1.5.0-rc2 (June 5, 2023)

NEW FEATURES:

• check blocks for validating infrastructure: Module and configuration authors can now write independent check blocks within their configuration to validate assertions about their infrastructure.

  The new independent check blocks must specify at least one assert block, but possibly many, each one with a condition expression and an error_message expression matching the existing Custom Condition Checks.
  Additionally, check blocks can optionally load a scoped data source. Scoped data sources match the existing data sources with the exception that they can only be referenced from within their check block.

  Unlike the existing precondition and postcondition blocks, Terraform will not halt execution should the scoped data block fail or error or if any of the assertions fail.
  This allows practitioners to continually validate the state of their infrastructure outside the usual lifecycle management cycle.

• import blocks for importing infrastructure: Root module authors can now use the import block to declare their intent that Terraform adopt an existing resource.

  Import is now a configuration-driven, plannable action, and is processed as part of a normal plan. Running terraform plan will show a summary of the resources that Terraform has planned to import, along with any other plan changes.

  The existing terraform import CLI command has not been modified.

  This is an early version of the import block feature, for which we are actively seeking user feedback to shape future development. The import block currently does not support interpolation in the id field, which must be a string.

• Generating configuration for imported resources: in conjunction with the import block, this feature enables easy templating of configuration when importing existing resources into Terraform. A new flag -generate-config-out=PATH is added to terraform plan. When this flag is set, Terraform will generate HCL configuration for any resource included in an import block that does not already have associated configuration, and write it to a new file at PATH. Before applying, review the generated configuration and edit it as necessary.

• Adds a new plantimestamp function that returns the timestamp at plan time. This is similar to the timestamp function which returns the timestamp at apply time (#32980).

• Adds a new strcontains function that checks whether a given string contains a given substring. (#33069)

UPGRADE NOTES:

• This is the last version of Terraform for which macOS 10.13 High Sierra or 10.14 Mojave are officially supported. Future Terraform versions may not function correctly on these older versions of macOS.

• This is the last version of Terraform for which Windows 7, 8, Server 2008, and Server 2012 are supported by Terraform's main implementation language, Go. We already ended explicit support for versions earlier than Windows 10 in Terraform v0.15.0, but future Terraform versions may malfunction in more significant ways on these older Windows versions.

• On Linux (and some other non-macOS Unix platforms we don't officially support), Terraform will now notice the trust-ad option in /etc/resolv.conf and, if set, will set the "authentic data" option in outgoing DNS requests in order to better match the behavior of the GNU libc resolver.

  Terraform does not pay any attention to the corresponding option in responses, but some DNSSEC-aware recursive resolvers return different responses when the request option isn't set. This should therefore avoid some potential situations where a DNS request from Terraform might get a different response than a similar request from other software on your system.

ENHANCEMENTS:

• Terraform CLI's local operations mode will now attempt to persist state snapshots to the state storage backend periodically during the apply step, thereby reducing the window for lost data if the Terraform process is aborted unexpectedly. (#32680)
• If Terraform CLI receives SIGINT (or its equivalent on non-Unix platforms) during the apply step then it will immediately try to persist the latest state snapshot to the state storage backend, with the assumption that a graceful shutdown request often typically followed by a hard abort some time later if the graceful shutdown doesn't complete fast enough. (#32680)
• pg backend: Now supports the PG_CONN_STR, PG_SCHEMA_NAME, PG_SKIP_SCHEMA_CREATION, PG_SKIP_TABLE_CREATION and PG_SKIP_INDEX_CREATION environment variables. (#33045)

BUG FIXES:

• terraform init: Fixed crash with invalid blank module name. (#32781)
• moved blocks: Fixed a typo in the error message that Terraform raises when you use -target to exclude an object that has been moved. (#33149)

Previous Releases

For information on prior major and minor releases, see their changelogs:

• v1.4
• v1.3
• v1.2
• v1.1
• v1.0
• v0.15
• v0.14
• v0.13
• v0.12
• v0.11 and earlier

1.5.0-rc1 (May 31, 2023)

NEW FEATURES:

• check blocks for validating infrastructure: Module and configuration authors can now write independent check blocks within their configuration to validate assertions about their infrastructure.

