Skip to content

Releases: hashicorp/terraform

v0.12.30

06 Jan 18:51
@hashicorp-ci hashicorp-ci
v0.12.30
7f7e05a

Choose a tag to compare

View all tags
v0.12.30

0.12.30 (January 06, 2021)

UPGRADE NOTES:

  • The builtin provider's terraform_remote_state data source no longer enforces Terraform version checks on the remote state file. This allows Terraform 0.12.30 to access remote state from future Terraform versions, up until a future incompatible state file version upgrade is required. (#26692)
Loading

v0.14.3

17 Dec 21:29
@hashicorp-ci hashicorp-ci
v0.14.3
f1be491

Choose a tag to compare

View all tags
v0.14.3

0.14.3 (December 17, 2020)

ENHANCEMENTS:

  • terraform output: Now supports a new "raw" mode, activated by the -raw option, for printing out the raw string representation of a particular output value. (#27212)

    Only primitive-typed values have a string representation, so this formatting mode is not compatible with complex types. The -json mode is still available as a general way to get a machine-readable representation of an output value of any type.

  • config: for_each now allows maps whose element values are sensitive, as long as the element keys and the map itself are not sensitive. (#27247)

BUG FIXES:

  • config: Fix anytrue and alltrue functions when called with values which are not known until apply. (#27240)
  • config: Fix sum function when called with values which are not known until apply. Also allows sum to cope with numbers too large to represent in float64, along with correctly handling errors around infinite values. (#27249)
  • config: Fixed panic when referencing sensitive values in resource count expressions (#27238)
  • config: Fix incorrect attributes in diagnostics when validating objects (#27010)
  • core: Prevent unexpected updates during plan when multiple sensitive values are involved (#27318)
  • dependencies: Fix several small bugs related to the use of sensitive values with expressions and functions.
  • lang: Fix panic when calling coalescelist with a null argument (#26988)
  • terraform apply: -refresh=false was skipped when running apply directly (#27233)
  • terraform init: setting -get-plugins to false will now cause a warning, as this flag has been a no-op since 0.13.0 and usage is better served through using provider_installation blocks (#27092)
  • terraform init and other commands which interact with the dependency lock file: These will now generate a normal error message if the lock file is incorrectly a directory, rather than crashing as before. (#27250)
Loading

v0.14.2

08 Dec 21:19
@hashicorp-ci hashicorp-ci
v0.14.2
0560fd2

Choose a tag to compare

View all tags
v0.14.2

0.14.2 (December 08, 2020)

BUG FIXES:

  • backend/remote: Disable the remote backend version compatibility check for workspaces set to use the "latest" pseudo-version. (#27199)
  • providers/terraform: Disable the remote backend version compatibility check for the terraform_remote_state data source. This check is unnecessary, because the data source is read-only by definition. (#27197)
Loading

v0.14.1

08 Dec 18:06
@hashicorp-ci hashicorp-ci
v0.14.1
0feb38a

Choose a tag to compare

View all tags
v0.14.1

0.14.1 (December 08, 2020)

ENHANCEMENTS:

  • backend/remote: When using the enhanced remote backend with commands which locally modify state, verify that the local Terraform version and the configured remote workspace Terraform version are compatible. This prevents accidentally upgrading the remote state to an incompatible version. The check is skipped for commands which do not write state, and can also be disabled by the use of a new command-line flag, -ignore-remote-version. (#26947)

BUG FIXES:

  • configs: Fix for errors when using multiple layers of sensitive input variables (#27095)
  • configs: Fix error when using sensitive input variables in conditionals (#27107)
  • core: Fix permanent diff when a resource changes only in sensitivity, for example due to changing the sensitivity of a variable or output used as an attribute value. (#27128)
  • core: Fix issues where ignore_changes appears to not work, or causes validation errors with some resources. (#27141)
  • terraform fmt: Fix incorrect formatting with attribute expressions enclosed in parentheses. (#27040)
Loading

v0.14.0

02 Dec 21:29
@hashicorp-ci hashicorp-ci
v0.14.0
02f0ec2

Choose a tag to compare

View all tags
v0.14.0

0.14.0 (December 02, 2020)

NEW FEATURES:

  • Terraform now supports marking input variables as sensitive, and will propagate that sensitivity through expressions that derive from sensitive input variables.

