0.14.11 (April 26, 2021)

ENHANCEMENTS:

• cli: Update the HashiCorp public key (#28503)

0.13.7 (April 26, 2021)

ENHANCEMENTS:

• cli: Update the HashiCorp public key (#28500)

0.12.31 (April 26, 2021)

ENHANCEMENTS:

• cli: Update the HashiCorp public key (#28499)

0.11.15 (April 26, 2021)

IMPROVEMENTS:

• cli: Update the HashiCorp Public Key (#28498)
• backend/http: New options for retries on outgoing requests. (#19702)
• communicator/ssh: Keepalive support (#20437)

0.15.0 (April 14, 2021)

UPGRADE NOTES AND BREAKING CHANGES:

The following is a summary of each of the changes in this release that might require special consideration when upgrading. Refer to the Terraform v0.15 upgrade guide for more details and recommended upgrade steps.

• "Proxy configuration blocks" (provider blocks with only alias set) in shared modules are now replaced with a more explicit configuration_aliases argument within the required_providers block. Some support for the old syntax is retained for backward compatibility, but we've added explicit error messages for situations where Terraform would previously silently misinterpret the purpose of an empty provider block. (#27739)

• The list and map functions, both of which were deprecated since Terraform v0.12, are now removed. You can replace uses of these functions with tolist([...]) and tomap({...}) respectively. (#26818)

• Terraform now requires UTF-8 character encoding and virtual terminal support when running on Windows. This unifies Terraform's terminal handling on Windows with that of other platforms, as per Microsoft recommendations. Terraform previously required these terminal features on all other platforms, and now requires them on Windows too.

  UTF-8 and virtual terminal support were introduced across various Windows 10 updates, and so Terraform is no longer officially supported on the original release of Windows 10 or on Windows 8 and earlier. However, there are currently no technical measures to artificially prevent Terraform from running on these obsolete Windows releases, and so you may still be able to use Terraform v0.15 on older Windows versions if you either disable formatting (using the -no-color) option, or if you use a third-party terminal emulator package such as ConEmu, Cmder, or mintty.

  We strongly encourage planning to migrate to a newer version of Windows rather than relying on these workarounds for the long term, because the Terraform team will test future releases only on up-to-date Windows 10 and can therefore not guarantee ongoing support for older versions.

• Built-in vendor provisioners (chef, habitat, puppet, and salt-masterless) have been removed. (#26938)

• Interrupting execution will now cause terraform to exit with a non-zero exit status. (#26738)

• The trailing [DIR] argument to specify the working directory for various commands is no longer supported. Use the global -chdir option instead. (#27664)

  For example, instead of terraform init infra, write terraform -chdir=infra init.

• The -lock and -lock-timeout options are no longer available on terraform init (#27464)

• The -verify-plugins=false option is no longer available on terraform init. (Terraform now always verifies plugins.) (#27461)

• The -get-plugins=false option is no longer available on terraform init. (Terraform now always installs plugins.) (#27463)

• The -force option is no longer available on terraform destroy. Use -auto-approve instead (#27681)

• The -var and -var-file options are no longer available on terraform validate. These were deprecated and have had no effect since Terraform v0.12. (#27906)

• terraform version -json output no longer includes the (previously-unpopulated) "revision" property (#27484)

• In the gcs backend the path config argument, which was deprecated since Terraform v0.11, is now removed. Use the prefix argument instead. (#26841)

• The deprecated ignore_changes = ["*"] wildcard syntax is no longer supported. Use ignore_changes = all instead. (#27834)

• Previously deprecated quoted variable type constraints are no longer supported. Follow the instructions in the error message to update your type signatures to be more explicit. For example, use map(string) instead of "map". (#27852)

• Terraform will no longer make use of the HTTP_PROXY environment variable to determine proxy settings for connecting to HTTPS servers. You must always set HTTPS_PROXY if you intend to use a proxy to connect to an HTTPS server. (Note: This affects only connections made directly from Terraform CLI. Terraform providers are separate programs that make their own requests and may thus have different proxy configuration behaviors.)

• Provider-defined sensitive attributes will now be redacted throughout the plan output. You may now see values redacted as (sensitive) that were previously visible, because sensitivity did not follow provider-defined sensitive attributes.

  If you are transforming a value and wish to force it not to be sensitive, such as if you are transforming a value in such a way that removes the sensitive data, we recommend using the new nonsensitive function to hint Terraform that the result is not sensitive.

• The atlas backend, which was deprecated since Terraform v0.12, is now removed. (#26651)

• We've upgraded the underlying TLS and certificate-related libraries that Terraform uses when making HTTPS requests to remote systems. This includes the usual tweaks to preferences for different cryptographic algorithms during handshakes and also some slightly-stricter checking of certificate syntax. These changes should not cause problems for correctly-implemented HTTPS servers, but can sometimes cause unexpected behavior changes with servers or middleboxes that don't comply fully with the relevant specifications.

