SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for terraform-1.5.4-lp155.1.1.x86_64.rpm :

* Thu Jul 27 2023 Johannes Kastl - update to 1.5.4:
* BUG FIXES: - `check` blocks: Fixes crash when nested data sources are within configuration targeted by the terraform import command. ([#33578](https://github.com/hashicorp/terraform/issues/33578)) - `check` blocks: Check blocks now operate in line with other checkable objects by also executing during import operations. ([#33578](https://github.com/hashicorp/terraform/issues/33578))
* Thu Jul 13 2023 Johannes Kastl - update to 1.5.3:
* BUG FIXES: - core: Terraform could fail to evaluate module outputs when they are used in a provider configuration during a destroy operation ([#33462](https://github.com/hashicorp/terraform/pull/33462)) - backend/consul: When failing to save state, `consul CAS failed with transaction errors` no longer shows an error instance memory address, but an actual error message. ([#33108](https://github.com/hashicorp/terraform/pull/33108)) - plan renderer: Fixes crash when rendering the plan if a relevant attribute contains an integer index specified as a string. ([#33475](https://github.com/hashicorp/terraform/issues/33475))
* Thu Jun 29 2023 Johannes Kastl - update to 1.5.2:
* BUG FIXES: - configs: Multiple `import` blocks with the same `id` string no longer result in a validation error ([#33434](https://github.com/hashicorp/terraform/issues/33434))
* Wed Jun 21 2023 Johannes Kastl - update to 1.5.1:
* BUG FIXES: - core: plan validation would fail for providers using nested set attributes with computed object attribute ([#33377](https://github.com/hashicorp/terraform/issues/33377))
* Mon Jun 12 2023 Johannes Kastl - update to 1.5.0:
* NEW FEATURES: - `check` blocks for validating infrastructure: Module and configuration authors can now write independent check blocks within their configuration to validate assertions about their infrastructure. - `import` blocks for importing infrastructure: Root module authors can now use the `import` block to declare their intent that Terraform adopt an existing resource. Import is now a configuration-driven, plannable action, and is processed as part of a normal plan. Running `terraform plan` will show a summary of the resources that Terraform has planned to import, along with any other plan changes. The existing `terraform import` CLI command has not been modified. This is an early version of the `import` block feature, for which we are actively seeking user feedback to shape future development. The `import` block currently does not support interpolation in the `id` field, which must be a string. - Generating configuration for imported resources: in conjunction with the `import` block, this feature enables easy templating of configuration when importing existing resources into Terraform. A new flag `-generate-config-out=PATH` is added to `terraform plan`. When this flag is set, Terraform will generate HCL configuration for any resource included in an `import` block that does not already have associated configuration, and write it to a new file at `PATH`. Before applying, review the generated configuration and edit it as necessary. - Adds a new `plantimestamp` function that returns the timestamp at plan time. This is similar to the `timestamp` function which returns the timestamp at apply time ([#32980](https://github.com/hashicorp/terraform/pull/32980)). - Adds a new `strcontains` function that checks whether a given string contains a given substring. ([#33069](https://github.com/hashicorp/terraform/issues/33069))
* UPGRADE NOTES: - On Linux (and some other non-macOS Unix platforms we don\'t officially support), Terraform will now notice the `trust-ad` option in `/etc/resolv.conf` and, if set, will set the \"authentic data\" option in outgoing DNS requests in order to better match the behavior of the GNU libc resolver. Terraform does not pay any attention to the corresponding option in responses, but some DNSSEC-aware recursive resolvers return different responses when the request option isn\'t set. This should therefore avoid some potential situations where a DNS request from Terraform might get a different response than a similar request from other software on your system.
* ENHANCEMENTS: - Terraform CLI\'s local operations mode will now attempt to persist state snapshots to the state storage backend periodically during the apply step, thereby reducing the window for lost data if the Terraform process is aborted unexpectedly. ([#32680](https://github.com/hashicorp/terraform/issues/32680)) - If Terraform CLI receives SIGINT (or its equivalent on non-Unix platforms) during the apply step then it will immediately try to persist the latest state snapshot to the state storage backend, with the assumption that a graceful shutdown request often typically followed by a hard abort some time later if the graceful shutdown doesn\'t complete fast enough. ([#32680](https://github.com/hashicorp/terraform/issues/32680)) - `pg` backend: Now supports the `PG_CONN_STR`, `PG_SCHEMA_NAME`, `PG_SKIP_SCHEMA_CREATION`, `PG_SKIP_TABLE_CREATION` and `PG_SKIP_INDEX_CREATION` environment variables. ([#33045](https://github.com/hashicorp/terraform/issues/33045))
* BUG FIXES: - `terraform init`: Fixed crash with invalid blank module name. ([#32781](https://github.com/hashicorp/terraform/issues/32781)) - `moved` blocks: Fixed a typo in the error message that Terraform raises when you use `-target` to exclude an object that has been moved. ([#33149](https://github.com/hashicorp/terraform/issues/33149))
* Wed Apr 26 2023 Johannes Kastl - update to 1.4.6:
* BUG FIXES - Fix bug when rendering plans that include null strings. ([#33029](https://github.com/hashicorp/terraform/issues/33029)) - Fix bug when rendering plans that include unknown values in maps. ([#33029](https://github.com/hashicorp/terraform/issues/33029)) - Fix bug where the plan would render twice when using older versions of TFE as a backend. ([#33018](https://github.com/hashicorp/terraform/issues/33018)) - Fix bug where sensitive and unknown metadata was not being propagated to dynamic types while rendering plans. ([#33057](https://github.com/hashicorp/terraform/issues/33057)) - Fix bug where sensitive metadata from the schema was not being included in the `terraform show -json` output. ([#33059](https://github.com/hashicorp/terraform/issues/33059)) - Fix bug where computed attributes were not being rendered with the `# forces replacement` suffix. ([#33065](https://github.com/hashicorp/terraform/issues/33065))
* Thu Apr 13 2023 Johannes Kastl - update to 1.4.5:
* Revert change from [[#32892](https://github.com/hashicorp/terraform/issues/32892)] due to an upstream crash.
* Fix planned destroy value which would cause `terraform_data` to fail when being replaced with `create_before_destroy` ([#32988](https://github.com/hashicorp/terraform/issues/32988))
* Fri Mar 31 2023 Johannes Kastl - update to 1.4.4: Due to an incident while migrating build systems for the 1.4.3 release where `CGO_ENABLED=0` was not set, we are rebuilding that version as 1.4.4 with the flag set. No other changes have been made between 1.4.3 and 1.4.4.
* Fri Mar 31 2023 Johannes Kastl - update to 1.4.3:
* Prevent sensitive values in non-root module outputs from marking the entire output as sensitive [GH-32891]
* Fix the handling of planned data source objects when storing a failed plan [GH-32876]
* Don\'t fail during plan generation when targeting prevents resources with schema changes from performing a state upgrade [GH-32900]
* Skip planned changes in sensitive marks when the changed attribute is discarded by the provider [GH-32892]
* Thu Mar 16 2023 Johannes Kastl - update to 1.4.2:
* Fix bug in which certain uses of `setproduct` caused Terraform to crash ([#32860](https://github.com/hashicorp/terraform/issues/32860))
* Fix bug in which some provider plans were not being calculated correctly, leading to an \"invalid plan\" error ([#32860](https://github.com/hashicorp/terraform/issues/32860))
* Wed Mar 15 2023 Johannes Kastl - update to 1.4.1:
* Enables overriding modules that have the `depends_on` attribute set, while still preventing the `depends_on` attribute itself from being overridden. ([#32796](https://github.com/hashicorp/terraform/issues/32796))
* `terraform providers mirror`: when a dependency lock file is present, mirror the resolved providers versions, not the latest available based on configuration. ([#32749](https://github.com/hashicorp/terraform/issues/32749))
* Fixed module downloads from S3 URLs when using AWS IAM roles for service accounts (IRSA). ([#32700](https://github.com/hashicorp/terraform/issues/32700))
* hcl: Fix a crash in Terraform when attempting to apply defaults into an incompatible type. ([#32775](https://github.com/hashicorp/terraform/issues/32775))
* Prevent panic when creating a plan which errors before the planning process has begun. ([#32818](https://github.com/hashicorp/terraform/issues/32818))
* Fix the plan renderer skipping the \"no changes\" messages when there are no-op outputs within the plan. ([#32820](https://github.com/hashicorp/terraform/issues/32820))
* Prevent panic when rendering null nested primitive values in a state output. ([#32840](https://github.com/hashicorp/terraform/issues/32840))
* Warn when an invalid path is specified in `TF_CLI_CONFIG_FILE` ([#32846](https://github.com/hashicorp/terraform/issues/32846))
* Wed Mar 15 2023 Johannes Kastl - do no longer store the tarball, create it at buildtime
* Wed Mar 08 2023 Johannes Kastl - update to 1.4.0: Full changelog available at https://github.com/hashicorp/terraform/releases/tag/v1.4.0
* Wed Feb 15 2023 Johannes Kastl - update to 1.3.9:
* Fix crash when planning to remove already-deposed resource instances. ([#32663](https://github.com/hashicorp/terraform/issues/32663))
* Fri Feb 10 2023 Johannes Kastl - update to 1.3.8:
* Fixed a rare bug causing inaccurate `before_sensitive` / `after_sensitive` annotations in JSON plan output for deeply nested structures. This was only observed in the wild on the rancher/rancher2 provider, and resulted in glitched display in Terraform Cloud\'s structured plan log view. ([#32543](https://github.com/hashicorp/terraform/issues/32543))
* A variable only referenced by an output precondition error_message may be missing during evaluation ([#32464](https://github.com/hashicorp/terraform/issues/32464))
* Removing a NestingSingle block from configuration results in an invalid plan ([#32463](https://github.com/hashicorp/terraform/issues/32463))
* Null module outputs could be dropped, causing evaluation errors when referring to those module attributes ([#32583](https://github.com/hashicorp/terraform/issues/32583))
* Fix terraform crash when applying defaults into a collection with dynamic type constraint. ([#32454](https://github.com/hashicorp/terraform/issues/32454))
* Updated to newer github.com/mitchellh/cli version, in turn bringing in updates for several indirect dependencies with known security issues. ([#32609](https://github.com/hashicorp/terraform/issues/32609))
* Fix case where the first plan to use a new remote state could be applied twice, corrupting the state ([#32614](https://github.com/hashicorp/terraform/issues/32614))
* Wed Jan 04 2023 Johannes Kastl - update to 1.3.7:
* BUG FIXES: - Fix exact version constraint parsing for modules using prerelease versions ([#32377](https://github.com/hashicorp/terraform/issues/32377)) - Prevent panic when a provider returns a null block value during refresh which is used as configuration via `ignore_changes` ([#32428](https://github.com/hashicorp/terraform/issues/32428))
* Thu Dec 01 2022 Johannes Kastl - update to 1.3.6:
* BUG FIXES: - Terraform could crash if an orphaned resource instance was deleted externally and had condition checks in the configuration (#32246) - Module output changes were being removed and re-added to the stored plan, impacting performance with large numbers of outputs (#32307)
* Fri Nov 18 2022 Johannes Kastl - update to 1.3.5:
* BUG FIXES: - Prevent crash while serializing the plan for an empty destroy operation (#32207) - Allow a destroy plan to refresh instances while taking into account that some may no longer exist (#32208) - Fix Terraform creating objects that should not exist in variables that specify default attributes in optional objects. (#32178) - Fix several Terraform crashes that are caused by HCL creating objects that should not exist in variables that specify default attributes in optional objects within collections. (#32178) - Fix inconsistent behaviour in empty vs null collections. (#32178) - Prevent file uploads from creating unneeded temporary files when the payload size is known (#32206) - Nested attributes marked sensitive by schema no longer reveal sub-attributes in the plan diff (#32004) - Nested attributes now more consistently display when they become unknown or null values in the plan diff (#32004) - Sensitive values are now always displayed as (sensitive value) instead of sometimes as (sensitive) [GH32004]
* Mon Nov 14 2022 Jan Kohoutek - update to 1.3.4:
* BUG FIXES: - Fix invalid refresh-only plan caused by data sources being deferred to apply (#32111) - Optimize the handling of condition checks during apply to prevent performance regressions with large numbers of instances (#32123) - Output preconditions should not be evaluated during destroy (#32051) - Fix crash from console when outputs contain preconditions (#32051) - Destroy with no state would still attempt to evaluate some values (#32051) - Prevent unnecessary evaluation and planning of resources during the pre-destroy refresh (#32051) - AzureRM Backend: support for generic OIDC authentication via the oidc_token and oidc_token_file_path properties (#31966) - Input and Module Variables: Convert variable types before attempting to apply default values. (#32027) - When installing remote module packages delivered in tar format, Terraform now limits the tar header block size to 1MiB to avoid unbounded memory usage for maliciously-crafted module packages. (#32135) - Terraform will now reject excessively-complex regular expression patterns passed to the regex, regexall, and replace functions, to avoid unbounded memory usage for maliciously-crafted patterns. This change should not affect any reasonable patterns intended for practical use. (#32135)
* Wed Oct 19 2022 Johannes Kastl - update to 1.3.3:
* BUG FIXES: - Fix error when removing a resource from configuration which has according to the provider has already been deleted. (#31850) - Fix error when setting empty collections into variables with collections of nested objects with default values. (#32033)
* Fri Oct 07 2022 Johannes Kastl - update to 1.3.2:
* BUG FIXES: - Fixed a crash caused by Terraform incorrectly re-registering output value preconditions during the apply phase (rather than just reusing the already-planned checks from the plan phase). (#31890) - Prevent errors when the provider reports that a deposed instance no longer exists (#31902) - Using ignore_changes = all could cause persistent diffs with legacy providers (#31914) - Fix cycles when resource dependencies cross over between independent provider configurations (#31917) - Improve handling of missing resource instances during import (#31878)
* Fri Sep 30 2022 Johannes Kastl - update to 1.3.1:
* BUG FIXES: - Fixed a crash when using objects with optional attributes and default values in collections, most visible with nested modules. (#31847) - Prevent cycles in some situations where a provider depends on resources in the configuration which are participating in planned changes. (#31857) - Fixed an error when attempting to destroy a configuration where resources do not exist in the state. (#31858) - Data sources which cannot be read during will no longer prevent the state from being serialized. (#31871) - Fixed a crash which occured when a resource with a precondition and/or a postcondition appeared inside a module with two or more instances. (#31860)
* Sun Sep 25 2022 Johannes Kastl - update to 1.3.0:
* NEW FEATURES: - Optional attributes for object type constraints: When declaring an input variable whose type constraint includes an object type, you can now declare individual attributes as optional, and specify a default value to use if the caller doesn\'t set it. For example: - Added functions: startswith and endswith allow you to check whether a given string has a specified prefix or suffix. (#31220)
* UPGRADE NOTES: - terraform show -json: Output changes now include more detail about the unknown-ness of the planned value. Previously, a planned output would be marked as either fully known or partially unknown, with the after_unknown field having value false or true respectively. Now outputs correctly expose the full structure of unknownness for complex values, allowing consumers of the JSON output format to determine which values in a collection are known only after apply. - terraform import: The -allow-missing-config has been removed, and at least an empty configuration block must exist to import a resource. - Consumers of the JSON output format expecting on the after_unknown field to be only false or true should be updated to support the change representation described in the documentation, and as was already used for resource changes. (#31235) - AzureRM Backend: This release concludes the deprecation cycle started in Terraform v1.1 for the azurerm backend\'s support of \"ADAL\" authentication. This backend now supports only \"MSAL\" (Microsoft Graph) authentication. - This follows from Microsoft\'s own deprecation of Azure AD Graph, and so you must follow the migration instructions presented in that Azure documentation to adopt Microsoft Graph and then change your backend configuration to use MSAL authentication before upgrading to Terraform v1.3. - When making requests to HTTPS servers, Terraform will now reject invalid handshakes that have duplicate extensions, as required by RFC 5246 section 7.4.1.4 and RFC 8446 section 4.2. This may cause new errors when interacting with existing buggy or misconfigured TLS servers, but should not affect correct servers. - This only applies to requests made directly by Terraform CLI, such as provider installation and remote state storage. Terraform providers are separate programs which decide their own policy for handling of TLS handshakes. - The following backends, which were deprecated in v1.2.3, have now been removed: artifactory, etcd, etcdv3, manta, swift. The legacy backend name azure has also been removed, because the current Azure backend is named azurerm. (#31711)
* ENHANCEMENTS: - config: Optional attributes for object type constraints, as described under new features above. (#31154) - config: New built-in function timecmp allows determining the ordering relationship between two timestamps while taking potentially-different UTC offsets into account. (#31687) - config: When reporting an error message related to a function call, Terraform will now include contextual information about the signature of the function that was being called, as an aid to understanding why the call might have failed. (#31299) - config: When reporting an error or warning message that isn\'t caused by values being unknown or marked as sensitive, Terraform will no longer mention any values having those characteristics in the contextual information presented alongside the error. Terraform will still return this information for the small subset of error messages that are specifically about unknown values or sensitive values being invalid in certain contexts. (#31299) - config: moved blocks can now describe resources moving to and from modules in separate module packages. (#31556) - terraform fmt now accepts multiple target paths, allowing formatting of several individual files at once. (#31687) - terraform init: provider installation errors now mention which host Terraform was downloading from (#31524) - CLI: Terraform will report more explicitly when it is proposing to delete an object due to it having moved to a resource instance that is not currently declared in the configuration. (#31695) - CLI: When showing the progress of a remote operation running in Terraform Cloud, Terraform CLI will include information about pre-plan run tasks (#31617) - The AzureRM Backend now only supports MSAL (and Microsoft Graph) and no longer makes use of ADAL (and Azure Active Directory Graph) for authentication (#31070) - The COS backend now supports global acceleration. (#31425) - provider plugin protocol: The Terraform CLI now calls PlanResourceChange for compatible providers when destroying resource instances. (#31179) - As an implementation detail of the Terraform Cloud integration, Terraform CLI will now capture and upload the JSON integration format for state along with any newly-recorded state snapshots, which then in turn allows Terraform Cloud to provide that information to API-based external integrations. (#31698)
* BUG FIXES: - config: Terraform was not previously evaluating preconditions and postconditions during the apply phase for resource instances that didn\'t have any changes pending, which was incorrect because the outcome of a condition can potentially be affected by changes to other objects in the configuration. Terraform will now always check the conditions for every resource instance included in a plan during the apply phase, even for resource instances that have \"no-op\" changes. This means that some failures that would previously have been detected only by a subsequent run will now be detected during the same run that caused them, thereby giving the feedback at the appropriate time. (#31491) - terraform show -json: Fixed missing markers for unknown values in the encoding of partially unknown tuples and sets. (#31236) - terraform output CLI help documentation is now more consistent with web-based documentation. (#29354) - terraform init: Error messages now handle the situation where the underlying HTTP client library does not indicate a hostname for a failed request. (#31542) - terraform init: Don\'t panic if a child module contains a resource with a syntactically-invalid resource type name. (#31573) - CLI: The representation of destroying already-null output values in a destroy plan will no longer report them as being deleted, which avoids reporting the deletion of an output value that was already absent. (#31471) - terraform import: Better handling of resources or modules that use for_each, and situations where data resources are needed to complete the operation. (#31283)
* EXPERIMENTS: - This release concludes the module_variable_optional_attrs experiment, which started in Terraform v0.14.0. The final design of the optional attributes feature is similar to the experimental form in the previous releases, but with two major differences: - The optional function-like modifier for declaring an optional attribute now accepts an optional second argument for specifying a default value to use when the attribute isn\'t set by the caller. If not specified, the default value is a null value of the appropriate type as before. - The built-in defaults function, previously used to meet the use-case of replacing null values with default values, will not graduate to stable and has been removed. Use the second argument of optional inline in your type constraint to declare default values instead. - If you have any experimental modules that were participating in this experiment, you will need to remove the experiment opt-in and adopt the new syntax for declaring default values in order to migrate your existing module to the stablized version of this feature. If you are writing a shared module for others to use, we recommend declaring that your module requires Terraform v1.3.0 or later to give specific feedback when using the new feature on older Terraform versions, in place of the previous declaration to use the experimental form of this feature: terraform { required_version = \">= 1.3.0\" }
* Thu Sep 08 2022 Johannes Kastl - update to 1.2.9:
* ENHANCEMENTS: - terraform init: add link to documentation when a checksum is missing from the lock file. (#31726)
* Wed Sep 07 2022 Johannes Kastl - update to 1.2.8:
* BUG FIXES: - config: The flatten function will no longer panic if given a null value that has been explicitly converted to or implicitly inferred as having a list, set, or tuple type. Previously Terraform would panic in such a situation because it tried to \"flatten\" the contents of the null value into the result, which is impossible. (#31675) - config: The tolist, toset, and tomap functions, and various automatic conversions that include similar logic, will no longer panic when asked to infer an element type that is convertable from both a tuple type and a list type whose element type is not yet known. (#31675)
* Wed Sep 07 2022 Johannes Kastl - update to 1.2.7:
* ENHANCEMENTS: - config: Check for direct references to deprecated computed attributes. (#31576)
* BUG FIXES: - config: Fix an crash if a submodule contains a resource whose implied provider local name contains invalid characters, by adding additional validation rules to turn it into a real error. (#31573) - core: Fix some handling of provider schema attributes which use the newer \"structural typing\" mechanism introduced with protocol version 6, and therefore with the new Terraform Plugin Framework (#31532) - command: Add missing output text for applyable refresh plans. (#31469)
* Wed Jul 27 2022 Johannes Kastl - update to 1.2.6:
* ENHANCEMENTS: - Add a warning and guidance when terraform init fails to fully populate the .terraform.lock.hcl file. (#31399) - Add a direct link to the relevant documentation when terraform init fails on missing checksums. (#31408)
* BUG FIXES: - Fix panic on terraform show when state file is invalid or unavailable. (#31444) - Fix terraform providers lock command failing on missing checksums. (#31389) - Some combinations of move block operations would be executed in the wrong order (#31499) - Don\'t attribute an error to the provider when a computed attribute is listed in ignore_changes (#31509)
* Sat Jul 16 2022 Johannes Kastl - update to 1.2.5:
* BUG FIXES: - Report correct error message when a prerelease field is included in the required_version global constraint. (#31331) - Fix case when extra blank lines were inserted into the plan for unchanged blocks. (#31330)
* Wed Jun 29 2022 Johannes Kastl - Update to 1.2.4:
* ENHANCEMENTS: - Improved validation of required_providers to prevent single providers from being required with multiple names. (#31218) - Improved plan performance by optimizing addrs.Module.String for allocations. (#31293)
* BUG FIXES: - backend/http: Fixed bug where the HTTP backend would fail to retry acquiring the state lock and ignored the -lock-timeout flag. (#31256) - Fix crash if a precondition or postcondition block omitted the required condition argument. (#31290)
* Wed Jun 22 2022 Johannes Kastl - Update to 1.2.3:
* UPGRADE NOTES: The following remote state backends are now marked as deprecated, and are planned to be removed in a future Terraform release. These backends have been unmaintained since before Terraform v1.0, and may contain known bugs, outdated packages, or security vulnerabilities. - artifactory - etcd - etcdv3 - manta - swift
* BUG FIXES: - Missing check for error diagnostics in GetProviderSchema could result in panic (#31184) - Module registries returning X-Terraform-Get locations with no URL would error with \"no getter available for X-Terraform-Get source protocol\" (#31237) - Fix crash from concurrent operation on shared set of resource instance dependencies (#31246) - backend/cos: tencentcloud-terraform-lock tag was not removed in all cases (#31223)
* Sun Jun 05 2022 kastlAATTb1-systems.de- Update to version 1.2.2:
* ENHANCEMENTS: - Invalid -var arguments with spaces between the name and value now have an improved error message (#30985)
* BUG FIXES: - Terraform now hides invalid input values for sensitive root module variables when generating error diagnostics (#30552) - Fixed crash on CLI autocomplete (#31160) - The \"Configuration contains unknown values\" error message now includes attribute paths (#31111)
* Sat Jun 04 2022 Johannes Kastl - BuildRequire go1.17, like upstream does in go.mod
* Sat Jun 04 2022 kastlAATTb1-systems.de- Update to version 1.2.1:
* BUG FIXES: - SSH provisioner connections fail when using signed ed25519 keys (#31092) - Crash with invalid module source (#31060) - Incorrect \"Module is incompatible with count, for_each, and depends_on\" error when a provider is nested within a module along with a sub-module using count or for_each (#31091)
* Sat Jun 04 2022 kastlAATTb1-systems.de- Update to version 1.2.0:
* UPGRADE NOTES: - If you use the third-party credentials helper plugin terraform-credentials-env, you should disable it as part of upgrading to Terraform v1.2 because similar functionality is now built in to Terraform itself. - The new behavior supports the same environment variable naming scheme but has a difference in priority order from the credentials helper: TF_TOKEN_... environment variables will now take priority over credentials blocks in CLI configuration and credentials stored automatically by terraform login, which is not true for credentials provided by any credentials helper plugin. If you see Terraform using different credentials after upgrading, check to make sure you do not specify credentials for the same host in multiple locations. - If you use the credentials helper in conjunction with the hashicorp/tfe Terraform provider to manage Terraform Cloud or Terraform Enterprise objects with Terraform, you should also upgrade to version 0.31 of that provider, which added the corresponding built-in support for these environment variables. - The official Linux packages for the v1.2 series now require Linux kernel version 2.6.32 or later. - When making outgoing HTTPS or other TLS connections as a client, Terraform now requires the server to support TLS v1.2. TLS v1.0 and v1.1 are no longer supported. Any safely up-to-date server should support TLS 1.2, and mainstream web browsers have required it since 2020. - When making outgoing HTTPS or other TLS connections as a client, Terraform will no longer accept CA certificates signed using the SHA-1 hash function. Publicly trusted Certificate Authorities have not issued SHA-1 certificates since 2015. (Note: the changes to Terraform\'s requirements when interacting with TLS servers apply only to requests made by Terraform CLI itself, such as provider/module installation and state storage requests. Terraform provider plugins include their own TLS clients which may have different requirements, and may add new requirements in their own releases, independently of Terraform CLI changes.)
* NEW FEATURES: - precondition and postcondition check blocks for resources, data sources, and module output values: module authors can now document assumptions and assertions about configuration and state values. If these conditions are not met, Terraform will report a custom error message to the user and halt further execution. - replace_triggered_by is a new lifecycle argument for managed resources which triggers replacement of an object based on changes to an upstream dependency. You can now specify credentials for Terraform-native services using an environment variable named as TF_TOKEN_ followed by an encoded version of the hostname. For example, Terraform will use variable TF_TOKEN_app_terraform_io as a bearer token for requests to \"app.terraform.io\", for the Terraform Cloud integration and private registry requests.
* ENHANCEMENTS: - When showing a plan, Terraform CLI will now only show \"Changes outside of Terraform\" if they relate to resources and resource attributes that contributed to the changes Terraform is proposing to make. (#30486) - Error messages for preconditions, postconditions, and custom variable validations are now evaluated as expressions, allowing interpolation of relevant values into the output. (#30613) - When showing the progress of a remote operation running in Terraform Cloud, Terraform CLI will include information about post-plan run tasks. (#30141) - Terraform will now show a slightly different note in the plan output if a data resource read is deferred to the apply step due to it depending on a managed resource that has changes pending. (#30971) - The \"Invalid for_each argument\" error message for unknown maps/sets now includes an additional paragraph to try to help the user notice they can move apply-time values into the map values instead of the map keys, and thus avoid the problem without resorting to -target. (#30327) - There are some small improvements to the error and warning messages Terraform will emit in the case of invalid provider configuration passing between modules. There are no changes to which situations will produce errors and warnings, but the messages now include additional information intended to clarify what problem Terraform is describing and how to address it. (#30639) - The environment variables TF_CLOUD_ORGANIZATION and TF_CLOUD_HOSTNAME now serve as fallbacks for the arguments of the same name inside a cloud block configuring integration with Terraform Cloud. - The environment variable TF_WORKSPACE will now additionally serve as an implicit configuration of a single selected workspace on Terraform Cloud if (and only if) the cloud block does not include an explicit workspaces configuration. - The AzureRM Backend now defaults to using MSAL (and Microsoft Graph) rather than ADAL (and Azure Active Directory Graph) for authentication. (#30891) - The AzureRM Backend now supports authenticating as a service principal using OpenID Connect. (#30936) - When running on macOS, Terraform will now use platform APIs to validate certificates presented by TLS (HTTPS) servers. This may change exactly which root certificates Terraform will accept as valid. (#30768) - Show remote host in error message for clarity when installation of provider fails (#30810) - Terraform now prints a warning when adding an attribute to ignore_changes that is managed only by the provider. Specifying non-configurable attributes in ignore_changes has no effect because ignore_changes tells Terraform to ignore future changes made in the configuration. (#30517) - terraform show -json now includes exact type information for output values. (#30945) - The ssh provisioner connection now supports SSH over HTTP proxy. (#30274) - The SSH client for provisioners now supports newer key algorithms, allowing it to connect to servers running more recent versions of OpenSSH. (#30962)
* BUG FIXES: - Terraform now handles type constraints, nullability, and custom variable validation properly for root module variables. Previously there was an order of operations problem where the nullability and custom variable validation were checked too early, prior to dealing with the type constraints, and thus that logic could potentially \"see\" an incorrectly-typed value in spite of the type constraint, leading to incorrect errors. (#29959) - When reporting a type mismatch between the true and false results of a conditional expression when both results are of the same structural type kind (object/tuple, or a collection thereof), Terraform will no longer return a confusing message like \"the types are object and object, respectively\", and will instead attempt to explain how the two structural types differ. (#30920) - Applying the various type conversion functions like tostring, tonumber, etc to null will now return a null value of the intended type. For example, tostring(null) converts from a null value of an unknown type to a null value of string type. Terraform can often handle such conversions automatically when needed, but explicit annotations like this can help Terraform to understand author intent when inferring type conversions for complex-typed values. (#30879) - Terraform now returns an error when cidrnetmask() is called with an IPv6 address, as it was previously documented to do. IPv6 standards do not preserve the \"netmask\" syntax sometimes used for IPv4 network configuration; use CIDR prefix syntax instead. (#30703) - When performing advanced state management with the terraform state commands, Terraform now checks the required_version field in the configuration before proceeding. (#30511) - When rendering a diff, Terraform now quotes the name of any object attribute whose string representation is not a valid identifier. (#30766) - Terraform will now prioritize local terraform variables over remote terraform variables in operations such as import, plan, refresh and apply for workspaces in local execution mode. This behavior applies to both remote backend and the cloud integration configuration. (#29972) - terraform show -json: JSON plan output now correctly maps aliased providers to their configurations, and includes the full provider source address alongside the short provider name. (#30138) - The local token configuration in the cloud and remote backend now has higher priority than a token specified in a credentials block in the CLI configuration. (#30664) - The cloud integration now gracefully exits when -input=false and an operation requires some user input. - Terraform will now reliably detect an inteerruptiong (e.g. Ctrl+C) during planning for terraform apply -auto-approve. Previously there was a window of time where interruption would cancel the plan step but not prevent Terraform from proceeding to the apply step. (#30979) - Terraform will no longer crash if a provider fails to return a schema. (#30987)
* Wed May 04 2022 Paolo Stivanin - Update to 1.1.9:
* cli: Fix crash when using sensitive values in sets. (#30825)
* cli: Fix double-quoted map keys when rendering a diff. (#30855)
* core: Prevent errors when handling a data source with incompatible schema changes (#30830)
* cli: Fix missing identifying attributes (e.g. \"id\", \"name\") when displaying plan diffs with nested objects. (#30685)
* functions: Fix error when sum() function is called with a collection of string-encoded numbers, such as sum([\"1\", \"2\", \"3\"]). (#30684)
* When rendering a diff, Terraform now quotes the name of any object attribute whose string representation is not a valid identifier. (#30766)
* Terraform will no longer crash in the terraform apply phase if an error occurs during backend configuration. (#30780)
* terraform show -json: Improve performance for deeply-nested object values. The previous implementation was accidentally quadratic, which could result in very long execution time for generating JSON plans, and timeouts on Terraform Cloud and Terraform Enterprise. (#30561)
* cloud: Update go-slug for terraform.tfstate exclusion to prevent a user from getting an error after migrating state to TFC.
* Wed Mar 30 2022 Dirk Müller - exclude arm32 bit builds as well
* Thu Feb 03 2022 Marcus Hann - Update to 1.1.5 ENHANCEMENTS:
* backend/s3: Update AWS SDK to allow the use of the ap-southeast-3 region (#30363) BUG FIXES:
* cli: Fix crash when using autocomplete with long commands, such as terraform workspace select (#30193)
* Fri Jan 21 2022 Marcus Hann - Update to 1.1.4 BUG FIXES:
* config: Non-nullable variables with null inputs were not given default values when checking validation statements (#30330)
* config: Terraform will no longer incorrectly report \"Cross-package move statement\" when an external package has changed a resource from no count to using count, or vice-versa. (#30333)
* Sun Jan 09 2022 Marcus Hann - Update to 1.1.3 BUG FIXES:
* terraform init: Will now remove from the dependency lock file entries for providers not used in the current configuration. Previously it would leave formerly-used providers behind in the lock file, leading to \"missing or corrupted provider plugins\" errors when other commands verified the consistency of the installed plugins against the locked plugins. (#30192)
* config: Fix panic when encountering an invalid provider block within a module (#30095)
* config: Fix cycle error when the index of a module containing move statements is changed (#30232)
* config: Fix inconsistent ordering with nested move operations (#30253)
* config: Fix moved block refactoring to include nested modules (#30233)
* functions: Redact sensitive values from function call error messages (#30067)
* terraform show: Disable plan state lineage checks, ensuring that we can show plan files which were generated against non-default state files (#30205)
* Wed Dec 29 2021 Marcus Hann - Update to 1.1.2 If you are using Terraform CLI v1.1.0 or v1.1.1, please upgrade to this new version as soon as possible. Terraform CLI v1.1.0 and v1.1.1 both have a bug where a failure to construct the apply-time graph can cause Terraform to incorrectly report success and save an empty state, effectively \"forgetting\" all existing infrastructure. Although configurations that already worked on previous releases should not encounter this problem, it\'s possible that incorrect future configuration changes would trigger this behavior during the apply step. BUG FIXES:
* config: Fix panic when using -target in combination with moved blocks within modules (#30189)
* core: Fix condition which could lead to an empty state being written when there is a failure building the apply graph (#30199)- From version 1.1.1 BUG FIXES:
* core: Fix crash with orphaned module instance due to changed count or for_each value (#30151)
* core: Fix regression where some expressions failed during validation when referencing resources expanded with count or for_each (#30171)
* Thu Dec 09 2021 Marcus Hann - Update to 1.1.0 Terraform v1.1.0 is a new minor release, containing some new features and some bug fixes whose scope was too large for inclusion in a patch release. NEW FEATURES:
* `moved` blocks for refactoring within modules: Module authors can now record in module source code whenever they\'ve changed the address of a resource or resource instance, and then during planning Terraform will automatically migrate existing objects in the state to new addresses. This therefore avoids the need for users of a shared module to manually run `terraform state mv` after upgrading to a version of the module, as long as the change is expressible as static configuration. However, `terraform state mv` will remain available for use in more complex migration situations that are not well-suited to declarative configuration.
* A new `cloud` block in the `terraform` settings block introduces a native Terraform Cloud integration for the [CLI-driven run workflow](https://www.terraform.io/docs/cloud/run/cli.html). The Cloud integration includes several enhancements, including per-run variable support using the `-var` flag, the ability to map Terraform Cloud workspaces to the current configuration via [Workspace Tags](https://www.terraform.io/docs/cloud/api/workspaces.html#get-tags), and an improved user experience for Terraform Cloud and Enterprise users with actionable error messages and prompts.
* `terraform plan` and `terraform apply` both now include additional annotations for resource instances planned for deletion to explain why Terraform has proposed that action. For example, if you change the `count` argument for a resource to a lower number then Terraform will now mention that as part of proposing to destroy any existing objects that exceed the new count. UPGRADE NOTES: This release is covered by the [Terraform v1.0 Compatibility Promises](https://www.terraform.io/docs/language/v1-compatibility-promises.html), but does include some changes permitted within those promises as described below.
* Terraform on macOS now requires macOS 10.13 High Sierra or later; Older macOS versions are no longer supported.
* The `terraform graph` command no longer supports `-type=validate` and `-type=eval` options. The validate graph is always the same as the plan graph anyway, and the \"eval\" graph was just an implementation detail of the `terraform console` command. The default behavior of creating a plan graph should be a reasonable replacement for both of the removed graph modes. (Please note that `terraform graph` is not covered by the Terraform v1.0 compatibility promises, because its behavior inherently exposes Terraform Core implementation details, so we recommend it only for interactive debugging tasks and not for use in automation.)
* `terraform apply` with a previously-saved plan file will now verify that the provider plugin packages used to create the plan fully match the ones used during apply, using the same checksum scheme that Terraform normally uses for the dependency lock file. Previously Terraform was checking consistency of plugins from a plan file using a legacy mechanism which covered only the main plugin executable, not any other files that might be distributed alongside in the plugin package. This additional check should not affect typical plugins that conform to the expectation that a plugin package\'s contents are immutable once released, but may affect a hypothetical in-house plugin that intentionally modifies extra files in its package directory somehow between plan and apply. If you have such a plugin, you\'ll need to change its approach to store those files in some other location separate from the package directory. This is a minor compatibility break motivated by increasing the assurance that plugins have not been inadvertently or maliciously modified between plan and apply.
* `terraform state mv` will now error when legacy `-backup` or `-backup-out` options are used without the `-state` option on non-local backends. These options operate on a local state file only. Previously, these options were accepted but ignored silently when used with non-local backends.