  • terraform init will now generate a lock file in the configuration directory which you can check in to your version control so that Terraform can make the same version selections in future. (#26524)

    If you wish to retain the previous behavior of always taking the newest version allowed by the version constraints on each install, you can run terraform init -upgrade to see that behavior.

  • Terraform will now support reading and writing all compatible state files, even from future versions of Terraform. This means that users of Terraform 0.14.0 will be able to share state files with future Terraform versions until a new state file format version is needed. We have no plans to change the state file format at this time. (#26752)

UPGRADE NOTES:

  • Outputs that reference sensitive values (which includes variables marked as sensitive, other module outputs marked as sensitive, or attributes a provider defines as sensitive if the provider_sensitive_attrs experiment is activated) must also be defined as sensitive, or Terraform will error at plan.
  • The version argument inside provider configuration blocks has been documented as deprecated since Terraform 0.12. As of 0.14 it will now also generate an explicit deprecation warning. To avoid the warning, use provider requirements declarations instead. (#26135)
  • The official MacOS builds of Terraform now require MacOS 10.12 Sierra or later. (#26357)
  • TLS certificate verification for outbound HTTPS requests from Terraform CLI no longer treats the certificate's "common name" as a valid hostname when the certificate lacks any "subject alternative name" entries for the hostname. TLS server certificates must list their hostnames as a "DNS name" in the subject alternative names field. (#26357)
  • Outbound HTTPS requests from Terraform CLI now enforce RFC 8446's client-side downgrade protection checks. This should not significantly affect normal operation, but may result in connection errors in environments where outgoing requests are forced through proxy servers and other "middleboxes", if they have behavior that resembles a downgrade attack. (#26357)
  • Terraform's HTTP client code is now slightly stricter than before in HTTP header parsing, but in ways that should not affect typical server implementations: Terraform now trims only ASCII whitespace characters, and does not allow Transfer-Encoding: identity. (#26357)
  • The terraform 0.13upgrade subcommand and the associated upgrade mechanisms are no longer available. Complete the v0.13 upgrade process before upgrading to Terraform v0.14.
  • The debug command, which did not offer additional functionality, has been removed.

ENHANCEMENTS:

  • config: Added sensitive argument for variable blocks, which supresses output where that variable is used (#26183)
  • config: Added alltrue and anytrue functions, which serve as a sort of dynamic version of the && and || or operators, respectively. These are intended to allow evaluating boolean conditions, such as in variable validation blocks, across all of the items in a collection using for expressions. (#25656], [#26498)
  • config: New functions textencodebase64 and textdecodebase64 for encoding text in various character encodings other than UTF-8. (#25470)
  • terraform plan and terraform apply: Added an experimental concise diff renderer. By default, Terraform plans now hide most unchanged fields, only displaying the most relevant changes and some identifying context. This experiment can be disabled by setting a TF_X_CONCISE_DIFF environment variable to 0. (#26187)
  • config: ignore_changes can now apply to map keys that are not listed in the configuration (#26421)
  • terraform console: Now has distinct rendering of lists, sets, and tuples, and correctly renders objects with null attribute values. Multi-line strings are rendered using the "heredoc" syntax. (#26189, #27054)
  • terraform login: Added support for OAuth2 application scopes. (#26239)
  • terraform fmt: Will now do some slightly more opinionated normalization behaviors, using the documented idiomatic syntax. (#26390)
  • terraform init's provider installation step will now abort promptly if Terraform receives an interrupt signal. (#26405)
  • cli: A new global command line option -chdir=..., placed before the selected subcommand, instructs Terraform to switch to a different working directory before executing the subcommand. This is similar to switching to a new directory with cd before running Terraform, but it avoids changing the state of the calling shell. (#26087)
  • cli: help text is been reorganized to emphasize the main commands and improve consistency (#26695)
  • cli: Ensure that provider requirements are met by the locked dependencies for every command. This will help catch errors if the configuration has changed since the last run of terraform init. (#26761)
  • core: When sensitive values are used as part of provisioner configuration, logging is disabled to ensure the values are not displayed to the UI (#26611)
  • core: terraform plan no longer uses a separate refresh phase. Instead, all resources are updated on-demand during planning (#26270)
  • modules: Adds support for loading modules with S3 virtual hosted-style access (#26914)
  • backend/consul: Split state into chunks when outgrowing the limit of the Consul KV store. This allows storing state larger than the Consul 512KB limit. (#25856)
  • backend/consul: Add force-unlock support to the Consul backend (#25837)
  • backend/gcs: Add service account impersonation to GCS backend (#26837)
  • On Unix-based operating systems other than MacOS, the SSL_CERT_DIR environment variable can now be a colon-separated list of multiple certificate search paths. (#26357)
  • On MacOS, Terraform will now use the Security.framework API to access the system trust roots, for improved consistency with other MacOS software. (#26357)

