic credentials such as a JSON Web Token. (#​31244)
  • Now honors the standard AWS environment variables for credential and configuration files: AWS_CONFIG_FILE and AWS_SHARED_CREDENTIALS_FILE. (#​30493)
  • shared_config_files and shared_credentials_files arguments for specifying credential and configuration files as part of the backend configuration. (#​30493)
  • Internally the backend now uses AWS SDK for Go v2, which should address various other missing behaviors that are handled by the SDK rather than by Terraform itself. (#​30443)
  • custom_ca_bundle argument and support for the corresponding AWS environment variable, AWS_CA_BUNDLE, for providing custom root and intermediate certificates. (#​33689)
  • ec2_metadata_service_endpoint and ec2_metadata_service_endpoint_mode arguments and support for the corresponding AWS environment variables, AWS_EC2_METADATA_SERVICE_ENDPOINT and AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE for setting the EC2 metadata service (IMDS) endpoint. The environment variable AWS_METADATA_URL is also supported for compatibility with the AWS provider, but is deprecated. (#​30444)
  • http_proxy, insecure, use_fips_endpoint, and use_dualstack_endpoint arguments and support for the corresponding environment variables, HTTP_PROXY and HTTPS_PROXY, which enable custom HTTP proxy configurations and the resolution of AWS endpoints with extended capabilities. (#​30496)
  • sts_region argument to use an alternative region for STS operations. (#​33693)
  • retry_mode argument and support for the corresponding AWS_RETRY_MODE environment variable to configure how retries are attempted. (#​33692)
  • allowed_account_ids and forbidden_account_ids arguments to prevent unintended modifications to specified environments. (#​33688)

• backend/cos: Support custom HTTP(S) endpoint and root domain for the API client. (#​33656)

BUG FIXES:

• core: Transitive dependencies were lost during apply when the referenced resource expanded into zero instances. (#​33403)
• cli: Terraform will no longer override SSH settings in local git configuration when installing modules. (#​33592)
• terraform built-in provider: The upstream dependency that Terraform uses for service discovery of Terraform-native services such as Terraform Cloud/Enterprise state storage was previously not concurrency-safe, but Terraform was treating it as if it was in situations like when a configuration has multiple terraform_remote_state blocks all using the "remote" backend. Terraform is now using a newer version of that library which updates its internal caches in a concurrency-safe way. (#​33364)
• terraform init: Terraform will no longer allow downloading remote modules to invalid paths. (#​33745)
• Ignore potential remote terraform version mismatch when running force-unlock (#​28853)
• cloud: Fixed a bug that would prevent nested symlinks from being dereferenced into the config sent to Terraform Cloud (#​31895)
• cloud: state snapshots could not be disabled when header x-terraform-snapshot-interval is absent (#​33820)

Previous Releases

For information on prior major and minor releases, see their changelogs:

• v1.5
• v1.4
• v1.3
• v1.2
• v1.1
• v1.0
• v0.15
• v0.14
• v0.13
• v0.12
• v0.11 and earlier

v1.5.7

Compare Source

1.5.7 (September 7, 2023)

BUG FIXES:

• terraform init: Terraform will no longer allow downloading remote modules to invalid paths. (#​33745)
• terraform_remote_state: prevent future possible incompatibility with states which include unknown check block result kinds. (#​33818)

v1.5.6

Compare Source

1.5.6 (August 23, 2023)

BUG FIXES:

• terraform_remote_state: Fixed a potential unsafe read panic when reading from multiple terraform_remote_state data sources (#​33333)

v1.5.5

Compare Source

1.5.5 (August 9, 2023)

• terraform init: Fix crash when using invalid configuration in backend blocks. (#​33628)

v1.5.4

Compare Source

1.5.4 (July 26, 2023)

BUG FIXES:

• check blocks: Fixes crash when nested data sources are within configuration targeted by the terraform import command. (#​33578)
• check blocks: Check blocks now operate in line with other checkable objects by also executing during import operations. (#​33578)

v1.5.3

Compare Source

1.5.3 (July 12, 2023)