* In the AzureRM backend, the new opt-in option `use_microsoft_graph` switches to using MSAL authentication tokens and Microsoft Graph rather than using ADAL tokens and Azure Active Directory Graph, which is now [deprecated by Microsoft](https://docs.microsoft.com/en-us/graph/migrate-azure-ad-graph-faq). The new mode will become the default in Terraform v1.2, so please plan to migrate to using this setting and test with your own Azure AD tenant prior to the Terraform v1.2 release. ENHANCEMENTS:
* config: Terraform now checks the syntax of and normalizes module source addresses (the `source` argument in `module` blocks) during configuration decoding rather than only at module installation time. This is largely just an internal refactoring, but a visible benefit of this change is that the `terraform init` messages about module downloading will now show the canonical module package address Terraform is downloading from, after interpreting the special shorthands for common cases like GitHub URLs. ([#28854](https://github.com/hashicorp/terraform/issues/28854))
* config: Variables can now be declared as \"nullable\", which defines whether a variable can be null within a module. Setting `nullable = false` ensures that a variable value will never be `null`, and may instead take on the variable\'s default value if the caller sets it explicitly to `null`. ([#29832](https://github.com/hashicorp/terraform/issues/29832))
* `terraform plan` and `terraform apply`: When Terraform plans to destroy a resource instance due to it no longer being declared in the configuration, the proposed plan output will now include a note hinting at what situation prompted that proposal, so you can more easily see what configuration change might avoid the object being destroyed. ([#29637](https://github.com/hashicorp/terraform/pull/29637))
* `terraform plan` and `terraform apply`: Terraform will now report explicitly in the UI if it automatically moves a resource instance to a new address as a result of adding or removing the `count` argument from an existing resource. For example, if you previously had `resource \"aws_subnet\" \"example\"` _without_ `count`, you might have `aws_subnet.example` already bound to a remote object in your state. If you add `count = 1` to that resource then Terraform would previously silently rebind the object to `aws_subnet.example[0]` as part of planning, whereas now Terraform will mention that it did so explicitly in the plan description. ([#29605](https://github.com/hashicorp/terraform/issues/29605))
* `terraform workspace delete`: will now allow deleting a workspace whose state contains only data resource instances and output values, without running `terraform destroy` first. Previously the presence of data resources would require using `-force` to override the safety check guarding against accidentally forgetting about remote objects, but a data resource is not responsible for the management of its associated remote object(s) and so there\'s no reason to require explicit deletion. ([#29754](https://github.com/hashicorp/terraform/issues/29754))
* `terraform validate`: Terraform now uses precise type information for resources during config validation, allowing more problems to be caught that that step rather than only during the planning step. ([#29862](https://github.com/hashicorp/terraform/issues/29862))
* provisioner/remote-exec and provisioner/file: When using SSH agent authentication mode on Windows, Terraform can now detect and use [the Windows 10 built-in OpenSSH Client](https://devblogs.microsoft.com/powershell/using-the-openssh-beta-in-windows-10-fall-creators-update-and-windows-server-1709/)\'s SSH Agent, when available, in addition to the existing support for the third-party solution [Pageant](https://documentation.help/PuTTY/pageant.html) that was already supported. ([#29747](https://github.com/hashicorp/terraform/issues/29747))
* cli: `terraform state mv` will now return an error for `-backup` or `-backup-out` options used without the `-state` option, unless the working directory is initialized to use the local backend. Previously Terraform would silently ignore those options, since they are applicable only to the local backend. ([#27908](https://github.com/hashicorp/terraform/issues/27908))
* `terraform console`: now has a new `type()` function, available only in the interactive console, for inspecting the exact type of a particular value as an aid to debugging. ([#28501](https://github.com/hashicorp/terraform/issues/28501)) BUG FIXES:
* config: `ignore_changes = all` now works in override files. ([#29849](https://github.com/hashicorp/terraform/issues/29849))
* config: Upgrading an unknown single value to a list using a splat expression now correctly returns an unknown value and type. Previously it would sometimes \"overpromise\" a particular return type, leading to an inconsistency error during the apply step. ([#30062](https://github.com/hashicorp/terraform/issues/30062))
* config: Terraform is now more precise in its detection of data resources that must be deferred to the apply step due to their `depends_on` arguments referring to not-yet-converged managed resources. ([#29682](https://github.com/hashicorp/terraform/issues/29682))
* config: `ignore_changes` can no longer cause a null map to be converted to an empty map, which would otherwise potentially cause surprising side-effects in provider logic. ([#29928](https://github.com/hashicorp/terraform/issues/29928))
* core: Provider configuration obtained from interactive prompts will now be merged properly with settings given in the configuration. Previously this merging was incorrect in some cases. ([#29000](https://github.com/hashicorp/terraform/issues/29000))
* `terraform plan`: Improved rendering of changes inside attributes that accept lists, sets, or maps of nested object types. ([#29827](https://github.com/hashicorp/terraform/issues/29827), [#29983](https://github.com/hashicorp/terraform/issues/29983), [#29986](https://github.com/terraform/issues/29986))
* `terraform apply`: Will no longer try to apply a stale plan that was generated against an originally-empty state. Previously this was an unintended exception to the rule that a plan can only be applied to the state snapshot it was generated against. ([#29755](https://github.com/hashicorp/terraform/issues/29755))
* `terraform show -json`: Attributes that are declared as using the legacy [Attributes as Blocks](https://www.terraform.io/docs/language/attr-as-blocks.html) behavior are now represented more faithfully in the JSON plan output. ([#29522](https://github.com/hashicorp/terraform/issues/29522))
* `terraform init`: Will now update the backend configuration hash value at a more approprimate time, to ensure properly restarting a backend migration process that failed on the first attempt. ([#29860](https://github.com/hashicorp/terraform/issues/29860))
* backend/oss: Flatten `assume_role` block arguments, so that they are more compatible with the `terraform_remote_state` data source. ([#29307](https://github.com/hashicorp/terraform/issues/29307))
* Wed Dec 08 2021 Marcus Hann - Update to 1.0.11 ENHANCEMENTS:
* backend/oss: Added support for sts_endpoint (#29841) BUG FIXES:
* config: Fixed a bug in which ignore_changes = all would not work in override files (#29849)
* config: Numbers are now compared for equality based on their protocol representation, eliminating unexpected changes due to small precision errors (#29864)- from version 1.0.10 BUG FIXES:
* backend/oss: Fix panic when there\'s an error looking up OSS endpoints (#29784)
* backend/remote: Fix version check when migrating state (#29793)
* cli: Restore -lock and -lock-timeout flags for the init command, which were removed in 0.15.0 (#29773)
* cli: Fix bug where terraform init -input=false would hang waiting for user input to choose a workspace (#29805)
* Mon Oct 18 2021 Eike Waldt - Update to 1.0.9 BUG FIXES:
* core: Fix panic when planning new resources with nested object attributes (#29701)
* core: Do not refresh deposed instances when the provider is not configured during destroy (#29720)
* core: Prevent panic when encountering a missing change when destroying a resource (#29734)
* Mon Oct 18 2021 Eike Waldt - Update to 1.0.8 BUG FIXES:
* cli: Check `required_version` as early as possibly during `init` so that version incompatibility can be reported before errors about new syntax (#29665)
* core: Don\'t plan to remove orphaned resource instances in refresh-only plans (#29640)- from version 1.0.7 BUG FIXES:
* core: Remove check for computed attributes which is no longer valid with optional structural attributes (#29563)
* core: Prevent object types with optional attributes from being instantiated as concrete values, which can lead to failures in type comparison (#29559)
* core: Empty containers in the configuration were not planned correctly when used with optional structural attributes (#29580)- from version 1.0.6 ENHANCEMENTS:
* backend/s3: Improve SSO handling and add new endpoints in the AWS SDK (#29017) BUG FIXES:
* cli: Suppress confirmation prompt when initializing with the `-force-copy` flag and migrating state between multiple workspaces. (#29438)
* cli: Update tencentcount dependency versions to fix errors when building from source (#29445)
* core: Fix panic while handling computed attributes within nested objects, and improve plan validation for unknown values (#29482)- from version 1.0.5 BUG FIXES:
* json-output: Add an output change summary message as part of the `terraform plan -json` structured logs, bringing this format into parity with the human-readable UI. (#29312)
* core: Handle null nested single attribute values (#29411)
* cli: Fix crash when planning a diff between null and empty sets in nested attributes (#29398)
* cli: Fix crash when planning a new resource containing a set of nested object attributes (#29398)
* cli: Fix crash when displaying a resource diff where a possibly identifying attribute is sensitive (#29397)
* cli: Fix crash when a diff with unknown nested map attributes (#29410)
* config: Fix handling of dynamically types arguments in `formatlist`, ensuring the correct resulting type. (#29408)
* config: Floating point operations like `floor` and `ceil` can no longer mutate their arguments. (#29408)- from version 1.0.4 BUG FIXES:
* backend/consul: Fix a bug where the state value may be too large for consul to accept (#28838)
* cli: Fixed a crashing bug with some edge-cases when reporting syntax errors that happen to be reported at the position of a newline. (#29048)- from version 1.0.3 ENHANCEMENTS
* `terraform plan`: The JSON logs (`-json` option) will now include `resource_drift`, showing changes detected outside of Terraform during the refresh step. (#29072)
* core: The automatic provider installer will now accept providers that are recorded in their registry as using provider protocol version 6. (#29153)
* backend/etcdv3: New argument `max_request_bytes` allows larger requests and for the client, to match the server request limit. (#28078) BUG FIXES:
* `terraform plan`: Will no longer panic when trying to render null maps. (#29207)
* backend/pg: Prevent the creation of multiple workspaces with the same name. (#29157)
* backend/oss: STS auth is now supported. (#29167)
* config: Dynamic blocks with unknown for_each values were not being validated. Ensure block attributes are valid even when the block is unknown (#29208)
* config: Unknown values in string templates could lose sensitivity, causing the planned change to be inaccurate (#29208)
* Thu Jul 08 2021 John Paul Adrian Glaubitz - Update to 1.0.2 BUG FIXES:
* `terraform show`: Fix crash when rendering JSON plan with sensitive values in state (#29049)
* config: The `floor` and `ceil` functions no longer lower the precision of arguments to what would fit inside a 64-bit float, instead preserving precision in a similar way as most other arithmetic functions. (#29110)
* config: The `flatten` function was incorrectly treating null values of an unknown type as if they were unknown values. Now it will treat them the same as any other non-list/non-tuple value, flattening them down into the result as-is. (#29110)- from version 1.0.1 ENHANCEMENTS:
* `terraform show`: The JSON plan output now indicates which state values are sensitive. (#28889)
* cli: The macOS builds will now resolve hostnames using the system\'s DNS resolver, rather than the Go library\'s (incomplete) emulation of it. In particular, this will allow for the more complex resolver configurations often created by VPN clients on macOS, such as when a particular domain must be resolved using different nameservers while VPN connection is active. BUG FIXES:
* `terraform show`: Fix crash with deposed instances in json plan output. (#28922)
* `terraform show`: Fix an issue where the JSON configuration representation was missing fully-unwrapped references. (#28884)
* `terraform show`: Fix JSON plan resource drift to remove unchanged resources. (#28975)
* core: Fix crash when provider modifies and unknown block during plan. (#28941)
* core: Diagnostic context was missing for some errors when validating blocks. (#28979)
* core: Fix crash when calling `setproduct` with unknown values. (#28984)
* backend/remote: Fix faulty Terraform Cloud version check when migrating state to the remote backend with multiple local workspaces. (#28864)- from version 1.0.0 Terraform v1.0 is an unusual release in that its primary focus is on stability, and it represents the culmination of several years of work in previous major releases to make sure that the Terraform language and internal architecture will be a suitable foundation for forthcoming additions that will remain backward compatible. Terraform v1.0.0 intentionally has no significant changes compared to Terraform v0.15.5. You can consider the v1.0 series as a direct continuation of the v0.15 series; we do not intend to issue any further releases in the v0.15 series, because all of the v1.0 releases will be only minor updates to address bugs. For all future minor releases with major version 1, we intend to preserve backward compatibility as described in detail in [the Terraform v1.0 Compatibility Promises](https://www.terraform.io/docs/language/v1-compatibility- promises.html). The later Terraform v1.1.0 will, therefore, be the first minor release with new features that we will implement with consideration of those promises.- from version 0.15.5 BUG FIXES:
* `terraform plan` and `terraform apply`: Don\'t show \"Objects have changed\" notification when the detected changes are only internal details related to legacy SDK quirks. (#28796)
* core: Prevent crash during planning when encountering a deposed instance that has been removed from the configuration. (#28766)
* core: Fix crash when rendering changes to deposed instances outside of Terraform. (#28796)
* core: Restore a missing error when attempting to import a non-existent remote object. (#28808)
* core: Fix bug where Terraform failed to release the state lock when applying a stale saved plan failed. (#28819)- from version 0.15.4 NEW FEATURES:
*
*
*Noting changes made outside of Terraform:
*
* Terraform has always, by default, made a point during the planning operation of reading the current state of remote objects in order to detect any changes made outside of Terraform, to make sure the plan will take those into account. Terraform will now report those detected changes as part of the plan result, in order to give additional context about the planned changes. We\'ve often heard that people find it confusing when a plan includes a change that doesn\'t seem to be prompted by any recent change in the _configuration_, and so this feature is aiming to provide the previously-missing explanation for situations where Terraform is planning to undo a change. It can also be useful just as general information when the change _won\'t_ be undone by Terraform: if you\'ve intentionally made a change outside of Terraform and mirrored that change in your configuration then Terraform will now confirm that it noticed the change you made and took it into account when planning. By default this new output is for information only and doesn\'t change any behavior. If Terraform detects a change you were _expecting_ then you don\'t need to take any additional action to respond to it. However, we\'ve also added a new planning mode `-refresh-only` which allows you to explicitly plan and apply the action of writing those detected changes to the Terraform state, which serves as a plannable replacement for `terraform refresh`. We don\'t have any plans to remove the long-standing `terraform refresh` command, but we do recommend using `terraform apply -refresh-only` instead in most cases, because it will provide an opportunity to review what Terraform detected before updating the Terraform state. UPGRADE NOTES:
* This release adds some new reserved reference prefixes to make them available for later work. These are `resource.`, `template.`, `arg.`, and `lazy.`. We don\'t expect these additions to cause problems for most existing configurations, but could cause a conflict if you are using a custom provider which has a resource type named exactly \"resource\", \"template\", \"arg\", or \"lazy\". In that unlikely event, you can escape references to resources of those types by adding a `resource.` prefix; for example, if you have a `resource \"template\" \"foo\"` then you can change references to it from `template.foo` to `resource.template.foo` in order to escape the new meaning. ENHANCEMENTS:
* config: The various functions that compute hashs of files on disk, like `filesha256`, will now stream the contents of the given file into the hash function in smaller chunks. Previously they would always read the entire file into memory before hashing it, due to following a similar implementation strategy as the `file` function. (#28681)
* config: Some new escaping syntax which is not yet useful but will be part of the backward-compatibility story for certain future language editions. (#28709)
* core: Resource diagnostics are no longer lost on remote state storage failures (#28724)
* core: Diagnostics from provisioner failures are now shown in CLI output (#28753)
* `terraform init`: add a new `-migrate-state` flag instead of automatic state migration, to prevent failing when old backend config is not usable (#28718)
* `terraform plan` and `terraform apply`: will now report any changes Terraform detects during the \"refresh\" phase for each managed object, providing confirmation that Terraform has seen those changes and, where appropriate, extra context to help understand the planned change actions that follow. (#28634)
* `terraform plan` and `terraform apply`: now have a new option `-refresh-only` to activate the \"refresh only\" planning mode, which causes Terraform to ignore any changes suggested by the configuration but still detect any changes made outside of Terraform since the latest `terraform apply`. (#28634)
* backend/gcs: Terraform Core now supports Workload Identity Federation. The federated JSON credentials must be loaded through the `GOOGLE_APPLICATION_CREDENTIALS` environment variable. This is also available in the Google Provider in versions newer than v3.61. (#28296)
* backend/remote: supports several new CLI options when running plans and applies with Terraform Cloud: `-refresh=false`, `-replace`, and `-refresh-only`. (#28746) BUG FIXES:
* core: Fix sensitivity handling with plan values, which could cause the sensitive marks to be lost during apply leading to a perpetual diff (#28687)
* core: Fix crash when specifying SSH `bastion_port` in a resource `connection` block (#28665)
* core: Terraform will now upgrade and refresh (unless disabled) deposed objects during planning, in a similar manner as for objects that have been removed from the configuration. \"Deposed\" is how Terraform represents the situation where a `create_before_destroy` replacement failed to destroy the old object, in which case Terraform needs to track both the new and old objects until the old object is successfully deleted. Refreshing these during planning means that you can, if you wish, delete a \"deposed\" object manually outside of Terraform and then have Terraform detect that you\'ve done so. (#28634)
* config: Improve the sensitivity support for `lookup` and `length` functions, which were accidentally omitted from the larger update in 0.15.1 (#28509)
* backend/gcs: Fixed a bug where service account impersonation didn\'t work if the original identity was another service account (#28139)- from version 0.15.3 ENHANCEMENTS:
* `terraform show`: Add data to the JSON plan output describing which changes caused a resource to be replaced (#28608) BUG FIXES:
* `terraform show`: Fix crash for JSON plan output of new resources with sensitive attributes in nested blocks (#28624)- from version 0.15.2 ENHANCEMENTS:
* `terraform plan` and `terraform apply`: Both now support a new planning option `-replace=...` which takes the address of a resource instance already tracked in the state and forces Terraform to upgrade either an update or no-op plan for that instance into a \"replace\" (either destroy-then-create or create-then-destroy depending on configuration), to allow replacing a degraded object with a new object of the same configuration in a single action and preview the effect of that before applying it.
* `terraform apply`: Now has a `-destroy` option for symmetry with `terraform plan -destroy`, which makes `terraform destroy` effectively an alias for `terraform apply -destroy`. This change is only for consistency between `terraform plan` and `terraform apply`; there are no current plans to deprecate `terraform destroy`. (#28489)
* core: Update HCL to allow better planning of dynamic blocks (#28424)
* core: Unmark values when planning data sources (#28539) BUG FIXES:
* command/format: Fix various issues with nested-type attribute formatting (#28600)
* core: Fix JSON plan output to add sensitivity data for provider-specified sensitive attribute values (#28523)
* cli: Fix missing \"forces replacement\" UI for attribute changes which are marked as sensitive by the provider (#28583)
* cli: Fix crash when rendering diagnostic caused by missing trailing quote (#28598)
* config: Fix crash when calling `setproduct` with one or more empty collections (#28607)- from version 0.15.1 ENHANCEMENTS:
* config: Various Terraform language functions now have more precise inference rules for propagating the \"sensitive\" characteristic values. The affected functions are `chunklist`, `concat`, `flatten`, `keys`, `length`, `lookup`, `merge`, `setproduct`, `tolist`, `tomap`, `values`, and `zipmap`. The details are a little different for each of these but the general idea is to, as far as possible, preserve the sensitive characteristic on individual element or attribute values in result structures rather than always conservatively applying sensitivity to the whole result. The primary benefit of these improvements is that you can now use these functions as part of constructing maps for `for_each` in situations where the input collection is never sensitive but some of the elements/attributes inside might be. (#28446)
* cli: Update the HashiCorp public key (#28505)
* cli: Diagnostic messages can now be annotated with resource and provider addresses. (#28275)
* cli: `terraform login` now has a new user experience for successful log-ins to Terraform Cloud and Terraform Enterprise. (#28487)
* core: Minor graph performance optimizations. (#28329) BUG FIXES:
* config: Fix validation error when passing providers from a non-default namespace into modules. (#28414)
* cli: Fix missing colors and extraneous resource summary for plan/apply with the remote backend. (#28409)
* cli: Diagnostics messages will only indicate that a referenced value is sensitive if that value is _directly_ sensitive, as opposed to being a complex-typed value that _contains_ a sensitive value. (#28442)
* core: Don\'t trigger data source reads from changes in sibling module instances. (#28267)
* core: Restore saved dependencies when a resource destroy operation fails. (#28317)
* core: Fix crash when setting sensitive attributes to a sensitive value. (#28383)
* core: Loosen output value sensitivity requirement for non-root modules. This means that modules which may receive sensitive values as input variables no longer need to mark all related outputs as sensitive. The requirement for root modules to specify the `sensitive` attribute for sensitive values remains, with an extended diagnostic message to explain why. (#28472)
* provisioner: Fix panic with unexpected null values in provisioner configuration (#28457)- from version 0.15.0 UPGRADE NOTES AND BREAKING CHANGES: The following is a summary of each of the changes in this release that might require special consideration when upgrading. Refer to [the Terraform v0.15 upgrade guide](https://www.terraform.io/upgrade-guides/0-15.html) for more details and recommended upgrade steps.
* \"Proxy configuration blocks\" (provider blocks with only `alias` set) in shared modules are now replaced with a more explicit `configuration_aliases` argument within the `required_providers` block. Some support for the old syntax is retained for backward compatibility, but we\'ve added explicit error messages for situations where Terraform would previously silently misinterpret the purpose of an empty `provider` block. (#27739)
* The `list` and `map` functions, both of which were deprecated since Terraform v0.12, are now removed. You can replace uses of these functions with `tolist([...])` and `tomap({...})` respectively. (#26818)
* Terraform now requires UTF-8 character encoding and virtual terminal support when running on Windows. This unifies Terraform\'s terminal handling on Windows with that of other platforms, as per [Microsoft recommendations] (https://docs.microsoft.com/en-us/windows/console/classic-vs-vt). Terraform previously required these terminal features on all other platforms, and now requires them on Windows too. UTF-8 and virtual terminal support were introduced across various Windows 10 updates, and so Terraform is no longer officially supported on the original release of Windows 10 or on Windows 8 and earlier. However, there are currently no technical measures to artificially _prevent_ Terraform from running on these obsolete Windows releases, and so you _may_ still be able to use Terraform v0.15 on older Windows versions if you either disable formatting (using the `-no-color`) option, or if you use a third-party terminal emulator package such as [ConEmu](https://conemu.github.io/), [Cmder](https://cmder.net/), or [mintty](https://mintty.github.io/). We strongly encourage planning to migrate to a newer version of Windows rather than relying on these workarounds for the long term, because the Terraform team will test future releases only on up-to-date Windows 10 and can therefore not guarantee ongoing support for older versions.
* Built-in vendor provisioners (chef, habitat, puppet, and salt-masterless) have been removed. (#26938)
* Interrupting execution will now cause terraform to exit with a non-zero exit status. (#26738)
* The trailing `[DIR]` argument to specify the working directory for various commands is no longer supported. Use the global `-chdir` option instead. (#27664) For example, instead of `terraform init infra`, write `terraform -chdir=infra init`.
* The `-lock` and `-lock-timeout` options are no longer available on `terraform init` (#27464)
* The `-verify-plugins=false` option is no longer available on `terraform init`. (Terraform now _always_ verifies plugins.) (#27461)
* The `-get-plugins=false` option is no longer available on `terraform init`. (Terraform now _always_ installs plugins.) (#27463)
* The `-force` option is no longer available on `terraform destroy`. Use `-auto-approve` instead (#27681)
* The `-var` and `-var-file` options are no longer available on `terraform validate`. These were deprecated and have had no effect since Terraform v0.12. (#27906)
* `terraform version -json` output no longer includes the (previously-unpopulated) \"revision\" property (#27484)
* In the `gcs` backend the `path` config argument, which was deprecated since Terraform v0.11, is now removed. Use the `prefix` argument instead. (#26841)
* The deprecated `ignore_changes = [\"
*\"]` wildcard syntax is no longer supported. Use `ignore_changes = all` instead. (#27834)
* Previously deprecated quoted variable type constraints are no longer supported. Follow the instructions in the error message to update your type signatures to be more explicit. For example, use `map(string)` instead of `\"map\"`. (#27852)
* Terraform will no longer make use of the `HTTP_PROXY` environment variable to determine proxy settings for connecting to HTTPS servers. You must always set `HTTPS_PROXY` if you intend to use a proxy to connect to an HTTPS server. (Note: This affects only connections made directly from Terraform CLI. Terraform providers are separate programs that make their own requests and may thus have different proxy configuration behaviors.)
* Provider-defined sensitive attributes will now be redacted throughout the plan output. You may now see values redacted as `(sensitive)` that were previously visible, because sensitivity did not follow provider-defined sensitive attributes. If you are transforming a value and wish to force it _not_ to be sensitive, such as if you are transforming a value in such a way that removes the sensitive data, we recommend using the new `nonsensitive` function to hint Terraform that the result is not sensitive.
* The `atlas` backend, which was deprecated since Terraform v0.12, is now removed. (#26651)
* We\'ve upgraded the underlying TLS and certificate-related libraries that Terraform uses when making HTTPS requests to remote systems. This includes the usual tweaks to preferences for different cryptographic algorithms during handshakes and also some slightly-stricter checking of certificate syntax. These changes should not cause problems for correctly- implemented HTTPS servers, but can sometimes cause unexpected behavior changes with servers or middleboxes that don\'t comply fully with the relevant specifications. ENHANCEMENTS:
* config: A `required_providers` entry can now contain `configuration_aliases` to declare additional configuration aliases names without requirring a configuration block (#27739)
* config: Improved type inference for conditional expressions. (#28116)
* config: Provider-defined sensitive attributes will now be redacted throughout the plan output. (#28036)
* config: New function `one` for concisely converting a zero-or-one element list/set into a single value that might be `null`. (#27454)
* config: New functions `sensitive` and `nonsensitive` allow module authors to explicitly override Terraform\'s default infererence of value sensitivity for situations where it\'s too conservative or not conservative enough. (#27341)
* config: Terraform will now emit a warning if you declare a `backend` block in a non-root module. Terraform has always ignored such declarations, but previously did so silently. This is a warning rather than an error only because it is sometimes convenient to temporarily use a root module as if it were a child module in order to test or debug its behavior separately from its main backend. (#26954)
* config: Removed warning about interpolation-only expressions being deprecated, because `terraform fmt` now automatically fixes most cases that the warning would previously highlight. We still recommend using simpler expressions where possible, but the deprecation warning had caused a common confusion in the community that the interpolation syntax is _always_ deprecated, rather than only in the interpolation-only case. (#27835)
* config: The family of error messages with the summary \"Invalid for_each argument\" will now include some additional context about which external values contributed to the result, making it easier to find the root cause of the error. (#26747)
* config: Terraform now does text processing using the rules and tables defined for Unicode 13. Previous versions were using Unicode 12 rules.
* `terraform init`: Will now make suggestions for possible providers on some registry failures, and generally remind of `required_providers` on all registry failures. (#28014)
* `terraform init`: Provider installation will now only attempt to rewrite `.terraform.lock.hcl` if it would contain new information. (#28230)
* `terraform init`: New `-lockfile=readonly` option, which suppresses writing changes to the dependency lock file. Any installed provider packages must already be recorded in the lock file, or initialization will fail. Use this if you are managing the lock file via a separate process and want to avoid adding new checksums for existing dependencies. (#27630)
* `terraform show`: Improved performance when rendering large plans as JSON. (#27998)
* `terraform validate`: The JSON output now includes a code snippet object for each diagnostic. If present, this object contains an excerpt of the source code which triggered the diagnostic, similar to what Terraform would include in human-oriented diagnostic messages. (#28057)
* cli: Terraform now uses UTF-8 and full VT mode even when running on Windows. Previously Terraform was using the \"classic\" Windows console API, which was far more limited in what formatting sequences it supported and which characters it could render. (#27487)
* cli: Improved support for Windows console UI on Windows 10, including bold colors and underline for HCL diagnostics. (#26588)
* cli: Diagnostic messages now have a vertical line along their left margin, which we hope will achieve a better visual hierarchy for sighted users and thus make it easier to see where the errors and warnings start and end in relation to other content that might be printed alongside. (#27343)
* cli: Typing an invalid top-level command, like `terraform destory` instead of `destroy`, will now print out a specific error message about the command being invalid, rather than just printing out the usual help directory. (#26967)
* cli: Plugin crashes will now be reported with more detail, pointing out the plugin name and the method call along with the stack trace (#26694)
* cli: Core and Provider logs can now be enabled separately for debugging, using `TF_LOG_CORE` and `TF_LOG_PROVIDER` (#26685)
* backend/azurerm: Support for authenticating as AzureAD users/roles. (#28181)
* backend/pg: Now allows locking of each workspace separately, whereas before the locks were global across all workspaces. (#26924) BUG FIXES:
* config: Fix multiple upstream crashes with optional attributes and sensitive values. (#28116)
* config: Fix various panics in the experimental `defaults` function. (#27979)
* config: Fix crash with resources which have sensitive iterable attributes. (#28245)
* config: Fix crash when referencing resources with sensitive fields that may be unknown. (#28180)
* `terraform validate`: Validation now ignores providers that lack configuration, which is useful for validating modules intended to be called from other modules which therefore don\'t include their own provider configurations. (#24896)
* `terraform fmt`: Fix `fmt` output when unwrapping redundant multi-line string interpolations (#28202)
* `terraform console`: expressions using `path` (`path.root`, `path.module`) now return the same result as they would in a configuration (#27263)
* `terraform show`: Fix crash when rendering JSON plans containing iterable unknown values. (#28253)
* `terraform show`: fix issue with `child_modules` not properly displaying in certain circumstances. (#27352)
* `terraform state list`: fix bug where nested modules\' resources were missing (#27268)
* `terraform state mv`: fix display names in errors and improve error when failing to target a whole resource (#27482)
* `terraform taint`: show resource name in -allow-missing warning (#27501)
* `terraform untaint`: show resource name in -allow-missing warning (#27502)
* cli: All commands will now exit with an error if unable to read input at an interactive prompt. For example, this may happen when running in a non-interactive environment but without `-input=false`. Previously Terraform would behave as if the user entered an empty string, which often led to confusing results. (#26509)
* cli: `TF_LOG` levels other than `trace` will now work reliably. (#26632)
* core: Fix crash when trying to create a destroy plan with `-refresh=false`. (#28272)
* core: Extend the Terraform plan file format to include information about sensitivity and required-replace. This ensures that the output of `terraform show saved.tfplan` matches `terraform plan`, and sensitive values are elided. (#28201)
* core: Ensure that stored dependencies are retained when a resource is removed entirely from the configuration, and `create_before_destroy` ordering is preserved. (#28228)
* core: Resources removed from the configuration will now be destroyed before their dependencies are updated. (#28165)
* core: Refresh data sources while creating a destroy plan, in case their results are important for destroy operations. (#27408)
* core: Fix missing deposed object IDs in apply logs (#27796)
* backend/azurerm: Fix nil pointer crashes with some state operations. (#28181)
* backend/azure: Fix interactions between state reading, state creating, and locking. (#26561) EXPERIMENTS:
* `provider_sensitive_attrs`: This experiment has now concluded, and its functionality is now on by default. If you were previously participating in this experiment then you can remove the experiment opt-in with no other necessary configuration changes.
* There is now a `terraform test` command, which is currently an experimental feature serving as part of [the Module Testing Experiment](https://www.terraform.io/docs/language/modules/testing-experiment.html).- from version 0.14.11 ENHANCEMENTS:
* cli: Update the HashiCorp public key (#28503)- Enable go_modules service in _service file- Switch compression to gz in _service file
* Required for go_modules service to work
* Sat Apr 10 2021 Pau Garcia Quiles - Update to 0.14.10 : ENHANCEMENTS:
* cli: Emit an \"already installed\" event when a provider is found already installed (#27722)
* provisioner/remote-exec: Can now run in a mode that expects the remote system to be running Windows and excuting commands using the Windows command interpreter, rather than a Unix-style shell. Specify the target_platform as \"windows\" in the connection block. (#26865) ENHANCEMENTS:
* backend/s3: Add support for AWS Single-Sign On (SSO) cached credentials (#27620)
* config: Terraform now does text processing using the rules and tables defined for Unicode 13. Previous versions were using Unicode 12 rules (#28034) BUG FIXES:
* cli: Rerunning init will reuse installed providers rather than fetching the provider again (#27582)
* config: Fix panic when applying a config using sensitive values in some block sets (#27635)
* core: Fix \"Invalid planned change\" error when planning tainted resource which no longer exists (#27563)
* core: Fix panic when refreshing data source which contains sensitive values (#27567)
* core: Fix init with broken link in plugin_cache_dir (#27447)
* core: Prevent evaluation of removed data source instances during plan (#27621)
* core: Don\'t plan changes for outputs that remain null (#27512)
* cli: Fix show -json not outputting the full module tree when some child modules have no resources (#27352)
* cli: Fix excessively slow rendering of very large multi-line string outputs (#27746)
* cli: Fix missing provider requirements in JSON plan when specified using required_providers instead of provider config (#27697)
* config: Update HCL package to fix panics when indexing using sensitive values (#28034)
* core: Fix error when using sensitive values in provisioner configuration (#27819)
* core: Fix empty diags not getting associated with source (#28029)
* backend/remote: Fix non-functional -lock-timeout argument when using the remote backend with local operations (#27845)
* backend/remote: Fix error when migrating existing state to a new workspace on Terraform Cloud/Enterprise. (#28093)
* cli: Only rewrite provider locks file if its contents has changed. (#28230)
* Tue Jan 26 2021 Paolo Stivanin - Update to 0.14.5 : NEW FEATURES:
* terraform now supports marking input variables as sensitive, and will propagate that sensitivity through expressions that derive from sensitive input variables.
* terraform init will now generate a lock file in the configuration directory which you can check in to your version control so that Terraform can make the same version selections in future. (#26524)
* if you wish to retain the previous behavior of always taking the newest version allowed by the version constraints on each install, you can run terraform init -upgrade to see that behavior.
* terraform will now support reading and writing all compatible state files, even from future versions of Terraform. This means that users of Terraform 0.14.0 will be able to share state files with future Terraform versions until a new state file format version is needed. ENHANCEMENTS:
* config: Added sensitive argument for variable blocks, which supresses output where that variable is used (#26183)
* config: Added alltrue and anytrue functions, which serve as a sort of dynamic version of the && and || or operators, respectively. These are intended to allow evaluating boolean conditions, such as in variable validation blocks, across all of the items in a collection using for expressions.
* config: New functions textencodebase64 and textdecodebase64 for encoding text in various character encodings other than UTF-8. (#25470)
* terraform plan and terraform apply: Added an experimental concise diff renderer. By default, Terraform plans now hide most unchanged fields, only displaying the most relevant changes and some identifying context. This experiment can be disabled by setting a TF_X_CONCISE_DIFF environment variable to 0.
* config: ignore_changes can now apply to map keys that are not listed in the configuration
* terraform console: Now has distinct rendering of lists, sets, and tuples, and correctly renders objects with null attribute values. Multi-line strings are rendered using the \"heredoc\" syntax. (#26189, #27054)
* terraform login: Added support for OAuth2 application scopes. (#26239)
* terraform fmt: Will now do some slightly more opinionated normalization behaviors, using the documented idiomatic syntax. (#26390)
* terraform init\'s provider installation step will now abort promptly if Terraform receives an interrupt signal. (#26405)
* cli: A new global command line option -chdir=..., placed before the selected subcommand, instructs Terraform to switch to a different working directory before executing the subcommand. This is similar to switching to a new directory with cd before running Terraform, but it avoids changing the state of the calling shell. (#26087)
* cli: help text is been reorganized to emphasize the main commands and improve consistency
* cli: Ensure that provider requirements are met by the locked dependencies for every command. This will help catch errors if the configuration has changed since the last run of terraform init. (#26761)
* core: When sensitive values are used as part of provisioner configuration, logging is disabled to ensure the values are not displayed to the UI (#26611)
* core: terraform plan no longer uses a separate refresh phase. Instead, all resources are updated on-demand during planning (#26270)
* modules: Adds support for loading modules with S3 virtual hosted-style access (#26914)
* backend/consul: Split state into chunks when outgrowing the limit of the Consul KV store. This allows storing state larger than the Consul 512KB limit. (#25856)
* backend/consul: Add force-unlock support to the Consul backend (#25837)
* backend/gcs: Add service account impersonation to GCS backend (#26837)
* On Unix-based operating systems other than MacOS, the SSL_CERT_DIR environment variable can now be a colon-separated list of multiple certificate search paths. (#26357) BUG FIXES:
* cli: Fix formatting of long integers in outputs and console (#27479)
* cli: Fix redundant check of remote workspace version for local operations (#27498)
* cli: Fix missing check of remote workspace version for state migration (#27556)
* cli: Fix world-writable permissions on dependency lock file (#27205)
* backend/remote: Disable remote Terraform workspace version check when the remote workspace is in local operations mode ([#27407])
* core: Fix panic when using sensitive values as arguments to data sources ([#27335])
* core: Fix panic when using sensitive values as count arguments on validate ([#27410])
* core: Fix panic when passing sensitive values to module input variables which have custom variable validation ([#27412])
* dependencies: Upgrade HCL to v2.8.2, fixing several bugs with sensitive values ([#27420])
* config: Fix anytrue and alltrue functions when called with values which are not known until apply.
* config: Fix sum function when called with values which are not known until apply. Also allows sum to cope with numbers too large to represent in float64, along with correctly handling errors around infinite values. (#27249)
* config: Fixed panic when referencing sensitive values in resource count expressions
* config: Fix incorrect attributes in diagnostics when validating objects (#27010)
* core: Prevent unexpected updates during plan when multiple sensitive values are involved
* dependencies: Fix several small bugs related to the use of sensitive values with expressions and functions.
* lang: Fix panic when calling coalescelist with a null argument (#26988)
* terraform apply: -refresh=false was skipped when running apply directly (#27233)
* terraform init: setting -get-plugins to false will now cause a warning, as this flag has been a no-op since 0.13.0 and usage is better served through using provider_installation blocks
* terraform init and other commands which interact with the dependency lock file: These will now generate a normal error message if the lock file is incorrectly a directory, rather than crashing as before.
* Wed Oct 07 2020 John Paul Adrian Glaubitz - Update to 0.13.4 (bsc#1177421, jsc#ECO-2766, jsc#PM-2215) UPGRADE NOTES:
* The built-in vendor (third-party) provisioners, which include `habitat`, `puppet`, `chef`, and `salt-masterless` are now deprecated and will be removed in a future version of Terraform.
* Deprecated interpolation-only expressions are detected in more contexts in addition to resources and provider configurations. Module calls, data sources, outputs, and locals are now also covered. Terraform also detects interpolation-only expressions in complex values such as lists and objects. An expression like `\"${foo}\"` should be rewritten as just `foo`. (#27272) (#26334) BUG FIXES:
* command: Include schemas from required but unused providers in the output of `terraform providers schema`. This allows development tools such as the Terraform language server to offer autocompletion for the first resource for a given provider. (#26318)
* core: create_before_destroy status is now updated in the state during refresh (#26343)
* core: data sources using `depends_on`, either directly or through their modules, are no longer are forced to wait until apply by other planned data source reads (#26375)- from 0.13.3 BUG FIXES:
* build: fix crash with terraform binary on openBSD (#26250)
* core: prevent create_before_destroy cycles by not connecting module close nodes to resource instance destroy nodes (#26186)
* core: fix error where plan action changes from CreateThenDelete to DeleteThenCreate (#26192)
* core: fix Cycle when create_before_destroy status wasn\'t checked from state (#26263)
* core: fix \"inconsistent final plan\" error when changing the number of referenced resources to 0 (#26264)
* states/remote: fix `state push -force` to work for all backends (#26190)- from 0.13.2 NEW FEATURES:
*
*
*Network-based Mirrors for Provider Installation
*
*: As an addition to the existing capability of \"mirroring\" providers into the local filesystem, a network mirror allows publishing copies of providers on an HTTP server and using that as an alternative source for provider packages, for situations where directly accessing the origin registries is impossible or undesirable. (#25999) ENHANCEMENTS:
* backend/http: add support for configuration by environment variable. (#25439)
* command: Add support for provider redirects to `0.13upgrade`. If a provider in the Terraform Registry has moved to a new namespace, the `0.13upgrade` subcommand now detects this and follows the redirect where possible. (#26061)
* command: Improve `init` error diagnostics when encountering what appears to be an in-house provider required by a pre-0.13 state file. Terraform will now display suggested `terraform state replace-provider` commands which will fix this specific problem. (#26066) BUG FIXES:
* command: Warn instead of error when the `output` subcommand with no arguments results in no outputs. This aligns the UI to match the 0 exit code in this situation, which is notable but not necessarily an error. (#26036)
* terraform: Fix crashing bug when reading data sources during plan with blocks backed by objects, not collections (#26028)
* terraform: Fix bug where variables values were asked for twice on the command line and provider input values were asked for but not saved (#26063)- from 0.13.1 ENHANCEMENTS:
* config: `cidrsubnet` and `cidrhost` now support address extensions of more than 32 bits (#25517)
* cli: The directories that Terraform searches by default for provider plugins can now be symlinks to directories elsewhere. (This applies only to the top-level directory, not to nested directories inside it.) (#25692)
* backend/s3: simplified mock handling and assume role testing (#25903)
* backend/s3: support for appending data to the User-Agent request header with the TF_APPEND_USER_AGENT environment variable (#25903) BUG FIXES:
* config: Override files containing `module` blocks can now override the special `providers` argument. (#25496)
* cli: The state lock will now be unlocked consistently across both the local and remote backends in the `terraform console` and `terraform import` commands. (#25454)
* cli: The `-target` option to `terraform plan` and `terraform apply` now correctly handles addresses containing module instance indexes. (#25760)
* cli: `terraform state mv` can now move the last resource from a module without panicking. (#25523)
* cli: If the output of `terraform version` contains an outdated version notice, this is now printed after the version number and not before. (#25811)
* command: Prevent creation of workspaces with invalid names via the `TF_WORKSPACE` environment variable, and allow any existing invalid workspaces to be deleted. (#25262)
* command: Fix error when multiple `-no-color` flags are set on the command line. (#25847)
* command: Fix backend config override validation, allowing the use of `-backend-config` override files with the enhanced remote backend. (#25960)
* core: State snapshots now use a consistent ordering for resources that have the same name across different modules. Previously the ordering was undefined. (#25498)
* core: A `dynamic` block producing an unknown number of blocks will no longer incorrectly produce the error \"Provider produced inconsistent final plan\" when the block type is backed by a set of objects. (#25662)
* core: Terraform will now silently drop attributes that appear in the state but are not present in the corresponding resource type schema, on the assumption that those attributes existed in a previous version of the provider and have now been removed. (#25779)
* core: The state upgrade logic for handling unqualified provider addresses from Terraform v0.11 and earlier will no longer panic when it encounters references to the built-in `terraform` provider. (#25861)
* internal: Clean up provider package download temporary files after installing. (#25990)
* terraform: Evaluate module call arguments for `terraform import` even if defaults are given for input variables (#25890)
* terraform: Fix misleading Terraform `required_version` constraint diagnostics when multiple `required_version` settings exist in a single module (#25898)- from 0.13.0 NEW FEATURES:
*
*
*`count` and `for_each` for modules
*
*: Similar to the arguments of the same name in `resource` and `data` blocks, these create multiple instances of a module from a single `module` block. (#24461)
*
*
*`depends_on` for modules
*
*: Modules can now use the `depends_on` argument to ensure that all module resource changes will be applied after any changes to the `depends_on` targets have been applied. (#25005)
*
*
*Automatic installation of third-party providers
*
*: Terraform now supports a decentralized namespace for providers, allowing for automatic installation of community providers from third-party namespaces in the public registry and from private registries. (More details will be added about this prior to release.)
*
*
*Custom validation rules for input variables
*
*: A new `validation` block type inside `variable` blocks allows module authors to define validation rules at the public interface into a module, so that errors in the calling configuration can be reported in the caller\'s context rather than inside the implementation details of the module. (#25054)
*
*
*New Kubernetes remote state storage backend
*
*: This backend stores state snapshots as Kubernetes secrets. (#19525) BREAKING CHANGES:
* As part of introducing a new heirarchical namespace for providers, Terraform now requires an explicit `source` specification for any provider that is not in the \"hashicorp\" namespace in the main public registry. (#24477) For more information, including information on the automatic upgrade process, refer to the v0.13 upgrade guide.
* `terraform import`: the previously-deprecated `-provider` option is now removed. (#24090) To specify a non-default provider configuration for import, add the `provider` meta-argument to the target `resource` block.
* config: Inside `provisioner` blocks that have `when = destroy` set, and inside any `connection` blocks that are used by such `provisioner` blocks, it is no longer valid to refer to any objects other than `self`, `count`, or `each`. (This was previously deprecated in a v0.12 minor release.) (#24083) If you are using `null_resource` to define provisioners not attached to a real resource, include any values your provisioners need in the `triggers` map and change the provisioner configuration to refer to those values via `self.triggers`.
* configs: At most one `terraform` `required_providers` block is permitted per module (#24763) If you previously had multiple `required_providers` blocks in the same module, consolidate their requirements together into a single block.
* The official MacOS builds of Terraform CLI are no longer compatible with Mac OS 10.10 Yosemite; Terraform now requires at least Mac OS 10.11 El Capitan. Terraform 0.13 is the last major release that will support 10.11 El Capitan, so if you are upgrading your OS we recommend upgrading to Mac OS 10.12 Sierra or later.
* The official FreeBSD builds of Terraform CLI are no longer compatible with FreeBSD 10.x, which has reached end-of-life. Terraform now requires FreeBSD 11.2 or later.
* backend/oss: The TableStore schema now requires a primary key named `LockID` of type `String`. (#24149)
* backend/s3: The previously-deprecated `lock_table`, `skip_get_ec2_platforms`, and `skip_requesting_account_id` arguments are now removed. (#25134)
* backend/s3: The credential source preference order now considers EC2 instance profile credentials as lower priority than shared configuration, web identity, and ECS role credentials. (#25134)
* backend/s3: The `AWS_METADATA_TIMEOUT` environment variable is no longer used. The timeout is now fixed at one second with two retries. (#25134) NOTES:
* The `terraform plan` and `terraform apply` commands will now detect and report changes to root module outputs as needing to be applied even if there are no resource changes in the plan. This is an improvement in behavior for most users, since it will now be possible to change `output` blocks and use `terraform apply` to apply those changes. If you have a configuration where a root module output value is changing for every plan (for example, by referring to an unstable data source), you will need to remove or change that output value in order to allow convergence on an empty plan. Otherwise, each new plan will propose more changes.
* Terraform CLI now supports TLS 1.3 and supports Ed25519 certificates when making outgoing connections to remote TLS servers. While both of these changes are backwards compatible in principle, certain legacy TLS server implementations can reportedly encounter problems when attempting to negotiate TLS 1.3. (These changes affects only requests made by Terraform CLI itself, such as to module registries or backends. Provider plugins have separate TLS implementations that will gain these features on a separate release schedule.)
* On Unix systems where `use-vc` is set in `resolv.conf`, Terraform will now use TCP for DNS resolution. We don\'t expect this to cause any problem for most users, but if you find you are seeing DNS resolution failures after upgrading please verify that you can either reach your configured nameservers using TCP or that your resolver configuration does not include the `use-vc` directive.