BUG FIXES:

  • config: Report an error when provider configuration attributes are incorrectly added to a required_providers object. (#26184)
  • config: Better errors for invalid terraform version constraints (#26543)
  • config: fix panic when element() is called with a negative offset (#26079)
  • config: lookup() will now only treat map as unknown if it is wholly unknown (#26427)
  • config: Fix provider detection for resources when local name does not match provider type (#26871)
  • terraform fmt: Fix incorrect heredoc syntax in plan diff output (#25725)
  • terraform show: Hide sensitive outputs from display (#26740)
  • terraform taint: If the configuration's required_version constraint is not met, the taint subcommand will now correctly exit early. (#26345)
  • terraform taint and terraform untaint: Fix issue when using taint (and untaint) with workspaces where statefile was not found. (#22467)
  • terraform init: Fix locksfile constraint output for versions like "1.2". (#26637)
  • terraform init: Omit duplicate version constraints when installing packages or writing locksfile. (#26678)
  • cli: return an error on a state unlock failure [#25729]
  • core: Prevent "Inconsistent Plan" errors when using dynamic with a block of TypeSet (#26638)
  • core: Errors with data sources reading old data during refresh, failing to refresh, and not appearing to wait on resource dependencies are fixed by updates to the data source...
Read more
Loading

v0.14.0-rc1

11 Nov 16:45
@hashicorp-ci hashicorp-ci
v0.14.0-rc1
c5c160f

Choose a tag to compare

View all tags
v0.14.0-rc1 Pre-release
Pre-release

0.14.0 (Unreleased)

NEW FEATURES:

  • Terraform now supports marking input variables as sensitive, and will propagate that sensitivity through expressions that derive from sensitive input variables.

  • terraform init will now generate a lock file in the configuration directory which you can check in to your version control so that Terraform can make the same version selections in future. (#26524)

    If you wish to retain the previous behavior of always taking the newest version allowed by the version constraints on each install, you can run terraform init -upgrade to see that behavior.

  • Terraform will now support reading and writing all compatible state files, even from future versions of Terraform. This means that users of Terraform 0.14.0 will be able to share state files with future Terraform versions until a new state file format version is needed. We have no plans to change the state file format at this time. (#26752)

UPGRADE NOTES:

  • Outputs that reference sensitive values (which includes variables marked as sensitive, other module outputs marked as sensitive, or attributes a provider defines as sensitive if the provider_sensitive_attrs experiment is activated) must also be defined as sensitive, or Terraform will error at plan.
  • The version argument inside provider configuration blocks has been documented as deprecated since Terraform 0.12. As of 0.14 it will now also generate an explicit deprecation warning. To avoid the warning, use provider requirements declarations instead. (#26135)
  • The official MacOS builds of Terraform now require MacOS 10.12 Sierra or later. (#26357)
  • TLS certificate verification for outbound HTTPS requests from Terraform CLI no longer treats the certificate's "common name" as a valid hostname when the certificate lacks any "subject alternative name" entries for the hostname. TLS server certificates must list their hostnames as a "DNS name" in the subject alternative names field. (#26357)
  • Outbound HTTPS requests from Terraform CLI now enforce RFC 8446's client-side downgrade protection checks. This should not significantly affect normal operation, but may result in connection errors in environments where outgoing requests are forced through proxy servers and other "middleboxes", if they have behavior that resembles a downgrade attack. (#26357)
  • Terraform's HTTP client code is now slightly stricter than before in HTTP header parsing, but in ways that should not affect typical server implementations: Terraform now trims only ASCII whitespace characters, and does not allow Transfer-Encoding: identity. (#26357)
  • The terraform 0.13upgrade subcommand and the associated upgrade mechanisms are no longer available. Complete the v0.13 upgrade process before upgrading to Terraform v0.14.
  • The debug command, which did not offer additional functionality, has been removed.