BUG FIXES:

• core: Terraform could fail to evaluate module outputs when they are used in a provider configuration during a destroy operation (#​33462)
• backend/consul: When failing to save state, consul CAS failed with transaction errors no longer shows an error instance memory address, but an actual error message. (#​33108)
• plan renderer: Fixes crash when rendering the plan if a relevant attribute contains an integer index specified as a string. (#​33475)

v1.5.2

Compare Source

1.5.2 (June 28, 2023)

BUG FIXES:

• configs: Multiple import blocks with the same id string no longer result in a validation error (#​33434)

v1.5.1

Compare Source

1.5.1 (June 21, 2023)

BUG FIXES:

• core: plan validation would fail for providers using nested set attributes with computed object attribute (#​33377)

v1.5.0

Compare Source

1.5.0 (June 12, 2023)

NEW FEATURES:

• check blocks for validating infrastructure: Module and configuration authors can now write independent check blocks within their configuration to validate assertions about their infrastructure.

  The new independent check blocks must specify at least one assert block, but possibly many, each one with a condition expression and an error_message expression matching the existing Custom Condition Checks.
  Additionally, check blocks can optionally load a scoped data source. Scoped data sources match the existing data sources with the exception that they can only be referenced from within their check block.

  Unlike the existing precondition and postcondition blocks, Terraform will not halt execution should the scoped data block fail or error or if any of the assertions fail.
  This allows practitioners to continually validate the state of their infrastructure outside the usual lifecycle management cycle.

• import blocks for importing infrastructure: Root module authors can now use the import block to declare their intent that Terraform adopt an existing resource.

  Import is now a configuration-driven, plannable action, and is processed as part of a normal plan. Running terraform plan will show a summary of the resources that Terraform has planned to import, along with any other plan changes.

  The existing terraform import CLI command has not been modified.

  This is an early version of the import block feature, for which we are actively seeking user feedback to shape future development. The import block currently does not support interpolation in the id field, which must be a string.

• Generating configuration for imported resources: in conjunction with the import block, this feature enables easy templating of configuration when importing existing resources into Terraform. A new flag -generate-config-out=PATH is added to terraform plan. When this flag is set, Terraform will generate HCL configuration for any resource included in an import block that does not already have associated configuration, and write it to a new file at PATH. Before applying, review the generated configuration and edit it as necessary.

• Adds a new plantimestamp function that returns the timestamp at plan time. This is similar to the timestamp function which returns the timestamp at apply time (#​32980).

• Adds a new strcontains function that checks whether a given string contains a given substring. (#​33069)

UPGRADE NOTES:

• This is the last version of Terraform for which macOS 10.13 High Sierra or 10.14 Mojave are officially supported. Future Terraform versions may not function correctly on these older versions of macOS.

• This is the last version of Terraform for which Windows 7, 8, Server 2008, and Server 2012 are supported by Terraform's main implementation language, Go. We already ended explicit support for versions earlier than Windows 10 in Terraform v0.15.0, but future Terraform versions may malfunction in more significant ways on these older Windows versions.

• On Linux (and some other non-macOS Unix platforms we don't officially support), Terraform will now notice the trust-ad option in /etc/resolv.conf and, if set, will set the "authentic data" option in outgoing DNS requests in order to better match the behavior of the GNU libc resolver.

  Terraform does not pay any attention to the corresponding option in responses, but some DNSSEC-aware recursive resolvers return different responses when the request option isn't set. This should therefore avoid some potential situations where a DNS request from Terraform might get a different response than a similar request from other software on your system.