* The `terraform 0.12upgrade` command is no longer available. (#24403) To upgrade from Terraform v0.11, first upgrade to the latest v0.12 release and then upgrade to v0.13 from there. ENHANCEMENTS:
* config: `templatefile` function will now return a helpful error message if a given variable has an invalid name, rather than relying on a syntax error in the template parsing itself. (#24184)
* config: The configuration language now uses Unicode 12.0 character tables for certain Unicode-version-sensitive operations on strings, such as the `upper` and `lower` functions. Those working with strings containing new characters introduced since Unicode 9.0 may see small differences in behavior as a result of these table updates.
* config: The new `sum` function takes a list or set of numbers and returns the sum of all elements. (#24666)
* config: Modules authored by the same vendor as the main provider they use can now pass metadata to the provider to allow for instrumentation and analytics. (#22583)
* cli: The `terraform plan` and `terraform apply` commands now recognize changes to root module outputs as side-effects to be approved and applied. This means you can apply root module output changes using the normal plan and apply workflow. (#25047)
* cli: When installing providers from the Terraform Registry, Terraform will verify the trust signature for partner providers, and allow for self-signed community providers. (#24617)
* cli: `terraform init` will display detailed trust signature information when installing providers from the Terraform Registry and other provider registries. (#24932)
* cli: It is now possible to optionally specify explicitly which installation methods can be used for different providers in the CLI configuration, such as forcing a particular provider to be loaded from a particular directory on local disk instead of consulting its origin provider registry. (#24728)
* cli: The new `terraform state replace-provider` subcommand allows changing the selected provider for existing resource instances in the Terraform state. (#24523)
* cli: The new `terraform providers mirror` subcommand can automatically construct or update a local filesystem mirror directory containing the providers required for the current configuration. (#25084)
* cli: `terraform version -json` now produces machine-readable version information. (#25252)
* cli: `terraform import` can now work with provider configurations containing references to other objects, as long as the data in question is already known in the current state. (#25420)
* cli: The `terraform state rm` command will now exit with status code 1 if the given resource address does not match any resource instances. (#22300)
* cli: The `terraform login` command now requires the full word \"yes\" to confirm, rather than just \"y\", for consistency with Terraform\'s other interactive prompts. (#25379)
* core: Several of Terraform\'s graph operations are now better optimized to support configurations with highly-connected graphs. (#23811)
* backend/remote: Now supports `terraform state push -force`. (#24696)
* backend/remote: Can now accept `-target` options when creating a plan using _remote operations_, if supported by the target server. (Server-side support for this in Terraform Cloud and Terraform Enterprise will follow in forthcoming releases of each.) (#24834)
* backend/azurerm: Now uses the Giovanni Storage SDK to communicate with Azure. (#24669)
* backend/s3: The backend will now always consult the shared configuration file, even if the `AWS_SDK_LOAD_CONFIG` environment variable isn\'t set. That environment variable is now ignored. (#25134)
* backend/s3: Region validation now automatically supports the new `af-south-1` (Africa (Cape Town)) region. (#24744) For AWS operations to work in the new region, you must explicitly enable it as described in AWS General Reference: Enabling a Region. If you haven\'t enabled the region, the Terraform S3 Backend will return `InvalidClientTokenId` errors during credential validation.
* backend/s3: A `~/` prefix in the `shared_credentials_file` argument is now expanded to the current user\'s home directory. (#25134)
* backend/s3: The backend has a number of new options for customizing the \"assume role\" behavior, including controlling the lifetime and access policy of temporary credentials. (#25134)
* backend/swift: The authentication options match those of the OpenStack provider. (#23510) BUG FIXES:
* config: The `jsonencode` function can now correctly encode a single null value as the JSON expression `null`. (#25078)
* config: The `map` function no longer crashes when incorrectly given a non-string key. (#24277)
* config: The `substr` function now correctly returns a zero-length string when given a length of zero, rather than ignoring that argument entirely. (#24318)
* config: `ceil(1/0)` and `floor(1/0)` (that is, an infinity as an argument) now return another infinity with the same sign, rather than just a large integer. (#21463)
* config: The `rsadecrypt` function now supports the OpenSSH RSA key format. (#25112)
* config: The `merge` function now returns more precise type information, making it usable for values passed to `for_each`, and will no longer crash if all of the given maps are empty. (#24032), (#25303)
* vendor: The various set-manipulation functions, like `setunion`, will no longer panic if given an unknown set value (#25318)
* config: Fixed a crash with incorrect syntax in `.tf.json` and `.tfvars.json` files. (#24650)
* config: The function argument expansion syntax `...` no longer incorrectly fails with \"Invalid expanding argument value\" in situations where the expanding argument\'s type will not be known until the apply phase. (#25216)
* config: Variable `validation` block error message checks no longer fail when non-ASCII characters are present. (#25144)
* cli: The `terraform plan` command (and the implied plan run by `terraform apply` with no arguments) will now print any warnings that were generated even if there are no changes to be made. (#24095)
* cli: `terraform state mv` now correctly records the resource\'s use of either `count` or `for_each` based on the given target address. (#24254)
* cli: When using the `TF_CLI_CONFIG_FILE` environment variable to override where Terraform looks for CLI configuration, Terraform will now ignore the default CLI configuration directory as well as the default CLI configuration file. (#24728)
* cli: The `terraform login` command in OAuth2 mode now implements the PKCE OAuth 2 extension more correctly. Previously it was not compliant with all of the details of the specification. (#24858)
* cli: Fixed a potential crash when the `HOME` environment variable isn\'t set, causing the native service credentials store to be `nil`. (#25110)
* command/fmt: Error messages will now include source code snippets where possible. (#24471)
* command/apply: `terraform apply` will no longer silently exit when given an absolute path to a saved plan file on Windows. (#25233)
* command/init: `terraform init` will now produce an explicit error message if given a non-directory path for its configuration directory argument, and if a `-backend-config` file has a syntax error. Previously these were silently ignored. (#25300), (#25411)
* command/console: (#25442)
* command/import: The `import` command will now properly attach the configured provider for the target resource based on the configuration, making the `-provider` command line option unnecessary. (#22862)
* command/import: The `-allow-missing-config` option now works correctly. It was inadvertently disabled as part of v0.12 refactoring. (#25352)
* command/show: Resource addresses are now consistently formatted between the plan and prior state in the `-json` output. (#24256)
* core: Fixed a crash related to an unsafe concurrent read and write of a map data structure. (#24599)
* core: Instances are now destroyed only using their stored state, without re-evaluating configuration. This avoids a number of dependency cycle problems when \"delete\" actions are included in a plan. (#24083)
* provider/terraform: The `terraform_remote_state` data source will no longer attempt to \"configure\" the selected backend during validation, which means backends will not try to perform remote actions such as verifying credentials during `terraform validate`. Local validation still applies in all cases, and the configuration step will still occur prior to actually reading the remote state in a normal plan/apply operation. (#24887)
* backend/remote: Backend will no longer crash if the user cancels backend initialization at an inopportune time, or if there is a connection error. (#25135) (#25341)
* backend/azurerm: The backend will now create a Azure storage snapshot of the previous Terraform state snapshot before writing a new one. (#24069)
* backend/s3: Various other minor authentication-related fixes previously made in the AWS provider. (#25134)
* backend/oss: Now allows locking of multiple different state files. (#24149)
* provisioner/remote-exec: The provisioner will now return an explicit error if the `host` connection argument is an empty string. Previously it would repeatedly attempt to resolve an empty hostname until timeout. (#24080)
* provisioner/chef: The provisioner will now gracefully handle non-failure (RFC062) exit codes returned from Chef. (#19155)
* provisioner/habitat: The provisioner will no longer generate `user.toml` with world-readable permissions. (#24321)
* communicator/winrm: Support a connection timeout for WinRM `connection` blocks. Previously this argument worked for SSH only. (#25350) EXPERIMENTS:
* This release concludes the `variable_validation` experiment that was started in Terraform v0.12.20. If you were participating in the experiment, you should remove the experiment opt-in from your configuration as part of upgrading to Terraform 0.13. The experiment received only feedback that can be addressed with backward-compatible future enhancements, so we\'ve included it into this release as stable with no changes to its original design so far. We\'ll consider additional features related to custom validation in future releases after seeing how it\'s used in real-world modules.- from 0.12.29 BUG FIXES:
* core: core: Prevent quadratic memory usage with large numbers of instances by not storing the complete resource state in each instance (#25633)- from 0.12.28 BUG FIXES:
* build: build the 0.12 version of Terraform with Go 1.12.13, rather than 0.13 Terraform\'s 1.14.2 (#25386)- from 0.12.27 BUG FIXES:
* backend/remote: fix panic when there\'s a connection error to the remote backend (#25341)- Bump mininum Go API version to 1.14
* Mon Jun 08 2020 Dirk Mueller - update to 0.12.26 ENHANCEMENTS:
* backend/remote: Can now accept -target options when creating a plan using remote operations, if supported by the target server. (Server-side support for this in Terraform Cloud and Terraform Enterprise will follow in forthcoming releases of each.) (#24834)
* cli: A special new lifecycle mode for provider plugins where they are assumed to be controlled by an external process outside of Terraform. This is for automated provider plugin testing only, and is not an end-user feature. (#24674)
* Tue May 19 2020 Dirk Mueller - update to 0.12.25: NOTES:
* backend/s3: Region validation now automatically supports the new af-south-1 (Africa (Cape Town)) region. ENHANCEMENTS:
* backend/s3: Support automatic region validation for af-south-1 (#24744)
* backend/remote: Add support for force push to remote backend (#24884) BUG FIXES:
* core: Destroy provisioners should not evaluate for_each expressions (#24163)
* core: Fix races in GetVariableValue (#24599)
* Tue Mar 24 2020 Petr Cervinka - Update to 0.12.24 BUG FIXES:
* command/login: Fix bug when using terraform login on Windows (#24397)
* registry: Fix panic when server is unreachable (#24411)
* Fri Mar 06 2020 Petr Cervinka - Update to 0.12.23 BUG FIXES:
* cli: Fix wrong version returned by `terraform version`- Update to 0.12.22 ENHANCEMENTS:
* registry: Add configurable retries for module and provider discovery requests to the remote registry ([#24260](https://github.com/hashicorp/terraform/pull/24260))
* registry: Add configurable request timeout for the remote registry client ([#24259](https://github.com/hashicorp/terraform/pull/24259)) BUG FIXES:
* cli: Fix terraform state mv to correctly set the resource each mode based on the target address ([#24254](https://github.com/hashicorp/terraform/issues/24254))
* cli: The `terraform plan` command (and the implied plan run by `terraform apply` with no arguments) will now print any warnings that were generated even if there are no changes to be made. ([#24095](https://github.com/hashicorp/terraform/issues/24095))
* Wed Feb 19 2020 Petr Cervinka - Update to 0.12.21 NEW FEATURES:
* backend/cos: New backend \"cos\", supporting using Tencent Cloud Storage as a remote backend.
* command/login: Enable \"terraform login\" and add support for UI-generated tokens ([#23995](https://github.com/hashicorp/terraform/issues/23995))
* command/logout: Add \"terraform logout\" command to remove local credentials ([#24048](https://github.com/hashicorp/terraform/issues/24048)) ENHANCEMENTS:
* command/workspace delete: release lock after workspace removal warning ([#24085](https://github.com/hashicorp/terraform/issues/24085))
* lang/funcs: add `setsubtract` function ([#23424](https://github.com/hashicorp/terraform/issues/23424)) BUG FIXES:
* command/state show: Fix an issue when a resource has a non-default provider configured ([#24027](https://github.com/hashicorp/terraform/issues/24027))
* backend/remote-state: Fix issues where lingering lock files remained when deleting non-empty workspaces ([#24085](https://github.com/hashicorp/terraform/issues/24085))
* command/import: Release lock if initialization error occurs on import ([#23318](https://github.com/hashicorp/terraform/issues/23318))
* terraform: Fix panic when using `for_each` with a set containing `null` values ([#24047](https://github.com/hashicorp/terraform/issues/24047))
* Wed Feb 19 2020 Petr Cervinka - Run spec-cleaner- Update to 0.12.20 ENHANCEMENTS:
* config: New built-in functions `try` and `can` are intended to ease working with data structures whose shape isn\'t known statically. ([#23794](https://github.com/hashicorp/terraform/issues/23794))
* config: New, optional syntax for [`required_providers`](https://www.terraform.io/docs/configuration/terraform.html#specifying-required-provider-versions) setting in `terraform` blocks. This is not intended for general use yet but will support upcoming enhancements. [[#23843](https://github.com/hashicorp/terraform/issues/23843)] BUG FIXES:
* command/show: Fix an issue with show and aliased providers ([#23848](https://github.com/hashicorp/terraform/issues/23848))
* core: Always clean up empty resources before empty modules ([#23822](https://github.com/hashicorp/terraform/issues/23822))
* internal/modsdir/manifest: Fix CLI issue with Windows machines ([#23865](https://github.com/hashicorp/terraform/issues/23865)) EXPERIMENTS:
* This release includes an _opt-in experiment_ for [custom validation rules on module variables](https://www.terraform.io/docs/configuration/variables.html#custom-validation-rules). The feature is not yet finalized and is subject to breaking changes even in minor releases, but we\'re introducing it here in order to solicit feedback from module developers about which use-cases it is meeting, any use-cases it _isn\'t_ meeting, and any situations where things feel harder to express than they might be. Due to the experimental nature of this feature, we do not recommend using it in \"production\" modules yet and we require an explicit [experimental feature opt-in](https://www.terraform.io/docs/configuration/terraform.html#experimental-language-features) of `variable_validation`. Depending on what feedback we receive, the design of this experimental feature may change significantly in future versions without an automatic upgrade path.
* Mon Jan 20 2020 John Paul Adrian Glaubitz - Update in SLE-15 (bsc#1158440, CVE-2019-19316)
* Wed Jan 15 2020 Jean-Philippe Evrard - Update to 0.12.19 ENHANCEMENTS: command/init: Cache Terraform Registry metadata responses when handling multiple references to the same module. (#23727) command/state-mv: Detect and remove references elsewhere in the state to the source address in a terraform state mv operation. This does not affect any current operations but will cause the resulting state snapshot to be different than before, and a future version of Terraform may make use of this additional precision. (#23791) BUG FIXES: command/init: Fix an issue with via an update to go-getter where modules would fail to download from the registry (#23792) command/init: use backend config from state when -backend=false is used during init. (#23802) core: Do not evaluate unused config values, which may not be valid during destroy (#23717) core: Better error handling for an odd \"should never happen\" situation regarding the restoration of a deposed instance during a create_before_destroy replace action. While this does not yet fix the situation (it can still happen), it now has a specialized error message to hopefully help gather some more information about the root cause in future reports. (#23718) core: Prevent insertion of default providers when resources are removed from the config. (#23696) core: Detect and handle dependencies implied by references in a connection block directly within a resource block. (#23663) communicator/ssh: Fix deadlock when SSH agent forwarding fails. (#23661)- Update to 0.12.18 NOTES: cli: Our darwin releases for this version and up will be signed and notarized according to Apple\'s requirements. Prior to this release, MacOS 10.15+ users attempting to run our software reported seeing the error: \"\'terraform\' cannot be opened because the developer cannot be verified.\" This error affected all MacOS 10.15+ users who downloaded our software directly via web browsers, and was caused by changes to Apple\'s third-party software requirements. Our recommended approach to install and interact with the Terraform CLI can be found here. MacOS 10.15+ users should plan to upgrade to 0.12.18+. UPGRADE NOTES: Inside provisioner blocks that have when = destroy set, and inside any connection blocks that are used by such provisioner blocks, it is now deprecated to refer to any objects other than self, count, and each. Terraform has historically allowed this but doing so tends to cause downstream problems with dependency cycles or incorrect destroy ordering because it causes the destroy phase of one resource to depend on the existing state of another. Although this is currently only a warning, we strongly suggest seeking alternative approaches for existing configurations that are hitting this warning in order to avoid the risk of later problems should you need to replace or destroy the related resources. This deprecation warning will be promoted to an error in a future release. ENHANCEMENTS: provisioners: Warn about the deprecation of non-self references in destroy-time provisioners, both to allow preparation for this later becoming an error and also as an extra hint for the \"Cycle\" errors that commonly arise when such references are used. (#23559) cli: The terraform plan and terraform apply commands (and some others) now accept the additional option -compact-warnings. If set, and if Terraform produces warnings that are not also accompanied by errors, then the warnings will be presented in the output in a compact form that includes only the summary information, thus providing a compromise to avoid warnings overwhelming the output if you are not yet ready to resolve them. (#23632) BUG FIXES: backend/s3: Fix for users with >1000 workspaces (#22963) cli: Allow moving indexed resource instances to new addresses that that don\'t yet exist in state (#23582) cli: Improved heuristics for log level filtering with the TF_LOG environment variable, although it is still not 100% reliable for levels other than TRACE due to limitations of Terraform\'s internal logging infrastructure. Because of that, levels other than TRACE will now cause the logs to begin with a warning about potential filtering inaccuracy. (#23577) command/show: Fix panic on show plan (#23581) config: Fixed referencing errors generally involving for_each (#23475) provisioners: The built-in provisioners (local-exec, remote-exec, file, etc) will no longer fail when the TF_CLI_ARGS environment variable is set. (#17400)
* Fri Dec 06 2019 Petr Cervinka - Update to 0.12.17 SECURITY NOTES:
* If you are using the Azure remote state backend and you are using a SAS Token for authentication, please refer to [the Azure remote state backend security advisory](https://github.com/hashicorp/terraform/security/advisories/GHSA-4rvg-555h-r626). Prior versions of the backend may have transmitted your state to the storage service using cleartext HTTP unless you specifically requested HTTPS when generating your SAS Token. This does not affect any other backends, and does not affect the Azure backend when using other authentication mechanisms. NEW FEATURES:
* lang/funcs: Add `trim
*` functions ENHANCEMENTS:
* cli: Terraform will now consolidate many warnings with the same summary text into fewer warning items, in order to avoid excessive amounts of warnings making it hard to read other output from Terraform commands. ([#23425](https://github.com/hashicorp/terraform/issues/23425))
* core: The upgrade logic for moving from the Terraform 0.11 to the Terraform 0.12 state snapshot format (internally, format version 3 to version 4) will now tolerate and ignore dependencies with invalid addresses, which tend to be left behind when following the `terraform 0.11checklist` directive to rename resources whose names start with digits prior to upgrading to Terraform 0.12. This should allow upgrading the state for a configuration that in the past had digit-prefixed resource names, once those names have been fixed in the configuration and state using the instructions given by `terraform 0.11checklist` in Terraform 0.11.14. ([#23443](https://github.com/hashicorp/terraform/issues/23443)) BUG FIXES:
* command/jsonplan, command/jsonstate: fix panic with null values ([#23492](https://github.com/hashicorp/terraform/issues/23492))
* backend/azure: Use HTTPS to talk to the storage API, even if using a SAS token that does not require it. ([#23496](https://github.com/hashicorp/terraform/issues/23496))
* Wed Nov 20 2019 Petr Cervinka - Increase required go version to 1.12- Update to 0.12.16 BUG FIXES:
* command/0.12upgrade: fix panic when int value is out of range ([#23394](https://github.com/hashicorp/terraform/issues/23394))
* core: fix cycle between dependencies with create_before_destroy ([#23399](https://github.com/hashicorp/terraform/issues/23399))
* backend/remote: default .terraformignore paths will now work on Windows ([#23311](https://github.com/hashicorp/terraform/issues/23311))
* Fri Nov 15 2019 Petr Cervinka - Update to 0.12.15 BUG FIXES:
* various commands: Fixed errant error \"Initialization required. Please see the error message above.\" ([#23383](https://github.com/hashicorp/terraform/issues/23383)) The error was produced on some of Terraform\'s subcommands (in particular `terraform show` and `terraform output`, but possibly others) if a warning was emitted during configuration loading and if a `backend` block was present. This issue has been present since v0.12.0 for any configuration that produces configuration-related deprecation warnings, but it became more visible in v0.12.14 due to the addition of several more situations that could produce warnings.- Changes of version 0.12.14 UPGRADE NOTES:
* Terraform v0.12.0 included several changes to the Terraform language involving making expressions, type constraints, keywords, and references first-class in the language syntax, removing the need for placing thee items either in quoted strings or in interpolation syntax. Terraform v0.11 required these items to be quoted because the underlying language could not represent them any other way, while Terraform v0.12 expects them to be unquoted in order to improve readability. We have been accepting both forms for backward-compatibility with existing configurations and examples since the inititial v0.12.0 release. Having maintained compatibility for both forms for several versions we are now beginning the deprecation cycle for the old usage by having Terraform emit deprecation warnings. Terraform will still accept the older forms in spite of these warnings, so no immediate action is required. If your modules are targeting Terraform v0.12.0 and later exclusively, you can silence the warnings by removing the quotes, as directed in the warning message. In a future major version of Terraform, some of these warnings will be elevated to be errors. The summary of the warning for these situations will be one of the following:
*
*
*Interpolation-only expressions are deprecated:
*
* an expression like `\"${foo}\"` should be rewritten as just `foo`.
*
*
*Quoted type constraints are deprecated:
*
* In a `variable` block, a type constraint `\"map\"` should be written as `map(string)`, `\"list\"` as `list(string)`, and `\"string\"` as just `string`.
*
*
*Quoted keywords are deprecated:
*
* In certain contexts that expect special keywords, such as `when` in `provisioner` blocks, the keyword should be unquoted.
*
*
*Quoted references are deprecated:
*
* In the `depends_on` and `ignore_changes` meta-arguments, quoted references like `\"aws_instance.foo\"` should be rewritten without the quotes, e.g. as `aws_instance.foo`. The above changes are made automatically by the upgrade tool for users who are [upgrading from Terraform 0.11](https://www.terraform.io/upgrade-guides/index.html). These warnings are intended to help those who are using Terraform for the first time at Terraform 0.12 but who may have found examples online that are written for older versions of Terraform, in order to guide towards the modern Terraform style.
* The `terraform output` command would formerly treat no outputs at all as an error, exiting with a non-zero status. Since it\'s expected for some root modules to have no outputs, the command now returns with success status zero in this situation, but still returns the error on stderr as a compromise to provide an explanation for why nothing is being shown. ENHANCEMENTS:
* config: Redundant interpolation syntax for attribute values and legacy (0.11-style) variable type constrants will now emit deprecation warnings. ([#23348](https://github.com/hashicorp/terraform/issues/23348))
* config: Keywords and references in `depends_on`, `ignore_changes`, and in provisioner `when` and `on_failure` will now emit deprecation warnings. ([#23329](https://github.com/hashicorp/terraform/issues/23329))
* command/output: Now treats no defined outputs as a success case rather than an error case, returning exit status zero instead of non-zero. ([#23008](https://github.com/hashicorp/terraform/issues/23008)] [[#21136](https://github.com/hashicorp/terraform/issues/21136))
* backend/artifactory: Will now honor the `HTTP_PROXY` and `HTTPS_PROXY` environment variables when appropriate, to allow sending requests to the Artifactory endpoints via a proxy. ([#18629](https://github.com/hashicorp/terraform/issues/18629)) BUG FIXES:
* backend/remote: Filter environment variables when loading context for remote backend ([#23283](https://github.com/hashicorp/terraform/issues/23283))
* command/plan: Previously certain changes to lists would cause the list diff in the plan output to miss items. Now `terraform plan` will show those items as expected. ([#22695](https://github.com/hashicorp/terraform/issues/22695))
* command/show: When showing a saved plan file not in JSON mode, use the same presentation as `terraform plan` itself would\'ve used. ([#23292](https://github.com/hashicorp/terraform/issues/23292))
* command/force-unlock: Return an explicit error when the local-filesystem lock implementation receives the wrong lock id. Previously it was possible to see either an incorrect error or no error at all in that case. ([#23336](https://github.com/hashicorp/terraform/issues/23336))
* core: Store absolute instance dependencies in state to allow for proper destroy ordering ([#23252](https://github.com/hashicorp/terraform/issues/23252))
* core: Ensure tainted status is maintained when a destroy operation fails ([#23304](https://github.com/hashicorp/terraform/issues/23304))
* config: `transpose` function will no longer panic when it should produce an empty map as its result. ([#23321](https://github.com/hashicorp/terraform/issues/23321))
* cli: When running Terraform as a sub-process of itself, we will no longer produce errant prefixes on the console output. While we don\'t generally recommend using Terraform recursively like this, it was behaving in this strange way due to an implementation detail of how Terraform captures \"panic\" crashes from the Go runtime, and that subsystem is now updated to avoid that strange behavior. ([#23281](https://github.com/hashicorp/terraform/issues/23281))
* provisioners: Sanitize output to filter invalid utf8 sequences ([#23302](https://github.com/hashicorp/terraform/issues/23302))
* Wed Nov 13 2019 moioAATTsuse.com- Update to 0.12.13 UPGRADE NOTES:
* Remote backend local-only operations:
*
* Previously the remote backend was not correctly handling variables marked as \"HCL\" in the remote workspace when running local-only operations like `terraform import`, instead interpreting them as literal strings as described in [#23228](https://github.com/hashicorp/terraform/issues/23228). That behavior is now corrected in this release, but in the unlikely event that an existing remote workspace contains a variable marked as \"HCL\" whose value is not valid HCL syntax these local-only commands will now fail with a syntax error where previously the value would not have been parsed at all and so an operation not relying on that value may have succeeded in spite of the problem. If you see an error like \"Invalid expression for var.example\" on local-only commands after upgrading, ensure that the remotely-stored value for the given variable uses correct HCL value syntax. This _does not_ affect true remote operations like `terraform plan` and `terraform apply`, because the processing of variables for those always happens in the remote system. BUG FIXES:
* config: Fix regression where self wasn\'t properly evaluated when using for_each ([#23215](https://github.com/hashicorp/terraform/issues/23215))
* config: dotfiles are no longer excluded when copying existing modules; previously, any dotfile/dir was excluded in this copy, but this change makes the local copy behavior match go-getter behavior ([#22946](https://github.com/hashicorp/terraform/issues/22946))
* core: Ensure create_before_destroy ordering is enforced with dependencies between modules ([#22937](https://github.com/hashicorp/terraform/issues/22937))
* core: Fix some destroy-time cycles due to unnecessary edges in the graph, and remove unused resource nodes ([#22976](https://github.com/hashicorp/terraform/issues/22976))
* backend/remote: Correctly handle remotely-stored variables that are marked as \"HCL\" when running local-only operations like `terraform import`. Previously they would produce a type mismatch error, due to misinterpreting them as literal strings. ([#23229](https://github.com/hashicorp/terraform/issues/23229))
* Mon Oct 21 2019 Petr Cervinka - Update to 0.12.12 BUG FIXES:
* backend/remote: Don\'t do local validation of whether variables are set prior to submitting, because only the remote system knows the full set of configured stored variables and environment variables that might contribute. This avoids erroneous error messages about unset required variables for remote runs when those variables will be set by stored variables in the remote workspace. ([#23122](https://github.com/hashicorp/terraform/issues/23122))- Changes of version 0.12.11 ENHANCEMENTS:
* backend/s3: Support `role_arn` in AWS configuration files ([#22994](https://github.com/hashicorp/terraform/issues/22994))
* backend/remote: Remote backend will now ignore all .terraform/ (exclusive of .terraform/modules) and .git/ directories for uploads during remote plans/applies. You can exclude files from upload to TFC by adding a .terraformignore file to your configuration directory, more details at https://www.terraform.io/docs/backends/types/remote.html ([#23105](https://github.com/hashicorp/terraform/issues/23105)) BUG FIXES:
* config: Clean up orphan modules in the presence of -target ([#21313](https://github.com/hashicorp/terraform/issues/21313))
* config: Always evaluate whole resources rather than instances in expressions, so that invalid instance indexes can return a useful error rather than unknown ([#22846](https://github.com/hashicorp/terraform/issues/22846))
* command/jsonplan: fix bug with missing nested modules `planned_values` output ([#23092](https://github.com/hashicorp/terraform/issues/23092))
* command/show: Fix panic when the only resource instance is deposed ([#23027](https://github.com/hashicorp/terraform/issues/23027))
* commands: When required root module variables are not provided and interactive input is disabled (`-input=false`), produce a proper \"variable not defined\" error rather than falling through to an internal assertion failure. ([#23040](https://github.com/hashicorp/terraform/issues/23040))
* provisioner/puppet: fix bug when connection type was not set in config ([#23057](https://github.com/hashicorp/terraform/issues/23057))
* Tue Oct 08 2019 Petr Cervinka - Update to 0.12.10 ENHANCEMENTS:
* `terraform plan` and `terraform apply` will now warn when the `-target` option is used, to draw attention to the fact that the result of applying the plan is likely to be incomplete, and to remind to re-run `terraform plan` with no targets afterwards to ensure that the configuration has converged. ([#22783](https://github.com/hashicorp/terraform/issues/22783))
* config: New function `parseint` for parsing strings containing digits as integers in various bases. ([#22747](https://github.com/hashicorp/terraform/issues/22747))
* config: New function `cidrsubnets`, which is a companion to the existing function `cidrsubnet` which can allocate multiple consecutive subnet prefixes (possibly of different prefix lengths) in a single call. ([#22858](https://github.com/hashicorp/terraform/issues/22858))
* backend/google: The GCS backend now supports OAuth2 token authentication. ([#21772](https://github.com/hashicorp/terraform/issues/21772))
* provisioner/habitat: Multiple updates and fixes, see PR for details ([#22705](https://github.com/hashicorp/terraform/issues/22705)) BUG FIXES:
* backend/manta: fix panic when `insecure_skip_tls_verify` was not set ([#22918](https://github.com/hashicorp/terraform/issues/22918))
* Wed Sep 18 2019 Petr Cervinka - Update to 0.12.9 NOTES:
* core: `ignore_changes` is now processed (in addition to existing behaviors) before the provider plan is run. This means that users may see fewer planned changes when using `ignore_changes`, as before this change, changes to ignored attributes were still being sent to CustomizeDiff in providers (which could mean cascading changes for some resources). This should be indicative that providers are no longer getting changes that were marked as ignored, but if unexpected plans are seen while using `ignore_changes`, investigate the settings in the `ignore_changes` block to ensure the appropriate attributes are set. ([#22520](https://github.com/hashicorp/terraform/issues/22520)) ENHANCEMENTS:
* provisioners/habitat: `accept_license` argument available to automate accepting the EULA, now required by this client ([#22745](https://github.com/hashicorp/terraform/issues/22745))
* config: add source addressing to unknown value errors in `for_each` ([#22760](https://github.com/hashicorp/terraform/issues/22760)) BUG FIXES:
* command/console: support -var and -var-file flags ([#22145](https://github.com/hashicorp/terraform/issues/22145))
* command/show: Fixed bug with wrong errors being returned or swallowed. ([#22772](https://github.com/hashicorp/terraform/issues/22772))
* config: The `cidrhost`, `cidrsubnet`, and `cidrnetmask` functions now behave correctly with IPv6 prefixes that are short enough for the host portion to be greater than 64-bit or 32-bit (depending on the target architecture). ([#22505](https://github.com/hashicorp/terraform/issues/22505))
* config: Fixed bug on empty sets with `for_each` ([#22281](https://github.com/hashicorp/terraform/issues/22281))
* Tue Sep 17 2019 John Paul Adrian Glaubitz - Include in SLE-15 (bsc#1148092, jsc#ECO-134)
* Mon Sep 16 2019 John Paul Adrian Glaubitz - Add %ix86 to ExcludeArch as the build currently fails on i586
* See: https://github.com/hashicorp/terraform/issues/22807
* Tue Sep 10 2019 Petr Cervinka - Update to 0.12.8 NEW FEATURES:
* lang/funcs: New `fileset` function, for finding static local files that match a glob pattern. ([#22523](https://github.com/hashicorp/terraform/issues/22523)) ENHANCEMENTS:
* remote-state/pg: add option to skip schema creation ([#21607](https://github.com/hashicorp/terraform/issues/21607)) BUG FIXES:
* command/console: use user-supplied `-plugin-dir` ([#22616](https://github.com/hashicorp/terraform/issues/22616))
* config: ensure sets are appropriately known for `for_each` ([#22597](https://github.com/hashicorp/terraform/issues/22597))- Changes of version 0.12.7 NEW FEATURES:
* New functions `regex` and `regexall` allow applying a regular expression pattern to a string and retrieving any matching substring(s) ([#22353](https://github.com/hashicorp/terraform/issues/22353)) ENHANCEMENTS:
* lang/funcs: `lookup()` can work with maps of lists, maps and objects ([#22269](https://github.com/hashicorp/terraform/issues/22269))
* SDK: helper/acctest: Add function to return random IP address ([#22312](https://github.com/hashicorp/terraform/issues/22312))
* SDK: httpclient: Introduce composable `UserAgent(version)` ([#22272](https://github.com/hashicorp/terraform/issues/22272))
* connection/ssh: Support certificate authentication ([#22156](https://github.com/hashicorp/terraform/issues/22156)) BUG FIXES:
* config: reduce MinItems and MaxItems validation during decoding, to allow for use of dynamic blocks ([#22530](https://github.com/hashicorp/terraform/issues/22530))
* config: don\'t validate MinItems and MaxItems in CoerceValue, allowing providers to set incomplete values ([#22478](https://github.com/hashicorp/terraform/issues/22478))
* config: fix panic on tuples with `for_each` ([#22279](https://github.com/hashicorp/terraform/issues/22279))
* config: fix references to `each` of `for_each` in s ([#22289](https://github.com/hashicorp/terraform/issues/22289))
* config: fix panic when using nested dynamic blocks ([#22314](https://github.com/hashicorp/terraform/issues/22314))
* config: ensure consistent evaluation when moving between single resources and `for_each` in addressing ([#22454](https://github.com/hashicorp/terraform/issues/22454))
* core: only start a single instance of each required provisioner ([#22553](https://github.com/hashicorp/terraform/issues/22553))
* command: fix issue where commands occasionally exited before the error message printed ([#22373](https://github.com/hashicorp/terraform/issues/22373))
* command/0.12upgrade: use user-supplied plugin-dir ([#22306](https://github.com/hashicorp/terraform/issues/22306))
* command/hook_ui: Truncate the ID considering multibyte characters ([#18823](https://github.com/hashicorp/terraform/issues/18823))
* command/fmt: Terraform fmt no longer inserts spaces after % ([#22356](https://github.com/hashicorp/terraform/issues/22356))
* command/state: Allow moving resources to modules not yet in state ([#22299](https://github.com/hashicorp/terraform/issues/22299))
* backend/google: Now using the OAuth2 token endpoint on `googleapis.com` instead of `google.com`. These endpoints are equivalent in functionality but `googleapis.com` hosts are resolvable from private Google Cloud Platform VPCs where other connectivity is restricted. ([#22451](https://github.com/hashicorp/terraform/issues/22451))
* Mon Aug 19 2019 Dirk Mueller - update to 0.12.6:
* backend/s3: After this update, the AWS Go SDK will prefer credentials found via the `AWS_PROFILE` environment variable when both the `AWS_PROFILE` environment variable and the `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` environment variables are statically defined. Previously the SDK would ignore the `AWS_PROFILE` environment variable, if static environment credentials were also specified. This is listed as a bug fix in the AWS Go SDK release notes. ([#22253](https://github.com/hashicorp/terraform/issues/22253)) NEW FEATURES:
* backend/oss: added support for assume role config ([#22186](https://github.com/hashicorp/terraform/issues/22186))
* config: Resources can now use a for_each meta-argument ([#17179](https://github.com/hashicorp/terraform/issues/17179))
* backend/s3: Add support for assuming role via web identity token via the `AWS_WEB_IDENTITY_TOKEN_FILE` and `AWS_ROLE_ARN` environment variables ([#22253](https://github.com/hashicorp/terraform/issues/22253))
* backend/s3: Support automatic region validation for `me-south-1`. For AWS operations to work in the new region, the region must be explicitly enabled as outlined in the [AWS Documentation](https://docs.aws.amazon.com/general/latest/gr/rande-manage.html#rande-manage-enable) ([#22253](https://github.com/hashicorp/terraform/issues/22253))
* connection/ssh: Improve connection debug messages ([#22097](https://github.com/hashicorp/terraform/issues/22097))
* command/format: No longer show no-ops in `terraform show`, since nothing will change ([#21907](https://github.com/hashicorp/terraform/issues/21907))
* backend/s3: Support for assuming role using credential process from the shared AWS configuration file (support profile containing both `credential_process` and `role_arn` configurations) ([#21908](https://github.com/hashicorp/terraform/issues/21908))
* connection/ssh: Abort ssh connections when the server is no longer responding ([#22037](https://github.com/hashicorp/terraform/issues/22037))
* connection/ssh: Support ssh diffie-hellman-group-exchange-sha256 key exchange ([#22037](https://github.com/hashicorp/terraform/issues/22037))
* lang/funcs: new `abspath` function returns the absolute path to a given file ([#21409](https://github.com/hashicorp/terraform/issues/21409))
* backend/swift: support for user configured state object names in swift containers ([#17465](https://github.com/hashicorp/terraform/issues/17465))
* Bugfixes, see included Changelog for details
* Mon Jul 01 2019 Petr Cervinka - Update to 0.12.3 ENHANCEMENTS:
* config: add GCS source support for modules ([#21254](https://github.com/hashicorp/terraform/issues/21254))
* command/format: Reduce extra whitespaces & new lines ([#21334](https://github.com/hashicorp/terraform/issues/21334))
* backend/s3: Support for chaining assume IAM role from AWS shared configuration files ([#21815](https://github.com/hashicorp/terraform/issues/21815)) BUG FIXES:
* configs: Can now use references like `tags[\"foo\"]` in `ignore_changes` to ignore in-place updates to specific keys in a map ([#21788](https://github.com/hashicorp/terraform/issues/21788))
* configs: Fix panic on missing value for `version` attribute in `provider` blocks. ([#21825](https://github.com/hashicorp/terraform/issues/21825))
* lang/funcs: Fix `merge` panic on null values. Now will give an error if null used ([#21695](https://github.com/hashicorp/terraform/issues/21695))
* backend/remote: Fix \"Conflict\" error if the first state snapshot written after a Terraform CLI upgrade has the same content as the prior state. ([#21811](https://github.com/hashicorp/terraform/issues/21811))
* backend/s3: Fix AWS shared configuration file credential source not assuming a role with environment and ECS credentials ([#21815](https://github.com/hashicorp/terraform/issues/21815))- Changes of version 0.12.2 NEW FEATURES:
* provisioners: new provisioner: `puppet` ([#18851](https://github.com/hashicorp/terraform/issues/18851))
* `range` function for generating a sequence of numbers as a list ([#21461](https://github.com/hashicorp/terraform/issues/21461))
* `yamldecode` and
*experimental
* `yamlencode` functions for working with YAML-serialized data ([#21459](https://github.com/hashicorp/terraform/issues/21459))
* `uuidv5` function for generating name-based (as opposed to pseudorandom) UUIDs ([#21244](https://github.com/hashicorp/terraform/issues/21244))
* backend/oss: Add support for Alibaba OSS remote state ([#16927](https://github.com/hashicorp/terraform/issues/16927)) ENHANCEMENTS:
* config: consider build metadata when interpreting module versions ([#21640](https://github.com/hashicorp/terraform/issues/21640))
* backend/http: implement retries for the http backend ([#19702](https://github.com/hashicorp/terraform/issues/19702))
* backend/swift: authentication mechanisms now more consistent with other OpenStack-compatible tools ([#18671](https://github.com/hashicorp/terraform/issues/18671))
* backend/swift: add application credential support ([#20914](https://github.com/hashicorp/terraform/pull/20914)) BUG FIXES:
* command/show: use the state snapshot included in the planfile when rendering a plan to json ([#21597](https://github.com/hashicorp/terraform/issues/21597))
* config: Fix issue with empty dynamic blocks failing when usign ConfigModeAttr ([#21549](https://github.com/hashicorp/terraform/issues/21549))
* core: Re-validate resource config during final plan ([#21555](https://github.com/hashicorp/terraform/issues/21555))
* core: Fix missing resource timeouts during destroy ([#21611](https://github.com/hashicorp/terraform/issues/21611))
* core: Don\'t panic when encountering an invalid `depends_on` ([#21590](https://github.com/hashicorp/terraform/issues/21590))
* backend: Fix panic when upgrading from a state with a hash value greater than MaxInt ([#21484](https://github.com/hashicorp/terraform/issues/21484))- Changes of version 0.12.1 BUG FIXES:
* core: Always try to select a workspace after initialization ([#21234](https://github.com/hashicorp/terraform/issues/21234))
* command/show: fix inconsistent json output causing a panic ([#21541](https://github.com/hashicorp/terraform/issues/21541))
* config: `distinct` function no longer panics when given an empty list ([#21538](https://github.com/hashicorp/terraform/issues/21538))
* config: Don\'t panic when a `version` constraint is added to a module that was previously initialized without one ([#21542](https://github.com/hashicorp/terraform/issues/21542))
* config: `matchkeys` function argument type checking will no longer fail incorrectly during validation ([#21576](https://github.com/hashicorp/terraform/issues/21576))
* backend/local: Don\'t panic if an instance in the state only has deposed instances, and no current instance ([#21575](https://github.com/hashicorp/terraform/issues/21575))
* Mon Jul 01 2019 Petr Cervinka - Fix versionformat in service file
* Tue May 21 2019 Petr Cervinka - Update to 0.12.0 Incompatibilities and Notes
* Version is not compatible with previous releases, it is needed to follow upgrade manual
* See full upstream changelog for details New Features
* First-class expressions
* for expressions
* Dynamic configuration blocks
* Generalised \"splat\" operator
* Nullable argument values
* Rich types in module inputs variables and output values
* Resource and module object values
* Extended template syntax
* jsondecode and csvdecode interpolation functions
* Revamped error messages
* Structual plan output Other Improvements
* `terraform validate` now accepts an argument `-json` which produces machine-readable output
* The JSON-based variant of the Terraform language now has a more tightly-specified and reliable mapping to the native syntax variant
* The new built-in function [`templatefile`]
* The new built-in function [`formatdate`]
* The new built-in functions [`reverse`]
* A new `pg` state storage backend allows storing state in a PostgreSQL database.
* The `azurerm` state storage backend supports new authentication mechanisms, custom resource manager endpoints, and HTTP proxies.