ENHANCEMENTS:

  • backend/gcs: Add service account impersonation to GCS backend (#26837)
  • config: Added sensitive argument for variable blocks, which supresses output where that variable is used (#26183)
  • config: Added alltrue and anytrue functions, which serve as a sort of dynamic version of the && and || or operators, respectively. These are intended to allow evaluating boolean conditions, such as in variable validation blocks, across all of the items in a collection using for expressions. (#25656], [#26498)
  • config: New functions textencodebase64 and textdecodebase64 for encoding text in various character encodings other than UTF-8. (#25470)
  • terraform plan and terraform apply: Added an experimental concise diff renderer. By default, Terraform plans now hide most unchanged fields, only displaying the most relevant changes and some identifying context. This experiment can be disabled by setting a TF_X_CONCISE_DIFF environment variable to 0. (#26187)
  • config: ignore_changes can now apply to map keys that are not listed in the configuration (#26421)
  • terraform console: Now has distinct rendering of lists, sets, and tuples, and correctly renders objects with null attribute values. (#26189)
  • terraform login: Added support for OAuth2 application scopes. (#26239)
  • terraform fmt: Will now do some slightly more opinionated normalization behaviors, using the documented idiomatic syntax. (#26390)
  • terraform init's provider installation step will now abort promptly if Terraform receives an interrupt signal. (#26405)
  • cli: A new global command line option -chdir=..., placed before the selected subcommand, instructs Terraform to switch to a different working directory before executing the subcommand. This is similar to switching to a new directory with cd before running Terraform, but it avoids changing the state of the calling shell. (#26087)
  • cli: help text is been reorganized to emphasize the main commands and improve consistency (#26695)
  • cli: Ensure that provider requirements are met by the locked dependencies for every command. This will help catch errors if the configuration has changed since the last run of terraform init. (#26761)
  • core: When sensitive values are used as part of provisioner configuration, logging is disabled to ensure the values are not displayed to the UI (#26611)
  • core: terraform plan no longer uses a separate refresh phase. Instead, all resources are updated on-demand during planning (#26270)
  • backend/consul: Split state into chunks when outgrowing the limit of the Consul KV store. This allows storing state larger than the Consul 512KB limit. (#25856)
  • backend/consul: Add force-unlock support to the Consul backend (#25837)
  • On Unix-based operating systems other than MacOS, the SSL_CERT_DIR environment variable can now be a colon-separated list of multiple certificate search paths. (#26357)
  • On MacOS, Terraform will now use the Security.framework API to access the system trust roots, for improved consistency with other MacOS software. (#26357)

BUG FIXES:

  • config: Report an error when provider configuration attributes are incorrectly added to a required_providers object. (#26184)
  • config: Better errors for invalid terraform version constraints (#26543)
  • config: fix panic when element() is called with a negative offset (#26079)
  • config: lookup() will now only treat map as unknown if it is wholly unknown (#26427)
  • config: Fix provider detection for resources when local name does not match provider type (#26871)
  • terraform fmt: Fix incorrect heredoc syntax in plan diff output (#25725)
  • terraform show: Hide sensitive outputs from display (#26740)
  • terraform taint: If the configuration's required_version constraint is not met, the taint subcommand will now correctly exit early. (#26345)
  • terraform taint and terraform untaint: Fix issue when using taint (and untaint) with workspaces where statefile was not found. (#22467)
  • terraform init: Fix locksfile constraint output for versions like "1.2". (#26637)
  • terraform init: Omit duplicate version constraints when installing packages or writing locksfile. (#26678)
  • cli: return an error on a state unlock failure [#25729]
  • core: Prevent "Inconsistent Plan" errors when using dynamic with a block of TypeSet (#26638)
  • core: Errors with data sources reading old data during refresh, failing to refresh, and not appearing to wait on resource dependencies are fixed by updates to the data source lifecycle and the merging of refresh and plan (#26270)
  • core: Prevent evaluation of deposed instances, which in turn prevents errors when referencing create_before_destroy resources that have changes to their count or...
Read more
Loading

v0.14.0-beta2

28 Oct 21:33
@hashicorp-ci hashicorp-ci
v0.14.0-beta2
b1301e5

Choose a tag to compare

View all tags
v0.14.0-beta2 Pre-release
Pre-release

0.14.0-beta2

(This describes the changes since v0.13.4, rather than since v0.14.0-beta1.)

NEW FEATURES:

  • Terraform now supports marking input variables as sensitive, and will propagate that sensitivity through expressions that derive from sensitive input variables.