ENHANCEMENTS:

• Terraform CLI's local operations mode will now attempt to persist state snapshots to the state storage backend periodically during the apply step, thereby reducing the window for lost data if the Terraform process is aborted unexpectedly. (#​32680)
• If Terraform CLI receives SIGINT (or its equivalent on non-Unix platforms) during the apply step then it will immediately try to persist the latest state snapshot to the state storage backend, with the assumption that a graceful shutdown request often typically followed by a hard abort some time later if the graceful shutdown doesn't complete fast enough. (#​32680)
• pg backend: Now supports the PG_CONN_STR, PG_SCHEMA_NAME, PG_SKIP_SCHEMA_CREATION, PG_SKIP_TABLE_CREATION and PG_SKIP_INDEX_CREATION environment variables. (#​33045)

BUG FIXES:

• terraform init: Fixed crash with invalid blank module name. (#​32781)
• moved blocks: Fixed a typo in the error message that Terraform raises when you use -target to exclude an object that has been moved. (#​33149)

Previous Releases

For information on prior major and minor releases, see their changelogs:

• v1.4
• v1.3
• v1.2
• v1.1
• v1.0
• v0.15
• v0.14
• v0.13
• v0.12
• v0.11 and earlier

v1.4.7

Compare Source

1.4.7 (September 13, 2023)

BUG FIXES:

• terraform_remote_state: fix incompatibility with states produced by Terraform 1.5 or later which include check block results. (#​33814)

v1.4.6

Compare Source

1.4.6 (April 26, 2023)

BUG FIXES

• Fix bug when rendering plans that include null strings. (#​33029)
• Fix bug when rendering plans that include unknown values in maps. (#​33029)
• Fix bug where the plan would render twice when using older versions of TFE as a backend. (#​33018)
• Fix bug where sensitive and unknown metadata was not being propagated to dynamic types while rendering plans. (#​33057)
• Fix bug where sensitive metadata from the schema was not being included in the terraform show -json output. (#​33059)
• Fix bug where computed attributes were not being rendered with the # forces replacement suffix. (#​33065)

v1.4.5

Compare Source

1.4.5 (April 12, 2023)

• Revert change from [#​32892] due to an upstream crash.
• Fix planned destroy value which would cause terraform_data to fail when being replaced with create_before_destroy (#​32988)

v1.4.4

Compare Source

1.4.4 (March 30, 2023)

Due to an incident while migrating build systems for the 1.4.3 release where
CGO_ENABLED=0 was not set, we are rebuilding that version as 1.4.4 with the
flag set. No other changes have been made between 1.4.3 and 1.4.4.

v1.4.3

Compare Source

1.4.3 (March 30, 2023)

BUG FIXES:

• Prevent sensitive values in non-root module outputs from marking the entire output as sensitive [GH-32891]
• Fix the handling of planned data source objects when storing a failed plan [GH-32876]
• Don't fail during plan generation when targeting prevents resources with schema changes from performing a state upgrade [GH-32900]
• Skip planned changes in sensitive marks when the changed attribute is discarded by the provider [GH-32892]

v1.4.2

Compare Source

1.4.2 (March 16, 2023)

BUG FIXES:

• Fix bug in which certain uses of setproduct caused Terraform to crash (#​32860)
• Fix bug in which some provider plans were not being calculated correctly, leading to an "invalid plan" error (#​32860)

v1.4.1

Compare Source

1.4.1 (March 15, 2023)

BUG FIXES:

• Enables overriding modules that have the depends_on attribute set, while still preventing the depends_on attribute itself from being overridden. (#​32796)
• terraform providers mirror: when a dependency lock file is present, mirror the resolved providers versions, not the latest available based on configuration. (#​32749)
• Fixed module downloads from S3 URLs when using AWS IAM roles for service accounts (IRSA). (#​32700)
• hcl: Fix a crash in Terraform when attempting to apply defaults into an incompatible type. (#​32775)
• Prevent panic when creating a plan which errors before the planning process has begun. (#​32818)
• Fix the plan renderer skipping the "no changes" messages when there are no-op outputs within the plan. (#​32820)
• Prevent panic when rendering null nested primitive values in a state output. (#​32840)
• Warn when an invalid path is specified in TF_CLI_CONFIG_FILE (#​32846)

v1.4.0

Compare Source

1.4.0 (March 08, 2023)

UPGRADE NOTES:

• config: The textencodebase64 function when called with encoding "GB18030" will now encode the euro symbol € as the two-byte sequence 0xA2,0xE3, as required by the GB18030 standard, before applying base64 encoding.