* The `s3` state storage backend now supports `credential_source` in AWS configuration file
* The `swift` state storage backend now supports locking and workspaces.- Increase go version dependency- Remove conditions for module vendoring
* Tue May 21 2019 Petr Cervinka - Update to 0.11.14 NEW FEATURES:
* `terraform 0.12checklist` command detects and reports on some preparation steps that will make a subsequent Terraform 0.12 upgrade smoother. ([#21241](https://github.com/hashicorp/terraform/issues/21241)) IMPROVEMENTS:
* provider/terraform: The `terraform_remote_state` data source is now able to read outputs from a state snapshot created by Terraform 0.12, to provide more flexibility when upgrading individual configurations to Terraform 0.12 in a decomposed environment. ([#21226](https://github.com/hashicorp/terraform/issues/21226))
* backend/s3: Support DynamoDB, IAM, and STS endpoint configurations ([#20659](https://github.com/hashicorp/terraform/issues/20659))
* backend/s3: Support for AWS regions `eu-north-1` and `us-gov-east-1` ([#20659](https://github.com/hashicorp/terraform/issues/20659))
* backend/s3: Enhance retry logic and provide `max_retries` configuration for retry attempts ([#20659](https://github.com/hashicorp/terraform/issues/20659))
* backend/s3: Enhance S3 `NoSuchBucket` error to include additional information ([#20659](https://github.com/hashicorp/terraform/issues/20659))
* backend/s3: Remove unused EC2 platform and AWS Account ID lookup, and deprecate equivalent `skip_get_ec2_platforms` and `skip_requesting_account_id` arguments ([#20659](https://github.com/hashicorp/terraform/issues/20659))
* backend/remote: Do not unlock a workspace after a failed state upload ([#21148](https://github.com/hashicorp/terraform/issues/21148)) BUG FIXES:
* backend/remote: Ensure variables are loaded correctly when using `terraform console` ([#20858](https://github.com/hashicorp/terraform/issues/20858))
* backend/remote: Make sure workspaces are correctly uploaded ([#20953](https://github.com/hashicorp/terraform/issues/20953))
* backend/remote: Fix panic when loading cached configuration with 0.12 backend schema ([#21199](https://github.com/hashicorp/terraform/issues/21199))
* core: Fix a potential crash when loading module manifests with Windows paths ([#20812](https://github.com/hashicorp/terraform/issues/20812))
* core: Make sure UIInput keeps working after being canceled ([#21140](https://github.com/hashicorp/terraform/issues/21140))
* core: Always try to select a workspace after initialization ([#21230](https://github.com/hashicorp/terraform/issues/21230))
* Thu May 09 2019 Petr Cervinka - Update to 0.11.13 BUG FIXES:
* backend/remote: Fix a backend initialization bug ([#20638](https://github.com/hashicorp/terraform/issues/20638))- Update to 0.11.12 IMPROVEMENTS:
* The `filemd5`, `filesha1`, etc functions from Terraform v0.12 are backported primarily to allow writing modules that can work in both Terraform 0.11 and 0.12, since the `sha1(file(\"...\"))` pattern in 0.12 works only for files containing valid UTF-8 text; `sha1file(\"...\")` must be used instead. Both forms are equivalent in Terraform 0.11.
* backend/remote: Retry calls when the remote backend responds with a server error ([#20589](https://github.com/hashicorp/terraform/issues/20589))
* backend/remote: Check for external updates while waiting for user input ([#20622](https://github.com/hashicorp/terraform/issues/20622)) BUG FIXES:
* backend/remote: Fix \"token too long\" errors when streaming remote operation logs ([#20241](https://github.com/hashicorp/terraform/issues/20241))
* backend/remote: Use the `can-queue-apply` permission to detect if apply is allowed ([#20462](https://github.com/hashicorp/terraform/issues/20462))
* backend/remote: Exit with 1 when a remote run is canceled ([#20482](https://github.com/hashicorp/terraform/issues/20482))
* core: Use slashes in the module manifest to prevent Windows/Linux compatibility issues ([#20246](https://github.com/hashicorp/terraform/issues/20246))- Update to 0.11.12-beta1 IMPROVEMENTS:
* command/state: Use locking when updating states ([#19939](https://github.com/hashicorp/terraform/issues/19939))
* backend/remote: Add support for remote state only organizations ([#20007](https://github.com/hashicorp/terraform/issues/20007))
* backend/remote: Make sure the correct error is shown when having version incompatibilities ([#20086](https://github.com/hashicorp/terraform/issues/20086)) BUG FIXES:
* backend/remote: Fix an error that prevents checking version constraints ([#19668](https://github.com/hashicorp/terraform/issues/19668))
* backend/remote: Compare versions without the prerelease ([#19705](https://github.com/hashicorp/terraform/issues/19705))- Run spec-cleaner- Add GOFLAGS=-mod=vendor to fix build on Tumbleweed and Leap 15.1
* Mon Feb 11 2019 Petr Cervinka - Update to 0.11.11 IMPROVEMENTS:
* backend/remote: Return detailed version (in)compatibility information ([#19659](https://github.com/hashicorp/terraform/issues/19659))
* core: Enhance service discovery error handling and messaging ([#19589](https://github.com/hashicorp/terraform/issues/19589))
* core: Add support to retrieve version constraints to service discovery ([#19647](https://github.com/hashicorp/terraform/issues/19647)) BUG FIXES:
* backend/remote: Fix symlink issues and Windows support when uploading configurations ([#19573](https://github.com/hashicorp/terraform/issues/19573))- Changes of version 0.11.10 BUG FIXES:
* backend/local: Do not use backend operation variables ([#19175](https://github.com/hashicorp/terraform/issues/19175))- Changes of version 0.11.9 IMPROVEMENTS:
* backend/remote: Also show policy check output when running a plan ([#19088](https://github.com/hashicorp/terraform/issues/19088))- Changes of version 0.11.9-beta1 IMPROVEMENTS:
* provisioner/chef: Use user:group chown syntax ([#18533](https://github.com/hashicorp/terraform/issues/18533))
* helper/resource: Add `ParallelTest()` to allow opt-in acceptance testing concurrency with `t.Parallel()` ([#18688](https://github.com/hashicorp/terraform/issues/18688))
* backend/manta: Deprecate the `objectName` attribute in favor of the new `object_name` attribute ([#18759](https://github.com/hashicorp/terraform/issues/18759))
* backend/migrations: Migrate existing non-empty default states when the backend only supports named states ([#18760](https://github.com/hashicorp/terraform/issues/18760))
* provider/terraform: `terraform_remote_state` now accepts complex backend configurations ([#18759](https://github.com/hashicorp/terraform/issues/18759))
* backend/remote: Implement the state.Locker interface to support state locking ([#18826](https://github.com/hashicorp/terraform/issues/18826))
* backend/remote: Add initial support for the apply command ([#18950](https://github.com/hashicorp/terraform/issues/18950))
* backend/remote: Ask to cancel pending remote operations when Ctrl-C is pressed ([#18979](https://github.com/hashicorp/terraform/issues/18979))
* backend/remote: Add support for the `-no-color` command line flag ([#19002](https://github.com/hashicorp/terraform/issues/19002))
* backend/remote: Prevent running plan or apply without permissions ([#19012](https://github.com/hashicorp/terraform/issues/19012))
* backend/remote: Add checks for all flags we currently don’t support ([#19013](https://github.com/hashicorp/terraform/issues/19013))
* backend/remote: Allow enhanced backends to pass custom exit codes ([#19014](https://github.com/hashicorp/terraform/issues/19014))
* backend/remote: Properly handle workspaces that auto apply changes ([#19022](https://github.com/hashicorp/terraform/issues/19022))
* backend/remote: Don’t ask questions when `-auto-approve` is set ([#19035](https://github.com/hashicorp/terraform/issues/19035))
* backend/remote: Print status updates while waiting for the run to start ([#19047](https://github.com/hashicorp/terraform/issues/19047)) BUG FIXES:
* backend/azurerm: Update endpoint for Azure Government (SDK Update) ([#18877](https://github.com/hashicorp/terraform/issues/18877))
* backend/migrations: Check all workspaces for existing non-empty states ([#18757](https://github.com/hashicorp/terraform/issues/18757))
* provider/terraform: Always call the backend validation method to prevent a possible panic ([#18759](https://github.com/hashicorp/terraform/issues/18759))
* backend/remote: Take working directories (optional on workspaces) into account ([#18773](https://github.com/hashicorp/terraform/issues/18773))
* backend/remote: Use pagination when retrieving states (workspaces) ([#18817](https://github.com/hashicorp/terraform/issues/18817))
* backend/remote: Add the run ID to associate state when being used in TFE ([#18818](https://github.com/hashicorp/terraform/issues/18818))
* core: Make sure the state is locked before it is used when `(un)tainting` ([#18894](https://github.com/hashicorp/terraform/issues/18894))- Changes of version 0.11.8 NEW FEATURES:
* New `remote` backend: Inital release of the `remote` backend for use with Terraform Enterprise and Private Terraform Enterprise ([#18596](https://github.com/hashicorp/terraform/issues/18596)) IMPROVEMENTS:
* cli: display workspace name in apply and destroy commands if not default ([#18253](https://github.com/hashicorp/terraform/issues/18253))
* cli: Remove error on empty outputs when `-json` is set ([#11721](https://github.com/hashicorp/terraform/issues/11721))
* helper/schema: Resources have a new `DeprecationMessage` property that can be set to a string, allowing full resources to be deprecated ([#18286](https://github.com/hashicorp/terraform/issues/18286))
* backend/s3: Allow fallback to session-derived credentials (e.g. session via `AWS_PROFILE` environment variable and shared configuration) ([#17901](https://github.com/hashicorp/terraform/issues/17901))
* backend/s3: Allow usage of `AWS_EC2_METADATA_DISABLED` environment variable ([#17901](https://github.com/hashicorp/terraform/issues/17901)) BUG FIXES:
* config: The `rsadecrypt` interpolation function will no longer include the private key in an error message if it cannot be processed. ([#18333](https://github.com/hashicorp/terraform/issues/18333))
* provisioner/habitat: add missing space for service url ([#18400](https://github.com/hashicorp/terraform/issues/18400))
* backend/s3: Skip extraneous EC2 metadata redirect ([#18570](https://github.com/hashicorp/terraform/issues/18570))
* Fri Apr 13 2018 tbechtoldAATTsuse.com- update to 0.11.7: BUG FIXES:
* core: Fix handling of interpolated counts when applying a destroy plan ([#17824](https://github.com/hashicorp/terraform/issues/17824)) PROVIDER SDK CHANGES (not user-facing):
* helper/schema: Invoking `ForceNew` on a key being removed from config during diff customization now correctly exposes that key as being removed in the updated diff. This prevents diff mismatches under certain circumstances. ([#17811](https://github.com/hashicorp/terraform/issues/17811))
* helper/schema: Invoking `ForceNew` during diff customization on its own no longer writes any new data to the diff. This prevents writing of new nil to zero value diffs for sub-fields of complex lists and sets where a diff did not exist before. ([#17811](https://github.com/hashicorp/terraform/issues/17811)) BUG FIXES:
* cli: Don\'t allow -target without arguments ([#16360](https://github.com/hashicorp/terraform/issues/16360))
* cli: Fix strange formatting of list and map values in the `terraform console` command ([#17714](https://github.com/hashicorp/terraform/issues/17714))
* core: Don\'t evaluate unused outputs during a full destroy operation ([#17768](https://github.com/hashicorp/terraform/issues/17768))
* core: Fix local and output evaluation when they reference a resource being scaled down to 0 ([#17765](https://github.com/hashicorp/terraform/issues/17765))
* connection/ssh: Retry on authentication failures when the remote service is available before it is completely configured ([#17744](https://github.com/hashicorp/terraform/issues/17744))
* connection/winrm: Get execution errors from winrm commands ([#17788](https://github.com/hashicorp/terraform/issues/17788))
* connection/winrm: Support NTLM authentication ([#17748](https://github.com/hashicorp/terraform/issues/17748))
* provisioner/chef: Fix regression causing connection to be prematurely closed ([#17609](https://github.com/hashicorp/terraform/pull/17609))
* provisioner/habitat: Set channel and builder URL during install, and enable service before start ([#17403](https://github.com/hashicorp/terraform/issues/17403)) ([#17781](https://github.com/hashicorp/terraform/issues/17781)) PROVIDER SDK CHANGES (not user-facing):
* helper/schema: Attribute value is no longer included in error message when `ConflictsWith` keys are used together. ([#17738](https://github.com/hashicorp/terraform/issues/17738)) IMPROVEMENTS:
* provisioner/chef: Allow specifying a channel ([#17355](https://github.com/hashicorp/terraform/issues/17355)) BUG FIXES:
* core: Fix the timeout handling for provisioners ([#17646](https://github.com/hashicorp/terraform/issues/17646))
* core: Ensure that state is unlocked after running console, import, graph or push commands ([#17645](https://github.com/hashicorp/terraform/issues/17645))
* core: Don\'t open multiple file descriptors for local state files, which would cause reading the state to fail on Windows ([#17636](https://github.com/hashicorp/terraform/issues/17636)) IMPROVEMENTS:
* cli: `terraform state list` now accepts a new argument `-id=...` for filtering resources for display by their remote ids ([#17221](https://github.com/hashicorp/terraform/issues/17221))
* cli: `terraform destroy` now uses the option `-auto-approve` instead of `-force`, for consistency with `terraform apply`. The old flag is preserved for backward-compatibility, but is now deprecated; it will be retained for at least one major release. ([#17218](https://github.com/hashicorp/terraform/issues/17218))
* connection/ssh: Add support for host key verification ([#17354](https://github.com/hashicorp/terraform/issues/17354))
* backend/s3: add support for the cn-northwest-1 region ([#17216](https://github.com/hashicorp/terraform/issues/17216))
* provisioner/local-exec: Allow setting custom environment variables when running commands ([#13880](https://github.com/hashicorp/terraform/issues/13880))
* provisioner/habitat: Detect if hab user exists and only create if necessary ([#17195](https://github.com/hashicorp/terraform/issues/17195))
* provisioner/habitat: Allow custom service name ([#17196](https://github.com/hashicorp/terraform/issues/17196))
* general: https URLs are now supported in the HTTP_PROXY environment variable for URLs interpreted by Terraform Core. (This will not immediately be true for all Terraform provider plugins, since each must upgrade its own HTTP client.) [go1.10:net/http](https://golang.org/doc/go1.10#net/http) BUG FIXES:
* core: Make sure state is locked during initial refresh ([#17422](https://github.com/hashicorp/terraform/issues/17422))
* core: Halt on fatal provisioner errors, rather than retrying until a timeout ([#17359](https://github.com/hashicorp/terraform/issues/17359))
* core: When handling a forced exit due to multiple interrupts, prevent the process from exiting while the state is being written ([#17323](https://github.com/hashicorp/terraform/issues/17323))
* core: Fix handling of locals and outputs at destroy time ([#17241](https://github.com/hashicorp/terraform/issues/17241))
* core: Fix regression in handling of `count` arguments that refer to `count` attributes from other resources ([#17548](https://github.com/hashicorp/terraform/issues/17548))
* provider/terraform: restore support for the deprecated `environment` argument to the `terraform_remote_state` data source ([#17545](https://github.com/hashicorp/terraform/issues/17545))
* backend/gcs: Report the correct lock ID for GCS state locks ([#17397](https://github.com/hashicorp/terraform/issues/17397)) PROVIDER SDK CHANGES (not user-facing):
* helper/schema: Prevent crash on removal of computed field in CustomizeDiff ([#17261](https://github.com/hashicorp/terraform/issues/17261))
* helper/schema: Allow ResourceDiff.ForceNew on nested fields (avoid crash) ([#17463](https://github.com/hashicorp/terraform/issues/17463))
* helper/schema: Allow `TypeMap` to have a `
*schema.Schema` as its `Elem`, for consistency with `TypeSet` and `TypeList` ([#17097](https://github.com/hashicorp/terraform/issues/17097))
* helper/validation: Add ValidateRFC3339TimeString function ([#17484](https://github.com/hashicorp/terraform/issues/17484))
* Sat Feb 17 2018 fcastelliAATTsuse.com- Update to v0.11.3:
* IMPROVEMENTS:
* backend/s3: add support for the eu-west-3 region ([#17193](https://github.com/hashicorp/terraform/issues/17193))
* BUG FIXES:
* core: fix crash when an error is encountered during refresh ([#17076](https://github.com/hashicorp/terraform/issues/17076))
* config: fixed crash when module source is invalid ([#17134](https://github.com/hashicorp/terraform/issues/17134))
* config: allow the count pseudo-attribute of a resource to be interpolated into `provisioner` and `connection` blocks without errors ([#17133](https://github.com/hashicorp/terraform/issues/17133))
* backend/s3: allow the workspace name to be a prefix of workspace_key_prefix ([#17086](https://github.com/hashicorp/terraform/issues/17086))
* provisioner/chef: fix crash when validating `use_policyfile` ([#17147](https://github.com/hashicorp/terraform/issues/17147))- Changes of version 0.11.2:
* BACKWARDS INCOMPATIBILITIES / NOTES:
* backend/gcs: The gcs remote state backend was erroneously creating the state bucket if it didn\'t exist. This is not the intended behavior of backends, as Terraform cannot track or manage that resource. The target bucket must now be created separately, before using it with Terraform. ([#16865](https://github.com/hashicorp/terraform/issues/16865))
* NEW FEATURES:
*
*
*[Habitat](https://www.habitat.sh/) Provisioner
*
* allowing automatic installation of the Habitat agent ([#16280](https://github.com/hashicorp/terraform/issues/16280))
* IMPROVEMENTS:
* core: removed duplicate prompts and clarified working when migration backend configurations ([#16939](https://github.com/hashicorp/terraform/issues/16939))
* config: new `rsadecrypt` interpolation function allows decrypting a base64-encoded ciphertext using a given private key. This is particularly useful for decrypting the password for a Windows instance on AWS EC2, but is generic and may find other uses too. ([#16647](https://github.com/hashicorp/terraform/issues/16647))
* config: new `timeadd` interpolation function allows calculating a new timestamp relative to an existing known timestamp. ([#16644](https://github.com/hashicorp/terraform/issues/16644))
* cli: Passing an empty string to `-plugin-dir` during init will remove previously saved paths ([#16969](https://github.com/hashicorp/terraform/issues/16969))
* cli: Module and provider installation (and some other Terraform features) now implement [RFC6555](https://tools.ietf.org/html/rfc6555) when making outgoing HTTP requests, which should improve installation reliability for dual-stack (both IPv4 and IPv6) hosts running on networks that have non-performant or broken IPv6 Internet connectivity by trying both IPv4 and IPv6 connections. ([#16805](https://github.com/hashicorp/terraform/issues/16805))
* backend/s3: it is now possible to disable the region check, for improved compatibility with third-party services that attempt to mimic the S3 API. ([#16757](https://github.com/hashicorp/terraform/issues/16757))
* backend/s3: it is now possible to for the path-based S3 API form, for improved compatibility with third-party services that attempt to mimic the S3 API. ([#17001](https://github.com/hashicorp/terraform/issues/17001))
* backend/s3: it is now possible to use named credentials from the `~/.aws/credentials` file, similarly to the AWS plugin ([#16661](https://github.com/hashicorp/terraform/issues/16661))
* backend/manta: support for Triton RBAC ([#17003](https://github.com/hashicorp/terraform/issues/17003))
* backend/gcs: support for customer-supplied encryption keys for remote state buckets ([#16936](https://github.com/hashicorp/terraform/issues/16936))
* provider/terraform: in `terraform_remote_state`, the argument `environment` is now deprecated in favor of `workspace`. The `environment` argument will be removed in a later Terraform release. ([#16558](https://github.com/hashicorp/terraform/issues/16558))
* BUG FIXES:
* config: fixed crash in `substr` interpolation function with invalid offset ([#17043](https://github.com/hashicorp/terraform/issues/17043))
* config: Referencing a count attribute in an output no longer generates a warning ([#16866](https://github.com/hashicorp/terraform/issues/16866))
* cli: Terraform will no longer crash when `terraform plan`, `terraform apply`, and some other commands encounter an invalid provider version constraint in configuration, generating a proper error message instead. ([#16867](https://github.com/hashicorp/terraform/issues/16867))
* backend/gcs: The usage of the GOOGLE_CREDENTIALS environment variable now matches that of the google provider ([#16865](https://github.com/hashicorp/terraform/issues/16865))
* backend/gcs: fixed the locking methodology to avoid \"double-locking\" issues when used with the `terraform_remote_state` data source ([#16852](https://github.com/hashicorp/terraform/issues/16852))
* backend/s3: the `workspace_key_prefix` can now be an empty string or contain slashes ([#16932](https://github.com/hashicorp/terraform/issues/16932))
* provisioner/salt-masterless: now waits for all of the remote operations to complete before returning ([#16704](https://github.com/hashicorp/terraform/issues/16704))- Changes of version 0.11.1
* IMPROVEMENTS:
* modules: Modules can now receive a specific provider configuration in the `providers` map, even if it\'s only implicitly used ([#16619](https://github.com/hashicorp/terraform/issues/16619))
* config: Terraform will now detect and warn about outputs containing potentially-problematic references to resources with `count` set where the references does not use the \"splat\" syntax. This identifies situations where an output may [reference a resource with `count = 0`](https://www.terraform.io/upgrade-guides/0-11.html#referencing-attributes-from-resources-with-count-0) even if the `count` expression does not _currently_ evaluate to `0`, allowing the bug to be detected and fixed _before_ the value is later changed to `0` and would thus become an error.
*
*This usage will become a fatal error in Terraform 0.12
*
*. ([#16735](https://github.com/hashicorp/terraform/issues/16735))
* core: A new environment variable `TF_WARN_OUTPUT_ERRORS=1` is supported to opt out of the behavior introduced in 0.11.0 where errors in output expressions halt execution. This restores the previous behavior where such errors are ignored, allowing users to apply problematic configurations without fixing all of the errors. This opt-out will be removed in Terraform 0.12, so it is strongly recommended to use the new warning described in the previous item to detect and fix these problematic expressions. ([#16782](https://github.com/hashicorp/terraform/issues/16782))
* BUG FIXES:
* cli: fix crash when subcommands with sub-subcommands are accidentally provided as a single argument, such as `terraform \"workspace list\"` ([#16789](https://github.com/hashicorp/terraform/issues/16789))- Changes of version 0.11.0
* BACKWARDS INCOMPATIBILITIES / NOTES: The following items give an overview of the incompatibilities and other noteworthy changes in this release. For more details on some of these changes, along with information on how to upgrade existing configurations where needed, see [the v0.11 upgrade guide](https://www.terraform.io/upgrade-guides/0-11.html).
* Output interpolation errors are now fatal. Module configs with unused outputs which contained errors will no longer be valid.
* Module configuration blocks have 2 new reserved attribute names, \"providers\" and \"version\". Modules using these as input variables will need to be updated.
* The module provider inheritance rules have changed. Inherited provider configurations will no longer be merged with local configurations, and additional (aliased) provider configurations must be explicitly passed between modules when shared. See [the upgrade guide](https://www.terraform.io/upgrade-guides/0-11.html) for more details.
* The command `terraform apply` with no explicit plan argument is now interactive by default. Specifically, it will show the generated plan and wait for confirmation before applying it, similar to the existing behavior of `terraform destroy`. The behavior is unchanged when a plan file argument is provided, and the previous behavior can be obtained _without_ a plan file by using the `-auto-approve` option.
* The `terraform` provider (that is, the provider that contains the `terraform_remote_state` data source) has been re-incorporated as a built-in provider in the Terraform Core executable. In 0.10 it was split into a separate plugin along with all of the other providers, but this provider uses several internal Terraform Core APIs and so in practice it\'s been confusing to version that separately from Terraform Core. As a consequence, this provider no longer supports version constraints, and so `version` attributes for this provider in configuration must be removed.
* When remote state is enabled, Terraform will no longer generate a local `terraform.tfstate.backup` file before updating remote state. Previously this file could potentially be used to recover a previous state to help recover after a mistake, but it also caused a potentially-sensitive state file to be generated in an unexpected location that may be inadvertently copied or checked in to version control. With this local backup now removed, we recommend instead relying on versioning or backup mechanisms provided by the backend, such as Amazon S3 versioning or Terraform Enterprise\'s built-in state history mechanism. (Terraform will still create the local file `errored.tfstate` in the unlikely event that there is an error when writing to the remote backend.)
* NEW FEATURES:
* modules: Module configuration blocks now have a \"version\" attribute, to set a version constraint for modules sourced from a registry. ([#16466](https://github.com/hashicorp/terraform/issues/16466))
* modules: Module configuration blocks now have a \"providers\" attribute, to map a provider configuration from the current module into a submodule ([#16379](https://github.com/hashicorp/terraform/issues/16379))
* backend/gcs: The gcs remote state backend now supports workspaces and locking.
* backend/manta: The Manta backend now supports workspaces and locking ([#16296](https://github.com/hashicorp/terraform/issues/16296))
* IMPROVEMENTS:
* cli: The `terraform apply` command now waits for interactive approval of the generated plan before applying it, unless an explicit plan file is provided. ([#16502](https://github.com/hashicorp/terraform/issues/16502))
* cli: The `terraform version` command now prints out the version numbers of initialized plugins as well as the version of Terraform core, so that they can be more easily shared when opening GitHub Issues, etc. ([#16439](https://github.com/hashicorp/terraform/issues/16439))
* cli: A new `TF_DATA_DIR` environment variable can be used to override the location where Terraform stores the files normally placed in the `.terraform` directory. ([#16207](https://github.com/hashicorp/terraform/issues/16207))
* provider/terraform: now built in to Terraform Core so that it will always have the same backend functionality as the Terraform release it corresponds to. ([#16543](https://github.com/hashicorp/terraform/issues/16543))
* BUG FIXES:
* config: Provider config in submodules will no longer be overridden by parent providers with the same name. ([#16379](https://github.com/hashicorp/terraform/issues/16379))
* cli: When remote state is enabled, Terraform will no longer generate a local `terraform.tfstate.backup` file before updating remote state. ([#16464](https://github.com/hashicorp/terraform/issues/16464))
* core: state now includes a reference to the provider configuration most recently used to create or update a resource, so that the same configuration can be used to destroy that resource if its configuration (including the explicit pointer to a provider configuration) is removed ([#16586](https://github.com/hashicorp/terraform/issues/16586))
* core: Module outputs can now produce errors, preventing them from silently propagating through the config. ([#16204](https://github.com/hashicorp/terraform/issues/16204))
* backend/gcs: will now automatically add a slash to the given prefix if not present, since without it the workspace enumeration does not function correctly ([#16585](https://github.com/hashicorp/terraform/issues/16585))
* PROVIDER FRAMEWORK CHANGES (not user-facing):
* helper/schema: Loosen validation for \'id\' field ([#16456](https://github.com/hashicorp/terraform/issues/16456))- Changes of version 0.10.8
* NEW FEATURES:
*
*
*New `etcdv3` backend
*
*, for use with the newer etcd api ([#15680](https://github.com/hashicorp/terraform/issues/15680))
*
*
*New interpolation function `chunklist`
*
*, for spliting a list into a list of lists with specified sublist chunk sizes. ([#15112](https://github.com/hashicorp/terraform/issues/15112))
* IMPROVEMENTS:
* backend/s3: Add options to skip AWS validation which allows non-AWS S3 backends ([#15553](https://github.com/hashicorp/terraform/issues/15553))
* BUG FIXES:
* command/validate: Respect `-plugin-dir` overridden plugin paths in the `terraform validate` command. ([#15985](https://github.com/hashicorp/terraform/issues/15985))
* provisioner/chef: Clean clients from `chef-vault` when `recreate_client` enabled ([#16357](https://github.com/hashicorp/terraform/issues/16357))
* communicator/winrm: Support the `cacert` option for custom certificate authorities when provisioning over WinRM ([#14783](https://github.com/hashicorp/terraform/issues/14783))
* Fri Oct 06 2017 tbechtoldAATTsuse.com- Add terraform-rpmlintrc as Source99
* Wed Oct 04 2017 thippAATTsuse.de- Update to v0.10.7: - NEW FEATURES:
* Provider plugins can now optionally be cached in a shared directory to avoid re-downloading them for each configuration working directory. For more information, see the documentation. (#16000) - IMPROVEMENTS:
* config: New abs interpolation function, returning the absolute value of a number (#16168)
* config: New transpose interpolation function, which swaps the keys and values in a map of lists of strings. (#16192)
* cli: The Terraform CLI now supports tab-completion for commands and certain arguments for bash and zsh users. See the tab-completion docs for information on how to enable it. (#16176)
* cli: terraform state rm now includes in its output the count of resources that were removed from the state. (#16137) - BUG FIXES:
* modules: Update go-getter to fix crash when fetching invalid source subdir (#16161)
* modules: Fix regression in the handling of modules sourcing other modules with relative paths (#16160)
* core: Skip local value interpolation during destroy (#16213)
* Tue Sep 19 2017 thippAATTsuse.de- Update to v0.10.6: - UPGRADE NOTES:
* The internal storage of modules has changed in this release, so after upgrading terraform init must be run to re-install modules in the new on-disk format. The existing installed versions of modules will be ignored, so the latest version of each module will be installed. - IMPROVEMENTS:
* cli: terraform import now accepts an option -allow-missing-config that overrides the default requirement that a configuration block must already be present for the resource being imported. (#15876)
* Mon Sep 18 2017 thippAATTsuse.de- Update to v0.10.5: - NEW FEATURES:
* config: indent interpolation function appends spaces to all but the first line of a multi-line string (#15311) - IMPROVEMENTS:
* cli: terraform fmt has a new option -check which makes it return a non-zero exit status if any formatting changes are required (#15387)
* cli: When running Terraform in automation, a new environment variable TF_IN_AUTOMATION can be used to disable or adjust certain prompts that would normally include specific CLI commands to run. This assumes that the wrapping automation tool is providing its own UI for guiding the user through the workflow, and thus the standard advice would be redundant and/or confusing. (#16059) - BUG FIXES:
* cli: restore the \"(forces new resource)\" annotations on attributes that were inadvertently disabled in 0.10.4. (#16067)
* cli: fix regression with installing modules from git when the GIT_SSH_COMMAND environment variable is set (#16099)
* Thu Sep 07 2017 thippAATTsuse.de- Update to v0.10.4: - IMPROVEMENTS:
* terraform apply now uses the standard resource address syntax to refer to resources in its log (#15884)
* terraform plan output has some minor adjustments to improve readability and accessibility for those who can\'t see its colors (#15884) - BUG FIXES:
* backend/consul: fix crash during consul backend initialization (#15976)
* backend/azurerm: ensure that blob storage metadata is preserved when updating state blobs, to avoid losing track of lock metadata (#16015)
* config: local values now work properly in resource count and in modules with more than one .tf file (#15995] [#15982)
* cli: removed some inconsistencies in how data sources are counted and tallied in plan vs. apply and apply vs. destroy. In particular, data sources are no longer incorrectly counted as destroyed in terraform destroy (#15884)
* Mon Sep 04 2017 thippAATTsuse.de- Require go >= 1.9
* Fri Sep 01 2017 thippAATTsuse.de- Update to v0.10.3: - BACKWARDS INCOMPATIBILITIES / NOTES:
* LGPL Dependencies Removed (#15862) - NEW FEATURES:
* Local Values: this new configuration language feature allows assigning a symbolic local name to an expression so it can be used multiple times in configuration without repetition. See the documentation for how to define and use local values. (#15449)
* base64gzip interpolation function: compresses a string with gzip and then base64-encodes the result (#3858)
* flatten interpolation function: turns a list of lists, or list of lists of lists, etc into a flat list of primitive values (#15278)
* urlencode interpolation function: applies standard URL encoding to a string so that it can be embedded in a URL without making it invalid and without any of the characters being interpreted as part of the URL structure (#15871)
* salt-masterless provisioner: runs Salt in masterless mode on a target server (#14720) - IMPROVEMENTS:
* config: The jsonencode interpolation function now accepts nested list and map structures, where before it would accept only strings, lists of strings, and maps of strings. (#14884)
* cli: The \"creation complete\" (and similar) messages from terraform apply now include a total elapsed time for each operation. (#15548)
* cli: Module installation (with either terraform init or terraform get) now detects and recursively initializes submodules when the source is a git repository. (#15891)
* cli: Modules can now be installed from .tar.xz archives, in addition to the existing .tar.gz, .tar.bz2 and .zip. (#15891)
* provisioner/local-exec: now possible to specify a custom \"interpreter\", overriding the default of either bash -c (on Unix) or cmd.exe /C (on Windows) (#15166)
* backend/consul: can now set the path to a specific CA certificate file, client certificate file, and client key file that will be used when configuring the underlying Consul client. (#15405)
* backend/http: now has optional support for locking, with special support from the target server. Additionally, the update operation can now optionally be implemented via PUT rather than POST. (#15793)
* helper/resource: Add TestStep.SkipFunc (#15957) - BUG FIXES:
* cli: terraform init now verifies the required Terraform version from the root module config. Previously this was verified only on subsequent commands, after initialization. (#15935)
* cli: terraform validate now consults terraform.tfvars, if present, to set variable values. This is now consistent with the behavior of other commands. (#15938)
* Thu Aug 17 2017 thippAATTsuse.de- Update to v0.10.2: - BUG FIXES:
* tools/terraform-bundle: Add missing Ui to ProviderInstaller (fix crash) (#15826)
* go-plugin: crash when server emits non-key-value JSON (go-plugin#43)
* Wed Aug 16 2017 thippAATTsuse.de- Update to v0.10.1: - BUG FIXES:
* Fix terraform state rm and mv commands to work correctly with remote state backends (#15652)
* Fix errors when interpolations fail during input (#15780)
* Backoff retried in remote-execution provisioner (#15772)
* Load plugins from ~/.terraform.d/plugins/OS_ARCH/ and .terraformrc (#15769)
* The import command was ignoring the remote state configuration (#15768)
* Don\'t allow leading slashes in s3 bucket names for remote state (#15738) - IMPROVEMENTS:
* helper/schema: Add GetOkExists schema function (#15723)
* helper/schema: Make \'id\' a reserved field name (#15695)
* command/init: Display version + source when initializing plugins (#15804) - INTERNAL CHANGES:
* DiffFieldReader.ReadField caches results to optimize deeply nested schemas (#15663)
* Tue Aug 08 2017 thippAATTsuse.de- Update to v0.10.0: - BACKWARDS INCOMPATIBILITIES / NOTES:
* A new flag -auto-approve has been added to terraform apply. This flag controls whether an interactive approval is applied before making the changes in the plan. For now this flag defaults to true to preserve previous behavior, but this will become the new default in a future version. We suggest that anyone running terraform apply in wrapper scripts or automation refer to the upgrade guide to learn how to prepare such wrapper scripts for the later breaking change.
* The validate command now checks that all variables are specified by default. The validation will fail by default if that\'s not the case. (#13872)
* terraform state rm now requires at least one argument. Previously, calling it with no arguments would remove all resources from state, which is consistent with the other terraform state commands but unlikely enough that we considered it better to be inconsistent here to reduce the risk of accidentally destroying the state.
* Terraform providers are no longer distributed as part of the main Terraform distribution. Instead, they are installed automatically as part of running terraform init. It is therefore now mandatory to run terraform init before any other operations that use provider plugins, to ensure that the required plugins are installed and properly initialized.
* The terraform env family of commands have been renamed to terraform workspace, in response to feedback that the previous naming was confusing due to collisions with other concepts of the same name. The commands still work the same as they did before, and the env subcommand is still supported as an alias for backward compatibility. The env subcommand will be removed altogether in a future release, so it\'s recommended to update any automation or wrapper scripts that use these commands.
* The terraform init subcommand no longer takes a SOURCE argument to copy to the current directory. The behavior has been changed to match that of plan and apply, so that a configuration can be provided as an argument on the commandline while initializing the current directory. If a module needs to be copied into the current directory before initialization, it will have to be done manually.
* The -target option available on several Terraform subcommands has changed behavior and now matches potentially more resources. In particular, given an option -target=module.foo, resources in any descendent modules of foo will also be targeted, where before this was not true. After upgrading, be sure to look carefully at the set of changes proposed by terraform plan when using -target to ensure that the target is being interpreted as expected. Note that the -target argument is offered for exceptional circumstances only and is not intended for routine use.
* The import command requires that imported resources be specified in the configuration file. Previously, users were encouraged to import a resource and then write the configuration block for it. This creates the risk that users could import a resource and subsequently create no configuration for it, which results in Terraform deleting the resource. If the imported resource is not present in the configuration file, the import command will fail. - FEATURES:
* Separate Provider Releases: Providers are now released independently from Terraform.
* Automatic Provider Installation: The required providers will be automatically installed during terraform init.
* Provider Constraints: Provider are now versioned, and version constraints may be declared in the configuration. - PROVIDERS:
* Providers now maintain their own CHANGELOGs in their respective repositories: terraform-providers - IMPROVEMENTS:
* cli: Add a -from-module flag to terraform init to re-introduce the legacy terraform init behavior of fetching a module. (#15666)
* backend/s3: Add workspace_key_prefix to allow a user-configurable prefix for workspaces in the S3 Backend. (#15370)
* cli: terraform apply now has an option -auto-approve=false that produces an interactive prompt to approve the generated plan. This will become the default workflow in a future Terraform version. (#7251)
* cli: terraform workspace show command prints the current workspace name in a way that\'s more convenient for processing in wrapper scripts. (#15157)
* cli: terraform state rm will now generate an error if no arguments are passed, whereas before it treated it as an open resource address selecting all resources (#15283)
* cli: Files in the config directory ending in .auto.tfvars are now loaded automatically (in lexicographical order) in addition to the single terraform.tfvars file that auto-loaded previously. (#13306)
* Providers no longer in the main Terraform distribution; installed automatically by init instead (#15208)
* cli: terraform env command renamed to terraform workspace (#14952)
* cli: terraform init command now has -upgrade option to download the latest versions (within specified constraints) of modules and provider plugins.
* cli: The -target option to various Terraform operation can now target resources in descendent modules. (#15314)
* cli: Minor updates to terraform plan output: use standard resource address syntax, more visually-distinct -/+ actions, and more (#15362)
* config: New interpolation function contains, to find if a given string exists in a list of strings. (#15322) - BUG FIXES:
* provisioner/chef: fix panic (#15617)
* Don\'t show a message about the path to the state file if the state is remote (#15435)
* Fix crash when terraform graph is run with no configuration (#15588)
* Handle correctly the .exe suffix on locally-compiled provider plugins on Windows systems. (#15587)
* config: Fixed a parsing issue in the interpolation language HIL that was causing misinterpretation of literal strings ending with escaped backslashes (#15415)
* core: the S3 Backend was failing to remove the state file checksums from DynamoDB when deleting a workspace (#15383)
* core: Improved reslience against crashes for a certain kind of inconsistency in the representation of list values in state. (#15390)
* core: Display correct to and from backends in copy message when migrating to new remote state (#15318)
* core: Fix a regression from 0.9.6 that was causing the tally of resources to create to be double-counted sometimes in the plan output (#15344)
* cli: the state rm and mv commands were always loading a state from a Backend, and ignoring the -state flag (#15388)
* cli: certain prompts in terraform init were respecting -input=false but not the TF_INPUT environment variable (#15391)
* state: Further work, building on #15423, to improve the internal design of the state managers to make this code more maintainable and reduce the risk of regressions; this may lead to slight changes to the number of times Terraform writes to remote state and how the serial is implemented with respect to those writes, which does not affect outward functionality but is worth noting if you log or inspect state updates for debugging purposes.