  • terraform init: Terraform will now generate a lock file in the configuration directory which you can check in to your version control so that Terraform can make the same version selections in future. (#26524)

    If you wish to retain the previous behavior of always taking the newest version allowed by the version constraints on each install, you can run terraform init -upgrade to see that behavior.

UPGRADE NOTES:

  • Outputs that reference sensitive values (which includes variables marked as sensitive, other module outputs marked as sensitive, or attributes a provider defines as sensitive if the provider_sensitive_attrs experiment is activated) must also be defined as sensitive, or Terraform will error at plan.
  • The version argument inside provider configuration blocks has been documented as deprecated since Terraform 0.12. As of 0.14 it will now also generate an explicit deprecation warning. To avoid the warning, use provider requirements declarations instead. (#26135)
  • The official MacOS builds of Terraform now require MacOS 10.12 Sierra or later. (#26357)
  • TLS certificate verification for outbound HTTPS requests from Terraform CLI no longer treats the certificate's "common name" as a valid hostname when the certificate lacks any "subject alternative name" entries for the hostname. TLS server certificates must list their hostnames as a "DNS name" in the subject alternative names field. (#26357)
  • Outbound HTTPS requests from Terraform CLI now enforce RFC 8446's client-side downgrade protection checks. This should not significantly affect normal operation, but may result in connection errors in environments where outgoing requests are forced through proxy servers and other "middleboxes", if they have behavior that resembles a downgrade attack. (#26357)
  • Terraform's HTTP client code is now slightly stricter than before in HTTP header parsing, but in ways that should not affect typical server implementations: Terraform now trims only ASCII whitespace characters, and does not allow Transfer-Encoding: identity. (#26357)
  • The terraform 0.13upgrade subcommand and the associated upgrade mechanisms are no longer available. Complete the v0.13 upgrade process before upgrading to Terraform v0.14.
  • The debug command, which did not offer additional functionality, has been removed.

ENHANCEMENTS:

  • terraform plan and terraform apply: Added an experimental concise diff renderer. By default, Terraform plans now hide most unchanged fields, only displaying the most relevant changes and some identifying context. This experiment can be disabled by setting a TF_X_CONCISE_DIFF environment variable to 0. (#26187)
  • cli: A new global command line option -chdir=..., placed before the selected subcommand, instructs Terraform to switch to a different working directory before executing the subcommand. This is similar to switching to a new directory with cd before running Terraform, but it avoids changing the state of the calling shell. (#26087)
  • command/help: text has been reorganized to be clearer and more helpful (#26695)
  • config: Added sensitive argument for variable blocks, which supresses output where that variable is used (#26183)
  • When sensitive values are used as part of provisioner configuration, logging is disabled to ensure the values are not displayed to the UI (#26611)
  • config: Added alltrue and anytrue functions, which serve as a sort of dynamic version of the && and || or operators, respectively. These are intended to allow evaluating boolean conditions, such as in variable validation blocks, across all of the items in a collection using for expressions. (#25656], [#26498)
  • config: New functions textencodebase64 and textdecodebase64 for encoding text in various character encodings other than UTF-8. (#25470)
  • core: terraform plan no longer uses a separate refresh phase, all resources are updated on-demand during planning (#26270)
  • core: ignore_changes can now apply to map keys that are not listed in the configuration (#26421)
  • terraform console: Now has distinct rendering of lists, sets, and tuples, and correctly renders objects with null attribute values. (#26189)
  • terraform login: Added support for OAuth2 application scopes. (#26239)
  • terraform fmt: Will now do some slightly more opinionated normalization behaviors, using the documented idiomatic syntax. (#26390)
  • terraform init's provider installation step will now abort promptly if Terraform receives an interrupt signal. (#26405)
  • backend/consul: Split state into chunks when outgrowing the limit of the Consul KV store. This allows storing state larger than the Consul 512KB limit. (#25856)
  • backend/consul: Add force-unlock support to the Consul backend (#25837)
  • On Unix-based operating systems other than MacOS, the SSL_CERT_DIR environment variable can now be a colon-separated list of multiple certificate search paths. (#26357)
  • On MacOS, Terraform will now use the Security.framework API to access the system trust roots, for improved consistency with other MacOS software. (#26357)

BUG FIXES:

  • backend/consul: Fix bug which prevented state locking when path has trailing / (#25842)
  • backend/pg: Always have the default workspace in the pg backend (#26420)
  • backend/pg: Properly quote schema_name in the pg backend configuration (#26476)
  • build: Fix crash with terraform binary on OpenBSD. (#26249
  • command/clistate: return an error on a state unlock failure [#25729]
  • command/format: Fix incorrect heredoc syntax in plan diff output (#25725)
  • command/show: Hide sensitive outputs from display (#26740)
  • command/taint: If the configuration's required_version constraint is not met, the taint subcommand will now correctly exit early. (#26345)
  • command/taint, untaint: Fix issue when using taint (and untaint) with workspaces where statefile was not found. (#22467)
  • configs: Report an error when provider configuration attributes are incorrectly added to a required_providers object. (#26184)
  • configs: Better errors for invalid terraform version constraints (#26543)
  • core: Prevent "Inconsistent Plan" errors when using dynamic with a block of TypeSet (#26638)
  • core: Errors with data sources reading old data during refresh, failing to refresh, and not appearing to wait on resource dependencies are fixed by updates to the data source lifecycle and the merging of refresh and plan (#26270)
  • core: Prevent evaluation of deposed instances, which in turn prevents errors when referencing create_before_destroy resources that have changes to their count or for_each values (#25631)
  • internal: Fix locksfile constraint output for versions like "1.2". (#26637)
  • internal: Omit duplicate version constraints when installing packages or writing locksfile. (#26678)
  • lang/funcs: fix panic when element() is called with a negative offset (#26079)
  • lang/funcs: lookup() will now only treat map as unknown if it is wholly unknown (#26427)
  • states/remote: fix state push -force to work for all backends (#26190)

EXPERIMENTS:

  • module_variable_optional_attrs: When declaring an input variable for a module whose type cons...
Read more
Loading

v0.13.5

21 Oct 19:33
@hashicorp-ci hashicorp-ci
v0.13.5
44aeaa5

Choose a tag to compare

View all tags
v0.13.5

0.13.5 (October 21, 2020)

BUG FIXES:

  • terraform: fix issue where the provider configuration was not properly attached to the configured provider source address by localname (#26567)
  • core: fix a performance issue when a resource contains a very large and deeply nested schema (#26577)
  • backend/azurerm: fix an issue when using the metadata host to lookup environments (#26463)
Loading

v0.14.0-beta1

15 Oct 14:19
@hashicorp-ci hashicorp-ci
v0.14.0-beta1
0671bc7

Choose a tag to compare

View all tags
v0.14.0-beta1 Pre-release
Pre-release

0.14.0 (Unreleased)

NEW FEATURES:

  • terraform init: Terraform will now generate a lock file in the configuration directory which you can check in to your version control so that Terraform can make the same version selections in future. (#26524)

    If you wish to retain the previous behavior of always taking the newest version allowed by the version constraints on each install, you can run terraform init -upgrade to see that behavior.

UPGRADE NOTES:

  • configs: The version argument inside provider configuration blocks has been documented as deprecated since Terraform 0.12. As of 0.14 it will now also generate an explicit deprecation warning. To avoid the warning, use provider requirements declarations instead. (#26135)
  • The official MacOS builds of Terraform now require MacOS 10.12 Sierra or later. (#26357)
  • TLS certificate verification for outbound HTTPS requests from Terraform CLI no longer treats the certificate's "common name" as a valid hostname when the certificate lacks any "subject alternative name" entries for the hostname. TLS server certificates must list their hostnames as a "DNS name" in the subject alternative names field. (#26357)
  • Outbound HTTPS requests from Terraform CLI now enforce RFC 8446's client-side downgrade protection checks. This should not significantly affect normal operation, but may result in connection errors in environments where outgoing requests are forced through proxy servers and other "middleboxes", if they have behavior that resembles a downgrade attack. (#26357)
  • Terraform's HTTP client code is now slightly stricter than before in HTTP header parsing, but in ways that should not affect typical server implementations: Terraform now trims only ASCII whitespace characters, and does not allow Transfer-Encoding: identity. (#26357)
  • The terraform 0.13upgrade subcommand and the associated upgrade mechanisms are no longer available. Complete the v0.13 upgrade process before upgrading to Terraform v0.14.