• config: The textencodebase64 function when called with encoding "GBK" or "CP936" will now encode the euro symbol € as the single byte 0x80 before applying base64 encoding. This matches the behavior of the Windows API when encoding to this Windows-specific character encoding.

• terraform init: When interpreting the hostname portion of a provider source address or the address of a module in a module registry, Terraform will now use non-transitional IDNA2008 mapping rules instead of the transitional mapping rules previously used.

  This matches a change to the WHATWG URL spec's rules for interpreting non-ASCII domain names which is being gradually adopted by web browsers. Terraform aims to follow the interpretation of hostnames used by web browsers for consistency. For some hostnames containing non-ASCII characters this may cause Terraform to now request a different "punycode" hostname when resolving.

• terraform init will now ignore entries in the optional global provider cache directory unless they match a checksum already tracked in the current configuration's dependency lock file. This therefore avoids the long-standing problem that when installing a new provider for the first time from the cache we can't determine the full set of checksums to include in the lock file. Once the lock file has been updated to include a checksum covering the item in the global cache, Terraform will then use the cache entry for subsequent installation of the same provider package. There is an interim CLI configuration opt-out for those who rely on the previous incorrect behavior. (#​32129)

• The Terraform plan renderer has been completely rewritten to aid with future Terraform Cloud integration. Users should not see any material change in the plan output between 1.3 and 1.4. If you notice any significant differences, or if Terraform fails to plan successfully due to rendering problems, please open a bug report issue.

BUG FIXES:

• The module installer will now record in its manifest a correct module source URL after normalization when the URL given as input contains both a query string portion and a subdirectory portion. Terraform itself doesn't currently make use of this information and so this is just a cosmetic fix to make the recorded metadata more correct. (#​31636)
• config: The yamldecode function now correctly handles entirely-nil YAML documents. Previously it would incorrectly return an unknown value instead of a null value. It will now return a null value as documented. (#​32151)
• Ensure correct ordering between data sources and the deletion of managed resource dependencies. (#​32209)
• Fix Terraform creating objects that should not exist in variables that specify default attributes in optional objects. (#​32178)
• Fix several Terraform crashes that are caused by HCL creating objects that should not exist in variables that specify default attributes in optional objects within collections. (#​32178)
• Fix inconsistent behaviour in empty vs null collections. (#​32178)
• terraform workspace now returns a non-zero exit when given an invalid argument (#​31318)
• Terraform would always plan changes when using a nested set attribute (#​32536)
• Terraform can now better detect when complex optional+computed object attributes are removed from configuration (#​32551)
• A new methodology for planning set elements can now better detect optional+computed changes within sets (#​32563)
• Fix state locking and releasing messages when in -json mode, messages will now be written in JSON format (#​32451)

ENHANCEMENTS:

• terraform plan can now store a plan file even when encountering errors, which can later be inspected to help identify the source of the failures (#​32395)
• terraform_data is a new builtin managed resource type, which can replace the use of null_resource, and can store data of any type (#​31757)
• terraform init will now ignore entries in the optional global provider cache directory unless they match a checksum already tracked in the current configuration's dependency lock file. This therefore avoids the long-standing problem that when installing a new provider for the first time from the cache we can't determine the full set of checksums to include in the lock file. Once the lock file has been updated to include a checksum covering the item in the global cache, Terraform will then use the cache entry for subsequent installation of the same provider package. There is an interim CLI configuration opt-out for those who rely on the previous incorrect behavior. (#​32129)
• Interactive input for sensitive variables is now masked in the UI (#​29520)
• A new -or-create flag was added to terraform workspace select, to aid in creating workspaces in automated situations (#​31633)
• A new command was added for exporting Terraform function signatures in machine-readable format: terraform metadata functions -json (#​32487)
• The "Failed to install provider" error message now includes the reason a provider could not be installed. (#​31898)
• backend/gcs: Add kms_encryption_key argument, to allow encryption of state files using Cloud KMS keys. (#​24967)
• backend/gcs: Add storage_custom_endpoint argument, to allow communication with the backend via a Private Service Connect endpoint. (#​28856)
• backend/gcs: Update documentation for usage of gcs with terraform_remote_state (#​32065)
• backend/gcs: Update storage package to v1.28.0 (#​29656)
• When removing a workspace from the cloud backend terraform workspace delete will use Terraform Cloud's Safe Delete API if the -force flag is not provided. (#​31949)
• backend/oss: More robustly handle endpoint retrieval error (#​32295)
• local-exec provisioner: Added quiet argument. If quiet is set to true, Terraform will not print the entire command to stdout during plan. (#​32116)
• backend/http: Add support for mTLS authentication. (#​31699)
• cloud: Add support for using the generic hostname localterraform.com in module and provider sources as a substitute for the currently configured cloud backend hostname. This enhancement was also applied to the remote backend.
• terraform show will now print an explanation when called on a Terraform workspace with empty state detailing why no resources are shown. (#​32629)
• backend/gcs: Added support for GOOGLE_BACKEND_IMPERSONATE_SERVICE_ACCOUNT env var to allow impersonating a different service account when GOOGLE_IMPERSONATE_SERVICE_ACCOUNT is configured for the GCP provider. (#​32557)
• backend/cos: Add support for the assume_role authentication method with the tencentcloud provider. This can be configured via the Terraform config or environment variables.
• backend/cos: Add support for the security_token authentication method with the tencentcloud provider. This can be configured via the Terraform config or environment variables.

EXPERIMENTS:

• Since its introduction the yamlencode function's documentation carried a warning that it was experimental. This predated our more formalized idea of language experiments and so wasn't guarded by an explicit opt-in, but the intention was to allow for small adjustments to its behavior if we learned it was producing invalid YAML in some cases, due to the relative complexity of the YAML specification.

  From Terraform v1.4 onwards, yamlencode is no longer documented as experimental and is now subject to the Terraform v1.x Compatibility Promises. There are no changes to its previous behavior in v1.3 and so no special action is required when upgrading.

v1.3.10

Compare Source

1.3.10 (September 13, 2023)

BUG FIXES:

• terraform_remote_state: fix incompatibility with states produced by Terraform 1.5 or later which include check block results. (#​33813)

v1.3.9

Compare Source

1.3.9 (February 15, 2023)

BUG FIXES:

• Fix crash when planning to remove already-deposed resource instances. (#​32663)

v1.3.8

Compare Source

1.3.8 (February 09, 2023)

BUG FIXES:

• Fixed a rare bug causing inaccurate before_sensitive / after_sensitive annotations in JSON plan output for deeply nested structures. This was only observed in the wild on the rancher/rancher2 provider, and resulted in glitched display in Terraform Cloud's structured plan log view. (#​32543)
• A variable only referenced by an output precondition error_message may be missing during evaluation (#​32464)
• Removing a NestingSingle block from configuration results in an invalid plan (#​32463)
• Null module outputs could be dropped, causing evaluation errors when referring to those module attributes (#​32583)
• Fix terraform crash when applying defaults into a collection with dynamic type constraint. (#​32454)
• Updated to newer github.com/mitchellh/cli version, in turn bringing in updates for several indirect dependencies with known security issues. (#​32609)
• Fix case where the first plan to use a new remote state could be applied twice, corrupting the state (#​32614)

v1.3.7

Compare Source

1.3.7 (January 04, 2023)

BUG FIXES:

• Fix exact version constraint parsing for modules using prerelease versions (#​32377)
• Prevent panic when a provider returns a null block value during refresh which is used as configuration via ignore_changes (#​32428)

v1.3.6

Compare Source

1.3.6 (November 30, 2022)

BUG FIXES:

• Terraform could crash if an orphaned resource instance was deleted externally and had condition checks in the configuration (#​32246)
• Module output changes were being removed and re-added to the stored plan, impacting performance with large numbers of outputs (#​32307)

v1.3.5

Compare Source

1.3.5 (November 17, 2022)