  The new independent check blocks must specify at least one assert block, but possibly many, each one with a condition expression and an error_message expression matching the existing Custom Condition Checks.
  Additionally, check blocks can optionally load a scoped data source. Scoped data sources match the existing data sources with the exception that they can only be referenced from within their check block.

  Unlike the existing precondition and postcondition blocks, Terraform will not halt execution should the scoped data block fail or error or if any of the assertions fail.
  This allows practitioners to continually validate the state of their infrastructure outside the usual lifecycle management cycle.

• import blocks for importing infrastructure: Root module authors can now use the import block to declare their intent that Terraform adopt an existing resource.

  Import is now a configuration-driven, plannable action, and is processed as part of a normal plan. Running terraform plan will show a summary of the resources that Terraform has planned to import, along with any other plan changes.

  The existing terraform import CLI command has not been modified.

  This is an early version of the import block feature, for which we are actively seeking user feedback to shape future development. The import block currently does not support interpolation in the id field, which must be a string.

• Generating configuration for imported resources: in conjunction with the import block, this feature enables easy templating of configuration when importing existing resources into Terraform. A new flag -generate-config-out=PATH is added to terraform plan. When this flag is set, Terraform will generate HCL configuration for any resource included in an import block that does not already have associated configuration, and write it to a new file at PATH. Before applying, review the generated configuration and edit it as necessary.

• Adds a new plantimestamp function that returns the timestamp at plan time. This is similar to the timestamp function which returns the timestamp at apply time.

• Adds a new strcontains function that checks whether a given string contains a given substring. (#33069)

UPGRADE NOTES:

• This is the last version of Terraform for which macOS 10.13 High Sierra or 10.14 Mojave are officially supported. Future Terraform versions may not function correctly on these older versions of macOS.

• This is the last version of Terraform for which Windows 7, 8, Server 2008, and Server 2012 are supported by Terraform's main implementation language, Go. We already ended explicit support for versions earlier than Windows 10 in Terraform v0.15.0, but future Terraform versions may malfunction in more significant ways on these older Windows versions.

• On Linux (and some other non-macOS Unix platforms we don't officially support), Terraform will now notice the trust-ad option in /etc/resolv.conf and, if set, will set the "authentic data" option in outgoing DNS requests in order to better match the behavior of the GNU libc resolver.

  Terraform does not pay any attention to the corresponding option in responses, but some DNSSEC-aware recursive resolvers return different responses when the request option isn't set. This should therefore avoid some potential situations where a DNS request from Terraform might get a different response than a similar request from other software on your system.

ENHANCEMENTS:

• Terraform CLI's local operations mode will now attempt to persist state snapshots to the state storage backend periodically during the apply step, thereby reducing the window for lost data if the Terraform process is aborted unexpectedly. (#32680)
• If Terraform CLI receives SIGINT (or its equivalent on non-Unix platforms) during the apply step then it will immediately try to persist the latest state snapshot to the state storage backend, with the assumption that a graceful shutdown request often typically followed by a hard abort some time later if the graceful shutdown doesn't complete fast enough. (#32680)
• pg backend: Now supports the PG_CONN_STR, PG_SCHEMA_NAME, PG_SKIP_SCHEMA_CREATION, PG_SKIP_TABLE_CREATION and PG_SKIP_INDEX_CREATION environment variables. (#33045)

BUG FIXES:

• terraform init: Fixed crash with invalid blank module name. (#32781)
• moved blocks: Fixed a typo in the error message that Terraform raises when you use -target to exclude an object that has been moved. (#33149)

Previous Releases

For information on prior major and minor releases, see their changelogs:

• v1.4
• v1.3
• v1.2
• v1.1
• v1.0
• v0.15
• v0.14
• v0.13
• v0.12
• v0.11 and earlier

1.5.0-beta2 (May 24, 2023)

NEW FEATURES:

• check blocks for validating infrastructure: Module and configuration authors can now write independent check blocks within their configuration to validate assertions about their infrastructure.