ENHANCEMENTS:

• config: A required_providers entry can now contain configuration_aliases to declare additional configuration aliases names without requirring a configuration block (#27739)
• config: Improved type inference for conditional expressions. (#28116)
• config: Provider-defined sensitive attributes will now be redacted throughout the plan output. (#28036)
• config: New function one for concisely converting a zero-or-one element list/set into a single value that might be null. (#27454)
• config: New functions sensitive and nonsensitive allow module authors to explicitly override Terraform's default infererence of value sensitivity for situations where it's too conservative or not conservative enough. (#27341)
• config: Terraform will now emit a warning if you declare a backend block in a non-root module. Terraform has always ignored such declarations, but previously did so silently. This is a warning rather than an error only because it is sometimes convenient to temporarily use a root module as if it were a child module in order to test or debug its behavior separately from its main backend. (#26954)
• config: Removed warning about interpolation-only expressions being deprecated, because terraform fmt now automatically fixes most cases that the warning would previously highlight. We still recommend using simpler expressions where possible, but the deprecation warning had caused a common confusion in the community that the interpolation syntax is always deprecated, rather than only in the interpolation-only case. (#27835)
• config: The family of error messages with the summary "Invalid for_each argument" will now include some additional context about which external values contributed to the result, making it easier to find the root cause of the error. (#26747)
• config: Terraform now does text processing using the rules and tables defined for Unicode 13. Previous versions were using Unicode 12 rules.
• terraform init: Will now make suggestions for possible providers on some registry failures, and generally remind of required_providers on all registry failures. (#28014)
• terraform init: Provider installation will now only attempt to rewrite .terraform.lock.hcl if it would contain new information. (#28230)
• terraform init: New -lockfile=readonly option, which suppresses writing changes to the dependency lock file. Any installed provider packages must already be recorded in the lock file, or initialization will fail. Use this if you are managing the lock file via a separate process and want to avoid adding new checksums for existing dependencies. (#27630)
• terraform show: Improved performance when rendering large plans as JSON. (#27998)
• terraform validate: The JSON output now includes a code snippet object for each diagnostic. If present, this object contains an excerpt of the source code which triggered...

0.15.0 (Unreleased)

BUG FIXES:

• core: Fix crash when rendering JSON plans containing iterable unknown values (#28253)

0.14.10 (April 07, 2021)

BUG FIXES:

• cli: Only rewrite provider locks file if its contents has changed. (#28230)

0.15.0-rc1 (Unreleased)

ENHANCEMENTS:

• backend/azurerm: Dependency Update and Fixes (#28181)

BUG FIXES:

• core: Fix crash when referencing resources with sensitive fields that may be unknown (#28180)
• core: Fix crash with resources which have sensitive iterable attributes (#28245)
• core: Extend the Terraform plan file format to include information about sensitivity and required-replace. This ensures that the output of terraform show saved.tfplan matches terraform plan, and sensitive values are elided. (#28201)
• core: Ensure that stored dependencies are retained when a resource is removed entirely from the configuration, and create_before_destroy ordering is preserved (#28228)
• core: Resources removed from the configuration will now be destroyed before their dependencies are updated (#28165)
• cli: Fix fmt output when unwrapping redundant multi-line string interpolations (#28202)
• cli: Only rewrite provider locks file if its contents has changed. (#28230)

0.14.9 (March 24, 2021)

BUG FIXES:

• backend/remote: Fix error when migrating existing state to a new workspace on Terraform Cloud/Enterprise. (#28093)

UPGRADE NOTES:

The output of terraform validate -json has been extended to include a code snippet object for each diagnostic. If present, this object contains an excerpt of the source code which triggered the diagnostic. Existing fields in the JSON output remain the same as before. (#28057)

ENHANCEMENTS:

• config: Improved type inference in conditional statements (#28116)
• config: provider-defined sensitive attributes redaction is no longer experimental, but default behavior (#28036)
• config: New functions sensitive and nonsensitive allow module authors to explicitly override Terraform's default infererence of value sensitivity for situations where it's too conservative or not conservative enough. (#27341)
• terraform init: Give suggestions for possible providers on some registry failures, and generally remind of required_providers on all registry failures (#28014)
• terraform init: Add -lockfile=readonly flag, which suppresses writing changes to the dependency lock file. Depencies must be able to be verified against the read-only lock file, or initialization will fail. This is useful if you are managing the lock file in a separate process and want to avoid adding new hashes for existing dependencies. (#27630)
• core: Reduce string allocations to improve execution time when rendering large plans as JSON (#27998)
• backend/pg: allow locking of independent states (#26924)

BUG FIXES:

• cli: Fix for missing configuration snippets in diagnostics, a bug introduced in 0.15.0-beta1 (#27944)
• config: Fix multiple upstream crashes with optional attributes and sensitive values (#28116)
• config: Fix panics in defaults caused by missing nested optional collection types, and mismatched primitive fallback types (#27979)
• config: Fix panics in defaults caused by missing nested optional structural types, and corresponding missing defaults (#28067)