BUG FIXES:

• Prevent crash while serializing the plan for an empty destroy operation (#​32207)
• Allow a destroy plan to refresh instances while taking into account that some may no longer exist (#​32208)
• Fix Terraform creating objects that should not exist in variables that specify default attributes in optional objects. (#​32178)
• Fix several Terraform crashes that are caused by HCL creating objects that should not exist in variables that specify default attributes in optional objects within collections. (#​32178)
• Fix inconsistent behaviour in empty vs null collections. (#​32178)
• Prevent file uploads from creating unneeded temporary files when the payload size is known (#​32206)
• Nested attributes marked sensitive by schema no longer reveal sub-attributes in the plan diff (#​32004)
• Nested attributes now more consistently display when they become unknown or null values in the plan diff (#​32004)
• Sensitive values are now always displayed as (sensitive value) instead of sometimes as (sensitive) [GH32004]

v1.3.4

Compare Source

1.3.4 (November 02, 2022)

BUG FIXES:

• Fix invalid refresh-only plan caused by data sources being deferred to apply (#​32111)
• Optimize the handling of condition checks during apply to prevent performance regressions with large numbers of instances (#​32123)
• Output preconditions should not be evaluated during destroy (#​32051)
• Fix crash from console when outputs contain preconditions (#​32051)
• Destroy with no state would still attempt to evaluate some values (#​32051)
• Prevent unnecessary evaluation and planning of resources during the pre-destroy refresh (#​32051)
• AzureRM Backend: support for generic OIDC authentication via the oidc_token and oidc_token_file_path properties (#​31966)
• Input and Module Variables: Convert variable types before attempting to apply default values. (#​32027)
• When installing remote module packages delivered in tar format, Terraform now limits the tar header block size to 1MiB to avoid unbounded memory usage for maliciously-crafted module packages. (#​32135)
• Terraform will now reject excessively-complex regular expression patterns passed to the regex, regexall, and replace functions, to avoid unbounded memory usage for maliciously-crafted patterns. This change should not affect any reasonable patterns intended for practical use. (#​32135)
• Terraform on Windows now rejects invalid environment variables whose values contain the NUL character when propagating environment variables to a child process such as a provider plugin. Previously Terraform would incorrectly treat that character as a separator between two separate environment variables. (#​32135)

v1.3.3

Compare Source

1.3.3 (October 19, 2022)

BUG FIXES:

• Fix error when removing a resource from configuration which has according to the provider has already been deleted. (#​31850)
• Fix error when setting empty collections into variables with collections of nested objects with default values. (#​32033)

v1.3.2

Compare Source

1.3.2 (October 06, 2022)

BUG FIXES:

• Fixed a crash caused by Terraform incorrectly re-registering output value preconditions during the apply phase (rather than just reusing the already-planned checks from the plan phase). (#​31890)
• Prevent errors when the provider reports that a deposed instance no longer exists (#​31902)
• Using ignore_changes = all could cause persistent diffs with legacy providers (#​31914)
• Fix cycles when resource dependencies cross over between independent provider configurations (#​31917)
• Improve handling of missing resource instances during import (#​31878)

v1.3.1

Compare Source

1.3.1 (September 28, 2022)

NOTE:

• On darwin/amd64 and darwin/arm64 architectures, terraform binaries are now built with CGO enabled. This should not have any user-facing impact, except in cases where the pure Go DNS resolver causes problems on recent versions of macOS: using CGO may mitigate these issues. Please see the upstream bug https://github.com/golang/go/issues/52839 for more details.