  The new independent check blocks must specify at least one assert block, but possibly many, each one with a condition expression and an error_message expression matching the existing Custom Condition Checks.
  Additionally, check blocks can optionally load a scoped data source. Scoped data sources match the existing data sources with the exception that they can only be referenced from within their check block.

  Unlike the existing precondition and postcondition blocks, Terraform will not halt execution should the scoped data block fail or error or if any of the assertions fail.
  This allows practitioners to continually validate the state of their infrastructure outside the usual lifecycle management cycle.

• import blocks for importing infrastructure: Root module authors can now use the import block to declare their intent that Terraform adopt an existing resource.

  Import is now a configuration-driven, plannable action, and is processed as part of a normal plan. Running terraform plan will show a summary of the resources that Terraform has planned to import, along with any other plan changes.

  The existing terraform import CLI command has not been modified.

  This is an early version of the import block feature, for which we are actively seeking user feedback to shape future development. The import block currently does not support interpolation in the id field, which must be a string.

• Generating configuration for imported resources: in conjunction with the import block, this feature enables easy templating of configuration when importing existing resources into Terraform. A new flag -generate-config-out=PATH is added to terraform plan. When this flag is set, Terraform will generate HCL configuration for any resource included in an import block that does not already have associated configuration, and write it to a new file at PATH. Before applying, review the generated configuration and edit it as necessary.

• Adds a new plantimestamp function that returns the timestamp at plan time. This is similar to the timestamp function which returns the timestamp at apply time.

• Adds a new strcontains function that checks whether a given string contains a given substring. (#33069)

UPGRADE NOTES:

• This is the last version of Terraform for which macOS 10.13 High Sierra or 10.14 Mojave are officially supported. Future Terraform versions may not function correctly on these older versions of macOS.

• This is the last version of Terraform for which Windows 7, 8, Server 2008, and Server 2012 are supported by Terraform's main implementation language, Go. We already ended explicit support for versions earlier than Windows 10 in Terraform v0.15.0, but future Terraform versions may malfunction in more significant ways on these older Windows versions.

• On Linux (and some other non-macOS Unix platforms we don't officially support), Terraform will now notice the trust-ad option in /etc/resolv.conf and, if set, will set the "authentic data" option in outgoing DNS requests in order to better match the behavior of the GNU libc resolver.

  Terraform does not pay any attention to the corresponding option in responses, but some DNSSEC-aware recursive resolvers return different responses when the request option isn't set. This should therefore avoid some potential situations where a DNS request from Terraform might get a different response than a similar request from other software on your system.

ENHANCEMENTS:

• Terraform CLI's local operations mode will now attempt to persist state snapshots to the state storage backend periodically during the apply step, thereby reducing the window for lost data if the Terraform process is aborted unexpectedly. (#32680)
• If Terraform CLI receives SIGINT (or its equivalent on non-Unix platforms) during the apply step then it will immediately try to persist the latest state snapshot to the state storage backend, with the assumption that a graceful shutdown request often typically followed by a hard abort some time later if the graceful shutdown doesn't complete fast enough. (#32680)
• pg backend: Now supports the PG_CONN_STR, PG_SCHEMA_NAME, PG_SKIP_SCHEMA_CREATION, PG_SKIP_TABLE_CREATION and PG_SKIP_INDEX_CREATION environment variables. (#33045)

BUG FIXES:

• terraform init: Fixed crash with invalid blank module name. (#32781)
• moved blocks: Fixed a typo in the error message that Terraform raises when you use -target to exclude an object that has been moved. (#33149)

Previous Releases

For information on prior major and minor releases, see their changelogs:

• v1.4
• v1.3
• v1.2
• v1.1
• v1.0
• v0.15
• v0.14
• v0.13
• v0.12
• v0.11 and earlier

1.5.0-beta1 (May 15, 2023)

NEW FEATURES:

• check blocks for validating infrastructure: Module and configuration authors can now write independent check blocks within their configuration to validate assertions about their infrastructure.