* config: Interpolation function cidrhost was not correctly calcluating host addresses under IPv6 CIDR prefixes (#15321)
* provisioner/chef: Prevent a panic while trying to read the connection info (#15271)
* provisioner/file: Refactor the provisioner validation function to prevent false positives (#15273) - INTERNAL CHANGES:
* helper/schema: Actively disallow reserved field names in schema (#15522)
* helper/schema: Force field names to be alphanum lowercase + underscores (#15562)
* Tue Jul 04 2017 thippAATTsuse.de- Update to v0.9.11: - BUG FIXES:
* core: Hotfix for issue where a state from a plan was reported as not equal to the same state stored to a backend. This arose from the fix for the previous issue where the incorrect copy of the state was being used when applying with a plan. (#15460)
* Mon Jul 03 2017 thippAATTsuse.de- Update to v0.9.10: - BUG FIXES:
* core: Hotfix for issue where state index wasn\'t getting properly incremented when applying a change containing only data source updates and/or resource drift. (That is, state changes made during refresh.) This issue is significant only for the \"atlas\" backend, since that backend verifies on the server that state serial numbers are being used consistently. (#15423)
* Tue Jun 27 2017 thippAATTsuse.de- Update to v0.9.9: - BUG FIXES:
* provisioner/file: Refactor the provisioner validation function to prevent false positives (#15273)
* provisioner/chef: Prevent a panic while trying to read the connection info (#15271)
* Tue Jun 13 2017 thippAATTsuse.com- Update to v0.9.8: - NOTE:
* The 0.9.7 release had a bug with its new feature of periodically persisting state to the backend during an apply, as part of [#14834]. This change has been reverted in this release and will be re-introduced at a later time once it has been made to work properly. - IMPROVEMENTS:
* provider/google: network argument in google_compute_instance_group is now optional (#13493)
* provider/google: Add support for draining_timeout_sec to google_compute_backend_service. (#14559) - BUG FIXES:
* provider/aws: fixed reading network configurations for spot_fleet_request (#13748)- Update to v0.9.7: - BACKWARDS INCOMPATIBILITIES / NOTES:
* The lock_table attribute in the S3 backend configuration has been deprecated in favor of dynamodb_table, which better reflects that the table is no longer only used for locks. (#14949) - FEATURES:
* New Data Source: aws_elastic_beanstalk_solution_stack (#14944)
* New Data Source: aws_elasticache_cluster (#14895)
* New Data Source: aws_ssm_parameter (#15035)
* New Data Source: azurerm_public_ip (#15110)
* New Resource: aws_ssm_parameter (#15035)
* New Resource: aws_ssm_patch_baseline (#14954)
* New Resource: aws_ssm_patch_group (#14954)
* New Resource: librato_metric (#14562)
* New Resource: digitalocean_certificate (#14578)
* New Resource: vcd_edgegateway_vpn (#13123)
* New Resource: vault_mount (#14456)
* New Interpolation Function: bcrypt (#14725) - IMPROVEMENTS:
* backend/consul: Storing state to Consul now uses Check-And-Set (CAS) by default to avoid inconsistent state, and will automatically attempt to re-acquire a lock if it is lost during Terraform execution. (#14930)
* core: Remote state is now persisted more frequently to minimize data loss in the event of a crash. (#14834)
* provider/alicloud: Add the function of replacing ecs instance\'s system disk (#15048)
* provider/aws: Expose RDS instance and cluster resource id (#14882)
* provider/aws: Export internal tunnel addresses + document (#14835)
* provider/aws: Fix misleading error in aws_route validation (#14972)
* provider/aws: Support import of aws_lambda_event_source_mapping (#14898)
* provider/aws: Add support for a configurable timeout in db_option_group (#15023)
* provider/aws: Add task_parameters parameter to aws_ssm_maintenance_window_task resource (#15104)
* provider/aws: Expose reason of EMR cluster termination (#15117)
* provider/aws: data.aws_acm_certificate can now filter by type (#15063)
* provider/azurerm: Ignore case sensivity in Azurerm resource enums (#14861)
* provider/digitalocean: Add support for changing TTL on DigitalOcean domain records. (#14805)
* provider/google: Add ability to import Google Compute persistent disks (#14573)
* provider/google: google_container_cluster.master_auth should be optional (#14630)
* provider/google: Add CORS support for google_storage_bucket (#14695)
* provider/google: Allow resizing of Google Cloud persistent disks (#15077)
* provider/google: Add private_ip_google_access update support to google_compute_subnetwork (#15125)
* provider/heroku: can now import Heroku Spaces (#14973)
* provider/kubernetes: Upgrade K8S from 1.5.3 to 1.6.1 (#14923)
* provider/kubernetes: Provide more details about why PVC failed to bind (#15019)
* provider/kubernetes: Allow sourcing config_path from KUBECONFIG env var (#14889)
* provider/openstack: Add support provider networks (#10265)
* provider/openstack: Allow numerical protocols in security group rules (#14917)
* provider/openstack: Sort request/response headers in debug output (#14956)
* provider/openstack: Add support for FWaaS routerinsertion extension (#12589)
* provider/openstack: Add Terraform version to UserAgent string (#14955)
* provider/openstack: Optimize the printing of debug output (#15086)
* provisioner/chef: Use helpers.shema.Provisoner in Chef provisioner V2 (#14681) - BUG FIXES:
* provider/alicloud: set alicloud_nat_gateway zone to be Computed to avoid perpetual diffs (#15050)
* provider/alicloud: set provider to read env vars for access key and secrey key if empty strings (#15050)
* provider/alicloud: Fix vpc and vswitch bugs while creating vpc and vswitch (#15082)
* provider/alicloud: Fix allocating public ip bug (#15049)
* provider/alicloud: Fix security group rules nic_type bug (#15114)
* provider/aws: ForceNew aws_launch_config on ebs_block_device change (#14899)
* provider/aws: Avoid crash when EgressOnly IGW disappears (#14929)
* provider/aws: Allow IPv6/IPv4 addresses to coexist (#13702)
* provider/aws: Expect exception on deletion of APIG Usage Plan Key (#14958)
* provider/aws: Fix panic on nil dead_letter_config (#14964)
* provider/aws: Work around IAM eventual consistency in CW Log Subs (#14959)
* provider/aws: Fix ModifyInstanceAttribute on new instances (#14992)
* provider/aws: Fix issue with removing tags in aws_cloudwatch_log_group (#14886)
* provider/aws: Raise timeout for VPC DHCP options creation to 5 mins (#15084)
* provider/aws: Retry Redshift cluster deletion on InvalidClusterState (#15068)
* provider/aws: Retry Lambda func creation on IAM error (#15067)
* provider/aws: Retry ECS service creation on ClusterNotFoundException (#15066)
* provider/aws: Retry ECS service update on ServiceNotFoundException (#15073)
* provider/aws: Retry DB parameter group delete on InvalidDBParameterGroupState (#15071)
* provider/aws: Guard against panic when no aws_default_vpc found (#15070)
* provider/aws: Guard against panic if no NodeGroupMembers returned in elasticache_replication_group (#13488)
* provider/aws: Revoke default ipv6 egress rule for aws_security_group (#15075)
* provider/aws: Lambda ENI deletion fails on destroy (#11849)
* provider/aws: Add gov and cn hosted zone Ids to aws_elb_hosted_zone data source (#15149)
* provider/azurerm: VM - making os_profile optional (#14176)
* provider/azurerm: Preserve the Subnet properties on Update (#13877)
* provider/datadog: make datadog_user verified a computed attribute (#15034)
* provider/datadog: use correct evaluation_delay parameter (#14878)
* provider/digitalocean: Refresh DO loadbalancer from state if 404 (#14897)
* provider/github: Do not set incorrect values in github_team data source (#14859)
* provider/google: use a mutex to prevent concurrent sql instance operations (#14424)
* provider/google: Set instances to computed in compute_instance_group (#15025)
* provider/google: Make google_compute_autoscaler use Update instead of Patch. (#15101)
* provider/kubernetes: Ignore internal k8s labels in kubernetes_persistent_volume (#13716)
* provider/librato: Add retry to librato_alert (#15118)
* provider/postgresql: Fix for leaking credentials in the provider (#14817)
* provider/postgresql: Drop the optional WITH token from CREATE ROLE. (#14864)
* provider/rancher: refresh rancher_host from state on nil or removed host (#15015)- Update to v0.9.6: - BACKWARDS INCOMPATIBILITIES / NOTES:
* When assigning a \"splat variable\" to a resource attribute, like foo = \"${some_resource.foo.
*.baz}\", it is no longer required (nor recommended) to wrap the string in list brackets. The extra brackets continue to be allowed for resource attributes for compatibility, but this will cease to be allowed in a future version. (#14737)
* provider/aws: Allow lightsail resources to work in other regions. Previously Terraform would automatically configure lightsail resources to run solely in us-east-1. This means that if a provider was initialized with a different region than us-east-1, users will need to create a provider alias to maintain their lightsail resources in us-east-1 [#14685].
* provider/aws: Users of aws_cloudfront_distribution default_cache_behavior will notice that cookies is now a required value - even if that value is none (#12628)
* provider/google: Users of google_compute_health_check who were not setting a value for the host property of http_health_check or https_health_check previously had a faulty default value. This has been fixed and will show as a change in terraform plan/apply. (#14441) - FEATURES:
* New Provider: ovh (#12669)
* New Resource: aws_default_subnet (#14476)
* New Resource: aws_default_vpc (#11710)
* New Resource: aws_default_vpc_dhcp_options (#14475)
* New Resource: aws_devicefarm_project (#14288)
* New Resource: aws_wafregional_ipset (#13705)
* New Resource: aws_wafregional_byte_match_set (#13705)
* New Resource: azurerm_express_route_circuit (#14265)
* New Resource: gitlab_deploy_key (#14734)
* New Resource: gitlab_group (#14490)
* New Resource: google_compute_router (#12411)
* New Resource: google_compute_router_interface (#12411)
* New Resource: google_compute_router_peer (#12411)
* New Resource: kubernetes_horizontal_pod_autoscaler (#14763)
* New Resource: kubernetes_service (#14554)
* New Resource: openstack_dns_zone_v2 (#14721)
* New Resource: openstack_dns_recordset_v2 (#14813)
* New Data Source: aws_db_snapshot (#10291)
* New Data Source: aws_kms_ciphertext (#14691)
* New Data Source: github_user (#14570)
* New Data Source: github_team (#14614)
* New Data Source: google_storage_object_signed_url (#14643)
* New Interpolation Function: pow (#14598) - IMPROVEMENTS:
* core: After apply, if the state cannot be persisted to remote for some reason then write out a local state file for recovery (#14423)
* core: It\'s no longer required to surround an attribute value that is just a \"splat\" variable with a redundant set of array brackets. (#14737)
* core/provider-split: Split out the Oracle OPC provider to new structure (#14362)
* provider/aws: Show state reason when EC2 instance fails to launch (#14479)
* provider/aws: Show last scaling activity when ASG creation/update fails (#14480)
* provider/aws: Add tags (list of maps) for aws_autoscaling_group (#13574)
* provider/aws: Support filtering in ASG data source (#14501)
* provider/aws: Add ability to \'terraform import\' aws_kms_alias resources (#14679)
* provider/aws: Allow lightsail resources to work in other regions (#14685)
* provider/aws: Configurable timeouts for EC2 instance + spot instance (#14711)
* provider/aws: Add ability to define timeouts for DMS replication instance (#14729)
* provider/aws: Add support for X-Ray tracing to aws_lambda_function (#14728)
* provider/azurerm: Virtual Machine Scale Sets with managed disk support (#13717)
* provider/azurerm: Virtual Machine Scale Sets with single placement option support (#14510)
* provider/azurerm: Adding support for VMSS Data Disks using Managed Disk feature (#14608)
* provider/azurerm: Adding support for 4TB disks (#14688)
* provider/cloudstack: Load the provider configuration from a CloudMonkey config file (#13926)
* provider/datadog: Add last aggregator to datadog_timeboard resource (#14391)
* provider/datadog: Added new evaluation_delay parameter (#14433)
* provider/docker: Allow Windows Docker containers to map volumes (#13584)
* provider/docker: Add network_alias to docker_container resource (#14710)
* provider/fastly: Mark the s3_access_key, s3_secret_key, & secret_key fields as sensitive (#14634)
* provider/gitlab: Add namespcace ID attribute to gitlab_project (#14483)
* provider/google: Add a url attribute to google_storage_bucket (#14393)
* provider/google: Make google resource storage bucket importable (#14455)
* provider/google: Add support for privateIpGoogleAccess on subnetworks (#14234)
* provider/google: Add import support to google_sql_user (#14457)
* provider/google: add failover parameter to google_sql_database_instance (#14336)
* provider/google: resource_compute_disks can now reference snapshots using the snapshot URL (#14774)
* provider/heroku: Add import support for heroku_pipeline resource (#14486)
* provider/heroku: Add import support for heroku_pipeline_coupling resource (#14495)
* provider/heroku: Add import support for heroku_addon resource (#14508)
* provider/openstack: Add support for all protocols in Security Group Rules (#14307)
* provider/openstack: Add support for updating Subnet Allocation Pools (#14782)
* provider/openstack: Enable Security Group Updates (#14815)
* provider/rancher: Add member support to rancher_environment (#14563)
* provider/rundeck: adds description to command schema in rundeck_job resource (#14352)
* provider/scaleway: allow public_ip to be set on server resource (#14515)
* provider/vsphere: Exposing moid value from vm resource (#14793) - BUG FIXES:
* core: Store and verify checksums for S3 remote state to prevent fetching a stale state (#14746)
* core: Allow -force-unlock of an S3 named state (#14680)
* core: Fix incorrect errors when validatin nested objects (#14784] [#14801)
* core: When using -target, any outputs that include attributes of the targeted resources are now updated (#14186)
* core: Fixed 0.9.5 regression with the conditional operator .. ? .. : .. failing to type check with unknown/computed values (#14454)
* core: Fixed 0.9 regression causing issues during refresh when adding new data resource instances using count (#14098)
* core: Fixed crasher when populating a \"splat variable\" from an empty (nil) module state. (#14526)
* core: fix bad Sprintf in backend migration message (#14601)
* core: Addressed 0.9.5 issue with passing partially-unknown splat results through module variables, by removing the requirement to pass a redundant list level. (#14737)
* provider/aws: Allow updating constraints in WAF SizeConstraintSet + no constraints (#14661)
* provider/aws: Allow updating tuples in WAF ByteMatchSet + no tuples (#14071)
* provider/aws: Allow updating tuples in WAF SQLInjectionMatchSet + no tuples (#14667)
* provider/aws: Allow updating tuples in WAF XssMatchSet + no tuples (#14671)
* provider/aws: Increase EIP update timeout (#14381)
* provider/aws: Increase timeout for creating security group (#14380] [#14724)
* provider/aws: Increase timeout for (dis)associating IPv6 addr to/from subnet (#14401)
* provider/aws: Increase timeout for retrying creation of IAM server cert (#14609)
* provider/aws: Increase timeout for deleting IGW (#14705)
* provider/aws: Increase timeout for retrying creation of CW log subs (#14722)
* provider/aws: Using the new time schema helper for RDS Instance lifecycle mgmt (#14369)
* provider/aws: Using the timeout schema helper to make alb timeout cofigurable (#14375)
* provider/aws: Refresh from state when CodePipeline Not Found (#14431)
* provider/aws: Override spot_instance_requests volume_tags schema (#14481)
* provider/aws: Allow Internet Gateway IPv6 routes (#14484)
* provider/aws: ForceNew aws_launch_config when root_block_device changes (#14507)
* provider/aws: Pass IAM Roles to codepipeline actions (#14263)
* provider/aws: Create rule(s) for prefix-list-only AWS security group permissions on \'terraform import\' (#14528)
* provider/aws: Set aws_subnet ipv6_cidr_block to computed (#14542)
* provider/aws: Change of aws_subnet ipv6 causing update failure (#14545)
* provider/aws: Nothing to update in cloudformation should not result in errors (#14463)
* provider/aws: Handling data migration in RDS snapshot restoring (#14622)
* provider/aws: Mark cookies in default_cache_behaviour of cloudfront_distribution as required (#12628)
* provider/aws: Fall back to old tagging mechanism for AWS gov and aws China (#14627)
* provider/aws: Change AWS ssm_maintenance_window Read func (#14665)
* provider/aws: Increase timeout for creation of route_table (#14701)
* provider/aws: Retry ElastiCache cluster deletion when it\'s snapshotting (#14700)
* provider/aws: Retry ECS service update on InvalidParameterException (#14708)
* provider/aws: Retry IAM Role deletion on DeleteConflict (#14707)
* provider/aws: Do not dereference source_Dest_check in aws_instance (#14723)
* provider/aws: Add validation function for IAM Policies (#14669)
* provider/aws: Fix panic on instance shutdown (#14727)
* provider/aws: Handle migration when restoring db cluster from snapshot (#14766)
* provider/aws: Provider ability to enable snapshotting on ElastiCache RG (#14757)
* provider/cloudstack: cloudstack_firewall panicked when used with older (< v4.6) CloudStack versions (#14044)
* provider/datadog: Allowed method on aggregator is avg ! average (#14414)
* provider/digitalocean: Fix parsing of digitalocean dns records (#14215)
* provider/github: Log HTTP requests and responses in DEBUG mode (#14363)
* provider/github Check for potentially nil response from GitHub API client (#14683)
* provider/google: Fix health check http/https defaults (#14441)
* provider/google: Fix issue with GCP Cloud SQL Instance disk_autoresize (#14582)
* provider/google: Fix crash creating Google Cloud SQL 2nd Generation replication instance (#14373)
* provider/google: Disks now detach before getting deleted (#14651)
* provider/google: Update google_compute_target_pool\'s session_affinity default (#14807)
* provider/heroku: Fix issue with setting correct CName in heroku_domain (#14443)
* provider/opc: Correctly export ip_address in IP Addr Reservation (#14543)
* provider/openstack: Handle Deleted Resources in Floating IP Association (#14533)
* provider/openstack: Catch error during instance network parsing (#14704)
* provider/vault: Prevent panic when no secret found (#14435)- Update to v0.9.5: - BACKWARDS INCOMPATIBILITIES / NOTES:
* provider/aws: Users of aws_cloudfront_distributions with custom_origins have been broken due to changes in the AWS API requiring OriginReadTimeout being set for updates. This has been fixed and will show as a change in terraform plan / apply. (#13367)
* provider/aws: Users of China and Gov clouds, cannot use the new tagging of volumes created as part of aws_instances (#14055)
* provider/aws: Skip tag operations on cloudwatch logs in govcloud partition. Currently not supported by Amazon. (#12414)
* provider/aws: More consistent (un)quoting of long TXT/SPF aws_route53_records. Previously we were trimming first 2 quotes and now we\'re (correctly) trimming first and last one. Depending on the use of quotes in your TXT/SPF records this may result in extra diff in plan/apply (#14170) - FEATURES:
* New Provider: gitlab (#13898)
* New Resource: aws_emr_security_configuration (#14080)
* New Resource: aws_ssm_maintenance_window (#14087)
* New Resource: aws_ssm_maintenance_window_target (#14087)
* New Resource: aws_ssm_maintenance_window_task (#14087)
* New Resource: azurerm_sql_elasticpool (#14099)
* New Resource: google_bigquery_table (#13743)
* New Resource: google_compute_backend_bucket (#14015)
* New Resource: google_compute_snapshot (#12482)
* New Resource: heroku_app_feature (#14035)
* New Resource: heroku_pipeline (#14078)
* New Resource: heroku_pipeline_coupling (#14078)
* New Resource: kubernetes_limit_range (#14285)
* New Resource: kubernetes_resource_quota (#13914)
* New Resource: vault_auth_backend (#10988)
* New Data Source: aws_efs_file_system (#14041)
* New Data Source: http, for retrieving text data from generic HTTP servers (#14270)
* New Data Source: google_container_engine_versions, for retrieving valid versions for clusters (#14280)
* New Interpolation Function: log, for computing logarithms (#12872) - IMPROVEMENTS:
* core: sha512 and base64sha512 interpolation functions, similar to their sha256 equivalents. (#14100)
* core: It\'s now possible to use the index operator [ ] to select a known value out of a partially-known list, such as using \"splat syntax\" and increasing the count. (#14135)
* provider/aws: Add support for CustomOrigin timeouts to aws_cloudfront_distribution (#13367)
* provider/aws: Add support for IAMDatabaseAuthenticationEnabled (#14092)
* provider/aws: aws_dynamodb_table Add support for TimeToLive (#14104)
* provider/aws: Add security_configuration support to aws_emr_cluster (#14133)
* provider/aws: Add support for the tenancy placement option in aws_spot_fleet_request (#14163)
* provider/aws: aws_db_option_group normalizes name to lowercase (#14192, #14366)
* provider/aws: Add support description to aws_iam_role (#14208)
* provider/aws: Add support for SSM Documents to aws_cloudwatch_event_target (#14067)
* provider/aws: add additional custom service endpoint options for CloudFormation, KMS, RDS, SNS & SQS (#14097)
* provider/aws: Add ARN to security group data source (#14245)
* provider/aws: Improve the wording of DynamoDB Validation error message (#14256)
* provider/aws: Add support for importing Kinesis Streams (#14278)
* provider/aws: Add arn attribute to aws_ses_domain_identity resource (#14306)
* provider/aws: Add support for targets to aws_ssm_association (#14246)
* provider/aws: native redis clustering support for elasticache (#14317)
* provider/aws: Support updating aws_waf_rule predicates (#14089)
* provider/azurerm: azurerm_template_deployment now supports String/Int/Boolean outputs (#13670)
* provider/azurerm: Expose the Private IP Address for a Load Balancer, if available (#13965)
* provider/dns: Fix data dns txt record set (#14271)
* provider/dnsimple: Add support for import for dnsimple_records (#9130)
* provider/dyn: Add verbose Dyn provider logs (#14076)
* provider/google: Add support for networkIP in compute instance templates (#13515)
* provider/google: google_dns_managed_zone is now importable (#13824)
* provider/google: Add support for compute_route (#14065)
* provider/google: Add path to google_pubsub_subscription (#14238)
* provider/google: Improve Service Account by offering to recreate if missing (#14282)
* provider/google: Log HTTP requests and responses in DEBUG mode (#14281)
* provider/google: Add additional properties for google resource storage bucket object (#14259)
* provider/google: Handle all 404 checks in read functions via the new function (#14335)
* provider/heroku: import heroku_app resource (#14248)
* provider/nomad: Add TLS options (#13956)
* provider/triton: Add support for reading provider configuration from TRITON_
* environment variables in addition to SDC_
*(#14000)
* provider/triton: Add cloud_config argument to triton_machine resources for Linux containers (#12840)
* provider/triton: Add insecure_skip_tls_verify (#14077) - BUG FIXES:
* core: module blocks without names are now caught in validation, along with various other block types (#14162)
* core: no longer will errors and normal log output get garbled together on Windows (#14194)
* core: Avoid crash on empty TypeSet blocks (#14305)
* provider/aws: Update aws_ebs_volume when attached (#14005)
* provider/aws: Set aws_instance volume_tags to be Computed (#14007)
* provider/aws: Fix issue getting partition for federated users (#13992)
* provider/aws: aws_spot_instance_request not forcenew on volume_tags (#14046)
* provider/aws: Exclude aws_instance volume tagging for China and Gov Clouds (#14055)
* provider/aws: Fix source_dest_check with network_interface (#14079)
* provider/aws: Fixes the bug where SNS delivery policy get always recreated (#14064)
* provider/aws: Increase timeouts for Route Table retries (#14345)
* provider/aws: Prevent Crash when importing aws_route53_record (#14218)
* provider/aws: More consistent (un)quoting of long TXT/SPF aws_route53_records (#14170)
* provider/aws: Retry deletion of AWSConfig Rule on ResourceInUseException (#14269)
* provider/aws: Refresh ssm document from state on 404 (#14279)
* provider/aws: Allow zero-value ELB and ALB names (#14304)
* provider/aws: Update the ignoring of AWS specific tags (#14321)
* provider/aws: Adding IPv6 address to instance causes perpetual diff (#14355)
* provider/aws: Fix SG update on instance with multiple network interfaces (#14299)
* provider/azurerm: Fixing a bug in azurerm_network_interface (#14365)
* provider/digitalocean: Prevent diffs when using IDs of images instead of slugs (#13879)
* provider/fastly: Changes setting conditionals to optional (#14103)
* provider/google: Ignore certain project services that can\'t be enabled directly via the api (#13730)
* provider/google: Ability to add more than 25 project services (#13758)
* provider/google: Fix compute instance panic with bad disk config (#14169)
* provider/google: Handle google_storage_bucket_object not being found (#14203)
* provider/google: Handle google_compute_instance_group_manager not being found (#14190)
* provider/google: better visibility for compute_region_backend_service (#14301)
* provider/heroku: Configure buildpacks correctly for both Org Apps and non-org Apps (#13990)
* provider/heroku: Fix heroku_cert update of ssl cert (#14240)
* provider/openstack: Handle disassociating deleted FloatingIP\'s from a server (#14210)
* provider/postgres grant role when creating database (#11452)
* provider/triton: Make triton machine deletes synchronous. (#14368)
* provisioner/remote-exec: Fix panic from remote_exec provisioner (#14134)
* Thu Apr 27 2017 thippAATTsuse.de- Update to v0.9.4: - BACKWARDS INCOMPATIBILITIES / NOTES:
* provider/template: Fix invalid MIME formatting in template_cloudinit_config. While the change itself is not breaking the data source it may be referenced e.g. in aws_launch_configuration and similar resources which are immutable and the formatting change will therefore trigger recreation (#13752) - FEATURES:
* New Provider: opc - Oracle Public Cloud (#13468)
* New Provider: oneandone (#13633)
* New Data Source: aws_ami_ids (#13844] [#13866)
* New Data Source: aws_ebs_snapshot_ids (#13844] [#13866)
* New Data Source: aws_kms_alias (#13669)
* New Data Source: aws_kinesis_stream (#13562)
* New Data Source: digitalocean_image (#13787)
* New Data Source: google_compute_network (#12442)
* New Data Source: google_compute_subnetwork (#12442)
* New Resource: local_file for creating local files (please see the docs for caveats) (#12757)
* New Resource: alicloud_ess_scalinggroup (#13731)
* New Resource: alicloud_ess_scalingconfiguration (#13731)
* New Resource: alicloud_ess_scalingrule (#13731)
* New Resource: alicloud_ess_schedule (#13731)
* New Resource: alicloud_snat_entry (#13731)
* New Resource: alicloud_forward_entry (#13731)
* New Resource: aws_cognito_identity_pool (#13783)
* New Resource: aws_network_interface_attachment (#13861)
* New Resource: github_branch_protection (#10476)
* New Resource: google_bigquery_dataset (#13436)
* New Resource: heroku_space (#13921)
* New Resource: template_dir for producing a directory from templates (#13652)
* New Interpolation Function: coalescelist() (#12537) - IMPROVEMENTS:
* core: Add a -reconfigure flag to the init command, to configure a backend while ignoring any saved configuration (#13825)
* helper/schema: Disallow validation+diff suppression on computed fields (#13878)
* config: The interpolation function cidrhost now accepts a negative host number to count backwards from the end of the range (#13765)
* config: New interpolation function matchkeys for using values from one list to filter corresponding values from another list using a matching set. (#13847)
* state/remote/swift: Support Openstack request logging (#13583)
* provider/aws: Add an option to skip getting the supported EC2 platforms (#13672)
* provider/aws: Add name_prefix support to aws_cloudwatch_log_group (#13273)
* provider/aws: Add bucket_prefix to aws_s3_bucket (#13274)
* provider/aws: Add replica_source_db to the aws_db_instance datasource (#13842)
* provider/aws: Add IPv6 outputs to aws_subnet datasource (#13841)
* provider/aws: Exercise SecondaryPrivateIpAddressCount for network interface (#10590)
* provider/aws: Expose execution ARN + invoke URL for APIG deployment (#13889)
* provider/aws: Expose invoke ARN from Lambda function (for API Gateway) (#13890)
* provider/aws: Add tagging support to the \'aws_lambda_function\' resource (#13873)
* provider/aws: Validate WAF metric names (#13885)
* provider/aws: Allow AWS Subnet to change IPv6 CIDR Block without ForceNew (#13909)
* provider/aws: Allow filtering of aws_subnet_ids by tags (#13937)
* provider/aws: Support aws_instance and volume tagging on creation (#13945)
* provider/aws: Add network_interface to aws_instance (#12933)
* provider/azurerm: VM Scale Sets - import support (#13464)
* provider/azurerm: Allow Azure China region support (#13767)
* provider/digitalocean: Export droplet prices (#13720)
* provider/fastly: Add support for GCS logging (#13553)
* provider/google: google_compute_address and google_compute_global_address are now importable (#13270)
* provider/google: google_compute_network is now importable (#13834)
* provider/google: add attached_disk field to google_compute_instance (#13443)
* provider/heroku: Set App buildpacks from config (#13910)
* provider/heroku: Create Heroku app in a private space (#13862)
* provider/vault: vault_generic_secret resource can now optionally detect drift if it has appropriate access (#11776) - BUG FIXES:
* core: Prevent resource.Retry from adding untracked resources after the timeout: (#13778)
* core: Allow a schema.TypeList to be ForceNew and computed (#13863)
* core: Fix crash when refresh or apply build an invalid graph (#13665)
* core: Add the close provider/provisioner transformers back (#13102)
* core: Fix a crash condition by improving the flatmap.Expand() logic (#13541)
* provider/alicloud: Fix create PrePaid instance (#13662)
* provider/alicloud: Fix allocate public ip error (#13268)
* provider/alicloud: alicloud_security_group_rule: check ptr before use it [#13731)
* provider/alicloud: alicloud_instance: fix ecs internet_max_bandwidth_out cannot set zero bug (#13731)
* provider/aws: Allow force-destroying aws_route53_zone which has trailing dot (#12421)
* provider/aws: Allow GovCloud KMS ARNs to pass validation in kms_key_id attributes (#13699)
* provider/aws: Changing aws_opsworks_instance should ForceNew (#13839)
* provider/aws: Fix DB Parameter Group Name (#13279)
* provider/aws: Fix issue importing some Security Groups and Rules based on rule structure (#13630)
* provider/aws: Fix issue for cross account IAM role with aws_lambda_permission (#13865)
* provider/aws: Fix WAF IPSet descriptors removal on update (#13766)
* provider/aws: Increase default number of retries from 11 to 25 (#13673)
* provider/aws: Remove aws_vpc_dhcp_options if not found (#13610)
* provider/aws: Remove aws_network_acl_rule if not found (#13608)
* provider/aws: Use mutex & retry for WAF change operations (#13656)
* provider/aws: Adding support for ipv6 to aws_subnets needs migration (#13876)
* provider/aws: Fix validation of the name_prefix parameter of the aws_alb resource (#13441)
* provider/azurerm: azurerm_redis_cache resource missing hostname (#13650)
* provider/azurerm: Locking around Network Security Group / Subnets (#13637)
* provider/azurerm: Locking route table on subnet create/delete (#13791)
* provider/azurerm: VM\'s - fixes a bug where ssh_keys could contain a null entry (#13755)
* provider/azurerm: VM\'s - ignoring the case on the create_option field during Diff\'s (#13933)
* provider/azurerm: fixing a bug refreshing the azurerm_redis_cache [#13899]
* provider/fastly: Fix issue with using 0 for default_ttl (#13648)
* provider/google: Fix panic in GKE provisioning with addons (#13954)
* provider/fastly: Add ability to associate a healthcheck to a backend (#13539)
* provider/google: Stop setting the id when project creation fails (#13644)
* provider/google: Make ports in resource_compute_forwarding_rule ForceNew (#13833)
* provider/google: Validation fixes for forwarding rules (#13952)
* provider/ignition: Internal cache moved to global, instead per provider instance (#13919)
* provider/logentries: Refresh from state when resources not found (#13810)
* provider/newrelic: newrelic_alert_condition - condition_scope must be application or instance (#12972)
* provider/opc: fixed issue with unqualifying nats (#13826)
* provider/opc: Fix instance label if unset (#13846)
* provider/openstack: Fix updating Ports (#13604)
* provider/rabbitmq: Allow users without tags (#13798)
* Wed Mar 29 2017 thippAATTsuse.de- Update to v0.9.2: - BACKWARDS IMCOMPATIBILITIES / NOTES:
* provider/openstack: Port Fixed IPs are able to be read again using the original numerical notation. However, Fixed IP configurations which are obtaining addresses via DHCP must now use the all_fixed_ips attribute to reference the returned IP address.
* Environment names must be safe to use as a URL path segment without escaping, and is enforced by the CLI. - FEATURES:
* New Resource: alicloud_db_instance (#12913)
* New Resource: aws_api_gateway_usage_plan (#12542)
* New Resource: aws_api_gateway_usage_plan_key (#12851)
* New Resource: github_repository_webhook (#12924)
* New Resource: random_pet (#12903)
* New Interpolation: substr (#12870)
* S3 Environments: The S3 remote state backend now supports named environments - IMPROVEMENTS:
* core: fix interpolation error when referencing computed values from an aws_instance cidr_block (#13046)
* core: fix ignore_changes causing fields to be removed during apply (#12897)
* core: add -force-copy option to terraform init to supress prompts for copying state (#12939)
* helper/acctest: Add NewSSHKeyPair function (#12894)
* provider/alicloud: simplify validators (#12982)
* provider/aws: Added support for EMR AutoScalingRole (#12823)
* provider/aws: Add name_prefix to aws_autoscaling_group and aws_elb resources (#12629)
* provider/aws: Updated default configuration manager version in aws_opsworks_stack (#12979)
* provider/aws: Added aws_api_gateway_api_key value attribute (#9462)
* provider/aws: Allow aws_alb subnets to change (#12850)
* provider/aws: Support Attachment of ALB Target Groups to Autoscaling Groups (#12855)
* provider/aws: Support Import of iam_server_certificate (#13065)
* provider/azurerm: Add support for setting the primary network interface (#11290)
* provider/cloudstack: Add zone_id to cloudstack_ipaddress resource (#11306)
* provider/consul: Add support for basic auth to the provider (#12679)
* provider/digitalocean: Support disk only resize (#13059)
* provider/dnsimple: Allow dnsimple_record.priority attribute to be set (#12843)
* provider/google: Add support for service_account, metadata, and image_type fields in GKE cluster config (#12743)
* provider/google: Add local ssd count support for container clusters (#12281)
* provider/ignition: ignition_filesystem, explicit option to create the filesystem (#12980)
* provider/kubernetes: Internal K8S annotations are ignored in config_map (#12945)
* provider/ns1: Ensure provider checks for credentials (#12920)
* provider/openstack: Adding Timeouts to Blockstorage Resources (#12862)
* provider/openstack: Adding Timeouts to FWaaS v1 Resources (#12863)
* provider/openstack: Adding Timeouts to Image v2 and LBaaS v2 Resources (#12865)
* provider/openstack: Adding Timeouts to Network Resources (#12866)
* provider/openstack: Adding Timeouts to LBaaS v1 Resources (#12867)
* provider/openstack: Deprecating Instance Volume attribute (#13062)
* provider/openstack: Decprecating Instance Floating IP attribute (#13063)
* provider/openstack: Don\'t log the catalog (#13075)
* provider/openstack: Handle 409/500 Response on Pool Create (#13074)
* provider/pagerduty: Validate credentials (#12854)
* provider/openstack: Adding all_metadata attribute (#13061)
* provider/profitbricks: Handling missing resources (#13053) - BUG FIXES:
* core: Remove legacy remote state configuration on state migration. This fixes errors when saving plans. (#12888)
* provider/arukas: Default timeout for launching container increased to 15mins (was 10mins) (#12849)
* provider/aws: Fix flattened cloudfront lambda function associations to be a set not a slice (#11984)
* provider/aws: Consider ACTIVE as pending state during ECS svc deletion (#12986)
* provider/aws: Deprecate the usage of Api Gateway Key Stages in favor of Usage Plans (#12883)
* provider/aws: prevent panic in resourceAwsSsmDocumentRead (#12891)
* provider/aws: Prevent panic when setting AWS CodeBuild Source to state (#12915)
* provider/aws: Only call replace Iam Instance Profile on existing machines (#12922)
* provider/aws: Increase AWS AMI Destroy timeout (#12943)
* provider/aws: Set aws_vpc ipv6 for associated only (#12899)
* provider/aws: Fix AWS ECS placement strategy spread fields (#12998)
* provider/aws: Specify that aws_network_acl_rule requires a cidr block (#13013)
* provider/aws: aws_network_acl_rule treat all and -1 for protocol the same (#13049)
* provider/aws: Only allow 1 value in alb_listener_rule condition (#13051)
* provider/aws: Correct handling of network ACL default IPv6 ingress/egress rules (#12835)
* provider/aws: aws_ses_receipt_rule: fix off-by-one errors (#12961)
* provider/aws: Fix issue upgrading to Terraform v0.9+ with AWS OpsWorks Stacks (#13024)
* provider/fastly: Fix issue importing Fastly Services with Backends (#12538)
* provider/google: turn compute_instance_group.instances into a set (#12790)
* provider/mysql: recreate user/grant if user/grant got deleted manually (#12791)
* provider/openstack: Fix monitor_id typo in LBaaS v1 Pool (#13069)
* provider/openstack: Resolve issues with Port Fixed IPs (#13056)
* provider/rancher: error when no api_url is provided (#13086)
* provider/scaleway: work around parallel request limitation (#13045)
* Mon Mar 20 2017 thippAATTsuse.de- Update to v0.9.1: - BACKWARDS IMCOMPATIBILITIES / NOTES:
* provider/pagerduty: the deprecated name_regex field has been removed from vendor data source (#12396) - FEATURES:
* New Provider: kubernetes (#12372)
* New Resource: kubernetes_namespace (#12372)
* New Resource: kubernetes_config_map (#12753)
* New Data Source: dns_a_record_set (#12744)
* New Data Source: dns_cname_record_set (#12744)
* New Data Source: dns_txt_record_set (#12744) - IMPROVEMENTS:
* command/init: -backend-config accepts key=value pairs
* provider/aws: Improved error when failing to get S3 tags (#12759)
* provider/aws: Validate CIDR Blocks in SG and SG rule resources (#12765)
* provider/aws: Add KMS key tag support (#12243)
* provider/aws: Allow name_prefix to be used with various IAM resources (#12658)
* provider/openstack: Add timeout support for Compute resources (#12794)
* provider/scaleway: expose public IPv6 information on scaleway_server (#12748) - BUG FIXES:
* core: Fix panic when an undefined module is reference (#12793)
* core: Fix regression from 0.8.x when using a data source in a module (#12837)
* command/apply: Applies from plans with backends set will reuse the backend rather than local (#12785)
* command/init: Changing only -backend-config detects changes and reconfigures (#12776)
* command/init: Fix legacy backend init error that could occur when upgrading (#12818)
* command/push: Detect local state and error properly (#12773)
* command/refresh: Allow empty and non-existent state (#12777)
* provider/aws: Get the aws_lambda_function attributes when there are great than 50 versions of a function (#11745)
* provider/aws: Correctly check for nil cidr_block in aws_network_acl (#12735)
* provider/aws: Stop setting weight property on route53_record read (#12756)
* provider/google: Fix the Google provider asking for account_file input on every run (#12729)
* provider/profitbricks: Prevent panic on profitbricks volume (#12819)
* Wed Mar 15 2017 thippAATTsuse.de- Update to v0.9.0: - This is the complete 0.8.8 to 0.9 CHANGELOG. Below this section we also have a 0.9.0-beta2 to 0.9.0 final CHANGELOG. - BACKWARDS INCOMPATIBILITIES / NOTES:
* provider/aws: aws_codebuild_project renamed timeout to build_timeout (#12503)
* provider/azurem: azurerm_virtual_machine and azurerm_virtual_machine_scale_set now store has of custom_data not all custom_data (#12214)
* provider/azurerm: scale_sets os_profile_master_password now marked as sensitive
* provider/azurerm: sql_server administrator_login_password now marked as sensitive
* provider/dnsimple: Provider has been upgraded to APIv2 therefore, you will need to use the APIv2 auth token
* provider/google: storage buckets have been updated with the new storage classes. The old classes will continue working as before, but should be migrated as soon as possible, as there\'s no guarantee they\'ll continue working forever. (#12044)
* provider/google: compute_instance, compute_instance_template, and compute_disk all have a subtly changed logic when specifying an image family as the image; in 0.8.x they would pin to the latest image in the family when the resource is created; in 0.9.x they pass the family to the API and use its behaviour. New input formats are also supported. (#12223)
* provider/google: removed the unused and deprecated region field from google_compute_backend_service (#12663)
* provider/google: removed the deprecated account_file field for the Google Cloud provider (#12668)
* provider/google: removed the deprecated fields from google_project (#12659) - FEATURES:
* Remote Backends: This is a successor to \"remote state\" and includes file-based configuration, an improved setup process (just run terraform init), no more local caching of remote state, and more. (#11286)
* Destroy Provisioners: Provisioners can now be configured to run on resource destruction. (#11329)
* State Locking: State will be automatically locked when supported by the backend. Backends supporting locking in this release are Local, S3 (via DynamoDB), and Consul. (#11187)
* State Environments: You can now create named \"environments\" for states. This allows you to manage distinct infrastructure resources from the same configuration.
* New Provider: Circonus (#12578)
* New Data Source: openstack_networking_network_v2 (#12304)
* New Resource: aws_iam_account_alias (#12648)
* New Resource: datadog_downtime (#10994)
* New Resource: ns1_notifylist (#12373)
* New Resource: google_container_node_pool (#11802)
* New Resource: rancher_certificate (#12717)
* New Resource: rancher_host (#11545)
* helper/schema: Added Timeouts to allow Provider/Resource developers to expose configurable timeouts for actions (#12311) - IMPROVEMENTS:
* core: Data source values can now be used as part of a count calculation. (#11482)
* core: \"terraformrc\" can contain env var references with $FOO (#11929)
* core: report all errors encountered during config validation (#12383)
* command: CLI args can be specified via env vars. Specify TF_CLI_ARGS or TF_CLI_ARGS_name (where name is the name of a command) to specify additional CLI args (#11922)
* command/init: previous behavior is retained, but init now also configures the new remote backends as well as downloads modules. It is the single command to initialize a new or existing Terraform configuration.