BUG FIXES:

• Fixed a crash when using objects with optional attributes and default values in collections, most visible with nested modules. (#​31847)
• Prevent cycles in some situations where a provider depends on resources in the configuration which are participating in planned changes. (#​31857)
• Fixed an error when attempting to destroy a configuration where resources do not exist in the state. (#​31858)
• Data sources which cannot be read during will no longer prevent the state from being serialized. (#​31871)
• Fixed a crash which occured when a resource with a precondition and/or a postcondition appeared inside a module with two or more instances. (#​31860)

v1.3.0

Compare Source

1.3.0 (September 21, 2022)

NEW FEATURES:

• Optional attributes for object type constraints: When declaring an input variable whose type constraint includes an object type, you can now declare individual attributes as optional, and specify a default value to use if the caller doesn't set it. For example:

  variable "with_optional_attribute" {
    type = object({
      a = string                # a required attribute
      b = optional(string)      # an optional attribute
      c = optional(number, 127) # an optional attribute with a default value
    })
  }

  Assigning { a = "foo" } to this variable will result in the value { a = "foo", b = null, c = 127 }.

• Added functions: startswith and endswith allow you to check whether a given string has a specified prefix or suffix. (#​31220)

UPGRADE NOTES:

• terraform show -json: Output changes now include more detail about the unknown-ness of the planned value. Previously, a planned output would be marked as either fully known or partially unknown, with the after_unknown field having value false or true respectively. Now outputs correctly expose the full structure of unknownness for complex values, allowing consumers of the JSON output format to determine which values in a collection are known only after apply.

• terraform import: The -allow-missing-config has been removed, and at least an empty configuration block must exist to import a resource.

• Consumers of the JSON output format expecting on the after_unknown field to be only false or true should be updated to support the change representation described in the documentation, and as was already used for resource changes. (#​31235)

• AzureRM Backend: This release concludes the deprecation cycle started in Terraform v1.1 for the azurerm backend's support of "ADAL" authentication. This backend now supports only "MSAL" (Microsoft Graph) authentication.

  This follows from Microsoft's own deprecation of Azure AD Graph, and so you must follow the migration instructions presented in that Azure documentation to adopt Microsoft Graph and then change your backend configuration to use MSAL authentication before upgrading to Terraform v1.3.

• When making requests to HTTPS servers, Terraform will now reject invalid handshakes that have duplicate extensions, as required by RFC 5246 section 7.4.1.4 and RFC 8446 section 4.2. This may cause new errors when interacting with existing buggy or misconfigured TLS servers, but should not affect correct servers.

  This only applies to requests made directly by Terraform CLI, such as provider installation and remote state storage. Terraform providers are separate programs which decide their own policy for handling of TLS handshakes.

• The following backends, which were deprecated in v1.2.3, have now been removed: artifactory, etcd, etcdv3, manta, swift. The legacy backend name azure has also been removed, because the current Azure backend is named azurerm. (#​31711)

ENHANCEMENTS:

• config: Optional attributes for object type constraints, as described under new features above. (#​31154)
• config: New built-in function timecmp allows determining the ordering relationship between two timestamps while taking potentially-different UTC offsets into account. (#​31687)
• config: When reporting an error message related to a function call, Terraform will now include contextual information about the signature of the function that was being called, as an aid to understanding why the call might have failed. (#​31299)
• config: When reporting an error or warning message that isn't caused by values being unknown or marked as sensitive, Terraform will no longer mention any values having those characteristics in the contextual information presented alongside the error. Terraform will still return this information for the small subset of error messages that are specifically about unknown v

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[dpebot]

/gcbrun

[dpebot]

/gcbrun

[dpebot]

/gcbrun

[dpebot]

/gcbrun

[dpebot]

/gcbrun

[dpebot]

/gcbrun

[dpebot]

/gcbrun

[dpebot]

/gcbrun

[dpebot]

/gcbrun

[dpebot]

/gcbrun

[dpebot]

/gcbrun

[dpebot]

/gcbrun

[dpebot]

/gcbrun

[dpebot]

/gcbrun

[dpebot]

/gcbrun

[dpebot]

/gcbrun

[dpebot]

/gcbrun

[dpebot]

/gcbrun

[dpebot]

/gcbrun

[renovate]

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update. You will not get PRs for any future 1.x releases. But if you manually upgrade to 1.x then Renovate will re-enable minor and patch updates automatically.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.