ENHANCEMENTS:

  • terraform plan and terraform apply: Added an experimental concise diff renderer. By default, Terraform plans now hide most unchanged fields, only displaying the most relevant changes and some identifying context. This experiment can be disabled by setting a TF_X_CONCISE_DIFF environment variable to 0. (#26187)
  • cli: A new global command line option -chdir=..., placed before the selected subcommand, instructs Terraform to switch to a different working directory before executing the subcommand. This is similar to switching to a new directory with cd before running Terraform, but it avoids changing the state of the calling shell. (#26087)
  • configs: Added sensitive argument for variable blocks, which supresses output where that variable is used (#26183)
  • configs: Added alltrue function, which returns true if all elements in the given collection are true. This is primarily intended to make it easier to write variable validation conditions which operate on collections. (#25656)
  • core: terraform plan no longer uses a separate refresh phase, all resources are updated on-demand during planning (#26270)
  • core: ignore_changes can now apply to map keys that are not listed in the configuration (#26421)
  • terraform console: Now has distinct rendering of lists, sets, and tuples, and correctly renders objects with null attribute values. (#26189)
  • terraform login: Added support for OAuth2 application scopes. (#26239)
  • terraform fmt: Will now do some slightly more opinionated normalization behaviors, using the documented idiomatic syntax. (#26390)
  • terraform init's provider installation step will now abort promptly if Terraform receives an interrupt signal. (#26405)
  • backend/consul: Split state into chunks when outgrowing the limit of the Consul KV store. This allows storing state larger than the Consul 512KB limit. (#25856)
  • backend/consul: Add force-unlock support to the Consul backend (#25837)
  • On Unix-based operating systems other than MacOS, the SSL_CERT_DIR environment variable can now be a colon-separated list of multiple certificate search paths. (#26357)
  • On MacOS, Terraform will now use the Security.framework API to access the system trust roots, for improved consistency with other MacOS software. (#26357)

BUG FIXES:

  • backend/consul: Fix bug which prevented state locking when path has trailing / (#25842)
  • backend/pg: Always have the default workspace in the pg backend (#26420)
  • backend/pg: Properly quote schema_name in the pg backend configuration (#26476)
  • build: Fix crash with terraform binary on OpenBSD. (#26249
  • command/clistate: return an error on a state unlock failure [#25729]
  • command/format: Fix incorrect heredoc syntax in plan diff output (#25725)
  • command/taint: If the configuration's required_version constraint is not met, the taint subcommand will now correctly exit early. (#26345)
  • command/taint, untaint: Fix issue when using taint (and untaint) with workspaces where statefile was not found. (#22467)
  • configs: Report an error when provider configuration attributes are incorrectly added to a required_providers object. (#26184)
  • configs: Better errors for invalid terraform version constraints (#26543)
  • core: Errors with data sources reading old data during refresh, failing to refresh, and not appearing to wait on resource dependencies are fixed by updates to the data source lifecycle and the merging of refresh and plan (#26270)
  • core: Prevent evaluation of deposed instances, which in turn prevents errors when referencing create_before_destroy resources that have changes to their count or for_each values (#25631)
  • lang/funcs: fix panic when element() is called with a negative offset (#26079)
  • lang/funcs: lookup() will now only treat map as unknown if it is wholly unknown (#26427)
  • states/remote: fix state push -force to work for all backends (#26190)

EXPERIMENTS:

  • module_variable_optional_attrs: When declaring an input variable for a module whose type constraint (type argument) contains an object type constraint, the type expressions for the attributes can be annotated with the experimental optional(...) modifier.

    Marking an attribute as "optional" changes the type conversion behavior for that type constraint so that if the given value is a map or object that has no attribute of that name then Terraform will silently give that attribute the value null, rather than returning an error saying that it is required. The resulting value still conforms to the type constraint in that the attribute is considered to be present, but references to it in the recieving module will find a null value and can act on that accordingly.

    If you try this feature during its experimental period and have feedback about it, please open a feature request issue. We are aiming to stabilize this feature in the forthcoming 0.15 release, but its design may change in the meantime based on feedback. If we make further changes to the feature during the 0.15 period then they will be reflected in 0.15 alpha releases.