* command: Display resource state ID in refresh/plan/destroy output (#12261)
* provider/aws: AWS Lambda DeadLetterConfig support (#12188)
* provider/aws: Return errors from Elastic Beanstalk (#12425)
* provider/aws: Set aws_db_cluster to snapshot by default (#11668)
* provider/aws: Enable final snapshots for aws_rds_cluster by default (#11694)
* provider/aws: Enable snapshotting by default on aws_redshift_cluster (#11695)
* provider/aws: Add support for ACM certificates to api_gateway_domain_name (#12592)
* provider/aws: Add support for IPv6 to aws_security_group_rule (#12645)
* provider/aws: Add IPv6 Support to aws_route_table (#12640)
* provider/aws: Add support for IPv6 to aws_network_acl_rule (#12644)
* provider/aws: Add support for IPv6 to aws_default_route_table (#12642)
* provider/aws: Add support for IPv6 to aws_network_acl (#12641)
* provider/aws: Add support for IPv6 in aws_route (#12639)
* provider/aws: Add support for IPv6 to aws_security_group (#12655)
* provider/aws: Add replace_unhealthy_instances to spot_fleet_request (#12681)
* provider/aws: Remove restriction on running aws_opsworks_
* on us-east-1 (#12688)
* provider/aws: Improve error message on S3 Bucket Object deletion (#12712)
* provider/aws: Add log message about if changes are being applied now or later (#12691)
* provider/azurerm: Mark the azurerm_scale_set machine password as sensitive (#11982)
* provider/azurerm: Mark the azurerm_sql_server admin password as sensitive (#12004)
* provider/azurerm: Add support for managed availability sets. (#12532)
* provider/azurerm: Add support for extensions on virtual machine scale sets (#12124)
* provider/dnsimple: Upgrade DNSimple provider to API v2 (#10760)
* provider/docker: added support for linux capabilities (#12045)
* provider/fastly: Add Fastly SSL validation fields (#12578)
* provider/ignition: Migrate all of the igition resources to data sources (#11851)
* provider/openstack: Set Availability Zone in Instances (#12610)
* provider/openstack: Force Deletion of Instances (#12689)
* provider/rancher: Better comparison of compose files (#12561)
* provider/azurerm: store only hash of azurerm_virtual_machine and azurerm_virtual_machine_scale_set custom_data - reduces size of state (#12214)
* provider/vault: read vault token from ~/.vault-token as a fallback for the VAULT_TOKEN environment variable. (#11529)
* provisioners: All provisioners now respond very quickly to interrupts for fast cancellation. (#10934) - BUG FIXES:
* core: targeting will remove untargeted providers (#12050)
* core: doing a map lookup in a resource config with a computed set no longer crashes (#12210)
* provider/aws: Fixes issue for aws_lb_ssl_negotiation_policy of already deleted ELB (#12360)
* provider/aws: Populate the iam_instance_profile uniqueId (#12449)
* provider/aws: Only send iops when creating io1 devices (#12392)
* provider/aws: Fix spurious aws_spot_fleet_request diffs (#12437)
* provider/aws: Changing volumes in ECS task definition should force new revision (#11403)
* provider/aws: Ignore whitespace in json diff for aws_dms_replication_task options (#12380)
* provider/aws: Check spot instance is running before trying to attach volumes (#12459)
* provider/aws: Add the IPV6 cidr block to the vpc datasource (#12529)
* provider/aws: Error on trying to recreate an existing customer gateway (#12501)
* provider/aws: Prevent aws_dms_replication_task panic (#12539)
* provider/aws: output the task definition name when errors occur during refresh (#12609)
* provider/aws: Refresh iam saml provider from state on 404 (#12602)
* provider/aws: Add address, port, hosted_zone_id and endpoint for aws_db_instance datasource (#12623)
* provider/aws: Allow recreation of aws_opsworks_user_profile when the user_arn is changed (#12595)
* provider/aws: Guard clause to prevent panic on ELB connectionSettings (#12685)
* provider/azurerm: bug fix to prevent crashes during azurerm_container_service provisioning (#12516)
* provider/cobbler: Fix Profile Repos (#12452)
* provider/datadog: Update to datadog_monitor to use default values (#12497)
* provider/datadog: Default notify_no_data on datadog_monitor to false (#11903)
* provider/google: Correct the incorrect instance group manager URL returned from GKE (#4336)
* provider/google: Fix a plan/apply cycle in IAM policies (#12387)
* provider/google: Fix a plan/apply cycle in forwarding rules when only a single port is specified (#12662)
* provider/google: Minor correction : \"Deleting disk\" message in Delete method (#12521)
* provider/mysql: Avoid crash on un-interpolated provider cfg (#12391)
* provider/ns1: Fix incorrect schema (causing crash) for \'ns1_user.notify\' (#12721)
* provider/openstack: Handle cases where volumes are disabled (#12374)
* provider/openstack: Toggle Creation of Default Security Group Rules (#12119)
* provider/openstack: Change Port fixed_ip to a Set (#12613)
* provider/openstack: Add network_id to Network data source (#12615)
* provider/openstack: Check for ErrDefault500 when creating/deleting pool member (#12664)
* provider/rancher: Apply the set value for finish_upgrade to set to prevent recurring plans (#12545)
* provider/scaleway: work around API concurrency issue (#12707)
* provider/statuscake: use default status code list when updating test (#12375)- Require go >= 1.8
* Tue Mar 07 2017 thippAATTsuse.de- Update to v0.8.8: - BACKWARDS INCOMPATIBILITIES / NOTES:
* provider/aws: Potential breaking change for root_block_device (#12379) - FEATURES:
* New Provider: spotinst (#5001)
* New Interpolation: slice (#9729)
* New Data Source: aws_sns_topic (#11752)
* New Data Source: openstack_images_image_v2 (#12097)
* New Resource: aws_elastic_beanstalk_application_version (#5770)
* New Resource: aws_cloudwatch_log_destination (#11940)
* New Resource: aws_cloudwatch_log_destination_policy (#11940)
* New Resource: aws_codepipeline (#11814)
* New Resource: aws_egress_only_internet_gateway (#10538)
* New Resource: datadog_user (#12268)
* New Resource: digitalocean_loadbalancer (#12077)
* New Resource: openstack_images_image_v2 (#11942)
* New Resource: openstack_compute_floatingip_associate_v2 (#12190) - IMPROVEMENTS:
* provider/aws: Add support for AWS EBS Elastic Volumes (#11981)
* provider/aws: Allow aws_instances to be resized rather than forcing a new instance (#11998)
* provider/aws: Report bucket name in S3 Error message (#12122)
* provider/aws: Implement IPV6 Support for ec2 / VPC (#10538)
* provider/aws: Add support for import of aws_elasticsearch_domain (#12330)
* provider/aws: improve redshift cluster validation (#12313)
* provider/aws: Support IAM role attachment and replacement for existing EC2 instance (#11852)
* provider/azurerm: Auto base64encode virtual_machine custom data (#12164)
* provider/datadog: add support for new host delay to the datadog_monitor resource (#11975)
* provider/datadog: Upgrade to Datadog API v2 (#12098)
* provider/fastly: Make Backends optional if used in VCL (#12025)
* provider/fastly: Add support for custom response_object (#12032)
* provider/google: Add support for maintenance window in sql_database_instance (#12042)
* provider/google: google_project supports billing account (#11653)
* provider/openstack: Don\'t allow floating IP and port (#12099)
* provider/openstack: Enable HTTP Logging (#12089)
* provider/openstack: Add Additional Targets for LBaaS v1 Member (#12266)
* provider/openstack: Redesign openstack_blockstorage_volume_attach_v2 (#12071)
* provider/pagerduty: Import support for service integrations (#12141)
* provider/pagerduty: Updated implementation of pagerduty_vendor & pagerduty_service_integration (#12357)
* provider/random_id: Add prefix attribute (#12016)
* provider/statuscake: Add support for Port in statuscake_test (#11966) - BUG FIXES:
* core: Fix a hang that could occur at the end of a Terraform command with custom plugins used (#12048)
* command/fmt: Fix incorrect formatting with single line object following complex object (#12049)
* command/state: -backup flags work with mv and rm (#12156)
* provider/aws: add bucket name to delete error notification (#11952)
* provider/aws: Use proper Set for source.Auth in resource_aws_codebuild_project (#11741)
* provider/aws: aws_ecs_service should output service name along with err (#12072)
* provider/aws: Add VRRP to allowed protocols in network ACL rules (#12107)
* provider/aws: Add owner_account option to aws_redshift_cluster (#12062)
* provider/aws: Update of inspector_assessment_target should use ARN not Name (#12115)
* provider/aws: Fix the panic in ssm_association with parameters (#12215)
* provider/aws: Fix update of environment_variable in codebuild_project (#12169)
* provider/aws: Refresh aws_autoscaling_schedule from state when autoscaling_group not found (#12312)
* provider/aws: No longer ForceNew resource on lambda_function runtime update (#12329)
* provider/aws: reading multiple pages of aws_efs_file_system tags (#12328)
* provider/aws: Refresh cloudwatch log subscription filter on 404 (#12333)
* provider/aws: more details on which s3 bucket had an error (#12314)
* provider/azurerm: Ignore case on protocol and allocation types (#12176)
* provider/cloudflare: add validation for proxied record types (#11993)
* provider/datadog: Adding default values to datadog_monitor (#12168)
* provider/google: make local_traffic_selector computed (#11631)
* provider/google: Write the raw disk encryption key in the state file to avoid diffs on plan (#12068)
* provider/google: fix url map test and update logic (#12317)
* provider/openstack: Rename provider to loadbalancer_provider (#12239)
* provider/pagerduty: Setting incident_urgency_rule as optional (#12211)
* provider/profitbricks: Fixing how primary_nic is added to profitbricks server (#12197)
* state/azure: add environment option for non-public cloud usage (#12364)
* Thu Feb 16 2017 thippAATTsuse.de- Update to v0.8.7: - BACKWARDS INCOMPATIBILITIES / NOTES:
* provider/aws: kinesis_endpoint & dynamodb_endpoint fields in the provider schema were deprecated in favour of kinesis & dynamodb inside the endpoints block. Deprecated fields will be removed in 0.9 (#11768) - FEATURES:
* New Interpolation: slice (#9729)
* New Provider: arukas (#11171)
* New Data Source: aws_db_instance (#11717)
* New Data Source: aws_vpn_gateway (#11886)
* New Data Source: google_compute_zones (#11954)
* New Resource: aws_elasticsearch_domain_policy (#8648)
* New Resource: aws_vpc_peering_connection_accepter (#11505)
* New Resource: aws_config_config_rule (#5850)
* New Resource: aws_config_configuration_recorder (#5850)
* New Resource: aws_config_configuration_recorder_status (#5850)
* New Resource: aws_config_delivery_channel (#5850)
* New Resource: azurerm_container_service (#10820)
* New Resource: vault_policy (#10980) - IMPROVEMENTS:
* provider/aws: Update aws_ssm_document to include document_type, latest_version and default_version (#11671)
* provider/aws: Support import of aws_opsworks_instance (#11783)
* provider/aws Add S3 bucket object tag support (#11344)
* provider/aws: Add validation for aws_iam_role (#11915)
* provider/fastly Allows for conditional settings across fastly (#11843)
* provider/openstack: Allow OpenStack SSL certs + keys to take path or content (#10271)
* provider/pagerduty: Add support for incident_urgency_rule, support_hours and scheduled_actions to pagerduty_service (#11856)
* provider/rancher: parse Rancher client cli.json config file (#11658)
* provider/vault: Use Vault api.DefaultConfig() (#11523) - Bug FIXES:
* core: resources that depend on create-before-destroy resources don\'t create cycles (#11753)
* core: create-before-destroy resources with a count > 1 create proper edges (#11753)
* core: fix \"diffs didn\'t match issue\" for removing or empty collections that force new (#11732)
* core: module sources ended in archive extensions without a \".\" won\'t be treated as archives (#11438)
* core: destroy ordering of resources within modules is correct (#11765)
* core: Fix crash if count interpolates into a non-int (#11864)
* core: Targeting a module will properly exclude untargeted module outputs (#11291)
* state/remote/s3: Fix Bug with Assume Role for Federated IAM Account (#10067)
* provider/aws: Fix security_group_rule resource timeout errors (#11809)
* provider/aws: Fix diff suppress function for aws_db_instance (#11909)
* provider/aws: Fix default values for AMI volume size (#11842)
* provider/aws: Fix aws_db_event_subscription import (#11744)
* provider/aws: Respect 400 returned from AWS API on RDS Cluster termination (#11795)
* provider/aws: Raise the codebuild_project create timeout (#11777)
* provider/aws: Make aws_dms_endpoint database_name optional (#11792)
* provider/aws: Bump Create and Delete timeouts to 60 mins on directory_service (#11793)
* provider/aws: aws_codecommit_trigger fix typo that causes serialization to fail when events is non-empty (#11839)
* provider/aws: Fix bug to allow update of maintenance_window in elasticache_replication_group (#11850)
* provider/azurerm: Don\'t push an empty set of ssh keys to virtual machine or they cannot be ammended (#11804)
* provider/azurerm: Refresh from state when VM Extension Resource not found (#11894)
* provider/cloudstack: Ensure consistent hashes of cloudstack_port_forward forward items. (#11546)
* provider/google: set additional_zones to computed and disallow the original zone from appearing in the list (#11650)
* provider/google: set subnetwork_project to computed (#11646)
* provider/openstack BlockStorage v1 availability_zone Fix (#11949)
* Wed Feb 08 2017 thippAATTsuse.de- Update to v0.8.6: - BACKWARDS INCOMPATIBILITIES / NOTES:
* provider/aws: aws_appautoscaling_policy no longer has default values for scalable_dimension and service_namespace - FEATURES:
* New Data Source: aws_kms_secret (#11460)
* New Data Source: aws_ecs_task_definition (#8509)
* New Data Source: aws_ecs_cluster (#11558)
* New Data Source: aws_partition (#11675)
* New Data Source: pagerduty_escalation_policy (#11616)
* New Data Source: pagerduty_schedule (#11614)
* New Data Source: profitbricks_datacenter (#11520)
* New Data Source: profitbricks_location (#11520)
* New Data Source: profitbricks_image (#11520)
* New Resource: aws_sfn_activity (#11420)
* New Resource: aws_sfn_state_machine (#11420)
* New Resource: aws_codebuild_project (#11560)
* New Resource: aws_dms_certificate (#11122)
* New Resource: aws_dms_endpoint (#11122)
* New Resource: aws_dms_replication_instance (#11122)
* New Resource: aws_dms_replication_subnet_group (#11122)
* New Resource: aws_dms_replication_subnet_group (#11122)
* New Resource: pagerduty_addon (#11620) - IMPROVEMENTS:
* core: Interaction with Atlas now supports the ATLAS_TLS_NOVERIFY environment variable (#11576)
* provider/aws: Add EBS Volume support for EMR Instance Groups (#11411)
* provider/aws: Add support for policy to AWS provider assume_role (#11501)
* provider/aws: Add support for more sns_topic_subscription parameters on import command (#10408)
* provider/aws: Add support for Sever Side Encryption with default S3 KMS key to aws_s3_bucket_object (#11261)
* provider/aws: Add support for Cross Region RDS Cluster Replica (#11428)
* provider/aws: Add sensitive attribute in master_password (#11584)
* provider/aws: Application Auto Scaling now supports scaling an Amazon EC2 Spot fleet (#8697)
* provider/aws: Add tag support to DynamoDb tables (#11617)
* provider/aws: Provide the certificate ID in the aws data source (#11693)
* provider/aws: Wait for instance_profile creation to complete (#11678)
* provider/azurerm: Add support for scale sets overprovision (#11516)
* provider/azurerm: support import for load balancer and sub resources (#11610)
* provider/fastly: Adds papertrail logging (#11491)
* provider/fastly: Adds format_version for s3logging (#11725)
* provider/fastly: Adds healthcheck service (#11709)
* provider/google: allow instance group managers in region other than project (#11294)
* provider/google: Add second generation disk specification options (#11571)
* provider/google: remote_traffic_selector for google_compute_vpn_tunnel (#11020)
* provider/nomad: Update jobspec dependency to allow parsing parameterized nomad jobfiles (#11691)
* provider/google: No default root user for SQL (#11590)
* provider/opsgenie: Descriptions for Teams (#11391)
* provider/rancher: rancher_registration_token add image parameter (#11551)
* provider/rancher: allow for importing resources using environment ID to target (#11688) - BUG FIXES:
* core: Remove missed subfields when parent list is removed (#11498)
* command/fmt: Trailing blocks of comments at the end of files are formatted properly (#11585)
* provider/aws: Fix issue with path not updated when modifying AWS API Gateway Resource (#11443)
* provider/aws: Fix AWS Lambda Qualifier Regexp for aws_lambda_permission (#11383)
* provider/aws: allow destroy of LB stickiness policy with missing LB (#11462)
* provider/aws: ECS Placement constraints fix (#11475)
* provider/aws: retry kms_key CreateKey if arn in policy not yet seen (#11509)
* provider/aws: Fix ALB Listener Rule Import (#1174)
* provider/aws: Fix issue with ECS Placement Strat. and type casing (#11565)
* provider/aws: aws_route53_record import error processing (#11603)
* provider/aws: Fix panic in aws_rds_cluster missing parameter error message (#11600)
* provider/aws: Succeed creating aws_volume_attachment if identical attachment exists (#11060)
* provider/aws: Guard against panic in aws_vpc_endpoint_association (#11613)
* provider/aws: Allow root volume size changes in aws_instance (#11619)
* provider/aws: Fix spot instance request block device configs (#11649)
* provider/aws: Fix validation issues for onceAWeek and onceADay validation functions (#11679)
* provider/aws: Return route_table_id from aws_route_table data source (#11703)
* provider/aws: validate aws_alb_target_group name is less than 32 characters (#11699)
* provider/azurerm: Scale Sets Load balancer pools should not be computed (#11516)
* provider/azurerm: Scale Sets ip configuration handling and update support for load balancer backend pools. (#11516)
* provider/azurerm: check if lb sub resources exist when reading (#11553)
* provider/google: Fix master_instance_name to prevent slave rebuilds (#11477)
* provider/google: Refresh google_compute_instance machine_type on read (#11645)
* provider/google: Added forceNew on accessConfig in google_compute_instance_template (#11548)
* provider/ignition: Allow to add authorized keys without user creation (#11406)
* provider/ignition: mount and path are mutually exclusive (#11409)
* provider/ns1: Fix \"use_client_subnet\" in ns1_record (#11368)
* provider/openstack: Remove Default Security Group Rules on Create (#11466)
* provider/pagerduty: Allow timeouts to be disabled (pagerduty_service) (#11483)
* provider/rancher: Use environment specific client for accessing resources (#11503)
* provider/rancher: Refresh rancher stack from state on delete (#11539)
* provider/rancher: Refresh rancher token and registry from state on not found (#11543)
* provider/rancher: return error when Rancher template not found (#11544)
* provider/rancher: rancher_stack set docker_compose and rancher_compose (#11550)
* provider/rancher: Handle deleted/purged resources from Rancher (#11607)
* provider/statuscake: Remove computed from statuscake_test timeout parameter (#11541)
* provider/vsphere: vSphere virtual machine don\'t ignore VM power on errors (#11604)
* provisioner/remote-exec: Revert change in 0.8.5 that treated each line as a script since that doesn\'t work for stateful scripts. (#11692)
* provisioner/chef: Attributes JSON coming from computed source validates (#11502)
* Fri Jan 27 2017 thippAATTsuse.de- Update to v0.8.5: - BACKWARDS INCOMPATIBILITIES / NOTES:
* provider/aws: We no longer prefix an ECR repository address with https://
* provider/google: google_project has undergone significant changes. Existing configs and state should continue to work as they always have, but new configs and state will exhibit some new behaviour, including actually creating and deleting projects, instead of just referencing them. See https://www.terraform.io/docs/providers/google/r/google_project.html for more details. - FEATURES:
* New Data Source: aws_autoscaling_groups (#11303)
* New Data Source: aws_elb_hosted_zone_id (#11027)
* New Data Source: aws_instance (#11272)
* New Data Source: aws_canonical_user_id (#11332)
* New Data Source: aws_vpc_endpoint (#11323)
* New Provider: profitbricks (#7943)
* New Provider: alicloud (#11235)
* New Provider: ns1 (#10782)
* New Resource: aws_inspector_assessment_target (#11217)
* New Resource: aws_inspector_assessment_template (#11217)
* New Resource: aws_inspector_resource_group (#11217)
* New Resource: google_project_iam_policy (#10425)
* New Resource: google_project_services (#10425)
* New Interpolation Function: pathexpand() (#11277) - IMPROVEMENTS:
* command/fmt: Single line objects (such as variable \"foo\" {}) aren\'t separated by newlines
* provider/aws: Add \'route_table_id\' to route_table data source (#11157)
* provider/aws: Add Support for aws_cloudwatch_metric_alarm extended statistic (#11193)
* provider/aws: Make the type of a route53_record modifiable without recreating the resource (#11164)
* provider/aws: Add Placement Strategy to aws_ecs_service resource (#11201)
* provider/aws: Add support for placement_constraint to aws_ecs_service (#11242)
* provider/aws: allow ALB target group stickiness to be enabled/disabled (#11251)
* provider/aws: ALBs now wait for provisioning to complete before proceeding (#11333)
* provider/aws: Add support for setting MSSQL Timezone in aws_db_instance (#11247)
* provider/aws: CloudFormation YAML template support (#11121)
* provider/aws: Remove hardcoded https from the ecr repository (#11307)
* provider/aws: Implement CloudFront Lambda Function Associations (#11291)
* provider/aws: Remove MaxFrameRate default on ElasticTranscoderPreset (#11340)
* provider/aws: Allow ARN Identifier to be set for different partitions (#11359)
* provider/aws: Allow bypassing region validation (#11358)
* provider/aws: Added a s3_bucket domain name attribute (#10088)
* provider/aws: Add DiffSupressFunction to aws_db_instance\'s engine_version (#11369)
* provider/archive: Adding support for multiple source contents (#11271)
* provider/azurerm: add caching support for virtual_machine data_disks (#11142)
* provider/azurerm: make lb sub resources idempotent (#11128)
* provider/cloudflare: Add verification for record types and content (#11197)
* provider/datadog: Add aggregator method to timeboard graph resource (#11206)
* provider/fastly Add request_condition to backend definition (#11238)
* provider/google: Add subnetwork_project field to enable cross-project networking in instance templates (#11110)
* provider/google: Add support for encrypting a disk (#11167)
* provider/google: Add support for session_affinity to google_compute_region_backend_service (#11228)
* provider/google: Allow additional zones to be configured in GKE (#11018)
* provider/ignition: Allow empty dropin and content for systemd_units (#11327)
* provider/openstack: LoadBalancer Security Groups (#11074)
* provider/openstack: Volume Attachment Updates (#11285)
* provider/scaleway improve bootscript data source (#11183)
* provider/statuscake: Add support for StatusCake confirmation servers (#11179)
* provider/statuscake: Add support for Updating StatusCake contact_ids (#7115)
* provisioner/chef: Add support for named run-lists when using policyfiles (#11215)
* core: Add basic HTTP Auth for remote state backend (#11301) - BUG FIXES:
* command/fmt: Multiple # comments won\'t be separated by newlines. (#11209)
* command/fmt: Lists with a heredoc element that starts on the same line as the opening brace is formatted properly. (#11208)
* command/import: Provider configuration inheritance into modules works properly (#11393)
* command/import: Update help text to note that -var and -var-file work
* provider/aws: Fix panic when querying VPC\'s main route table via data source (#11134)
* provider/aws: Allow creating aws_codecommit repository outside of us-east-1 (#11177)
* provider/aws: Fix issue destroying or updating CloudFront due to missing Lambda Function Associations parameters (#11291)
* provider/aws: Correct error messages are now returned if an aws_autoscaling_lifecycle_hook fails during creation (#11360)
* provider/aws: Fix issue updating/destroying Spot Fleet requests when using terminate_instances_with_expiration (#10953)
* provider/azurerm: use configured environment for storage clients (#11159)
* provider/google: removes region param from google_compute_backend_service (#10903)
* provider/ignition: allowing empty systemd.content when a dropin is provided (#11216)
* provider/openstack: Increase deletion timeout for router interfaces (#11250)
* provider/openstack: Fix Instance Metadata Deletion (#11252)
* provider/scaleway: Rename Scaleway provider parameters to match more closely to the API (#10874)
* provider/vault: Remove user input for optional vault provider fields (#11082)
* provider/vsphere: Set deviceID to 0 if one 1 network interface in vsphere_virtual_machine (#8276)
* provisioner/remote-exec: fail on first inline script with bad exit code (#11155)
* Fri Jan 13 2017 thippAATTsuse.de- Update to v0.8.4: - BACKWARDS INCOMPATIBILITIES / NOTES:
* We have removed the Arukas provider that was added in v0.8.3 for this release. Unfortunately we found the new provider included a dependency that would not compile and run on Windows operating systems. For now the provider has been removed and we hope to work to reintroduce it for all platforms in the near future. Going forward we will also be taking additional steps in our build testing to ensure Terraform builds on all platforms before release.
* Tue Jan 10 2017 thippAATTsuse.de- Update to v0.8.3: - FEATURES:
* New Provider: Arukas (#10862)
* New Provider: Ignition (#6189)
* New Provider: OpsGenie (#11012)
* New Data Source: aws_vpc_peering_connection (#10913)
* New Resource: aws_codedeploy_deployment_config (#11062)
* New Resource: azurerm_container_registry (#10973)
* New Resource: azurerm_eventhub_authorization_rule (#10971)
* New Resource: azurerm_eventhub_consumer_group (#9902) - IMPROVEMENTS:
* command/fmt: Show filename on parse error (#10923)
* provider/archive: archive_file now exports output_md5 attribute in addition to existing SHA1 and Base64 SHA256 hashes. (#10851)
* provider/aws: Add most_recent to the ebs_snapshot data source (#10986)
* provider/aws: Add support for instance tenancy in aws_opsworks_instance (#10885)
* provider/aws: Added a validation for security group rule types (#10864)
* provider:aws: Add support for updating aws_emr_cluster parameters (#11008)
* provider/aws: Add Placement Constraints to aws_ecs_task_definition (#11030)
* provider/aws: Increasing timeout for redshift cluster creation to 75 minutes (#11041)
* provider/aws: Add support for content_handling to aws_api_gateway_integration_response (#11002)
* provider/aws: Add S3 bucket name validation (#11116)
* provider/aws: Add Route53 Record type validation (#11119)
* provider/azurerm: support non public clouds (#11026)
* provider/azurerm: Azure resource providers which are already registered are no longer re-registered. (#10991)
* provider/docker: Add network create --internal flag support (#10932)
* provider/docker: Add support for a list of pull_triggers within the docker_image resource. (#10845)
* provider/pagerduty Add delete support to pagerduty_service_integration (#10891)
* provider/postgresql Add permissions support to postgresql_schema as nested policy attributes (#10808) - BUG FIXES:
* core: Properly expand sets as lists from a flatmap [#11042]
* core: Disallow root modules named \"root\" as a temporary workaround (#11099)
* command/fmt: Lists of heredocs format properly (#10947)
* command/graph: Fix crash when -type=legacy (#11095)
* provider/aws: Guard against nil change output in route53_zone that causes panic (#10798)
* provider/aws: Reworked validateArn function to handle empty values (#10833)
* provider/aws: Set aws_autoscaling_policy metric_aggregation_type to be Computed (#10904)
* provider/aws: storage_class is now correctly treated as optional when configuring replication for aws_s3_bucket resources. (#10921)
* provider/aws: user_data on aws_launch_configuration resources is only base 64 encoded if the value provided is not already base 64 encoded. (#10871)
* provider/aws: Add snapshotting to the list of pending state for elasticache (#10965)
* provider/aws: Add support for updating tags in aws_emr_cluster (#11003)
* provider/aws: Fix the normalization of AWS policy statements (#11009)
* provider/aws: data_source_aws_iam_server_certificate latest should be bool not string causes panic (#11016)
* provider/aws: Fix typo in aws_redshift_cluster causing security groups to not allow update (#11025)
* provider/aws: Set key_name in aws_key_pair if omited in configuration (#10987)
* provider/aws: Updating the aws_efs_mount_target dns_name (#11023)
* provider/aws: Validate window time format for snapshot times and backup windows on RDS and ElastiCache resources (#11089)
* provider/aws: aws_db_instance restored from snapshot had problem with subnet_group (#11050)
* provider/aws: Allow disabled access_log in ELB (#11120)
* provider/azurerm: fix update protocol for lb_probe (#11125)
* provider/google: Fix backwards incompatibility around create_timeout in instances (#10858)
* provider/google: google_compute_instance_group_manager update_strategy not properly read (#10174)
* provider/openstack: Handle PENDING_UPDATE status with LBaaS v2 members (#10875)
* provider/rancher: Add \'finishing-upgrade\' state to rancher stack (#11019)
* Mon Jan 09 2017 thippAATTsuse.de- Update to v0.8.2: - FEATURES:
* New Provider: Ignition [GH-6189]
* New Provider: OpsGenie [GH-11012]
* New Data Source: aws_vpc_peering_connection [GH-10913]
* New Resource: azurerm_container_registry [GH-10973]
* New Resource: azurerm_eventhub_authorization_rule [GH-10971]
* New Resource: azurerm_eventhub_consumer_group [GH-9902] - IMPROVEMENTS:
* command/fmt: Show filename on parse error [GH-10923]
* provider/archive: archive_file now exports output_md5 attribute in addition to existing SHA1 and Base64 SHA256 hashes. [GH-10851]
* provider/aws: Add most_recent to the ebs_snapshot data source [GH-10986]
* provider/aws: Add support for instance tenancy in aws_opsworks_instance [GH-10885]
* provider/aws: Added a validation for security group rule types [GH-10864]
* provider:aws: Add support for updating aws_emr_cluster parameters [GH-11008]
* provider/aws: Add Placement Constraints to aws_ecs_task_definition [GH-11030]
* provider/aws: Increasing timeout for redshift cluster creation to 75 minutes [GH-11041]
* provider/azurerm: support non public clouds [GH-11026]
* provider/azurerm: Azure resource providers which are already registered are no longer re-registered. [GH-10991]
* provider/docker: Add network create --internal flag support [GH-10932]
* provider/docker: Add support for a list of pull_triggers within the docker_image resource. [GH-10845]
* provider/pagerduty Add delete support to pagerduty_service_integration [GH-10891]
* provider/postgresql Add permissions support to postgresql_schema as nested policy attributes [GH-10808] - BUG FIXES:
* command/fmt: Lists of heredocs format properly [GH-10947]
* provider/aws: Guard against nil change output in route53_zone that causes panic [GH-10798]
* provider/aws: Reworked validateArn function to handle empty values [GH-10833]
* provider/aws: Set aws_autoscaling_policy metric_aggregation_type to be Computed [GH-10904]
* provider/aws: storage_class is now correctly treated as optional when configuring replication for aws_s3_bucket resources. [GH-10921]
* provider/aws: user_data on aws_launch_configuration resources is only base 64 encoded if the value provided is not already base 64 encoded. [GH-10871]
* provider/aws: Add snapshotting to the list of pending state for elasticache [GH-10965]
* provider/aws: Add support for updating tags in aws_emr_cluster [GH-11003]
* provider/aws: Fix the normalization of AWS policy statements [GH-11009]
* provider/aws: data_source_aws_iam_server_certificate latest should be bool not string causes panic [GH-11016]
* provider/aws: Fix typo in aws_redshift_cluster causing security groups to not allow update [GH-11025]
* provider/aws: Set key_name in aws_key_pair if omited in configuration [GH-10987]
* provider/aws: Updating the aws_efs_mount_target dns_name [GH-11023]
* provider/google: Fix backwards incompatibility around create_timeout in instances [GH-10858]
* provider/openstack: Handle PENDING_UPDATE status with LBaaS v2 members [GH-10875]
* provider/rancher: Add \'finishing-upgrade\' state to rancher stack [GH-11019]
* Mon Dec 19 2016 thippAATTsuse.de- Update to v0.8.1: - IMPROVEMENTS:
* provider/aws: Support eu-west-2 (#10470)
* provider/aws: Improved the SNS topic subscription protocols validation (#10704)
* providers/google: Add subnetwork_project field to enable cross-project networking (#9662)
* provider/pagerduty: Allow \'team_responder\' role for pagerduty_user resource (#10728) - BUG FIXES:
* core: Handle whitespace around the key in the -var flag. (#10717)
* core: terraform block works in the presence of _override files (#10715)
* core: Fix error when a provider in a module only referenced a variable (#10719)
* core: Destroy ordering for resources that depend on each other across modules is correct (#745) - DEPRECATION REMOVALS:
* provider/aws: Removed deprecated parameter_group from aws_rds_cluster (#10733)- Update to v0.8.0: - BACKWARDS INCOMPATIBILITIES / NOTES:
* template_file inline templates must escape their variable usage. What was previously ${foo} must now be $${foo}. Note that this is only for inline templates. Templates read from files are unchanged. (#9698)
* Escape sequences used to require double-escaping when used within interpolations. You now must only escape once (which is the expected/typical behavior). For example: ${replace(var.foo, \"\\\\\", \"\\\\\\\\\")} is correct. Before, that would cause very strange behavior. However, this may break existing configurations which found a level of escape sequences to work. Check terraform plan for incorrect output.
* Math operators now follow the standard order of operations:
*, /, % followed by +, -. See the updated interpolation docs for more information. You can continue to force ordering with parentheses.
* Strings in configuration can no longer contain unescaped newlines. For unescaped newlines, heredocs must be used
*
* provider/aws: Anywhere where we can specify kms_key_id must now be a valid KMS Key ID ARN to stop continual diffs
*
* provider/chef: The chef provider now accepts key_material as an alternative to private_key_pem. The private_key_pem attribute will be deprecated in a future release
* provider/postgres: ssl_mode has been renamed sslmode to match common usage (#10682) - DEPRECATION REMOVALS:
* The template_file resource no longer accepts a direct file path for the template attribute. You may either specify a path wrapped in a file function or specify a file path with the filepath attribute. This was deprecated during 0.7.x. - FEATURES:
* New command: terraform console, an interactive console for experimenting with and using interpolations. (#10093)
* Terraform version requirement in configuration. You can now specify a Terraform version requirement in configuration and modules. (#10080)
* Conditional values: You can now use conditionals to determine the values of attributes. For example: count = \"${var.env == \"prod\" ? 1 : 0}\".
* depends_on can reference modules. This allows a resource or output to depend on everything within a module. (#10076)
* output supports depends_on. This is useful when the output depends on a certain ordering to happen that can\'t be represented with interpolations. (#10072)
* Providers and resources are now notified by Terraform core to \"stop\" when an interrupt is received, allowing resources to gracefully exit much, much faster. (#9607)
* The import command can now specify a provider alias to use. (#10310)
* The import command will now read provider configuration from Terraform configuration files (including loading tfvars files and so on). (#9809)
* New Provider: external (#8768)
* New Provider: nomad (#9538)
* New Provider: rancher (#9173)
* New Provider: vault (#9158)
* New Provider: Icinga2 (#8306)
* New Resource: aws_ebs_snapshot (#10017)
* New Resource: aws_lightsail_domain (#10637)
* New Resource: aws_lightsail_key_pair (#10583)
* New Resource: aws_lightsail_instance (#10473)
* New Resource: aws_opsworks_rds_db_instance (#10294)
* New Resource: aws_snapshot_create_volume_permission (#9891)
* New Resource: aws_vpc_endpoint_route_table_association (#10137)
* New Resource: google_compute_health_check (#10453)
* New Resource: google_compute_region_backend_service (#10453)
* New Resource: openstack_blockstorage_volume_attach_v2 (#10259)
* New Resource: openstack_compute_volume_attach_v2 (#10260)
* New Data Source: aws_ebs_snapshot (#10017)
* New Data Source: aws_eip (#9833)
* New Data Source: aws_iam_server_certificate (#10558)
* New Data Source: aws_route_table (#10301)
* New Data Source: aws_route53_zone (#9766)
* New Data Source: aws_vpc_endpoint_services (#10261)
* New Data Source: pagerduty_user (#10541)
* New Interpolation Function: timestamp (#10475)
* core: allow outputs to have descriptions (#9722)
* state/azure: support passing of lease ID when writing storage blob (#10115) - IMPROVEMENTS:
* core: Human-friendly error when a computed count is used. (#10060)
* core: Maps across multiple input sources (files, CLI, env vars) are merged. (#10654)
* core: SIGTERM also triggers graceful shutdown in addition to SIGINT (#10534)
* core: Plan will show deposed-only destroys for create-before-destroy resources. (#10404)
* command/plan: Show warning when a plan file is given as input to make behavior clear. (#10639)
* helper/schema: only map, list, and set elements that are actually causing a resource to destroy/create are marked as \"requires new\". (#9613)
* provider/aws: Add support for AWS CA Central 1 Region (#10618)
* provider/aws: Allow importing of aws_iam_role, aws_iam_role_policy and aws_iam_policy (#9398)
* provider/aws: Added s3 bucket region attribute management (#10482)
* provider/aws: Added SQS FIFO queues (#10614)
* provider/aws: Addition of suspended_processes to aws_autoscaling_group (#10096)
* provider/aws: added auto_minor_version_upgrade on aws_rds_cluster_insstance (#10284)
* provider/aws: Add JSON validation to the aws_iam_policy resource (#10239)
* provider/aws: Support MFA delete for s3 bucket versioning (#10020)
* provider/aws: Enable DeleteOnTermination in ENI when created by spot fleet (#9922)
* provider/aws: Enforced kms_key_
* attributes to be ARNs (#10356)
* provider/aws: IPv6 Support To Cloudfront (#10332)
* provider/aws: Support import of aws_iam_instance_profile (#10436)
* provider/aws: Increase aws_emr_cluster timeout (#10444)
* provider/aws: Support Automatic Rollback of CodeDeploy deployments and CloudWatch Alarms for a Deployment Group (#9039)
* provider/aws: Add support for termination protection and autotermination to EMR (#10252)
* provider/aws: Add \"no_device\" support to ephemeral block devices (#10547)
* provider/aws: Added S3 Bucket replication (#10552)
* provider/aws: Add pgp_key to aws_iam_access_key to protect key. (#10615)
* provider/azurerm: make DiskSizeGB optional for azurerm_virtual_machine data_disks (#10232)
* provider/azurerm support license_type virtual_machine property (#10539)
* provider/azurerm: support import of routes, fix route_table (#10389)
* provider/azurerm: enable import of more resources (#10195)
* provider/azurerm: create common schema for location field, add diff suppress (#10409)
* provider/chef: Migrate Chef to use KEY_MATERIAL rather than using a Pem file (#10105)
* provider/cloudstack: Add option to set a custom network_domain for cloudstack_network (#10638)
* provider/cloudstack: Support using secondary IP addresses with the cloudstack_static_nat resource (#10420)
* provider/cloudstack: Support using secondary IP addresses with the cloudstack_port_forward resource (#10638)
* provider/datadog: Make monitor thresholds optional. (#10526)
* provider/datadog: Improve datadog timeboard support (#10027)
* provider/docker: Upload files into container before first start (#9520)
* provider/docker: authentication via values instead of files (#10151)
* provider/fastly add origin shielding (#10677)
* provider/fastly: add ssl_hostname option (#9629)
* provider/github: supports importing resources (#10382)
* provider/google: Add support for Internal Load Balancing (#10453)
* provider/google: Add Service Accounts resource (#9946)
* provider/google: Instances and templates now both support metadata_startup_script and metadata.startup-script. (#10537)
* provider/google: Added support for session affinity to compute_backend_service (#10387)
* provider/google: Projects are now importable (#10469)
* provider/google: SSL certificates can now specify prefix instead of a full name (#10684)
* provider/openstack: Add Swauth/Swift Authentication (#9943)
* provider/openstack: Detect Region for Importing Resources (#10509)
* provider/postgresql: Improved support for many PostgreSQL resources (#10682)
* provider/postgresql: Added \'connect_timeout\' argument to provider \'postgresql\' (#10380)
* provider/rundeck: enable validation for multiple values in an array (#8913)
* provider/rundeck: Add support for scheduler to rundeck_job (#9449)
* state/remote/swift: Add support for versioning state file in swift and expiring versioned state (#10055) - BUG FIXES:
* core: Escape sequences in interpolations work in every case. (#8709)
* core: Maps in outputs with computed values are no longer removed. (#9549)
* core: Direct indexing into a computed list no longer errors. (#10657)
* core: Validate fails on invalid keys in variable blocks. (#10658)
* core: Validate that only a single lifecycle block exists per rource. (#10656)
* core: When destroying, the resources of a provider that depends on another resource are destroyed first. (#10659)
* core: Catch parse errors for null characters mid-file (#9134)
* core: Remove extra dot from state command backup files (#10300)
* core: Validate data sources do not have provisioners (#10318)
* core: Disable checkpoint settings take effect (#10206)
* core: Changed attribute console output shows up on Windows. (#10417)
* core: Destroying deposed resources in create before destroy waits until the creation step of its specific index. (0.8 regression) (#10416)
* core: Certain invalid configurations will no longer print \"illegal\". (#10448)
* core: Fix a crash that could occur when multiple deposed instances exist. (#10504)
* core: Fix a diff mismatch error that could happen when a resource depends on a count resource being decreased. (#10522)
* core: On Unix machines if getent is not available, fall back to shell to find home dir. (#10515)
* command/fmt: Multiline comments aren\'t indented every fmt. (#6524)
* communicator/ssh: Avoid race that could cause parallel remote execs on the same host to overwrite each other (#10549)
* provider/aws: Added Lambda function guard when needed attributes are not set (#10663)
* provider/aws: Allow import of aws_security_groups with more than one source_security_group_id rule (#9477)
* provider/aws: Allow setting the DB Instance name when restoring from a snapshot (#10664)
* provider/aws: Fix issue importing aws_vpc_peering_connection (#10635)
* provider/aws: Fixed deletion of aws_api_gateway_base_path_mapping with empty path (#10177)
* provider/aws: Fix issue removing Lambda environment variables (#10492)
* provider/aws: Skip VPC endpoint routes when removing default route table\'s routes (#10303)
* provider/aws: Do not return a root device for instance store backed AMIs. (#9483)
* provider/aws: resource_aws_opsworks_application does not accept document_root parameter (#10477)
* provider/aws: bug fix when specifying level on aws_opsworks_permission (#10394)
* provider/aws: cloudfront distribution 404 should mark as gone (#10281)
* provider/aws: Assign correct number of core instances (n-1) to aws-emr-cluster on update (#10529)
* provider/aws: Allow update of Service role on a CodeDeploy deployment group (#9866)
* provider/aws: fixed the api_gw_domain_name replace operation (#10179)
* provider/aws: Forces the API GW domain name certificates to recreate the resource (#10588)
* provider/aws: Validate effect in aws_iam_policy_document data source (#10021)
* provider/azurerm: fix virtual_machine reading plan as the wrong type (#10626)
* provider/azurerm: Prevent null reference when reading boot_diagnostics settings in azurerm_virtual_machine (#10283)
* provider/azurerm: azurerm_availability_set not is ForceNew for UpdateDomain and FaultDomain (#10545)
* provider/azurerm: fix servicebus_topic max_size_in_megabytes for premium namespaces (#10611)
* provider/azurerm: set ForceNew for storage image and OS disk of virtual_machine (#10340)
* provider/datadog: Refactor monitor tags to a list instead of a map. (#10570)
* provider/datadog 9869: Validate credentials when initialising client. (#10567)
* provider/openstack: More Import and Region Fixes (#10662)
* provider/openstack: Fix Ordering of Port Allowed Address Pairs (#10250)
* provider/template: No file path error when setting template to / (#10297)
* Thu Nov 24 2016 thippAATTsuse.de- Update to v0.7.13: - BUG FIXES:
* core: New graph records dependencies for explicit self references (#10319)- Update to v0.7.12: - BACKWARDS INCOMPATIBILITIES / NOTES:
* provider/cloudstack: cloudstack_static_nat has now deprecated network_id (#10204) - FEATURES:
* New Data Source: aws_alb_listener (#10181)
* New Resource: github_label (#10213) - IMPROVEMENTS:
* core: Experimental feature failures are less verbose. (#10276)
* provider/aws: Add name_prefix to aws_iam_policy (#10178)
* provider/aws: Add ability to select aws_prefix_list data source by name (#10248)
* provider/aws Return service CIDR blocks from aws_vpc_endpoint resource (#10254)
* provider/aws: Added environment configuration for AWS Lambda Functions (#10275) - BUG FIXES:
* core: Fix potential crashing race condition on state write (#10277)
* core: Data sources in modules lose their data. prefix when moved within the state (#9996)
* provider/aws: Fixed issue with enable_dns_support on creation in aws_vpc (#10171)
* provider/aws: Add CertificateNotFound retry waiter to aws_alb_listener (#10180)
* provider/aws: Remove IAM user\'s MFA devices with force_destroy (#10262)
* provider/scaleway: improve volume attachment (#10084)
* Thu Nov 17 2016 thippAATTsuse.de- Update to v0.7.11: - IMPROVEMENTS:
* provider/aws: Expose RDS DB Instance HostedZoneId attribute (#10000)
* provider/aws: Ignore AWS internal tags (#7454)
* provider/aws: Exposed aws_iam_role create_date attribute (#10091)
* provider/aws: Added aws_api_gateway_api_key created_date & last_updated_date attributes (#9530)
* provider/aws: Added aws_api_gateway_rest_api created_date attribute (#9532)
* provider/aws: Exposed aws_api_gateway_deployment.created_date attribute (#9534)
* provider/aws: Added retry_duraction to redshift_configuration in kinesis_firehose_delivery_stream (#10113)
* provider/azurerm: allow updating load balancer sub-resources (#10016)
* provider/openstack: Instance user_data will now detect if input is already Base64-encode (#9966) - BUG FIXES:
* core: Fix diff mismatch error on \"Destroy: true to false\" scenarios. (#10139)
* core: New destroy graph -target includes dependencies. (#10036)
* core: New destroy graph creates proper edges through module outputs (#10068)
* core: Fix shadow error when using uuid() (#10106)
* core: Fix an issue where applies with data sources could hang (#10134)
* core: Fix plan operation diff mismatch for computed keys in slices (#10118)
* provider/aws: fix the validation of aws_redshift_cluster database_name (#10019)
* provider/aws: Fix panic in aws_acm_certificate datasource (#10051)
* provider/aws: increase aws_lambda_function timeout (#10116)
* provider/aws: Fixed ES buffering_interval option in kinesis_firehose_delivery_stream (#10112)- Update to v0.7.10: - FEATURES:
* New Resource: azurerm_eventhub (#9889)
* New Resource: azurerm_virtual_machine_extension (#9962)
* Experimental new plan graph: terraform plan is getting a new graph creation process for 0.8. This is now available behind a flag -Xnew-apply (on any command). This will become the default in 0.8. There may still be bugs. (#9973) - IMPROVEMENTS:
* provider/aws: Add support for Service Access Security Group in aws_emr_cluster (#9600)
* provider/aws: Add Enhanced VPC routing to Redshift (#9950)
* provider/aws: Add key_name_prefix argument to aws_key_pair resource (#9993)
* provider/openstack: Add value_specs to openstack_fw_policy_v1 resource, allowing vendor information (#9835)
* provider/openstack: Add value_specs to openstack_fw_firewall_v1 resource, allowing vendor information (#9836)
* provider/random: The b64 attribute on random_id resources is deprecated, replaced by b64_url and b64_std (#9903) - BUG FIXES:
* core: Splat variables (foo.