  The new independent check blocks must specify at least one assert block, but possibly many, each one with a condition expression and an error_message expression matching the existing Custom Condition Checks.
  Additionally, check blocks can optionally load a scoped data source. Scoped data sources match the existing data sources with the exception that they can only be referenced from within their check block.

  Unlike the existing precondition and postcondition blocks, Terraform will not halt execution should the scoped data block fail or error or if any of the assertions fail.
  This allows practitioners to continually validate the state of their infrastructure outside the usual lifecycle management cycle.

• import blocks for importing infrastructure: Root module authors can now use the import block to declare their intent that Terraform adopt an existing resource.

  Import is now a configuration-driven, plannable action, and is processed as part of a normal plan. Running terraform plan will show a summary of the resources that Terraform has planned to import, along with any other plan changes.

  The existing terraform import CLI command has not been modified.

  This is an early version of the import block feature, for which we are actively seeking user feedback to shape future development. The import block currently does not support interpolation in the id field, which must be a string.

• Generating configuration for imported resources: in conjunction with the import block, this feature enables easy templating of configuration when importing existing resources into Terraform. A new flag -generate-config-out=PATH is added to terraform plan. When this flag is set, Terraform will generate HCL configuration for any resource included in an import block that does not already have associated configuration, and write it to a new file at PATH. Before applying, review the generated configuration and edit it as necessary.

• Adds a new plantimestamp function that returns the timestamp at plan time. This is similar to the timestamp function which returns the timestamp at apply time.

• Adds a new strcontains function that checks whether a given string contains a given substring. (#33069)

UPGRADE NOTES:

• This is the last version of Terraform for which macOS 10.13 High Sierra or 10.14 Mojave are officially supported. Future Terraform versions may not function correctly on these older versions of macOS.

• This is the last version of Terraform for which Windows 7, 8, Server 2008, and Server 2012 are supported by Terraform's main implementation language, Go. We already ended explicit support for versions earlier than Windows 10 in Terraform v0.15.0, but future Terraform versions may malfunction in more significant ways on these older Windows versions.

• On Linux (and some other non-macOS Unix platforms we don't officially support), Terraform will now notice the trust-ad option in /etc/resolv.conf and, if set, will set the "authentic data" option in outgoing DNS requests in order to better match the behavior of the GNU libc resolver.

  Terraform does not pay any attention to the corresponding option in responses, but some DNSSEC-aware recursive resolvers return different responses when the request option isn't set. This should therefore avoid some potential situations where a DNS request from Terraform might get a different response than a similar request from other software on your system.

ENHANCEMENTS:

• Terraform CLI's local operations mode will now attempt to persist state snapshots to the state storage backend periodically during the apply step, thereby reducing the window for lost data if the Terraform process is aborted unexpectedly. (#32680)
• If Terraform CLI receives SIGINT (or its equivalent on non-Unix platforms) during the apply step then it will immediately try to persist the latest state snapshot to the state storage backend, with the assumption that a graceful shutdown request often typically followed by a hard abort some time later if the graceful shutdown doesn't complete fast enough. (#32680)
• pg backend: Now supports the PG_CONN_STR, PG_SCHEMA_NAME, PG_SKIP_SCHEMA_CREATION, PG_SKIP_TABLE_CREATION and PG_SKIP_INDEX_CREATION environment variables. (#33045)

BUG FIXES:

• terraform init: Fixed crash with invalid blank module name. (#32781)
• moved blocks: Fixed a typo in the error message that Terraform raises when you use -target to exclude an object that has been moved. (#33149)

Previous Releases

For information on prior major and minor releases, see their changelogs:

• v1.4
• v1.3
• v1.2
• v1.1
• v1.0
• v0.15
• v0.14
• v0.13
• v0.12
• v0.11 and earlier

1.5.0-alpha20230504 (May 4, 2023)

NEW FEATURES:

• check blocks for validating infrastructure: Module and configuration authors can now write independent check blocks within their configuration to validate assertions about their infrastructure.

  The new independent check blocks must specify at least one assert block, but possibly many, each one with a condition expression and an error_message expression matching the existing Custom Condition Checks.
  Additionally, check blocks can optionally load a scoped data source. Scoped data sources match the existing data sources with the exception that they can only be referenced from within their check block.

  Unlike the existing precondition and postcondition blocks, Terraform will not halt execution should the scoped data block fail or error or if any of the assertions fail.
  This allows practitioners to continually validate the state of their infrastructure outside the usual lifecycle management cycle.

• A new import block type to provide the terraform import functionality as a config-driven operation.

  The import block type has two arguments: id and to, where the id takes a string and the to is a resource address. The plan tells you what will be imported and then apply will add that resource to Terraform state. Once you import into a resource, you can safely delete the import block. There is no harm to keep the import block in the configuration; it is a no-op after the resource is imported.

• Adds a new plantimestamp function that returns the timestamp at plan time. This is similar to the timestamp function which returns the timestamp at apply time.

• Adds a new strcontains function that checks whether a given string contains a given substring. [GH-33069]

UPGRADE NOTES:

• This is the last version of Terraform for which macOS 10.13 High Sierra or 10.14 Mojave are officially supported. Future Terraform versions may not function correctly on these older versions of macOS.

• This is the last version of Terraform for which Windows 7, 8, Server 2008, and Server 2012 are supported by Terraform's main implementation language, Go. We already ended explicit support for versions earlier than Windows 10 in Terraform v0.15.0, but future Terraform versions may malfunction in more significant ways on these older Windows versions.

• On Linux (and some other non-macOS Unix platforms we don't officially support), Terraform will now notice the trust-ad option in /etc/resolv.conf and, if set, will set the "authentic data" option in outgoing DNS requests in order to better match the behavior of the GNU libc resolver.

  Terraform does not pay any attention to the corresponding option in responses, but some DNSSEC-aware recursive resolvers return different responses when the request option isn't set. This should therefore avoid some potential situations where a DNS request from Terraform might get a different response than a similar request from other software on your system.

ENHANCEMENTS:

• Terraform CLI's local operations mode will now attempt to persist state snapshots to the state storage backend periodically during the apply step, thereby reducing the window for lost data if the Terraform process is aborted unexpectedly. [GH-32680]
• If Terraform CLI receives SIGINT (or its equivalent on non-Unix platforms) during the apply step then it will immediately try to persist the latest state snapshot to the state storage backend, with the assumption that a graceful shutdown request often typically followed by a hard abort some time later if the graceful shutdown doesn't complete fast enough. [GH-32680]
• pg backend: Now supports the PG_CONN_STR, PG_SCHEMA_NAME, PG_SKIP_SCHEMA_CREATION, PG_SKIP_TABLE_CREATION and PG_SKIP_INDEX_CREATION environment variables. [GH-33045]

BUG FIXES:

• terraform init: Fixed crash with invalid blank module name. [GH-32781]

Previous Releases

For information on prior major and minor releases, see their changelogs:

• v1.4
• v1.3
• v1.2
• v1.1
• v1.0
• v0.15
• v0.14
• v0.13
• v0.12
• v0.11 and earlier

1.4.6 (April 26, 2023)