Loading

v0.14.0-alpha20201007

07 Oct 17:36
@hashicorp-ci hashicorp-ci
v0.14.0-alpha20201007
803dd7f

Choose a tag to compare

View all tags
v0.14.0-alpha20201007 Pre-release
Pre-release

0.14.0 (Unreleased)

UPGRADE NOTES:

  • configs: The version argument inside provider configuration blocks has been documented as deprecated since Terraform 0.12. As of 0.14 it will now also generate an explicit deprecation warning. To avoid the warning, use provider requirements declarations instead. (#26135)
  • The official MacOS builds of Terraform now require MacOS 10.12 Sierra or later. (#26357)
  • TLS certificate verification for outbound HTTPS requests from Terraform CLI no longer treats the certificate's "common name" as a valid hostname when the certificate lacks any "subject alternative name" entries for the hostname. TLS server certificates must list their hostnames as a "DNS name" in the subject alternative names field. (#26357)
  • Outbound HTTPS requests from Terraform CLI now enforce RFC 8446's client-side downgrade protection checks. This should not significantly affect normal operation, but may result in connection errors in environments where outgoing requests are forced through proxy servers and other "middleboxes", if they have behavior that resembles a downgrade attack. (#26357)
  • Terraform's HTTP client code is now slightly stricter than before in HTTP header parsing, but in ways that should not affect typical server implementations: Terraform now trims only ASCII whitespace characters, and does not allow Transfer-Encoding: identity. (#26357)
  • The terraform 0.13upgrade subcommand and the associated upgrade mechanisms are no longer available. Complete the v0.13 upgrade process before upgrading to Terraform v0.14.

ENHANCEMENTS:

  • terraform plan and terraform apply: Added an experimental concise diff renderer. By default, Terraform plans now hide most unchanged fields, only displaying the most relevant changes and some identifying context. This experiment can be disabled by setting a TF_X_CONCISE_DIFF environment variable to 0. (#26187)
  • cli: A new global command line option -chdir=..., placed before the selected subcommand, instructs Terraform to switch to a different working directory before executing the subcommand. This is similar to switching to a new directory with cd before running Terraform, but it avoids changing the state of the calling shell. (#26087)
  • configs: Added sensitive argument for variable blocks, which supresses output where that variable is used (#26183)
  • configs: Added alltrue function, which returns true if all elements in the given collection are true. This is primarily intended to make it easier to write variable validation conditions which operate on collections. (#25656)
  • core: terraform plan no longer uses a separate refresh phase, all resources are updated on-demand during planning (#26270)
  • core: ignore_changes can now apply to map keys that are not listed in the configuration (#26421)
  • terraform console: Now has distinct rendering of lists, sets, and tuples, and correctly renders objects with null attribute values. (#26189)
  • terraform login: Added support for OAuth2 application scopes. (#26239)
  • terraform fmt: Will now do some slightly more opinionated normalization behaviors, using the documented idiomatic syntax. (#26390)
  • terraform init's provider installation step will now abort promptly if Terraform receives an interrupt signal. (#26405)
  • backend/consul: Split state into chunks when outgrowing the limit of the Consul KV store. This allows storing state larger than the Consul 512KB limit. (#25856)
  • backend/consul: Add force-unlock support to the Consul backend (#25837)
  • On Unix-based operating systems other than MacOS, the SSL_CERT_DIR environment variable can now be a colon-separated list of multiple certificate search paths. (#26357)
  • On MacOS, Terraform will now use the Security.framework API to access the system trust roots, for improved consistency with other MacOS software. (#26357)

BUG FIXES:

  • backend/consul: Fix bug which prevented state locking when path has trailing / (#25842)
  • backend/pg: Always have the default workspace in the pg backend (#26420)
  • backend/pg: Properly quote schema_name in the pg backend configuration (#26476)
  • build: Fix crash with terraform binary on OpenBSD. (#26249
  • command/clistate: return an error on a state unlock failure [#25729]
  • command/format: Fix incorrect heredoc syntax in plan diff output (#25725)
  • command/taint: If the configuration's required_version constraint is not met, the taint subcommand will now correctly exit early. (#26345)
  • command/taint, untaint: Fix issue when using taint (and untaint) with workspaces where statefile was not found. (#22467)
  • configs: Report an error when provider configuration attributes are incorrectly added to a required_providers object. (#26184)
  • core: Errors with data sources reading old data during refresh, failing to refresh, and not appearing to wait on resource dependencies are fixed by updates to the data source lifecycle and the merging of refresh and plan (#26270)
  • core: Prevent evaluation of deposed instances, which in turn prevents errors when referencing create_before_destroy resources that have changes to their count or for_each values (#25631)
  • lang/funcs: fix panic when element() is called with a negative offset (#26079)
  • lang/funcs: lookup() will now only treat map as unknown if it is wholly unknown (#26427)
  • states/remote: fix state push -force to work for all backends (#26190)
Loading