*.bar) are now ordered by count index for deterministic ordering. (#9883)
* core: Prune orphan outputs (in the config but not in the state). (#9971)
* core: New apply graph doesn\'t prune module variables as aggressively. (#9898)
* core: New apply graph properly configures providers with aliases. (#9894)
* core: New destroy graph doesn\'t create edge loops to destroy nodes that reference themselves. (#9968)
* provider/aws: Fix crash when adding EBS volumes to spot fleet request. (#9857)
* provider/aws: Ignore NoSuchEntity error when IAM user does not have login profile (#9900)
* provider/aws: Setting static_routes_only on import of vpn_connection (#9802)
* provider/aws: aws_alb_target_group arn_suffix missing the targetgroup (#9911)
* provider/aws: Fix the validateFunc of aws_elasticache_replication_group (#9918)
* provider/aws: removing toLower when setting aws_db_parameter_group options (#9820)
* provider/aws: Fix panic when passing statuses to aws_acm_certificate (#9990)
* provider/aws: AWS IAM, User and Role allow + in the name (#9991)
* provider/scaleway: retry volume attachment (#9972)
* provider/scaleway: fix scaleway_image datasource returning unknown images (#9899)
* provider/google: fix crash when mistakenly configuring disks (#9942)- Update to v0.7.9: - FEATURES:
* New Data Source: aws_acm_certificate (#8359)
* New Resource: aws_autoscaling_attachment (#9146)
* New Resource: postgresql_extension (#9210) - IMPROVEMENTS:
* core: Improve shadow graph robustness by catching panics during graph evaluation. (#9852)
* provider/aws: Provide the option to skip_destroy on aws_volume_attachment (#9792)
* provider/aws: Allows aws_alb security_groups to be updated (#9804)
* provider/aws: Add the enable_sni attribute for Route53 health checks. (#9822)
* provider/openstack: Add value_specs to openstack_fw_rule_v1 resource, allowing vendor information (#9834)
* state/remote/swift: Enable OpenStack Identity/Keystone v3 authentication (#9769)
* state/remote/swift: Now supports all login/config options that the OpenStack Provider supports (#9777) - BUG FIXES:
* core: Provisioners in modules do not crash during apply (regression). (#9846)
* core: Computed bool fields with non-bool values will not crash (#9812)
* core: formatlist interpolation function accepts an empty list (#9795)
* core: Validate outputs have a name (#9823)
* core: Validate variables have a name (#9818)
* command/apply: If a partial set of required variables are provided with -var, ask for the remainder (#9794)
* command/fmt: Multiline strings aren\'t erroneously indented (#9859)
* provider/aws: Fix issue setting certificate_upload_date in aws_api_gateway_domain_name (#9815)
* provider/azurerm: allow storage_account resource with name \"$root\" (#9813)
* provider/google: fix for looking up project image families (#9243)
* provider/openstack: Don\'t pass shared in FWaaS Policy unless it\'s set (#9830)
* provider/openstack: openstack_fw_firewall_v1 admin_state_up should default to true (#9832) - PLUGIN CHANGES:
* Fields in resources can now have both Optional and ConflictsWith (#9825)
* Wed Nov 02 2016 moioAATTsuse.com- Update to v0.7.8- BACKWARDS INCOMPATIBILITIES / NOTES:
* provider/openstack: The OpenStack provider has switched to the new Gophercloud SDK. No front-facing changes were made, but please be aware that there might be bugs. Please report any if found.
* archive_file is now a data source, instead of a resource (#8492)- FEATURES:
* Experimental new apply graph: terraform apply is getting a new graph creation process for 0.8. This is now available behind a flag -Xnew-apply (on any command). This will become the default in 0.8. There may still be bugs. (#9388)
* Experimental new destroy graph: terraform destroy is also getting a new graph creation process for 0.8. This is now available behind a flag -Xnew-destroy. This will become the default in 0.8. (#9527)
* New Provider: pagerduty (#9022)
* New Resource: aws_iam_user_login_profile (#9605)
* New Resource: aws_waf_ipset (#8852)
* New Resource: aws_waf_rule (#8852)
* New Resource: aws_waf_web_acl (#8852)
* New Resource: aws_waf_byte_match_set (#9681)
* New Resource: aws_waf_size_constraint_set (#9689)
* New Resource: aws_waf_sql_injection_match_set (#9709)
* New Resource: aws_waf_xss_match_set (#9710)
* New Resource: aws_ssm_activation (#9111)
* New Resource: azurerm_key_vault (#9478)
* New Resource: azurerm_storage_share (#8674)
* New Resource: azurerm_eventhub_namespace (#9297)
* New Resource: cloudstack_security_group (#9103)
* New Resource: cloudstack_security_group_rule (#9645)
* New Resource: cloudstack_private_gateway (#9637)
* New Resource: cloudstack_static_route (#9637)
* New DataSource: aws_ebs_volume (#9753)
* New DataSource: aws_prefix_list (#9566)
* New DataSource: aws_security_group (#9604)
* New DataSource: azurerm_client_config (#9478)
* New Interpolation Function: ceil (#9692)
* New Interpolation Function: floor (#9692)
* New Interpolation Function: min (#9692)
* New Interpolation Function: max (#9692)
* New Interpolation Function: title (#9087)
* New Interpolation Function: zipmap (#9627)- IMPROVEMENTS:
* provider/aws: No longer require route_table_ids list in aws_vpc_endpoint resources (#9357)
* provider/aws: Allow description in aws_redshift_subnet_group to be modified (#9515)
* provider/aws: Add tagging support to aws_redshift_subnet_group (#9504)
* provider/aws: Add validation to IAM User and Group Name (#9584)
* provider/aws: Add Ability To Enable / Disable ALB AccessLogs (#9290)
* provider/aws: Add support for AutoMinorVersionUpgrade to aws_elasticache_replication_group resource. (#9657)
* provider/aws: Fix import of RouteTable with destination prefixes (#9686)
* provider/aws: Add support for reference_name to aws_route53_health_check (#9737)
* provider/aws: Expose ARN suffix on ALB Target Group (#9734)
* provider/azurerm: add account_kind and access_tier to storage_account (#9408)
* provider/azurerm: write load_balanacer attributes to network_interface_card hash (#9207)
* provider/azurerm: Add disk_size_gb param to VM storage_os_disk (#9200)
* provider/azurerm: support importing of subnet resource (#9646)
* provider/azurerm: Add support for all of the Azure regions e.g. Germany, China and Government (#9765)
* provider/digitalocean: Allow resizing DigitalOcean Droplets without increasing disk size. (#9573)
* provider/google: enhance service scope list (#9442)
* provider/google Change default MySQL instance version to 5.6 (#9674)
* provider/google Support MySQL 5.7 instances (#9673)
* provider/google: Add support for using source_disk to google_compute_image (#9614)
* provider/google: Add support for default-internet-gateway alias for google_compute_route (#9676)
* provider/openstack: Added value_specs to openstack_networking_port_v2, allowing vendor information (#9551)
* provider/openstack: Added value_specs to openstack_networking_floatingip_v2, allowing vendor information (#9552)
* provider/openstack: Added value_specs to openstack_compute_keypair_v2, allowing vendor information (#9554)
* provider/openstack: Allow any protocol in openstack_fw_rule_v1 (#9617)
* provider/openstack: expose LoadBalancer v2 VIP Port ID (#9727)
* provider/openstack: Openstack Provider enhancements including environment variables (#9725)
* provider/scaleway: update sdk for ams1 region (#9687)
* provider/scaleway: server volume property (#9695)- BUG FIXES:
* core: Resources suffixed with \'panic\' won\'t falsely trigger crash detection. (#9395)
* core: Validate lifecycle options don\'t contain interpolations. (#9576)
* core: Tainted resources will not process ignore_changes. (#7855)
* core: Boolean looking values passed in via -var no longer cause type errors. (#9642)
* core: Computed primitives in certain cases no longer cause diff mismatch errors. (#9618)
* core: Empty arrays for list vars in JSON work (#8886)
* core: Boolean types in tfvars work propertly (#9751)
* core: Deposed resource destruction is accounted for properly in apply counts. (#9731)
* core: Check for graph cycles on resource expansion to catch cycles between self-referenced resources. (#9728)
* core: prevent_destroy prevents decreasing count (#9707)
* core: removed optional items will trigger \"requires new\" if necessary (#9699)
* command/apply: -backup and -state-out work with plan files (#9706)
* command/fmt: Cleaner formatting for multiline standalone comments above resources
* command/validate: respond to --help (#9660)
* provider/archive: Converting to datasource. (#8492)
* provider/aws: Fix issue importing AWS Instances and setting the correct associate_public_ip_address value (#9453)
* provider/aws: Fix issue with updating ElasticBeanstalk environment variables (#9259)
* provider/aws: Allow zero value for scaling_adjustment in aws_autoscaling_policy when using SimpleScaling (#8893)
* provider/aws: Increase ECS service drain timeout (#9521)
* provider/aws: Remove VPC Endpoint from state if it\'s not found (#9561)
* provider/aws: Delete Loging Profile from IAM User on force_destroy (#9583)
* provider/aws: Exposed aws_api_gw_domain_name.certificate_upload_date attribute (#9533)
* provider/aws: fix aws_elasticache_replication_group for Redis in cluster mode (#9601)
* provider/aws: Validate regular expression passed via the ami data_source name_regex attribute. (#9622)
* provider/aws: Bug fix for NoSuckBucket on Destroy of aws_s3_bucket_policy (#9641)
* provider/aws: Refresh aws_autoscaling_schedule from state on 404 (#9659)
* provider/aws: Allow underscores in IAM user and group names (#9684)
* provider/aws: aws_ami: handle deletion of AMIs (#9721)
* provider/aws: Fix aws_route53_record alias perpetual diff (#9704)
* provider/aws: Allow active state while waiting for the VPC Peering Connection. (#9754)
* provider/aws: Normalize all-principals wildcard in aws_iam_policy_document (#9720)
* provider/azurerm: Fix Azure RM loadbalancer rules validation (#9468)
* provider/azurerm: Fix servicebus_topic values when using the Update func to stop perpetual diff (#9323)
* provider/azurerm: lower servicebus_topic max size to Azure limit (#9649)
* provider/azurerm: Fix VHD deletion when VM and Storage account are in separate resource groups (#9631)
* provider/azurerm: Guard against panic when importing arm_virtual_network (#9739)
* provider/azurerm: fix sql_database resource reading tags (#9767)
* provider/cloudflare: update client library to stop connection closed issues (#9715)
* provider/consul: Change to consul_service resource to introduce a service_id parameter (#9366)
* provider/datadog: Ignore float/int diffs on thresholds (#9466)
* provider/docker: Fixes for docker_container host object and documentation (#9367)
* provider/scaleway improve the performance of server deletion (#9491)
* provider/scaleway: fix scaleway_volume_attachment with count > 1 (#9493)
* Mon Oct 31 2016 moioAATTsuse.com- Update to v0.7.7 - FEATURES:
* New Data Source: scaleway_bootsscript. (#9386)
* New Data Source: scaleway_image. [GH-9386] - IMPROVEMENTS:
* core: When the environment variable TF_LOG_PATH is specified, debug logs are now appended to the specified file instead of being truncated. (#9440)
* provider/aws: Expose ARN for aws_lambda_alias. (#9390)
* provider/aws: Add support for AWS US East (Ohio) region. (#9414)
* provider/scaleway: scaleway_ip, scaleway_security_group, scalway_server and scaleway_volume resources can now be imported. (#9387) - BUG FIXES:
* core: List and map indexes support arithmetic. (#9372)
* core: List and map indexes are implicitly converted to the correct type if possible. (#9372)
* provider/aws: Read back associate_public_ip_address in aws_launch_configuration resources to enable importing. (#9399)
* provider/aws: Remove aws_route resources from state if their associated aws_route_table has been removed. (#9431)
* provider/azurerm: Load balancer resources now have their id attribute set to the resource URI instead of the load balancer URI. (#9401)
* provider/google: Fix a bug causing a crash when migrating google_compute_target_pool resources from 0.6.x releases. (#9370)- Update to v0.7.6 - BACKWARDS INCOMPATIBILITIES / NOTES:
* azurerm_virtual_machine has deprecated the use of diagnostics_profile in favour of boot_diagnostics. (#9122)
* The deprecated key_file and bastion_key_file arguments to Provisioner Connections have been removed (#9340) - FEATURES:
* New Data Source: aws_billing_service_account (#8701)
* New Data Source: aws_availability_zone (#6819)
* New Data Source: aws_region (#6819)
* New Data Source: aws_subnet (#6819)
* New Data Source: aws_vpc (#6819)
* New Resource: azurerm_lb (#9199)
* New Resource: azurerm_lb_backend_address_pool (#9199)
* New Resource: azurerm_lb_nat_rule (#9199)
* New Resource: azurerm_lb_nat_pool (#9199)
* New Resource: azurerm_lb_probe (#9199)
* New Resource: azurerm_lb_rule (#9199)
* New Resource: github_repository (#9327) - IMPROVEMENTS:
* core-validation: create validation package to provide common validation functions (#8103)
* provider/aws: Support Import of OpsWorks Custom Layers (#9252)
* provider/aws: Automatically constructed ARNs now support partitions other than aws, allowing operation with aws-cn and aws-us-gov (#9273)
* provider/aws: Retry setTags operation for EC2 resources (#7890)
* provider/aws: Support refresh of EC2 instance user_data (#6736)
* provider/aws: Poll to confirm delete of resource_aws_customer_gateway (#9346)
* provider/azurerm: expose default keys for servicebus_namespace (#9242)
* provider/azurerm: add enable_blob_encryption to azurerm_storage_account resource (#9233)
* provider/azurerm: set resource_group_name on resource import across the provider (#9073)
* provider/azurerm: azurerm_cdn_profile resources can now be imported (#9306)
* provider/datadog: add support for Datadog dashboard \"type\" and \"style\" options (#9228)
* provider/scaleway: region is now supported for provider configuration - BUG FIXES:
* core: Local state can now be refreshed when no resources exist (#7320)
* core: Orphaned nested (depth 2+) modules will inherit provider configs (#9318)
* core: Fix crash when a map key contains an interpolation function (#9282)
* core: Numeric variables values were incorrectly converted to numbers (#9263)
* core: Fix input and output of map variables from HCL (#9268)
* core: Crash when interpolating a map value with a function in the key (#9282)
* core: Crash when copying a nil value in an InstanceState (#9356)
* command/fmt: Bare comment groups no longer have superfluous newlines
* command/fmt: Leading comments on list items are formatted properly
* provider/aws: Return correct AMI image when most_recent is set to true. (#9277)
* provider/aws: Fix issue with diff on import of aws_eip in EC2 Classic (#9009)
* provider/aws: Handle EC2 tags related errors in CloudFront Distribution resource. (#9298)
* provider/aws: Fix cause error when using etag and kms_key_id with aws_s3_bucket_object (#9168)
* provider/aws: Fix issue reassigning EIP instances appropriately (#7686)
* provider/azurerm: removing resources from state when the API returns a 404 for them (#8859)
* provider/azurerm: Fixed a panic in azurerm_virtual_machine when using diagnostic_profile (#9122)
* Tue Oct 11 2016 thippAATTsuse.de- Update to v0.7.5 - BACKWARDS INCOMPATIBILITIES / NOTES:
* tls_cert_request is now a managed resource instead of a data source, restoring the pre-Terraform 0.7 behaviour (#9035) - FEATURES:
* New Provider: bitbucket (#7405)
* New Resource: aws_api_gateway_client_certificate (#8775)
* New Resource: azurerm_servicebus_topic (#9151)
* New Resource: azurerm_servicebus_subscription (#9185)
* New Resource: aws_emr_cluster (#9106)
* New Resource: aws_emr_instance_group (#9106) - IMPROVEMENTS:
* helper/schema: Adding of MinItems as a validation to Lists and Maps (#9216)
* provider/aws: Add JSON validation to the aws_cloudwatch_event_rule resource (#8897)
* provider/aws: S3 bucket policies are imported as separate resources (#8915)
* provider/aws: S3 bucket policies can now be removed via the aws_s3_bucket resource (#8915)
* provider/aws: Added a cluster_address attribute to aws elasticache (#8935)
* provider/aws: Add JSON validation to the aws_elasticsearch_domain resource. (#8898)
* provider/aws: Add JSON validation to the aws_kms_key resource. (#8900)
* provider/aws: Add JSON validation to the aws_s3_bucket_policy resource. (#8901)
* provider/aws: Add JSON validation to the aws_sns_topic resource. (#8902)
* provider/aws: Add JSON validation to the aws_sns_topic_policy resource. (#8903)
* provider/aws: Add JSON validation to the aws_sqs_queue resource. (#8904)
* provider/aws: Add JSON validation to the aws_sqs_queue_policy resource. (#8905)
* provider/aws: Add JSON validation to the aws_vpc_endpoint resource. (#8906)
* provider/aws: Update aws_cloudformation_stack data source with new helper function. (#8907)
* provider/aws: Add JSON validation to the aws_s3_bucket resource. (#8908)
* provider/aws: Add support for cloudwatch_logging_options to Firehose Delivery Streams (#8671)
* provider/aws: Add HTTP/2 support via the http_version parameter to CloudFront distribution (#8777)
* provider/aws: Add query_string_cache_keys to allow for selective caching of CloudFront keys (#8777)
* provider/aws: Support Import aws_elasticache_cluster (#9010)
* provider/aws: Add support for tags to aws_cloudfront_distribution (#9011)
* provider/aws: Support Import aws_opsworks_stack (#9124)
* provider/aws: Support Import aws_elasticache_replication_groups (#9140)
* provider/aws: Add new aws api-gateway integration types (#9213)
* provider/aws: Import aws_db_event_subscription (#9220)
* provider/azurerm: Add normalizeJsonString and validateJsonString functions (#8909)
* provider/azurerm: Support AzureRM Sql Database DataWarehouse (#9196)
* provider/openstack: Use proxy environment variables for communication with services (#8948)
* provider/vsphere: Adding detach_unknown_disks_on_delete flag for VM resource (#8947)
* provisioner/chef: Add skip_register attribute to allow skipping the registering steps (#9127) - BUG FIXES:
* core: Fixed variables not being in scope for destroy -target on modules (#9021)
* core: Fixed issue that prevented diffs from being properly generated in a specific resource schema scenario (#8891)
* provider/aws: Remove support for ah and esp literals in Security Group Ingress/Egress rules; you must use the actual protocol number for protocols other than tcp, udp, icmp, or all (#8975)
* provider/aws: Do not report drift for effect values differing only by case in AWS policies (#9139)
* provider/aws: VPC ID, Port, Protocol and Name change on aws_alb_target_group will ForceNew resource (#8989)
* provider/aws: Wait for Spot Fleet to drain before removing from state (#8938)
* provider/aws: Fix issue when importing aws_eip resources by IP address (#8970)
* provider/aws: Ensure that origin_access_identity is a required value within the CloudFront distribution s3_config block (#8777)
* provider/aws: Corrected Seoul S3 Website Endpoint format (#9032)
* provider/aws: Fix failed remove S3 lifecycle_rule (#9031)
* provider/aws: Fix crashing bug in aws_ami data source when using name_regex (#9033)
* provider/aws: Fix reading dimensions on cloudwatch alarms (#9029)
* provider/aws: Changing snapshot_identifier on aws_db_instance resource should force… (#8806)
* provider/aws: Refresh AWS EIP association from state when not found (#9056)
* provider/aws: Make encryption in Aurora instances computed-only (#9060)
* provider/aws: Make sure that VPC Peering Connection in a failed state returns an error. (#9038)
* provider/aws: guard against aws_route53_record delete panic (#9049)
* provider/aws: aws_db_option_group flattenOptions failing due to missing values (#9052)
* provider/aws: Add retry logic to the aws_ecr_repository delete func (#9050)
* provider/aws: Modifying the parameter_group_name of aws_elasticache_replication_group caused a panic (#9101)
* provider/aws: Fix issue with updating ELB subnets for subnets in the same AZ (#9131)
* provider/aws: aws_route53_record alias refresh manually updated record (#9125)
* provider/aws: Fix issue detaching volumes that were already detached (#9023)
* provider/aws: Add retry to the aws_ssm_document delete func (#9188)
* provider/aws: Fix issue updating search_string in aws_cloudwatch_metric_alarm (#9230)
* provider/aws: Update EFS resource to read performance mode and creation_token (#9234)
* provider/azurerm: fix resource ID parsing for subscriptions resources (#9163)
* provider/librato: Mandatory name and conditions attributes weren\'t being sent on Update unless changed (#8984)
* provisioner/chef: Fix an error with parsing certain vault_json content (#9114)
* provisioner/chef: Change to order in which to cleanup the user key so this is done before the Chef run starts (#9114)
* Tue Sep 20 2016 thippAATTsuse.de- Update to v0.7.4 - FEATURES:
* New Resource: aws_codecommit_trigger (#8751)
* New Resource: aws_default_security_group (#8861)
* New Remote State Backend: manta (#8830) - IMPROVEMENTS:
* provider/aws: Support \'publish\' attribute in lambda_function (#8653)
* provider/aws: Add reader_endpoint RDS Clusters (#8884)
* provider/aws: Export AWS ELB service account ARN (#8700)
* provider/aws: Allow aws_alb to have the name auto-generated (#8673)
* provider/aws: Expose arn_suffix on aws_alb (#8833)
* provider/aws: Add JSON validation to the aws_cloudformation_stack resource (#8896)
* provider/aws: Add JSON validation to the aws_glacier_vault resource (#8899)
* provider/azurerm: support Diagnostics Profile (#8277)
* provider/google: Resources depending on the network attribute can now reference the network by self_link or name (#8639)
* provider/postgresql: The standard environment variables PGHOST, PGUSER, PGPASSWORD and PGSSLMODE are now supported for provider configuration (#8666)
* helper/resource: Add timeout duration to timeout error message (#8773)
* provisioner/chef: Support recreating Chef clients by setting recreate_client=true (#8577)
* provisioner/chef: Support encrypting existing Chef-Vaults for newly created clients (#8577) - BUG FIXES:
* core: Fix regression when loading variables from json (#8820)
* provider/aws: Prevent crash creating an aws_sns_topic with an empty policy (#8834)
* provider/aws: Bump aws_elasticsearch_domain timeout values (#672)
* provider/aws: aws_nat_gateways will now recreate on failed state (#8689)
* provider/aws: Prevent crash on account ID validation (#8731)
* provider/aws: aws_db_instance unexpected state when configurating enhanced monitoring (#8707)
* provider/aws: Remove region condition from aws_codecommit_repository (#8778)
* provider/aws: Support Policy DiffSuppression in aws_kms_key policy (#8675)
* provider/aws: Fix issue updating Elastic Beanstalk Environment variables (#8848)
* provider/scaleway: Fix security_group_rule identification (#8661)
* provider/cloudstack: Fix renaming a VPC with the cloudstack_vpc resource (#8784)
* Tue Sep 06 2016 thippAATTsuse.de- Update to v0.7.3 - BACKWARDS INCOMPATIBILITIES / NOTES:
* Terraform now validates the uniqueness of variable and output names in your configurations. In prior versions certain ways of duplicating variable names would work. This is now a configuration error (and should\'ve always been). If you get an error running Terraform you may need to remove the duplicates. Done right, this should not affect the behavior of Terraform.
* The internal structure of .terraform/modules changed slightly. For configurations with modules, you\'ll need to run terraform get again. - FEATURES:
* New Provider: rabbitmq (#7694)
* New Data Source: aws_cloudformation_stack (#8640)
* New Resource: aws_cloudwatch_log_stream (#8626)
* New Resource: aws_default_route_table (#8323)
* New Resource: aws_spot_datafeed_subscription (#8640)
* New Resource: aws_s3_bucket_policy (#8615)
* New Resource: aws_sns_topic_policy (#8654)
* New Resource: aws_sqs_queue_policy (#8657)
* New Resource: aws_ssm_association (#8376)
* New Resource: cloudstack_affinity_group (#8360)
* New Resource: librato_alert (#8170)
* New Resource: librato_service (#8170)
* New Remote State Backend: local (#8647)
* Data source blocks can now have a count associated with them (#8635)
* The count of a resource can now be referenced for interpolations: self.count and type.name.count work (#8581)
* Provisioners now support connection using IPv6 in addition to IPv4 (#6616) - IMPROVEMENTS:
* core: Add wildcard (match all) support to ignore_changes (#8599)
* core: HTTP module sources can now use netrc files for auth
* core: Show last resource state in a timeout error message (#8510)
* helper/schema: Add diff suppression callback (#8585)
* provider/aws: API Gateway Custom Authorizer (#8535)
* provider/aws: Add MemoryReservation To aws_ecs_container_definition data source (#8437)
* provider/aws: Add ability Enable/Disable For ELB Access logs (#8438)
* provider/aws: Add support for assuming a role prior to performing API operations (#8638)
* provider/aws: Export arn of aws_autoscaling_group (#8503)
* provider/aws: More robust handling of Lambda function archives hosted on S3 (#6860)
* provider/aws: Spurious diffs of aws_s3_bucket policy attributes due to JSON field ordering are reduced (#8615)
* provider/aws: name_regex attribute for local post-filtering of aws_ami data source results (#8403)
* provider/aws: Support for lifecycle hooks at ASG creation (#5620)
* provider/consul: Make provider settings truly optional (#8551)
* provider/statuscake: Add support for contact-group id in statuscake test (#8417) - BUG FIXES:
* core: Changing a module source from file to VCS no longer errors (#8398)
* core: Configuration is now validated prior to input, fixing an obscure parse error when attempting to interpolate a count (#8591)
* core: JSON configuration with resources with a single key parse properly (#8485)
* core: States with duplicate modules are detected and an error is shown (#8463)
* core: Validate uniqueness of variables/outputs in a module (#8482)
* core: -var flag inputs starting with / work
* core: -var flag inputs starting with a number work and was fixed in such a way that this should overall be a lot more resilient to inputs (#8044)
* provider/aws: Add AWS error message to retry APIGateway account update (#8533)
* provider/aws: Do not set empty string to state for aws_vpn_gateway availability zone (#8645)
* provider/aws: Fix. Adjust create and destroy timeout in aws_vpn_gateway_attachment. (#8636)
* provider/aws: Handle missing EFS mount target in aws_efs_mount_target (#8529)
* provider/aws: If an aws_security_group was used in Lambda function it may have prevented you from destroying such SG due to dangling ENIs created by Lambda service. These ENIs are now automatically cleaned up prior to SG deletion (#8033)
* provider/aws: Increase aws_route_table timeouts from 1 min to 2 mins (#8465)
* provider/aws: Increase aws_rds_cluster timeout to 40 minutes (#8623)
* provider/aws: Refresh aws_route from state if aws_route_table not found (#8443)
* provider/aws: Remove aws_elasticsearch_domain from state if it doesn\'t exist (#8643)
* provider/aws: Remove unsafe ptr dereferencing from ECS/ECR (#8514)
* provider/aws: Set apply_method to state in aws_db_parameter_group (#8603)
* provider/aws: Stop aws_instance source_dest_check triggering an API call on each terraform run (#8450)
* provider/aws: Wait for aws_route_53_record to be in-sync after a delete (#8646)
* provider/aws: aws_volume_attachment detachment errors are caught (#8479)
* provider/aws: adds resource retry to aws_spot_instance_request (#8516)
* provider/aws: Add validation of Health Check target to aws_elb. (#8578)
* provider/aws: Skip detaching when aws_internet_gateway not found (#8454)
* provider/aws: Handle all kinds of CloudFormation stack failures (#5606)
* provider/azurerm: Reordering the checks after an Azure API Get (#8607)
* provider/chef: Fix \"invalid header\" errors that could occur (#8382)
* provider/github: Remove unsafe ptr dereferencing (#8512)
* provider/librato: Refresh space from state when not found (#8596)
* provider/mysql: Fix breakage in parsing MySQL version string (#8571)
* provider/template: template_file vars can be floating point (#8590)
* provider/triton: Fix bug where the ID of a triton_key was used prior to being set (#8563)
* Tue Aug 30 2016 thippAATTsuse.de- Updated to v0.7.2 - BACKWARDS INCOMPATIBILITIES / NOTES:
* provider/openstack: changes were made to how volumes attached to instances are detected. If you attached a volume to an instance out of band to Terraform, it will be detached upon the next apply. You can resolve this by adding a volume entry for the attached volume.
* provider/aws: aws_spot_fleet_request has changed the associate_public_ip_address default from true to false - FEATURES:
* New Resource: aws_api_gateway_base_path_mapping (#8353)
* New Resource: aws_api_gateway_domain_name (#8353)
* New Resource: aws_ssm_document (#8460) - IMPROVEMENTS:
* core: Names generated with a unique prefix are now sortable based on age (#8249)
* provider/aws: Add Primary Endpoint Address attribute for aws_elasticache_replication_group (#8385)
* provider/aws: Add support for network_mode to aws_ecs_task_definition (#8391)
* provider/aws: Add support for LB target group to ECS service (#8190)
* provider/aws: Support Tags for aws_alb and aws_alb_target_group resources (#8422)
* provider/aws: Support snapshot_name for ElastiCache Cluster and Replication Groups (#8419)
* provider/aws: Add support to aws_redshift_cluster for restoring from snapshot (#8414)
* provider/aws: Add validation for master_password in aws_redshift_cluster (#8434)
* provider/openstack: Add allowed_address_pairs to openstack_networking_port_v2 (#8257) - BUG FIXES:
* core: fix crash case when malformed JSON given (#8295)
* core: when asking for input, spaces are allowed (#8394)
* core: module sources with URL encodings in the local file path won\'t error (#8418)
* command/apply: prefix destroying resources with module path (#8396)
* command/import: can import into specific indexes (#8335)
* command/push: -upload-modules=false works (#8456)
* command/state mv: nested modules can be moved (#8304)
* command/state mv: resources with a count > 1 can be moved (#8304)
* provider/aws: Refresh aws_lambda_event_source_mapping from state when NotFound (#8378)
* provider/aws: aws_elasticache_replication_group_id validation change (#8381)
* provider/aws: Fix possible crash if using duplicate Route53 records (#8399)
* provider/aws: Refresh aws_autoscaling_policy from state on 404 (#8430)
* provider/aws: Fix crash with VPC Peering connection accept/requests (#8432)
* provider/aws: AWS SpotFleet Requests now works with Subnets and AZs (#8320)
* provider/aws: Refresh aws_cloudwatch_event_target from state on ResourceNotFoundException (#8442)
* provider/aws: Validate aws_iam_policy_attachment Name parameter to stop being empty (#8441)
* provider/aws: Fix segmentation fault in aws_api_gateway_base_path_mapping resource (#8466)
* provider/google: fix crash regression from Terraform 0.7.1 on google_compute_firewall resource (#8390)
* provider/openstack: Volume Attachment and Detachment Fixes (#8172)
* Tue Aug 23 2016 thippAATTsuse.de- Updated to v0.7.1 - FEATURES:
* New Command: terraform state rm (#8200)
* New Provider: archive (#7322)
* New Resource: aws_alb (#8254)
* New Resource: aws_alb_listener (#8269)
* New Resource: aws_alb_target_group (#8254)
* New Resource: aws_alb_target_group_attachment (#8254)
* New Resource: aws_alb_target_group_rule (#8321)
* New Resource: aws_vpn_gateway_attachment (#7870)
* New Resource: aws_load_balancer_policy (#7458)
* New Resource: aws_load_balancer_backend_server_policy (#7458)
* New Resource: aws_load_balancer_listener_policy (#7458)
* New Resource: aws_lb_ssl_negotiation_policy (#8084)
* New Resource: aws_elasticache_replication_groups (#8275)
* New Resource: azurerm_virtual_network_peering (#8168)
* New Resource: azurerm_servicebus_namespace (#8195)
* New Resource: google_compute_image (#7960)
* New Resource: packet_volume (#8142)
* New Resource: consul_prepared_query (#7474)
* New Data Source: aws_ip_ranges (#7984)
* New Data Source: fastly_ip_ranges (#7984)
* New Data Source: aws_caller_identity (#8206)
* New Data Source: aws_elb_service_account (#8221)
* New Data Source: aws_redshift_service_account (#8224) - IMPROVEMENTS:
* provider/archive support folders in output_path (#8278)
* provider/aws: Introduce aws_elasticsearch_domain elasticsearch_version field (to specify ES version) (#7860)
* provider/aws: Add support for TargetGroups (aws_alb_target_groups) to aws_autoscaling_group [8327]
* provider/aws: CloudWatch Metrics are now supported for aws_route53_health_check resources (#8319)
* provider/aws: Query all pages of group membership (#6726)
* provider/aws: Query all pages of IAM Policy attachments (#7779)
* provider/aws: Change the way ARNs are built (#7151)
* provider/aws: Add support for Elasticsearch destination to firehose delivery streams (#7839)
* provider/aws: Retry AttachInternetGateway and increase timeout on aws_internet_gateway (#7891)
* provider/aws: Add support for Enhanced monitoring to aws_rds_cluster_instance (#8038)
* provider/aws: Add ability to set Requests Payer in aws_s3_bucket (#8065)
* provider/aws: Add ability to set canned ACL in aws_s3_bucket_object (#8091)
* provider/aws: Allow skipping credentials validation, requesting Account ID and/or metadata API check (#7874)
* provider/aws: API gateway request/response parameters can now be specified as map, original
*_in_json parameters deprecated (#7794)
* provider/aws: Add support for promotion_tier to aws_rds_cluster_instance (#8087)
* provider/aws: Allow specifying custom S3 endpoint and enforcing S3 path style URLs via new provider options (#7871)
* provider/aws: Add ability to set Storage Class in aws_s3_bucket_object (#8174)
* provider/aws: Treat aws_lambda_function w/ empty subnet_ids & security_groups_ids in vpc_config as VPC-disabled function (#6191)
* provider/aws: Allow source_ids in aws_db_event_subscription to be Updatable (#7892)
* provider/aws: Make aws_efs_mount_target creation fail for 2+ targets per AZ (#8205)
* provider/aws: Add force_destroy option to aws_route53_zone (#8239)
* provider/aws: Support import of aws_s3_bucket (#8262)
* provider/aws: Increase timeout for retrying creation of IAM role (#7733)
* provider/aws: Add ability to set peering options in aws_vpc_peering_connection. (#8310)
* provider/azure: add custom_data argument for azure_instance resource (#8158)
* provider/azurerm: Adds support for uploading blobs to azure storage from local source (#7994)
* provider/azurerm: Storage blob contents can be copied from an existing blob (#8126)
* provider/datadog: Allow tags to be configured for monitor resources. (#8284)
* provider/google: allows atomic Cloud DNS record changes (#6575)
* provider/google: Move URLMap hosts to TypeSet from TypeList (#7472)
* provider/google: Support static private IP addresses in resource_compute_instance (#6310)
* provider/google: Add support for using a GCP Image Family (#8083)
* provider/openstack: Support updating the External Gateway assigned to a Neutron router (#8070)
* provider/openstack: Support for value_specs param on openstack_networking_network_v2 (#8155)
* provider/openstack: Add value_specs param on openstack_networking_subnet_v2 (#8181)
* provider/vsphere: Improved SCSI controller handling in vsphere_virtual_machine (#7908)
* provider/vsphere: Adding disk type of Thick Lazy to vsphere_virtual_disk and vsphere_virtual_machine (#7916)
* provider/vsphere: Standardizing datastore references to use builtin Path func (#8075)
* provider/consul: add tls config support to consul provider (#7015)
* remote/consul: Support setting datacenter when using consul remote state (#8102)
* provider/google: Support import of google_compute_instance_template (#8147), google_compute_firewall (#8236), google_compute_target_pool (#8133), google_compute_fowarding_rule (#8122), google_compute_http_health_check (#8121), google_compute_autoscaler (#8115) - BUG FIXES:
* core: Fix issue preventing taint from working with resources that had no other attributes in their diff (#8167)
* core: CLI will only run exact match commands (#7983)
* core: Fix panic when resources ends up null in state file (#8120)
* core: Fix panic when validating a count with a unprefixed variable (#8243)
* core: Divide by zero in interpolations no longer panics (#7701)
* core: Fix panic on some invalid interpolation syntax (#5672)
* provider/aws: guard against missing image_digest in aws_ecs_task_definition (#7966)
* provider/aws: aws_cloudformation_stack now respects timeout_in_minutes field when waiting for CF API to finish an update operation (#7997)
* provider/aws: Prevent errors when aws_s3_bucket acceleration_status is not available in a given region (#7999)
* provider/aws: Add state filter to aws_availability_zones data source (#7965)
* provider/aws: Handle lack of snapshot ID for a volume in ami_copy (#7995)
* provider/aws: Retry association of IAM Role & instance profile (#7938)
* provider/aws: Fix aws_s3_bucket resource redirect_all_requests_to action (#7883)
* provider/aws: Fix issue updating ElasticBeanstalk Environment Settings (#7777)
* provider/aws: aws_rds_cluster creation timeout bumped to 40 minutes (#8052)
* provider/aws: Update ElasticTranscoder to allow empty notifications, removing notifications, etc (#8207)
* provider/aws: Fix line ending errors/diffs with IAM Server Certs (#8074)
* provider/aws: Fixing IAM data source policy generation to prevent spurious diffs (#6956)
* provider/aws: Correct how CORS rules are handled in aws_s3_bucket (#8096)
* provider/aws: allow numeric characters in RedshiftClusterDbName (#8178)
* provider/aws: aws_security_group now creates tags as early as possible in the process (#7849)
* provider/aws: Defensively code around db_security_group ingress rules (#7893)
* provider/aws: aws_spot_fleet_request throws panic on missing subnet_id or availability_zone (#8217)
* provider/aws: Terraform fails during Redshift delete if FinalSnapshot is being taken. (#8270)
* provider/azurerm: azurerm_storage_account will interrupt for Ctrl-C (#8215)
* provider/azurerm: Public IP - Setting idle timeout value caused panic. #8283
* provider/digitalocean: trim whitespace from ssh key (#8173)
* provider/digitalocean: Enforce Lowercase on IPV6 Addresses (#7652)
* provider/google: Use resource specific project when making queries/changes (#7029)
* provider/google: Fix read for the backend service resource (#7476)
* provider/mysql: mysql_user works with MySQL versions before 5.7.6 (#8251)
* provider/openstack: Fix typo in OpenStack LBaaSv2 pool resource (#8179)
* provider/vSphere: Fix for IPv6 only environment creation (#7643)
* provider/google: Correct update process for authorized networks in google_sql_database_instance (#8290)
* Fri Aug 05 2016 thippAATTsuse.de- Updated to v0.7.0 BACKWARDS INCOMPATIBILITIES / NOTES:- Terraform Core
* Terraform\'s built-in plugins are now distributed as part of the main Terraform binary, and use the go-plugin framework. Overrides are still available using separate binaries, but will need recompiling against Terraform 0.7.
* The terraform plan command no longer persists state. This makes the command much safer to run, since it is now side-effect free. The refresh and apply commands still persist state to local and remote storage. Any automation that assumes that terraform plan persists state will need to be reworked to explicitly call terraform refresh to get the equivalent side-effect. (The terraform plan command no longer has the -state-out or -backup flags due to this change.)
* The concat() interpolation function can no longer be used to join strings.
* Quotation marks may no longer be escaped in HIL expressions (#7201)
* Lists materialized using splat syntax, for example aws_instance.foo.
*.id are now ordered by the count index rather than lexographically sorted. If this produces a large number of undesirable differences, you can use the new sort() interpolation function to produce the previous behaviour.
* You now access the values of maps using the syntax var.map[\"key\"] or the lookup function instead of var.map.key.