BUG FIXES

• Fix bug when rendering plans that include null strings. (#33029)
• Fix bug when rendering plans that include unknown values in maps. (#33029)
• Fix bug where the plan would render twice when using older versions of TFE as a backend. (#33018)
• Fix bug where sensitive and unknown metadata was not being propagated to dynamic types while rendering plans. (#33057)
• Fix bug where sensitive metadata from the schema was not being included in the terraform show -json output. (#33059)
• Fix bug where computed attributes were not being rendered with the # forces replacement suffix. (#33065)

1.4.5 (April 12, 2023)

• Revert change from [#32892] due to an upstream crash.
• Fix planned destroy value which would cause terraform_data to fail when being replaced with create_before_destroy (#32988)

This is a development snapshot for the forthcoming v1.5.0 release, built from Terraform's main branch. These release packages are for early testing only and are not suitable for production use.

The following is the v1.5.0 changelog so far, at the time of this snapshot:

UPGRADE NOTES:

• This is the last version of Terraform for which macOS 10.13 High Sierra or 10.14 Mojave are officially supported. Future Terraform versions may not function correctly on these older versions of macOS.

• This is the last version of Terraform for which Windows 7, 8, Server 2008, and Server 2012 are supported by Terraform's main implementation language, Go. We already ended explicit support for versions earlier than Windows 10 in Terraform v0.15.0, but future Terraform versions may malfunction in more significant ways on these older Windows versions.

• On Linux (and some other non-macOS Unix platforms we don't officially support), Terraform will now notice the trust-ad option in /etc/resolv.conf and, if set, will set the "authentic data" option in outgoing DNS requests in order to better match the behavior of the GNU libc resolver.

  Terraform does not pay any attention to the corresponding option in responses, but some DNSSEC-aware recursive resolvers return different responses when the request option isn't set. This should therefore avoid some potential situations where a DNS request from Terraform might get a different response than a similar request from other software on your system.

NEW FEATURES:

• check blocks for validating infrastructure: Module and configuration authors can now write independent check blocks within their configuration to validate assertions about their infrastructure.

  The new independent check blocks must specify at least one assert block, but possibly many, each one with a condition expression and an error_message expression matching the existing Custom Condition Checks.
  Additionally, check blocks can optionally load a scoped data source. Scoped data sources match the existing data sources with the exception that they can only be referenced from within their check block.

  Unlike the existing precondition and postcondition blocks, Terraform will not halt execution should the scoped data block fail or error or if any of the assertions fail.
  This allows practitioners to continually validate the state of their infrastructure outside the usual lifecycle management cycle.

ENHANCEMENTS:

• Terraform CLI's local operations mode will now attempt to persist state snapshots to the state storage backend periodically during the apply step, thereby reducing the window for lost data if the Terraform process is aborted unexpectedly. [GH-32680]
• If Terraform CLI receives SIGINT (or its equivalent on non-Unix platforms) during the apply step then it will immediately try to persist the latest state snapshot to the state storage backend, with the assumption that a graceful shutdown request often typically followed by a hard abort some time later if the graceful shutdown doesn't complete fast enough. [GH-32680]

BUG FIXES:

• terraform init: Fixed crash with invalid blank module name. [GH-32781]

1.4.4 (March 30, 2023)

Due to an incident while migrating build systems for the 1.4.3 release where
CGO_ENABLED=0 was not set, we are rebuilding that version as 1.4.4 with the
flag set. No other changes have been made between 1.4.3 and 1.4.4.

1.4.3 (March 30, 2023)

BUG FIXES:

• Prevent sensitive values in non-root module outputs from marking the entire output as sensitive [GH-32891]
• Fix the handling of planned data source objects when storing a failed plan [GH-32876]
• Don't fail during plan generation when targeting prevents resources with schema changes from performing a state upgrade [GH-32900]
• Skip planned changes in sensitive marks when the changed attribute is discarded by the provider [GH-32892]