* Outputs on terraform_remote_state resources are now top level attributes rather than inside the output map. In order to access outputs, use the syntax: terraform_remote_state.name.outputname. Currently outputs cannot be named config or backend.- AWS Provider
* aws_elb now defaults cross_zone_load_balancing to true
* aws_instance: EC2 Classic users may continue to use security_groups to reference Security Groups by their name. Users who are managing Instances inside VPCs will need to use vpc_security_group_ids instead, and reference the security groups by their id. Ref https://github.com/hashicorp/terraform/issues/6416#issuecomment-219145065
* aws_kinesis_firehose_delivery_stream: AWS Kinesis Firehose has been refactored to support Redshift as a destination in addition to S3. As a result, the configuration has changed and users will need to update their configuration to match the new s3_configuration block. Checkout the documentaiton on AWS Kinesis Firehose for more information (#7375)
* aws_route53_record: latency_routing_policy, geolocation_routing_policy, and failover_routing_policy block options have been added. With these additions we’ve renamed the weight attribute to weighted_routing_policy, and it has changed from a string to a block to match the others. Please see the updated documentation on using weighted_routing_policy: https://www.terraform.io/docs/providers/aws/r/route53_record.html . (#6954)
* aws_db_instance now defaults publicly_accessible to false- Microsoft Azure Provider
* In documentation, the \"Azure (Resource Manager)\" provider has been renamed to the \"Microsoft Azure\" provider.
* azurerm_dns_cname_record now accepts a single record rather than a list of records
* azurerm_virtual_machine computer_name now Required- Openstack Provider
* openstack_networking_subnet_v2 now defaults to turning DHCP on.
* openstack_fw_policy_v1 now correctly applies rules in the order they are specified. Upon the next apply, current rules might be re-ordered.
* The member attribute of openstack_lb_pool_v1 has been deprecated. Please ue the new openstack_lb_member_v1 resource.- Docker Provider
* keep_updated parameter removed from docker_image - This parameter never did what it was supposed to do. See relevant docs, specifically pull_trigger & new docker_registry_image data source to understand how to keep your docker_image updated.- Atlas Provider
* atlas_artifact resource has be deprecated. Please use the new atlas_artifact Data Source.- CloudStack Provider
* All deprecated parameters are removed from all CloudStack resources FEATURES:- Data sources are a new kind of primitive in Terraform. Attributes for data sources are refreshed and available during the planning stage. (#6598)- Lists and maps can now be used as first class types for variables and may also be passed between modules. (#6322)- State management CLI commands provide a variety of state manipulation functions for advanced use cases. This should be used where possible instead of manually modifying state files. (#5811)- State Import allows a way to import existing resources into Terraform state for many types of resource. Initial coverage of AWS is quite high, and it is straightforward to add support for new resources.- New Command: terraform state to provide access to a variety of state manipulation functions (#5811)- New Option: terraform output now supports the -json flag to print a machine-readable representation of outputs (#7608)- New Data Source: aws_ami (#6911)- New Data Source: aws_availability_zones (#6805)- New Data Source: aws_iam_policy_document (#6881)- New Data Source: aws_s3_bucket_object (#6946)- New Data Source: aws_ecs_container_definition (#7230)- New Data Source: atlas_artifact (#7419)- New Data Source: docker_registry_image (#7000)- New Data Source: consul_keys (#7678)- New Interpolation Function: sort (#7128)- New Interpolation Function: distinct (#7174)- New Interpolation Function: list (#7528)- New Interpolation Function: map (#7832)- New Provider: grafana (#6206)- New Provider: logentries (#7067)- New Provider: scaleway (#7331)- New Provider: random - allows generation of random values without constantly generating diffs (#6672)- New Remote State Provider: - gcs - Google Cloud Storage (#6814)- New Remote State Provider: - azure - Microsoft Azure Storage (#7064)- New Resource: aws_elb_attachment (#6879)- New Resource: aws_elastictranscoder_preset (#6965)- New Resource: aws_elastictranscoder_pipeline (#6965)- New Resource: aws_iam_group_policy_attachment (#6858)- New Resource: aws_iam_role_policy_attachment (#6858)- New Resource: aws_iam_user_policy_attachment (#6858)- New Resource: aws_rds_cluster_parameter_group (#5269)- New Resource: aws_spot_fleet_request (#7243)- New Resource: aws_ses_active_receipt_rule_set (#5387)- New Resource: aws_ses_receipt_filter (#5387)- New Resource: aws_ses_receipt_rule (#5387)- New Resource: aws_ses_receipt_rule_set (#5387)- New Resource: aws_simpledb_domain (#7600)- New Resource: aws_opsworks_user_profile (#6304)- New Resource: aws_opsworks_permission (#6304)- New Resource: aws_ami_launch_permission (#7365)- New Resource: aws_appautoscaling_policy (#7663)- New Resource: aws_appautoscaling_target (#7663)- New Resource: openstack_blockstorage_volume_v2 (#6693)- New Resource: openstack_lb_loadbalancer_v2 (#7012)- New Resource: openstack_lb_listener_v2 (#7012)- New Resource: openstack_lb_pool_v2 (#7012)- New Resource: openstack_lb_member_v2 (#7012)- New Resource: openstack_lb_monitor_v2 (#7012)- New Resource: vsphere_virtual_disk (#6273)- New Resource: github_repository_collaborator (#6861)- New Resource: datadog_timeboard (#6900)- New Resource: digitalocean_tag (#7500)- New Resource: digitalocean_volume (#7560)- New Resource: consul_agent_service (#7508)- New Resource: consul_catalog_entry (#7508)- New Resource: consul_node (#7508)- New Resource: consul_service (#7508)- New Resource: mysql_grant (#7656)- New Resource: mysql_user (#7656)- New Resource: azurerm_storage_table (#7327)- New Resource: azurerm_virtual_machine_scale_set (#6711)- New Resource: azurerm_traffic_manager_endpoint (#7826)- New Resource: azurerm_traffic_manager_profile (#7826)- core: Tainted resources now show up in the plan and respect dependency ordering (#6600)- core: The lookup interpolation function can now have a default fall-back value specified (#6884)- core: The terraform plan command no longer persists state. (#6811) IMPROVEMENTS:- core: The jsonencode interpolation function now supports encoding lists and maps (#6749)- core: Add the ability for resource definitions to mark attributes as \"sensitive\" which will omit them from UI output. (#6923)- core: Support . in map keys (#7654)- core: Enhance interpolation functions to account for first class maps and lists (#7832) (#7834)- command: Remove second DefaultDataDirectory const (#7666)- provider/aws: Add dns_name to aws_efs_mount_target (#7428)- provider/aws: Add force_destroy to aws_iam_user for force-deleting access keys assigned to the user (#7766)- provider/aws: Add option_settings to aws_db_option_group (#6560)- provider/aws: Add more explicit support for Skipping Final Snapshot in RDS Cluster (#6795)- provider/aws: Add support for S3 Bucket Acceleration (#6628)- provider/aws: Add support for kms_key_id to aws_db_instance (#6651)- provider/aws: Specifying more than one health check on an aws_elb fails with an error prior to making an API request (#7489)- provider/aws: Add support to aws_redshift_cluster for iam_roles (#6647)- provider/aws: SQS use raw policy string if compact fails (#6724)- provider/aws: Set default description to \"Managed by Terraform\" (#6104)- provider/aws: Support for Redshift Cluster encryption using a KMS key (#6712)- provider/aws: Support tags for AWS redshift cluster (#5356)- provider/aws: Add iam_arn to aws_cloudfront_origin_access_identity (#6955)- provider/aws: Add cross_zone_load_balancing on aws_elb default to true (#6897)- provider/aws: Add support for character_set_name to aws_db_instance (#4861)- provider/aws: Add support for DB parameter group with RDS Cluster Instances (Aurora) (#6865)- provider/aws: Add name_prefix to aws_iam_instance_profile and aws_iam_role (#6939)- provider/aws: Allow authentication & credentials validation for federated IAM Roles and EC2 instance profiles (#6536)- provider/aws: Rename parameter_group_name to db_cluster_parameter_group_name (#7083)- provider/aws: Retry RouteTable Route/Assocation creation (#7156)- provider/aws: delegation_set_id conflicts w/ vpc_id in aws_route53_zone as delegation sets can only be used for public zones (#7213)- provider/aws: Support Elastic Beanstalk scheduledaction (#7376)- provider/aws: Add support for NewInstancesProtectedFromScaleIn to aws_autoscaling_group (#6490)- provider/aws: Added support for snapshot_identifier parameter in aws_rds_cluster (#7158)- provider/aws: Add inplace edit/update DB Security Group Rule Ingress (#7245)- provider/aws: Added support for redshift destination to firehose delivery streams (#7375)- provider/aws: Allow aws_redshift_security_group ingress rules to change (#5939)- provider/aws: Add support for encryption and kms_key_id to aws_ami (#7181)- provider/aws: AWS prefix lists to enable security group egress to a VPC Endpoint (#7511)- provider/aws: Retry creation of IAM role depending on new IAM user (#7324)- provider/aws: Allow port on aws_db_instance to be updated (#7441)- provider/aws: Allow VPC Classic Linking in Autoscaling Launch Configs (#7470)- provider/aws: Support task_role_arn on `aws_ecs_task_definition (#7653)- provider/aws: Support Tags on aws_rds_cluster (#7695)- provider/aws: Support kms_key_id for aws_rds_cluster (#7662)- provider/aws: Allow setting a poll_interval on aws_elastic_beanstalk_environment (#7523)- provider/aws: Add support for Kinesis streams shard-level metrics (#7684)- provider/aws: Support create / update greater than twenty db parameters in aws_db_parameter_group (#7364)- provider/aws: expose network interface id in aws_instance (#6751)- provider/aws: Adding passthrough behavior for API Gateway integration (#7801)- provider/aws: Enable Redshift Cluster Logging (#7813)- provider/aws: Add ability to set Performance Mode in aws_efs_file_system (#7791)- provider/azurerm: Add support for EnableIPForwarding to azurerm_network_interface (#6807)- provider/azurerm: Add support for exporting the azurerm_storage_account access keys (#6742)- provider/azurerm: The Azure SDK now exposes better error messages (#6976)- provider/azurerm: azurerm_dns_zone now returns name_servers (#7434)- provider/azurerm: dump entire Request/Response in autorest Decorator (#7719)- provider/azurerm: add option to delete VMs Data disks on termination (#7793)- provider/clc: Add support for hyperscale and bareMetal server types and package installation- provider/clc: Fix optional server password (#6414)- provider/cloudstack: Add support for affinity groups to cloudstack_instance (#6898)- provider/cloudstack: Enable swapping of ACLs without having to rebuild the network tier (#6741)- provider/cloudstack: Improve ACL swapping (#7315)- provider/cloudstack: Add project support to cloudstack_network_acl and cloudstack_network_acl_rule (#7612)- provider/cloudstack: Add option to set root_disk_size to cloudstack_instance (#7070)- provider/cloudstack: Do no longer force a new cloudstack_instance resource when updating user_data (#7074)- provider/cloudstack: Add option to set security_group_names to cloudstack_instance (#7240)- provider/cloudstack: Add option to set affinity_group_names to cloudstack_instance (#7242)- provider/datadog: Add support for \'require full window\' and \'locked\' (#6738)- provider/docker: Docker Container DNS Setting Enhancements (#7392)- provider/docker: Add destroy_grace_seconds option to stop container before delete (#7513)- provider/docker: Add pull_trigger option to docker_image to trigger pulling layers of a given image (#7000)- provider/fastly: Add support for Cache Settings (#6781)- provider/fastly: Add support for Service Request Settings on fastly_service_v1 resources (#6622)- provider/fastly: Add support for custom VCL configuration (#6662)- provider/google: Support optional uuid naming for Instance Template (#6604)- provider/openstack: Add support for client certificate authentication (#6279)- provider/openstack: Allow Neutron-based Floating IP to target a specific tenant (#6454)- provider/openstack: Enable DHCP By Default (#6838)- provider/openstack: Implement fixed_ip on Neutron floating ip allocations (#6837)- provider/openstack: Increase timeouts for image resize, subnets, and routers (#6764)- provider/openstack: Add lb_provider argument to lb_pool_v1 resource (#6919)- provider/openstack: Enforce ForceNew on Instance Block Device (#6921)- provider/openstack: Can now stop instances before destroying them (#7184)- provider/openstack: Disassociate LBaaS v1 Monitors from Pool Before Deletion (#6997)- provider/powerdns: Add support for PowerDNS 4 API (#7819)- provider/triton: add triton_machine domain names (#7149)- provider/vsphere: Add support for controller_type to vsphere_virtual_machine (#6785)- provider/vsphere: Fix bug with vsphere_virtual_machine wait for ip (#6377)- provider/vsphere: Virtual machine update disk (#6619)- provider/vsphere: vsphere_virtual_machine adding controller creation logic (#6853)- provider/vsphere: vsphere_virtual_machine added support for mac address on network_interface (#6966)- provider/vsphere: Enhanced vsphere logging capabilities (#6893)- provider/vsphere: Add DiskEnableUUID option to vsphere_virtual_machine (#7088)- provider/vsphere: Virtual Machine and File resources handle Read errors properley (#7220)- provider/vsphere: set uuid as vsphere_virtual_machine output (#4382)- provider/vsphere: Add support for keep_on_remove to vsphere_virtual_machine (#7169)- provider/vsphere: Add support for additional vsphere_virtial_machine SCSI controller types (#7525)- provisioner/file: File provisioners may now have file content set as an attribute (#7561) BUG FIXES:- core: Correct the previous fix for a bug causing \"attribute not found\" messages during destroy, as it was insufficient (#6599)- core: Fix issue causing syntax errors interpolating count attribute when value passed between modules (#6833)- core: Fix \"diffs didn\'t match during apply\" error for computed sets (#7205)- core: Fix issue where terraform init . would truncate existing files (#7273)- core: Don\'t compare diffs between maps with computed values (#7249)- core: Don\'t copy existing files over themselves when fetching modules (#7273)- core: Always increment the state serial number when upgrading the version (#7402)- core: Fix a crash during eval when we\'re upgrading an empty state (#7403)- core: Honor the -state-out flag when applying with a plan file (#7443)- core: Fix a panic when a terraform_remote_state data source doesn\'t exist (#7464)- core: Fix issue where ignore_changes caused incorrect diffs on dependent resources (#7563)- provider/aws: Manual changes to aws_codedeploy_deployment_group resources are now detected (#7530)- provider/aws: Changing keys in aws_dynamodb_table correctly force new resources (#6829)- provider/aws: Fix a bug where CloudWatch alarms are created repeatedly if the user does not have permission to use the the DescribeAlarms operation (#7227)- provider/aws: Fix crash in aws_elasticache_parameter_group occuring following edits in the console (#6687)- provider/aws: Fix issue reattaching a VPN gateway to a VPC (#6987)- provider/aws: Fix issue with Root Block Devices and encrypted flag in Launch Configurations (#6512)- provider/aws: If more ENIs are attached to aws_instance, the one w/ DeviceIndex 0 is always used in context of aws_instance (previously unpredictable) (#6761)- provider/aws: Increased lambda event mapping creation timeout (#7657)- provider/aws: Handle spurious failures in resourceAwsSecurityGroupRuleRead (#7377)- provider/aws: Make \'stage_name\' required in api_gateway_deployment (#6797)- provider/aws: Mark Lambda function as gone when it\'s gone (#6924)- provider/aws: Trim trailing . from name in aws_route53_record resources to prevent spurious diffs (#6592)- provider/aws: Update Lambda functions on name change (#7081)- provider/aws: Updating state when aws_sns_topic_subscription is missing (#6629)- provider/aws: aws_codedeploy_deployment_group panic when setting on_premises_instance_tag_filter (#6617)- provider/aws: aws_db_instance now defaults publicly_accessible to false (#7117)- provider/aws: aws_opsworks_application.app_source SSH key is write-only (#6649)- provider/aws: fix Elastic Beanstalk cname_prefix continual plans (#6653)- provider/aws: Bundle IOPs and Allocated Storage update for DB Instances (#7203)- provider/aws: Fix case when instanceId is absent in network interfaces (#6851)- provider/aws: fix aws_security_group_rule refresh (#6730)- provider/aws: Fix issue with Elastic Beanstalk and invalid settings (#7222)- provider/aws: Fix issue where aws_app_cookie_stickiness_policy fails on destroy if LoadBalancer doesn\'t exist (#7166)- provider/aws: Stickiness Policy exists, but isn\'t assigned to the ELB (#7188)- provider/aws: Fix issue with manage_bundler on aws_opsworks_layers (#7219)- provider/aws: Set Elastic Beanstalk stack name back to state (#7445)- provider/aws: Allow recreation of VPC Peering Connection when state is rejected (#7466)- provider/aws: Remove EFS File System from State when NotFound (#7437)- provider/aws: aws_customer_gateway refreshing from state on deleted state (#7482)- provider/aws: Retry finding aws_route after creating it (#7463)- provider/aws: Refresh CloudWatch Group from state on 404 (#7576)- provider/aws: Adding in additional retry logic due to latency with delete of db_option_group (#7312)- provider/aws: Safely get ELB values (#7585)- provider/aws: Fix bug for recurring plans on ec2-classic and vpc in beanstalk (#6491)- provider/aws: Bump rds_cluster timeout to 15 mins (#7604)- provider/aws: Fix ICMP fields in aws_network_acl_rule to allow ICMP code 0 (echo reply) to be configured (#7669)- provider/aws: Fix bug with Updating aws_autoscaling_group enabled_metrics (#7698)- provider/aws: Ignore IOPS on non io1 AWS root_block_device (#7783)- provider/aws: Ignore missing ENI attachment when trying to detach ENI (#7185)- provider/aws: Fix issue updating ElasticBeanstalk Environment templates (#7811)- provider/aws: Restore Defaults to SQS Queues (#7818)- provider/aws: Don\'t delete Lambda function from state on initial call of the Read func (#7829)- provider/aws: aws_vpn_gateway should be removed from state when in deleted state (#7861)- provider/aws: Fix aws_route53_record 0-2 migration (#7907)- provider/azurerm: Fixes terraform crash when using SSH keys with azurerm_virtual_machine (#6766)- provider/azurerm: Fix a bug causing \'diffs do not match\' on azurerm_network_interface resources (#6790)- provider/azurerm: Normalizes availability_set_id casing to avoid spurious diffs in azurerm_virtual_machine (#6768)- provider/azurerm: Add support for storage container name validation (#6852)- provider/azurerm: Remove storage containers and blobs when storage accounts are not found (#6855)- provider/azurerm: azurerm_virtual_machine fix additional_unattend_rm Windows config option (#7105)- provider/azurerm: Fix azurerm_virtual_machine windows_config (#7123)- provider/azurerm: azurerm_dns_cname_record can create CNAME records again (#7113)- provider/azurerm: azurerm_network_security_group now waits for the provisioning state of ready before proceeding (#7307)- provider/azurerm: computer_name is now required for azurerm_virtual_machine resources (#7308)- provider/azurerm: destroy azurerm_virtual_machine OS Disk VHD on deletion (#7584)- provider/azurerm: catch azurerm_template_deployment erroring silently (#7644)- provider/azurerm: changing the name of an azurerm_virtual_machine now forces a new resource (#7646)- provider/azurerm: azurerm_storage_account now returns storage keys value instead of their names (#7674)- provider/azurerm: azurerm_virtual_machine computer_name now Required (#7308)- provider/azurerm: Change of availability_set_id on azurerm_virtual_machine should ForceNew (#7650)- provider/azurerm: Wait for azurerm_storage_account to be available (#7329)- provider/cloudflare: Fix issue upgrading CloudFlare Records created before v0.6.15 (#6969)- provider/cloudstack: Fix using cloudstack_network_acl within a project (#6743)- provider/cloudstack: Fix refresing cloudstack_network_acl_rule when the associated ACL is deleted (#7612)- provider/cloudstack: Fix refresing cloudstack_port_forward when the associated IP address is no longer associated (#7612)- provider/cloudstack: Fix creating cloudstack_network with offerings that do not support specifying IP ranges (#7612)- provider/digitalocean: Stop digitocean_droplet forcing new resource on uppercase region (#7044)- provider/digitalocean: Reassign Floating IP when droplet changes (#7411)- provider/google: Fix a bug causing an error attempting to delete an already-deleted google_compute_disk (#6689)- provider/mysql: Specifying empty provider credentials no longer causes a panic (#7211)- provider/openstack: Reassociate Floating IP on network changes (#6579)- provider/openstack: Ensure CIDRs Are Lower Case (#6864)- provider/openstack: Rebuild Instances On Network Changes (#6844)- provider/openstack: Firewall rules are applied in the correct order (#7194)- provider/openstack: Fix Security Group EOF Error when Adding / Removing Multiple Groups (#7468)- provider/openstack: Fixing boot volumes interfering with block storage volumes list (#7649)- provider/vsphere: gateway and ipv6_gateway are now read from vsphere_virtual_machine resources (#6522)- provider/vsphere: ipv
*_gateway parameters won\'t force a new vsphere_virtual_machine (#6635)- provider/vsphere: adding a vsphere_virtual_machine migration (#7023)- provider/vsphere: Don\'t require vsphere debug paths to be set (#7027)- provider/vsphere: Fix bug where enable_disk_uuid was not set on vsphere_virtual_machine resources (#7275)- provider/vsphere: Make vsphere_virtual_machine product_key optional (#7410)- provider/vsphere: Refreshing devices list after adding a disk or cdrom controller (#7167)- provider/vsphere: vsphere_virtual_machine no longer has to be powered on to delete (#7206)- provider/vSphere: Fixes the hasBootableVmdk flag when attaching multiple disks (#7804)- provisioner/remote-exec: Properly seed random script paths so they are not deterministic across runs (#7413)
* Fri Jul 08 2016 tboergerAATTsuse.com- Fixed files to include, missed for previous changes
* Fri Jul 08 2016 tboergerAATTsuse.com- Added go_nostrip macro call- Properly rename built binaries
* Fri Jul 01 2016 fcastelliAATTsuse.com- Fix package, remove unneeded file from the final package
* Tue Jun 28 2016 fcastelliAATTsuse.com- Port to the new golang-packaging macros
* Thu Jun 23 2016 msabateAATTsuse.com- Updated to v0.6.16 BACKWARDS INCOMPATIBILITIES / NOTES:
* provider/aws: `aws_eip` field `private_ip` is now a computed value, and cannot be set in your configuration. Use `associate_with_private_ip` instead. See ([#6521](https://github.com/hashicorp/terraform/issues/6521)) FEATURES:
*
*
*New provider:
*
* `librato` ([#3371](https://github.com/hashicorp/terraform/issues/3371))
*
*
*New provider:
*
* `softlayer` ([#4327](https://github.com/hashicorp/terraform/issues/4327))
*
*
*New resource:
*
* `aws_api_gateway_account` ([#6321](https://github.com/hashicorp/terraform/issues/6321))
*
*
*New resource:
*
* `aws_api_gateway_authorizer` ([#6320](https://github.com/hashicorp/terraform/issues/6320))
*
*
*New resource:
*
* `aws_db_event_subscription` ([#6367](https://github.com/hashicorp/terraform/issues/6367))
*
*
*New resource:
*
* `aws_db_option_group` ([#4401](https://github.com/hashicorp/terraform/issues/4401))
*
*
*New resource:
*
* `aws_eip_association` ([#6552](https://github.com/hashicorp/terraform/issues/6552))
*
*
*New resource:
*
* `openstack_networking_secgroup_rule_v2` ([#6410](https://github.com/hashicorp/terraform/issues/6410))
*
*
*New resource:
*
* `openstack_networking_secgroup_v2` ([#6410](https://github.com/hashicorp/terraform/issues/6410))
*
*
*New resource:
*
* `vsphere_file` ([#6401](https://github.com/hashicorp/terraform/issues/6401)) IMPROVEMENTS:
* core: update HCL dependency to improve whitespace handling in `terraform fmt` ([#6347](https://github.com/hashicorp/terraform/issues/6347))
* core: Add support for marking outputs as sensitive ([#6559](https://github.com/hashicorp/terraform/issues/6559))
* provider/aws: Add agent_version argument to `aws_opswork_stack` ([#6493](https://github.com/hashicorp/terraform/issues/6493))
* provider/aws: Add support for request parameters to `api_gateway_method` & `api_gateway_integration` ([#6501](https://github.com/hashicorp/terraform/issues/6501))
* provider/aws: Add support for response parameters to `api_gateway_method_response` & `api_gateway_integration_response` ([#6344](https://github.com/hashicorp/terraform/issues/6344))
* provider/aws: Allow empty S3 config in Cloudfront Origin ([#6487](https://github.com/hashicorp/terraform/issues/6487))
* provider/aws: Improve error handling in IAM Server Certificates ([#6442](https://github.com/hashicorp/terraform/issues/6442))
* provider/aws: Use `sts:GetCallerIdentity` as additional method for getting AWS account ID ([#6385](https://github.com/hashicorp/terraform/issues/6385))
* provider/aws: `aws_redshift_cluster` `automated_snapshot_retention_period` didn\'t allow 0 value ([#6537](https://github.com/hashicorp/terraform/issues/6537))
* provider/aws: Add CloudFront `hosted_zone_id` attribute ([#6530](https://github.com/hashicorp/terraform/issues/6530))
* provider/azurerm: Increase timeout for ARM Template deployments to 40 minutes ([#6319](https://github.com/hashicorp/terraform/issues/6319))
* provider/azurerm: Make `private_ip_address` an exported field on `azurerm_network_interface` ([#6538](https://github.com/hashicorp/terraform/issues/6538))
* provider/azurerm: Add support for `tags` to `azurerm_virtual_machine` ([#6556](https://github.com/hashicorp/terraform/issues/6556))
* provider/azurerm: Add `os_type` and `image_uri` in `azurerm_virtual_machine` ([#6553](https://github.com/hashicorp/terraform/issues/6553))
* provider/cloudflare: Add proxied option to `cloudflare_record` ([#5508](https://github.com/hashicorp/terraform/issues/5508))
* provider/docker: Add ability to keep docker image locally on terraform destroy ([#6376](https://github.com/hashicorp/terraform/issues/6376))
* provider/fastly: Add S3 Log Streaming to Fastly Service ([#6378](https://github.com/hashicorp/terraform/issues/6378))
* provider/fastly: Add Conditions to Fastly Service ([#6481](https://github.com/hashicorp/terraform/issues/6481))
* provider/github: Add support for Github Enterprise via base_url configuration option ([#6434](https://github.com/hashicorp/terraform/issues/6434))
* provider/triton: Add support for specifying network interfaces on `triton machine` resources ([#6418](https://github.com/hashicorp/terraform/issues/6418))
* provider/triton: Deleted firewall rules no longer prevent refresh ([#6529](https://github.com/hashicorp/terraform/issues/6529))
* provider/vsphere: Add `skip_customization` option to `vsphere_virtual_machine` resources ([#6355](https://github.com/hashicorp/terraform/issues/6355))
* provider/vsphere: Add ability to specify and mount bootable vmdk in `vsphere_virtual_machine` ([#6146](https://github.com/hashicorp/terraform/issues/6146))
* provider/vsphere: Add support for IPV6 to `vsphere_virtual_machine` ([#6457](https://github.com/hashicorp/terraform/issues/6457))
* provider/vsphere: Add support for `memory_reservation` to `vsphere_virtual_machine` ([#6036](https://github.com/hashicorp/terraform/issues/6036))
* provider/vsphere: Checking for empty diskPath in `vsphere_virtual_machine` before creating ([#6400](https://github.com/hashicorp/terraform/issues/6400))
* provider/vsphere: Support updates to vcpu and memory on `vsphere_virtual_machine` ([#6356](https://github.com/hashicorp/terraform/issues/6356))
* remote/s3: Logic for loading credentials now follows the same [conventions as AWS provider](https://www.terraform.io/docs/providers/aws/index.html#authentication) which means it also supports EC2 role auth and session token (e.g. assumed IAM Roles) ([#5270](https://github.com/hashicorp/terraform/issues/5270)) BUG FIXES:
* core: Boolean values in diffs are normalized to `true` and `false`, eliminating some erroneous diffs ([#6499](https://github.com/hashicorp/terraform/issues/6499))
* core: Fix a bug causing \"attribute not found\" messages during destroy ([#6557](https://github.com/hashicorp/terraform/issues/6557))
* provider/aws: Allow account ID checks on EC2 instances & w/ federated accounts ([#5030](https://github.com/hashicorp/terraform/issues/5030))
* provider/aws: Fix an eventually consistent issue aws_security_group_rule and possible duplications ([#6325](https://github.com/hashicorp/terraform/issues/6325))
* provider/aws: Fix bug where `aws_elastic_beanstalk_environment` ignored `wait_for_ready_timeout` ([#6358](https://github.com/hashicorp/terraform/issues/6358))
* provider/aws: Fix bug where `aws_elastic_beanstalk_environment` update config template didn\'t work ([#6342](https://github.com/hashicorp/terraform/issues/6342))
* provider/aws: Fix issue in updating CloudFront distribution LoggingConfig ([#6407](https://github.com/hashicorp/terraform/issues/6407))
* provider/aws: Fix issue in upgrading AutoScaling Policy to use `min_adjustment_magnitude` ([#6440](https://github.com/hashicorp/terraform/issues/6440))
* provider/aws: Fix issue replacing Network ACL Relationship ([#6421](https://github.com/hashicorp/terraform/issues/6421))
* provider/aws: Fix issue with KMS Alias keys and name prefixes ([#6328](https://github.com/hashicorp/terraform/issues/6328))
* provider/aws: Fix issue with encrypted snapshots of block devices in `aws_launch_configuration` resources ([#6452](https://github.com/hashicorp/terraform/issues/6452))
* provider/aws: Fix read of `aws_cloudwatch_log_group` after an update is applied ([#6384](https://github.com/hashicorp/terraform/issues/6384))
* provider/aws: Fix updating `number_of_nodes` on `aws_redshift_cluster` ([#6333](https://github.com/hashicorp/terraform/issues/6333))
* provider/aws: Omit `aws_cloudfront_distribution` custom_error fields when not explicitly set ([#6382](https://github.com/hashicorp/terraform/issues/6382))
* provider/aws: Refresh state on `aws_sqs_queue` not found ([#6381](https://github.com/hashicorp/terraform/issues/6381))
* provider/aws: Respect `selection_pattern` in `aws_api_gateway_integration_response` (previously ignored field) ([#5893](https://github.com/hashicorp/terraform/issues/5893))
* provider/aws: `aws_cloudfront_distribution` resources now require the `cookies` argument ([#6505](https://github.com/hashicorp/terraform/issues/6505))
* provider/aws: `aws_route` crash when used with `aws_vpc_endpoint` ([#6338](https://github.com/hashicorp/terraform/issues/6338))
* provider/aws: validate `cluster_id` length for `aws_elasticache_cluster` ([#6330](https://github.com/hashicorp/terraform/issues/6330))
* provider/azurerm: `ssh_keys` can now be set for `azurerm_virtual_machine` resources, allowing provisioning ([#6541](https://github.com/hashicorp/terraform/issues/6541))
* provider/azurerm: Fix issue that updating `azurerm_virtual_machine` was failing due to empty adminPassword ([#6528](https://github.com/hashicorp/terraform/issues/6528))
* provider/azurerm: `storage_data_disk` settings now work correctly on `azurerm_virtual_machine` resources ([#6543](https://github.com/hashicorp/terraform/issues/6543))
* provider/cloudflare: can manage apex records ([#6449](https://github.com/hashicorp/terraform/issues/6449))
* provider/cloudflare: won\'t refresh with incorrect record if names match ([#6449](https://github.com/hashicorp/terraform/issues/6449))
* provider/datadog: `notify_no_data` and `no_data_timeframe` are set correctly for `datadog_monitor` resources ([#6509](https://github.com/hashicorp/terraform/issues/6509))
* provider/docker: Fix crash when using empty string in the `command` list in `docker_container` resources ([#6424](https://github.com/hashicorp/terraform/issues/6424))
* provider/vsphere: Memory reservations are now set correctly in `vsphere_virtual_machine` resources ([#6482](https://github.com/hashicorp/terraform/issues/6482))
* Fri Apr 29 2016 fcastelliAATTsuse.com- Updated to v0.6.15 - FEATURES:
* New command: terraform fmt to automatically normalize config file style (#4955)
* New interpolation function: jsonencode (#5890)
* New provider: cobbler (#5969)
* New provider: fastly (#5814)
* New resource: aws_cloudfront_distribution (#5221)
* New resource: aws_cloudfront_origin_access_identity (#5221)
* New resource: aws_iam_user_ssh_key (#5774)
* New resource: aws_s3_bucket_notification (#5473)
* New resource: cloudstack_static_nat (#6004)
* New resource: consul_key_prefix (#5988)
* New resource: aws_default_network_acl (#6165)
* New resource: triton_fabric (#5920)
* New resource: triton_vlan (#5920)
* New resource: aws_opsworks_application (#4419)
* New resource: aws_opsworks_instance (#4276)
* New resource: aws_cloudwatch_log_subscription_filter (#5996)
* New resource: openstack_networking_router_route_v2 (#6207) - IMPROVEMENTS:
* command/apply: Output will now show periodic status updates of slow resources. (#6163)
* core: Variables passed between modules are now type checked (#6185)
* core: Smaller release binaries by stripping debug information (#6238)
* provider/aws: Add support for Step Scaling in aws_autoscaling_policy (#4277)
* provider/aws: Add support for cname_prefix to aws_elastic_beanstalk_environment resource (#5966)
* provider/aws: Add support for trigger_configuration to aws_codedeploy_deployment_group (#5599)
* provider/aws: Adding outputs for elastic_beanstalk_environment resource (#5915)
* provider/aws: Adds wait_for_ready_timeout option to aws_elastic_beanstalk_environment (#5967)
* provider/aws: Allow aws_db_subnet_group description to be updated (#5921)
* provider/aws: Allow multiple EIPs to associate to single ENI (#6070)
* provider/aws: Change aws_elb access_logs to list type (#5065)
* provider/aws: Check that InternetGateway exists before returning from creation (#6105)
* provider/aws: Don\'t Base64-encode EC2 userdata if it is already Base64 encoded (#6140)
* provider/aws: Making the Cloudwatch Event Rule Target target_id optional (#5787)
* provider/aws: Timeouts for elasticsearch_domain are increased (#5910)
* provider/aws: aws_codecommit_repository set default_branch only if defined (#5904)
* provider/aws: aws_redshift_cluster allows usernames with underscore in it (#5935)
* provider/aws: normalise json for aws_sns_topic (#6089)
* provider/aws: normalize json for aws_cloudwatch_event_rule (#6025)
* provider/aws: increase timeout for aws_redshift_cluster (#6305)
* provider/aws: Opsworks layers now support custom_json argument (#4272)
* provider/aws: Added migration for tier attribute in aws_elastic_beanstalk_environment (#6167)
* provider/aws: Use resource.Retry for route creation and deletion (#6225)
* provider/aws: Add support S3 Bucket Lifecycle Rule (#6220)
* provider/clc: Override default account alias in provider config (#5785)
* provider/cloudstack: Deprecate ipaddress in favour of ip_address in all resources (#6010)
* provider/cloudstack: Deprecate allowing names (instead of IDs) for parameters that reference other resources (#6123)
* provider/datadog: Add heredoc support to message, escalation_message, and query (#5788)
* provider/docker: Add support for docker run --user option (#5300)
* provider/github: Add support for privacy to github_team (#6116)
* provider/google: Accept GOOGLE_CLOUD_KEYFILE_JSON env var for credentials (#6007)
* provider/google: Add \"project\" argument and attribute to all GCP compute resources which inherit from the provider\'s value (#6112)
* provider/google: Make \"project\" attribute on provider configuration optional (#6112)
* provider/google: Read more common configuration values from the environment and clarify precedence ordering (#6114)
* provider/google: addons_config and subnetwork added as attributes to google_container_cluster (#5871)
* provider/fastly: Add support for Request Headers (#6197)
* provider/fastly: Add support for Gzip rules (#6247)
* provider/openstack: Add value_specs argument and attribute for routers (#4898)
* provider/openstack: Allow subnets with no gateway (#6060)
* provider/openstack: Enable Token Authentication (#6081)
* provider/postgresql: New ssl_mode argument allowing different SSL usage tradeoffs (#6008)
* provider/vsphere: Support for linked clones and Windows-specific guest config options (#6087)
* provider/vsphere: Checking for Powered Off State before vsphere_virtual_machine deletion (#6283)
* provider/vsphere: Support mounting ISO images to virtual cdrom drives (#4243)
* provider/vsphere: Fix missing ssh connection info (#4283)
* provider/google: Deprecate unused \"region\" attribute in global_forwarding_rule; this attribute was never used anywhere in the computation of the resource (#6112)
* provider/cloudstack: Add group attribute to cloudstack_instance resource (#6023)
* provider/azurerm: Provider meaningful error message when credentials not correct (#6290)
* provider/cloudstack: Improve support for using projects (#6282) - BUG FIXES:
* core: Providers are now correctly inherited down a nested module tree (#6186)
* crovider/aws: Convert protocols to standard format for Security Groups (#5881)
* crovider/aws: Fix Lambda VPC integration (missing vpc_id field in schema) (#6157)
* crovider/aws: Fix aws_route panic when destination CIDR block is nil (#5781)
* crovider/aws: Fix issue re-creating deleted VPC peering connections (#5959)
* crovider/aws: Fix issue with changing iops when also changing storage type to io1 on RDS (#5676)
* crovider/aws: Fix issue with retrying deletion of Network ACLs (#5954)
* crovider/aws: Fix potential crash when receiving malformed aws_route API responses (#5867)
* crovider/aws: Guard against empty responses from Lambda Permissions (#5838)
* crovider/aws: Normalize and compact SQS Redrive, Policy JSON (#5888)
* crovider/aws: Fix issue updating ElasticBeanstalk Configuraiton Templates (#6307)
* crovider/aws: Remove CloudTrail Trail from state if not found (#6024)
* crovider/aws: Fix crash in AWS S3 Bucket when website index/error is empty (#6269)
* crovider/aws: Report better error message in aws_route53_record when set_identifier is required (#5777)
* crovider/aws: Show human-readable error message when failing to read an EBS volume (#6038)
* crovider/aws: set ASG health_check_grace_period default to 300 (#5830)
* crovider/aws: Fix issue with with Opsworks and empty Custom Cook Book sources (#6078)
* crovider/aws: wait for IAM instance profile to propagate when creating Opsworks stacks (#6049)
* crovider/aws: Don\'t read back aws_opsworks_stack cookbooks source password (#6203)
* crovider/aws: Resolves DefaultOS and ConfigurationManager conflict on aws_opsworks_stack (#6244)
* crovider/aws: Renaming aws_elastic_beanstalk_configuration_templateoption_settings to setting (#6043)
* crovider/aws: aws_customer_gateway will properly populate bgp_asn on refresh. [no issue]
* crovider/aws: provider/aws: Refresh state on aws_directory_service_directory not found (#6294)
* crovider/aws: aws_elb cross_zone_load_balancing is not refreshed in the state file (#6295)
* crovider/aws: aws_autoscaling_group will properly populate tag on refresh. [no issue]
* crovider/azurerm: Fix detection of azurerm_storage_account resources removed manually (#5878)
* crovider/docker: Docker Image will be deleted on destroy (#5801)
* crovider/openstack: Fix Disabling DHCP on Subnets (#6052)
* crovider/openstack: Fix resizing when Flavor Name changes (#6020)
* crovider/openstack: Fix Access Address Detection (#6181)
* crovider/openstack: Fix admin_state_up on openstack_lb_member_v1 (#6267)
* crovider/triton: Firewall status on triton_machine resources is reflected correctly (#6119)
* crovider/triton: Fix time out when applying updates to Triton machine metadata (#6149)
* crovider/vsphere: Add error handling to vsphere_folder (#6095)
* crovider/cloudstack: Fix mashalling errors when using CloudStack 4.7.x (or newer) [GH-#226]- Changes from v0.6.14: - FEATURES:
* New provider: triton - Manage Joyent Triton public cloud or on-premise installations (#5738)
* New provider: clc - Manage CenturyLink Cloud resources (#4893)
* New provider: github - Manage GitHub Organization permissions with Terraform config (#5194)
* New provider: influxdb - Manage InfluxDB databases (#3478)
* New provider: ultradns - Manage UltraDNS records (#5716)
* New resource: aws_cloudwatch_log_metric_filter (#5444)
* New resource: azurerm_virtual_machine (#5514)
* New resource: azurerm_template_deployment (#5758)
* New interpolation function: uuid (#5575) - IMPROVEMENTS:
* core: provisioners connecting via WinRM now respect HTTPS settings (#5761)
* provider/aws: aws_db_instance now makes identifier optional and generates a unique ID when it is omitted (#5723)
* provider/aws: aws_redshift_cluster now allowspublicly_accessible to be modified (#5721)
* provider/aws: aws_kms_alias now allows name to be auto-generated with a name_prefix (#5594) - BUG FIXES:
* core: Color output is now shown correctly when running Terraform on Windows (#5718)
* core: HEREDOCs can now be indented in line with configuration using <<- and hanging indent is removed (#5740)
* core: Invalid HCL syntax of nested object blocks no longer causes a crash (#5740)
* core: Local directory-based modules now use junctions instead of symbolic links on Windows (#5739)
* core: Modules sourced from a Mercurial repository now work correctly on Windows (#5739)
* core: Address some issues with ignore_changes (#5635)
* core: Add a lock to fix an interpolation issue caught by the Go 1.6 concurrent map access detector (#5772)
* provider/aws: Fix crash when an aws_rds_cluster_instance is removed outside of Terraform (#5717)
* provider/aws: aws_cloudformation_stack use timeout_in_minutes for retry timeout to prevent unecessary timeouts (#5712)
* provider/aws: aws_lambda_function resources no longer error on refresh if deleted externally to Terraform (#5668)
* provider/aws: aws_vpn_connection resources deleted via the console on longer cause a crash (#5747)
* provider/aws: Fix crasher in Elastic Beanstalk Configuration when using options (#5756)
* provider/aws: Fix issue preventing aws_opsworks_stck from working with Windows set as the OS (#5724)
* provider/digitalocean: digitalocean_ssh_key resources no longer cause a panic if there is no network connectivity (#5748)
* provider/google: Default description google_dns_managed_zone resources to \"Managed By Terraform\" (#5428)
* provider/google: Fix error message on invalid instance URL for google_compute_instance_group (#5715)
* provider/vsphere: provide host to provisioner connections (#5558)
* provisioner/remote-exec: Address race condition introduced with script cleanup step introduced in 0.6.13 (#5751)
* Wed Mar 16 2016 msabateAATTsuse.com- Updated to v0.6.13 BUG FIXES:
* provider/aws: `aws_lambda_function` resources no longer error on refresh if deleted externally to Terraform [GH-5668]
* Sun Mar 06 2016 msabateAATTsuse.com- Added terraform v0.6.12
  
ICM